diff options
| author | des <des@FreeBSD.org> | 2004-09-24 19:48:50 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2004-09-24 19:48:50 +0000 |
| commit | bd20f820eed84d93e9324f7de3865ce58a0c7731 (patch) | |
| tree | bb3edb8dcc07615d426eb359f46c1741e4c22575 /contrib/bind/bin/named | |
| parent | 3fe60073ff63db1d6dc640928a53105d35a80da4 (diff) | |
| download | FreeBSD-src-bd20f820eed84d93e9324f7de3865ce58a0c7731.zip FreeBSD-src-bd20f820eed84d93e9324f7de3865ce58a0c7731.tar.gz | |
Retire the BIND 8 sources.
Diffstat (limited to 'contrib/bind/bin/named')
47 files changed, 0 insertions, 39650 deletions
diff --git a/contrib/bind/bin/named/Makefile b/contrib/bind/bin/named/Makefile deleted file mode 100644 index 5a09205..0000000 --- a/contrib/bind/bin/named/Makefile +++ /dev/null @@ -1,134 +0,0 @@ -## Copyright (c) 1996-2000 by Internet Software Consortium -## -## Permission to use, copy, modify, and distribute this software for any -## purpose with or without fee is hereby granted, provided that the above -## copyright notice and this permission notice appear in all copies. -## -## THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS -## ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES -## OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE -## CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL -## DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR -## PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS -## ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS -## SOFTWARE. - -# $Id: Makefile,v 8.51 2000/12/23 08:02:53 vixie Exp $ -# $FreeBSD$ - -DESTDIR= -CC= cc -SHELL= /bin/sh - -CDEBUG= -g -Wall - -#(net2 and its descendents) -SYSTYPE = freebsd -TOP = ../.. -INCL = ${TOP}/include -PORTINCL = ${TOP}/port/${SYSTYPE}/include -LIBBIND = ${TOP}/lib/libbind.a -A=a -O=o -EXE= -YACC = yacc -d -SYSLIBS = -ll -lutil -DESTBIN = /usr/local/bin -DESTSBIN = /usr/local/sbin -DESTEXEC = /usr/local/libexec -DESTMAN = /usr/share/man -DESTHELP= /usr/share/misc -DESTETC= /etc -DESTRUN= /var/run -AR= ar cru -INSTALL= install -STRIP=-s -INSTALL_EXEC= -INSTALL_LIB=-o bin -g bin - -PS=ps -LDFLAGS= -CFLAGS= ${CDEBUG} -CPPFLAGS= -I${PORTINCL} -I${INCL} ${DEFS} - -VER= LOCAL-`date +%Y%m%d.%H%M%S` -HOSTNAMECMD= hostname || uname -n - -PROG= named -HDRS= db_defs.h db_glob.h ns_defs.h ns_glob.h named.h pathnames.h -SRCS= db_dump.c db_load.c db_lookup.c db_save.c db_update.c \ - db_glue.c db_ixfr.c db_sec.c db_tsig.c \ - ns_parser.c ns_lexer.c ns_parseutil.c ns_ctl.c \ - ns_forw.c ns_init.c ns_main.c ns_maint.c ns_req.c \ - ns_resp.c ns_stats.c ns_ncache.c ns_xfr.c ns_glue.c \ - ns_udp.c ns_config.c ns_update.c ns_ixfr.c ns_signal.c \ - ns_sort.c ns_notify.c -OBJS= db_dump.${O} db_load.${O} db_lookup.${O} db_save.${O} db_update.${O} \ - db_glue.${O} db_ixfr.${O} db_sec.${O} db_tsig.${O} \ - ns_parser.${O} ns_lexer.${O} ns_parseutil.${O} ns_ctl.${O} \ - ns_forw.${O} ns_init.${O} ns_main.${O} ns_maint.${O} ns_req.${O} \ - ns_resp.${O} ns_stats.${O} ns_ncache.${O} ns_xfr.${O} ns_glue.${O} \ - ns_udp.${O} ns_config.${O} ns_update.${O} ns_ixfr.${O} ns_signal.${O} \ - ns_sort.${O} ns_notify.${O} - -all: ${PROG}${EXE} - -${PROG}${EXE}: pathnames.h ${OBJS} ${LIBBIND} Makefile tmp_version.${O} - ${CC} ${CDEBUG} ${LDFLAGS} ${BOUNDS} -o ${PROG}${EXE} ${OBJS} \ - tmp_version.${O} ${LIBBIND} ${SYSLIBS} - -ns_parser.c ns_parser.h: ns_parser.y - ${YACC} ns_parser.y - mv y.tab.c ns_parser.c - mv y.tab.h ns_parser.h - -tmp_version.${O}: tmp_version.c - -tmp_version.c: version.c Makefile ../Makefile ${SRCS} ${HDRS} - (u=$${USER-root} d=`pwd` h=`${HOSTNAMECMD}` t=`date`; \ - sed -e "s|%WHEN%|$${t}|" -e "s|%VERSION%|"${VER}"|" \ - -e "s|%WHOANDWHERE%|$${u}@$${h}:$${d}|" \ - < version.c > tmp_version.c); sleep 1 - -pathnames.h: ${TOP}/.settings Makefile pathtemplate.h - rm -f pathnames.h - sed -e "s|%DESTSBIN%|${DESTSBIN}|" \ - -e "s|%DESTEXEC%|${DESTEXEC}|" \ - -e "s|%DESTETC%|${DESTETC}|" \ - -e "s|%DESTRUN%|${DESTRUN}|" \ - < pathtemplate.h > pathnames.h - -ns_signal.${O}: ns_signal.c - ${CC} ${CPPFLAGS} ${CFLAGS} -c $*.c - -.c.${O}: - ${CC} ${CPPFLAGS} ${CFLAGS} ${BOUNDS} -c $*.c - -distclean: clean - rm -f ns_parser.c ns_parser.h - -clean: FRC - rm -f ${PROG}${EXE} ${OBJS} core .depend - rm -f *.BAK *.CKP *~ *.orig - rm -f tmp_version.c tmp_version.${O} - rm -f pathnames.h y.tab.h y.tab.c - -depend: ${SRCS} pathnames.h - mkdep ${CPPFLAGS} -I${INCL} -I${PORTINCL} ${DEFS} ${SRCS} - -${DESTDIR}${DESTSBIN}: - mkdir -p ${DESTDIR}${DESTSBIN} - -install: ${DESTDIR}${DESTSBIN} ${PROG}${EXE} - ${INSTALL} ${STRIP} -c ${INSTALL_EXEC} -m 755 ${PROG}${EXE} ${DESTDIR}${DESTSBIN}/${PROG}${EXE} - -links: FRC - @ln -s SRC/*.[chy] SRC/test .; rm -f ns_parser.[ch] - -tags: FRC - ctags ${SRCS} *.h - -FRC: - -# DO NOT DELETE THIS LINE -- mkdep uses it. -# DO NOT PUT ANYTHING AFTER THIS LINE, IT WILL GO AWAY. diff --git a/contrib/bind/bin/named/db_defs.h b/contrib/bind/bin/named/db_defs.h deleted file mode 100644 index 05fb190..0000000 --- a/contrib/bind/bin/named/db_defs.h +++ /dev/null @@ -1,341 +0,0 @@ -/* - * from db.h 4.16 (Berkeley) 6/1/90 - * $Id: db_defs.h,v 8.48 2002/11/17 14:51:50 marka Exp $ - */ - -/* - * Copyright (c) 1985, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Global definitions for data base routines. - */ - - /* max length of data in RR data field */ -#define MAXDATA (3*MAXDNAME + 5*INT32SZ) - - /* max length of data in a TXT RR segment */ -#define MAXCHARSTRING 255 - -#define DB_ROOT_TIMBUF 3600 -#define TIMBUF 300 - -#define DICT_INDEXBITS 24 -#define DICT_MAXLENGTH 127 -#define DICT_INSERT_P 0x0001 - -/* Average hash chain depths. */ -#define AVGCH_MARSHAL 5 -#define AVGCH_NLOOKUP 3 - -/* Nonstandard maximum class to force better packing. */ -#define ZONE_BITS 24 -#define CLASS_BITS 8 -#define ZONE_MAX ((1<<ZONE_BITS)-1) -#define CLASS_MAX ((1<<CLASS_BITS)-1) - -/* - * Hash table structures. - */ -/* - * XXX - * For IPv6 transport support we need a seperate reference counted - * database of source addresses and d_addr should become a union with - * a pointer into that database. A bit can be robbed from d_rode to - * indicate what the union is being used for. This should require less - * memory than making d_addr a union of struct in6_addr and struct in_addr. - */ -#ifdef CHECK_MAGIC -#define DATABUF_MAGIC (('D'<<24)|('A'<<16)|('T'<<8)|'A') -#endif - -struct databuf { -#ifdef CHECK_MAGIC - u_int32_t d_magic; /* magic number */ -#endif - struct databuf *d_next; /* linked list */ - struct in_addr d_addr; /* NS from whence this came */ - u_int32_t d_ttl; /* time to live */ - /* if d_zone == DB_Z_CACHE, then - * d_ttl is actually the time when - * the record will expire. - * otherwise (for authoritative - * master and slave zones), - * d_ttl is the time to live. - */ - unsigned d_zone :ZONE_BITS; /* zone number or 0 for the cache */ - unsigned d_class :CLASS_BITS; /* class number (nonstandard limit) */ - unsigned d_flags :4; /* DB_F_{??????} */ - unsigned d_secure :2; /* DB_S_{??????} */ - unsigned d_cred :3; /* DB_C_{??????} */ - unsigned d_clev :6; - unsigned d_rcode :4; /* rcode for negative caching */ - unsigned d_mark :3; /* place to mark data */ - unsigned d_noedns :1; /* this server does not support edns */ - int16_t d_type; /* type number */ - int16_t d_size; /* size of data area */ - u_int32_t d_rcnt; -#ifdef HITCOUNTS - u_int32_t d_hitcnt; /* Number of requests for this data. */ -#endif /* HITCOUNTS */ - u_int16_t d_nstime; /* NS response time, milliseconds */ - u_char d_data[sizeof(void*)]; /* dynamic (padded) */ -}; -#define BIND_DATASIZE(n) (sizeof(struct databuf) - sizeof(void*) + n) - -#ifdef HITCOUNTS -extern u_int32_t db_total_hits; -#endif /* HITCOUNTS */ - -#ifdef BIND_UPDATE -/* - * d_mark definitions - */ -#define D_MARK_DELETED 0x01 -#define D_MARK_ADDED 0x02 -#define D_MARK_FOUND 0x04 -#endif - -/* - * d_flags definitions - */ -#define DB_F_HINT 0x01 /* databuf belongs to fcachetab */ -#define DB_F_ACTIVE 0x02 /* databuf is linked into a cache */ -#define DB_F_FREE 0x04 /* databuf has been freed */ -#define DB_F_LAME 0x08 /* databuf may refer to lame server */ - -/* - * d_cred definitions - */ -#define DB_C_ZONE 4 /* authoritative zone - best */ -#define DB_C_AUTH 3 /* authoritative answer */ -#define DB_C_ANSWER 2 /* non-authoritative answer */ -#define DB_C_ADDITIONAL 1 /* additional data */ -#define DB_C_CACHE 0 /* cache - worst */ - -/* - * d_secure definitions - */ -#define DB_S_SECURE 2 /* secure (verified) data */ -#define DB_S_INSECURE 1 /* insecure data */ -#define DB_S_FAILED 0 /* data that failed a security check */ - -struct namebuf { - u_int n_hashval; /* hash value of _n_name */ - struct namebuf *n_next; /* linked list */ - struct databuf *n_data; /* data records */ - struct namebuf *n_parent; /* parent domain */ - struct hashbuf *n_hash; /* hash table for children */ - union { - char _n_name[sizeof(void*)]; - unsigned char _n_len[sizeof(void*)]; - } _n; /* Counted str (dynamic). */ -}; -#define NAMESIZE(n) (sizeof(struct namebuf) - sizeof(void*) + 1 + n + 1) -#define NAMELEN(nb) ((((nb)._n._n_len))[0]) -#define NAME(nb) ((nb)._n._n_name + 1) - -struct hashbuf { - int h_size; /* size of hash table */ - int h_cnt; /* number of entries */ - struct namebuf *h_tab[1]; /* allocated as needed */ -}; -#define HASHSIZE(s) (sizeof(struct hashbuf) + (s-1) * sizeof(struct namebuf *)) - -#define HASHSHIFT 3 -#define HASHMASK 0x1f -#define HASHROTATE(v) \ - (((v) << HASHSHIFT) | ((v) >> ((sizeof(v) * 8) - HASHSHIFT))) -#define HASHLOWER(c) ((isascii(c) && isupper(c)) ? tolower(c) : (c)) -#define HASHIMILATE(v,c) ((v) = (HASHROTATE(v)) + (HASHLOWER(c) & HASHMASK)) - -#define TSIG_BUF_SIZE 640 -#define TSIG_SIG_SIZE 20 - -struct tsig_record { - u_int8_t sig[TSIG_SIG_SIZE]; - struct dst_key *key; - int siglen; - int tsig_size; -}; - -struct sig_record { - u_int16_t sig_type_n; - u_int8_t sig_alg_n, sig_labels_n; - u_int32_t sig_ottl_n, sig_exp_n, sig_time_n; - u_int16_t sig_keyid_n; -}; - -/* This is the wire format size of "struct sig_record", i.e., no padding. */ -#define SIG_HDR_SIZE 18 - -struct dnode { - struct databuf *dp; - struct dnode *dn_next; - int line; - const char *file; -}; - -typedef struct dnode * dlist; - -struct db_rrset { - dlist rr_list; - dlist rr_sigs; - char *rr_name; - int16_t rr_class; - int16_t rr_type; - struct db_rrset *rr_next; -}; -#define DBHASHSIZE(s) (sizeof(struct hashbuf) + \ - (s-1) * sizeof(struct db_rrset *)) - -#define SIG_COVERS(dp) (ns_get16(dp->d_data)) - -/* - * Flags to updatedb - */ -#define DB_NODATA 0x01 /* data should not exist */ -#define DB_MEXIST 0x02 /* data must exist */ -#define DB_DELETE 0x04 /* delete data if it exists */ -#define DB_NOTAUTH 0x08 /* must not update authoritative data */ -#define DB_NOHINTS 0x10 /* don't reflect update in fcachetab */ -#define DB_PRIMING 0x20 /* is this update the result of priming? */ -#define DB_MERGE 0x40 /* make no control on rr in db_update (for ixfr) */ -#define DB_REPLACE 0x80 /* replace data if it exists */ - -#define DB_Z_CACHE 0 /* cache-zone-only db_dump() */ -#define DB_Z_ALL 65535 /* normal db_dump() */ -#define DB_Z_SPECIAL(z) ((z) == DB_Z_CACHE || (z) == DB_Z_ALL) - -/* - * Error return codes - */ -#define OK 0 -#define NONAME (-1) -#define NOCLASS (-2) -#define NOTYPE (-3) -#define NODATA (-4) -#define DATAEXISTS (-5) -#define NODBFILE (-6) -#define TOOMANYZONES (-7) -#define GOODDB (-8) -#define NEWDB (-9) -#define AUTH (-10) -#ifdef BIND_UPDATE -#define SERIAL (-11) -#endif -#define CNAMEANDOTHER (-12) -#define DNSSECFAIL (-13) /* db_set_update */ -#define NONGLUE (-14) - -/* - * getnum() options - */ -#define GETNUM_NONE 0x00 /* placeholder */ -#define GETNUM_SERIAL 0x01 /* treat as serial number */ -#define GETNUM_SCALED 0x02 /* permit "k", "m" suffixes, scale result */ - -/* - * db_load() options - */ -#define ISNOTIXFR 0 -#define ISIXFR 1 -#define ISAXFRIXFR 2 - -/* - * Database access abstractions. - */ -#define foreach_rr(dp, np, ty, cl, zn) \ - for ((dp) = (np)->n_data; (dp) != NULL; (dp) = (dp)->d_next) \ - if (!match(dp, (cl), (ty))) \ - continue; \ - else if (((zn) == DB_Z_CACHE) \ - ? stale(dp) \ - : (zn) != (dp)->d_zone) \ - continue; \ - else if ((dp)->d_rcode) \ - continue; \ - else \ - /* Caller code follows in sequence. */ - -#define DRCNTINC(x) \ - do { \ - if (++((x)->d_rcnt) == 0) \ - ns_panic(ns_log_db, 1, "++d_rcnt == 0"); \ - } while (0) - -#define DRCNTDEC(x) \ - do { \ - if (((x)->d_rcnt)-- == 0) \ - ns_panic(ns_log_db, 1, "d_rcnt-- == 0"); \ - } while (0) - -#define ISVALIDGLUE(xdp) ((xdp)->d_type == T_NS || (xdp)->d_type == T_A \ - || (xdp)->d_type == T_AAAA || (xdp)->d_type == ns_t_a6) - diff --git a/contrib/bind/bin/named/db_dump.c b/contrib/bind/bin/named/db_dump.c deleted file mode 100644 index 26daa6f..0000000 --- a/contrib/bind/bin/named/db_dump.c +++ /dev/null @@ -1,702 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)db_dump.c 4.33 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: db_dump.c,v 8.51 2001/06/18 14:42:49 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1988, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <netdb.h> -#include <resolv.h> -#include <stdio.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/misc.h> - -#include "port_after.h" - -#include "named.h" - -#ifdef HITCOUNTS -u_int32_t db_total_hits; -#endif /* HITCOUNTS */ - -static const char *MkCredStr(int); - -static int fwd_dump(FILE *fp); - -/* - * Dump current data base in a format similar to RFC 883. - */ - -void -doadump(void) { - FILE *fp; - - ns_notice(ns_log_db, "dumping nameserver data"); - - if ((fp = write_open(server_options->dump_filename)) == NULL) - return; - gettime(&tt); -#ifdef HITCOUNTS - if (NS_OPTION_P(OPTION_HITCOUNT)) - fprintf(fp, "; Total hits: %d\n",db_total_hits); -#endif /* HITCOUNTS */ - fprintf(fp, "; Dumped at %s", ctimel(tt.tv_sec)); - if (zones != NULL && nzones != 0) - zt_dump(fp); - if (fwddata != NULL && fwddata_count != 0) - fwd_dump(fp); - fputs( -"; Note: Cr=(auth,answer,addtnl,cache) tag only shown for non-auth RR's\n", - fp); - fputs( -"; Note: NT=milliseconds for any A RR which we've used as a nameserver\n", - fp); - fprintf(fp, "; --- Cache & Data ---\n"); - if (hashtab != NULL) - (void) db_dump(hashtab, fp, DB_Z_ALL, ""); - fprintf(fp, "; --- Hints ---\n"); - if (fcachetab != NULL) - (void) db_dump(fcachetab, fp, DB_Z_ALL, ""); - (void) my_fclose(fp); - ns_notice(ns_log_db, "finished dumping nameserver data"); -} - -int -zt_dump(FILE *fp) { - struct zoneinfo *zp; - - fprintf(fp, ";; ++zone table++\n"); - for (zp = &zones[0]; zp < &zones[nzones]; zp++) { - const char *pre; - char buf[64]; - u_int cnt; - - if (!zp->z_origin) - continue; - - fprintf(fp, "; %s (type %d, class %d, source %s)\n", - zp->z_origin - ? (*zp->z_origin ? zp->z_origin : ".") - : "Nil", - zp->z_type, zp->z_class, - zp->z_source ? zp->z_source : "Nil"); - fprintf(fp, ";\ttime=%lu, lastupdate=%lu, serial=%u,\n", - (u_long)zp->z_time, (u_long)zp->z_lastupdate, - zp->z_serial); - fprintf(fp, ";\trefresh=%u, retry=%u, expire=%u, minimum=%u\n", - zp->z_refresh, zp->z_retry, - zp->z_expire, zp->z_minimum); - fprintf(fp, ";\tftime=%lu, xaddrcnt=%d, state=%04x, pid=%d\n", - (u_long)zp->z_ftime, zp->z_xaddrcnt, - zp->z_flags, (int)zp->z_xferpid); - sprintf(buf, ";\tz_addr[%d]: ", zp->z_addrcnt); - pre = buf; - for (cnt = 0; cnt < zp->z_addrcnt; cnt++) { - fprintf(fp, "%s[%s]", pre, inet_ntoa(zp->z_addr[cnt])); - pre = ", "; - } - if (zp->z_addrcnt) - fputc('\n', fp); - if (zp->z_axfr_src.s_addr != 0) - fprintf(fp, ";\tupdate source [%s]\n", - inet_ntoa(zp->z_axfr_src)); - } - fprintf(fp, ";; --zone table--\n"); - return (0); -} - -static int -fwd_dump(FILE *fp) { - int i; - - fprintf(fp, ";; ++forwarders table++\n"); - for (i = 0; i < fwddata_count; i++) { - if (fwddata[i] != NULL) - fprintf(fp,"; %s rtt=%d\n", - inet_ntoa(fwddata[i]->fwdaddr.sin_addr), - fwddata[i]->nsdata->d_nstime); - } - fprintf(fp, ";; --forwarders table--\n"); - return (0); -} - -int -db_dump(struct hashbuf *htp, FILE *fp, int zone, const char *origin) { - struct databuf *dp = NULL; - struct namebuf *np; - struct namebuf **npp, **nppend; - char dname[MAXDNAME]; - u_int32_t n; - int j, i, found_data, tab, printed_origin; - u_char *cp, *end; - const char *proto, *sep; - int16_t type; - u_int16_t keyflags; - u_char *sigdata, *certdata; - u_char *savecp; - char temp_base64[NS_MD5RSA_MAX_BASE64]; - - found_data = 0; - printed_origin = 0; - npp = htp->h_tab; - nppend = npp + htp->h_size; - while (npp < nppend) { - for (np = *npp++; np != NULL; np = np->n_next) { - if (np->n_data == NULL) - continue; - /* Blecch - can't tell if there is data here for the - * right zone, so can't print name yet - */ - found_data = 0; - /* we want a snapshot in time... */ - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - /* Is the data for this zone? */ - if (zone != DB_Z_ALL && dp->d_zone != zone) - continue; - /* XXX why are we not calling stale() here? */ - if (dp->d_zone == DB_Z_CACHE && - dp->d_ttl <= (u_int32_t)tt.tv_sec && - (dp->d_flags & DB_F_HINT) == 0) - continue; - if (!printed_origin) { - fprintf(fp, "$ORIGIN %s.\n", origin); - printed_origin++; - } - tab = 0; - if (dp->d_rcode == NXDOMAIN || - dp->d_rcode == NOERROR_NODATA) { - fputc(';', fp); - } else if (found_data == 0 || found_data == 1) { - found_data = 2; - } - if (found_data == 0 || found_data == 2) { - if (NAME(*np)[0] == '\0') { - if (origin[0] == '\0') - fprintf(fp, ".\t"); - else - fprintf(fp, ".%s.\t", origin); /* ??? */ - } else - fprintf(fp, "%s\t", NAME(*np)); - if (NAMELEN(*np) < (unsigned)8) - tab = 1; - found_data++; - } else { - (void) putc('\t', fp); - tab = 1; - } - if (dp->d_zone == DB_Z_CACHE) { - if (dp->d_flags & DB_F_HINT && - (int32_t)(dp->d_ttl - tt.tv_sec) - < DB_ROOT_TIMBUF) - fprintf(fp, "%d\t", DB_ROOT_TIMBUF); - else - fprintf(fp, "%d\t", - (int)(dp->d_ttl - tt.tv_sec)); - } else if (dp->d_ttl != USE_MINIMUM) - fprintf(fp, "%u\t", dp->d_ttl); - else - fprintf(fp, "%u\t", - zones[dp->d_zone].z_minimum); - fprintf(fp, "%s\t%s\t", - p_class(dp->d_class), - p_type(dp->d_type)); - cp = (u_char *)dp->d_data; - sep = "\t;"; - type = dp->d_type; - if (dp->d_rcode == NXDOMAIN || - dp->d_rcode == NOERROR_NODATA) { -#ifdef RETURNSOA - if (dp->d_size == 0) { -#endif - - fprintf(fp, "%s%s-$", - (dp->d_rcode == NXDOMAIN) - ?"NXDOMAIN" :"NODATA", - sep); - goto eoln; -#ifdef RETURNSOA - } else { - type = T_SOA; - } -#endif - } - /* - * Print type specific data - */ - /* XXX why are we not using ns_sprintrr() here? */ - switch (type) { - case T_A: - switch (dp->d_class) { - case C_IN: - case C_HS: - fputs(inet_ntoa(ina_get(cp)), fp); - break; - } - if (dp->d_nstime) { - fprintf(fp, "%sNT=%d", - sep, dp->d_nstime); - sep = " "; - } - break; - case T_CNAME: - case T_MB: - case T_MG: - case T_MR: - case T_PTR: - fprintf(fp, "%s.", cp); - break; - - case T_NS: - cp = (u_char *)dp->d_data; - if (cp[0] == '\0') - fprintf(fp, ".\t"); - else - fprintf(fp, "%s.", cp); - break; - - case T_HINFO: - case T_ISDN: { - char buf[256]; - - if ((n = *cp++) != '\0') { - memcpy(buf, cp, n); buf[n] = '\0'; - fprintf(fp, "\"%.*s\"", (int)n, buf); - cp += n; - } else - fprintf(fp, "\"\""); - if ((n = *cp++) != '\0') { - memcpy(buf, cp, n); buf[n] = '\0'; - fprintf(fp, " \"%.*s\"", (int)n, buf); - } else - fprintf(fp, " \"\""); - break; - } - - case T_SOA: - fprintf(fp, "%s.", cp); - cp += strlen((char *)cp) + 1; - fprintf(fp, " %s. (\n", cp); -#if defined(RETURNSOA) - if (dp->d_rcode) - fputs(";", fp); -#endif - cp += strlen((char *)cp) + 1; - NS_GET32(n, cp); - fprintf(fp, "\t\t%u", n); - NS_GET32(n, cp); - fprintf(fp, " %u", n); - NS_GET32(n, cp); - fprintf(fp, " %u", n); - NS_GET32(n, cp); - fprintf(fp, " %u", n); - NS_GET32(n, cp); - fprintf(fp, " %u )", n); -#if defined(RETURNSOA) - if (dp->d_rcode) { - fprintf(fp,";%s.;%s%s-$",cp, - (dp->d_rcode == NXDOMAIN) ? - "NXDOMAIN" : "NODATA", - sep); - } -#endif - break; - - case T_MX: - case T_AFSDB: - case T_RT: - NS_GET16(n, cp); - fprintf(fp, "%u", n); - fprintf(fp, " %s.", cp); - break; - - case T_PX: - NS_GET16(n, cp); - fprintf(fp, "%u", n); - fprintf(fp, " %s.", cp); - cp += strlen((char *)cp) + 1; - fprintf(fp, " %s.", cp); - break; - - case T_X25: - if ((n = *cp++) != '\0') - fprintf(fp, " \"%.*s\"", (int)n, cp); - else - fprintf(fp, " \"\""); - break; - - case T_TXT: - end = (u_char *)dp->d_data + dp->d_size; - while (cp < end) { - (void) putc('"', fp); - if ((n = *cp++) != '\0') { - for (j = n ; j > 0 && cp < end ; j--) { - if (*cp == '\n' || *cp == '"' || *cp == '\\') - (void) putc('\\', fp); - (void) putc(*cp++, fp); - } - } - (void) putc('"', fp); - if (cp < end) - (void) putc(' ', fp); - } - break; - - case T_NSAP: - (void) fputs(inet_nsap_ntoa(dp->d_size, - dp->d_data, NULL), - fp); - break; - - case T_AAAA: { - char t[sizeof - "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255" - ]; - - (void) fputs(inet_ntop(AF_INET6, dp->d_data, - t, sizeof t), - fp); - break; - } - - case T_LOC: { - char t[256]; - - (void) fputs(loc_ntoa(dp->d_data, t), fp); - break; - } - - case T_NAPTR: { - u_int32_t order, preference; - - NS_GET16(order, cp); - fprintf(fp, "%u", order); - - NS_GET16(preference, cp); - fprintf(fp, "%u", preference); - - n = *cp++; - fprintf(fp, "\"%.*s\"", (int)n, cp); - cp += n; - - n = *cp++; - fprintf(fp, "\"%.*s\"", (int)n, cp); - cp += n; - - n = *cp++; - fprintf(fp, " \"%.*s\"", (int)n, cp); - cp += n; - - fprintf(fp, " %s.", cp); - - break; - } - - case T_SRV: { - u_int priority, weight, port; - - NS_GET16(priority, cp); - NS_GET16(weight, cp); - NS_GET16(port, cp); - fprintf(fp, "\t%u %u %u %s.", - priority, weight, port, cp); - break; - } - - case T_WKS: - fputs(inet_ntoa(ina_get(cp)), fp); - cp += INADDRSZ; - proto = protocolname(*cp); - cp += sizeof(char); - fprintf(fp, " %s ", proto); - i = 0; - while(cp < (u_char *)dp->d_data + dp->d_size) { - j = *cp++; - do { - if (j & 0200) - fprintf(fp, " %s", - servicename(i, proto)); - j <<= 1; - } while (++i & 07); - } - break; - - case T_MINFO: - case T_RP: - fprintf(fp, "%s.", cp); - cp += strlen((char *)cp) + 1; - fprintf(fp, " %s.", cp); - break; - - case T_KEY: - savecp = cp; /* save the beginning */ - /*>>> Flags (unsigned_16) */ - NS_GET16(keyflags,cp); - fprintf(fp, "0x%04x ", keyflags); - /*>>> Protocol (8-bit decimal) */ - fprintf(fp, "%3u ", *cp++); - /*>>> Algorithm id (8-bit decimal) */ - fprintf(fp, "%3u ", *cp++); - - /*>>> Public-Key Data (multidigit BASE64) */ - /* containing ExponentLen, Exponent, and Modulus */ - i = b64_ntop(cp, dp->d_size - (cp - savecp), - temp_base64, - sizeof temp_base64); - if (i < 0) - fprintf(fp, "; BAD BASE64"); - else - fprintf(fp, "%s", temp_base64); - break; - - case T_SIG: - sigdata = cp; - /* RRtype (char *) */ - NS_GET16(n,cp); - fprintf(fp, "%s ", p_type(n)); - /* Algorithm id (8-bit decimal) */ - fprintf(fp, "%d ", *cp++); - /* Labels (8-bit decimal) */ - fprintf(fp, "%d ", *cp++); - /* OTTL (u_long) */ - NS_GET32(n, cp); - fprintf(fp, "%u ", n); - /* Texp (u_long) */ - NS_GET32(n, cp); - fprintf(fp, "%s ", p_secstodate (n)); - /* Tsig (u_long) */ - NS_GET32(n, cp); - fprintf(fp, "%s ", p_secstodate (n)); - /* Kfootprint (unsigned_16) */ - NS_GET16(n, cp); - fprintf(fp, "%u ", n); - /* Signer's Name (char *) */ - fprintf(fp, "%s ", cp); - cp += strlen((char *)cp) + 1; - /* Signature (base64 of any length) */ - i = b64_ntop(cp, dp->d_size - (cp - sigdata), - temp_base64, - sizeof temp_base64); - if (i < 0) - fprintf(fp, "; BAD BASE64"); - else - fprintf(fp, "%s", temp_base64); - break; - - case T_NXT: - fprintf(fp, "%s.", cp); - n = strlen ((char *)cp) + 1; - cp += n; - i = 8 * (dp->d_size - n); /* How many bits? */ - for (n = 0; n < (u_int32_t)i; n++) { - if (NS_NXT_BIT_ISSET(n, cp)) - fprintf(fp," %s", p_type(n)); - } - break; - - case ns_t_cert: - certdata = cp; - NS_GET16(n,cp); - fprintf(fp, "%d ", n); /* cert type */ - - NS_GET16(n,cp); - fprintf(fp, "%d %d ", n, *cp++); /* tag & alg */ - - /* Certificate (base64 of any length) */ - i = b64_ntop(cp, - dp->d_size - (cp - certdata), - temp_base64, sizeof(temp_base64)); - if (i < 0) - fprintf(fp, "; BAD BASE64"); - else - fprintf(fp, "%s", temp_base64); - break; - - default: - fprintf(fp, "\\# %u", dp->d_size); - if (dp->d_size != 0) { - fputs(" ( ", fp); - isc_puthexstring(fp, dp->d_data, - dp->d_size, 40, 48, - "\n\t\t\t\t"); - fputs(" ) ", fp); - } - } - if (dp->d_cred < DB_C_ZONE) { - fprintf(fp, "%sCr=%s", - sep, MkCredStr(dp->d_cred)); - sep = " "; - } else { - fprintf(fp, "%sCl=%d", - sep, dp->d_clev); - sep = " "; - } - if ((dp->d_flags & DB_F_LAME) != 0) { - time_t when; - getname(np, dname, sizeof(dname)); - when = db_lame_find(dname, dp); - if (when != 0 && when > tt.tv_sec) { - fprintf(fp, "%sLAME=%ld", - sep, when - tt.tv_sec); - sep = " "; - } - } - - eoln: - if (dp->d_addr.s_addr != htonl(0)) { - fprintf(fp, "%s[%s]", - sep, inet_ntoa(dp->d_addr)); - sep = " "; - } -#ifdef HITCOUNTS - if (NS_OPTION_P(OPTION_HITCOUNT)) { - fprintf(fp, "%shits=%d", sep, dp->d_hitcnt); - sep=" "; - } -#endif /* HITCOUNTS */ - putc('\n', fp); - } - } - } - if (ferror(fp)) - return (NODBFILE); - - npp = htp->h_tab; - nppend = npp + htp->h_size; - while (npp < nppend) { - for (np = *npp++; np != NULL; np = np->n_next) { - if (np->n_hash == NULL) - continue; - getname(np, dname, sizeof(dname)); - if (db_dump(np->n_hash, fp, zone, dname) == NODBFILE) - return (NODBFILE); - } - } - return (OK); -} - -static const char * -MkCredStr(int cred) { - static char badness[20]; - - switch (cred) { - case DB_C_ZONE: return "zone"; - case DB_C_AUTH: return "auth"; - case DB_C_ANSWER: return "answer"; - case DB_C_ADDITIONAL: return "addtnl"; - case DB_C_CACHE: return "cache"; - default: break; - } - sprintf(badness, "?%d?", cred); - return (badness); -} diff --git a/contrib/bind/bin/named/db_func.h b/contrib/bind/bin/named/db_func.h deleted file mode 100644 index 7e7e05e..0000000 --- a/contrib/bind/bin/named/db_func.h +++ /dev/null @@ -1,211 +0,0 @@ -/* - * Copyright (c) 1985, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Check Point Software Technologies Incorporated not be used - * in advertising or publicity pertaining to distribution of the document - * or software without specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES - * INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - * IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED - * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR - * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* db_proc.h - prototypes for functions in db_*.c - * - * $Id: db_func.h,v 8.46 2001/06/18 14:42:51 marka Exp $ - */ - -/* ++from db_update.c++ */ -int db_update(const char *name, - struct databuf *odp, - struct databuf *newdp, - struct databuf **savedpp, - int flags, - struct hashbuf *htp, - struct sockaddr_in from); -int db_cmp(const struct databuf *, const struct databuf *); -int findMyZone(struct namebuf *np, int class); -void fixttl(struct databuf *dp); -/* --from db_update.c-- */ - -/* ++from db_save.c++ */ -struct namebuf * savename(const char *, int); -struct databuf * savedata(int, int, u_int32_t, u_char *, int); -struct hashbuf * savehash(struct hashbuf *); -/* --from db_save.c-- */ - -/* ++from db_dump.c++ */ -int db_dump(struct hashbuf *, FILE *, int, const char *), - zt_dump(FILE *); -void doadump(void); -/* --from db_dump.c-- */ - -/* ++from db_load.c++ */ -int makename_ok(char *name, const char *origin, int class, - struct zoneinfo *zp, - enum transport transport, - enum context context, - const char *owner, const char *filename, - int lineno, int size); -void endline(FILE *); -int getword(char *, size_t, FILE *, int); -int getttl(FILE *, const char *, int, u_int32_t *, int *); -int getnum(FILE *, const char *, int, int *); -int db_load(const char *, const char *, struct zoneinfo *, - const char *, int); -int getnonblank(FILE *, const char *, int); -int getservices(int, char *, FILE *, const char *); -char getprotocol(FILE *, const char *); -int makename(char *, const char *, int); -void db_err(int, char *, int, const char *, int); -int parse_sec_rdata(char *inp, int inp_len, int inp_full, - u_char *data, int data_len, - FILE *fp, struct zoneinfo *zp, - char *domain, u_int32_t ttl, - int type, enum context context, - enum transport transport, - const char **errmsg); -/* --from db_load.c-- */ - -/* ++from db_glue.c++ */ -void buildservicelist(void); -void destroyservicelist(void); -void buildprotolist(void); -void destroyprotolist(void); -void getname(struct namebuf *, char *, int); -int servicenumber(const char *); -int protocolnumber(const char *); -int get_class(const char *); -u_int nhash(const char *); -const char * protocolname(int); -const char * servicename(u_int16_t, const char *); -struct databuf * rm_datum(struct databuf *, - struct namebuf *, - struct databuf *, - struct databuf **); -struct namebuf * rm_name(struct namebuf *, - struct namebuf **, - struct namebuf *); -void rm_hash(struct hashbuf *); -void db_detach(struct databuf **); -void db_lame_add(char *zone, char *server, time_t when); -time_t db_lame_find(char *zone, struct databuf *dp); -void db_lame_clean(void); -void db_lame_destroy(void); -/* --from db_glue.c-- */ - -/* ++from db_lookup.c++ */ -struct namebuf * nlookup(const char *, struct hashbuf **, - const char **, int); -struct namebuf * np_parent(struct namebuf *); -int match(struct databuf *, int, int), - nxtmatch(const char *, struct databuf *, - struct databuf *), - rrmatch(const char *, struct databuf *, - struct databuf *); -/* --from db_lookup.c-- */ - -/* ++from db_ixfr.c++ */ -ns_deltalist * ixfr_get_change_list(struct zoneinfo *, u_int32_t, - u_int32_t); -int ixfr_have_log(struct zoneinfo *, u_int32_t, - u_int32_t); -/* --from db_ixfr.c++ */ - -/* ++from db_sec.c++ */ -int add_trusted_key(const char *name, const int flags, - const int proto, const int alg, - const char *str); -int db_set_update(char *name, struct databuf *dp, - void **state, int flags, - struct hashbuf **htp, - struct sockaddr_in from, - int *rrcount, int line, - const char *file); -/* --from db_sec.c-- */ - -/* ++from db_tsig.c++ */ -const char * tsig_alg_name(int value); -int tsig_alg_value(char *name); -struct dst_key * tsig_key_from_addr(struct in_addr addr); -struct tsig_record * new_tsig(struct dst_key *key, u_char *sig, int siglen); -void free_tsig(struct tsig_record *tsig); -/* --from db_tsig.c-- */ diff --git a/contrib/bind/bin/named/db_glob.h b/contrib/bind/bin/named/db_glob.h deleted file mode 100644 index cfd7abb..0000000 --- a/contrib/bind/bin/named/db_glob.h +++ /dev/null @@ -1,104 +0,0 @@ -/* - * from db.h 4.16 (Berkeley) 6/1/90 - * $Id: db_glob.h,v 8.14 2000/04/21 06:54:02 vixie Exp $ - */ - -/* - * Copyright (c) 1985, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Global variables for data base routines. - */ - - /* ONE_WEEK maximum ttl */ -DECL u_int max_cache_ttl INIT(7*24*60*60); - - /* no minimum ttl */ -DECL u_int min_cache_ttl INIT(0); - - /* current line number */ -DECL int lineno INIT(0); - - /* root hash table */ -DECL struct hashbuf *hashtab INIT(NULL); - - /* hash table of cache read from file */ -DECL struct hashbuf *fcachetab INIT(NULL); - - /* state of ns_reload() and ns_reconfig(). */ -DECL int reloading INIT(0); -DECL int reconfiging INIT(0); -DECL int noexpired INIT(0); - -DECL const int hashsizes[] -#ifdef MAIN_PROGRAM - = { 2, 11, 113, 337, 977, 2053, 4073, 8011, 16001, 99887, 0 } -#endif - ; diff --git a/contrib/bind/bin/named/db_glue.c b/contrib/bind/bin/named/db_glue.c deleted file mode 100644 index 2e966f5..0000000 --- a/contrib/bind/bin/named/db_glue.c +++ /dev/null @@ -1,642 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)db_glue.c 4.4 (Berkeley) 6/1/90"; -static const char rcsid[] = "$Id: db_glue.c,v 8.47 2002/05/18 01:02:54 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1988 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/uio.h> -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> - -#include <ctype.h> -#include <errno.h> -#include <netdb.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include "port_after.h" - -#include "named.h" - -struct valuelist { - struct valuelist * next; - struct valuelist * prev; - char * name; - char * proto; - int port; -}; -static struct valuelist *servicelist, *protolist; - -void -buildservicelist() { - struct servent *sp; - struct valuelist *slp; - -#ifdef MAYBE_HESIOD - setservent(0); -#else - setservent(1); -#endif - while ((sp = getservent()) != NULL) { - slp = (struct valuelist *)memget(sizeof(struct valuelist)); - if (!slp) - panic("memget(servent)", NULL); - slp->name = savestr(sp->s_name, 1); - slp->proto = savestr(sp->s_proto, 1); - slp->port = ntohs((u_int16_t)sp->s_port); /* host byt order */ - slp->next = servicelist; - slp->prev = NULL; - if (servicelist) - servicelist->prev = slp; - servicelist = slp; - } - endservent(); -} - -void -destroyservicelist() { - struct valuelist *slp, *slp_next; - - for (slp = servicelist; slp != NULL; slp = slp_next) { - slp_next = slp->next; - slp->name = freestr(slp->name); - slp->proto = freestr(slp->proto); - memput(slp, sizeof *slp); - } - servicelist = NULL; -} - -void -buildprotolist() { - struct protoent *pp; - struct valuelist *slp; - -#ifdef MAYBE_HESIOD - setprotoent(0); -#else - setprotoent(1); -#endif - while ((pp = getprotoent()) != NULL) { - slp = (struct valuelist *)memget(sizeof(struct valuelist)); - if (!slp) - panic("memget(protoent)", NULL); - slp->name = savestr(pp->p_name, 1); - slp->port = pp->p_proto; /* host byte order */ - slp->next = protolist; - slp->prev = NULL; - if (protolist) - protolist->prev = slp; - protolist = slp; - } - endprotoent(); -} - -void -destroyprotolist() { - struct valuelist *plp, *plp_next; - - for (plp = protolist; plp != NULL; plp = plp_next) { - plp_next = plp->next; - plp->name = freestr(plp->name); - memput(plp, sizeof *plp); - } - protolist = NULL; -} - -static int -findservice(const char *s, struct valuelist **list) { - struct valuelist *lp = *list; - int n; - - for (; lp != NULL; lp = lp->next) - if (strcasecmp(lp->name, s) == 0) { - if (lp != *list) { - lp->prev->next = lp->next; - if (lp->next) - lp->next->prev = lp->prev; - (*list)->prev = lp; - lp->next = *list; - *list = lp; - } - return (lp->port); /* host byte order */ - } - if (sscanf(s, "%d", &n) != 1 || n <= 0) - n = -1; - return (n); -} - -/* - * Convert service name or (ascii) number to int. - */ -int -servicenumber(const char *p) { - return (findservice(p, &servicelist)); -} - -/* - * Convert protocol name or (ascii) number to int. - */ -int -protocolnumber(const char *p) { - return (findservice(p, &protolist)); -} - -static struct servent * -cgetservbyport(u_int16_t port, const char *proto) { /* Host byte order. */ - struct valuelist **list = &servicelist; - struct valuelist *lp = *list; - static struct servent serv; - - port = ntohs(port); - for (; lp != NULL; lp = lp->next) { - if (port != (u_int16_t)lp->port) /* Host byte order. */ - continue; - if (strcasecmp(lp->proto, proto) == 0) { - if (lp != *list) { - lp->prev->next = lp->next; - if (lp->next) - lp->next->prev = lp->prev; - (*list)->prev = lp; - lp->next = *list; - *list = lp; - } - serv.s_name = lp->name; - serv.s_port = htons((u_int16_t)lp->port); - serv.s_proto = lp->proto; - return (&serv); - } - } - return (0); -} - -static struct protoent * -cgetprotobynumber(int proto) { /* Host byte order. */ - struct valuelist **list = &protolist; - struct valuelist *lp = *list; - static struct protoent prot; - - for (; lp != NULL; lp = lp->next) - if (lp->port == proto) { /* Host byte order. */ - if (lp != *list) { - lp->prev->next = lp->next; - if (lp->next) - lp->next->prev = lp->prev; - (*list)->prev = lp; - lp->next = *list; - *list = lp; - } - prot.p_name = lp->name; - prot.p_proto = lp->port; /* Host byte order. */ - return (&prot); - } - return (0); -} - -const char * -protocolname(int num) { - static char number[8]; - struct protoent *pp; - - pp = cgetprotobynumber(num); - if (pp == 0) { - (void) sprintf(number, "%d", num); - return (number); - } - return (pp->p_name); -} - -const char * -servicename(u_int16_t port, const char *proto) { /* Host byte order. */ - static char number[8]; - struct servent *ss; - - ss = cgetservbyport(htons(port), proto); - if (ss == 0) { - (void) sprintf(number, "%d", port); - return (number); - } - return (ss->s_name); -} - -static struct map map_class[] = { - { "in", C_IN }, - { "chaos", C_CHAOS }, - { "hs", C_HS }, - { NULL, 0 } -}; - -int -get_class(const char *class) { - const struct map *mp; - - if (isdigit(*class)) - return (atoi(class)); - for (mp = map_class; mp->token != NULL; mp++) - if (strcasecmp(class, mp->token) == 0) - return (mp->val); - return (C_IN); -} - -/* rm_datum(dp, np, pdp, savedpp) - * remove datum 'dp' from name 'np'. pdp is previous data pointer. - * if savedpp is not NULL, and compiled with BIND_UPDATE, save - * datum dp there rather than freeing the memory (caller will take - * care of freeing it) - * return value: - * "next" field from removed datum, suitable for relinking - */ -struct databuf * -rm_datum(struct databuf *dp, struct namebuf *np, struct databuf *pdp, - struct databuf **savedpp) { - struct databuf *ndp = dp->d_next; - - ns_debug(ns_log_db, 3, "rm_datum(%lx, %lx, %lx, %lx) -> %lx", - (u_long)dp, (u_long)np->n_data, (u_long)pdp, - (u_long)savedpp, (u_long)ndp); - if ((dp->d_flags & DB_F_ACTIVE) == 0) - panic("rm_datum: DB_F_ACTIVE not set", NULL); - if (pdp == NULL) - np->n_data = ndp; - else - pdp->d_next = ndp; - if (savedpp != NULL) { - /* mark deleted or pending deletion */ - dp->d_mark |= D_MARK_DELETED; - dp->d_next = *savedpp; - DRCNTINC(dp); - *savedpp = dp; - } else - dp->d_next = NULL; - dp->d_flags &= ~DB_F_ACTIVE; - db_detach(&dp); - return (ndp); -} - -/* rm_name(np, he, pnp) - * remove name 'np' from parent 'pp'. pnp is previous name pointer. - * return value: - * "next" field from removed name, suitable for relinking. - */ -struct namebuf * -rm_name(struct namebuf *np, struct namebuf **pp, struct namebuf *pnp) { - struct namebuf *nnp = np->n_next; - const char *msg; - - /* verify */ - if ( (np->n_data != NULL && (msg = "data") != NULL) - || (np->n_hash != NULL && (msg = "hash") != NULL) - ) { - ns_panic(ns_log_db, 1, "rm_name(%p(%s)): non-nil %s pointer", - np, NAME(*np), msg); - } - - /* unlink */ - if (pnp) - pnp->n_next = nnp; - else - *pp = nnp; - - /* deallocate */ - memput(np, NAMESIZE(NAMELEN(*np))); - - /* done */ - return (nnp); -} - -void -rm_hash(struct hashbuf *htp) { - REQUIRE(htp != NULL); - REQUIRE(htp->h_cnt == 0); - - memput(htp, HASHSIZE(htp->h_size)); -} - -/* - * Get the domain name of 'np' and put in 'buf'. Bounds checking is done. - */ -void -getname(struct namebuf *np, char *buf, int buflen) { - char *cp; - int i; - - cp = buf; - while (np != NULL) { - i = (int) NAMELEN(*np); - if (i + 1 >= buflen) { - strcpy(buf, "Name_Too_Long"); - return; - } - if (cp != buf) - *cp++ = '.'; - memcpy(cp, NAME(*np), i); - cp += i; - buflen -= i + 1; - np = np->n_parent; - } - *cp = '\0'; -} - -/* u_int - * nhash(name) - * compute hash for this name and return it; ignore case differences - * note: - * this logic is intended to produce the same result as nlookup()'s. - */ -u_int -nhash(const char *name) { - u_char ch; - u_int hval; - - hval = 0; - while ((ch = (u_char)*name++) != (u_char)'\0') - HASHIMILATE(hval, ch); - return (hval); -} - -static void -db_freedata(struct databuf *dp) { - int bytes = BIND_DATASIZE(dp->d_size); - - if (dp->d_rcnt != 0) - panic("db_freedata: d_rcnt != 0", NULL); - if ((dp->d_flags & (DB_F_ACTIVE|DB_F_FREE)) != 0) - panic("db_freedata: %s set", - (dp->d_flags & DB_F_FREE) != 0 ? "DB_F_FREE" : - "DB_F_ACTIVE"); - if (dp->d_next != NULL) - panic("db_free: d_next != NULL", NULL); - dp->d_flags |= DB_F_FREE; -#ifdef CHECK_MAGIC - dp->d_magic = 0; -#endif - memput(dp, bytes); -} - -void -db_detach(struct databuf **dpp) { - struct databuf *dp; - - INSIST(dpp != NULL && *dpp != NULL); - dp = *dpp; -#ifdef CHECK_MAGIC - INSIST(dp->d_magic == DATABUF_MAGIC); -#endif - - DRCNTDEC(dp); - if (dp->d_rcnt == 0) - db_freedata(dp); - *dpp = NULL; -} - -struct lame_hash { - struct lame_hash *next; - char *zone; - char *server; - time_t when; - unsigned int hval; -} **lame_hash = NULL; - -static int lame_hash_size = 0; -static int lame_hash_cnt = 0; - -void -db_lame_add(char *zone, char *server, time_t when) { - unsigned int hval = nhash(zone); - struct lame_hash *last, *this; - struct lame_hash **new; - int n; - int newsize; - - db_lame_clean(); - - /* grow / initalise hash table */ - if (lame_hash_cnt >= lame_hash_size) { - if (lame_hash_size == 0) - newsize = hashsizes[0]; - else { - for (n = 0; (newsize = hashsizes[n++]) != 0; (void)NULL) - if (lame_hash_size == newsize) { - newsize = hashsizes[n]; - break; - } - if (newsize == 0) - newsize = lame_hash_size * 2 + 1; - } - new = memget(newsize * sizeof this); - if (new == NULL) - return; - memset(new, 0, newsize * sizeof this); - for (n = 0 ; n < lame_hash_size; n++) { - this = lame_hash[n]; - while (this) { - last = this; - this = this->next; - last->next = new[hval%newsize]; - new[hval%newsize] = last; - } - } - if (lame_hash != NULL) - memput(lame_hash, lame_hash_size * sizeof this); - lame_hash = new; - lame_hash_size = newsize; - } - - last = NULL; - this = lame_hash[hval%lame_hash_size]; - while (this) { - if ((ns_samename(this->server, server) == 1) && - (ns_samename(this->zone, zone) == 1)) { - this->when = when; - return; - } - last = this; - this = this->next; - } - this = memget(sizeof *this); - if (this == NULL) - return; - this->server = savestr(server, 0); - this->zone = savestr(zone, 0); - if (this->server == NULL || this->zone == NULL) { - if (this->server != NULL) - this->server = freestr(this->server); - if (this->zone != NULL) - this->zone = freestr(this->zone); - memput(this, sizeof *this); - return; - } - this->when = when; - this->hval = hval; - this->next = NULL; - if (last != NULL) - last->next = this; - else - lame_hash[hval%lame_hash_size] = this; - lame_hash_cnt++; -} - -time_t -db_lame_find(char *zone, struct databuf *dp) { - unsigned int hval = nhash(zone); - struct lame_hash *this; - - if (lame_hash_size == 0) { - /* db_lame_destroy() must have been called. */ - dp->d_flags &= ~DB_F_LAME; - return (0); - } - - db_lame_clean(); /* Remove expired record so that we can - * clear DB_F_LAME when there are no - * additions. */ - - this = lame_hash[hval % lame_hash_size]; - while (this) { - if ((ns_samename(this->server, (char*)dp->d_data) == 1) && - (ns_samename(this->zone, zone) == 1)) - return (this->when); - this = this->next; - } - dp->d_flags &= ~DB_F_LAME; - return (0); -} - -void -db_lame_clean(void) { - int i; - struct lame_hash *last, *this; - - for (i = 0 ; i < lame_hash_size; i++) { - last = NULL; - this = lame_hash[i]; - while (this != NULL) { - if (this->when < tt.tv_sec) { - this->zone = freestr(this->zone); - this->server = freestr(this->server); - if (last != NULL) { - last->next = this->next; - memput(this, sizeof *this); - this = last->next; - } else { - lame_hash[i] = this->next; - memput(this, sizeof *this); - this = lame_hash[i]; - } - lame_hash_cnt--; - } else { - last = this; - this = this->next; - } - } - } -} - -void -db_lame_destroy(void) { - int i; - struct lame_hash *last, *this; - - if (lame_hash_size == 0) - return; - - for (i = 0 ; i < lame_hash_size; i++) { - this = lame_hash[i]; - while (this != NULL) { - last = this; - this = this->next; - last->zone = freestr(last->zone); - last->server = freestr(last->server); - memput(last, sizeof *this); - } - } - memput(lame_hash, lame_hash_size * sizeof this); - lame_hash_cnt = 0; - lame_hash_size = 0; - lame_hash = NULL; -} diff --git a/contrib/bind/bin/named/db_ixfr.c b/contrib/bind/bin/named/db_ixfr.c deleted file mode 100644 index fda89a0..0000000 --- a/contrib/bind/bin/named/db_ixfr.c +++ /dev/null @@ -1,984 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static char rcsid[] = "$Id: db_ixfr.c,v 8.32 2002/07/08 06:26:04 marka Exp $"; -#endif - -/* - * Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Check Point Software Technologies Incorporated not be used - * in advertising or publicity pertaining to distribution of the document - * or software without specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES - * INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - * IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED - * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR - * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Manage ixfr transaction log - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/socket.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <errno.h> -#include <netdb.h> -#include <resolv.h> -#include <res_update.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/misc.h> - -#include "port_after.h" - -#include "named.h" - -#define DBIXFR_ERROR (-1) -#define DBIXFR_FOUND_RR 2 -#define DBIXFR_END 3 - -static int ixfr_getdelta(struct zoneinfo *, FILE *, const char *, char *, - ns_updque *, u_int32_t *, u_int32_t *); - -ns_deltalist * -ixfr_get_change_list(struct zoneinfo *zp, - u_int32_t from_serial, u_int32_t to_serial) -{ - FILE * fp = NULL; - u_int32_t old_serial, new_serial; - char origin[MAXDNAME]; - ns_deltalist *dlhead = NULL; - int ret; - ns_updrec *uprec; - ns_delta *dl; - - if (SEQ_GT(from_serial, to_serial)) - return (NULL); - - dlhead = memget(sizeof(*dlhead)); - if (dlhead == NULL) - return (NULL); - INIT_LIST(*dlhead); - - if ((fp = fopen(zp->z_ixfr_base, "r")) == NULL) { - ns_warning(ns_log_db, "%s: %s", - zp->z_ixfr_base, strerror(errno)); - goto cleanup; - } - strcpy(origin, zp->z_origin); - lineno = 1; - old_serial = new_serial = 0; - - for (;;) { - dl = memget(sizeof *dl); - if (dl == NULL) { - ns_warning(ns_log_db, - "ixfr_get_change_list: out of memory"); - goto cleanup; - } - INIT_LINK(dl, d_link); - INIT_LIST(dl->d_changes); - ret = ixfr_getdelta(zp, fp, zp->z_ixfr_base, origin, - &dl->d_changes, &old_serial, &new_serial); - switch (ret) { - case DBIXFR_ERROR: - ns_warning(ns_log_db, "Logical error in %s: unlinking", - zp->z_ixfr_base); - if (fp != NULL) { - (void) my_fclose(fp); - fp = NULL; - } - unlink(zp->z_ixfr_base); - goto cleanup; - - case DBIXFR_FOUND_RR: - ns_debug(ns_log_default, 4, - "ixfr_getdelta DBIXFR_FOUND_RR (%s)", - zp->z_origin); - if (EMPTY(*dlhead)) { - /* skip updates prior to the one we want */ - uprec = HEAD(dl->d_changes); - INSIST(uprec != NULL); - if (SEQ_LT(uprec->r_zone, from_serial) || - SEQ_GT(uprec->r_zone, to_serial)) - { - while ((uprec = HEAD(dl->d_changes)) != NULL) { - UNLINK(dl->d_changes, uprec, r_link); - - if (uprec->r_dp != NULL) - db_detach(&uprec->r_dp); - res_freeupdrec(uprec); - } - memput(dl, sizeof *dl); - break; - } - else if (uprec->r_zone > from_serial) { - /* missed the boat */ - ns_debug(ns_log_default, 3, - "ixfr_getdelta first SOA is %d, asked for %d (%s)", - uprec->r_zone, - from_serial, - zp->z_origin); - goto cleanup; - } - } - ns_debug(ns_log_default, 4, - "adding to change list (%s)", - zp->z_origin); - APPEND(*dlhead, dl, d_link); - break; - - case DBIXFR_END: - ns_debug(ns_log_default, 4, - "ixfr_getdelta DBIXFR_END (%s)", - zp->z_origin); - (void) my_fclose(fp); - memput(dl, sizeof *dl); - return (dlhead); - - default: - (void) my_fclose(fp); - if (dl != NULL) - memput(dl, sizeof *dl); - return (NULL); - } - } - - cleanup: - if (fp != NULL) - (void) my_fclose(fp); - - while ((dl = HEAD(*dlhead)) != NULL) { - UNLINK(*dlhead, dl, d_link); - while ((uprec = HEAD(dl->d_changes)) != NULL) { - UNLINK(dl->d_changes, uprec, r_link); - - if (uprec->r_dp != NULL) - db_detach(&uprec->r_dp); - uprec->r_dp = NULL; - res_freeupdrec(uprec); - } - memput(dl, sizeof *dl); - } - memput(dlhead, sizeof *dlhead); - return (NULL); -} - -/* - * int ixfr_have_log(struct zoneinfo *zp,u_int32_t from_serial, - * u_int32_t to_serial) - * - * verify that ixfr transaction log contains changes - * from from_serial to to_serial - * - * returns: - * 0 = serial number is up to date - * 1 = transmission is possible - * -1 = error while opening the ixfr transaction log - * -2 = error in parameters - * -3 = logical error in the history file - */ -int -ixfr_have_log(struct zoneinfo *zp, u_int32_t from_serial, u_int32_t to_serial) -{ - FILE *fp; - u_int32_t old_serial = 0, new_serial = 0; - u_int32_t last_serial = 0; - u_int32_t first_serial = 0; - char buf[BUFSIZ]; - char *cp; - struct stat st; - int nonempty_lineno = -1, prev_pktdone = 0, cont = 0, - inside_next = 0; - int err; - int first = 0; - int rval = 0; - int id, rcode = NOERROR; - if (SEQ_GT(from_serial, to_serial)) - return (-2); - if (from_serial == to_serial) - return (0); - /* If there is no log file, just return. */ - if (zp->z_ixfr_base == NULL || zp->z_updatelog == NULL) - return (-1); - if (zp->z_serial_ixfr_start > 0) { - if (from_serial >= zp->z_serial_ixfr_start) - return (1); - } - if (stat(zp->z_ixfr_base, &st) < 0) { - if (errno != ENOENT) - ns_error(ns_log_db, - "unexpected stat(%s) failure: %s", - zp->z_ixfr_base, strerror(errno)); - return (-1); - } - if ((fp = fopen(zp->z_ixfr_base, "r")) == NULL) { - ns_warning(ns_log_db, "%s: %s", - zp->z_ixfr_base, strerror(errno)); - return (-1); - } - if (fgets(buf, sizeof(buf), fp) == NULL) { - ns_error(ns_log_update, "fgets() from %s failed: %s", - zp->z_ixfr_base, strerror(errno)); - fclose(fp); - return (-1); - } - if (strcmp(buf, LogSignature) != 0) { - ns_error(ns_log_update, "invalid log file %s", - zp->z_ixfr_base); - fclose(fp); - return (-3); - } - lineno = 1; - first = 1; - for (;;) { - if (getword(buf, sizeof buf, fp, 0)) { - nonempty_lineno = lineno; - } else { - if (lineno == (nonempty_lineno + 1)) - continue; - inside_next = 0; - prev_pktdone = 1; - cont = 1; - } - if (!strcasecmp(buf, "[DYNAMIC_UPDATE]") || - !strcasecmp(buf, "[IXFR_UPDATE]")) { - err = 0; - rcode = NOERROR; - cp = fgets(buf, sizeof buf, fp); - if (cp != NULL) - lineno++; - if (cp == NULL || !sscanf((char *) cp, "id %d", &id)) - id = -1; - inside_next = 1; - prev_pktdone = 1; - cont = 1; - } else if (!strcasecmp(buf, "serial")) { - cp = fgets(buf, sizeof buf, fp); - if (cp != NULL) - lineno++; - if (sscanf((char *) cp, "%u", &old_serial)) { - if (first == 1) { - first = 0; - first_serial = old_serial; - } - last_serial = old_serial; - if (from_serial >= old_serial) { - rval = 1; - } - } - prev_pktdone = 1; - cont = 1; - } else if (!strcasecmp(buf, "[INCR_SERIAL]")) { - /* XXXRTH not enough error checking here */ - cp = fgets(buf, sizeof buf, fp); - if (cp != NULL) - lineno++; - if (cp == NULL || - sscanf((char *) cp, "from %u to %u", - &old_serial, &new_serial) != 2) { - rval = -3; - break; - } else if (from_serial >= old_serial) { - if (first == 1) { - first = 0; - first_serial = old_serial; - } - last_serial = old_serial; - rval = 1; - } - } - if (prev_pktdone) { - prev_pktdone = 0; - if (feof(fp)) - break; - } - } - fclose(fp); - if (last_serial +1 < zp->z_serial) { - ns_warning(ns_log_db, - "%s: File Deleted. Found gap between serial:" - " %d and current serial: %d", - zp->z_ixfr_base, last_serial, zp->z_serial); - (void) unlink(zp->z_ixfr_base); - rval = -3; - } - if (from_serial < first_serial || from_serial > last_serial) - rval = -3; - if (rval == 1) - zp->z_serial_ixfr_start = first_serial; - return (rval); -} - -/* from db_load.c */ - -static struct map m_section[] = { - {"zone", S_ZONE}, - {"prereq", S_PREREQ}, - {"update", S_UPDATE}, - {"reserved", S_ADDT}, -}; -#define M_SECTION_CNT (sizeof(m_section) / sizeof(struct map)) - -/* from ns_req.c */ - -static struct map m_opcode[] = { - {"nxdomain", NXDOMAIN}, - {"yxdomain", YXDOMAIN}, - {"nxrrset", NXRRSET}, - {"yxrrset", YXRRSET}, - {"delete", DELETE}, - {"add", ADD}, -}; -#define M_OPCODE_CNT (sizeof(m_opcode) / sizeof(struct map)) - -/* XXXRTH workaround map difficulties */ -#define M_CLASS_CNT m_class_cnt -#define M_TYPE_CNT m_type_cnt - -/* - * read a line from the history of a zone. - * - * returns: - * - * DBIXFR_ERROR = an error occured - * DBIXFR_FOUND_RR = a rr encountered - * DBIXFR_END = end of file - */ -static int -ixfr_getdelta(struct zoneinfo *zp, FILE *fp, const char *filename, char *origin, - ns_updque *listuprec, u_int32_t *old_serial, - u_int32_t *new_serial) -{ - char data[MAXDATA], dnbuf[MAXDNAME], sclass[3]; - char *dname, *cp, *cp1; - char buf[MAXDATA]; - long unsigned lutmp; - u_int32_t serial = 0, ttl; - u_int32_t current_serial = 0; - int nonempty_lineno = -1, prev_pktdone = 0, cont = 0, - inside_next = 0; - int id; - int i, c, section, opcode, matches, zonenum, err, multiline; - int type, class; - u_int32_t n; - enum transport transport; - struct map *mp; - int zonelist[MAXDNAME]; - struct in_addr ina; - int datasize; - ns_updrec * rrecp; - u_long l; - -#define ERRTO(msg) if (1) { errtype = msg; goto err; } else (void)NULL - - err = 0; - transport = primary_trans; - lineno = 1; - zonenum = 0; - - /* - * Look for serial if "first" call othewise use new_serial to - * for current_serial. - */ - if (*old_serial == *new_serial && *old_serial == 0) - current_serial = 0; - else - current_serial = *new_serial; - - for (;;) { - dname = NULL; - if (!getword(buf, sizeof buf, fp, 0)) { - if (lineno == (nonempty_lineno + 1) && !(feof(fp))) { - /* - * End of a nonempty line inside an update - * packet or not inside an update packet. - */ - continue; - } - /* - * Empty line or EOF. - */ - if (feof(fp)) - break; - inside_next = 0; - cont = 1; - } else { - nonempty_lineno = lineno; - } - - if (!strcasecmp(buf, "[DYNAMIC_UPDATE]") || - !strcasecmp(buf, "[IXFR_UPDATE]")) { - cp = fgets(buf, sizeof buf, fp); - if (cp != NULL) - lineno++; - if (cp == NULL || !sscanf((char *) cp, "id %d", &id)) - id = -1; - inside_next = 1; - cont = 1; - } else if (!strcasecmp(buf, "[INCR_SERIAL]")) { - /* XXXRTH not enough error checking here */ - cp = fgets(buf, sizeof buf, fp); - if (cp != NULL) - lineno++; - if (cp == NULL || - sscanf((char *) cp, "from %u to %u", - old_serial, new_serial) != 2) { - ns_error(ns_log_update, - "incr_serial problem with %s", - zp->z_updatelog); - } else { - serial = get_serial(zp); - } - cont = 1; - } else if (!strcasecmp(buf, "[END_DELTA]")) { - prev_pktdone = 1; - cont = 1; - lineno++; - } - if (prev_pktdone) { - if (!EMPTY(*listuprec)) { - n++; - return (DBIXFR_FOUND_RR); - } - prev_pktdone = 0; - } - if (cont) { - cont = 0; - continue; - } - if (!inside_next) - continue; - /* - * inside the same update packet, continue accumulating - * records. - */ - section = -1; - n = strlen(buf); - if (buf[n - 1] == ':') - buf[--n] = '\0'; - for (mp = m_section; mp < m_section + M_SECTION_CNT; mp++) - if (!strcasecmp(buf, mp->token)) { - section = mp->val; - break; - } - ttl = 0; - type = -1; - class = zp->z_class; - n = 0; - data[0] = '\0'; - opcode = -1; - switch (section) { - case S_ZONE: - cp = fgets(buf, sizeof buf, fp); - if (!cp) - *buf = '\0'; - n = sscanf(cp, "origin %s class %s serial %lu", - origin, sclass, &lutmp); - serial = lutmp; - if (current_serial == 0) - current_serial = serial; - else if (current_serial != serial) { - ns_debug(ns_log_update, 1, - "%s:line %d serial # askew %d %d", - filename, lineno, serial, - current_serial); - current_serial = serial; - err++; - } - if (n != 3 || ns_samename(origin, zp->z_origin) != 1) - err++; - if (cp) - lineno++; - if (!err && inside_next) { - int success; - - dname = origin; - type = T_SOA; - class = res_nametoclass(sclass, &success); - if (!success) { - err++; - break; - } - matches = findzone(dname, class, 0, - zonelist, MAXDNAME); - if (matches) - zonenum = zonelist[0]; - else - err++; - } - break; - case S_PREREQ: - case S_UPDATE: - /* Operation code. */ - if (!getword(buf, sizeof buf, fp, 0)) { - err++; - break; - } - if (buf[0] == '{') { - n = strlen(buf); - for (i = 0; (u_int32_t) i < n; i++) - buf[i] = buf[i + 1]; - if (buf[n - 2] == '}') - buf[n - 2] = '\0'; - } - for (mp = m_opcode; mp < m_opcode + M_OPCODE_CNT; mp++) - if (!strcasecmp(buf, mp->token)) { - opcode = mp->val; - break; - } - if (opcode == -1) { - err++; - break; - } - /* Owner's domain name. */ - if (!getword((char *) dnbuf, sizeof dnbuf, fp, 0)) { - err++; - break; - } - n = strlen((char *) dnbuf) - 1; - if (dnbuf[n] == '.') - dnbuf[n] = '\0'; - dname = dnbuf; - ttl = 0; - type = -1; - class = zp->z_class; - n = 0; - data[0] = '\0'; - (void) getword(buf, sizeof buf, fp, 1); - if (isdigit(buf[0])) { /* ttl */ - if (ns_parse_ttl(buf, &l) < 0) { - err++; - break; - } - ttl = l; - (void) getword(buf, sizeof buf, fp, 1); - } - /* possibly class */ - if (buf[0] != '\0') { - int success; - int maybe_class; - - maybe_class = res_nametoclass(buf, &success); - if (success) { - class = maybe_class; - (void) getword(buf, sizeof buf, fp, 1); - } - } - /* possibly type */ - if (buf[0] != '\0') { - int success; - int maybe_type; - - maybe_type = res_nametotype(buf, &success); - - if (success) { - type = maybe_type; - (void) getword(buf, sizeof buf, fp, 1); - } - } - if (buf[0] != '\0') /* possibly rdata */ - /* - * Convert the ascii data 'buf' to the proper - * format based on the type and pack into - * 'data'. - * - * XXX - same as in db_load(), consolidation - * needed - */ - switch (type) { - case T_A: - if (!inet_aton(buf, &ina)) { - err++; - break; - } - n = ntohl(ina.s_addr); - cp = data; - PUTLONG(n, cp); - n = INT32SZ; - break; - case T_HINFO: - case T_ISDN: - n = strlen(buf); - data[0] = n; - memcpy(data + 1, buf, n); - n++; - if (!getword(buf, sizeof buf, fp, 0)) { - i = 0; - } else { - endline(fp); - i = strlen(buf); - } - data[n] = i; - n++; - memcpy(data + n + 1, buf, i); - n += i; - break; - case T_SOA: - case T_MINFO: - case T_RP: - (void) strcpy(data, buf); - cp = data + strlen(data) + 1; - if (!getword((char *) cp, - sizeof data - (cp - data), - fp, 1)) { - err++; - break; - } - cp += strlen((char *) cp) + 1; - if (type != T_SOA) { - n = cp - data; - break; - } - if (class != zp->z_class || - ns_samename(dname, zp->z_origin) != 1) { - err++; - break; - } - c = getnonblank(fp, zp->z_updatelog, 0); - if (c == '(') { - multiline = 1; - } else { - multiline = 0; - ungetc(c, fp); - } - n = getnum(fp, zp->z_updatelog, GETNUM_SERIAL, - &multiline); - if (getnum_error) { - err++; - break; - } - if (opcode == ADD) - *new_serial = n; - current_serial = n; - PUTLONG(n, cp); - for (i = 0; i < 4; i++) { - if (!getword(buf, sizeof buf, fp, 1)) { - err++; - break; - } - if (ns_parse_ttl(buf, &l) < 0) { - err++; - break; - } - n = l; - PUTLONG(n, cp); - } - if (multiline) { - c = getnonblank(fp, zp->z_updatelog, 1); - if (c != ')') { - ungetc(c, fp); - err++; - break; - } - } - endline(fp); - n = cp - data; - break; - case T_WKS: - if (!inet_aton(buf, &ina)) { - err++; - break; - } - n = ntohl(ina.s_addr); - cp = data; - PUTLONG(n, cp); - *cp = (char) getprotocol(fp, zp->z_updatelog); - n = INT32SZ + sizeof(char); - n = getservices((int) n, data, - fp, zp->z_updatelog); - break; - case T_NS: - case T_CNAME: - case T_MB: - case T_MG: - case T_MR: - case T_PTR: - (void) strcpy(data, buf); - if (makename(data, origin, - sizeof(data)) == -1) { - err++; - break; - } - n = strlen(data) + 1; - break; - case T_MX: - case T_AFSDB: - case T_RT: - n = 0; - cp = buf; - while (isdigit(*cp)) - n = n * 10 + (*cp++ - '0'); - /* catch bad values */ - cp = data; - PUTSHORT((u_int16_t) n, cp); - if (!getword(buf, sizeof(buf), fp, 1)) { - err++; - break; - } - (void) strcpy((char *) cp, buf); - if (makename((char *) cp, origin, - sizeof(data) - (cp - data)) == -1) - { - err++; - break; - } - /* advance pointer to end of data */ - cp += strlen((char *) cp) + 1; - /* now save length */ - n = (cp - data); - break; - case T_PX: - n = 0; - data[0] = '\0'; - cp = buf; - while (isdigit(*cp)) - n = n * 10 + (*cp++ - '0'); - cp = data; - PUTSHORT((u_int16_t) n, cp); - for (i = 0; i < 2; i++) { - if (!getword(buf, sizeof(buf), fp, 0)) - { - err++; - break; - } - (void) strcpy((char *) cp, buf); - cp += strlen((char *) cp) + 1; - } - n = cp - data; - break; - case T_TXT: - case T_X25: - i = strlen(buf); - cp = data; - datasize = sizeof data; - cp1 = buf; - while (i > MAXCHARSTRING) { - if (datasize <= MAXCHARSTRING) { - ns_error(ns_log_update, - "record too big"); - return (-1); - } - datasize -= MAXCHARSTRING; - *cp++ = (char)MAXCHARSTRING; - memcpy(cp, cp1, MAXCHARSTRING); - cp += MAXCHARSTRING; - cp1 += MAXCHARSTRING; - i -= MAXCHARSTRING; - } - if (datasize < i + 1) { - ns_error(ns_log_update, - "record too big"); - return (-1); - } - *cp++ = i; - memcpy(cp, cp1, i); - cp += i; - n = cp - data; - endline(fp); - /* XXXVIX: segmented texts 4.9.5 */ - break; - case T_NSAP: - n = inet_nsap_addr(buf, (u_char *) data, - sizeof data); - endline(fp); - break; - case T_LOC: - cp = buf + (n = strlen(buf)); - *cp = ' '; - cp++; - while ((i = getc(fp), *cp = i, i != EOF) - && *cp != '\n' && (n < MAXDATA)) - { - cp++; - n++; - } - if (*cp == '\n') - ungetc(*cp, fp); - *cp = '\0'; - n = loc_aton(buf, (u_char *) data); - if (n == 0) { - err++; - break; - } - endline(fp); - break; - case ns_t_sig: - case ns_t_nxt: - case ns_t_key: - case ns_t_cert:{ - const char *errmsg = NULL; - - n = parse_sec_rdata(buf, sizeof(buf), 1, - (u_char *) data, - sizeof(data), - fp, zp, dname, ttl, - type, domain_ctx, - transport, &errmsg); - if (errmsg) { - err++; - endline(fp); - n = 0; - } - break; - } - default: - if (strcmp(buf, "\\#") != 0) { - err++; - break; - } - if (!getword(buf, sizeof buf, fp, 0) || - !isdigit((unsigned char)buf[0])) { - err++; - break; - } - errno = 0; - n = strtoul(buf, &cp, 10); - if (errno != 0 || n > 0xffff || *cp != '\0') { - err++; - break; - } - multiline = 0; - i = isc_gethexstring((u_char *)data, - sizeof(data), n, fp, - &multiline); - if (i == -1) { - err++; - break; - } - if (multiline) { - c = getnonblank(fp, zp->z_updatelog, 1); - if (c != ')') { - ungetc(c, fp); - err++; - break; - } - multiline = 0; - } - endline(fp); - } - if (section == S_PREREQ) { - ttl = 0; - if (opcode == NXDOMAIN) { - class = C_NONE; - type = T_ANY; - n = 0; - } else if (opcode == YXDOMAIN) { - class = C_ANY; - type = T_ANY; - n = 0; - } else if (opcode == NXRRSET) { - class = C_NONE; - n = 0; - } else if (opcode == YXRRSET) { - if (n == 0) - class = C_ANY; - } - } else {/* section == S_UPDATE */ - if (opcode == DELETE) { - if (n == 0) { - class = C_ANY; - if (type == -1) - type = T_ANY; - } else { - class = zp->z_class; - } - } - } - break; - case S_ADDT: - default: - ns_debug(ns_log_update, 1, - "cannot interpret section: %d", section); - inside_next = 0; - err++; - } - if (err) { - inside_next = 0; - ns_debug(ns_log_update, 1, - "merge of update id %d failed due to error at line %d", - id, lineno); - return (DBIXFR_ERROR); - } - rrecp = res_mkupdrec(section, dname, class, type, ttl); - if (section != S_ZONE) { - struct databuf *dp; - dp = savedata(class, type, ttl, (u_char *) data, n); - dp->d_zone = zonenum; - dp->d_cred = DB_C_ZONE; - dp->d_clev = nlabels(zp->z_origin); - rrecp->r_dp = dp; - rrecp->r_opcode = opcode; - } else { - rrecp->r_zone = zonenum; - rrecp->r_opcode = opcode; - } - - /* remove add/delete pairs */ - if (section == S_UPDATE) { - ns_updrec *arp; - int foundmatch; - - arp = TAIL(*listuprec); - foundmatch = 0; - while (arp) { - if (arp->r_section == S_UPDATE && - ((arp->r_opcode == DELETE && - opcode == ADD) || - (opcode == DELETE && - arp->r_opcode == ADD)) && - arp->r_dp->d_type == rrecp->r_dp->d_type && - arp->r_dp->d_class == rrecp->r_dp->d_class && - arp->r_dp->d_ttl == rrecp->r_dp->d_ttl && - ns_samename(arp->r_dname, dname) == 1 && - db_cmp(arp->r_dp, rrecp->r_dp) == 0) { - db_detach(&rrecp->r_dp); - db_detach(&arp->r_dp); - UNLINK(*listuprec, arp, r_link); - res_freeupdrec(arp); - res_freeupdrec(rrecp); - foundmatch = 1; - break; - } - arp = PREV(arp, r_link); - } - if (foundmatch) - continue; - } - - APPEND(*listuprec, rrecp, r_link); - /* Override zone number with current zone serial number */ - rrecp->r_zone = serial; - } - - if (err) - return (DBIXFR_ERROR); - - return (DBIXFR_END); -} - diff --git a/contrib/bind/bin/named/db_load.c b/contrib/bind/bin/named/db_load.c deleted file mode 100644 index 2b00729..0000000 --- a/contrib/bind/bin/named/db_load.c +++ /dev/null @@ -1,2747 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)db_load.c 4.38 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: db_load.c,v 8.123 2002/08/20 04:27:23 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1988, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Load zone from ASCII file on local host. Format similar to RFC 883. - */ - -/* Import. */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <errno.h> -#include <netdb.h> -#include <resolv.h> -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/misc.h> - -#include "port_after.h" - -#include "named.h" - -/* Forward. */ - -static int gettoken(FILE *, const char *); -static int getcharstring(char *, char *, int, int, int, FILE *, - const char *); -static int genname(char *, int, const char *, char *, int); -static int getmlword(char *, size_t, FILE *, int); -static int getallwords(char *, size_t, FILE *, int); -static u_int32_t wordtouint32(char *); -static void fixup_soa(const char *fn, struct zoneinfo *zp); -static int get_nxt_types(u_char *, FILE *, const char *); - -static int parse_sig_rr(char *, int, u_char *, int, FILE *, - struct zoneinfo *, char *, u_int32_t , - enum context, enum transport, - const char **); -static int parse_key_rr(char *, int, u_char *, int, FILE *, - const char **); - -static int parse_cert_rr(char *, int, u_char *, int, FILE *, - const char **); -static int parse_nxt_rr(char *, u_char *, int, FILE *, - struct zoneinfo *, char *, enum context, - enum transport, const char **); - - -static int wordtouint32_error = 0; -static int empty_token = 0; -static int getmlword_nesting = 0; - -/* Global. */ - -static int clev; /* a zone deeper in a hierarchy has more credibility */ - -/* - * Parser token values - */ -#define CURRENT 1 -#define DOT 2 -#define AT 3 -#define DNAME 4 -#define INCLUDE 5 -#define ORIGIN 6 -#define GENERATE 7 -#define DEFAULTTTL 8 -#define ERRTOK 9 - -#define MAKENAME_OK(N) \ - do { \ - if (!makename_ok(N, origin, class, zp, \ - transport, context, \ - domain, filename, lineno, \ - data_size - ((u_char*)N - data))) { \ - errs++; \ - sprintf(buf, "bad name \"%s\"", N); \ - goto err; \ - } \ - } while (0) - -#define MAKENAME_OKZP(N, SI) \ - do { \ - if (!makename_ok(N, zp->z_origin, zp->z_class, zp, \ - transport, context, \ - domain, zp->z_source, lineno, \ - SI - ((u_char*)N - data))) { \ - errs++; \ - sprintf(buf, "bad name \"%s\"", N); \ - goto err; \ - } \ - } while (0) - -#define RANGE(x, min, max) \ - (((x) > (max)) ? (max) : (((x) < (min)) ? (min) : (x))) - -/* Public. */ - -/* int - * db_load(filename, in_origin, zp, def_domain, isixfr) - * load a database from `filename' into zone `zp'. append `in_origin' - * to all nonterminal domain names in the file. `def_domain' is the - * default domain for include files or NULL for zone base files. - * returns: - * -1 = can't open file - * 0 = success - * >0 = number of errors encountered - */ -int -db_load(const char *filename, const char *in_origin, - struct zoneinfo *zp, const char *def_domain, int isixfr) -{ - static int read_soa, read_ns, rrcount; - static u_int32_t default_ttl, default_warn; - static struct filenames { - struct filenames *next; - char *name; - } *filenames, *fn; - - const char *errtype = "Database"; - char *cp; - char domain[MAXDNAME], origin[MAXDNAME], tmporigin[MAXDNAME]; - char buf[MAXDATA]; - char genlhs[MAXDNAME], genrhs[MAXDNAME]; - u_char data[MAXDATA]; - unsigned int data_size = sizeof(data); - int c, someclass, class, type, dbflags, dataflags, multiline = 0; - int slineno, i, errs, didinclude, ininclude, escape, success; - u_int32_t ttl, n, serial; - u_long tmplong; - struct databuf *dp; - FILE *fp; - struct stat sb; - struct in_addr ina; - enum transport transport; - enum context context; - struct sockaddr_in empty_from; - int genstart, genend, genstep; - char *thisfile; - void *state = NULL; - int loggenerr; - - empty_from.sin_family = AF_INET; - empty_from.sin_addr.s_addr = htonl(INADDR_ANY); - empty_from.sin_port = htons(0); - -/* - * We use an 'if' inside of the 'do' below because otherwise the Solaris - * compiler detects that the 'while' is never executed because of the 'goto' - * and complains. - */ -#define ERRTO(msg) do { if (1) { errtype = msg; goto err; } } while (0) -#define ERRTOZ(msg) do { if (1) { errtype = msg; buf[0] = '\0'; goto err; } } while (0) - - switch (zp->z_type) { - case Z_PRIMARY: - /* Any updates should be saved before we attempt to reload. */ - INSIST((zp->z_flags & (Z_NEED_DUMP|Z_NEED_SOAUPDATE)) == 0); - case Z_HINT: - if (filename == NULL) { - ns_error(ns_log_load, - "Required filename not specified for Hint zone"); - zp->z_flags |= Z_DB_BAD; - zp->z_ftime = 0; - return (0); - } - transport = primary_trans; - break; - case Z_SECONDARY: - case Z_STUB: - transport = secondary_trans; - break; - case Z_CACHE: - transport = response_trans; - break; - default: - transport = response_trans; /*guessing*/ - break; - } - errs = 0; - didinclude = 0; - ininclude = (def_domain != NULL); - if (!ininclude) { - rrcount = 0; - read_soa = 0; - read_ns = 0; - default_ttl = USE_MINIMUM; - default_warn = 1; - clev = nlabels(in_origin); - filenames = NULL; - zp->z_minimum = USE_MINIMUM; - } - ttl = default_ttl; - - ns_debug(ns_log_load, 1, "db_load(%s, %s, %d, %s, %s)", - filename, in_origin, zp - zones, - def_domain ? def_domain : "Nil", isixfr ? "IXFR" : "Normal"); - - fn = (struct filenames *)memget(sizeof *filenames); - if (fn == NULL) - ns_panic(ns_log_db, 0, "db_load: memget failed"); - thisfile = fn->name = savestr(filename, 1); - fn->next = filenames; - filenames = fn; - - strcpy(origin, in_origin); - if ((fp = fopen(filename, "r")) == NULL) { - ns_warning(ns_log_load, "db_load could not open: %s: %s", - filename, strerror(errno)); - zp->z_ftime = 0; - if (ininclude) - return (-1); - errs = -1; - goto cleanup; - } - if (zp->z_type == Z_HINT) { - dbflags = DB_NODATA | DB_NOHINTS; - dataflags = DB_F_HINT; -#ifdef STUBS - } else if (zp->z_type == Z_STUB && clev == 0) { - dbflags = DB_NODATA | DB_NOHINTS; - dataflags = DB_F_HINT; -#endif - } else { - dbflags = DB_NODATA; - dataflags = 0; - } - gettime(&tt); - if (fstat(fileno(fp), &sb) < 0) { - ns_warning(ns_log_load, "fstat failed: %s: %s", - filename, strerror(errno)); - sb.st_mtime = (int)tt.tv_sec; - } - slineno = lineno; - lineno = 1; - if (def_domain) - strcpy(domain, def_domain); - else - domain[0] = '\0'; - class = zp->z_class; - zp->z_flags &= ~(Z_INCLUDE|Z_DB_BAD); - while ((c = gettoken(fp, filename)) != EOF) { - switch (c) { - case INCLUDE: - if (isixfr) { - c = ERRTOK; - break; - } - if (!getword(buf, sizeof buf, fp, 0)) - /* file name*/ - break; - if (!getword(tmporigin, sizeof(tmporigin), fp, 1)) - strcpy(tmporigin, origin); - else { - if (makename(tmporigin, origin, - sizeof(tmporigin)) == -1) - ERRTO("$INCLUDE makename failed"); - endline(fp); - } - didinclude = 1; - i = db_load(buf, tmporigin, zp, domain, ISNOTIXFR); - errs += (i == -1) ? 1 : i; - continue; - - case ORIGIN: - (void) strcpy(buf, origin); - if (!getword(origin, sizeof(origin), fp, 1)) - break; - ns_debug(ns_log_load, 3, "db_load: origin %s, buf %s", - origin, buf); - if (makename(origin, buf, sizeof(origin)) == -1) - ERRTO("$ORIGIN makename failed"); - ns_debug(ns_log_load, 3, "db_load: origin now %s", - origin); - continue; - - case GENERATE: - if (!getword(buf, sizeof(buf), fp, 0)) - ERRTOZ("$GENERATE missing RANGE"); - n = sscanf(buf, "%d-%d/%d", &genstart, &genend, - &genstep); - if (n != 2 && n != 3) - ERRTO("$GENERATE invalid range"); - if (n == 2) - genstep = 1; - if ((genend < genstart) || (genstart < 0) || - (genstep < 0)) - ERRTO("$GENERATE invalid range"); - if (!getword(genlhs, sizeof(genlhs), fp, 2)) - ERRTOZ("$GENERATE missing LHS"); - if (!getword(buf, sizeof(buf), fp, 0)) - ERRTOZ("GENERATE missing TYPE"); - type = res_nametotype(buf, &success); - if (success == 0 || type == ns_t_any) { - ns_info(ns_log_load, - "%s: Line %d: $GENERATE unknown type: %s.", - filename, lineno, buf); - errs++; - endline(fp); - continue; - } - switch (type) { - case ns_t_ns: - case ns_t_ptr: - case ns_t_cname: - case ns_t_a: - case ns_t_aaaa: - break; - default: - ERRTO("$GENERATE unsupported type"); - } - if (!getword(genrhs, sizeof(genrhs), fp, 2)) - ERRTOZ("$GENERATE missing RHS"); - loggenerr = 1; - for (i = genstart; i <= genend; i += genstep) { - if (genname(genlhs, i, origin, domain, - sizeof domain) == -1) - ERRTOZ("$GENERATE genname LHS failed"); - if (!ns_samedomain(domain, zp->z_origin)) { - /* Log first per $GENERATE. */ - if (loggenerr) { - ns_info(ns_log_load, - "%s:%d: $GENERATE LHS out of zone (ignored)", - filename, lineno); - loggenerr = 0; - } - continue; - } - context = ns_ownercontext(type, transport); - if (!ns_nameok(NULL, domain, class, zp, transport, - context, domain, inaddr_any)) { - strcpy(buf, domain); - ERRTO("$GENERATE owner name error"); - } - switch (type) { - case ns_t_ns: - case ns_t_ptr: - case ns_t_cname: - if (genname(genrhs, i, origin, (char *)data, - sizeof data) == -1) - ERRTOZ("$GENERATE genname RHS failed"); - switch (type) { - case ns_t_ns: - context = hostname_ctx; - break; - case ns_t_ptr: - context = ns_ptrcontext(domain); - break; - case ns_t_cname: - context = domain_ctx; - break; - } - if (!ns_nameok(NULL, (char *)data, class, zp, - transport, context, - domain, inaddr_any)) { - strncpy(buf, domain, sizeof(buf)); - buf[sizeof(buf)-1] = '\0'; - ERRTO("$GENERATE name error"); - } - n = strlen((char *)data) + 1; - break; - case ns_t_a: - case ns_t_aaaa: - if (genname(genrhs, i, NULL, (char *)data, - sizeof data) == -1) - ERRTOZ("$GENERATE genname RHS failed"); - strncpy(buf, (char*)data, sizeof(buf)); - buf[sizeof(buf)-1] = '\0'; - switch (type) { - case ns_t_a: - if (!inet_aton(buf, &ina)) - ERRTO("IP Address"); - (void) ina_put(ina, data); - n = NS_INT32SZ; - break; - case ns_t_aaaa: - if (inet_pton(AF_INET6, buf, data) <= 0) - ERRTO("IPv6 Address"); - n = NS_IN6ADDRSZ; - break; - } - break; - default: - ERRTOZ("$GENERATE unsupported context"); - } - dp = savedata(class, type, (u_int32_t)ttl, - (u_char *)data, (int)n); - dp->d_zone = zp - zones; - dp->d_flags = dataflags; - dp->d_cred = DB_C_ZONE; - dp->d_clev = clev; - c = db_set_update(domain, dp, &state, dbflags, - (dataflags & DB_F_HINT) != 0 ? - &fcachetab : &hashtab, - empty_from, &rrcount, lineno, - filename); - if (c != OK) { - if (c == CNAMEANDOTHER || c == NONGLUE) - errs++; - } - db_detach(&dp); - } - endline(fp); - continue; - - case DNAME: - if (!getword(domain, sizeof(domain), fp, 1)) - break; - if (makename(domain, origin, sizeof(domain)) == -1) - ERRTO("ownername makename failed"); - goto gotdomain; - - case DEFAULTTTL: - if (getttl(fp, filename, lineno, &n, - &multiline) <= 0 || n > MAXIMUM_TTL) { - ERRTO("$TTL bad TTL value"); - } - ttl = default_ttl = n; - continue; - - case AT: - (void) strcpy(domain, origin); - goto gotdomain; - - case DOT: - domain[0] = '\0'; - /* FALLTHROUGH */ - case CURRENT: - gotdomain: - if (!getword(buf, sizeof buf, fp, 0)) { - if (c == CURRENT) - continue; - break; - } - if (ns_parse_ttl(buf, &tmplong) < 0) { - if (zp->z_type == z_master && - default_warn && - (default_ttl == USE_MINIMUM)) { - ns_warning(ns_log_load, - "Zone \"%s\" (file %s): %s", - zp->z_origin, filename, - "No default TTL ($TTL <value>) set, using SOA minimum instead"); - default_warn = 0; - } - ttl = (u_int32_t)default_ttl; - } else { - ttl = tmplong; - if (ttl > MAXIMUM_TTL) { - ns_info(ns_log_load, - "%s: Line %d: TTL > %u; converted to 0", - filename, lineno, MAXIMUM_TTL); - ttl = 0; - } - if (zp->z_type == Z_CACHE) { - /* - * This allows the cache entry to age - * while sitting on disk (powered off). - */ - if (ttl > max_cache_ttl) - ttl = max_cache_ttl; - ttl += sb.st_mtime; - } - if (!getword(buf, sizeof buf, fp, 0)) - break; - } - - /* Parse class (IN, etc) */ - someclass = res_nametoclass(buf, &success); - if (success && someclass != zp->z_class) { - ns_info(ns_log_load, - "%s: Line %d: wrong class: %s.", - filename, lineno, - p_class(someclass)); - errs++; - break; - } - if (success && someclass != C_ANY) { - class = someclass; - (void) getword(buf, sizeof buf, fp, 0); - } - - /* Parse RR type (A, MX, etc) */ - type = res_nametotype(buf, &success); - if (success == 0 || type == ns_t_any) { - ns_info(ns_log_load, - "%s: Line %d: Unknown type: %s.", - filename, lineno, buf); - errs++; - break; - } - if (ttl == USE_MINIMUM) - ttl = zp->z_minimum; - context = ns_ownercontext(type, transport); - if (!ns_nameok(NULL, domain, class, zp, transport, context, - domain, inaddr_any)) { - errs++; - ns_notice(ns_log_load, - "%s:%d: owner name error", - filename, lineno); - break; - } - context = domain_ctx; - switch (type) { - case ns_t_key: - case ns_t_sig: - case ns_t_nxt: - case ns_t_cert: - /* - * Don't do anything here for these types -- - * they read their own input separately later. - */ - goto dont_get_word; - - case ns_t_soa: - case ns_t_minfo: - case ns_t_rp: - case ns_t_ns: - case ns_t_cname: - case ns_t_mb: - case ns_t_mg: - case ns_t_mr: - case ns_t_ptr: - escape = 1; - break; - case ns_t_a: - case ns_t_md: - case ns_t_mf: - case ns_t_null: - case ns_t_hinfo: - case ns_t_mx: - case ns_t_txt: - case ns_t_afsdb: - case ns_t_x25: - case ns_t_isdn: - case ns_t_rt: - case ns_t_nsap: - case ns_t_nsap_ptr: - case ns_t_px: - case ns_t_gpos: - case ns_t_aaaa: - case ns_t_loc: - case ns_t_eid: - case ns_t_nimloc: - case ns_t_srv: - case ns_t_atma: - case ns_t_naptr: - case ns_t_kx: - case ns_t_dname: - case ns_t_sink: - escape = 0; - break; - case ns_t_opt: - case ns_t_tkey: - case ns_t_tsig: - case ns_t_ixfr: - case ns_t_axfr: - case ns_t_mailb: - case ns_t_maila: - case ns_t_any: - case ns_t_zxfr: - escape = 0; - ns_info(ns_log_load, - "%s: Line %d: meta type: %s.", - filename, lineno, p_type(type)); - errs++; - break; - case ns_t_a6: /* not implemented */ - default: - escape = 1; - break; - } - if (!getword(buf, sizeof buf, fp, escape)) - break; - ns_debug(ns_log_load, 3, - "d='%s', c=%d, t=%d, ttl=%u, data='%s'", - domain, class, type, ttl, buf); - /* - * Convert the ascii data 'buf' to the proper format - * based on the type and pack into 'data'. - */ - dont_get_word: - switch (type) { - case ns_t_a: - if (!inet_aton(buf, &ina)) - ERRTO("IP Address"); - (void) ina_put(ina, data); - n = NS_INT32SZ; - break; - - case ns_t_soa: - context = hostname_ctx; - goto soa_rp_minfo; - case ns_t_rp: - case ns_t_minfo: - context = mailname_ctx; - /* FALLTHROUGH */ - soa_rp_minfo: - (void) strcpy((char *)data, buf); - - MAKENAME_OK((char *)data); - cp = (char *)(data + strlen((char *)data) + 1); - if (!getword(cp, - (sizeof data) - - (cp - (char*)data), - fp, 1)) - ERRTO("Domain Name"); - if (type == ns_t_rp) - context = domain_ctx; - else - context = mailname_ctx; - MAKENAME_OK(cp); - cp += strlen((char *)cp) + 1; - if (type != ns_t_soa) { - n = cp - (char *)data; - break; - } - if (ns_samename(zp->z_origin, domain) != 1) { - errs++; - ns_error(ns_log_load, - "%s:%d: SOA for \"%s\" not at zone top \"%s\"", - filename, lineno, domain, - zp->z_origin); - } - c = getnonblank(fp, filename, 0); - if (c == '(') { - multiline = 1; - } else { - multiline = 0; - ungetc(c, fp); - } - serial = zp->z_serial; - zp->z_serial = getnum(fp, filename, - GETNUM_SERIAL, - &multiline); - if (getnum_error) - errs++; - n = (u_int32_t) zp->z_serial; - PUTLONG(n, cp); - if (serial != 0 && - SEQ_GT(serial, zp->z_serial)) { - ns_notice(ns_log_load, - "%s:%d: WARNING: new serial number < old (%lu < %lu)", - filename , lineno, - (unsigned long)zp->z_serial, - (unsigned long)serial); - } - if (getttl(fp, filename, lineno, &n, - &multiline) <= 0) { - errs++; - n = INIT_REFRESH; - } - PUTLONG(n, cp); - zp->z_refresh = RANGE(n, MIN_REFRESH, - MAX_REFRESH); - if (zp->z_type == Z_SECONDARY -#if defined(STUBS) - || zp->z_type == Z_STUB -#endif - ) { - ns_refreshtime(zp, MIN(sb.st_mtime, - tt.tv_sec)); - sched_zone_maint(zp); - } -#ifdef BIND_UPDATE - if ((zp->z_type == Z_PRIMARY) && - (zp->z_flags & Z_DYNAMIC)) - if ((u_int32_t)zp->z_soaincrintvl > - zp->z_refresh/3) { - ns_info(ns_log_load, - "zone soa update time truncated to 1/3rd of refresh time"); - zp->z_soaincrintvl = - zp->z_refresh / 3; - } -#endif - - if (getttl(fp, filename, lineno, &n, - &multiline) <= 0) { - errs++; - n = INIT_REFRESH; - } - PUTLONG(n, cp); - zp->z_retry = RANGE(n, MIN_RETRY, MAX_RETRY); - if (getttl(fp, filename, lineno, - &n, &multiline) <= 0) { - errs++; - n = INIT_REFRESH; - } - PUTLONG(n, cp); - zp->z_expire = RANGE(n, zp->z_refresh, - MAX_EXPIRE); - if (getttl(fp, filename, lineno, &n, - &multiline) <= 0) { - errs++; - n = 120; - } - PUTLONG(n, cp); - if (n > MAXIMUM_TTL) { - ns_info(ns_log_load, - "%s: Line %d: SOA minimum TTL > %u; converted to 0", - filename, lineno, MAXIMUM_TTL); - zp->z_minimum = 0; - } else - zp->z_minimum = n; - if (ttl == USE_MINIMUM) - ttl = n; - n = cp - (char *)data; - if (multiline) { - buf[0] = getnonblank(fp, filename, 1); - buf[1] = '\0'; - if (buf[0] != ')') - ERRTO("SOA \")\""); - multiline = 0; - endline(fp); - } - read_soa++; - if (zp->z_type == Z_PRIMARY) - fixup_soa(filename, zp); - break; - - case ns_t_wks: - /* Address */ - if (!inet_aton(buf, &ina)) - ERRTO("WKS IP Address"); - (void) ina_put(ina, data); - /* Protocol */ - data[INADDRSZ] = getprotocol(fp, filename); - /* Services */ - n = getservices(NS_INT32SZ + sizeof(char), - (char *)data, fp, filename); - break; - - case ns_t_ns: - if (ns_samename(zp->z_origin, domain) == 1) - read_ns++; - context = hostname_ctx; - goto cname_etc; - case ns_t_cname: - case ns_t_mb: - case ns_t_mg: - case ns_t_mr: - context = domain_ctx; - goto cname_etc; - case ns_t_ptr: - context = ns_ptrcontext(domain); - cname_etc: - (void) strcpy((char *)data, buf); - MAKENAME_OK((char *)data); - n = strlen((char *)data) + 1; - break; - - case ns_t_naptr: - /* Order Preference Flags Service Replacement Regexp */ - n = 0; - cp = buf; - /* Order */ - while (isdigit(*cp)) - n = n * 10 + (*cp++ - '0'); - /* catch bad values */ - if (cp == buf || n > 65535) - ERRTO("NAPTR Order"); - cp = (char *)data; - PUTSHORT((u_int16_t)n, cp); - - /* Preference */ - n = getnum(fp, filename, GETNUM_NONE, - &multiline); - if (getnum_error || n > 65536) - ERRTO("NAPTR Preference"); - PUTSHORT((u_int16_t)n, cp); - - /* Flags */ - if (!getword(buf, sizeof buf, fp, 0)) - ERRTO("NAPTR Flags"); - n = strlen(buf); - if (n > 255) - ERRTO("NAPTR Flags too big"); - *cp++ = n; - memcpy(cp, buf, (int)n); - cp += n; - - /* Service Classes */ - if (!getword(buf, sizeof buf, fp, 0)) - ERRTO("NAPTR Service Classes"); - n = strlen(buf); - if (n > 255) - ERRTO("NAPTR Service Classes too big"); - *cp++ = n; - memcpy(cp, buf, (int)n); - cp += n; - - /* Pattern */ - if (!getword(buf, sizeof buf, fp, 0)) - ERRTO("NAPTR Pattern"); - n = strlen(buf); - if (n > 255) - ERRTO("NAPTR Pattern too big"); - *cp++ = n; - memcpy(cp, buf, (int)n); - cp += n; - - /* Replacement */ - if (!getword(buf, sizeof buf, fp, 1)) - ERRTO("NAPTR Replacement"); - n = strlen(buf); - if (n > data_size - ((u_char *)cp - data)) - ERRTO("NAPTR Replacement too big"); - (void) strcpy((char *)cp, buf); - context = domain_ctx; - MAKENAME_OK(cp); - /* advance pointer to end of data */ - cp += strlen((char *)cp) +1; - - /* now save length */ - n = (cp - (char *)data); - break; - - - case ns_t_mx: - case ns_t_afsdb: - case ns_t_rt: - case ns_t_srv: - n = 0; - cp = buf; - while (isdigit(*cp)) - n = n * 10 + (*cp++ - '0'); - /* catch bad values */ - if ((cp == buf) || (n > 65535)) - ERRTO("Priority"); - cp = (char *)data; - PUTSHORT((u_int16_t)n, cp); - - if (type == ns_t_srv) { - n = getnum(fp, filename, GETNUM_NONE, - &multiline); - if (getnum_error || n > 65536) - ERRTO("SRV RR"); - PUTSHORT((u_int16_t)n, cp); - - n = getnum(fp, filename, GETNUM_NONE, - &multiline); - if (getnum_error || n > 65536) - ERRTO("SRV RR"); - PUTSHORT((u_int16_t)n, cp); - } - - if (!getword(buf, sizeof buf, fp, 1)) - ERRTO("Domain Name"); - (void) strcpy((char *)cp, buf); - context = hostname_ctx; - MAKENAME_OK(cp); - /* advance pointer to end of data */ - cp += strlen((char *)cp) +1; - - /* now save length */ - n = (cp - (char *)data); - break; - - case ns_t_px: - context = domain_ctx; - n = 0; - data[0] = '\0'; - cp = buf; - while (isdigit(*cp)) - n = n * 10 + (*cp++ - '0'); - /* catch bad values */ - if ((cp == buf) || (n > 65535)) - ERRTO("PX Priority"); - cp = (char *)data; - PUTSHORT((u_int16_t)n, cp); - - if (!getword(buf, sizeof buf, fp, 0)) - ERRTO("PX Domain1"); - (void) strcpy((char *)cp, buf); - MAKENAME_OK(cp); - /* advance pointer to next field */ - cp += strlen((char *)cp) + 1; - if (!getword(buf, sizeof buf, fp, 0)) - ERRTO("PX Domain2"); - (void) strcpy((char *)cp, buf); - MAKENAME_OK(cp); - /* advance pointer to end of data */ - cp += strlen((char *)cp) + 1; - - /* now save length */ - n = (cp - (char *)data); - break; - - case ns_t_hinfo: - n = getcharstring(buf, (char *)data, type, - 2, 2, fp, filename); - if (n == 0) - ERRTO("HINFO RR"); - break; - - case ns_t_isdn: - n = getcharstring(buf, (char *)data, type, - 1, 2, fp, filename); - if (n == 0) - ERRTO("ISDN RR"); - break; - - case ns_t_txt: - n = getcharstring(buf, (char *)data, type, - 1, 0, fp, filename); - if (n == 0) - ERRTO("TXT RR"); - break; - - - case ns_t_x25: - n = getcharstring(buf, (char *)data, type, - 1, 1, fp, filename); - if (n == 0) - ERRTO("X25 RR"); - break; - - case ns_t_nsap: - if (buf[0] != '0' || - (buf[1] != 'x' && buf[1] != 'X')) - ERRTO("NSAP RR: no leading 0x"); - n = inet_nsap_addr(buf, (u_char *)data, - sizeof data); - if (n == 0) - ERRTO("NSAP RR"); - endline(fp); - break; - - case ns_t_aaaa: - if (inet_pton(AF_INET6, buf, data) <= 0) - ERRTO("IPv4 Address"); - n = NS_IN6ADDRSZ; - endline(fp); - break; - - case ns_t_nxt: - case ns_t_key: - case ns_t_cert: - case ns_t_sig: { - const char *errmsg = NULL; - int ret; - if (ttl == USE_MINIMUM) /* no ttl set */ - ttl = 0; - ret = parse_sec_rdata(buf, sizeof(buf), 0, - data, sizeof(data), - fp, zp, domain, ttl, - type, domain_ctx, - transport, &errmsg); - if (ret < 0) { - errtype = errmsg; - goto err; - } - else - n = ret; - break; - } - - - case ns_t_loc: - cp = buf + (n = strlen(buf)); - *cp = ' '; - cp++; - n++; - while ((i = getc(fp), *cp = i, i != EOF) - && *cp != '\n' - && (n < MAXDATA)) { - cp++; n++; - } - if (*cp == '\n') /* leave \n for getword */ - ungetc(*cp, fp); - *cp = '\0'; - /* now process the whole line */ - n = loc_aton(buf, (u_char *)data); - if (n == 0) - goto err; - endline(fp); - break; - - default: - if (strcmp(buf, "\\#") != 0) - goto err; - if (!getword(buf, sizeof buf, fp, 0) || - !isdigit((unsigned char)buf[0])) - ERRTO("opaque length"); - errno = 0; - n = strtoul(buf, &cp, 10); - if (errno != 0 || n > 0xffff || *cp != '\0') - ERRTO("opaque length"); - multiline = 0; - i = isc_gethexstring(data, sizeof(data), n, fp, - &multiline); - if (i == -1) - ERRTO("opaque data read failed"); - if (multiline) { - buf[0] = getnonblank(fp, filename, 1); - buf[1] = '\0'; - if (buf[0] != ')') - ERRTO("\")\" expected"); - multiline = 0; - } - endline(fp); - } - /* - * Ignore data outside the zone. - */ - if (zp->z_type != Z_CACHE && - !ns_samedomain(domain, zp->z_origin)) - { - ns_info(ns_log_load, - "%s:%d: data \"%s\" outside zone \"%s\" (ignored)", - filename, lineno, domain, - zp->z_origin); - continue; - } - if (ttl == USE_MINIMUM) /* no ttl set */ - ttl = 0; - dp = savedata(class, type, (u_int32_t)ttl, - (u_char *)data, (int)n); - dp->d_zone = zp - zones; - dp->d_flags = dataflags; - dp->d_cred = DB_C_ZONE; - dp->d_clev = clev; - c = db_set_update(domain, dp, &state, dbflags, - (dataflags & DB_F_HINT) != 0 ? - &fcachetab : &hashtab, - empty_from, &rrcount, lineno, - filename); - if (c == CNAMEANDOTHER || c == NONGLUE) - errs++; - db_detach(&dp); - continue; - - case ERRTOK: - break; - } - err: - errs++; - ns_notice(ns_log_load, "%s:%d: %s error near (%s)", - filename, empty_token ? (lineno - 1) : lineno, - errtype, buf); - if (!empty_token) - endline(fp); - } - c = db_set_update(NULL, NULL, &state, dbflags, - (dataflags & DB_F_HINT) ? &fcachetab : &hashtab, - empty_from, &rrcount, lineno, filename); - if (c != OK) { - if (c == CNAMEANDOTHER || c == NONGLUE) - errs++; - } - - (void) my_fclose(fp); - lineno = slineno; - if (!ininclude) { - if (didinclude) { - zp->z_flags |= Z_INCLUDE; - zp->z_ftime = 0; - } else - zp->z_ftime = sb.st_mtime; - zp->z_lastupdate = sb.st_mtime; - if (zp->z_type != Z_CACHE && zp->z_type != Z_HINT) { - const char *msg = NULL; - - if (read_soa == 0) - msg = "no SOA RR found"; - else if (read_soa != 1) - msg = "multiple SOA RRs found"; - else if (read_ns == 0) - msg = "no NS RRs found at zone top"; - else if (!rrcount) - msg = "no relevant RRs found"; - if (msg != NULL) { - errs++; - ns_warning(ns_log_load, - "Zone \"%s\" (file %s): %s", - zp->z_origin, filename, msg); - } - } - errs += purge_nonglue(zp, (dataflags & DB_F_HINT) ? fcachetab : - hashtab, zp->z_type == z_master); - cleanup: - while (filenames) { - fn = filenames; - filenames = filenames->next; - fn->name = freestr(fn->name); - memput(fn, sizeof *fn); - } - if (errs != 0) { - if (errs != -1) - ns_error(ns_log_load, - "%s zone \"%s\" (%s) rejected due to errors (serial %u)", - zoneTypeString(zp->z_type), - zp->z_origin, - p_class(zp->z_class), zp->z_serial); - if ((zp->z_flags & Z_NOTIFY) != 0) - ns_stopnotify(zp->z_origin, zp->z_class); - do_reload(zp, loading); - } else - ns_info(ns_log_load, - "%s zone \"%s\" (%s) loaded (serial %u)", - zoneTypeString(zp->z_type), zp->z_origin, - p_class(zp->z_class), zp->z_serial); - } - if (errs != 0) { - zp->z_flags |= Z_DB_BAD; - zp->z_ftime = 0; - } -#ifdef BIND_NOTIFY - if (errs == 0 && (!ininclude) && (initial_configuration == 0 || - !NS_OPTION_P(OPTION_SUPNOTIFY_INITIAL)) && - (zp->z_type == z_master || zp->z_type == z_slave)) - ns_notify(zp->z_origin, zp->z_class, ns_t_soa); -#endif - return (errs); -} - -void -db_err(int err, char *domain, int type, const char *filename, int lineno) { - if (filename != NULL && err == CNAMEANDOTHER) - ns_warning(ns_log_load, "%s:%d:%s: CNAME and OTHER data error", - filename, lineno, domain); - if (err != DATAEXISTS) - ns_debug(ns_log_load, 1, "update failed %s %d", - domain, type); -} - -static int -gettoken(FILE *fp, const char *src) { - int c; - char op[32]; - - for (;;) { - c = getc(fp); - top: - switch (c) { - case EOF: - return (EOF); - - case '$': - if (getword(op, sizeof op, fp, 0)) { - if (!strcasecmp("include", op)) - return (INCLUDE); - if (!strcasecmp("origin", op)) - return (ORIGIN); - if (!strcasecmp("generate", op)) - return (GENERATE); - if (!strcasecmp("ttl", op)) - return (DEFAULTTTL); - } - ns_notice(ns_log_db, - "%s:%d: Unknown $ option: $%s", - src, lineno, op); - return (ERRTOK); - - case ';': - while ((c = getc(fp)) != EOF && c != '\n') - ; - goto top; - - case ' ': - case '\t': - return (CURRENT); - - case '.': - return (DOT); - - case '@': - return (AT); - - case '\n': - lineno++; - continue; - - case '\r': - if (NS_OPTION_P(OPTION_TREAT_CR_AS_SPACE) != 0) - return (CURRENT); - - default: - (void) ungetc(c, fp); - return (DNAME); - } - } -} - -/* int - * getword(buf, size, fp, preserve) - * get next word, skipping blanks & comments. - * '\' '\n' outside of "quotes" is considered a blank. - * parameters: - * buf - destination - * size - of destination - * fp - file to read from - * preserve - should we preserve \ before \\ and \.? - * if preserve == 2, then keep all \ - * return value: - * 0 = no word; perhaps EOL or EOF; lineno was incremented. - * 1 = word was read - */ -int -getword(char *buf, size_t size, FILE *fp, int preserve) { - char *cp = buf; - int c, spaceok, once; - - empty_token = 0; /* XXX global side effect. */ - once = 0; - while ((c = getc(fp)) != EOF) { - once++; - if (c == ';') { - /* Comment. Skip to end of line. */ - while ((c = getc(fp)) != EOF && c != '\n') - (void)NULL; - c = '\n'; - } - if (c == '\n') { - /* - * Unescaped newline. It's a terminator unless we're - * already midway into a token. - */ - if (cp != buf) - ungetc(c, fp); - else - lineno++; - break; - } - if (c == '"') { - /* "Quoted string." Gather the whole string here. */ - while ((c = getc(fp)) != EOF && c!='"' && c!='\n') { - if (c == '\\') { - if ((c = getc(fp)) == EOF) - c = '\\'; - if (preserve) - switch (c) { - default: - if (preserve == 1) - break; - case '\\': - case '.': - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - if (cp >= buf+size-1) - break; - *cp++ = '\\'; - } - if (c == '\n') - lineno++; - } - if (cp >= buf+size-1) - break; - *cp++ = c; - } - /* - * Newline string terminators are - * not token terminators. - */ - if (c == '\n') { - lineno++; - break; - } - /* Sample following character, check for terminator. */ - if ((c = getc(fp)) != EOF) - ungetc(c, fp); - if (c == EOF || isspace(c)) { - *cp = '\0'; - return (1); - } - continue; - } - spaceok = 0; - if (c == '\\') { - /* Do escape processing. */ - if ((c = getc(fp)) == EOF) - c = '\\'; - if (preserve) - switch (c) { - default: - if (preserve == 1) - break; - case '\\': - case '#': - case '.': - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - if (cp >= buf+size-1) - break; - *cp++ = '\\'; - } - if (c == ' ' || c == '\t') - spaceok++; - } - if (isspace(c) && !spaceok) { - /* Blank of some kind. Skip run. */ - while (isspace(c = getc(fp)) && c != '\n') - (void)NULL; - ungetc(c, fp); - /* Blank means terminator if the token is nonempty. */ - if (cp != buf) /* Trailing whitespace */ - break; - continue; /* Leading whitespace */ - } - if (cp >= buf + size - 1) - break; - *cp++ = (char)c; - } - *cp = '\0'; - if (cp == buf) - empty_token = 1; - if (!once) - lineno++; - return (cp != buf); -} - -/* - * int - * getttl(fp, fn, ln, ttl, multiline) - * read a word from the file and parse it as a TTL. - * return: - * 1 ttl found - * 0 word not read (EOF or EOL?) - * -1 word read but it wasn't a ttl - * side effects: - * *ttl is written if the return value is to be 1. - */ -int -getttl(FILE *fp, const char *fn, int lineno, u_int32_t *ttl, int *multiline) { - char buf[MAXDATA]; - u_long tmp; - int ch; - int len; - - while (!feof(fp) && !getword(buf, sizeof buf, fp, 0) && *multiline) - (void)NULL; - len = strlen(buf); - if (*multiline && len && buf[len-1] == ')') { - buf[len-1] = '\0'; - *multiline = 0; - } - if (ns_parse_ttl(buf, &tmp) < 0) { - ns_notice(ns_log_db, "%s:%d: expected a TTL, got \"%s\"", - fn, lineno, buf); - return (-1); - } - if (*multiline) { - ch = getnonblank(fp, fn, 1); - if (ch == EOF) - return (-1); - if (ch == ';') - endline(fp); - else - ungetc(ch, fp); - } - *ttl = (u_int32_t)tmp; - return (1); -} - -/* Get multiline words. Same parameters as getword. Handles any - number of leading ('s or )'s in the words it sees. - FIXME: We kludge recognition of ( and ) for multiline input. - Each paren must appear at the start of a (blank-separated) word, - which is particularly counter-intuitive for ). Good enough for now, - until Paul rewrites the parser. (gnu@toad.com, oct96) -*/ -static int -getmlword(char *buf, size_t size, FILE *fp, int preserve) { - char *p; - - do { - while (!getword (buf, size, fp, preserve)) { - /* No more words on this line. See if doing the - multiline thing. */ - if (!getmlword_nesting) { /* Nope... */ - ungetc('\n', fp); /* Push back newline */ - lineno--; /* Unbump the lineno */ - empty_token = 0; /* Undo this botch */ - return 0; - } - if (feof(fp) || ferror(fp)) - return 0; /* Error, no terminating ')' */ - /* Continue reading til we get a word... */ - } - while ('(' == *buf) { - /* Word starts with paren. Multiline mode. - Move the rest of the word down over the paren. */ - getmlword_nesting++; - p = buf; - while (0 != (p[0]=p[1])) p++; - } - while (')' == *buf) { - getmlword_nesting--; - p = buf; - while (0 != (p[0]=p[1])) p++; - } - } while (buf[0] == 0); /* loop til we get a non-( non-) word */ - - return 1; /* Got a word... */ -} - -/* Get all the remaining words on a line, concatenated into one big - long (not too long!) string, with the whitespace squeezed out. - This routine, like getword(), does not swallow the newline if words seen. - This routine, unlike getword(), never swallows the newline if no words. - Parameters are the same as getword(). Result is: - 0 got no words at all - 1 got one or more words - -1 got too many words, they don't all fit; or missing close paren -*/ -static int -getallwords(char *buf, size_t size, FILE *fp, int preserve) { - char *runningbuf = buf; - int runningsize = size; - int len; - - while (runningsize > 0) { - if (!getmlword (runningbuf, runningsize, fp, preserve)) { - return runningbuf!=buf; /* 1 or 0 */ - } - len = strlen(runningbuf); - runningbuf += len; - runningsize -= len; - } - return -1; /* Error, String too long */ -} - -int -getnum(FILE *fp, const char *src, int opt, int *multiline) { - int c, n; - int seendigit = 0; - int seendecimal = 0; - int m = 0; - int allow_dots = 0; - - getnum_error = 0; -#ifdef DOTTED_SERIAL - if (opt & GETNUM_SERIAL) - allow_dots++; -#endif - for (n = 0; (c = getc(fp)) != EOF; ) { - if (isspace(c)) { - if (c == '\n') { - if (*multiline) - lineno++; - else if (!seendigit) - goto eol; - } - if (seendigit) - break; - continue; - } - if (c == ';') { - while ((c = getc(fp)) != EOF && c != '\n') - ; - if (c == '\n') { - if (*multiline) - lineno++; - else if (!seendigit) - goto eol; - } - if (seendigit) - break; - continue; - } - if (getnum_error) - continue; - if (!isdigit(c)) { - if (c == ')' && seendigit) { - (void) ungetc(c, fp); - break; - } - if (seendigit && (opt & GETNUM_SCALED) && - strchr("KkMmGg", c) != NULL) { - switch (c) { - case 'K': case 'k': - n *= 1024; - break; - case 'M': case 'm': - n *= (1024 * 1024); - break; - case 'G': case 'g': - n *= (1024 * 1024 * 1024); - break; - } - break; - } - if (seendecimal || c != '.' || !allow_dots) { - ns_notice(ns_log_db, - "%s:%d: expected a number", - src, lineno); - getnum_error = 1; - } else { - if (!seendigit) - n = 1; -#ifdef SENSIBLE_DOTS - n *= 10000; -#else - n *= 1000; -#endif - seendigit = 1; - seendecimal = 1; - } - continue; - } -#ifdef SENSIBLE_DOTS - if (seendecimal) - m = m * 10 + (c - '0'); - else - n = n * 10 + (c - '0'); -#else - n = n * 10 + (c - '0'); -#endif - seendigit = 1; - } - if (getnum_error) - return (0); - if (m > 9999) { - ns_info(ns_log_db, - "%s:%d: number after the decimal point exceeds 9999", - src, lineno); - getnum_error = 1; - return (0); - } - if (seendecimal) { - ns_info(ns_log_db, - "%s:%d: decimal serial number interpreted as %d", - src, lineno, n+m); - } - return (n + m); - - eol: - ns_error(ns_log_db, "%s:%d: unexpected end of line", src, lineno); - getnum_error = 1; - (void) ungetc(c, fp); - return (0); -} - -#ifndef BIND_UPDATE -static -#endif -int -getnonblank(FILE *fp, const char *src, int multiline) { - int c; - - while ((c = getc(fp)) != EOF) { - if (isspace(c)) { - if (c == '\n') { - if (multiline) - lineno++; - else - goto eol; - } - continue; - } - if (c == ';') { - while ((c = getc(fp)) != EOF && c != '\n') - ; - if (c == '\n') { - if (multiline) - lineno++; - else - goto eol; - } - continue; - } - return (c); - } - ns_info(ns_log_db, "%s:%d: unexpected EOF", src, lineno); - return (EOF); - eol: - ns_error(ns_log_db, "%s:%d: unexpected end of line", src, lineno); - /* don't ungetc(c, fp); as the caller will do this. */ - return(c); -} - -/* - * Replace all single "$"'s in "name" with "it". - * ${delta} will add delta to "it" before printing. - * ${delta,width} will change print width as well, zero fill is implied - * ${delta,width,radix} will change radix as well, can be d, o, x, X. - * i.e. ${0,2,X} will produce a two digit hex (upper case) with zero fill. - * Append "origin" to name if required and validate result with makename. - * To get a "$" or "{" in the output use \ before it. - * Return 0 on no error or -1 on error. - * Resulting name stored in "buf". - */ - -static int -genname(char *name, int it, const char *origin, char *buf, int size) { - char *bp = buf; - char *eom = buf + size; - char *cp; - char numbuf[32]; - char fmt[32]; - int delta = 0; - int width; - - while (*name) { - if (*name == '$') { - if (*(++name) == '$') { - /* should be deprecated. how? */ - if (bp >= eom) - return (-1); - *bp++ = *name++; - } else { - strcpy(fmt, "%d"); - if (*name == '{') { - switch (sscanf(name, "{%d,%d,%1[doxX]}", &delta, &width, numbuf)) { - case 1: - break; - case 2: - sprintf(fmt, "%%0%dd", width); - break; - case 3: - sprintf(fmt, "%%0%d%c", width, numbuf[0]); - break; - default: - return (-1); - } - while (*name && *name++ != '}') { - continue; - } - } - sprintf(numbuf, fmt, it + delta); - cp = numbuf; - while (*cp) { - if (bp >= eom) - return (-1); - *bp++ = *cp++; - } - } - } else if (*name == '\\') { - if (*(++name) == '\0') { - if (bp >= eom) - return (-1); - *bp++ = '\\'; - } else { - switch (*name) { - case '\\': - case '.': - case '0': - case '1': - case '2': - case '3': - case '4': - case '5': - case '6': - case '7': - case '8': - case '9': - if (bp >= eom) - return (-1); - *bp++ = '\\'; - default: - if (bp >= eom) - return (-1); - *bp++ = *name++; - } - } - } else { - if (bp >= eom) - return (-1); - *bp++ = *name++; - } - } - if (bp >= eom) - return (-1); - *bp = '\0'; - return (origin == NULL ? 0 : makename(buf, origin, size)); -} - - -/* - * Take name and fix it according to following rules: - * "." means root. - * "@" means current origin. - * "name." means no changes. - * "name" means append origin. - */ -int -makename(char *name, const char *origin, int size) { - int n; - u_char domain[MAXCDNAME]; - - switch (ns_name_pton(name, domain, sizeof(domain))) { - case -1: - return (-1); - case 1: /* FULLY QUALIFIED */ - break; - case 0: /* UNQUALIFIED */ - if (strcmp(name, "@") == 0) /* must test raw name */ - domain[0] = 0; - if ((n = dn_skipname(domain, domain+sizeof(domain))) == -1) - return (-1); - /* step back over root, append origin */ - switch (ns_name_pton(origin, domain+n-1, sizeof(domain)-n+1)) { - case -1: - return (-1); - case 0: - case 1: - break; - } - break; - } - if (ns_name_ntop(domain, name, size) == -1) - return (-1); - if (name[0] == '.') /* root */ - name[0] = '\0'; - return (0); -} - -int -makename_ok(char *name, const char *origin, int class, struct zoneinfo *zp, - enum transport transport, enum context context, - const char *owner, const char *filename, int lineno, int size) -{ - int ret = 1; - - if (makename(name, origin, size) == -1) { - ns_info(ns_log_db, "%s:%d: makename failed", - filename, lineno); - return (0); - } - if (!ns_nameok(NULL, name, class, zp, transport, context, owner, - inaddr_any)) { - ns_info(ns_log_db, "%s:%d: database naming error", - filename, lineno); - ret = 0; - } - return (ret); -} - -void -endline(FILE *fp) { - int c; - - while ((c = getc(fp)) != '\0') { - if (c == '\n') { - (void) ungetc(c,fp); - break; - } else if (c == EOF) { - break; - } - } -} - -#define MAXPORT 1024 -#define MAXLEN 24 - -#ifndef BIND_UPDATE -static -#endif -char -getprotocol(FILE *fp, const char *src) { - int k; - char b[MAXLEN]; - - (void) getword(b, sizeof(b), fp, 0); - - k = protocolnumber(b); - if (k == -1) - ns_info(ns_log_db, "%s:%d: unknown protocol: %s.", - src, lineno, b); - return ((char) k); -} - -#ifndef BIND_UPDATE -static -#endif -int -getservices(int offset, char *data, FILE *fp, const char *src) { - int j, ch, k, maxl, bracket; - char bm[MAXPORT/8]; - char b[MAXLEN]; - - for (j = 0; j < MAXPORT/8; j++) - bm[j] = 0; - maxl = 0; - bracket = 0; - while (getword(b, sizeof(b), fp, 0) || bracket) { - if (feof(fp) || ferror(fp)) - break; - if (strlen(b) == 0) - continue; - if (b[0] == '(') { - bracket++; - continue; - } - if (b[0] == ')') { - bracket = 0; - while ((ch = getc(fp)) != EOF && ch != '\n') - (void)NULL; - if (ch == '\n') - lineno++; - break; - } - k = servicenumber(b); - if (k == -1) { - ns_info(ns_log_db, - "%s:%d: Unknown service '%s'", - src, lineno, b); - continue; - } - if ((k < MAXPORT) && (k)) { - bm[k/8] |= (0x80>>(k%8)); - if (k > maxl) - maxl = k; - } else { - ns_info(ns_log_db, - "%s:%d: port no. (%d) too big", - src, lineno, k); - } - } - if (bracket) - ns_info(ns_log_db, "%s:%d: missing close paren", - src, lineno); - maxl = maxl/8+1; - memcpy(data+offset, bm, maxl); - return (maxl+offset); -} - -/* - * Converts a word to a u_int32_t. Error if any non-numeric - * characters in the word, except leading or trailing white space. - */ -static u_int32_t -wordtouint32(buf) - char *buf; -{ - u_long result; - u_int32_t res2; - char *bufend; - - wordtouint32_error = 0; - result = strtoul(buf, &bufend, 0); - if (bufend == buf) - wordtouint32_error = 1; - else - while ('\0' != *bufend) { - if (isspace(*bufend)) - bufend++; - else { - wordtouint32_error = 1; - break; - } - } - /* Check for truncation between u_long and u_int32_t */ - res2 = result; - if (res2 != result) - wordtouint32_error = 1; - return (res2); -} - -static int -getcharstring(char *buf, char *data, int type, - int minfields, int maxfields, - FILE *fp, const char *src) -{ - int nfield = 0, done = 0, n = 0, i; - char *b = buf; - - do { - nfield++; - i = strlen(buf); -#ifdef ALLOW_LONG_TXT_RDATA - b = buf; - if (type == ns_t_txt || type == ns_t_x25) { - while (i > MAXCHARSTRING - && n + MAXCHARSTRING + 1 < MAXDATA) { - data[n] = (char)MAXCHARSTRING; - memmove(data + n + 1, b, MAXCHARSTRING); - n += MAXCHARSTRING + 1; - b += MAXCHARSTRING; - i -= MAXCHARSTRING; - } - } -#endif /* ALLOW_LONG_TXT_RDATA */ - if (i > MAXCHARSTRING) { - ns_info(ns_log_db, - "%s:%d: RDATA field %d too long", - src, lineno -1, nfield); - return (0); - } - if (n + i + 1 > MAXDATA) { - ns_info(ns_log_db, - "%s:%d: total RDATA too long", - src, lineno -1); - return (0); - } - data[n] = i; - memmove(data + n + 1, b, (int)i); - n += i + 1; - done = (maxfields && nfield >= maxfields); - } while (!done && getword(buf, MAXDATA, fp, 0)); - - if (nfield < minfields) { - ns_info(ns_log_db, - "%s:%d: expected %d RDATA fields, only saw %d", - src, lineno -1, minfields, nfield); - return (0); - } - - if (done) - endline(fp); - - return (n); -} - - -/* - * get_nxt_types(): Read the list of types in the NXT record. - * - * Data is the array where the bit flags are stored; it must - * contain at least ns_t_any/NS_NXT_BITS bytes. - * FP is the input FILE *. - * Filename is the sourcefile - * - * The result is how many bytes are significant in the result. - * ogud@tis.com 1995 - */ -static int -get_nxt_types(u_char *data, FILE *fp, const char *filename) { - char b[MAXLABEL]; /* Not quite the right size, but good enough */ - int maxtype=0; - int success; - int type; - int errs = 0; - - memset(data, 0, NS_NXT_MAX/NS_NXT_BITS+1); - - while (getmlword(b, sizeof(b), fp, 0)) { - if (feof(fp) || ferror(fp)) - break; - if (strlen(b) == 0 || b[0] == '\n') - continue; - - /* Parse RR type (A, MX, etc) */ - type = res_nametotype((char *)b, &success); - if ((!success) || type == ns_t_any) { - errs++; - ns_info(ns_log_db, - "%s: Line %d: Unknown type: %s in NXT record.", - filename, lineno, b); - continue; - } - NS_NXT_BIT_SET(type, data); - if (type > maxtype) - maxtype = type; - } - if (errs) - return (0); - else - return (maxtype/NS_NXT_BITS+1); -} - -/* sanity checks PRIMARY ONLY */ -static void -fixup_soa(const char *fn, struct zoneinfo *zp) { - /* Sanity: give enough time for the zone to transfer (retry). */ - if (zp->z_expire < (zp->z_refresh + zp->z_retry)) - ns_notice(ns_log_db, - "%s: WARNING SOA expire value is less than SOA refresh+retry (%u < %u+%u)", - fn, zp->z_expire, zp->z_refresh, zp->z_retry); - - /* Sanity. */ - if (zp->z_expire < (zp->z_refresh + 10 * zp->z_retry)) - ns_warning(ns_log_db, -"%s: WARNING SOA expire value is less than refresh + 10 * retry \ -(%u < (%u + 10 * %u))", - fn, zp->z_expire, zp->z_refresh, zp->z_retry); - - /* - * Sanity: most hardware/telco faults are detected and fixed within - * a week, secondaries should continue to operate for this time. - * (minimum of 4 days for long weekends) - */ - if (zp->z_expire < (7 * 24 * 3600)) - ns_warning(ns_log_db, - "%s: WARNING SOA expire value is less than 7 days (%u)", - fn, zp->z_expire); - - /* - * Sanity: maximum down time if we havn't talked for six months - * war must have broken out. - */ - if (zp->z_expire > ( 183 * 24 * 3600)) - ns_warning(ns_log_db, - "%s: WARNING SOA expire value is greater than 6 months (%u)", - fn, zp->z_expire); - - /* Sanity. */ - if (zp->z_refresh < (zp->z_retry * 2)) - ns_warning(ns_log_db, - "%s: WARNING SOA refresh value is less than 2 * retry (%u < %u * 2)", - fn, zp->z_refresh, zp->z_retry); -} - -/* this function reads in the sig record rdata from the input file and - * returns the following codes - * > 0 length of the recrod - * ERR_EOF end of file - * - */ - -static int -parse_sig_rr(char *buf, int buf_len, u_char *data, int data_size, - FILE *fp, struct zoneinfo *zp, char *domain, u_int32_t ttl, - enum context domain_ctx, enum transport transport, - const char **errmsg) -{ -/* The SIG record looks like this in the db file: - Name Cl SIG RRtype Algid [OTTL] Texp Tsig Kfoot Signer Sig - - where: Name and Cl are as usual - SIG is a keyword - RRtype is a char string - ALGid is 8 bit u_int - Labels is 8 bit u_int - OTTL is 32 bit u_int (optionally present) - Texp is YYYYMMDDHHMMSS - Tsig is YYYYMMDDHHMMSS - Kfoot is 16-bit unsigned decimal integer - Signer is a char string - Sig is 64 to 319 base-64 digits - A missing OTTL is detected by the magnitude of the Texp value - that follows it, which is larger than any u_int. - The Labels field in the binary RR does not appear in the - text RR. - - It's too crazy to run these pages of SIG code at the right - margin. I'm exdenting them for readability. -*/ - u_int32_t sig_type; - int dateerror; - int siglen, success; - u_char *cp; - u_int32_t al, la, n; - u_int32_t signtime, exptime, timetilexp; - u_int32_t origTTL; - enum context context; - time_t now; - const char *errtype = "SIG error"; - int i, my_buf_size = MAXDATA, errs = 0; - - - /* The TTL gets checked against the Original TTL, - and bounded by the signature expiration time, which - are both under the signature. We can't let TTL drift - based on the SOA record. If defaulted, fix it now. - (It's not clear to me why USE_MINIMUM isn't eliminated - before putting ALL RR's into the database. -gnu@toad.com) */ - if (ttl == USE_MINIMUM) - ttl = zp->z_minimum; - - i = 0; - data[i] = '\0'; - - getmlword_nesting = 0; /* KLUDGE err recovery */ - - /* RRtype (char *) - * if old style inp will contain the next token - *copy that into buffer, otherwise read from file - */ - if (buf && buf_len == 0) - if (!getmlword((char*)buf, my_buf_size, fp, 0)) - ERRTO("SIG record doesn't specify type"); - sig_type = res_nametotype(buf, &success); - if (!success || sig_type == ns_t_any) { - /* - * We'll also accept a numeric RR type, - * for signing RR types that this version - * of named doesn't yet understand. - * In the ns_t_any case, we rely on wordtouint32 - * to fail when scanning the string "ANY". - */ - sig_type = wordtouint32 (buf); - if (wordtouint32_error || sig_type > 0xFFFF) - ERRTO("Unknown RR type in SIG record"); - } - cp = &data[i]; - PUTSHORT((u_int16_t)sig_type, cp); - i += 2; - - /* Algorithm id (8-bit decimal) */ - if (!getmlword(buf, my_buf_size, fp, 0)) - ERRTO("Missing algorithm ID"); - al = wordtouint32(buf); - if (0 == al || wordtouint32_error || 255 <= al) - ERRTO("Bad algorithm number"); - data[i] = (u_char) al; - i++; - - /* - * Labels (8-bit decimal) - */ - if (!getmlword(buf, my_buf_size, fp, 0)) - ERRTO("Missing label count"); - la = wordtouint32(buf); - if (wordtouint32_error || 255 <= la || - (0 == la && *domain != '\0')) - ERRTO("Bad label count number"); - data[i] = (u_char) la; - i++; - - /* - * OTTL (optional u_int32_t) and - * Texp (u_int32_t date) - */ - if (!getmlword(buf, my_buf_size, fp, 0)) - ERRTO("OTTL and expiration time missing"); - /* - * See if OTTL is missing and this is a date. - * This relies on good, silent error checking - * in ns_datetosecs. - */ - exptime = ns_datetosecs(buf, &dateerror); - if (!dateerror) { - /* Output TTL as OTTL */ - origTTL = ttl; - cp = &data[i]; - PUTLONG (origTTL, cp); - i += 4; - } else { - /* Parse and output OTTL; scan TEXP */ - origTTL = wordtouint32(buf); - if (wordtouint32_error || (origTTL > 0x7fffffffU)) - ERRTO("Original TTL value bad"); - cp = &data[i]; - PUTLONG(origTTL, cp); - i += 4; - if (!getmlword(buf, my_buf_size, fp, 0)) - ERRTO("Expiration time missing"); - exptime = ns_datetosecs(buf, &dateerror); - } - if (dateerror || exptime > 0x7fffffff || exptime <= 0) - ERRTO("Invalid expiration time"); - cp = &data[i]; - PUTLONG(exptime, cp); - i += 4; - - /* Tsig (u_int32_t) */ - if (!getmlword(buf, my_buf_size, fp, 0)) - ERRTO("Missing signature time"); - signtime = ns_datetosecs(buf, &dateerror); - if (0 == signtime || dateerror) - ERRTO("Invalid signature time"); - cp = &data[i]; - PUTLONG(signtime, cp); - i += 4; - - /* Kfootprint (unsigned_16) */ - if (!getmlword(buf, my_buf_size, fp, 0)) - ERRTO("Missing key footprint"); - n = wordtouint32(buf); - if (wordtouint32_error || n >= 0x0ffff) - ERRTO("Invalid key footprint"); - cp = &data[i]; - PUTSHORT((u_int16_t)n, cp); - i += 2; - - /* Signer's Name */ - if (!getmlword((char*)buf, my_buf_size, fp, 0)) - ERRTO("Missing signer's name"); - cp = &data[i]; - strcpy((char *)cp, buf); - context = domain_ctx; - MAKENAME_OKZP((char *)cp, data_size); - i += strlen((char *)cp) + 1; - - /* - * Signature (base64 of any length) - * We don't care what algorithm it uses or what - * the internal structure of the BASE64 data is. - */ - if (!getallwords(buf, my_buf_size, fp, 0)) { - siglen = 0; - } else { - cp = &data[i]; - siglen = b64_pton(buf, (u_char*)cp, data_size - i); - if (siglen < 0) - ERRTO("Signature block bad"); - } - - /* set total length and we're done! */ - n = i + siglen; - - /* - * Check signature time, expiration, and adjust TTL. Note - * that all time values are in GMT (UTC), *not* local time. - */ - - now = time (0); /* need to find a better place for this XXX ogud */ - /* Don't let bogus name servers increase the signed TTL */ - if (ttl > origTTL) - ERRTO("TTL is greater than signed original TTL"); - - /* Don't let bogus signers "sign" in the future. */ - if (signtime > (u_int32_t)now) - ERRTO("signature time is in the future"); - - /* Ignore received SIG RR's that are already expired. */ - if (exptime <= (u_int32_t)now) - ERRTO("expiration time is in the past"); - - /* Lop off the TTL at the expiration time. */ - timetilexp = exptime - now; - if (timetilexp < ttl) { - ns_debug(ns_log_load, 1, - "shrinking expiring %s SIG TTL from %d to %d", - p_secstodate(exptime), ttl, timetilexp); - ttl = timetilexp; - } - - /* - * Check algorithm-ID and key structure, for - * the algorithm-ID's that we know about. - */ - switch (al) { - case NS_ALG_MD5RSA: - if (siglen == 0) - ERRTO("No key for RSA algorithm"); - if (siglen < 1) - ERRTO("Signature too short"); - if (siglen > (NS_MD5RSA_MAX_BITS + 7) / 8) - ERRTO("Signature too long"); - break; - - case NS_ALG_DH: - if (siglen < 1) - ERRTO("DH Signature too short"); - break; /* need more tests here */ - - case NS_ALG_DSA: - if (siglen < NS_DSA_SIG_SIZE) - ERRTO("DSS Signature too short"); - else if (siglen > NS_DSA_SIG_SIZE) - ERRTO("DSS Signature too long "); - break; /* need more tests here */ - - case NS_ALG_EXPIRE_ONLY: - if (siglen != 0) - ERRTO( - "Signature supplied to expire-only algorithm"); - break; - case NS_ALG_PRIVATE_OID: - if (siglen == 0) - ERRTO("No ObjectID in key"); - break; - default: - ERRTO("UNKOWN SIG algorithm"); - } - - /* Should we complain about algorithm-ID's that we - don't understand? It may help debug some obscure - cases, but in general we should accept any RR whether - we could cryptographically process it or not; it - may be being published for some newer DNS clients - to validate themselves. */ - - endline(fp); /* flush the rest of the line */ - - return (n); - err: - *errmsg = errtype; - return (-1); -} - -static int -parse_nxt_rr(char *buf, u_char *data, int data_size, FILE *fp, - struct zoneinfo *zp, char *domain, enum context context, - enum transport transport, const char **errmsg) -{ - - /* The NXT record looks like: - Name Cl NXT nextname RRT1 RRT2 MX A SOA ... - - where: Name and Cl are as usual - NXT is a keyword - nextname is the next valid name in the zone after "Name". - All names between the two are known to be nonexistent. - RRT's... are a series of RR type names, which indicate that - RR's of these types are published for "Name", and - that no RR's of any other types are published for "Name". - - When a NXT record is cryptographically signed, it proves the - nonexistence of an RR (actually a whole set of RR's). - */ - int n, errs = 0, i; - u_char *cp; -/* char *origin = zp->z_origin; - int class = zp->z_class; */ - *errmsg = "NXT name error"; - - (void) strcpy((char *)data, buf); - MAKENAME_OKZP((char *)data, data_size); - n = strlen((char *)data) + 1; - cp = n + data; - i = get_nxt_types(cp, fp, zp->z_source); - if( i > 0) - return (n + i); - *errmsg = "NXT type error"; - err: - return (-1); -} - - -static int -parse_cert_rr(char *buf, int buf_len, u_char *data, int data_size, - FILE *fp, const char **errmsg) -{ - /* Cert record looks like: - * Type Key_tag Alg Cert - * Type: certification type number (16) - * Key_tag: tag of corresponding KEY RR (16) - * Alg: algorithm of the KEY RR (8) - * Cert: base64 enocded block - */ - u_char *cp; - u_int32_t cert_type, key_tag, alg; - const char *errtype = "CERT parse error"; - int certlen, i, n, success; - - i = 0; - cp = &data[i]; - cert_type = sym_ston(__p_cert_syms, buf, &success); - if (!success) { - cert_type = wordtouint32(buf); - if (wordtouint32_error || cert_type > 0xFFFF) - ERRTO("CERT type out of range"); - } - if (i + INT16SZ > data_size) - ERRTO("CERT no space"); - PUTSHORT((u_int16_t)cert_type, cp); - i += INT16SZ; - - if (!getmlword((char*)buf, buf_len, fp, 0)) - ERRTO("CERT doesn't specify type"); - - key_tag = wordtouint32(buf); - if (wordtouint32_error || key_tag > 0xFFFF) - ERRTO("CERT KEY tag out of range"); - - if (i + INT16SZ > data_size) - ERRTO("CERT no space"); - PUTSHORT((u_int16_t)key_tag, cp); - i += INT16SZ; - - if (!getmlword(buf, buf_len, fp, 0)) - ERRTO("CERT missing algorithm ID"); - - alg = sym_ston(__p_key_syms, buf, &success); - if (!success) { - alg = wordtouint32(buf); - if (wordtouint32_error || alg > 0xFF) - ERRTO("CERT KEY alg out of range"); - } - if (i + 1 > data_size) - ERRTO("CERT no space"); - data[i++] = (u_char)alg; - - if (!getallwords(buf, buf_len, fp, 0)) { - certlen = 0; - } - else { - cp = &data[i]; - certlen = b64_pton(buf, (u_char*)cp, data_size - i); - if (certlen < 0) - ERRTO("CERT blob has encoding error"); - } - /* set total length */ - n = i + certlen; - return (n); - err: - *errmsg = errtype; - return (-1); - -} - -static int -parse_key_rr(char *buf, int buf_len, u_char *data, int data_size, - FILE *fp, const char **errmsg) -{ - /* The KEY record looks like this in the db file: - * Name Cl KEY Flags Proto Algid PublicKeyData - * where: - * Name,Cl per usual - * KEY RR type - * Flags 4 digit hex value (unsigned_16) - * Proto 8 bit u_int - * Algid 8 bit u_int - * PublicKeyData - * a string of base64 digits, - * skipping any embedded whitespace. - */ - u_int32_t al, pr; - int nk, klen,i, n; - u_int32_t keyflags; - const char *errtype = "KEY error"; - u_char *cp, *expstart; - u_int expbytes, modbytes; - - i = n = 0; - data[i] = '\0'; - cp = data; - getmlword_nesting = 0; /* KLUDGE err recov. */ - - /*>>> Flags (unsigned_16) */ - keyflags = wordtouint32(buf); - if (wordtouint32_error || 0xFFFF < keyflags) - ERRTO("KEY flags error"); - if (keyflags & NS_KEY_RESERVED_BITMASK) - ERRTO("KEY Reserved Flag Bit"); - PUTSHORT(keyflags, cp); - - /*>>> Protocol (8-bit decimal) */ - if (!getmlword((char*)buf, buf_len, fp, 0)) - ERRTO("KEY Protocol Field"); - pr = wordtouint32(buf); - if (wordtouint32_error || 255 < pr) - ERRTO("KEY Protocol Field"); - *cp++ = (u_char) pr; - - /*>>> Algorithm id (8-bit decimal) */ - if (!getmlword((char*)buf, buf_len, fp, 0)) - ERRTO("KEY Algorithm ID"); - al = wordtouint32(buf); - if (wordtouint32_error || 0 == al || 255 == al || 255 < al) - ERRTO("KEY Algorithm ID"); - *cp++ = (u_char) al; - - /*>>> Extended KEY flag field in bytes 5 and 6 */ - if (NS_KEY_EXTENDED_FLAGS & keyflags) { - u_int32_t keyflags2; - - if (!getmlword((char*)buf, buf_len, fp, 0)) - ERRTO("KEY Flags Field"); - keyflags2 = wordtouint32(buf); - if (wordtouint32_error || 0xFFFF < keyflags2) - ERRTO("Extended key flags error"); - if (keyflags2 & NS_KEY_RESERVED_BITMASK2) - ERRTO("KEY Reserved Flag2 Bit"); - PUTSHORT(keyflags2, cp); - } - - /*>>> Public Key data is in BASE64. - * We don't care what algorithm it uses or what - * the internal structure of the BASE64 data is. - */ - if (!getallwords(buf, MAXDATA, fp, 0)) - klen = 0; - else { - /* Convert from BASE64 to binary. */ - klen = b64_pton(buf, (u_char*)cp, - data_size - (cp - data)); - if (klen < 0) - ERRTO("KEY Public Key"); - } - - /* set total length */ - n = klen + (cp - data); - - /* - * Now check for valid key flags & algs & etc, from the RFC. - */ - - if (NS_KEY_TYPE_NO_KEY == (keyflags & NS_KEY_TYPEMASK)) - nk = 1; /* No-key */ - else - nk = 0; /* have a key */ - - if ((keyflags & (NS_KEY_NAME_TYPE | NS_KEY_TYPEMASK)) == - (NS_KEY_NAME_ZONE | NS_KEY_TYPE_CONF_ONLY)) - /* Zone key must have Auth bit set. */ - ERRTO("KEY Zone Key Auth. bit"); - - if (al == 0 && nk == 0) - ERRTO("KEY Algorithm"); - if (al != 0 && pr == 0) - ERRTO("KEY Protocols"); - - if (nk == 1 && klen != 0) - ERRTO("KEY No-Key Flags Set"); - - if (nk == 0 && klen == 0) - ERRTO("KEY Type Spec'd"); - - /* - * Check algorithm-ID and key structure, for the algorithm-ID's - * that we know about. - */ - switch (al) { - case NS_ALG_MD5RSA: - if (klen == 0) - break; - expstart = cp; - expbytes = *expstart++; - if (expbytes == 0) - GETSHORT(expbytes, expstart); - - if (expbytes < 1) - ERRTO("Exponent too short"); - if (expbytes > (NS_MD5RSA_MAX_BITS + 7) / 8) - ERRTO("Exponent too long"); - if (*expstart == 0) - ERRTO("Exponent w/ 0"); - - modbytes = klen - (expbytes + (expstart - cp)); - if (modbytes < (NS_MD5RSA_MIN_BITS + 7) / 8) - ERRTO("Modulus too short"); - if (modbytes > (NS_MD5RSA_MAX_BITS + 7) / 8) - ERRTO("Modulus too long"); - if (*(expstart+expbytes) == 0) - ERRTO("Modulus starts w/ 0"); - break; - - case NS_ALG_DH: { - u_char *dh_cp; - u_int16_t dh_len, plen, glen, ulen; - - dh_cp = (u_char *)cp; - GETSHORT(plen, dh_cp); - if(plen < 16) - ERRTO("DH short plen"); - dh_len = 2 + plen; - if(dh_len > klen) - ERRTO("DH plen > klen"); - - GETSHORT(glen, dh_cp); - if(glen <= 0 || glen > plen) - ERRTO("DH glen bad"); - dh_len = 2 + glen; - if(dh_len > klen) - ERRTO("DH glen > klen"); - - GETSHORT(ulen, dh_cp); - if(ulen <= 0 || ulen > plen) - ERRTO("DH ulen bad"); - dh_len = 2 + ulen; - if(dh_len > klen) - ERRTO("DH ulen > klen"); - else if (dh_len < klen) - ERRTO("DH *len < klen"); - break; - } - - case NS_ALG_DSA: { - u_int8_t t; - - if ( klen == 0) - break; - t = *cp; - if (t > 8) - ERRTO("DSA T value"); - if (klen != (1 + 20 + 3 *(64+8*t))) - ERRTO("DSA length"); - break; - } - - case NS_ALG_PRIVATE_OID: - if (klen == 0) - ERRTO("No ObjectID in key"); - break; - default: - ERRTO("Unknown Key algorithm"); - } - - endline(fp); /* flush the rest of the line */ - return (n); - err: - *errmsg = errtype; - return (-1); -} /*T_KEY*/ - -/* - * function to invoke DNSSEC specific parsing routines. - * this is simpler than copying these complicated blocks into the - * multiple souce files that read files (ixfr, nsupdate etc..). - * this code should be in a library rather than in this file but - * what the heck for now (ogud@tislabs.com) - */ -int -parse_sec_rdata(char *buf, int buf_len, int buf_full, u_char *data, - int data_size, FILE *fp, struct zoneinfo *zp, - char *domain, u_int32_t ttl, int type, enum context context, - enum transport transport, const char **errmsg) -{ - int ret = -1; - - getmlword_nesting = 0; /* KLUDGE err recov. */ - if (!buf_full && buf && buf_len != 0) /* check if any data in buf */ - if (!getmlword(buf, buf_len, fp, 1)) { - *errmsg = "unexpected end of input"; - goto err; - } - - switch (type) { - case ns_t_sig: - ret = parse_sig_rr(buf, buf_len, data, data_size, fp, zp, - domain, ttl, context, transport, errmsg); - break; - case ns_t_key: - ret = parse_key_rr(buf, buf_len, data, data_size, fp, errmsg); - break; - case ns_t_nxt: - ret = parse_nxt_rr(buf, data, data_size, fp, zp, - domain, context, transport, errmsg); - break; - case ns_t_cert: - ret = parse_cert_rr(buf, buf_len, data, data_size, fp, errmsg); - break; - default: - ret = -1; - *errmsg = "parse_sec_rdata():Unsupported SEC type type"; - goto err; - } - return (ret); - err: - endline(fp); - return (ret); -} diff --git a/contrib/bind/bin/named/db_lookup.c b/contrib/bind/bin/named/db_lookup.c deleted file mode 100644 index 77089da..0000000 --- a/contrib/bind/bin/named/db_lookup.c +++ /dev/null @@ -1,341 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)db_lookup.c 4.18 (Berkeley) 3/21/91"; -static const char rcsid[] = "$Id: db_lookup.c,v 8.27 2001/06/18 14:42:55 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Table lookup routines. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> - -#include <ctype.h> -#include <stdio.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> - -#include "port_after.h" - -#include "named.h" - -/* - * Lookup 'name' and return a pointer to the namebuf; - * NULL otherwise. If 'insert', insert name into tables. - * Wildcard lookups are handled. - */ -struct namebuf * -nlookup(const char *name, struct hashbuf **htpp, - const char **fname, int insert) -{ - struct namebuf *np; - const char *cp; - int c; - u_int hval; - struct hashbuf *htp; - struct namebuf *parent = NULL; - int escaped = 0; - - htp = *htpp; - hval = 0; - *fname = "???"; - for (cp = name; (c = *cp++) != 0; (void)NULL) { - if (!escaped && (c == '.')) { - parent = np = nlookup(cp, htpp, fname, insert); - if (np == NULL) - return (NULL); - if (*fname != cp) - return (np); - if ((htp = np->n_hash) == NULL) { - if (!insert) { - if (ns_wildcard(NAME(*np))) - *fname = name; - return (np); - } - htp = savehash((struct hashbuf *)NULL); - np->n_hash = htp; - } - *htpp = htp; - break; - } - - HASHIMILATE(hval, c); - if (escaped) - escaped = 0; - else if (c == '\\') - escaped = 1; - } - cp--; - /* - * Lookup this label in current hash table. - */ - for (np = htp->h_tab[hval % htp->h_size]; - np != NULL; - np = np->n_next) { - if (np->n_hashval == hval && - ((size_t)NAMELEN(*np) == (size_t)(cp - name)) && - (strncasecmp(name, NAME(*np), cp - name) == 0)) { - *fname = name; - return (np); - } - } - if (!insert) { - /* - * Look for wildcard in this hash table. - * Don't use a cached "*" name as a wildcard, - * only authoritative. - */ - hval = ('*' & HASHMASK) % htp->h_size; - for (np = htp->h_tab[hval]; np != NULL; np = np->n_next) { - if (ns_wildcard(NAME(*np)) && - np->n_data && np->n_data->d_zone != 0) { - *fname = name; - return (np); - } - } - return (parent); - } - np = savename(name, cp - name); - np->n_parent = parent; - np->n_hashval = hval; - hval %= htp->h_size; - np->n_next = htp->h_tab[hval]; - htp->h_tab[hval] = np; - /* Increase hash table size. */ - if (++htp->h_cnt > (htp->h_size * AVGCH_NLOOKUP)) { - *htpp = savehash(htp); - if (parent == NULL) { - if (htp == hashtab) { - hashtab = *htpp; - } else { - fcachetab = *htpp; - } - } - else - parent->n_hash = *htpp; - htp = *htpp; - } - *fname = name; - return (np); -} - -/* struct namebuf * - * np_parent(struct namebuf *np) - * Find the "parent" namebuf of np. - * This is tricky since the parent of "com" is "" and both are stored - * in the same hashbuf. - * See also: - * the AXFR wart description in ns_axfr.c - */ -struct namebuf * -np_parent(struct namebuf *np) { - struct hashbuf *htp; - struct namebuf *np2; - - if (np->n_parent != NULL || NAME(*np)[0] == '\0') - return (np->n_parent); - - /* Try to figure out if np is pointing into the cache or hints. */ - /* Try the cache first. */ - htp = hashtab; - try_again: - /* Search the hash chain that np should be part of. */ - for (np2 = htp->h_tab[np->n_hashval % htp->h_size]; - np2 != NULL; - np2 = np2->n_next) - { - if (np == np2) { /* found it! */ - /* "" hashes into the first bucket */ - for (np = htp->h_tab[0]; np != NULL; np = np->n_next) { - if (NAME(*np)[0] == '\0') - /* found the root namebuf */ - return (np); - } - /* there are no RR's with a owner name of "." yet */ - return (NULL); - } - } - /* Try the hints. */ - if (htp == hashtab) { - htp = fcachetab; - goto try_again; - } - ns_debug(ns_log_db, 1, "np_parent(0x%lx) couldn't find namebuf", - (u_long)np); - return (NULL); /* XXX shouldn't happen */ -} - -/* int - * match(dp, class, type) - * Does data record `dp' match the class and type? - * return value: - * boolean - */ -int -match(struct databuf *dp, int class, int type) { - if (dp->d_class != class && class != C_ANY) - return (0); - if (dp->d_type != type && dp->d_type != T_SIG && type != T_ANY) - return (0); - if (type != T_SIG && dp->d_type == T_SIG && (int)SIG_COVERS(dp) != type) - return (0); - return (1); -} - -/* static int - * nxtlower(name, dp) - * Is the NXT/SIG NXT record 'lower'? - * return value: - * boolean - */ -static int -nxtlower(const char *name, struct databuf *dp) { - /* An NXT is a lower NXT iff the SOA bit is set in the bitmap */ - if (dp->d_type == T_NXT) { - u_char *nxtbitmap = dp->d_data + strlen((char *)dp->d_data) + 1; - return (NS_NXT_BIT_ISSET(T_SOA, nxtbitmap) ? 1 : 0); - } - /* If it's not an NXT, it's a SIG NXT. An NXT record must be signed - * by the zone, so the signer name must be the same as the owner. - */ - return (ns_samename(name, (char *)dp->d_data + SIG_HDR_SIZE) != 1 ? 0 : 1); -} - -/* int - * nxtmatch(name, dp1, dp2) - * Do NXT/SIG NXT records `dp1' and `dp2' belong to the same NXT set? - * return value: - * boolean - */ -int -nxtmatch(const char *name, struct databuf *dp1, struct databuf *dp2) { - int dp1_lower, dp2_lower; - int type1, type2; - - if (dp1->d_type == ns_t_sig) - type1 = SIG_COVERS(dp1); - else - type1 = dp1->d_type; - if (dp2->d_type == ns_t_sig) - type2 = SIG_COVERS(dp2); - else - type2 = dp2->d_type; - - if (type1 != ns_t_nxt || type2 != ns_t_nxt) - return (0); - dp1_lower = nxtlower(name, dp1); - dp2_lower = nxtlower(name, dp2); - return (dp1_lower == dp2_lower); -} - -/* int - * rrmatch(name, dp1, dp2) - * Do data records `dp1' and `dp2' match in class and type? - * If both are NXTs, do they belong in the same NXT set? - * If both are SIGs, do the covered types match? - * If both are SIG NXTs, do the covered NXTs belong in the same set? - * Why is DNSSEC so confusing? - * return value: - * boolean - */ -int -rrmatch(const char *name, struct databuf *dp1, struct databuf *dp2) { - if (dp1->d_class != dp2->d_class && - dp1->d_class != C_ANY && dp2->d_class != C_ANY) - return(0); - if (dp1->d_type != dp2->d_type && - dp1->d_type != T_ANY && dp2->d_type != T_ANY) - return(0); - if (dp1->d_type == T_NXT) - return(nxtmatch(name, dp1, dp2)); - if (dp1->d_type != T_SIG) - return(1); - if (SIG_COVERS(dp1) == SIG_COVERS(dp2)) { - if (SIG_COVERS(dp1) == ns_t_nxt) - return(nxtmatch(name, dp1, dp2)); - else - return(1); - } - return(0); -} diff --git a/contrib/bind/bin/named/db_save.c b/contrib/bind/bin/named/db_save.c deleted file mode 100644 index a8f4d2a..0000000 --- a/contrib/bind/bin/named/db_save.c +++ /dev/null @@ -1,215 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)db_save.c 4.16 (Berkeley) 3/21/91"; -static const char rcsid[] = "$Id: db_save.c,v 8.30 2002/05/18 01:02:56 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Buffer allocation and deallocation routines. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> - -#include <errno.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include "port_after.h" - -#include "named.h" - -/* - * Allocate a name buffer & save name. - */ -struct namebuf * -savename(const char *name, int len) { - struct namebuf *np; - - /* - * Note that MAXLABEL * 4 < 256, so a single length byte is enough. - * Also, we use MAXLABEL * 4 because each label character can - * expand into up to four characters when rendered in canonical - * form. - */ - INSIST(len >= 0 && len <= (MAXLABEL * 4)); - np = (struct namebuf *) memget(NAMESIZE(len)); - if (np == NULL) - panic("savename: memget", NULL); - memset(np, 0, NAMESIZE(len)); - NAMELEN(*np) = (unsigned)len; - memcpy(NAME(*np), name, len); - NAME(*np)[len] = '\0'; - return (np); -} - -/* - * Allocate a data buffer & save data. - */ -struct databuf * -savedata(class, type, ttl, data, size) - int class, type; - u_int32_t ttl; - u_char *data; - int size; -{ - struct databuf *dp; - int bytes = BIND_DATASIZE(size); - - dp = (struct databuf *)memget(bytes); - if (dp == NULL) - panic("savedata: memget", NULL); - if (class > CLASS_MAX) - panic("savedata: bad class", NULL); - memset(dp, 0, bytes); - dp->d_next = NULL; - dp->d_type = type; - dp->d_class = class; - dp->d_ttl = ttl; - dp->d_size = size; - dp->d_mark = 0; - dp->d_flags = 0; - dp->d_cred = 0; - dp->d_clev = 0; - dp->d_secure = DB_S_INSECURE; - dp->d_rcode = NOERROR; - dp->d_addr.s_addr = htonl(0); - dp->d_nstime = 0; - dp->d_rcnt = 1; -#ifdef CHECK_MAGIC - dp->d_magic = DATABUF_MAGIC; -#endif - memcpy(dp->d_data, data, dp->d_size); - return (dp); -} - -/* - * Allocate a data buffer & save data. - */ -struct hashbuf * -savehash(oldhtp) - struct hashbuf *oldhtp; -{ - struct hashbuf *htp; - struct namebuf *np, *nnp, **hp; - int n, newsize; - - if (oldhtp == NULL) - newsize = hashsizes[0]; - else { - for (n = 0; (newsize = hashsizes[n++]) != 0; (void)NULL) - if (oldhtp->h_size == newsize) { - newsize = hashsizes[n]; - break; - } - if (newsize == 0) - newsize = oldhtp->h_size * 2 + 1; - } - ns_debug(ns_log_db, 4, "savehash GROWING to %d", newsize); - htp = (struct hashbuf *) memget(HASHSIZE(newsize)); - if (htp == NULL) - ns_panic(ns_log_db, 0, "savehash: %s", strerror(errno)); - htp->h_size = newsize; - memset(htp->h_tab, 0, newsize * sizeof(struct namebuf *)); - if (oldhtp == NULL) { - htp->h_cnt = 0; - return (htp); - } - ns_debug(ns_log_db, 4, "savehash(%#lx) cnt=%d, sz=%d, newsz=%d", - (u_long)oldhtp, oldhtp->h_cnt, oldhtp->h_size, newsize); - htp->h_cnt = oldhtp->h_cnt; - for (n = 0; n < oldhtp->h_size; n++) { - for (np = oldhtp->h_tab[n]; np != NULL; np = nnp) { - nnp = np->n_next; - hp = &htp->h_tab[np->n_hashval % htp->h_size]; - np->n_next = *hp; - *hp = np; - } - } - oldhtp->h_cnt = 0; /* Keep rm_hash() happy. */ - rm_hash(oldhtp); - return (htp); -} diff --git a/contrib/bind/bin/named/db_sec.c b/contrib/bind/bin/named/db_sec.c deleted file mode 100644 index 5e03fb9..0000000 --- a/contrib/bind/bin/named/db_sec.c +++ /dev/null @@ -1,1081 +0,0 @@ - -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: db_sec.c,v 8.36 2002/11/17 14:51:50 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> - -#include <ctype.h> -#include <resolv.h> -#include <stdio.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/tree.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" - -struct zpubkey { - struct dst_key *zpk_key; /* Should be DST_KEY */ - char *zpk_name; - struct zpubkey *zpk_next; -}; - -typedef struct zpubkey *zpubkey_list; - -static int nxt_match_rrset(struct databuf *dp, struct db_rrset *rrset); - -/* - * A converted databuf is a stripped down databuf after converting the - * data to wire format. - */ -struct converted_databuf { - struct converted_databuf *cd_next; - u_char *cd_data; - int cd_size, cd_alloc; -}; - -/* All of the trusted keys and zone keys */ -static tree *trusted_keys = NULL; - -static int -compare_pubkey (struct zpubkey *zpk1, struct zpubkey *zpk2) { - char ta[NS_MAXDNAME], tb[NS_MAXDNAME]; - - if (ns_makecanon(zpk1->zpk_name, ta, sizeof ta) < 0 || - ns_makecanon(zpk2->zpk_name, tb, sizeof tb) < 0) - return (-1); - return (strcasecmp(ta, tb)); -} - -static struct zpubkey * -tree_srch_pubkey (const char *name) { - struct zpubkey tkey, *key; - - DE_CONST(name, tkey.zpk_name); - if (trusted_keys == NULL) { - tree_init(&trusted_keys); - return (NULL); - } - key = (struct zpubkey *)tree_srch(&trusted_keys, compare_pubkey, - &tkey); - return (key); -} - -static DST_KEY * -find_public_key (const char *name, u_int16_t key_id) { - struct namebuf *knp; - struct hashbuf *htp; - struct databuf *dp; - const char *fname; - DST_KEY *key; - - ns_debug(ns_log_default, 5, "find_public_key(%s, %d)", name, key_id); - - htp = hashtab; - knp = nlookup (name, &htp, &fname, 0); - if (fname != name) - /* The name doesn't exist, so there's no key */ - return (NULL); - - for (dp = knp->n_data; dp != NULL; dp = dp->d_next) { - if (dp->d_type != ns_t_key || dp->d_secure < DB_S_SECURE) - continue; - key = dst_dnskey_to_key(name, dp->d_data, dp->d_size); - /* XXX what about multiple keys with same footprint? */ - if (key) { - if (key->dk_id == ntohs(key_id)) - return (key); - else - dst_free_key(key); - } - } - return (NULL); -} - - -static DST_KEY * -find_trusted_key (const char *name, u_int16_t key_id) { - struct zpubkey *zpk; - zpubkey_list keylist = tree_srch_pubkey (name); - - ns_debug(ns_log_default, 5, "find_trusted_key(%s, %d)", name, key_id); - - for (zpk = keylist; zpk; zpk = zpk->zpk_next) - if (zpk->zpk_key->dk_id == ntohs(key_id)) - return (zpk->zpk_key); - - return (NULL); -} - -int -add_trusted_key (const char *name, const int flags, const int proto, - const int alg, const char *str) -{ - zpubkey_list keylist; - struct zpubkey *zpk; - u_char buf[1024]; - int n; - - keylist = tree_srch_pubkey (name); - - zpk = (struct zpubkey *) memget (sizeof (struct zpubkey)); - if (zpk == NULL) - ns_panic(ns_log_default, 1, - "add_trusted_key: memget failed(%s)", name); - n = b64_pton(str, buf, sizeof(buf)); - if (n < 0) - goto failure; - zpk->zpk_key = dst_buffer_to_key(name, alg, flags, proto, buf, n); - if (zpk->zpk_key == NULL) { - ns_warning(ns_log_default, - "add_trusted_key: dst_buffer_to_key(%s) failed", - name); - goto failure; - } - zpk->zpk_name = zpk->zpk_key->dk_key_name; - zpk->zpk_next = NULL; - - if (keylist == NULL) { - if (tree_add (&trusted_keys, compare_pubkey, zpk, NULL) == NULL) - goto failure; - } - else { - struct zpubkey *tkey = keylist; - while (tkey->zpk_next) - tkey = tkey->zpk_next; - tkey->zpk_next = zpk; - } - - return (1); - failure: - memput(zpk, sizeof (struct zpubkey)); - return (0); -} - -/* Can the signer sign records for this name? This is a heuristic. */ -static int -can_sign(const char *name, const char *signer) { - return (ns_samedomain(name, signer) && - dn_count_labels(name) - dn_count_labels(signer) <= 2); -} - -static int -rrset_set_security(struct db_rrset *rrset, int slev) { - struct dnode *dnp; - - for (dnp = rrset->rr_list; dnp != NULL; dnp = dnp->dn_next) - dnp->dp->d_secure = slev; - for (dnp = rrset->rr_sigs; dnp != NULL; dnp = dnp->dn_next) - dnp->dp->d_secure = slev; - return (slev); -} - -static int -convert_databuf(struct databuf *dp, struct converted_databuf *cdp) { - u_char *bp = cdp->cd_data; - u_char *cp = dp->d_data; - u_char *eob = cdp->cd_data + cdp->cd_alloc; - int len; - u_char buf[MAXDNAME]; - - switch (dp->d_type) { - case ns_t_soa: - case ns_t_minfo: - case ns_t_rp: - if (eob - bp < (int)strlen((char *)cp) + 1) - return (-1); - if (ns_name_pton((char *)cp, buf, sizeof buf) < 0) - return (-1); - len = ns_name_ntol(buf, bp, eob - bp); - if (len < 0) - return (-1); - bp += len; - cp += strlen((char *)cp) + 1; - - if (eob - bp < (int)strlen((char *)cp) + 1) - return (-1); - if (ns_name_pton((char *)cp, buf, sizeof buf) < 0) - return (-1); - len = ns_name_ntol(buf, bp, eob - bp); - if (len < 0) - return (-1); - bp += len; - cp += strlen((char *)cp) + 1; - - if (dp->d_type == ns_t_soa) { - if (eob - bp < 5 * INT32SZ) - return (-1); - memcpy(bp, cp, 5 * INT32SZ); - bp += (5 * INT32SZ); - cp += (5 * INT32SZ); - } - - break; - - case ns_t_ns: - case ns_t_cname: - case ns_t_mb: - case ns_t_mg: - case ns_t_mr: - case ns_t_ptr: - case ns_t_nxt: - if (eob - bp < (int)strlen((char *)cp) + 1) - return (-1); - if (ns_name_pton((char *)cp, buf, sizeof buf) < 0) - return (-1); - len = ns_name_ntol(buf, bp, eob - bp); - if (len < 0) - return (-1); - bp += len; - cp += (len = strlen((char *)cp) + 1); - - if (dp->d_type == ns_t_nxt) { - if (eob - bp < dp->d_size - len) - return (-1); - memcpy(bp, cp, dp->d_size - len); - bp += (dp->d_size - len); - cp += (dp->d_size - len); - } - break; - - case ns_t_srv: - if (eob - bp < 2 * INT16SZ) - return (-1); - memcpy(bp, cp, 2 * INT16SZ); - bp += (2 * INT16SZ); - cp += (2 * INT16SZ); - /* no break */ - case ns_t_rt: - case ns_t_mx: - case ns_t_afsdb: - case ns_t_px: - if (eob - bp < INT16SZ) - return (-1); - memcpy (bp, cp, INT16SZ); - bp += INT16SZ; - cp += INT16SZ; - - if (eob - bp < (int)strlen((char *)cp) + 1) - return (-1); - if (ns_name_pton((char *)cp, buf, sizeof buf) < 0) - return (-1); - len = ns_name_ntol(buf, bp, eob - bp); - if (len < 0) - return (-1); - bp += len; - cp += strlen((char *)cp) + 1; - - if (dp->d_type == ns_t_px) { - if (eob - bp < (int)strlen((char *)cp) + 1) - return (-1); - if (ns_name_pton((char *)cp, buf, sizeof buf) < 0) - return (-1); - len = ns_name_ntol(buf, bp, eob - bp); - if (len < 0) - return (-1); - bp += len; - cp += strlen((char *)cp) + 1; - } - break; - - default: - if (eob - bp < dp->d_size) - return (-1); - memcpy(bp, cp, dp->d_size); - bp += dp->d_size; - } - cdp->cd_size = bp - cdp->cd_data; - return (cdp->cd_size); -} - -static int -digest_rr(char *envelope, int elen, struct converted_databuf *cdp, - char *buffer, int blen) -{ - char *bp = buffer, *eob = buffer + blen; - - if (eob - bp < elen) - return (-1); - memcpy (bp, envelope, elen); - bp += elen; - - if (eob - bp < INT16SZ) - return (-1); - PUTSHORT(cdp->cd_size, bp); - - if (eob - bp < cdp->cd_size) - return (-1); - memcpy (bp, cdp->cd_data, cdp->cd_size); - bp += cdp->cd_size; - - return (bp - buffer); -} - -/* Sorts the converted databuf in the list */ -static void -insert_converted_databuf(struct converted_databuf *cdp, - struct converted_databuf **clist) -{ - struct converted_databuf *tcdp, *next; - int t; - -#define compare_cdatabuf(c1, c2, t) \ - (t = memcmp(c1->cd_data, c2->cd_data, MIN(c1->cd_size, c2->cd_size)), \ - t == 0 ? c1->cd_size - c2->cd_size : t) - - if (*clist == NULL) { - *clist = cdp; - return; - } - - tcdp = *clist; - if (compare_cdatabuf(cdp, tcdp, t) < 0) { - cdp->cd_next = tcdp; - *clist = cdp; - return; - } - - next = tcdp->cd_next; - while (next) { - if (compare_cdatabuf(cdp, next, t) < 0) { - cdp->cd_next = next; - tcdp->cd_next = cdp; - return; - } - tcdp = next; - next = next->cd_next; - } - tcdp->cd_next = cdp; -#undef compare_cdatabuf -} - -static void -free_clist(struct converted_databuf *clist) { - struct converted_databuf *cdp; - - while (clist != NULL) { - cdp = clist; - clist = clist->cd_next; - memput(cdp->cd_data, cdp->cd_alloc); - memput(cdp, sizeof(struct converted_databuf)); - } -} - -/* Removes all empty nodes from an rrset's SIG list. */ -static void -rrset_trim_sigs(struct db_rrset *rrset) { - struct dnode *dnp, *odnp, *ndnp; - - odnp = NULL; - dnp = rrset->rr_sigs; - while (dnp != NULL) { - if (dnp->dp != NULL) { - odnp = dnp; - dnp = dnp->dn_next; - } - else { - if (odnp != NULL) - odnp->dn_next = dnp->dn_next; - else - rrset->rr_sigs = dnp->dn_next; - ndnp = dnp->dn_next; - memput(dnp, sizeof(struct dnode)); - dnp = ndnp; - } - } -} - -static int -verify_set(struct db_rrset *rrset) { - DST_KEY *key = NULL; - struct sig_record *sigdata; - struct dnode *sigdn; - struct databuf *sigdp; - u_int32_t now; - u_int32_t exptime; - u_int32_t signtime; - char *signer; - u_char name_n[MAXDNAME]; - u_char *sig, *eom; - int trustedkey = 0, siglen, labels, len = 0, ret; - u_char *buffer = NULL, *bp; - u_char envelope[MAXDNAME+32], *ep; - struct dnode *dnp; - int bufsize = 2048; /* Large enough for MAXDNAME + SIG_HDR_SIZE */ - struct converted_databuf *clist = NULL, *cdp; - int dnssec_failed = 0, dnssec_succeeded = 0; - int return_value; - int i; - int expired = 0; - - if (rrset == NULL || rrset->rr_name == NULL) { - ns_warning (ns_log_default, "verify_set: missing rrset/name"); - return (rrset_set_security(rrset, DB_S_FAILED)); - } - - if (rrset->rr_sigs == NULL) - return (rrset_set_security(rrset, DB_S_INSECURE)); - - ns_debug(ns_log_default, 5, "verify_set(%s, %s, %s)", rrset->rr_name, - p_type(rrset->rr_type), p_class(rrset->rr_class)); - - now = time(NULL); - - for (sigdn = rrset->rr_sigs; sigdn != NULL; sigdn = sigdn->dn_next) { - u_int32_t namefield; - struct sig_record sigrec; - - sigdp = sigdn->dp; - - eom = sigdp->d_data + sigdp->d_size; - if (sigdp->d_size < SIG_HDR_SIZE) { - return_value = DB_S_FAILED; - goto end; - } - memcpy(&sigrec, sigdp->d_data, SIG_HDR_SIZE); - sigdata = &sigrec; - signer = (char *)sigdp->d_data + SIG_HDR_SIZE; - sig = (u_char *)signer + strlen(signer) + 1; - siglen = eom - sig; - - /* - * Don't verify a set if the SIG inception time is in - * the future. This should be fixed before 2038 (BEW) - */ - signtime = ntohl(sigdata->sig_time_n); - if (SEQ_GT(signtime, now)) - continue; - - /* An expired set is dropped, but the data is not. */ - exptime = ntohl(sigdata->sig_exp_n); - if (SEQ_GT(now, exptime)) { - expired++; - db_detach(&sigdn->dp); - sigdp = NULL; - continue; - } - - /* Cleanup from the last iteration if we continue'd */ - if (trustedkey == 0 && key != NULL) - dst_free_key(key); - - key = find_trusted_key(signer, sigdata->sig_keyid_n); - - if (key == NULL) { - trustedkey = 0; - key = find_public_key(signer, sigdata->sig_keyid_n); - } - else - trustedkey = 1; - - /* if we don't have the key, either - * - the data should be considered insecure - * - the sig is not a dnssec signature - */ - if (key == NULL) - continue; - - /* Can a key with this name sign the data? */ - if (!can_sign(rrset->rr_name, signer)) - continue; - - /* Check the protocol and flags of the key */ - if (key->dk_proto != NS_KEY_PROT_DNSSEC && - key->dk_proto != NS_KEY_PROT_ANY) - continue; - if (key->dk_flags & NS_KEY_NO_AUTH) - continue; - namefield = key->dk_flags & NS_KEY_NAME_TYPE; - if (namefield == NS_KEY_NAME_USER || - namefield == NS_KEY_NAME_RESERVED) - continue; - if (namefield == NS_KEY_NAME_ENTITY && - (key->dk_flags & NS_KEY_SIGNATORYMASK) == 0) - continue; - - /* - * If we're still here, we have a non-null key that's either - * a zone key or an entity key with signing authority. - */ - - if (buffer == NULL) { - bp = buffer = memget(bufsize); - if (bp == NULL) { - return_value = DB_S_FAILED; - goto end; - } - } - else - bp = buffer; - - - /* Digest the fixed portion of the SIG record */ - memcpy(bp, (char *) sigdata, SIG_HDR_SIZE); - bp += SIG_HDR_SIZE; - - /* Digest the signer's name, canonicalized */ - if (ns_name_pton(signer, name_n, sizeof name_n) < 0) { - return_value = DB_S_FAILED; - goto end; - } - i = ns_name_ntol(name_n, (u_char *)bp, bufsize - SIG_HDR_SIZE); - if (i < 0) { - return_value = DB_S_FAILED; - goto end; - } - bp += i; - - /* create the dns record envelope: - * <name><type><class><Original TTL> - */ - if (ns_name_pton(rrset->rr_name, name_n, sizeof name_n) < 0 || - ns_name_ntol(name_n, (u_char *)envelope, sizeof envelope) < 0) { - return_value = DB_S_FAILED; - goto end; - } - - labels = dn_count_labels(rrset->rr_name); - if (labels > sigdata->sig_labels_n) { - ep = envelope; - for (i=0; i < (labels - 1 - sigdata->sig_labels_n); i++) - ep += (*ep+1); - i = dn_skipname(ep, envelope + sizeof envelope); - if (i < 0) { - return_value = DB_S_FAILED; - goto end; - } - envelope[0] = '\001'; - envelope[1] = '*'; - memmove(envelope + 2, ep, i); - } - i = dn_skipname(envelope, envelope + sizeof envelope); - if (i < 0) { - return_value = DB_S_FAILED; - goto end; - } - ep = envelope + i; - PUTSHORT (rrset->rr_type, ep); - PUTSHORT (rrset->rr_class, ep); - if (envelope + sizeof(envelope) - ep < INT32SZ) { - return_value = DB_S_FAILED; - goto end; - } - memcpy (ep, &sigdata->sig_ottl_n, INT32SZ); - ep += INT32SZ; - - if (clist == NULL) { - for (dnp = rrset->rr_list; - dnp != NULL; - dnp = dnp->dn_next) - { - struct databuf *dp = dnp->dp; - - cdp = memget(sizeof(struct converted_databuf)); - if (cdp == NULL) { - return_value = DB_S_FAILED; - goto end; - } - memset(cdp, 0, sizeof(*cdp)); - /* Should be large enough... */ - cdp->cd_alloc = dp->d_size + 8; - cdp->cd_data = memget(cdp->cd_alloc); - if (cdp->cd_data == NULL) { - memput(cdp, sizeof(*cdp)); - return_value = DB_S_FAILED; - goto end; - } - while (convert_databuf(dp, cdp) < 0) { - memput(cdp->cd_data, cdp->cd_alloc); - cdp->cd_alloc *= 2; - cdp->cd_data = memget(cdp->cd_alloc); - if (cdp->cd_data == NULL) { - memput(cdp, sizeof(*cdp)); - return_value = DB_S_FAILED; - goto end; - } - } - insert_converted_databuf(cdp, &clist); - } - } - - for (cdp = clist; cdp != NULL; cdp = cdp->cd_next) { - len = digest_rr((char *)envelope, ep-envelope, cdp, - (char *)bp, bufsize - (bp - buffer)); - while (len < 0) { - u_char *newbuf; - - /* Double the buffer size */ - newbuf = memget(bufsize*2); - if (newbuf == NULL) { - return_value = DB_S_FAILED; - goto end; - } - memcpy(newbuf, buffer, bp - buffer); - bp = (bp - buffer) + newbuf; - memput(buffer, bufsize); - buffer = newbuf; - bufsize *= 2; - - len = digest_rr((char *)envelope, ep-envelope, - cdp, (char *)bp, - bufsize - (bp - buffer)); - } - bp += len; - } - - if (len < 0) { - return_value = DB_S_FAILED; - goto end; - } - - ret = dst_verify_data(SIG_MODE_ALL, key, NULL, buffer, - bp - buffer, sig, siglen); - - if (ret < 0) { - dnssec_failed++; - db_detach(&sigdn->dp); - sigdp = NULL; - } - else - dnssec_succeeded++; - } - -end: - if (dnssec_failed > 0 || expired > 0) - rrset_trim_sigs(rrset); - if (trustedkey == 0 && key != NULL) - dst_free_key(key); - - if (dnssec_failed > 0 && dnssec_succeeded == 0) { - ns_warning (ns_log_default, - "verify_set(%s, %s, %s) failed", - rrset->rr_name, p_type(rrset->rr_type), - p_class(rrset->rr_class)); - return_value = DB_S_FAILED; - } - else if (dnssec_succeeded > 0) - return_value = DB_S_SECURE; - else - return_value = DB_S_INSECURE; - free_clist(clist); - if (buffer != NULL) - memput(buffer, bufsize); - return (rrset_set_security(rrset, return_value)); -} - -static void -rrset_free(struct db_rrset *rrset) { - struct dnode *dnp; - - ns_debug(ns_log_default, 5, "rrset_free(%s)", rrset->rr_name); - - while (rrset->rr_list) { - dnp = rrset->rr_list; - rrset->rr_list = rrset->rr_list->dn_next; - if (dnp->dp != NULL) - db_detach(&dnp->dp); - memput(dnp, sizeof(struct dnode)); - } - while (rrset->rr_sigs) { - dnp = rrset->rr_sigs; - rrset->rr_sigs = rrset->rr_sigs->dn_next; - if (dnp->dp != NULL) - db_detach(&dnp->dp); - memput(dnp, sizeof(struct dnode)); - } -} - -/* - * This is called when we have an rrset with SIGs and no other data. - * Returns 1 if we either found the necessary data or if the SIG can be added - * with no other data. 0 indicates that the SIG cannot be added. - */ -static int -attach_data(struct db_rrset *rrset) { - int type, class; - struct databuf *dp, *newdp, *sigdp; - struct dnode *dnp; - struct namebuf *np; - struct hashbuf *htp; - char *signer; - const char *fname; - char *name = rrset->rr_name; - - sigdp = rrset->rr_sigs->dp; - - type = SIG_COVERS(sigdp); - class = sigdp->d_class; - signer = (char *)(sigdp + SIG_HDR_SIZE); - - /* First, see if the signer can sign data for the name. If not, - * it's not a DNSSEC signature, so we can insert it with no - * corresponding data. - */ - if (!can_sign(name, signer)) - return (1); - - htp = hashtab; - np = nlookup (name, &htp, &fname, 0); - if (fname != name) - return (0); - - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (dp->d_type == type && dp->d_class == class) { - newdp = savedata(class, type, dp->d_ttl, dp->d_data, - dp->d_size); - dnp = (struct dnode *) memget (sizeof (struct dnode)); - if (dnp == NULL) - ns_panic(ns_log_default, 1, - "attach_data: memget failed"); - dnp->dp = newdp; - dnp->dn_next = rrset->rr_list; - rrset->rr_list = dnp; - } - } - if (rrset->rr_list != NULL) - return (1); - else - return (0); -} - -static int -rrset_db_update(struct db_rrset *rrset, int flags, struct hashbuf **htpp, - struct sockaddr_in from, int *rrcount) -{ - struct dnode *dnp; - int ret; - - /* If we have any unattached SIG records that are DNSSEC signatures, - * don't cache them unless we already have the corresponding data. - * If we do cache unattached SIGs, we run into problems later if we - * have a SIG X and get a query for type X. - */ - if (rrset->rr_list == NULL) { - if (attach_data(rrset) == 0) { - rrset_free(rrset); - return (OK); - } - - if (rrset->rr_list != NULL && - verify_set(rrset) == DB_S_FAILED) - { - rrset_free(rrset); - return (OK); - } - } - - for (dnp = rrset->rr_list; dnp != NULL; dnp = dnp->dn_next) { - ret = db_update(rrset->rr_name, dnp->dp, dnp->dp, NULL, - flags, (*htpp), from); - if (ret != OK) { - /* XXX Probably should do rollback. */ - db_err(ret, rrset->rr_name, dnp->dp->d_type, - dnp->file, dnp->line); - if (ret != DATAEXISTS) { - rrset_free(rrset); - return (ret); - } - } - if (rrcount != NULL) - (*rrcount)++; - } - for (dnp = rrset->rr_sigs; dnp != NULL; dnp = dnp->dn_next) { - if (dnp->dp == NULL) /* verifyset() can remove sigs */ - continue; - ret = db_update(rrset->rr_name, dnp->dp, dnp->dp, NULL, - flags, (*htpp), from); - if (ret != OK) { - /* XXX Probably should do rollback. */ - db_err(ret, rrset->rr_name, dnp->dp->d_type, - dnp->file, dnp->line); - if (ret != DATAEXISTS) { - rrset_free(rrset); - return (ret); - } - } - if (rrcount != NULL) - (*rrcount)++; - } - rrset_free(rrset); - return (OK); -} - -static int -rr_in_set(struct databuf *rr, struct dnode *set) { - struct dnode *dnp; - - if (set == NULL) - return (0); - - for(dnp = set; dnp != NULL; dnp = dnp->dn_next) { - if (dnp->dp->d_size == rr->d_size && - memcmp(dnp->dp->d_data, rr->d_data, dnp->dp->d_size) == 0) - return (1); - } - return (0); -} - -static int -add_to_rrset_list(struct db_rrset **rrsets, char *name, struct databuf *dp, - int line, const char *file) -{ - struct db_rrset *rrset = *rrsets; - struct dnode *dnp; - - while (rrset != NULL) { - if (rrset->rr_type != ns_t_nxt || dp->d_type != ns_t_nxt) { - if (dp->d_type == ns_t_sig) { - if ((int)SIG_COVERS(dp) == rrset->rr_type) - break; - } else { - if (dp->d_type == rrset->rr_type) - break; - } - } - else if (nxt_match_rrset(dp, rrset)) - break; - rrset = rrset->rr_next; - } - - if (rrset != NULL) { - if ((dp->d_type == ns_t_sig && rr_in_set(dp, rrset->rr_sigs)) || - (dp->d_type != ns_t_sig && rr_in_set(dp, rrset->rr_list))) - return (DATAEXISTS); - } else { - rrset = (struct db_rrset *) memget(sizeof(struct db_rrset)); - if (rrset == NULL) - ns_panic(ns_log_default, 1, - "add_to_rrset_list: memget failed(%s)", name); - memset(rrset, 0, sizeof(struct db_rrset)); - rrset->rr_name = savestr(name, 1); - rrset->rr_class = dp->d_class; - if (dp->d_type == ns_t_sig) - rrset->rr_type = SIG_COVERS(dp); - else - rrset->rr_type = dp->d_type; - rrset->rr_next = *rrsets; - *rrsets = rrset; - } - - dnp = (struct dnode *) memget(sizeof(struct dnode)); - if (dnp == NULL) - ns_panic(ns_log_default, 1, - "add_to_rrset_list: memget failed(%s)", name); - memset(dnp, 0, sizeof(struct dnode)); - dnp->dp = dp; - DRCNTINC(dnp->dp); - if (dp->d_type == ns_t_sig) { - if (rrset->rr_sigs != NULL) { - struct dnode *fdnp; - - /* Preserve the order of the RRs */ - /* Add this one to the end of the list */ - for (fdnp = rrset->rr_sigs; - fdnp->dn_next != NULL; - fdnp = fdnp->dn_next) - /* NULL */ ; - fdnp->dn_next = dnp; - } else - rrset->rr_sigs = dnp; - } else { - if (rrset->rr_list != NULL) { - struct dnode *fdnp; - - /* Preserve the order of the RRs */ - /* Add this one to the end of the list */ - for (fdnp = rrset->rr_list; - fdnp->dn_next != NULL; - fdnp = fdnp->dn_next) - /* NULL */ ; - fdnp->dn_next = dnp; - } else - rrset->rr_list = dnp; - } - dnp->file = file; - dnp->line = line; - return (0); -} - -static int -update_rrset_list(struct db_rrset **rrsets, int flags, struct hashbuf **htpp, - struct sockaddr_in from, int *rrcount) -{ - struct db_rrset *rrset = *rrsets, *next = NULL, *last = NULL; - int result = 0, tresult, cnameandother = 0; - - while (rrset != NULL) { - if (rrset->rr_type == ns_t_key) - break; - last = rrset; - rrset = rrset->rr_next; - } - - if (rrset != NULL && last != NULL) { - last->rr_next = rrset->rr_next; - rrset->rr_next = *rrsets; - *rrsets = rrset; - } - - rrset = *rrsets; - - while (rrset != NULL) { - if (verify_set(rrset) > DB_S_FAILED) { - ns_debug(ns_log_default, 10, - "update_rrset_list(%s, %s): set verified", - rrset->rr_name, p_type(rrset->rr_type)); - tresult = rrset_db_update(rrset, flags, htpp, - from, rrcount); - if (tresult == CNAMEANDOTHER) - cnameandother++; - if (tresult != OK) - result = tresult; - } - else { - rrset_free(rrset); - result = DNSSECFAIL; - } - rrset->rr_name = freestr(rrset->rr_name); - next = rrset->rr_next; - memput(rrset, sizeof(struct db_rrset)); - rrset = next; - } - *rrsets = NULL; - if (cnameandother != 0) - return (CNAMEANDOTHER); - return (result); -} - -int -db_set_update(char *name, struct databuf *dp, void **state, - int flags, struct hashbuf **htpp, struct sockaddr_in from, - int *rrcount, int line, const char *file) -{ - struct db_rrset **rrsets; - struct db_rrset *rrset; - int result = 0; - - ns_debug(ns_log_default, 5, "db_set_update(%s)", - (name == NULL) ? "<NULL>" : (*name == 0) ? "." : name); - - if (state == NULL) - ns_panic(ns_log_default, 1, - "Called db_set_update with state == NULL"); - - rrsets = (struct db_rrset **) state; - - if (*rrsets != NULL) { - rrset = *rrsets; - if (rrset->rr_name != NULL && dp != NULL && - name != NULL && ns_samename(name, rrset->rr_name) == 1 && - dp->d_class == rrset->rr_class) - return (add_to_rrset_list(rrsets, name, dp, - line, file)); - } - - if (*rrsets != NULL) - result = update_rrset_list(rrsets, flags, htpp, from, rrcount); - - if (dp != NULL) { - ns_debug(ns_log_default, 10, - "db_set_update(%s), creating new list", name); - - (void) add_to_rrset_list(rrsets, name, dp, line, file); - } - return (result); -} - -static int -nxt_match_rrset(struct databuf *dp, struct db_rrset *rrset) { - if (rrset->rr_list != NULL) - return (nxtmatch(rrset->rr_name, dp, rrset->rr_list->dp)); - else - return (nxtmatch(rrset->rr_name, dp, rrset->rr_sigs->dp)); -} diff --git a/contrib/bind/bin/named/db_tsig.c b/contrib/bind/bin/named/db_tsig.c deleted file mode 100644 index 9bdba0e..0000000 --- a/contrib/bind/bin/named/db_tsig.c +++ /dev/null @@ -1,158 +0,0 @@ - -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: db_tsig.c,v 8.8 2002/05/21 02:34:32 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> - -#include <ctype.h> -#include <resolv.h> -#include <stdio.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/tree.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" - -typedef struct { - DST_KEY *key; - void *ctx; -} tsig_axfr_state; - -#define TSIG_ALG_MD5 "HMAC-MD5.SIG-ALG.REG.INT" -#define TSIG_ALG_MD5_SHORT "hmac-md5" - -const char * -tsig_alg_name(int value) { - if (value == KEY_HMAC_MD5) - return(TSIG_ALG_MD5); - else - return(NULL); -} - -int -tsig_alg_value(char *name) { - if (ns_samename(name, TSIG_ALG_MD5) == 1 || - strcasecmp(name, TSIG_ALG_MD5_SHORT) == 0) - return (KEY_HMAC_MD5); - else - return (-1); -} - -DST_KEY * -tsig_key_from_addr(struct in_addr addr) { - server_info si = find_server(addr); - if (si == NULL || si->key_list == NULL || si->key_list->first == NULL) - return(NULL); - return(si->key_list->first->key); -} - -struct tsig_record * -new_tsig(DST_KEY *key, u_char *sig, int siglen) { - struct tsig_record *tsig; - - if (siglen > TSIG_SIG_SIZE) - return(NULL); - tsig = memget(sizeof(struct tsig_record)); - if (tsig == NULL) - return(NULL); - tsig->key = key; - tsig->siglen = siglen; - memcpy(tsig->sig, sig, siglen); - return(tsig); -} - -void -free_tsig(struct tsig_record *tsig) { - if (tsig == NULL) - return; - memput(tsig, sizeof(struct tsig_record)); -} diff --git a/contrib/bind/bin/named/db_update.c b/contrib/bind/bin/named/db_update.c deleted file mode 100644 index 494a0de..0000000 --- a/contrib/bind/bin/named/db_update.c +++ /dev/null @@ -1,1002 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)db_update.c 4.28 (Berkeley) 3/21/91"; -static const char rcsid[] = "$Id: db_update.c,v 8.50 2001/10/24 23:53:09 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> - -#include <resolv.h> -#include <stdio.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> - -#include "port_after.h" - -#include "named.h" - -/* int - * isRefByNS(name, htp) - * recurse through all of `htp' looking for NS RR's that refer to `name'. - * returns: - * nonzero if at least one such NS RR exists - * cautions: - * this is very expensive; probably you only want to use on fcachetab. - */ -static int -isRefByNS(const char *name, struct hashbuf *htp) { - struct namebuf *np; - struct databuf *dp; - - for (np = htp->h_tab[0]; np != NULL; np = np->n_next) { - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if ((dp->d_class == C_ANY || - dp->d_class == C_IN || - dp->d_class == C_HS) && - dp->d_type == T_NS && - !dp->d_rcode && - ns_samename(name, (const char *)dp->d_data) == 1) { - return (1); - } - } - if (np->n_hash && isRefByNS(name, np->n_hash)) - return (1); - } - return (0); -} - - -/* int - * findMyZone(struct namebuf *np, int class) - * surf the zone cuts and find this zone the hard way - * return value: - * zone number or DB_Z_CACHE if it's outside a zone - * interesting cases: - * DEC.COM SOA (primary) - * CRL.DEC.COM NS (in primary) - * if you start at CRL.. here, you find the DEC.COM zone - * if you start at NS.CRL.. here, you're in the cache - * DEC.COM SOA (primary) - * CRL.DEC.COM NS (in primary) - * CRL.DEC.COM SOA (slave) - * CRL.DEC.COM NS (in slave) - * if you start at CRL.. here, you find the CRL.DEC.COM zone - * if you start at NS.CRL.. here, you're in the CRL.. zone - */ -int -findMyZone(struct namebuf *np, int class) { - for ((void)NULL; np; np = np_parent(np)) { - struct databuf *dp; - - /* if we encounter an SOA, we're in its zone (which can be - * the cache or an authoritative zone, depending). - */ - for (dp = np->n_data; dp; dp = dp->d_next) - if (match(dp, class, T_SOA) && dp->d_type == T_SOA) - return (dp->d_zone); - - /* if we find an NS at some node without having seen an SOA - * (above), then we're out in the cache somewhere. - */ - for (dp = np->n_data; dp; dp = dp->d_next) - if (match(dp, class, T_NS) && dp->d_type == T_NS) - return (DB_Z_CACHE); - } - - /* The cache has not yet been primed. */ - return (DB_Z_CACHE); -} - -/* int - * db_update(name, odp, newdp, savedpp, flags, htp, from) - * update data base node at `name'. `flags' controls the action. - * side effects: - * inverse query tables modified, if we're using them. - * return value: - * OK - success - * NONAME - name doesn't exist - * AUTH - you can't do that - * DATAEXISTS - there's something there and DB_NODATA was specified - * NODATA - there's no data, and (DB_DELETE or DB_MEXIST) was spec'd - * - * Policy: How to add data if one more RR is -ve data - * - * NEND NOERROR_NODATA - * NXD NXDOMAIN - * - * match - * old - * Data NEND NXD - * Data Merge Data Data - * new NEND NEND NEND NEND - * NXD NXD NXD NXD - * - * no match - * old - * Data NEND NXD - * Data Merge Merge Data - * new NEND Merge Merge NEND - * NXD NXD NXD NXD - * - */ -/* XXX: this code calls nlookup, which can create namebuf's. if this code - * has to exit with a fatal error, it should scan from the new np upward - * and for each node which has no children and no data it should remove - * the namebuf. design notes: (1) there's no harm in doing this even if - * success occurred; (2) stopping on the first nonremovable np is optimal; - * the code for removal should be taken out of clean_cache() and made - * general enough for this use, and for clean_cache()'s continued use. - * vix, 21jul94 - */ -int -db_update(const char *name, - struct databuf *odp, struct databuf *newdp, - struct databuf **savedpp, - int flags, struct hashbuf *htp, struct sockaddr_in from) -{ - struct databuf *dp, *pdp; - struct namebuf *np; - int zn, isHintNS; - int check_ttl = 0; - int deleted_something = 0; - const char *fname; -#ifdef BIND_UPDATE - int found_other_ns = 0; - struct databuf *tmpdp; -#endif - - ns_debug(ns_log_db, 3, "db_update(%s, %p, %p, %p, 0%o, %p)%s", - name, odp, newdp, savedpp, flags, htp, - (odp && (odp->d_flags&DB_F_HINT)) ? " hint" : ""); - np = nlookup(name, &htp, &fname, newdp != NULL); - if (np == NULL || fname != name) - return (NONAME); - - if (newdp && zones[newdp->d_zone].z_type == Z_PRIMARY) - check_ttl = 1; - - /* don't let nonauthoritative updates write in authority zones */ - if (newdp && ((zn = findMyZone(np, newdp->d_class)) != DB_Z_CACHE) && -#ifdef STUBS - (zones[zn].z_type != Z_STUB) && -#endif - (flags & DB_NOTAUTH)) { - int foundRR = 0; - - /* - * Don't generate the warning if the update - * would have been harmless (identical data). - */ - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (!db_cmp(dp, newdp)) { - foundRR++; - break; - } - } - if (!foundRR) - ns_debug(ns_log_db, 5, - "[%s].%d update? to auth zone \"%s\" (%s)", - inet_ntoa(from.sin_addr), - ntohs(from.sin_port), - zones[zn].z_origin, - name); - return (AUTH); - } - - if (newdp && zn && !(flags & DB_NOTAUTH)) { - if (nlabels(zones[zn].z_origin) > newdp->d_clev) { - if ((!ISVALIDGLUE(newdp) && - zones[newdp->d_zone].z_type == Z_PRIMARY) || - (newdp->d_type == T_NS && - !ns_samename(name, zones[zn].z_origin))) { - ns_info(ns_log_db, - "domain %s %s record in zone %s should be in zone %s", - name, p_type(newdp->d_type), - zones[newdp->d_zone].z_origin, - zones[zn].z_origin); - return (NONGLUE); - } else - ns_debug(ns_log_db, 5, - "attempted update child zone %s, %s %s", - zones[zn].z_origin, name, - p_type(newdp->d_type)); - return (AUTH); - } - } - - /* some special checks for root NS' A RR's */ - isHintNS = isRefByNS(name, fcachetab); -#ifdef DEPRECATED - if (newdp && isHintNS && newdp->d_type == T_A) { - /* upgrade credibility of additional data for rootsrv addrs */ - if (newdp->d_cred == DB_C_ADDITIONAL) { - ns_debug(ns_log_db, 3, - "upgrading credibility for A RR (%s)", - name); - /* XXX: should copy NS RR's, but we really just want - * to prevent deprecation later so this will do. - */ - newdp->d_cred = DB_C_ANSWER; - newdp->d_clev = 0; - } - } -#endif - - /* Reflect certain updates in hint cache also... */ - /* Don't stick data we are authoritative for in hints. */ - if (!(flags & DB_NOHINTS) && - (flags & DB_PRIMING) && - (odp != NULL) && - (htp != fcachetab) && - (DB_Z_SPECIAL(odp->d_zone)) && - !(odp->d_flags & DB_F_HINT) && - (!newdp || !newdp->d_rcode) && - ((name[0] == '\0' && odp->d_type == T_NS) || - (odp->d_type == T_A && isHintNS) - ) - ) - { - ns_debug(ns_log_db, 3, "db_update: hint '%s' %u", - name, odp->d_ttl); - dp = savedata(odp->d_class, odp->d_type, odp->d_ttl, - odp->d_data, odp->d_size); - dp->d_zone = DB_Z_CACHE; - dp->d_flags = DB_F_HINT; - dp->d_cred = DB_C_CACHE; - dp->d_secure = odp->d_secure; /* BEW - this should be ok */ - dp->d_clev = 0; - if (db_update(name, - dp, dp, NULL, - (flags|DB_NOHINTS), - fcachetab, from) - != OK) - ns_debug(ns_log_db, 3, - "db_update: hint %p freed", dp); - db_detach(&dp); - } - - if (odp != NULL) { - int foundRR = 0; - - pdp = NULL; - for (dp = np->n_data; dp != NULL; ) { - if (!rrmatch(name, dp, odp)) { - /* {class,type} doesn't match. these are - * the aggregation cases. - */ - /* Check that CNAMEs are only accompanied by - * Secure DNS RR's (KEY, SIG, and NXT). - */ - if (((dp->d_type == T_CNAME && - odp->d_type != T_KEY && - odp->d_type != T_SIG && - odp->d_type != T_NXT) || - (odp->d_type == T_CNAME && - dp->d_type != T_KEY && - dp->d_type != T_SIG && - dp->d_type != T_NXT)) && - odp->d_class == dp->d_class && - /* XXXRTH d_mark removed in 4.9.5, - but still here for dynamic - update */ - odp->d_mark == dp->d_mark && - !dp->d_rcode && - !odp->d_rcode && -#ifdef BIND_UPDATE - /* updating a CNAME with another CNAME is permitted */ - (dp->d_type != T_CNAME || - odp->d_type != T_CNAME) && -#endif - zones[odp->d_zone].z_type != Z_CACHE) { - ns_info(ns_log_db, - "%s has CNAME and other data (invalid)", - name); - if (zones[odp->d_zone].z_type == - Z_PRIMARY) - return (CNAMEANDOTHER); - goto skip; - } - if (!newdp || newdp->d_class != dp->d_class) - goto skip; - - /* if the new data is authorative - * remove any data for this domain with - * the same class that isn't as credable - */ - if (newdp->d_cred == DB_C_ZONE && - newdp->d_cred > dp->d_cred) - /* better credibility and the old datum - * was not from a zone file. remove - * the old datum. - */ - goto delete; - -#if 0 /* caught by findMyZone() now. */ - /* if we have authoritative data for a - * node, don't add in other data. - */ - if (dp->d_cred == DB_C_ZONE && - newdp->d_cred < dp->d_cred) - return (AUTH); -#endif - - /* if the new data is authoritative - * but isn't as credible, reject it. - */ - if (newdp->d_cred == DB_C_ZONE && - dp->d_cred == DB_C_ZONE) { - /* Both records are from a zone file. - * If their credibility levels differ, - * we're dealing with a zone cut. The - * record with lower clev is from the - * upper zone's file and is therefore - * glue. - */ - - /* BEW/OG: we see no reason to override - * these rules with new security based - * rules. - */ - if (newdp->d_clev < dp->d_clev) { - if (!ISVALIDGLUE(newdp)) { - ns_info(ns_log_db, - "domain %s %s record in zone %s should be in zone %s, ignored", - name, p_type(newdp->d_type), - zones[newdp->d_zone].z_origin, - zones[dp->d_zone].z_origin); - } - return (AUTH); - } - if (newdp->d_clev > dp->d_clev) { - if (!ISVALIDGLUE(dp)) { - ns_info(ns_log_db, - "domain %s %s record in zone %s should be in zone %s, deleted", - name, p_type(dp->d_type), - zones[dp->d_zone].z_origin, - zones[newdp->d_zone].z_origin); - } - goto delete; - } - } - - /* process NXDOMAIN */ - /* policy */ - if (newdp->d_rcode == NXDOMAIN) { - if (dp->d_cred < DB_C_AUTH && - newdp->d_secure >= dp->d_secure) - goto delete; - else - return (DATAEXISTS); - } - - if (dp->d_rcode == NXDOMAIN) - goto delete; - - /* process NOERROR_NODATA */ - /* NO PROCESSING REQUIRED */ - - goto skip; - } /*if {class,type} did not match*/ - - /* - * {type,class} did match. This is the replace case. - */ - ns_debug(ns_log_db, 5, - "db_update: flags = %#x, sizes = %d, %d (cmp %d)", - flags, odp->d_size, dp->d_size, - db_cmp(dp, odp)); - if (newdp) { - ns_debug(ns_log_db, 4, -"credibility for %s is %d(%d)(sec %d) from [%s].%d, is %d(%d)(sec %d) in cache", - *name ? name : ".", - newdp->d_cred, - newdp->d_clev, - newdp->d_secure, - inet_ntoa(from.sin_addr), - ntohs(from.sin_port), - dp->d_cred, - dp->d_secure, - dp->d_clev); - if ((newdp->d_secure > dp->d_secure) || - (newdp->d_secure == dp->d_secure && - (newdp->d_cred > dp->d_cred))) - { - /* better credibility / security. - * remove the old datum. - */ - goto delete; - } - if ((newdp->d_secure < dp->d_secure) || - (newdp->d_secure == dp->d_secure && - (newdp->d_cred < dp->d_cred))) - { - /* credibility / security is worse. - * ignore it. - */ - return (AUTH); - } - /* BEW/OG: from above, we know the security - * levels are the same. - */ - if (newdp->d_cred == DB_C_ZONE && - dp->d_cred == DB_C_ZONE ) { - /* Both records are from a zone file. - * If their credibility levels differ, - * we're dealing with a zone cut. The - * record with lower clev is from the - * upper zone's file and is therefore - * glue. - */ - - /* XXX - Tricky situation here is you - * have 2 zones a.b.c and sub.a.b.c - * being served by the same server. - * named will send NS records for - * sub.a.b.c during zone transfer of - * a.b.c zone. If we're slave for - * both zones, and we reload zone - * a.b.c, we'll get the NS records - * (and possibly A records to go with - * them?) for sub.a.b.c as part of the - * a.b.c zone transfer. But we've - * already got a more credible record - * from the sub.a.b.c zone. So we want - * to ignore the new record, but we - * shouldn't syslog because there's - * nothing the user can do to prevent - * the situation. Perhaps we should - * only complain when we are primary? - */ - - if (newdp->d_clev < dp->d_clev) { - if (!ISVALIDGLUE(newdp)) { - ns_info(ns_log_db, - "domain %s %s record in zone %s should be in zone %s, ignored", - name, p_type(newdp->d_type), - zones[newdp->d_zone].z_origin, - zones[dp->d_zone].z_origin); - } - return (AUTH); - } - if (newdp->d_clev > dp->d_clev) { - if (!ISVALIDGLUE(dp)) { - ns_info(ns_log_db, - "domain %s %s record in zone %s should be in zone %s, deleted", - name, p_type(dp->d_type), - zones[dp->d_zone].z_origin, - zones[newdp->d_zone].z_origin); - } - goto delete; - } - } - - /* credibility is the same. - * let it aggregate in the normal way. - */ - - /* - * if the new or old RR is -ve, delete old. - */ - if (dp->d_rcode || newdp->d_rcode) { - /* XXX: how can a zone rr be neg? */ - if (dp->d_cred != DB_C_ZONE) - goto delete; - else - return (DATAEXISTS); - } - - /* - * Some RR types should not be aggregated. - */ - if (dp->d_type == T_SOA) { -#ifdef BIND_UPDATE - u_int32_t dp_ser, ndp_ser; - u_char *dp_cp, *ndp_cp; - - dp_cp = findsoaserial(dp->d_data); - ndp_cp = findsoaserial(newdp->d_data); - GETLONG(dp_ser, dp_cp); - GETLONG(ndp_ser, ndp_cp); - - if (SEQ_GT(ndp_ser, dp_ser)) - goto delete; - else - return (SERIAL); -#else - goto delete; -#endif /*BIND_UPDATE*/ - } - if (dp->d_type == T_WKS && - !memcmp(dp->d_data, newdp->d_data, - INT32SZ + sizeof(u_char))) - goto delete; - if (dp->d_type == T_CNAME && - !NS_OPTION_P(OPTION_MULTIPLE_CNAMES) && - db_cmp(dp, odp) != 0) { - if ((flags & DB_REPLACE) == 0 && - zones[dp->d_zone].z_type == - Z_PRIMARY) { - ns_warning(ns_log_db, - "%s has multiple CNAMES", - name); - return (CNAMEANDOTHER); - } else - goto delete; - } -#if 0 -/* BEW - this _seriously_ breaks DNSSEC. Is it necessary for dynamic update? */ -#ifdef BIND_UPDATE - if (dp->d_type == T_SIG) - /* - * Type covered has already been - * checked. - */ - goto delete; -#endif -#endif - if (dp->d_type == T_NXT) { - goto delete; - } - if (dp->d_type == T_SIG && - SIG_COVERS(dp) == T_NXT) { - struct sig_record *sr1, *sr2; - - sr1 = (struct sig_record *) dp->d_data; - sr2 = (struct sig_record *) - newdp->d_data; - if (sr1->sig_alg_n == sr2->sig_alg_n) - goto delete; - } - if (check_ttl) { - if (newdp->d_ttl != dp->d_ttl) - ns_warning(ns_log_db, - "%s %s %s differing ttls: corrected", - name[0]?name:".", - p_class(dp->d_class), - p_type(dp->d_type)); - if (newdp->d_ttl > dp->d_ttl) { - newdp->d_ttl = dp->d_ttl; - } else { - dp->d_ttl = newdp->d_ttl; - } - } - } - if ((flags & DB_NODATA) && !db_cmp(dp, odp)) { - /* Refresh ttl if cache entry. */ - if (dp->d_zone == DB_Z_CACHE) { - if (odp->d_zone != DB_Z_CACHE) { - /* Changing cache->auth. */ - dp->d_zone = odp->d_zone; - dp->d_ttl = odp->d_ttl; - ns_debug(ns_log_db, 4, - "db_update: cache entry now in auth zone"); - return (DATAEXISTS); - } - fixttl(odp); - if (odp->d_ttl > dp->d_ttl) - dp->d_ttl = odp->d_ttl; - ns_debug(ns_log_db, 3, - "db_update: new ttl %u +%lu", - dp->d_ttl, - (u_long)(dp->d_ttl - tt.tv_sec) - ); - } - return (DATAEXISTS); - } - /* - * If the old databuf has some data, check that the - * data matches that in the new databuf. - */ - if (odp->d_size > 0) - if (db_cmp(dp, odp)) - goto skip; - if (odp->d_clev < dp->d_clev) - goto skip; - if ((odp->d_secure < dp->d_secure) || - ((odp->d_secure == dp->d_secure) && - (odp->d_cred < dp->d_cred))) - goto skip; -#ifdef BIND_UPDATE - if (ns_samename(name, zones[dp->d_zone].z_origin) == 1 - && newdp == NULL) { - /* do not delete SOA or NS records as a set */ - /* XXXRTH isn't testing d_size unnecessary? */ - if ((odp->d_size == 0) && - (odp->d_class == C_ANY) && - (odp->d_type == T_ANY || - odp->d_type == T_SOA || - odp->d_type == T_NS) && - (dp->d_type == T_SOA || - dp->d_type == T_NS)) - goto skip; - /* XXXRTH I added this to prevent SOA deletion - I'm using the same style of comparison as - the other code in this section. Do we - really need to look at dp->d_type here? - We're in the "match" section... */ - if ((odp->d_type == T_SOA) && - (dp->d_type == T_SOA)) - goto skip; - /* do not delete the last NS record - for the zone */ - if ((odp->d_type == T_NS) && - (dp->d_type == T_NS)) { - found_other_ns = 0; - for (tmpdp = np->n_data; - tmpdp && !found_other_ns; - tmpdp = tmpdp->d_next) - if ((tmpdp->d_type == T_NS) && - (tmpdp != dp)) - found_other_ns = 1; - if (!found_other_ns) { - ns_debug(ns_log_db, 3, - "cannot delete last remaining NS record for zone %s", - name); - goto skip; - } - } - } -#endif - - foundRR = 1; - if (flags & DB_DELETE) { - delete: -#ifdef BIND_UPDATE - /* - * XXX assume here that savedpp!=NULL iff. db_update - * has been called by the dyanmic update code. - * Maybe a new flag is more appropriate? - */ - if (savedpp != NULL) - foundRR = 1; -#endif - deleted_something = 1; - dp = rm_datum(dp, np, pdp, savedpp); - } else { - skip: pdp = dp; - dp = dp->d_next; - } - } - if (!foundRR) { - if (flags & DB_DELETE) - return (NODATA); - if (flags & DB_MEXIST) - return (NODATA); - } - } - if (newdp == NULL) { - if (deleted_something) { - while (np->n_data == NULL && np->n_hash == NULL) { - np = purge_node(htp, np); - if (np == NULL) - break; - } - } - return (OK); - } - /* XXX: empty nodes bypass credibility checks above; should check - * response source address here if flags&NOTAUTH. - */ - fixttl(newdp); - ns_debug(ns_log_db, 3, "db_update: adding%s %p", - (newdp->d_flags&DB_F_HINT) ? " hint":"", newdp); - - if (newdp->d_zone == DB_Z_CACHE && - (newdp->d_flags & DB_F_HINT) == 0) - newdp->d_addr = from.sin_addr; - - /* Add to end of list, generally preserving order */ - newdp->d_next = NULL; - if ((dp = np->n_data) == NULL) { - DRCNTINC(newdp); - if (newdp->d_flags & DB_F_ACTIVE) - panic("db_update: DB_F_ACTIVE set", NULL); - newdp->d_flags |= DB_F_ACTIVE; - np->n_data = newdp; - return (OK); - } - while (dp->d_next != NULL) { - if ((flags & DB_NODATA) && !db_cmp(dp, newdp)) - return (DATAEXISTS); - dp = dp->d_next; - } - if ((flags & DB_NODATA) && !db_cmp(dp, newdp)) - return (DATAEXISTS); - DRCNTINC(newdp); - if (newdp->d_flags & DB_F_ACTIVE) - panic("db_update: DB_F_ACTIVE set", NULL); - newdp->d_flags |= DB_F_ACTIVE; - dp->d_next = newdp; - return (OK); -} - -void -fixttl(struct databuf *dp) { - if (dp->d_zone == DB_Z_CACHE && (dp->d_flags & DB_F_HINT) == 0) { - if (dp->d_ttl <= (u_int32_t)tt.tv_sec) - return; - else if (dp->d_ttl < (u_int32_t)tt.tv_sec+min_cache_ttl) - dp->d_ttl = (u_int32_t)tt.tv_sec+min_cache_ttl; - else if (dp->d_ttl > (u_int32_t)tt.tv_sec+max_cache_ttl) - dp->d_ttl = (u_int32_t)tt.tv_sec+max_cache_ttl; - } -} - -/* - * Compare type, class and data from databufs for equivalence. - * All domain names in RR's must be compared case-insensitively. - * Return 0 if equivalent, nonzero otherwise. - */ -int -db_cmp(const struct databuf *dp1, const struct databuf *dp2) { - const u_char *cp1, *cp2; - int len, len2; - - /* XXXDYNUP- should be changed to - if (!match(dp1, dp2->d_type, dp2->d_class) */ - if (dp1->d_type != dp2->d_type || dp1->d_class != dp2->d_class) - return (1); - /* XXXDYNUP - should be changed to (dp1->d_size != dp2->d_size && - dp1->d_size != 0 && dp2->d_size != 0) */ - if (dp1->d_size != dp2->d_size) - return (1); - /* d_mark is only used for dynamic updates currently */ -#ifndef BIND_UPDATE - if (dp1->d_mark != dp2->d_mark) - return (1); /* old and new RR's are distinct */ -#endif - if (dp1->d_rcode && dp2->d_rcode) - return ((dp1->d_rcode == dp1->d_rcode)?0:1); - if (dp1->d_rcode || dp2->d_rcode) - return (1); - - switch (dp1->d_type) { - - case T_A: - case T_WKS: - case T_NULL: - case T_NSAP: - case T_AAAA: - case T_LOC: - case T_KEY: - /* Only binary data */ - return (memcmp(dp1->d_data, dp2->d_data, dp1->d_size)); - - case T_NS: - case T_CNAME: - case T_PTR: - case T_MB: - case T_MG: - case T_MR: - /* Only a domain name */ - if (ns_samename((const char *)dp1->d_data, - (const char *)dp2->d_data) == 1) - return (0); - else - return (1); - - case T_SIG: - /* Binary data, a domain name, more binary data */ - if (dp1->d_size < NS_SIG_SIGNER) - return (1); - if (memcmp(dp1->d_data, dp2->d_data, NS_SIG_SIGNER)) - return (1); - len = NS_SIG_SIGNER + - strlen((const char *)dp1->d_data + NS_SIG_SIGNER); - if (ns_samename((const char *)dp1->d_data + NS_SIG_SIGNER, - (const char *)dp2->d_data + NS_SIG_SIGNER) != 1) - return (1); - return (memcmp(dp1->d_data + len, - dp2->d_data + len, - dp1->d_size - len)); - - case T_NXT: - /* First a domain name, then binary data */ - if (ns_samename((const char *)dp1->d_data, - (const char *)dp2->d_data) != 1) - return (1); - len = strlen((const char *)dp1->d_data)+1; - return (memcmp(dp1->d_data + len, - dp2->d_data + len, - dp1->d_size - len)); - - case T_HINFO: - case T_ISDN: - cp1 = dp1->d_data; - cp2 = dp2->d_data; - len = *cp1; - len2 = *cp2; - if (len != len2) - return (1); - if (strncasecmp((const char *)++cp1, (const char *)++cp2, len)) - return (1); - cp1 += len; - cp2 += len; - len = *cp1; - len2 = *cp2; - if (len != len2) - return (1); - return (strncasecmp((const char *)++cp1, (const char *)++cp2, - len)); - - case T_SOA: - case T_MINFO: - case T_RP: - if (ns_samename((const char *)dp1->d_data, - (const char *)dp2->d_data) != 1) - return (1); - cp1 = dp1->d_data + strlen((const char *)dp1->d_data) + 1; - cp2 = dp2->d_data + strlen((const char *)dp2->d_data) + 1; - if (ns_samename((const char *)cp1, (const char *)cp2) != 1) - return (1); - if (dp1->d_type != T_SOA) - return (0); - cp1 += strlen((const char *)cp1) + 1; - cp2 += strlen((const char *)cp2) + 1; - return (memcmp(cp1, cp2, INT32SZ * 5)); - - case T_NAPTR: { - int t1,t2; - - if (dp1->d_size != dp2->d_size) - return (1); - cp1 = dp1->d_data; - cp2 = dp2->d_data; - - /* Order */ - if (*cp1++ != *cp2++ || *cp1++ != *cp2++) - return (1); - - /* Preference */ - if (*cp1++ != *cp2++ || *cp1++ != *cp2++) - return (1); - - /* Flags */ - t1 = *cp1++; t2 = *cp2++; - if (t1 != t2 || memcmp(cp1, cp2, t1)) - return (1); - cp1 += t1; cp2 += t2; - - /* Services */ - t1 = *cp1++; t2 = *cp2++; - if (t1 != t2 || memcmp(cp1, cp2, t1)) - return (1); - cp1 += t1; cp2 += t2; - - /* Regexp */ - t1 = *cp1++; t2 = *cp2++; - if (t1 != t2 || memcmp(cp1, cp2, t1)) - return (1); - cp1 += t1; cp2 += t2; - - /* Replacement */ - if (ns_samename((const char *)cp1, (const char *)cp2) != 1) - return (1); - - /* they all checked out! */ - return (0); - } - - case T_MX: - case T_AFSDB: - case T_RT: - case T_SRV: - cp1 = dp1->d_data; - cp2 = dp2->d_data; - if (*cp1++ != *cp2++ || *cp1++ != *cp2++) /* cmp prio */ - return (1); - if (dp1->d_type == T_SRV) { - if (*cp1++ != *cp2++ || *cp1++ != *cp2++) /* weight */ - return (1); - if (*cp1++ != *cp2++ || *cp1++ != *cp2++) /* port */ - return (1); - } - if (ns_samename((const char *)cp1, (const char *)cp2) != 1) - return (1); - return (0); - - case T_PX: - cp1 = dp1->d_data; - cp2 = dp2->d_data; - if (*cp1++ != *cp2++ || *cp1++ != *cp2++) /* cmp prio */ - return (1); - if (ns_samename((const char *)cp1, (const char *)cp2) != 1) - return (1); - cp1 += strlen((const char *)cp1) + 1; - cp2 += strlen((const char *)cp2) + 1; - if (ns_samename((const char *)cp1, (const char *)cp2) != 1) - return (1); - return (0); - - case T_TXT: - case T_X25: - if (dp1->d_size != dp2->d_size) - return (1); - return (memcmp(dp1->d_data, dp2->d_data, dp1->d_size)); - - default: - return (1); - } -} diff --git a/contrib/bind/bin/named/named.conf b/contrib/bind/bin/named/named.conf deleted file mode 100644 index 7d81695..0000000 --- a/contrib/bind/bin/named/named.conf +++ /dev/null @@ -1,462 +0,0 @@ -/* - * This is a worthless, nonrunnable example of a named.conf file that has - * every conceivable syntax element in use. We use it to test the parser. - * It could also be used as a conceptual template for users of new features. - */ - -/* - * C-style comments are OK - */ - -// So are C++-style comments - -# So are shell-style comments - -// watch out for ";" -- it's important! - -key sample_key { // for TSIG - algorithm hmac-md5; // hmac-md5 is the supported algorithm - secret "abcdefgh"; // base 64 encoded secret -}; - -key key2 { - algorithm hmac-md5; - secret "87654321"; -}; - -options { - directory "."; // use current directory - named-xfer "/usr/libexec/named-xfer"; // _PATH_XFER - dump-file "named_dump.db"; // _PATH_DUMPFILE - pid-file "/var/run/named.pid"; // _PATH_PIDFILE - statistics-file "named.stats"; // _PATH_STATS - memstatistics-file "named.memstats"; // _PATH_MEMSTATS - check-names master fail; - check-names slave warn; - check-names response ignore; - host-statistics no; - deallocate-on-exit no; // Painstakingly deallocate all - // objects when exiting instead of - // letting the OS clean up for us. - // Useful a memory leak is suspected. - // Final statistics are written to the - // memstatistics-file. - datasize default; - stacksize default; - coresize default; - files unlimited; - recursion yes; - fetch-glue yes; - fake-iquery no; - notify yes; // send NOTIFY messages. You can set - // notify on a zone-by-zone - // basis in the "zone" statement - // see (below) - // notify explicit; // only sent the notifies to the - // also-notify list - serial-queries 4; // number of parallel SOA queries - // we can have outstanding for master - // zone change testing purposes - auth-nxdomain yes; // always set AA on NXDOMAIN. - // don't set this to 'no' unless - // you know what you're doing -- older - // servers won't like it. - multiple-cnames no; // if yes, then a name my have more - // than one CNAME RR. This use - // is non-standard and is not - // recommended, but it is available - // because previous releases supported - // it and it was used by large sites - // for load balancing. - allow-query { any; }; - allow-transfer { any; }; - transfers-in 10; // DEFAULT_XFERS_RUNNING, cannot be - // set > than MAX_XFERS_RUNNING (20) - transfers-per-ns 2; // DEFAULT_XFERS_PER_NS - transfers-out 0; // not implemented - max-transfer-time-in 120; // MAX_XFER_TIME; the default number - // of minutes an inbound zone transfer - // may run. May be set on a per-zone - // basis. - /* - * The "transfer-format" option specifies the way outbound zone - * transfers (i.e. from us to them) are formatted. Two values are - * allowed: - * - * one-answer Each RR gets its own DNS message. - * This format is not very efficient, - * but is widely understood. All - * versions of BIND prior to 8.1 generate - * this format for outbound zone - * and require it on inbound transfers. - * - * many-answers As many RRs as will fit are put into - * each DNS message. This format is - * the most efficient, but is only known - * to work with BIND 8. Patches to - * BIND 4.9.5 named-xfer that enable it - * to understand 'many-answers' will be - * available. - * - * If you are going to be doing zone transfers to older servers, you - * shouldn't use 'many-answers'. 'transfer-format' may also be set - * on a host-by-host basis using the 'server' statement (see below). - */ - transfer-format one-answer; - query-source address * port *; - /* - * The "forward" option is only meaningful if you've defined - * forwarders. "first" gives the normal BIND - * forwarding behavior, i.e. ask the forwarders first, and if that - * doesn't work then do the full lookup. You can also say - * "forward only;" which is what used to be specified with - * "slave" or "options forward-only". "only" will never attempt - * a full lookup; only the forwarders will be used. - */ - forward first; - forwarders { }; // default is no forwarders - /* - * Here's a forwarders example that isn't trivial - */ - /* - forwarders { - 1.2.3.4; - 5.6.7.8; - }; - */ - topology { localhost; localnets; }; // prefer local nameservers - /* - * Here's a more complicated topology example; it's commented out - * because only one topology block is allowed. - * - topology { - 10/8; // prefer network 10.0.0.0 - // netmask 255.0.0.0 most - !1.2.3/24; // don't like 1.2.3.0 netmask - // 255.255.255.0 at all - { 1.2/16; 3/8; }; // like 1.2.0.0 netmask 255.255.0.0 - // and 3.0.0.0 netmask 255.0.0.0 - // equally well, but less than 10/8 - }; - */ - - listen-on port 53 { any; }; // listen for queries on port 53 on - // any interface on the system - // (i.e. all interfaces). The - // "port 53" is optional; if you - // don't specify a port, port 53 - // is assumed. - /* - * Multiple listen-on statements are allowed. Here's a more - * complicated example: - */ - /* - listen-on { 5.6.7.8; }; // listen on port 53 on interface - // 5.6.7.8 - listen-on port 1234 { // listen on port 1234 on any - !1.2.3.4; // interface on network 1.2.3 - 1.2.3/24; // netmask 255.255.255.0, except for - }; // interface 1.2.3.4. - */ - - /* - * Interval Timers - */ - cleaning-interval 60; // clean the cache of expired RRs - // every 'cleaning-interval' minutes - interface-interval 60; // scan for new or deleted interfaces - // every 'interface-interval' minutes - statistics-interval 60; // log statistics every - // 'statistics-interval' minutes - /* - * IXFR options - */ - maintain-ixfr-base no; // If yes, keep transaction log file for IXFR - max-ixfr-log-size 20; // Not implemented, maximum size the - // IXFR transaction log file to grow -}; - -/* - * Control listeners, for "ndc". Every nameserver needs at least one. - */ -controls { - inet * port 52 allow { any; }; // a bad idea - unix "/var/run/ndc" perm 0600 owner 0 group 0; // the default -}; - -zone "master.demo.zone" { - type master; // what used to be called "primary" - file "master.demo.zone"; - check-names fail; - allow-update { none; }; - allow-transfer { any; }; - allow-query { any; }; - // notify yes; // send NOTIFY messages for this - // zone? The global option is used - // if "notify" is not specified - // here. - // notify explicit; // only sent the notifies to the - // also-notify list - also-notify { }; // don't notify any nameservers other - // than those on the NS list for this - // zone -}; - -zone "slave.demo.zone" { - type slave; // what used to be called "secondary" - file "slave.demo.zone"; - ixfr-base "slave.demo.zone.ixfr"; // File name for IXFR transaction log file - masters { - 1.2.3.4; // where to zone transfer from - 5.6.7.8 key key2; - }; - transfer-source 10.0.0.53; // fixes multihoming problems - check-names warn; - allow-update { none; }; - allow-transfer { any; }; - allow-query { any; }; - max-transfer-time-in 120; // if not set, global option is used. - also-notify { }; // don't notify any nameservers other - // than those on the NS list for this - // zone -}; - -zone "stub.demo.zone" { - type stub; // stub zones are like slave zones, - // except that only the NS records - // are transferred. - file "stub.demo.zone"; - masters { - 1.2.3.4; // where to zone transfer from - 5.6.7.8; - }; - check-names warn; - allow-update { none; }; - allow-transfer { any; }; - allow-query { any; }; - max-transfer-time-in 120; // if not set, global option is used. -}; - -zone "." { - type hint; // used to be specified w/ "cache" - file "cache.db"; - pubkey 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; -}; - -trusted-keys { - . 257 255 1 "AQP2fHpZ4VMpKo/jc9Fod821uyfY5p8j5h/Am0V/KpBTMZjdXmp9QJe6yFRoIIzkaNCgTIftASdpXGgCwFB2j2KXP/rick6gvEer5VcDEkLR5Q=="; -}; - - -acl can_query { !1.2.3/24; any; }; // network 1.2.3.0 mask 255.255.255.0 - // is disallowed; rest are OK -acl can_axfr { 1.2.3.4; can_query; }; // host 1.2.3.4 and any host allowed - // by can_query are OK - -zone "non-default-acl.demo.zone" { - type master; - file "foo"; - allow-query { can_query; }; - allow-transfer { can_axfr; }; - allow-update { - 1.2.3.4; - 5.6.7.8; - }; -}; - -acl key_acl { key sample_key; }; // a request signed with sample_key - -server 1.2.3.4 { - edns no; // if no, we won't send ends queries - // to this server - bogus no; // if yes, we won't query or listen - // to this server - transfer-format one-answer; // set transfer format for this - // server (see the description of - // 'transfer-format' above) - // if not specified, the global option - // will be used - transfers 0; // not implemented - keys { sample_key; key2; }; // for TSIG; sign requests to this - // server with this key - support-ixfr yes; // for IXFR supported by server - // if yes, the listed server talks IXFR -}; - -logging { - /* - * All log output goes to one or more "channels"; you can make as - * many of them as you want. - */ - - channel syslog_errors { // this channel will send errors or - syslog user; // or worse to syslog (user facility) - severity error; - }; - - /* - * Channels have a severity level. Messages at severity levels - * greater than or equal to the channel's level will be logged on - * the channel. In order of decreasing severity, the levels are: - * - * critical a fatal error - * error - * warning - * notice a normal, but significant event - * info an informational message - * debug 1 the least detailed debugging info - * ... - * debug 99 the most detailed debugging info - */ - - /* - * Here are the built-in channels: - * - * channel default_syslog { - * syslog daemon; - * severity info; - * }; - * - * channel default_debug { - * file "named.run"; // note: stderr is used instead - * // of "named.run" if the server - * // is started with the "-f" - * // option. - * severity dynamic; // this means log debugging - * // at whatever debugging level - * // the server is at, and don't - * // log anything if not - * // debugging. - * }; - * - * channel null { // this is the bit bucket; - * file "/dev/null"; // any logging to this channel - * // is discarded. - * }; - * - * channel default_stderr { // writes to stderr - * file "<stderr>"; // this is illustrative only; - * // there's currently no way - * // of saying "stderr" in the - * // configuration language. - * // i.e. don't try this at home. - * severity info; - * }; - * - * default_stderr only works before the server daemonizes (i.e. - * during initial startup) or when it is running in foreground - * mode (-f command line option). - */ - - /* - * There are many categories, so you can send the logs - * you want to see wherever you want, without seeing logs you - * don't want. Right now the categories are - * - * default the catch-all. many things still - * aren't classified into categories, and - * they all end up here. also, if you - * don't specify any channels for a - * category, the default category is used - * instead. - * config high-level configuration file - * processing - * parser low-level configuration file processing - * queries what used to be called "query logging" - * lame-servers messages like "Lame server on ..." - * statistics - * panic if the server has to shut itself - * down due to an internal problem, it - * logs the problem here (as well as - * in the problem's native category) - * update dynamic update - * ncache negative caching - * xfer-in zone transfers we're receiving - * xfer-out zone transfers we're sending - * db all database operations - * eventlib debugging info from the event system - * (see below) - * packet dumps of packets received and sent - * (see below) - * notify the NOTIFY protocol - * cname messages like "XX points to a CNAME" - * security approved/unapproved requests - * os operating system problems - * insist consistency check failures - * maintenance periodic maintenance - * load zone loading - * response-checks messages like - * "Malformed response ..." - * "wrong ans. name ..." - * "unrelated additional info ..." - * "invalid RR type ..." - * "bad referral ..." - */ - - category parser { - syslog_errors; // you can log to as many channels - default_syslog; // as you want - }; - - category lame-servers { null; }; // don't log these at all - - channel moderate_debug { - severity debug 3; // level 3 debugging to file - file "foo"; // foo - print-time yes; // timestamp log entries - print-category yes; // print category name - print-severity yes; // print severity level - /* - * Note that debugging must have been turned on either - * on the command line or with a signal to get debugging - * output (non-debugging output will still be written to - * this channel). - */ - }; - - /* - * If you don't want to see "zone XXXX loaded" messages but do - * want to see any problems, you could do the following. - */ - channel no_info_messages { - syslog; - severity notice; - }; - - category load { no_info_messages; }; - - /* - * You can also define category "default"; it gets used when no - * "category" statement has been given for a category. - */ - category default { - default_syslog; - moderate_debug; - }; - - /* - * If you don't define category default yourself, the default - * default category will be used. It is - * - * category default { default_syslog; default_debug; }; - */ - - /* - * If you don't define category panic yourself, the default - * panic category will be used. It is - * - * category panic { default_syslog; default_stderr; }; - */ - - /* - * Two categories, 'packet' and 'eventlib', are special. Only one - * channel may be assigned to each of them, and it must be a - * file channel. If you don't define them yourself, they default to - * - * category eventlib { default_debug; }; - * - * category packet { default_debug; }; - */ -}; - -include "filename"; // can't do within a statement diff --git a/contrib/bind/bin/named/named.h b/contrib/bind/bin/named/named.h deleted file mode 100644 index a9d6088..0000000 --- a/contrib/bind/bin/named/named.h +++ /dev/null @@ -1,67 +0,0 @@ -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * $Id: named.h,v 8.32 2002/03/15 00:58:16 vixie Exp $ - */ - -/* Options. Change them at your peril. */ -#undef NXDOMAIN_ON_DENIAL -#define DEBUG -#define ADDAUTH -#define STUBS -#define RETURNSOA -#define BOGUSNS -#define TRACEROOT -#define XFRNETS -#define QRYLOG -#undef YPKLUDGE -#define RENICE -#define BIND_IXFR -#define BIND_NOTIFY -#define BIND_UPDATE -#define WANT_PIDFILE -#define FWD_LOOP -#define DOTTED_SERIAL -#define SENSIBLE_DOTS -#define ROUND_ROBIN -#define DNS_SECURITY -#undef RSAREF -#undef BSAFE -#define ALLOW_LONG_TXT_RDATA -#define STRICT_RFC2308 -#undef BIND_ZXFR -#undef LOG_TSIG_BUG -#define NOADDITIONAL -#undef FORWARD_ALLOWS /* enable allow-query for forward zones. */ - -#include <isc/assertions.h> -#include <isc/list.h> -#include <isc/ctl.h> - -#include <res_update.h> - -#include "pathnames.h" - -#include "ns_defs.h" -#include "db_defs.h" - -#include "ns_glob.h" -#include "db_glob.h" - -#include "ns_func.h" -#include "db_func.h" diff --git a/contrib/bind/bin/named/ns_config.c b/contrib/bind/bin/named/ns_config.c deleted file mode 100644 index 84973ce..0000000 --- a/contrib/bind/bin/named/ns_config.c +++ /dev/null @@ -1,3194 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_config.c,v 8.136.8.1 2003/06/02 09:56:34 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Check Point Software Technologies Incorporated not be used - * in advertising or publicity pertaining to distribution of the document - * or software without specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES - * INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - * IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED - * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR - * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <errno.h> -#include <limits.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> -#include <unistd.h> -#include <fcntl.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#ifdef HAVE_GETRUSAGE /* XXX */ -#include <sys/resource.h> -#endif - -#include "named.h" -#include "ns_parseutil.h" - -/* Private. */ - -static int tmpnum = 0; -static int config_initialized = 0; - -static int need_logging_free = 0; -static int default_logging_installed; - -static int options_installed = 0; -static int logging_installed = 0; -static int default_options_installed; - -static char **logging_categories; -static char *current_pid_filename = NULL; - -#define ZONE_SYM_TABLE_SIZE 4973 -static symbol_table zone_symbol_table; - -/* Zones */ - -void -free_zone_timerinfo(struct zoneinfo *zp) { - if (zp->z_timerinfo != NULL) { - zp->z_timerinfo->name = freestr(zp->z_timerinfo->name); - memput(zp->z_timerinfo, sizeof *zp->z_timerinfo); - zp->z_timerinfo = NULL; - } else - ns_error(ns_log_config, "timer for zone '%s' had no timerinfo", - zp->z_origin); -} - -void -free_zone_contents(struct zoneinfo *zp, int undefine_sym) { - INSIST(zp != NULL); - - if (undefine_sym) - undefine_symbol(zone_symbol_table, zp->z_origin, zp->z_class); - if (zp->z_flags & Z_TIMER_SET) { - free_zone_timerinfo(zp); - if (evClearTimer(ev, zp->z_timer) < 0) - ns_error(ns_log_config, - "evClearTimer for zone '%s' failed in ns_init: %s", - zp->z_origin, - strerror(errno)); - } - if (zp->z_origin != NULL) - zp->z_origin = freestr(zp->z_origin); - if (zp->z_source != NULL) - zp->z_source = freestr(zp->z_source); - if (zp->z_ixfr_base != NULL) - zp->z_ixfr_base = freestr(zp->z_ixfr_base); - if (zp->z_ixfr_tmp != NULL) - zp->z_ixfr_tmp = freestr(zp->z_ixfr_tmp); - if (zp->z_update_acl != NULL) - free_ip_match_list(zp->z_update_acl); - zp->z_update_acl = NULL; - if (zp->z_query_acl != NULL) - free_ip_match_list(zp->z_query_acl); - zp->z_query_acl = NULL; - if (zp->z_transfer_acl != NULL) - free_ip_match_list(zp->z_transfer_acl); - zp->z_transfer_acl = NULL; -#ifdef BIND_UPDATE - if (zp->z_updatelog != NULL) - zp->z_updatelog = freestr(zp->z_updatelog); -#endif /* BIND_UPDATE */ -#ifdef BIND_NOTIFY - if (zp->z_also_notify != NULL) - memput(zp->z_also_notify, - zp->z_notify_count * sizeof *zp->z_also_notify); - zp->z_also_notify = NULL; -#endif - if (zp->z_fwdtab != NULL) - free_forwarders(zp->z_fwdtab); - zp->z_fwdtab = NULL; - block_signals(); - if (LINKED(zp, z_reloadlink)) - UNLINK(reloadingzones, zp, z_reloadlink); - unblock_signals(); -} - -static void -release_zone(struct zoneinfo *zp) { - INSIST(zp != NULL); - - free_zone_contents(zp, 0); - memput(zp, sizeof *zp); -} - -struct zoneinfo * -find_zone(const char *name, int class) { - struct zoneinfo *zp; - symbol_value value; - - ns_debug(ns_log_config, 3, "find_zone(%s, %d)", - *name ? name : ".", class); - if (lookup_symbol(zone_symbol_table, name, class, &value)) { - INSIST(value.integer >= 0 && value.integer < nzones); - ns_debug(ns_log_config, 3, "find_zone: existing zone %d", - value.integer); - zp = &zones[value.integer]; - return (zp); - } - ns_debug(ns_log_config, 3, "find_zone: unknown zone"); - return (NULL); -} - -static struct zoneinfo * -new_zone(void) { - struct zoneinfo *zp; - - if (EMPTY(freezones)) - make_new_zones(); - - zp = HEAD(freezones); - UNLINK(freezones, zp, z_freelink); - return (zp); -} - -/* - * Check out a zoneinfo structure and return non-zero if it's OK. - */ -static int -validate_zone(struct zoneinfo *zp) { - char filename[MAXPATHLEN+1]; - - /* Check name */ - if (!res_dnok(zp->z_origin)) { - ns_error(ns_log_config, "invalid zone name '%s'", - zp->z_origin); - return (0); - } - - /* Check class */ - if (zp->z_class == C_ANY || zp->z_class == C_NONE) { - ns_error(ns_log_config, "invalid class %d for zone '%s'", - zp->z_class, zp->z_origin); - return (0); - } - - /* Check type. */ - if (zp->z_type == 0) { - ns_error(ns_log_config, "no type specified for zone '%s'", - zp->z_origin); - return (0); - } - if (zp->z_type == z_cache && ns_samename(zp->z_origin, "") != 1) { - ns_error(ns_log_config, - "only the root zone may be a cache zone (zone '%s')", - zp->z_origin); - return (0); - } - if (zp->z_type == z_hint && ns_samename(zp->z_origin, "") != 1) { - ns_error(ns_log_config, - "only the root zone may be a hint zone (zone '%s')", - zp->z_origin); - return (0); - } - - /* Check filename. */ - if (zp->z_type == z_master && zp->z_source == NULL) { - ns_error(ns_log_config, - "'file' statement missing for master zone %s", - zp->z_origin); - return (0); - } - /* - * XXX We should run filename through an OS-specific - * validator here. - */ - if (zp->z_source != NULL && - strlen(zp->z_source) > MAXPATHLEN) { - ns_error(ns_log_config, "filename too long for zone '%s'", - zp->z_origin); - return (0); - } - - if (zp->z_ixfr_base != NULL && strlen(zp->z_ixfr_base) > MAXPATHLEN) { - ns_error(ns_log_config, "ixfr filename too long for zone '%s'", - zp->z_origin); - return (0); - } - if (zp->z_ixfr_tmp != NULL && strlen(zp->z_ixfr_tmp) > MAXPATHLEN) { - ns_error(ns_log_config, "tmp ixfr filename too long for zone '%s'", - zp->z_origin); - return (0); - } - - /* Check masters */ - if (zp->z_addrcnt != 0) { - if (zp->z_type == z_master || zp->z_type == z_hint || - zp->z_type == z_cache) { - ns_error(ns_log_config, - "'masters' statement present for %s zone '%s'", - (zp->z_type == z_master) ? "master" : - (zp->z_type == z_hint) ? "hint" : "cache", - zp->z_origin); - return (0); - } - } else { - if (zp->z_type == z_slave || zp->z_type == z_stub) { - ns_error(ns_log_config, - "no 'masters' statement for non-master zone '%s'", - zp->z_origin); - return (0); - } - } - - /* Check allow-update and allow-transfer. */ - if (zp->z_update_acl || zp->z_transfer_acl) { - if (zp->z_type != z_master && zp->z_type != z_slave) { - ns_error(ns_log_config, - "'allow-{update,transfer}' option for non-{master,slave} zone '%s'", - zp->z_origin); - return (0); - } - } - - /* Check allow-query. */ - if (zp->z_query_acl) { - if (zp->z_type != z_master && - zp->z_type != z_slave && -#ifdef FORWARD_ALLOWS - zp->z_type != z_forward && -#endif - zp->z_type != z_stub) { - ns_error(ns_log_config, -#ifdef FORWARD_ALLOWS - "'allow-query' option for hint zone '%s'", -#else - "'allow-query' option for non-{master,slave,stub} zone '%s'", -#endif - zp->z_origin); - return (0); - } - } - -#ifdef BIND_NOTIFY - /* Check notify */ - if (zp->z_notify != notify_use_default) { - if (zp->z_type != z_master && zp->z_type != z_slave) { - ns_error(ns_log_config, - "'notify' given for non-master, non-slave zone '%s'", - zp->z_origin); - return (0); - } - } - - /* Check also-notify */ - if (zp->z_notify_count != 0) { - if (zp->z_type != z_master && zp->z_type != z_slave) { - ns_error(ns_log_config, - "'also-notify' given for non-master, non-slave zone '%s'", - zp->z_origin); - return (0); - } - } -#endif - -#ifdef BIND_UPDATE - /* XXX need more checking here */ - if (!zp->z_updatelog && zp->z_source) { - /* XXX OS-specific filename validation here */ - if ((strlen(zp->z_source) + (sizeof ".log" - 1)) > - MAXPATHLEN) { - ns_error(ns_log_config, - "filename too long for dynamic zone '%s'", - zp->z_origin); - return (0); - } - /* this sprintf() is now safe */ - sprintf(filename, "%s.log", zp->z_source); - zp->z_updatelog = savestr(filename, 1); - } - - /* Check forward */ - if (zp->z_optset & OPTION_FORWARD_ONLY) { - if (zp->z_type == z_hint) { - ns_error(ns_log_config, - "'forward' given for hint zone '%s'", - zp->z_origin); - return (0); - } - } - /* Check forwarders */ - if (zp->z_fwdtab) { - if (zp->z_type == z_hint) { - ns_error(ns_log_config, - "'forwarders' given for hint zone '%s'", - zp->z_origin); - return (0); - } - } - - if (zp->z_type == z_master) { - if (!zp->z_soaincrintvl) - zp->z_soaincrintvl = SOAINCRINTVL; - if (!zp->z_dumpintvl) - zp->z_dumpintvl = DUMPINTVL; - if (!zp->z_deferupdcnt) - zp->z_deferupdcnt = DEFERUPDCNT; - } -#endif /* BIND_UPDATE */ - - if (!zp->z_ixfr_base && zp->z_source) { - /* XXX OS-specific filename validation here */ - if ((strlen(zp->z_source) + (sizeof ".ixfr" - 1)) > - MAXPATHLEN) { - ns_error(ns_log_config, - "filename too long for dynamic zone '%s'", - zp->z_origin); - return (0); - } - /* this sprintf() is now safe */ - sprintf(filename, "%s.ixfr", zp->z_source); - zp->z_ixfr_base = savestr(filename, 1); - } - if (!zp->z_ixfr_tmp && zp->z_source) { - /* XXX OS-specific filename validation here */ - if ((strlen(zp->z_source) + (sizeof ".ixfr.tmp" - 1)) > - MAXPATHLEN) { - ns_error(ns_log_config, - "filename too long for dynamic zone '%s'", - zp->z_origin); - return (0); - } - /* this sprintf() is now safe */ - sprintf(filename, "%s.ixfr.tmp", zp->z_source); - zp->z_ixfr_tmp = savestr(filename, 1); - } - - return (1); -} - -/* - * Start building a new zoneinfo structure. Returns an opaque - * zone_config suitable for use by the parser. - */ -zone_config -begin_zone(char *name, int class) { - zone_config zh; - struct zoneinfo *zp; - - /* - * require: name is canonical, class is a valid class - */ - - ns_debug(ns_log_config, 3, "begin_zone('%s', %d)", - (*name == '\0') ? "." : name, class); - - zp = (struct zoneinfo *)memget(sizeof (struct zoneinfo)); - if (zp == NULL) - panic("memget failed in begin_zone", NULL); - memset(zp, 0, sizeof (struct zoneinfo)); - zp->z_origin = name; - zp->z_class = class; - zp->z_checknames = not_set; - if (server_options->flags & OPTION_MAINTAIN_IXFR_BASE) - zp->z_maintain_ixfr_base = 1; - else - zp->z_maintain_ixfr_base = 0; - zp->z_max_log_size_ixfr = server_options->max_log_size_ixfr; - zh.opaque = zp; - return (zh); -} - -/* - * Merge new configuration information into an existing zone. The - * new zoneinfo must be valid. - */ -static void -update_zone_info(struct zoneinfo *zp, struct zoneinfo *new_zp) { - char buf[MAXPATHLEN+1]; - int i; - - INSIST(zp != NULL); - INSIST(new_zp != NULL); - - ns_debug(ns_log_config, 1, "update_zone_info('%s', %d)", - (*new_zp->z_origin == '\0') ? "." : new_zp->z_origin, - new_zp->z_type); - -#ifdef BIND_UPDATE - /* - * A dynamic master zone that's becoming non-dynamic may need to be - * dumped before we start the update. - */ - if ((zp->z_flags & Z_DYNAMIC) && !(new_zp->z_flags & Z_DYNAMIC) && - ((zp->z_flags & Z_NEED_SOAUPDATE) || - (zp->z_flags & Z_NEED_DUMP))) - (void) zonedump(zp, ISNOTIXFR); -#endif - - /* - * First do the simple stuff, making sure to free - * any data that was dynamically allocated. - */ - if (zp->z_origin != NULL) - (void)freestr(zp->z_origin); - zp->z_origin = new_zp->z_origin; - new_zp->z_origin = NULL; - zp->z_maintain_ixfr_base = new_zp->z_maintain_ixfr_base; - zp->z_max_log_size_ixfr = new_zp->z_max_log_size_ixfr; - zp->z_class = new_zp->z_class; - zp->z_type = new_zp->z_type; - zp->z_checknames = new_zp->z_checknames; - for (i = 0; i < new_zp->z_addrcnt; i++) { - zp->z_addr[i] = new_zp->z_addr[i]; - zp->z_keys[i] = new_zp->z_keys[i]; - } - zp->z_addrcnt = new_zp->z_addrcnt; - if (zp->z_update_acl) - free_ip_match_list(zp->z_update_acl); - zp->z_update_acl = new_zp->z_update_acl; - new_zp->z_update_acl = NULL; - if (zp->z_query_acl) - free_ip_match_list(zp->z_query_acl); - zp->z_query_acl = new_zp->z_query_acl; - new_zp->z_query_acl = NULL; - zp->z_axfr_src = new_zp->z_axfr_src; - if (zp->z_transfer_acl) - free_ip_match_list(zp->z_transfer_acl); - zp->z_transfer_acl = new_zp->z_transfer_acl; - new_zp->z_transfer_acl = NULL; - zp->z_max_transfer_time_in = new_zp->z_max_transfer_time_in; -#ifdef BIND_NOTIFY - zp->z_notify = new_zp->z_notify; - if (zp->z_also_notify) - memput(zp->z_also_notify, - zp->z_notify_count * sizeof *zp->z_also_notify); - zp->z_also_notify = new_zp->z_also_notify; - zp->z_notify_count = new_zp->z_notify_count; - new_zp->z_also_notify = NULL; - new_zp->z_notify_count = 0; -#endif - if ((new_zp->z_flags & Z_FORWARD_SET) != 0) - zp->z_flags |= Z_FORWARD_SET; - else - zp->z_flags &= ~Z_FORWARD_SET; - if (zp->z_fwdtab != NULL) - free_forwarders(zp->z_fwdtab); - zp->z_fwdtab = new_zp->z_fwdtab; - new_zp->z_fwdtab = NULL; - - zp->z_dialup = new_zp->z_dialup; - zp->z_options = new_zp->z_options; - zp->z_optset = new_zp->z_optset; - -#ifdef BIND_UPDATE - if (new_zp->z_flags & Z_DYNAMIC) - zp->z_flags |= Z_DYNAMIC; - else - zp->z_flags &= ~Z_DYNAMIC; - zp->z_soaincrintvl = new_zp->z_soaincrintvl; - zp->z_dumpintvl = new_zp->z_dumpintvl; - zp->z_deferupdcnt = new_zp->z_deferupdcnt; - if (zp->z_updatelog) - (void)freestr(zp->z_updatelog); - zp->z_updatelog = new_zp->z_updatelog; - new_zp->z_updatelog = NULL; -#endif /* BIND_UPDATE */ - zp->z_port = new_zp->z_port; - - /* - * Now deal with files. - */ - switch (zp->z_type) { - case z_cache: - ns_panic(ns_log_config, 1, "impossible condition"); - break; - case z_hint: - ns_debug(ns_log_config, 1, "source = %s", new_zp->z_source); - zp->z_refresh = 0; /* No dumping. */ - if (zp->z_source != NULL && - strcmp(new_zp->z_source, zp->z_source) == 0 && - (reconfiging || !zonefile_changed_p(zp))) { - ns_debug(ns_log_config, 1, "cache is up to date"); - break; - } - - /* File has changed, or hasn't been loaded yet. */ - if (zp->z_source) { - zp->z_source = freestr(zp->z_source); - ns_stopxfrs(zp); - purge_zone(zp, fcachetab); - } - zp->z_source = new_zp->z_source; - new_zp->z_source = NULL; - - if (zp->z_ixfr_base) - (void)freestr(zp->z_ixfr_base); - zp->z_ixfr_base = new_zp->z_ixfr_base; - new_zp->z_ixfr_base = NULL; - - if (zp->z_ixfr_tmp) - (void)freestr(zp->z_ixfr_tmp); - zp->z_ixfr_tmp = new_zp->z_ixfr_tmp; - new_zp->z_ixfr_tmp = NULL; - - ns_debug(ns_log_config, 1, "reloading hint zone"); - (void) db_load(zp->z_source, zp->z_origin, zp, NULL, - ISNOTIXFR); - break; - - case z_master: - ns_debug(ns_log_config, 1, "source = %s", new_zp->z_source); - /* - * If we've loaded this file, and the file hasn't changed - * then there's no need to reload. - */ - if (zp->z_source != NULL && - strcmp(new_zp->z_source, zp->z_source) == 0 && - (reconfiging || !zonefile_changed_p(zp))) { - ns_debug(ns_log_config, 1, "zone is up to date"); - break; - } -#ifdef BIND_UPDATE - if (zp->z_source && (zp->z_flags & Z_DYNAMIC)) - ns_warning(ns_log_config, - "source file of dynamic zone '%s' has changed", - zp->z_origin); - - primary_reload: -#endif /* BIND_UPDATE */ - if (zp->z_source != NULL) - (void)freestr(zp->z_source); - zp->z_source = new_zp->z_source; - new_zp->z_source = NULL; - - if (zp->z_ixfr_base != NULL) - (void)freestr(zp->z_ixfr_base); - zp->z_ixfr_base = new_zp->z_ixfr_base; - new_zp->z_ixfr_base = NULL; - - if (zp->z_ixfr_tmp != NULL) - (void)freestr(zp->z_ixfr_tmp); - zp->z_ixfr_tmp = new_zp->z_ixfr_tmp; - new_zp->z_ixfr_tmp = NULL; - - if (reload_master(zp) == 1) { - /* - * Note that going to primary_reload - * unconditionally reloads the zone. - */ - new_zp->z_source = savestr(zp->z_source, 1); - new_zp->z_ixfr_base = savestr(zp->z_ixfr_base, 1); - new_zp->z_ixfr_tmp = savestr(zp->z_ixfr_tmp, 1); - goto primary_reload; - } - break; - - case z_slave: -#ifdef STUBS - case z_stub: -#endif - ns_debug(ns_log_config, 1, "addrcnt = %d", zp->z_addrcnt); - if (!new_zp->z_source) { - /* - * We will always transfer this zone again - * after a reload. - */ - sprintf(buf, "NsTmp%ld.%d", (long)getpid(), tmpnum++); - new_zp->z_source = savestr(buf, 1); - zp->z_flags |= Z_TMP_FILE; - } else - zp->z_flags &= ~Z_TMP_FILE; - /* - * If we had a backup file name, and it was changed, - * free old zone and start over. If we don't have - * current zone contents, try again now in case - * we have a new server on the list. - */ - if (zp->z_source != NULL && - (strcmp(new_zp->z_source, zp->z_source) != 0 || - ((!reconfiging) && zonefile_changed_p(zp)))) { - ns_debug(ns_log_config, 1, - "backup file changed or missing"); - zp->z_source = freestr(zp->z_source); - zp->z_serial = 0; /* force xfer */ - ns_stopxfrs(zp); - /* - * We only need to reload if we have ever - * successfully transferred the zone. - */ - if ((zp->z_flags & Z_AUTH) != 0) { - zp->z_flags &= ~Z_AUTH; - /* - * Purge old data and mark the parent for - * reloading so that NS records are present - * during the zone transfer. - */ - do_reload(zp, 1); - } - } - if (zp->z_source == NULL) { - zp->z_source = new_zp->z_source; - new_zp->z_source = NULL; - } - - if (zp->z_ixfr_base != NULL) - (void)freestr(zp->z_ixfr_base); - zp->z_ixfr_base = new_zp->z_ixfr_base; - new_zp->z_ixfr_base = NULL; - - if (zp->z_ixfr_tmp != NULL) - freestr(zp->z_ixfr_tmp); - zp->z_ixfr_tmp = new_zp->z_ixfr_tmp; - new_zp->z_ixfr_tmp = NULL; - - if ((!noexpired || ((zp->z_flags & Z_EXPIRED) == 0)) && - ((zp->z_flags & Z_AUTH) == 0)) - zoneinit(zp); - else { - /* - ** Force slave to try transfer soon after SIGHUP. - */ - if ((zp->z_flags & (Z_QSERIAL|Z_XFER_RUNNING)) == 0 && - reloading && !reconfiging) { - qserial_retrytime(zp, tt.tv_sec); - sched_zone_maint(zp); - } - } - break; - case z_forward: - /* - * We don't know if the forwarder's list has changed - * so just purge the cache. In the future we may want - * see if the forwarders list has changed and only - * do this then. - */ - clean_cache_from(zp->z_origin, hashtab); - break; - } - if ((zp->z_flags & Z_FOUND) != 0 && /* already found? */ - (zp - zones) != DB_Z_CACHE) /* cache never sets Z_FOUND */ - ns_error(ns_log_config, "Zone \"%s\" declared more than once", - zp->z_origin); - zp->z_flags |= Z_FOUND; - ns_debug(ns_log_config, 1, - "zone[%d] type %d: '%s' z_time %lu, z_refresh %u", - zp-zones, zp->z_type, - *(zp->z_origin) == '\0' ? "." : zp->z_origin, - (u_long)zp->z_time, zp->z_refresh); -} - -/* - * Finish constructing a new zone. If valid, the constructed zone is - * merged into the zone database. The zone_config used is invalid after - * end_zone() completes. - */ -void -end_zone(zone_config zh, int should_install) { - struct zoneinfo *zp, *new_zp; - const char *zname; - symbol_value value; - - new_zp = zh.opaque; - INSIST(new_zp != NULL); - - zname = (new_zp->z_origin[0] == '\0') ? "." : new_zp->z_origin; - ns_debug(ns_log_config, 3, "end_zone('%s', %d)", zname, - should_install); - - if (!should_install) { - release_zone(new_zp); - return; - } - if (!validate_zone(new_zp)) { - ns_error(ns_log_config, - "zone '%s' did not validate, skipping", zname); - release_zone(new_zp); - return; - } - zp = find_zone(new_zp->z_origin, new_zp->z_class); - if (zp != NULL && zp->z_type != new_zp->z_type) { - remove_zone(zp, "redefined"); - zp = NULL; - } - if (zp == NULL) { - zp = new_zone(); - INSIST(zp != NULL); - value.integer = (zp - zones); - define_symbol(zone_symbol_table, new_zp->z_origin, - new_zp->z_class, value, 0); - } - ns_debug(ns_log_config, 5, "zone '%s', type = %d, class = %d", zname, - new_zp->z_type, new_zp->z_class); - if (new_zp->z_source != NULL) - ns_debug(ns_log_config, 5, " file = %s", new_zp->z_source); - ns_debug(ns_log_config, 5, " checknames = %d", new_zp->z_checknames); - if (new_zp->z_addrcnt != 0) { - int i; - - ns_debug(ns_log_config, 5, " masters:"); - for (i = 0; i < new_zp->z_addrcnt; i++) - ns_debug(ns_log_config, 5, " %s", - inet_ntoa(new_zp->z_addr[i])); - } - - update_zone_info(zp, new_zp); - release_zone(new_zp); - zh.opaque = NULL; -} - -int -set_zone_type(zone_config zh, int type) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if type already set for this zone */ - if (zp->z_type != 0) - return (0); - zp->z_type = type; - return (1); -} - -int -set_zone_filename(zone_config zh, char *filename) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if filename already set for this zone */ - if (zp->z_source != NULL) - return (0); - zp->z_source = filename; - return (1); -} - -int -set_zone_checknames(zone_config zh, enum severity s) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if checknames already set for this zone */ - if (zp->z_checknames != not_set) - return (0); - zp->z_checknames = s; - return (1); -} - -int -set_zone_ixfr_file(zone_config zh, char *filename) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if filename already set for this zone */ - if (zp->z_ixfr_base != NULL) - return (0); - zp->z_ixfr_base = filename; - if (zp->z_ixfr_tmp == NULL) { - int len = strlen(zp->z_ixfr_base) + (sizeof ".tmp"); - char *str = (char *) memget(len); - - sprintf(str, "%s.tmp", zp->z_ixfr_base); - zp->z_ixfr_tmp = savestr(str, 1); - memput(str, len); - } - - return (1); -} - -int -set_zone_ixfr_tmp(zone_config zh, char *filename) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if filename already set for this zone */ - if (zp->z_ixfr_tmp != NULL) - return (0); - zp->z_ixfr_tmp = filename; - return (1); -} - -int -set_zone_dialup(zone_config zh, int value) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - if (value) { - zp->z_dialup = zdialup_yes; -#ifdef BIND_NOTIFY - zp->z_notify = notify_yes; -#endif - } else - zp->z_dialup = zdialup_no; - - return (1); -} - -int -set_zone_notify(zone_config zh, enum notify value) { -#ifdef BIND_NOTIFY - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - zp->z_notify = value; -#endif - return (1); -} - -int -set_zone_maintain_ixfr_base(zone_config zh, int value) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - zp->z_maintain_ixfr_base = value; - - return (1); -} - -int -set_zone_update_acl(zone_config zh, ip_match_list iml) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if update_acl already set for this zone */ - if (zp->z_update_acl != NULL) - return (0); - zp->z_update_acl = iml; -#ifdef BIND_UPDATE - if (!ip_match_is_none(iml)) - zp->z_flags |= Z_DYNAMIC; - else - ns_debug(ns_log_config, 3, "update acl is none for '%s'", - zp->z_origin); -#endif - return (1); -} - -int -set_zone_query_acl(zone_config zh, ip_match_list iml) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if allow-query acl already set for this zone */ - if (zp->z_query_acl != NULL) - return (0); - zp->z_query_acl = iml; - return (1); -} - -int -set_zone_master_port(zone_config zh, u_short port) { - struct zoneinfo *zp = zh.opaque; - - zp->z_port = port; - return (1); -} - -int -set_zone_transfer_source(zone_config zh, struct in_addr ina) { - struct zoneinfo *zp = zh.opaque; - - zp->z_axfr_src = ina; - return (1); -} - -int -set_zone_transfer_acl(zone_config zh, ip_match_list iml) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if allow-transfer acl already set for this zone */ - if (zp->z_transfer_acl != NULL) - return (0); - zp->z_transfer_acl = iml; - return (1); -} - -int -set_zone_transfer_time_in(zone_config zh, long max_time) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Fail if max-transfer-time-in already set for this zone */ - if (zp->z_max_transfer_time_in) - return (0); - zp->z_max_transfer_time_in = max_time; - return (1); -} - -int -set_zone_max_log_size_ixfr(zone_config zh, int size) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - zp->z_max_log_size_ixfr = size; - return (0); -} - -int -set_zone_pubkey(zone_config zh, const int flags, const int proto, - const int alg, const char *str) -{ - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - INSIST(zp != NULL && zp->z_origin != NULL); - return (add_trusted_key(zp->z_origin, flags, proto, alg, str)); -} - -int -set_trusted_key(const char *name, const int flags, const int proto, - const int alg, const char *str) { - INSIST(name != NULL); - return (add_trusted_key(name, flags, proto, alg, str)); -} - -int -add_zone_master(zone_config zh, struct in_addr address, struct dst_key * key) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - zp->z_addr[zp->z_addrcnt] = address; - zp->z_keys[zp->z_addrcnt] = key; - zp->z_addrcnt++; - if (zp->z_addrcnt >= NSMAX) { - ns_warning(ns_log_config, "NSMAX reached for zone '%s'", - zp->z_origin); - zp->z_addrcnt = NSMAX - 1; - } - return (1); -} - -int -add_zone_notify(zone_config zh, struct in_addr address) { -#ifdef BIND_NOTIFY - struct zoneinfo *zp; - int i; - - zp = zh.opaque; - INSIST(zp != NULL); - - /* Check for duplicates. */ - - for (i = 0; i < zp->z_notify_count; i++) { - if (memcmp(zp->z_also_notify + i, - &address, sizeof address) == 0) { - ns_warning(ns_log_config, - "duplicate also-notify address ignored [%s] for zone '%s'", - inet_ntoa(address), zp->z_origin); - return (1); - } - } - i = 0; - - if (zp->z_also_notify == NULL) { - zp->z_also_notify = memget(sizeof *zp->z_also_notify); - if (zp->z_also_notify == NULL) - i = 1; - } else { - register size_t size; - register struct in_addr *an_tmp; - size = zp->z_notify_count * sizeof *zp->z_also_notify; - an_tmp = memget(size + sizeof *zp->z_also_notify); - if (an_tmp == NULL) { - i = 1; - } else { - memcpy(an_tmp, zp->z_also_notify, size); - memput(zp->z_also_notify, size); - zp->z_also_notify = an_tmp; - } - } - if (i == 0) { - zp->z_also_notify[zp->z_notify_count] = address; - zp->z_notify_count++; - } else { - ns_warning(ns_log_config, "also-notify add failed (memget) [%s] for zone '%s'", - inet_ntoa(address), zp->z_origin); - } -#endif - return (1); -} - -/* Options */ - -options -new_options() { - options op; - char hostname[256]; - - op = (options)memget(sizeof (struct options)); - if (op == NULL) - panic("memget failed in new_options()", NULL); - - op->version = savestr(ShortVersion, 1); - if (gethostname(hostname, sizeof(hostname)) == 0) - op->hostname = savestr(hostname, 1); - else - op->hostname = NULL; - op->directory = savestr(".", 1); - op->pid_filename = savestr(_PATH_PIDFILE, 1); - op->named_xfer = savestr(_PATH_XFER, 1); - op->dump_filename = savestr(_PATH_DUMPFILE, 1); - op->stats_filename = savestr(_PATH_STATS, 1); - op->memstats_filename = savestr(_PATH_MEMSTATS, 1); - op->flags = DEFAULT_OPTION_FLAGS; - op->transfers_in = DEFAULT_XFERS_RUNNING; - op->transfers_per_ns = DEFAULT_XFERS_PER_NS; - op->transfers_out = 0; - op->serial_queries = MAXQSERIAL; - op->transfer_format = axfr_one_answer; - op->max_transfer_time_in = MAX_XFER_TIME; - memset(&op->query_source, 0, sizeof op->query_source); - op->query_source.sin_family = AF_INET; - op->query_source.sin_addr.s_addr = htonl(INADDR_ANY); - op->query_source.sin_port = htons(0); /* INPORT_ANY */ - op->axfr_src.s_addr = 0; -#ifdef BIND_NOTIFY - op->notify_count = 0; - op->also_notify = NULL; -#endif - op->blackhole_acl = NULL; - op->query_acl = NULL; - op->transfer_acl = NULL; - op->recursion_acl = NULL; - op->sortlist = NULL; - op->topology = NULL; - op->data_size = 0UL; /* use system default */ - op->stack_size = 0UL; /* use system default */ - op->core_size = 0UL; /* use system default */ - op->files = ULONG_MAX; /* unlimited */ - op->check_names[primary_trans] = fail; - op->check_names[secondary_trans] = warn; - op->check_names[response_trans] = ignore; - op->listen_list = NULL; - op->fwdtab = NULL; - /* XXX init forwarding */ - op->clean_interval = 3600; - op->interface_interval = 3600; - op->stats_interval = 3600; - op->ordering = NULL; - op->max_ncache_ttl = DEFAULT_MAX_NCACHE_TTL; - op->max_host_stats = 0; - op->lame_ttl = NTTL; - op->heartbeat_interval = 3600; - op->max_log_size_ixfr = 0; - op->minroots = MINROOTS; - op->preferred_glue = 0; -#ifdef BIND_NOTIFY - op->notify = notify_yes; -#endif - op->edns_udp_size = EDNS_MESSAGE_SZ; - return (op); -} - -void -free_options(options op) { - INSIST(op != NULL); - - if (op->hostname) - op->hostname = freestr(op->hostname); - if (op->version) - op->version = freestr(op->version); - if (op->directory) - op->directory = freestr(op->directory); - if (op->pid_filename) - op->pid_filename = freestr(op->pid_filename); - if (op->named_xfer) - op->named_xfer = freestr(op->named_xfer); - if (op->dump_filename) - op->dump_filename = freestr(op->dump_filename); - if (op->stats_filename) - op->stats_filename = freestr(op->stats_filename); - if (op->memstats_filename) - op->memstats_filename = freestr(op->memstats_filename); -#ifdef BIND_NOTIFY - if (op->also_notify) - free_also_notify(op); -#endif - if (op->blackhole_acl) - free_ip_match_list(op->blackhole_acl); - if (op->query_acl) - free_ip_match_list(op->query_acl); - if (op->recursion_acl) - free_ip_match_list(op->recursion_acl); - if (op->transfer_acl) - free_ip_match_list(op->transfer_acl); - if (op->sortlist) - free_ip_match_list(op->sortlist); - if (op->ordering) - free_rrset_order_list(op->ordering); - if (op->topology) - free_ip_match_list(op->topology); - if (op->listen_list) - free_listen_info_list(op->listen_list); - if (op->fwdtab) - free_forwarders(op->fwdtab); - memput(op, sizeof *op); -} - -static void -set_boolean_option(u_int *op_flags, int bool_opt, int value) { - INSIST(op_flags != NULL); - - switch (bool_opt) { -#ifdef HITCOUNTS - case OPTION_HITCOUNT: -#endif /* HITCOUNTS */ - case OPTION_NORECURSE: - case OPTION_NOFETCHGLUE: - case OPTION_FORWARD_ONLY: - case OPTION_FAKE_IQUERY: - case OPTION_SUPNOTIFY_INITIAL: - case OPTION_NONAUTH_NXDOMAIN: - case OPTION_MULTIPLE_CNAMES: - case OPTION_USE_IXFR: - case OPTION_MAINTAIN_IXFR_BASE: - case OPTION_HOSTSTATS: - case OPTION_DEALLOC_ON_EXIT: - case OPTION_USE_ID_POOL: - case OPTION_NORFC2308_TYPE1: - case OPTION_NODIALUP: - case OPTION_TREAT_CR_AS_SPACE: - if (value) - *op_flags |= bool_opt; - else - *op_flags &= ~bool_opt; - break; - default: - panic("unexpected option in set_boolean_option", NULL); - } -} - -void -set_global_boolean_option(options op, int bool_opt, int value) { - - INSIST(op != NULL); - - set_boolean_option(&op->flags, bool_opt, value); -} - -void -set_zone_boolean_option(zone_config zh, int bool_opt, int value) { - struct zoneinfo *zp; - - zp = zh.opaque; - INSIST(zp != NULL); - - set_boolean_option(&zp->z_options, bool_opt, value); - - /* Flag that zone option overrides corresponding global option */ - zp->z_optset |= bool_opt; -} - -#ifdef HAVE_GETRUSAGE -enum limit { Datasize, Stacksize, Coresize, Files }; - -static struct rlimit initial_data_size; -static struct rlimit initial_stack_size; -static struct rlimit initial_core_size; -static struct rlimit initial_num_files; - -static void -get_initial_limits() { - int fdlimit = evHighestFD(ev) + 1; - -# ifdef RLIMIT_DATA - if (getrlimit(RLIMIT_DATA, &initial_data_size) < 0) - ns_warning(ns_log_config, "getrlimit(DATA): %s", - strerror(errno)); -# endif -# ifdef RLIMIT_STACK - if (getrlimit(RLIMIT_STACK, &initial_stack_size) < 0) - ns_warning(ns_log_config, "getrlimit(STACK): %s", - strerror(errno)); -# endif -# ifdef RLIMIT_CORE - if (getrlimit(RLIMIT_CORE, &initial_core_size) < 0) - ns_warning(ns_log_config, "getrlimit(CORE): %s", - strerror(errno)); -# endif -# ifdef RLIMIT_NOFILE - if (getrlimit(RLIMIT_NOFILE, &initial_num_files) < 0) - ns_warning(ns_log_config, "getrlimit(NOFILE): %s", - strerror(errno)); - else if (initial_num_files.rlim_cur > fdlimit) { - initial_num_files.rlim_cur = fdlimit; - if (initial_num_files.rlim_cur > initial_num_files.rlim_max) - initial_num_files.rlim_max = fdlimit; - if (setrlimit(RLIMIT_NOFILE, &initial_num_files) < 0) { - ns_warning(ns_log_config, "setrlimit(files): %s", - strerror(errno)); - } else { - ns_warning(ns_log_config, - "limit files set to fdlimit (%d)", - fdlimit); - } - } -# endif -} - -static void -ns_rlimit(enum limit limit, u_long limit_value) { - struct rlimit limits, old_limits; - int rlimit = -1; - int fdlimit = evHighestFD(ev) + 1; - const char *name; - rlimit_type value; - - if (limit_value == ULONG_MAX) { -#ifndef RLIMIT_FILE_INFINITY - if (limit == Files) - value = MIN((rlimit_type)evHighestFD(ev) + 1, - initial_num_files.rlim_max); - else -#endif - value = (rlimit_type)RLIM_INFINITY; - } else - value = (rlimit_type)limit_value; - - limits.rlim_cur = limits.rlim_max = value; - switch (limit) { - case Datasize: -#ifdef RLIMIT_DATA - rlimit = RLIMIT_DATA; -#endif - name = "max data size"; - if (value == 0) - limits = initial_data_size; - break; - case Stacksize: -#ifdef RLIMIT_STACK - rlimit = RLIMIT_STACK; -#endif - name = "max stack size"; - if (value == 0) - limits = initial_stack_size; - break; - case Coresize: -#ifdef RLIMIT_CORE - rlimit = RLIMIT_CORE; -#endif - name = "max core size"; - if (value == 0) - limits = initial_core_size; - break; - case Files: -#ifdef RLIMIT_NOFILE - rlimit = RLIMIT_NOFILE; -#endif - name = "max number of open files"; - if (value == 0) - limits = initial_num_files; - if ((int)value > fdlimit) - limits.rlim_cur = limits.rlim_max = value = fdlimit; - break; - default: - name = NULL; /* Make gcc happy. */ - panic("impossible condition in ns_rlimit()", NULL); - } - if (rlimit == -1) { - ns_warning(ns_log_config, - "limit \"%s\" not supported on this system - ignored", - name); - return; - } - if (getrlimit(rlimit, &old_limits) < 0) { - ns_warning(ns_log_config, "getrlimit(%s): %s", name, - strerror(errno)); - } - if (user_id != 0 && limits.rlim_max == RLIM_INFINITY) - limits.rlim_cur = limits.rlim_max = old_limits.rlim_max; - if (setrlimit(rlimit, &limits) < 0) { - ns_warning(ns_log_config, "setrlimit(%s): %s", name, - strerror(errno)); - return; - } else { - if (value == 0) - ns_debug(ns_log_config, 3, "%s is default", name); - else if (value == RLIM_INFINITY) - ns_debug(ns_log_config, 3, "%s is unlimited", name); - else -#ifdef RLIMIT_LONGLONG - ns_debug(ns_log_config, 3, "%s is %llu", name, - (unsigned long long)value); -#else - ns_debug(ns_log_config, 3, "%s is %lu", name, value); -#endif - } -} -#endif /* HAVE_GETRUSAGE */ - -listen_info_list -new_listen_info_list() { - listen_info_list ll; - - ll = (listen_info_list)memget(sizeof (struct listen_info_list)); - if (ll == NULL) - panic("memget failed in new_listen_info_list()", NULL); - ll->first = NULL; - ll->last = NULL; - return (ll); -} - -void -free_listen_info_list(listen_info_list ll) { - listen_info li, next_li; - - INSIST(ll != NULL); - for (li = ll->first; li != NULL; li = next_li) { - next_li = li->next; - free_ip_match_list(li->list); - memput(li, sizeof *li); - } - memput(ll, sizeof *ll); -} - -void -add_listen_on(options op, u_short port, ip_match_list iml) { - listen_info_list ll; - listen_info ni; - - INSIST(op != NULL); - - if (op->listen_list == NULL) - op->listen_list = new_listen_info_list(); - ll = op->listen_list; - ni = (listen_info)memget(sizeof (struct listen_info)); - if (ni == NULL) - panic("memget failed in add_listen_on", NULL); - ni->port = port; - ni->list = iml; - ni->next = NULL; - if (ll->last != NULL) - ll->last->next = ni; - ll->last = ni; - if (ll->first == NULL) - ll->first = ni; -} - -FILE * -write_open(char *filename) { - FILE *stream; - int fd; - struct stat sb; - int regular; - - if (stat(filename, &sb) < 0) { - if (errno != ENOENT) { - ns_error(ns_log_os, - "write_open: stat of %s failed: %s", - filename, strerror(errno)); - return (NULL); - } - regular = 1; - } else - regular = (sb.st_mode & S_IFREG); - - if (!regular) { - ns_error(ns_log_os, "write_open: %s isn't a regular file", - filename); - return (NULL); - } - - (void)unlink(filename); - fd = open(filename, O_WRONLY|O_CREAT|O_EXCL, - S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH); - if (fd < 0) - return (NULL); - (void) fchown(fd, user_id, group_id); - stream = fdopen(fd, "w"); - if (stream == NULL) { - (void)unlink(filename); - (void)close(fd); - } - return (stream); -} - -void -update_pid_file() { - FILE *fp; - - REQUIRE(server_options != NULL); - REQUIRE(server_options->pid_filename != NULL); - - /* XXX */ ns_debug(ns_log_default, 1, "update_pid_file()"); - if (current_pid_filename != NULL) { - (void)unlink(current_pid_filename); - current_pid_filename = freestr(current_pid_filename); - } - current_pid_filename = savestr(server_options->pid_filename, 0); - if (current_pid_filename == NULL) { - ns_error(ns_log_config, - "savestr() failed in update_pid_file()"); - return; - } - fp = write_open(current_pid_filename); - if (fp != NULL) { - (void) fprintf(fp, "%ld\n", (long)getpid()); - (void) fclose(fp); - } else - ns_error(ns_log_config, "couldn't create pid file '%s'", - server_options->pid_filename); -} - -/* - * XXX This function will eventually be public and will be relocated to - * the UNIX OS support library. - */ - -static int -os_change_directory(const char *name) { - struct stat sb; - - if (name == NULL || - *name == '\0') { - errno = EINVAL; - return (0); - } - - if (chdir(name) < 0) - return (0); - - if (stat(name, &sb) < 0) { - ns_error(ns_log_os, "stat(%s) failed: %s", name, - strerror(errno)); - return (1); - } - if (sb.st_mode & S_IWOTH) - ns_warning(ns_log_os, "directory %s is world-writable", name); - - return (1); -} - -static void -periodic_getnetconf(evContext ctx, void *uap, struct timespec due, - struct timespec inter) -{ - UNUSED(ctx); - UNUSED(uap); - UNUSED(due); - UNUSED(inter); - - getnetconf(1); -} - -static int clean_interval = 0; -static int interface_interval = 0; -static int stats_interval = 0; -static int heartbeat_interval = 0; - -static void -set_interval_timer(int which_timer, int interval) { - evTimerID *tid = NULL; - evTimerFunc func = NULL; - int changed = 0; - - switch (which_timer) { - case CLEAN_TIMER: - if (clean_interval != interval) - changed = 1; - clean_interval = interval; - tid = &clean_timer; - func = ns_cleancache; - break; - case INTERFACE_TIMER: - if (interface_interval != interval) - changed = 1; - interface_interval = interval; - tid = &interface_timer; - func = periodic_getnetconf; - break; - case STATS_TIMER: - if (stats_interval != interval) - changed = 1; - stats_interval = interval; - tid = &stats_timer; - func = ns_logstats; - break; - case HEARTBEAT_TIMER: - if (heartbeat_interval != interval) - changed = 1; - heartbeat_interval = interval; - tid = &heartbeat_timer; - func = ns_heartbeat; - break; - default: - ns_panic(ns_log_config, 1, - "set_interval_timer: unknown timer %d", which_timer); - } - if ((active_timers & which_timer) != 0) { - if (interval > 0) { - if (changed && - evResetTimer(ev, *tid, func, NULL, - evAddTime(evNowTime(), - evConsTime(interval, 0)), - evConsTime(interval, 0)) < 0) - ns_error(ns_log_config, - "evResetTimer %d interval %d failed: %s", - which_timer, interval, - strerror(errno)); - } else { - if (evClearTimer(ev, *tid) < 0) - ns_error(ns_log_config, - "evClearTimer %d failed: %s", - which_timer, strerror(errno)); - else - active_timers &= ~which_timer; - } - } else if (interval > 0) { - if (evSetTimer(ev, func, NULL, - evAddTime(evNowTime(), - evConsTime(interval, 0)), - evConsTime(interval, 0), tid) < 0) - ns_error(ns_log_config, - "evSetTimer %d interval %d failed: %s", - which_timer, interval, strerror(errno)); - else - active_timers |= which_timer; - } -} - -/* - * Set all named global options based on the global options structure - * generated by the parser. - */ -void -set_options(options op, int is_default) { - INSIST(op != NULL); - - if (op->listen_list == NULL) { - ip_match_list iml; - ip_match_element ime; - struct in_addr address; - - op->listen_list = new_listen_info_list(); - - address.s_addr = htonl(INADDR_ANY); - iml = new_ip_match_list(); - ime = new_ip_match_pattern(address, 0); - add_to_ip_match_list(iml, ime); - add_listen_on(op, htons(NS_DEFAULTPORT), iml); - } - if (op->topology == NULL) { - ip_match_list iml; - ip_match_element ime; - - /* default topology is { localhost; localnets; } */ - iml = new_ip_match_list(); - ime = new_ip_match_localhost(); - add_to_ip_match_list(iml, ime); - ime = new_ip_match_localnets(); - add_to_ip_match_list(iml, ime); - op->topology = iml; - } - if (server_options != NULL) - free_options(server_options); - server_options = op; - - /* XXX should validate pid filename */ - INSIST(op->pid_filename != NULL); - - if (op->directory && !os_change_directory(op->directory)) - ns_panic(ns_log_config, 0, "can't change directory to %s: %s", - op->directory, strerror(errno)); - - /* XXX currently a value of 0 means "use default"; it would be - better if the options block had a "attributes updated" vector - (like the way X deals with GC updates) */ - - if (!op->transfers_in) - op->transfers_in = DEFAULT_XFERS_RUNNING; - else if (op->transfers_in > MAX_XFERS_RUNNING) { - ns_warning(ns_log_config, - "the maximum number of concurrent inbound transfers is %d", - MAX_XFERS_RUNNING); - op->transfers_in = MAX_XFERS_RUNNING; - } - - if (!op->transfers_per_ns) - op->transfers_per_ns = DEFAULT_XFERS_PER_NS; - - if (!op->max_transfer_time_in) - op->max_transfer_time_in = MAX_XFER_TIME; - - /* XXX currently transfers_out is not used */ - - if (!op->max_ncache_ttl) - op->max_ncache_ttl = DEFAULT_MAX_NCACHE_TTL; - else if (op->max_ncache_ttl > max_cache_ttl) - op->max_ncache_ttl = max_cache_ttl; - - if (op->lame_ttl > (3 * NTTL)) - op->lame_ttl = 3 * NTTL; - - /* - * Limits - */ - -#ifdef HAVE_GETRUSAGE - ns_rlimit(Datasize, op->data_size); - ns_rlimit(Stacksize, op->stack_size); - ns_rlimit(Coresize, op->core_size); - ns_rlimit(Files, op->files); -#else - ns_info(ns_log_config, "cannot set resource limits on this system"); -#endif - - /* - * Timers - */ - set_interval_timer(CLEAN_TIMER, server_options->clean_interval); - set_interval_timer(INTERFACE_TIMER, - server_options->interface_interval); - set_interval_timer(STATS_TIMER, server_options->stats_interval); - set_interval_timer(HEARTBEAT_TIMER, - server_options->heartbeat_interval); - - options_installed = 1; - default_options_installed = is_default; -} - -void -use_default_options() { - set_options(new_options(), 1); -} - -/* - * rrset order types - */ -static struct res_sym order_table [] = { - { unknown_order, " unknown ", NULL }, /* can't match */ - { fixed_order, "fixed", NULL }, - { cyclic_order, "cyclic", NULL }, - { random_order, "random", NULL }, - { unknown_order, NULL, NULL } -}; - -/* - * Return the print name of the ordering value. - */ -const char * -p_order(int order) { - return (__sym_ntos(order_table, order, (int *)0)); -} - -/* - * Lookup the ordering by name and return the matching enum value. - */ -enum ordering -lookup_ordering(const char *name) { - int i; - - for (i = 0; order_table[i].name != NULL; i++) - if (strcasecmp(name,order_table[i].name) == 0) - return ((enum ordering)order_table[i].number); - return (unknown_order); -} - -/* - * rrset-order Lists - */ -rrset_order_list -new_rrset_order_list() { - rrset_order_list rol ; - - rol = (rrset_order_list)memget(sizeof (struct rrset_order_list)); - if (rol == NULL) - panic("memget failed in new_rrset_order_list", NULL); - rol->first = NULL; - rol->last = NULL; - - return (rol); -} - -void -free_rrset_order_list(rrset_order_list rol) { - rrset_order_element roe, next_element; - - for (roe = rol->first; roe != NULL; roe = next_element) { - next_element = roe->next; - roe->name = freestr(roe->name); - memput(roe, sizeof (*roe)); - } - memput(rol, sizeof (*rol)); -} - -void -add_to_rrset_order_list(rrset_order_list rol, rrset_order_element roe) { - INSIST(rol != NULL); - INSIST(roe != NULL); - - if (rol->last != NULL) - rol->last->next = roe; - roe->next = NULL; - rol->last = roe; - if (rol->first == NULL) - rol->first = roe; -} - -#ifdef notyet -/* XXX this isn't being used yet, but it probably should be. Where? */ -void -dprint_rrset_order_list(int category, rrset_order_list rol, int indent, - char *allow, char *deny) { - rrset_order_element roe ; - char spaces[40+1]; - - INSIST(rol != NULL); - - if (indent > 40) - indent = 40; - if (indent) - memset(spaces, ' ', indent); - spaces[indent] = '\0'; - - for (roe = rol->first; roe != NULL; roe = roe->next) { - ns_debug(category, 7, "%sclass %s type %s name %s order %s", - spaces, p_class(roe->class), p_type(roe->type), - roe->name, p_order(roe->order)); - } -} -#endif - -rrset_order_element -new_rrset_order_element(int class, int type, char *name, enum ordering order) -{ - rrset_order_element roe; - int i ; - - roe = (rrset_order_element)memget(sizeof (struct rrset_order_element)); - if (roe == NULL) - panic("memget failed in new_rrset_order_element", NULL); - roe->class = class ; - roe->type = type ; - roe->name = name; - roe->order = order; - - i = strlen(roe->name) - 1; - INSIST (i >= 0); - if (roe->name[i - 1] == '.') { - /* We compare from right to left so we don't need a dot on - the end. */ - roe->name[i - 1] = '\0' ; - } - - return roe ; -} - - -/* - * IP Matching Lists - */ - -ip_match_list -new_ip_match_list() { - ip_match_list iml; - - iml = (ip_match_list)memget(sizeof (struct ip_match_list)); - if (iml == NULL) - panic("memget failed in new_ip_match_list", NULL); - iml->first = NULL; - iml->last = NULL; - return (iml); -} - -void -free_ip_match_list(ip_match_list iml) { - ip_match_element ime, next_element; - - for (ime = iml->first; ime != NULL; ime = next_element) { - next_element = ime->next; - memput(ime, sizeof *ime); - } - memput(iml, sizeof *iml); -} - -ip_match_element -new_ip_match_pattern(struct in_addr address, u_int mask_bits) { - ip_match_element ime; - u_int32_t mask; - - ime = (ip_match_element)memget(sizeof (struct ip_match_element)); - if (ime == NULL) - panic("memget failed in new_ip_match_pattern", NULL); - ime->type = ip_match_pattern; - ime->flags = 0; - ime->u.direct.address = address; - if (mask_bits == 0) - /* can't shift >= the size of a type in bits, so - we deal with an empty mask here */ - mask = 0; - else { - /* set the 'mask_bits' most significant bits */ - mask = 0xffffffffU; - mask >>= (32 - mask_bits); - mask <<= (32 - mask_bits); - } - mask = ntohl(mask); - ime->u.direct.mask.s_addr = mask; - ime->next = NULL; - if (!ina_onnet(ime->u.direct.address, ime->u.direct.address, - ime->u.direct.mask)) { - memput(ime, sizeof *ime); - ime = NULL; - } - return (ime); -} - -ip_match_element -new_ip_match_mask(struct in_addr address, struct in_addr mask) { - ip_match_element ime; - - ime = (ip_match_element)memget(sizeof (struct ip_match_element)); - if (ime == NULL) - panic("memget failed in new_ip_match_pattern", NULL); - ime->type = ip_match_pattern; - ime->flags = 0; - ime->u.direct.address = address; - ime->u.direct.mask = mask; - ime->next = NULL; - if (!ina_onnet(ime->u.direct.address, ime->u.direct.address, - ime->u.direct.mask)) { - memput(ime, sizeof *ime); - ime = NULL; - } - return (ime); -} - -ip_match_element -new_ip_match_indirect(ip_match_list iml) { - ip_match_element ime; - - INSIST(iml != NULL); - - ime = (ip_match_element)memget(sizeof (struct ip_match_element)); - if (ime == NULL) - panic("memget failed in new_ip_match_indirect", NULL); - ime->type = ip_match_indirect; - ime->flags = 0; - ime->u.indirect.list = iml; - ime->next = NULL; - return (ime); -} - -ip_match_element -new_ip_match_key(DST_KEY *dst_key) { - ip_match_element ime; - - ime = (ip_match_element)memget(sizeof (struct ip_match_element)); - if (ime == NULL) - panic("memget failed in new_ip_match_key", NULL); - ime->type = ip_match_key; - ime->flags = 0; - ime->u.key.key = dst_key; - return (ime); -} - -ip_match_element -new_ip_match_localhost() { - ip_match_element ime; - - ime = (ip_match_element)memget(sizeof (struct ip_match_element)); - if (ime == NULL) - panic("memget failed in new_ip_match_localhost", NULL); - ime->type = ip_match_localhost; - ime->flags = 0; - ime->u.indirect.list = NULL; - ime->next = NULL; - return (ime); -} - -ip_match_element -new_ip_match_localnets() { - ip_match_element ime; - - ime = (ip_match_element)memget(sizeof (struct ip_match_element)); - if (ime == NULL) - panic("memget failed in new_ip_match_localnets", NULL); - ime->type = ip_match_localnets; - ime->flags = 0; - ime->u.indirect.list = NULL; - ime->next = NULL; - return (ime); -} - -void -ip_match_negate(ip_match_element ime) { - if (ime->flags & IP_MATCH_NEGATE) - ime->flags &= ~IP_MATCH_NEGATE; - else - ime->flags |= IP_MATCH_NEGATE; -} - -void -add_to_ip_match_list(ip_match_list iml, ip_match_element ime) { - INSIST(iml != NULL); - INSIST(ime != NULL); - - if (iml->last != NULL) - iml->last->next = ime; - ime->next = NULL; - iml->last = ime; - if (iml->first == NULL) - iml->first = ime; -} - -void -dprint_ip_match_list(int category, ip_match_list iml, int indent, - const char *allow, const char *deny) { - ip_match_element ime; - char spaces[40+1]; - char addr_text[sizeof "255.255.255.255"]; - char mask_text[sizeof "255.255.255.255"]; - - INSIST(iml != NULL); - - if (indent > 40) - indent = 40; - if (indent) - memset(spaces, ' ', indent); - spaces[indent] = '\0'; - - for (ime = iml->first; ime != NULL; ime = ime->next) { - switch (ime->type) { - case ip_match_pattern: - memset(addr_text, 0, sizeof addr_text); - strncpy(addr_text, inet_ntoa(ime->u.direct.address), - ((sizeof addr_text) - 1)); - memset(mask_text, 0, sizeof mask_text); - strncpy(mask_text, inet_ntoa(ime->u.direct.mask), - ((sizeof mask_text) - 1)); - ns_debug(category, 7, "%s%saddr: %s, mask: %s", - spaces, - (ime->flags & IP_MATCH_NEGATE) ? deny : allow, - addr_text, mask_text); - break; - case ip_match_localhost: - ns_debug(category, 7, "%s%slocalhost", spaces, - (ime->flags & IP_MATCH_NEGATE) ? - deny : allow); - break; - case ip_match_localnets: - ns_debug(category, 7, "%s%slocalnets", spaces, - (ime->flags & IP_MATCH_NEGATE) ? - deny : allow); - break; - case ip_match_indirect: - ns_debug(category, 7, "%s%sindirect list %p", spaces, - (ime->flags & IP_MATCH_NEGATE) ? deny : allow, - ime->u.indirect.list); - if (ime->u.indirect.list != NULL) - dprint_ip_match_list(category, - ime->u.indirect.list, - indent+2, allow, deny); - break; - case ip_match_key: - ns_debug(category, 7, "%s%skey %s", spaces, - (ime->flags & IP_MATCH_NEGATE) ? deny : allow, - ime->u.key.key->dk_key_name); - break; - default: - panic("unexpected ime type in dprint_ip_match_list()", - NULL); - } - } -} - -int -ip_match_addr_or_key(ip_match_list iml, struct in_addr address, - DST_KEY *key) -{ - ip_match_element ime; - int ret; - int indirect; - - INSIST(iml != NULL); - for (ime = iml->first; ime != NULL; ime = ime->next) { - switch (ime->type) { - case ip_match_pattern: - indirect = 0; - break; - case ip_match_indirect: - indirect = 1; - break; - case ip_match_localhost: - ime->u.indirect.list = local_addresses; - indirect = 1; - break; - case ip_match_localnets: - ime->u.indirect.list = local_networks; - indirect = 1; - break; - case ip_match_key: - if (key == NULL) { - indirect = 0; - break; - } - else { - if (ns_samename(ime->u.key.key->dk_key_name, - key->dk_key_name) == 1) - return (1); - else - continue; - } - default: - indirect = 0; - panic("unexpected ime type in ip_match_addr_or_key()", - NULL); - } - if (indirect) { - ret = ip_match_addr_or_key(ime->u.indirect.list, - address, key); - if (ret > 0) { - if (ime->flags & IP_MATCH_NEGATE) - ret = (ret) ? 0 : 1; - return (ret); - } - } else { - if (ina_onnet(address, ime->u.direct.address, - ime->u.direct.mask)) { - if (ime->flags & IP_MATCH_NEGATE) - return (0); - else - return (1); - } - } - } - return (-1); -} - -int -ip_match_address(ip_match_list iml, struct in_addr address) { - return ip_match_addr_or_key(iml, address, NULL); -} - -int -ip_addr_or_key_allowed(ip_match_list iml, struct in_addr address, - DST_KEY *key) -{ - int ret; - - if (iml == NULL) - return (0); - ret = ip_match_addr_or_key(iml, address, key); - if (ret < 0) - ret = 0; - return (ret); -} - -int -ip_address_allowed(ip_match_list iml, struct in_addr address) { - return(ip_addr_or_key_allowed(iml, address, NULL)); -} - -int -ip_match_network(ip_match_list iml, struct in_addr address, - struct in_addr mask) { - ip_match_element ime; - int ret; - int indirect; - - INSIST(iml != NULL); - for (ime = iml->first; ime != NULL; ime = ime->next) { - switch (ime->type) { - case ip_match_pattern: - indirect = 0; - break; - case ip_match_indirect: - indirect = 1; - break; - case ip_match_localhost: - ime->u.indirect.list = local_addresses; - indirect = 1; - break; - case ip_match_localnets: - ime->u.indirect.list = local_networks; - indirect = 1; - break; - case ip_match_key: - indirect = 0; - break; - default: - indirect = 0; /* Make gcc happy. */ - panic("unexpected ime type in ip_match_network()", - NULL); - } - if (indirect) { - ret = ip_match_network(ime->u.indirect.list, - address, mask); - if (ret >= 0) { - if (ime->flags & IP_MATCH_NEGATE) - ret = (ret) ? 0 : 1; - return (ret); - } - } else { - if (address.s_addr == ime->u.direct.address.s_addr && - mask.s_addr == ime->u.direct.mask.s_addr) { - if (ime->flags & IP_MATCH_NEGATE) - return (0); - else - return (1); - } - } - } - return (-1); -} - -int -distance_of_address(ip_match_list iml, struct in_addr address) { - ip_match_element ime; - int ret; - int indirect; - int distance; - - INSIST(iml != NULL); - for (distance = 1, ime = iml->first; - ime != NULL; ime = ime->next, distance++) { - switch (ime->type) { - case ip_match_pattern: - indirect = 0; - break; - case ip_match_indirect: - indirect = 1; - break; - case ip_match_localhost: - ime->u.indirect.list = local_addresses; - indirect = 1; - break; - case ip_match_localnets: - ime->u.indirect.list = local_networks; - indirect = 1; - break; - case ip_match_key: - indirect = 0; - return (-1); - default: - indirect = 0; /* Make gcc happy. */ - panic("unexpected ime type in distance_of_address()", - NULL); - } - if (indirect) { - ret = ip_match_address(ime->u.indirect.list, address); - if (ret >= 0) { - if (ime->flags & IP_MATCH_NEGATE) - ret = (ret) ? 0 : 1; - if (distance > MAX_TOPOLOGY_DISTANCE) - distance = MAX_TOPOLOGY_DISTANCE; - if (ret) - return (distance); - else - return (MAX_TOPOLOGY_DISTANCE); - } - } else { - if (ina_onnet(address, ime->u.direct.address, - ime->u.direct.mask)) { - if (distance > MAX_TOPOLOGY_DISTANCE) - distance = MAX_TOPOLOGY_DISTANCE; - if (ime->flags & IP_MATCH_NEGATE) - return (MAX_TOPOLOGY_DISTANCE); - else - return (distance); - } - } - } - return (UNKNOWN_TOPOLOGY_DISTANCE); -} - -int -ip_match_is_none(ip_match_list iml) { - ip_match_element ime; - - if ((iml == NULL) || (iml->first == NULL)) - return (1); - ime = iml->first; - if (ime->type == ip_match_indirect) { - if (ime->flags & IP_MATCH_NEGATE) - return (0); - iml = ime->u.indirect.list; - if ((iml == NULL) || (iml->first == NULL)) - return (0); - ime = iml->first; - } - if (ime->type == ip_match_pattern) { - if ((ime->flags & IP_MATCH_NEGATE) && - ime->u.direct.address.s_addr == 0 && - ime->u.direct.mask.s_addr == 0) - return (1); - } - return (0); -} - -/* - * find_forwarder finds the fwddata structure for an address, - * allocating one if we can't find one already existing. - */ - -static struct fwddata * -find_forwarder(struct in_addr address) -{ - struct fwddata *fdp; - struct fwddata **fdpp = NULL; - register int i; - - for (i = 0; i < fwddata_count; i++) { - fdp = fwddata[i]; - if (fdp == NULL) { - if (fdpp == NULL) - fdpp = &fwddata[i]; - continue; - } - if (memcmp(&fdp->fwdaddr.sin_addr, &address, - sizeof(address)) == 0) { - fdp->ref_count++; - return (fdp); - } - } - - fdp = (struct fwddata *)memget(sizeof(struct fwddata)); - if (!fdp) - panic("memget failed in find_forwarder", NULL); - - memset(&fdp->fwdaddr, 0, sizeof(fdp->fwdaddr)); - fdp->fwdaddr.sin_family = AF_INET; - fdp->fwdaddr.sin_addr = address; - fdp->fwdaddr.sin_port = ns_port; - - fdp->ns = savedata(C_IN, T_NS, 0, NULL, 0); - if (!fdp->ns) - panic("memget failed in find_forwarder", NULL); - - fdp->nsdata = savedata(C_IN, T_A, 0, NULL, 0); - if (!fdp->nsdata) - panic("memget failed in find_forwarder", NULL); - fdp->nsdata->d_nstime = 1 + (int)(25.0*rand()/(RAND_MAX + 1.0)); - - fdp->ref_count = 1; - - if (fdpp != NULL) { - *fdpp = fdp; - return (fdp); - } - - i = 0; - if (fwddata == NULL) { - fwddata = memget(sizeof *fwddata); - if (fwddata == NULL) - i = 1; - } else { - register size_t size; - register struct fwddata **an_tmp; - - size = fwddata_count * sizeof *fwddata; - an_tmp = memget(size + sizeof *fwddata); - if (an_tmp == NULL) { - i = 1; - } else { - memcpy(an_tmp, fwddata, size); - memput(fwddata, size); - fwddata = an_tmp; - } - } - - if (i == 0) { - fwddata[fwddata_count] = fdp; - fwddata_count++; - } else { - ns_warning(ns_log_config, "forwarder add failed (memget) [%s]", - inet_ntoa(address)); - } - - return (fdp); -} - -/* - * Forwarder glue - * - * XXX This will go away when the rest of bind understands - * forward zones. - */ - -static void -add_forwarder(struct fwdinfo **fipp, struct in_addr address) { - struct fwdinfo *fip = *fipp, *ftp = NULL; - struct fwddata *fdp; - -#ifdef FWD_LOOP - if (aIsUs(address)) { - ns_error(ns_log_config, "forwarder '%s' ignored, my address", - inet_ntoa(address)); - return; - } -#endif /* FWD_LOOP */ - - /* On multiple forwarder lines, move to end of the list. */ - while (fip != NULL && fip->next != NULL) - fip = fip->next; - - fdp = find_forwarder(address); - ftp = (struct fwdinfo *)memget(sizeof(struct fwdinfo)); - if (!ftp) - panic("memget failed in add_forwarder", NULL); - ftp->fwddata = fdp; - ftp->next = NULL; - if (fip == NULL) - *fipp = ftp; /* First time only */ - else - fip->next = ftp; -} - -void -free_also_notify(options op) { -#ifdef BIND_NOTIFY - memput(op->also_notify, op->notify_count * sizeof *op->also_notify); - op->also_notify = NULL; - op->notify_count = 0; -#endif -} - -int -add_global_also_notify(options op, struct in_addr address) { -#ifdef BIND_NOTIFY - int i; - - INSIST(op != NULL); - - ns_debug(ns_log_config, 2, "adding global notify %s", - inet_ntoa(address)); - - /* Check for duplicates. */ - - for (i = 0; i < op->notify_count; i++) { - if (memcmp(op->also_notify + i, - &address, sizeof address) == 0) { - ns_warning(ns_log_config, - "duplicate global also-notify address ignored [%s]", - inet_ntoa(address)); - return (1); - } - } - i = 0; - - if (op->also_notify == NULL) { - op->also_notify = memget(sizeof *op->also_notify); - if (op->also_notify == NULL) - i = 1; - } else { - register size_t size; - register struct in_addr *an_tmp; - size = op->notify_count * sizeof *op->also_notify; - an_tmp = memget(size + sizeof *op->also_notify); - if (an_tmp == NULL) { - i = 1; - } else { - memcpy(an_tmp, op->also_notify, size); - memput(op->also_notify, size); - op->also_notify = an_tmp; - } - } - if (i == 0) { - op->also_notify[op->notify_count] = address; - op->notify_count++; - } else { - ns_warning(ns_log_config, - "global also-notify add failed (memget) [%s]", - inet_ntoa(address)); - } -#endif - return (1); -} - -void -add_global_forwarder(options op, struct in_addr address) { - - INSIST(op != NULL); - - ns_debug(ns_log_config, 2, "adding default forwarder %s", - inet_ntoa(address)); - - add_forwarder(&op->fwdtab, address); -} - -void -set_zone_forward(zone_config zh) { - struct zoneinfo *zp; - zp = zh.opaque; - - zp->z_flags |= Z_FORWARD_SET; - set_zone_boolean_option(zh, OPTION_FORWARD_ONLY, 0); -} - -void -add_zone_forwarder(zone_config zh, struct in_addr address) { - struct zoneinfo *zp; - const char *zname; - - zp = zh.opaque; - INSIST(zp != NULL); - - zname = (zp->z_origin[0] == '\0') ? "." : zp->z_origin; - ns_debug(ns_log_config, 2, "adding forwarder %s for zone zone '%s'", - inet_ntoa(address), zname); - - zp->z_flags |= Z_FORWARD_SET; - - add_forwarder(&zp->z_fwdtab, address); -} - -void -free_forwarders(struct fwdinfo *fwdtab) { - struct fwdinfo *ftp, *fnext; - int i; - - for (ftp = fwdtab; ftp != NULL; ftp = fnext) { - fnext = ftp->next; - if (--ftp->fwddata->ref_count == 0) { - for (i = 0 ; i < fwddata_count; i++) - if (fwddata[i] == ftp->fwddata) { - fwddata[i] = NULL; - break; - } - db_detach(&ftp->fwddata->ns); - db_detach(&ftp->fwddata->nsdata); - memput(ftp->fwddata, sizeof *ftp->fwddata); - } - memput(ftp, sizeof *ftp); - } - fwdtab = NULL; -} - -/* - * Servers - */ - -static server_info -new_server(struct in_addr address) { - server_info si; - - si = (server_info)memget(sizeof (struct server_info)); - if (si == NULL) - panic("memget failed in new_server()", NULL); - si->address = address; - si->flags = 0U; - si->transfers = 0; - si->transfer_format = axfr_use_default; - si->key_list = NULL; - si->next = NULL; - if (server_options->flags & OPTION_MAINTAIN_IXFR_BASE) - si->flags |= SERVER_INFO_SUPPORT_IXFR; - else - si->flags &= ~SERVER_INFO_SUPPORT_IXFR; - si->flags |= SERVER_INFO_EDNS; - return (si); -} - -static void -free_server(server_info si) { - if (si->key_list) - free_key_info_list(si->key_list); - memput(si, sizeof *si); -} - -server_info -find_server(struct in_addr address) { - server_info si; - - for (si = nameserver_info; si != NULL; si = si->next) - if (si->address.s_addr == address.s_addr) - break; - return (si); -} - -static void -add_server(server_info si) { - ip_match_element ime; - - si->next = nameserver_info; - nameserver_info = si; - - /* - * To ease transition, we'll add bogus nameservers to an - * ip matching list. This will probably be redone when the - * merging of nameserver data structures occurs. - */ - if (si->flags & SERVER_INFO_BOGUS) { - ime = new_ip_match_pattern(si->address, 32); - INSIST(ime != NULL); - add_to_ip_match_list(bogus_nameservers, ime); - } - ns_debug(ns_log_config, 3, "server %s: flags %08x transfers %d", - inet_ntoa(si->address), si->flags, si->transfers); - if (si->key_list != NULL) - dprint_key_info_list(si->key_list); -} - -static void -free_nameserver_info() { - server_info si_next, si; - - for (si = nameserver_info; si != NULL; si = si_next) { - si_next = si->next; - free_server(si); - } - nameserver_info = NULL; - if (bogus_nameservers != NULL) { - free_ip_match_list(bogus_nameservers); - bogus_nameservers = NULL; - } -} - -static void -free_secretkey_info() { - if (secretkey_info != NULL) { - free_key_info_list(secretkey_info); - secretkey_info = NULL; - } -} - -server_config -begin_server(struct in_addr address) { - server_config sc; - - sc.opaque = new_server(address); - return (sc); -} - -void -end_server(server_config sc, int should_install) { - server_info si; - - si = sc.opaque; - - INSIST(si != NULL); - - if (should_install) - add_server(si); - else - free_server(si); - sc.opaque = NULL; -} - -void -set_server_option(server_config sc, int bool_opt, int value) { - server_info si; - - si = sc.opaque; - - INSIST(si != NULL); - - switch (bool_opt) { - case SERVER_INFO_BOGUS: - case SERVER_INFO_SUPPORT_IXFR: - case SERVER_INFO_EDNS: - if (value) - si->flags |= bool_opt; - else - si->flags &= ~bool_opt; - break; - default: - panic("unexpected option in set_server_option", NULL); - } -} - -void -set_server_transfers(server_config sc, int transfers) { - server_info si; - - si = sc.opaque; - - INSIST(si != NULL); - - if (transfers < 0) - transfers = 0; - si->transfers = transfers; -} - -void -set_server_transfer_format(server_config sc, - enum axfr_format transfer_format) { - server_info si; - - si = sc.opaque; - - INSIST(si != NULL); - - si->transfer_format = transfer_format; -} - -void -add_server_key_info(server_config sc, DST_KEY *dst_key) { - server_info si; - - si = sc.opaque; - - INSIST(si != NULL); - - if (si->key_list == NULL) - si->key_list = new_key_info_list(); - add_to_key_info_list(si->key_list, dst_key); -} - -/* - * Keys - */ - -DST_KEY * -new_key_info(char *name, char *algorithm, char *secret) { - DST_KEY *dst_key; - int alg, blen; - u_char buffer[1024]; - - INSIST(name != NULL); - INSIST(algorithm != NULL); - INSIST(secret != NULL); - alg = tsig_alg_value(algorithm); - if (alg == -1) { - ns_warning(ns_log_config, "Unsupported TSIG algorithm %s", - algorithm); - return (NULL); - } - - blen = b64_pton(secret, buffer, sizeof(buffer)); - if (blen < 0) { - ns_warning(ns_log_config, "Invalid TSIG secret \"%s\"", secret); - return (NULL); - } - dst_key = dst_buffer_to_key(name, alg, - NS_KEY_TYPE_AUTH_ONLY|NS_KEY_NAME_ENTITY, - NS_KEY_PROT_ANY, buffer, blen); - if (dst_key == NULL) - ns_warning(ns_log_config, - "dst_buffer_to_key failed in new_key_info"); - return (dst_key); -} - -void -free_key_info(DST_KEY *dst_key) { - INSIST(dst_key != NULL); - dst_free_key(dst_key); -} - -DST_KEY * -find_key(char *name, char *algorithm) { - key_list_element ke; - - if (secretkey_info == NULL) - return (NULL); - - for (ke = secretkey_info->first; ke != NULL; ke = ke->next) { - DST_KEY *dst_key = ke->key; - - if (ns_samename(name, dst_key->dk_key_name) != 1) - continue; - if (algorithm == NULL || - dst_key->dk_alg == tsig_alg_value(algorithm)) - break; - } - if (ke == NULL) - return (NULL); - return (ke->key); -} - -void -dprint_key_info(DST_KEY *dst_key) { - INSIST(dst_key != NULL); - ns_debug(ns_log_config, 7, "key %s", dst_key->dk_key_name); - ns_debug(ns_log_config, 7, " algorithm %d", dst_key->dk_alg); -} - -key_info_list -new_key_info_list() { - key_info_list kil; - - kil = (key_info_list)memget(sizeof (struct key_info_list)); - if (kil == NULL) - panic("memget failed in new_key_info_list()", NULL); - kil->first = NULL; - kil->last = NULL; - return (kil); -} - -void -free_key_info_list(key_info_list kil) { - key_list_element kle, kle_next; - - INSIST(kil != NULL); - for (kle = kil->first; kle != NULL; kle = kle_next) { - kle_next = kle->next; - /* note we do NOT free kle->info */ - memput(kle, sizeof *kle); - } - memput(kil, sizeof *kil); -} - -void -add_to_key_info_list(key_info_list kil, DST_KEY *dst_key) { - key_list_element kle; - - INSIST(kil != NULL); - INSIST(dst_key != NULL); - - kle = (key_list_element)memget(sizeof (struct key_list_element)); - if (kle == NULL) - panic("memget failed in add_to_key_info_list()", NULL); - kle->key = dst_key; - if (kil->last != NULL) - kil->last->next = kle; - kle->next = NULL; - kil->last = kle; - if (kil->first == NULL) - kil->first = kle; -} - -void -dprint_key_info_list(key_info_list kil) { - key_list_element kle; - - INSIST(kil != NULL); - - for (kle = kil->first; kle != NULL; kle = kle->next) - dprint_key_info(kle->key); -} - -/* - * Logging. - */ - -log_config -begin_logging() { - log_config log_cfg; - log_context lc; - - log_cfg = (log_config)memget(sizeof (struct log_config)); - if (log_cfg == NULL) - ns_panic(ns_log_config, 0, - "memget failed creating log_config"); - if (log_new_context(ns_log_max_category, logging_categories, &lc) < 0) - ns_panic(ns_log_config, 0, - "log_new_context() failed: %s", strerror(errno)); - log_cfg->log_ctx = lc; - log_cfg->eventlib_channel = NULL; - log_cfg->packet_channel = NULL; - log_cfg->default_debug_active = 0; - return (log_cfg); -} - -void -add_log_channel(log_config log_cfg, int category, log_channel chan) { - log_channel_type type; - - INSIST(log_cfg != NULL); - - type = log_get_channel_type(chan); - if (category == ns_log_eventlib) { - if (type != log_file && type != log_null) { - ns_error(ns_log_config, - "must specify a file or null channel for the eventlib category"); - return; - } - if (log_cfg->eventlib_channel != NULL) { - ns_error(ns_log_config, - "only one channel allowed for the eventlib category"); - return; - } - log_cfg->eventlib_channel = chan; - } - if (category == ns_log_packet) { - if (type != log_file && type != log_null) { - ns_error(ns_log_config, - "must specify a file or null channel for the packet category"); - return; - } - if (log_cfg->packet_channel != NULL) { - ns_error(ns_log_config, - "only one channel allowed for the packet category"); - return; - } - log_cfg->packet_channel = chan; - } - - if (log_add_channel(log_cfg->log_ctx, category, chan) < 0) { - ns_error(ns_log_config, "log_add_channel() failed"); - return; - } - - if (chan == debug_channel) - log_cfg->default_debug_active = 1; -} - -void -open_special_channels() { - int using_null = 0; - - if (log_open_stream(eventlib_channel) == NULL) { - eventlib_channel = null_channel; - using_null = 1; - } - if (log_open_stream(packet_channel) == NULL) { - packet_channel = null_channel; - using_null = 1; - } - - if (using_null && - log_open_stream(null_channel) == NULL) - ns_panic(ns_log_config, 1, "couldn't open null channel"); -} - -void -set_logging(log_config log_cfg, int is_default) { - log_context lc; - - INSIST(log_cfg != NULL); - lc = log_cfg->log_ctx; - - /* - * Add the default category if it's not in the context already. - */ - if (!log_category_is_active(lc, ns_log_default)) { - add_log_channel(log_cfg, ns_log_default, debug_channel); - add_log_channel(log_cfg, ns_log_default, syslog_channel); - } - - /* - * Add the panic category if it's not in the context already. - */ - if (!log_category_is_active(lc, ns_log_panic)) { - add_log_channel(log_cfg, ns_log_panic, stderr_channel); - add_log_channel(log_cfg, ns_log_panic, syslog_channel); - } - - /* - * Add the eventlib category if it's not in the context already. - */ - if (!log_category_is_active(lc, ns_log_eventlib)) - add_log_channel(log_cfg, ns_log_eventlib, debug_channel); - - /* - * Add the packet category if it's not in the context already. - */ - if (!log_category_is_active(lc, ns_log_packet)) - add_log_channel(log_cfg, ns_log_packet, debug_channel); - -#ifdef DEBUG - /* - * Preserve debugging state. - */ - log_option(lc, LOG_OPTION_DEBUG, debug); - log_option(lc, LOG_OPTION_LEVEL, debug); -#endif - - /* - * Special case for query-log, so we can co-exist with the command - * line option and SIGWINCH. - */ - if (log_category_is_active(lc, ns_log_queries)) - qrylog = 1; - - /* - * Cleanup the old context. - */ - if (need_logging_free) - log_free_context(log_ctx); - - /* - * The default file channels will never have their reference counts - * drop to zero, and so they will not be closed by the logging system - * when log_free_context() is called. We don't want to keep files - * open unnecessarily, and we want them to behave like user-created - * channels, so we close them here. - */ - if (log_get_stream(debug_channel) != stderr) - (void)log_close_stream(debug_channel); - (void)log_close_stream(null_channel); - - /* - * Install the new context. - */ - log_ctx = lc; - eventlib_channel = log_cfg->eventlib_channel; - packet_channel = log_cfg->packet_channel; - -#ifdef DEBUG - if (debug) { - open_special_channels(); - evSetDebug(ev, debug, log_get_stream(eventlib_channel)); - } -#endif - - log_ctx_valid = 1; - need_logging_free = 1; - logging_installed = 1; - default_logging_installed = is_default; -} - -void -end_logging(log_config log_cfg, int should_install) { - if (should_install) - set_logging(log_cfg, 0); - else - log_free_context(log_cfg->log_ctx); - memput(log_cfg, sizeof (struct log_config)); -} - -void -use_default_logging() { - log_config log_cfg; - - log_cfg = begin_logging(); - set_logging(log_cfg, 1); - memput(log_cfg, sizeof (struct log_config)); -} - -static void -init_default_log_channels() { - u_int flags; - const char *name; - FILE *stream; - - syslog_channel = log_new_syslog_channel(0, log_info, ISC_FACILITY); - if (syslog_channel == NULL || log_inc_references(syslog_channel) < 0) - ns_panic(ns_log_config, 0, "couldn't create syslog_channel"); - - flags = LOG_USE_CONTEXT_LEVEL|LOG_REQUIRE_DEBUG; - if (foreground) { - name = NULL; - stream = stderr; - } else { - name = _PATH_DEBUG; - stream = NULL; - } - debug_channel = log_new_file_channel(flags, log_info, name, stream, - 0, ULONG_MAX); - if (debug_channel == NULL || log_inc_references(debug_channel) < 0) - ns_panic(ns_log_config, 0, "couldn't create debug_channel"); - log_set_file_owner(debug_channel, user_id, group_id); - - stderr_channel = log_new_file_channel(0, log_info, NULL, stderr, - 0, ULONG_MAX); - if (stderr_channel == NULL || log_inc_references(stderr_channel) < 0) - ns_panic(ns_log_config, 0, "couldn't create stderr_channel"); - log_set_file_owner(stderr_channel, user_id, group_id); - - null_channel = log_new_file_channel(LOG_CHANNEL_OFF, log_info, - _PATH_DEVNULL, NULL, 0, ULONG_MAX); - if (null_channel == NULL || log_inc_references(null_channel) < 0) - ns_panic(ns_log_config, 0, "couldn't create null_channel"); - log_set_file_owner(null_channel, user_id, group_id); -} - -static void -shutdown_default_log_channels() { - log_free_channel(syslog_channel); - log_free_channel(debug_channel); - log_free_channel(stderr_channel); - log_free_channel(null_channel); -} - -void -init_logging() { - int size; - const struct ns_sym *s; - char category_name[256]; - - size = ns_log_max_category * (sizeof (char *)); - - logging_categories = (char **)memget(size); - if (logging_categories == NULL) - ns_panic(ns_log_config, 0, "memget failed in init_logging"); - memset(logging_categories, 0, size); - for (s = category_constants; s != NULL && s->name != NULL; s++) { - sprintf(category_name, "%s: ", s->name); - logging_categories[s->number] = savestr(category_name, 1); - } - - init_default_log_channels(); - use_default_logging(); -} - -void -shutdown_logging() { - int size; - const struct ns_sym *s; - - evSetDebug(ev, 0, NULL); - shutdown_default_log_channels(); - log_free_context(log_ctx); - - for (s = category_constants; s != NULL && s->name != NULL; s++) - logging_categories[s->number] = - freestr(logging_categories[s->number]); - size = ns_log_max_category * (sizeof (char *)); - memput(logging_categories, size); - logging_categories = NULL; -} - -/* - * Main Loader - */ - -void -init_configuration() { - /* - * Remember initial limits for use if "default" is specified in - * a config file. - */ -#ifdef HAVE_GETRUSAGE - get_initial_limits(); -#endif - zone_symbol_table = new_symbol_table(ZONE_SYM_TABLE_SIZE, NULL); - use_default_options(); - parser_initialize(); - ns_ctl_initialize(); - config_initialized = 1; -} - -void -shutdown_configuration() { - REQUIRE(config_initialized); - - ns_ctl_shutdown(); - if (server_options != NULL) { - free_options(server_options); - server_options = NULL; - } - if (current_pid_filename != NULL) - current_pid_filename = freestr(current_pid_filename); - free_nameserver_info(); - free_secretkey_info(); - free_symbol_table(zone_symbol_table); - parser_shutdown(); - if (fwddata != NULL) - memput(fwddata, fwddata_count * sizeof *fwddata); - fwddata = NULL; - fwddata_count = 0; - config_initialized = 0; -} - -time_t -load_configuration(const char *filename) { - time_t mtime; - - REQUIRE(config_initialized); - - ns_debug(ns_log_config, 3, "load configuration %s", filename); - - loading = 1; - - /* - * Clean up any previous configuration and initialize - * global data structures we'll be updating. - */ - free_nameserver_info(); - free_secretkey_info(); - bogus_nameservers = new_ip_match_list(); - - options_installed = 0; - logging_installed = 0; - - mtime = parse_configuration(filename); - - /* - * If the user didn't specify logging or options, but they previously - * had specified one or both of them, then we need to - * re-establish the default environment. We have to be careful - * about when we install default options because the parser - * must respect limits (e.g. data-size, number of open files) - * specified in the options file. In the ordinary case where the - * options section isn't changing on a zone reload, it would be bad - * to lower these limits temporarily, because we might not survive - * to the point where they get raised back again. The logging case - * has similar motivation -- we don't want to override the existing - * logging scheme (perhaps causing log messages to go somewhere - * unexpected) when the user hasn't expressed a desire for a new - * scheme. - */ - if (!logging_installed) - use_default_logging(); - if (!options_installed && !default_options_installed) { - use_default_options(); - ns_warning(ns_log_config, "re-establishing default options"); - } - - update_pid_file(); - - /* Init or reinit the interface/port list and associated sockets. */ - getnetconf(0); - opensocket_f(); - - initial_configuration = 0; - loading = 0; - /* release queued notifies */ - notify_afterload(); - return (mtime); -} diff --git a/contrib/bind/bin/named/ns_ctl.c b/contrib/bind/bin/named/ns_ctl.c deleted file mode 100644 index ced69d5..0000000 --- a/contrib/bind/bin/named/ns_ctl.c +++ /dev/null @@ -1,1147 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ctl.c,v 8.48 2002/07/29 02:06:56 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1997-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* Extern. */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <errno.h> -#include <limits.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> -#include <unistd.h> -#include <fcntl.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include "port_after.h" - -#include "named.h" - -/* Defs. */ - -#define CONTROL_FOUND 0x0001 /* for mark and sweep. */ -#define MAX_STR_LEN 500 - -struct control { - LINK(struct control) link; - enum { t_dead, t_inet, t_unix } type; - struct ctl_sctx *sctx; - u_int flags; - union { - struct { - struct sockaddr_in in; - ip_match_list allow; - } v_inet; -#ifndef NO_SOCKADDR_UN - struct { - struct sockaddr_un un; - mode_t mode; - uid_t owner; - gid_t group; - } v_unix; -#endif - } var; -}; - -/* Forward. */ - -static struct ctl_sctx *mksrvr(control, const struct sockaddr *, size_t); -static control new_control(void); -static void free_control(controls *, control); -static void free_controls(controls *); -static int match_control(control, control); -static control find_control(controls, control); -static void propagate_changes(const control, control); -static void install(control); -static void install_inet(control); -static void install_unix(control); -static void logger(enum ctl_severity, const char *fmt, ...) - ISC_FORMAT_PRINTF(2,3); -static void verb_connect(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_getpid(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void getpid_closure(struct ctl_sctx *, struct ctl_sess *, - void *); -static void verb_status(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void status_closure(struct ctl_sctx *, struct ctl_sess *, - void *); -static void verb_stop(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_exec(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void exec_closure(struct ctl_sctx *, struct ctl_sess *, - void *); -static void verb_reload(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_reconfig(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_dumpdb(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_stats(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_trace(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void trace_closure(struct ctl_sctx *, struct ctl_sess *, - void *); -static void verb_notrace(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_querylog(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_help(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_quit(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); -static void verb_args(struct ctl_sctx *, struct ctl_sess *, - const struct ctl_verb *, - const char *, u_int, const void *, void *); - -/* Private data. */ - -static controls server_controls; - -static struct ctl_verb verbs[] = { - { "", verb_connect, ""}, - { "getpid", verb_getpid, "getpid"}, - { "status", verb_status, "status"}, - { "stop", verb_stop, "stop"}, - { "exec", verb_exec, "exec"}, - { "reload", verb_reload, "reload [zone] ..."}, - { "reconfig", verb_reconfig, "reconfig [-noexpired] (just sees new/gone zones)"}, - { "dumpdb", verb_dumpdb, "dumpdb"}, - { "stats", verb_stats, "stats [clear]"}, - { "trace", verb_trace, "trace [level]"}, - { "notrace", verb_notrace, "notrace"}, - { "querylog", verb_querylog, "querylog"}, - { "qrylog", verb_querylog, "qrylog"}, - { "help", verb_help, "help"}, - { "quit", verb_quit, "quit"}, - { "args", verb_args, "args"}, - { NULL, NULL, NULL} -}; - -/* Public functions. */ - -void -ns_ctl_initialize(void) { - INIT_LIST(server_controls); -} - -void -ns_ctl_shutdown(void) { - if (!EMPTY(server_controls)) - free_controls(&server_controls); -} - -void -ns_ctl_defaults(controls *list) { -#ifdef NO_SOCKADDR_UN - struct in_addr saddr; - ip_match_list iml; - ip_match_element ime; - - /* - * If the operating system does not support local domain sockets, - * connect with ndc on 127.0.0.1, port 101, and only allow - * connections from 127.0.0.1. - */ - saddr.s_addr = htonl (INADDR_LOOPBACK); - iml = new_ip_match_list(); - ime = new_ip_match_pattern(saddr, 32); - add_to_ip_match_list(iml, ime); - - ns_ctl_add(list, ns_ctl_new_inet(saddr, htons (101), iml)); -#else -#ifdef NEED_SECURE_DIRECTORY - ns_ctl_add(list, ns_ctl_new_unix(_PATH_NDCSOCK, 0700, 0, 0)); -#else - ns_ctl_add(list, ns_ctl_new_unix(_PATH_NDCSOCK, 0600, 0, 0)); -#endif -#endif /*NO_SOCKADDR_UN*/ -} - -void -ns_ctl_add(controls *list, control new) { - if (!find_control(*list, new)) - APPEND(*list, new, link); -} - -control -ns_ctl_new_inet(struct in_addr saddr, u_int sport, ip_match_list allow) { - control new = new_control(); - - INIT_LINK(new, link); - new->type = t_inet; - memset(&new->var.v_inet.in, 0, sizeof new->var.v_inet.in); - new->var.v_inet.in.sin_family = AF_INET; - new->var.v_inet.in.sin_addr = saddr; - new->var.v_inet.in.sin_port = sport; - new->var.v_inet.allow = allow; - return (new); -} - -#ifndef NO_SOCKADDR_UN -control -ns_ctl_new_unix(const char *path, mode_t mode, uid_t owner, gid_t group) { - control new = new_control(); - - INIT_LINK(new, link); - new->type = t_unix; - memset(&new->var.v_unix.un, 0, sizeof new->var.v_unix.un); - new->var.v_unix.un.sun_family = AF_UNIX; - strncpy(new->var.v_unix.un.sun_path, path, - sizeof new->var.v_unix.un.sun_path - 1); - new->var.v_unix.mode = mode; - new->var.v_unix.owner = owner; - new->var.v_unix.group = group; - return (new); -} -#endif - -void -ns_ctl_install(controls *new) { - control ctl, old, next; - - /* Find all the controls which aren't new or deleted. */ - for (ctl = HEAD(server_controls); ctl != NULL; ctl = NEXT(ctl, link)) - ctl->flags &= ~CONTROL_FOUND; - for (ctl = HEAD(*new); ctl != NULL; ctl = next) { - next = NEXT(ctl, link); - old = find_control(server_controls, ctl); - if (old != NULL) { - old->flags |= CONTROL_FOUND; - propagate_changes(ctl, old); - if (old->sctx == NULL) - free_control(&server_controls, old); - free_control(new, ctl); - } - } - - /* Destroy any old controls which weren't found. */ - for (ctl = HEAD(server_controls); ctl != NULL; ctl = next) { - next = NEXT(ctl, link); - if ((ctl->flags & CONTROL_FOUND) == 0) - free_control(&server_controls, ctl); - } - - /* Add any new controls which were found. */ - for (ctl = HEAD(*new); ctl != NULL; ctl = next) { - next = NEXT(ctl, link); - UNLINK(*new, ctl, link); - APPEND(server_controls, ctl, link); - install(ctl); - if (ctl->sctx == NULL) - free_control(&server_controls, ctl); - } -} - -/* Private functions. */ - -static struct ctl_sctx * -mksrvr(control ctl, const struct sockaddr *sa, size_t salen) { - return (ctl_server(ev, sa, salen, verbs, 500, 222, - 600, 5, 10, logger, ctl)); -} - -static control -new_control(void) { - control new = memget(sizeof *new); - - if (new == NULL) - panic("memget failed in new_control()", NULL); - new->type = t_dead; - new->sctx = NULL; - return (new); -} - -static void -free_control(controls *list, control this) { - int was_live = 0; - struct stat sb; - - if (this->sctx != NULL) { - ctl_endserver(this->sctx); - this->sctx = NULL; - was_live = 1; - } - switch (this->type) { - case t_inet: - if (this->var.v_inet.allow != NULL) { - free_ip_match_list(this->var.v_inet.allow); - this->var.v_inet.allow = NULL; - } - break; -#ifndef NO_SOCKADDR_UN - case t_unix: - /* XXX Race condition. */ - if (was_live && - stat(this->var.v_unix.un.sun_path, &sb) == 0 && - (S_ISSOCK(sb.st_mode) || S_ISFIFO(sb.st_mode))) { - /* XXX Race condition. */ - unlink(this->var.v_unix.un.sun_path); - } - break; -#endif - default: - panic("impossible type in free_control", NULL); - /* NOTREACHED */ - } - UNLINK(*list, this, link); - memput(this, sizeof *this); -} - -static void -free_controls(controls *list) { - control ctl, next; - - for (ctl = HEAD(*list); ctl != NULL; ctl = next) { - next = NEXT(ctl, link); - free_control(list, ctl); - } - INIT_LIST(*list); -} - -static int -match_control(control l, control r) { - int match = 1; - - if (l->type != r->type) - match = 0; - else - switch (l->type) { - case t_inet: - if (l->var.v_inet.in.sin_family != - r->var.v_inet.in.sin_family || - l->var.v_inet.in.sin_port != - r->var.v_inet.in.sin_port || - l->var.v_inet.in.sin_addr.s_addr != - r->var.v_inet.in.sin_addr.s_addr) - match = 0; - break; -#ifndef NO_SOCKADDR_UN - case t_unix: - if (l->var.v_unix.un.sun_family != - r->var.v_unix.un.sun_family || - strcmp(l->var.v_unix.un.sun_path, - r->var.v_unix.un.sun_path) != 0) - match = 0; - break; -#endif - default: - panic("impossible type in match_control", NULL); - /* NOTREACHED */ - } - ns_debug(ns_log_config, 20, "match_control(): %d", match); - return (match); -} - -static control -find_control(controls list, control new) { - control ctl; - - for (ctl = HEAD(list); ctl != NULL; ctl = NEXT(ctl, link)) - if (match_control(ctl, new)) - return (ctl); - return (NULL); -} - -static void -propagate_changes(const control diff, control base) { - int need_install = 0; - - switch (base->type) { - case t_inet: - if (base->var.v_inet.allow != NULL) - free_ip_match_list(base->var.v_inet.allow); - base->var.v_inet.allow = diff->var.v_inet.allow; - diff->var.v_inet.allow = NULL; - need_install++; - break; -#ifndef NO_SOCKADDR_UN - case t_unix: - if (base->var.v_unix.mode != diff->var.v_unix.mode) { - base->var.v_unix.mode = diff->var.v_unix.mode; - need_install++; - } - if (base->var.v_unix.owner != diff->var.v_unix.owner) { - base->var.v_unix.owner = diff->var.v_unix.owner; - need_install++; - } - if (base->var.v_unix.group != diff->var.v_unix.group) { - base->var.v_unix.group = diff->var.v_unix.group; - need_install++; - } - break; -#endif - default: - panic("impossible type in ns_ctl::propagate_changes", NULL); - /* NOTREACHED */ - } - if (need_install) - install(base); -} - -static void -install(control ctl) { - switch (ctl->type) { - case t_inet: - install_inet(ctl); - break; -#ifndef NO_SOCKADDR_UN - case t_unix: - install_unix(ctl); - break; -#endif - default: - panic("impossible type in ns_ctl::install", NULL); - /* NOTREACHED */ - } -} - -static void -install_inet(control ctl) { - if (ctl->sctx == NULL) { - ctl->sctx = mksrvr(ctl, - (struct sockaddr *)&ctl->var.v_inet.in, - sizeof ctl->var.v_inet.in); - } -} - -#ifndef NO_SOCKADDR_UN -/* - * Unattach an old unix domain socket if it exists. - */ -static void -unattach(control ctl) { - int s; - struct stat sb; - - s = socket(AF_UNIX, SOCK_STREAM, 0); - if (s < 0) { - ns_warning(ns_log_config, - "unix control \"%s\" socket failed: %s", - ctl->var.v_unix.un.sun_path, - strerror(errno)); - return; - } - - if (stat(ctl->var.v_unix.un.sun_path, &sb) < 0) { - switch (errno) { - case ENOENT: /* We exited cleanly last time */ - break; - default: - ns_warning(ns_log_config, - "unix control \"%s\" stat failed: %s", - ctl->var.v_unix.un.sun_path, - strerror(errno)); - break; - } - goto cleanup; - } - - if (!(S_ISSOCK(sb.st_mode) || S_ISFIFO(sb.st_mode))) { - ns_warning(ns_log_config, "unix control \"%s\" not socket", - ctl->var.v_unix.un.sun_path); - goto cleanup; - } - - if (connect(s, (struct sockaddr *)&ctl->var.v_unix.un, - sizeof ctl->var.v_unix.un) < 0) { - switch (errno) { - case ECONNREFUSED: - case ECONNRESET: - if (unlink(ctl->var.v_unix.un.sun_path) < 0) - ns_warning(ns_log_config, - "unix control \"%s\" unlink failed: %s", - ctl->var.v_unix.un.sun_path, - strerror(errno)); - break; - default: - ns_warning(ns_log_config, - "unix control \"%s\" connect failed: %s", - ctl->var.v_unix.un.sun_path, - strerror(errno)); - break; - } - } - cleanup: - close(s); -} - -static void -install_unix(control ctl) { - char *path; -#ifdef NEED_SECURE_DIRECTORY - char *slash; - - path = savestr(ctl->var.v_unix.un.sun_path, 1); - - slash = strrchr(path, '/'); - if (slash != NULL) { - if (slash != path) - *slash = '\0'; - else { - (void)freestr(path); - path = savestr("/", 1); - } - } else { - (void)freestr(path); - path = savestr(".", 1); - } - if (mkdir(path, ctl->var.v_unix.mode) < 0) { - if (errno != EEXIST) { - ns_warning(ns_log_config, - "unix control \"%s\" mkdir failed: %s", - path, strerror(errno)); - } - } -#else - path = ctl->var.v_unix.un.sun_path; -#endif - - if (ctl->sctx == NULL) { - unattach(ctl); - ctl->sctx = mksrvr(ctl, - (struct sockaddr *)&ctl->var.v_unix.un, - sizeof ctl->var.v_unix.un); - } - if (ctl->sctx != NULL) { - /* XXX Race condition. */ - if (chmod(path, ctl->var.v_unix.mode) < 0) { - ns_warning(ns_log_config, "chmod(\"%s\", 0%03o): %s", - ctl->var.v_unix.un.sun_path, - ctl->var.v_unix.mode, - strerror(errno)); - } - if (chown(path, ctl->var.v_unix.owner, - ctl->var.v_unix.group) < 0) { - ns_warning(ns_log_config, "chown(\"%s\", %d, %d): %s", - ctl->var.v_unix.un.sun_path, - ctl->var.v_unix.owner, - ctl->var.v_unix.group, - strerror(errno)); - } - } -#ifdef NEED_SECURE_DIRECTORY - (void)freestr(path); -#endif -} -#endif - -static void -logger(enum ctl_severity ctlsev, const char *format, ...) { - va_list args; - int logsev; - - switch (ctlsev) { - case ctl_debug: logsev = log_debug(5); break; - case ctl_warning: logsev = log_warning; break; - case ctl_error: logsev = log_error; break; - default: logsev = 0; - panic("invalid ctlsev in logger", NULL); - } - if (!log_ctx_valid) - return; - va_start(args, format); - log_vwrite(log_ctx, ns_log_control, logsev, format, args); - va_end(args); -} - -static void -verb_connect(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - const struct sockaddr *sa = (const struct sockaddr *)respctx; - control nsctl = (control)uctx; - - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - - if (sa->sa_family == AF_INET) { - const struct sockaddr_in *in = (const struct sockaddr_in *)sa; - const ip_match_list acl = nsctl->var.v_inet.allow; - - if (!ip_address_allowed(acl, in->sin_addr)) { - ctl_response(sess, 502, "Permission denied.", - CTL_EXIT, NULL, NULL, NULL, NULL, 0); - return; - } - } - ctl_response(sess, 220, server_options->version, 0, NULL, NULL, NULL, - NULL, 0); -} - -static void -verb_getpid(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - char *msg = memget(MAX_STR_LEN); - - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - if (msg == NULL) { - ctl_response(sess, 503, "(out of memory)", 0, - NULL, NULL, NULL, NULL, 0); - return; - } - sprintf(msg, "my pid is <%ld>", (long)getpid()); - ctl_response(sess, 250, msg, 0, NULL, getpid_closure, msg, NULL, 0); -} - -static void -getpid_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { - char *msg = uap; - - UNUSED(sctx); - UNUSED(sess); - - memput(msg, MAX_STR_LEN); -} - -enum state { - e_version = 0, - e_config, - e_nzones, - e_debug, - e_xfersrun, - e_xfersdfr, - e_qserials, - e_qrylog, - e_priming, - e_finito -}; - -struct pvt_status { - enum state state; - char text[MAX_STR_LEN]; -}; - -static void -verb_status(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - struct pvt_status *pvt = ctl_getcsctx(sess); - - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - if (pvt == NULL) { - pvt = memget(sizeof *pvt); - if (pvt == NULL) { - ctl_response(sess, 505, "(out of memory)", - 0, NULL, NULL, NULL, NULL, 0); - return; - } - pvt->state = (enum state)0; - (void)ctl_setcsctx(sess, pvt); - } - switch (pvt->state++) { - case e_version: - strncpy(pvt->text, Version, sizeof pvt->text); - pvt->text[sizeof pvt->text - 1] = '\0'; - break; - case e_config: - sprintf(pvt->text, "config (%s) last loaded at age: %24s", - conffile, ctime(&confmtime)); - break; - case e_nzones: - sprintf(pvt->text, "number of zones allocated: %d", nzones); - break; - case e_debug: - sprintf(pvt->text, "debug level: %d", debug); - break; - case e_xfersrun: - sprintf(pvt->text, "xfers running: %d", xfers_running); - break; - case e_xfersdfr: - sprintf(pvt->text, "xfers deferred: %d", xfers_deferred); - break; - case e_qserials: - sprintf(pvt->text, "soa queries in progress: %d", - qserials_running); - break; - case e_qrylog: - sprintf(pvt->text, "query logging is %s", - qrylog ? "ON" : "OFF"); - break; - case e_priming: - if (priming) - sprintf(pvt->text, "server is initialising itself"); - else - sprintf(pvt->text, "server is up and running"); - break; - case e_finito: - return; - } - ctl_response(sess, 250, pvt->text, - (pvt->state == e_finito) ? 0 : CTL_MORE, - NULL, status_closure, NULL, NULL, 0); -} - -static void -status_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { - struct pvt_status *pvt = ctl_getcsctx(sess); - - UNUSED(sctx); - UNUSED(uap); - - memput(pvt, sizeof *pvt); - ctl_setcsctx(sess, NULL); -} - -static void -verb_stop(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - ns_need(main_need_exit); - ctl_response(sess, 250, "Shutdown initiated.", 0, NULL, NULL, NULL, - NULL, 0); -} - -static void -verb_exec(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - struct stat sb; - - UNUSED(ctl); - UNUSED(verb); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - if (rest != NULL && *rest != '\0') { - if (stat(rest, &sb) < 0) { - ctl_response(sess, 503, strerror(errno), - 0, NULL, NULL, NULL, NULL, 0); - return; - } - saved_argv[0] = savestr(rest, 1); /* Never strfreed. */ - } - - if (stat(saved_argv[0], &sb) < 0) { - const char *save = strerror(errno); - - ns_warning(ns_log_default, "can't exec, %s: %s", - saved_argv[0], save); - ctl_response(sess, 502, save, 0, NULL, NULL, NULL, - NULL, 0); - } else if (user_name != NULL || group_name != NULL) { - ctl_response(sess, 502, - "can't exec as user or group was specified", - 0, NULL, NULL, NULL, NULL, 0); - } else { - ctl_response(sess, 250, "Restart initiated.", 0, NULL, - exec_closure, NULL, NULL, 0); - } -} - -static void -exec_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { - - UNUSED(sctx); - UNUSED(sess); - UNUSED(uap); - ns_need(main_need_restart); -} - -static void -verb_reload(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - static const char spaces[] = " \t"; - struct zoneinfo *zp; - char *tmp = NULL, *x; - const char *cl; - const char *msg; - int class, code, success; - - UNUSED(ctl); - UNUSED(verb); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - /* If there are no args, this is a classic reload of the config. */ - if (rest == NULL || *rest == '\0') { - ns_need(main_need_reload); - code = 250; - msg = "Reload initiated."; - goto respond; - } - - /* Look for optional zclass argument. Default is "in". */ - tmp = savestr(rest, 1); - x = tmp + strcspn(tmp, spaces); - if (*x != '\0') { - *x++ = '\0'; - x += strspn(x, spaces); - } - cl = (x == NULL || *x == '\0') ? "in" : x; - class = res_nametoclass(cl, &success); - if (!success) { - code = 507; - msg = "unrecognized class"; - goto respond; - } - - /* Look for the zone, and do the right thing to it. */ - zp = find_zone(tmp, class); - if (zp == NULL) { - code = 506; - msg = "Zone not found."; - goto respond; - } - switch (zp->z_type) { - case z_master: - ns_stopxfrs(zp); - /*FALLTHROUGH*/ - case z_hint: - block_signals(); - code = 251; - msg = deferred_reload_unsafe(zp); - unblock_signals(); - break; - case z_slave: - case z_stub: - ns_stopxfrs(zp); - if (zonefile_changed_p(zp)) - zp->z_serial = 0; /* force xfer */ - addxfer(zp); - code = 251; - msg = "Slave transfer queued."; - goto respond; - case z_forward: - case z_cache: - default: - msg = "Non reloadable zone."; - code = 507; - break; - } - - respond: - ctl_response(sess, code, msg, 0, NULL, NULL, NULL, NULL, 0); - if (tmp != NULL) - (void)freestr(tmp); -} - -static void -verb_reconfig(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - UNUSED(ctl); - UNUSED(verb); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - if (strcmp(rest, "-noexpired") != 0) - ns_need(main_need_reconfig); - else - ns_need(main_need_noexpired); - ctl_response(sess, 250, "Reconfig initiated.", - 0, NULL, NULL, NULL, NULL, 0); -} - -static void -verb_dumpdb(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - ns_need(main_need_dump); - ctl_response(sess, 250, "Database dump initiated.", 0, NULL, - NULL, NULL, NULL, 0); -} - -static void -verb_stats(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - UNUSED(ctl); - UNUSED(verb); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - if (rest != NULL && strcmp(rest, "clear") == 0) { - ns_need(main_need_statsdumpandclear); - ctl_response(sess, 250, "Statistics dump and clear initiated.", - 0, NULL, NULL, NULL, NULL, 0); - } else { - ns_need(main_need_statsdump); - ctl_response(sess, 250, "Statistics dump initiated.", - 0, NULL, NULL, NULL, NULL, 0); - } -} - -static void -verb_trace(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - int i = atoi(rest); - char *msg = memget(MAX_STR_LEN); - - UNUSED(ctl); - UNUSED(verb); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - if (msg == NULL) { - ctl_response(sess, 503, "(out of memory)", 0, - NULL, NULL, NULL, NULL, 0); - return; - } - if (isdigit(*(const unsigned char *)rest) && i >= 0) - desired_debug = i; - else - desired_debug++; - ns_need(main_need_debug); - if (desired_debug == 0) - sprintf(msg, "Debugging turned off."); - else - sprintf(msg, "Debug level: %d", desired_debug); - ctl_response(sess, 250, msg, 0, NULL, trace_closure, msg, NULL, 0); -} - -static void -trace_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { - char *msg = uap; - - UNUSED(sctx); - UNUSED(sess); - - memput(msg, MAX_STR_LEN); -} - -static void -verb_notrace(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - desired_debug = 0; - ns_need(main_need_debug); - ctl_response(sess, 250, "Debugging turned off.", - 0, NULL, NULL, NULL, NULL, 0); -} - -static void -verb_querylog(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - static const char on[] = "Query logging is now on.", - off[] = "Query logging is now off."; - - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - toggle_qrylog(); - ctl_response(sess, 250, qrylog ? on : off, - 0, NULL, NULL, NULL, NULL, 0); -} - -static void -verb_help(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - ctl_sendhelp(sess, 214); -} - -static void -verb_quit(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - ctl_response(sess, 221, "End of control session.", CTL_EXIT, NULL, - NULL, NULL, NULL, 0); -} - -static char hex[] = "0123456789abcdef"; - -struct pvt_args { - int argc; - char text[MAX_STR_LEN]; -}; - -static void -args_closure(struct ctl_sctx *sctx, struct ctl_sess *sess, void *uap) { - struct pvt_args *pvt = ctl_getcsctx(sess); - - UNUSED(sctx); - UNUSED(uap); - - memput(pvt, sizeof *pvt); - ctl_setcsctx(sess, NULL); -} - -static void -verb_args(struct ctl_sctx *ctl, struct ctl_sess *sess, - const struct ctl_verb *verb, const char *rest, - u_int respflags, const void *respctx, void *uctx) -{ - struct pvt_args *pvt = ctl_getcsctx(sess); - char *cp, *tp; - - UNUSED(ctl); - UNUSED(verb); - UNUSED(rest); - UNUSED(respflags); - UNUSED(respctx); - UNUSED(uctx); - - if (pvt == NULL) { - unsigned int i = 0; - pvt = memget(sizeof *pvt); - if (pvt == NULL) { - ctl_response(sess, 505, "(out of memory)", - 0, NULL, NULL, NULL, NULL, 0); - return; - } - pvt->argc = 0; - ctl_setcsctx(sess, pvt); - - /* Send the arguement count. */ - while (saved_argv[i] != NULL) - i++; - sprintf(pvt->text, "%u", i); - ctl_response(sess, 250, pvt->text, CTL_MORE, - NULL, args_closure, NULL, NULL, 0); - return; - } - - /* - * Percent escape arguement. - */ - cp = saved_argv[pvt->argc++]; - tp = pvt->text; - while (cp && *cp != '\0') - if (*cp == '%' || *cp == ' ' || - !isprint((unsigned char)*cp)) { - if (tp >= pvt->text + sizeof(pvt->text) - 4) - break; - *tp++ = '%'; - *tp++ = hex[(*cp>>4)&0xf]; - *tp++ = hex[(*cp++)&0xf]; - } else { - if (tp >= pvt->text + sizeof(pvt->text) - 2) - break; - *tp++ = *cp++; - } - *tp = '\0'; - - ctl_response(sess, 250, pvt->text, - saved_argv[pvt->argc] == NULL ? 0 : CTL_MORE, - NULL, args_closure, NULL, NULL, 0); -} diff --git a/contrib/bind/bin/named/ns_defs.h b/contrib/bind/bin/named/ns_defs.h deleted file mode 100644 index 7c00a1f..0000000 --- a/contrib/bind/bin/named/ns_defs.h +++ /dev/null @@ -1,935 +0,0 @@ -/* - * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_defs.h,v 8.124.6.1 2003/06/02 09:56:34 marka Exp $ - */ - -/* - * Copyright (c) 1986 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Check Point Software Technologies Incorporated not be used - * in advertising or publicity pertaining to distribution of the document - * or software without specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES - * INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - * IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED - * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR - * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Global definitions for the name server. - */ - -/* - * Effort has been expended here to make all structure members 32 bits or - * larger land on 32-bit boundaries; smaller structure members have been - * deliberately shuffled and smaller integer sizes chosen where possible - * to make sure this happens. This is all meant to avoid structure member - * padding which can cost a _lot_ of memory when you have hundreds of - * thousands of entries in your cache. - */ - -/* - * Timeout time should be around 1 minute or so. Using the - * the current simplistic backoff strategy, the sequence - * retrys after 4, 8, and 16 seconds. With 3 servers, this - * dies out in a little more than a minute. - * (sequence RETRYBASE, 2*RETRYBASE, 4*RETRYBASE... for MAXRETRY) - */ -#define NEWZONES 64 /* how many zones to grow the zone table by */ -#define INITIALZONES NEWZONES /* how many zones are allocated initially */ -#define MINROOTS 2 /* min number of root hints */ -#define NSMAX 16 /* max number of NS addrs to try ([0..255]) */ -#define RETRYBASE 4 /* base time between retries */ -#define MAXCLASS 255 /* XXX - may belong elsewhere */ -#define MAXRETRY 3 /* max number of retries per addr */ -#define MAXCNAMES 8 /* max # of CNAMES tried per addr */ -#define MAXQUERIES 20 /* max # of queries to be made */ -#define MAXQSERIAL 4 /* max # of outstanding QSERIAL's */ - /* (prevent "recursive" loops) */ -#define INIT_REFRESH 600 /* retry time for initial slave */ - /* contact (10 minutes) */ -#define MIN_REFRESH 2 /* never refresh more frequently than once */ - /* every MIN_REFRESH seconds */ -#define MIN_RETRY 1 /* never retry more frequently than once */ - /* every MIN_RETRY seconds */ -#define MAX_REFRESH 2419200 /* perform a refresh query at least */ - /* every 4 weeks*/ -#define MAX_RETRY 1209600 /* perform a retry after no more than 2 weeks */ -#define MAX_EXPIRE 31536000 /* expire a zone if we have not talked to */ - /* the primary in 1 year */ -#define NADDRECS 20 /* max addt'l rr's per resp */ - -#define XFER_TIMER 120 /* named-xfer's connect timeout */ -#define MAX_XFER_TIME 60*60*2 /* default max seconds for an xfer */ -#define XFER_TIME_FUDGE 10 /* MAX_XFER_TIME fudge */ -#define MAX_XFERS_RUNNING 20 /* max value of transfers_in */ -#define DEFAULT_XFERS_RUNNING 10 /* default value of transfers_in */ -#define DEFAULT_XFERS_PER_NS 2 /* default # of xfers per peer nameserver */ -#define XFER_BUFSIZE (16*1024) /* arbitrary but bigger than most MTU's */ -#define MAX_SYNCDELAY 3 /* Presumed timeout in use by our clients. */ -#define MAX_SYNCDRAIN 100000 /* How long we'll spin in drain_all_rcvbuf. */ -#define MAX_SYNCSTORE 500 -#define NS_MAX_DISTANCE 3 /* maximum nameserver chaining before failure */ - - /* maximum time to cache negative answers */ -#define DEFAULT_MAX_NCACHE_TTL (3*60*60) - -#define ALPHA 0.7 /* How much to preserve of old response time */ -#define BETA 1.2 /* How much to penalize response time on failure */ -#define GAMMA 0.98 /* How much to decay unused response times */ - - /* What maintainance operations need to be performed sometime soon? */ -typedef enum need { - main_need_zreload = 0, /* ns_zreload() needed. */ - main_need_reload, /* ns_reload() needed. */ - main_need_reconfig, /* ns_reconfig() needed. */ - main_need_endxfer, /* endxfer() needed. */ - main_need_zoneload, /* loadxfer() needed. */ - main_need_dump, /* doadump() needed. */ - main_need_statsdump, /* ns_stats() needed. */ - main_need_statsdumpandclear, /* ns_stats() needed. */ - main_need_exit, /* exit() needed. */ - main_need_qrylog, /* toggle_qrylog() needed. */ - main_need_debug, /* use_desired_debug() needed. */ - main_need_restart, /* exec() needed. */ - main_need_reap, /* need to reap dead children. */ - main_need_noexpired, /* ns_reconfig() needed w/ noexpired set. */ - main_need_tryxfer, /* attemt to start a zone transfer. */ - main_need_num /* MUST BE LAST. */ -} main_need; - - /* What global options are set? */ -#define OPTION_NORECURSE 0x00000001 /* Don't recurse even if asked. */ -#define OPTION_NOFETCHGLUE 0x00000002 /* Don't fetch missing glue. */ -#define OPTION_FORWARD_ONLY 0x00000004 /* Don't use NS RR's, just forward. */ -#define OPTION_FAKE_IQUERY 0x00000008 /* Fake up bogus response to IQUERY. */ -#ifdef BIND_NOTIFY -/* #define OPTION_NONOTIFY 0x00000010 */ /* Turn off notify */ -#define OPTION_SUPNOTIFY_INITIAL 0x00000020 /* Supress initial notify */ -#endif -#define OPTION_NONAUTH_NXDOMAIN 0x00000040 /* Generate non-auth NXDOMAINs? */ -#define OPTION_MULTIPLE_CNAMES 0x00000080 /* Allow a name to have multiple - * CNAME RRs */ -#define OPTION_HOSTSTATS 0x00000100 /* Maintain per-host statistics? */ -#define OPTION_DEALLOC_ON_EXIT 0x00000200 /* Deallocate everything on exit? */ -#define OPTION_NODIALUP 0x00000400 /* Turn off dialup support */ -#define OPTION_NORFC2308_TYPE1 0x00000800 /* Prevent type1 respones (RFC 2308) - * to cached negative respones */ -#define OPTION_USE_ID_POOL 0x00001000 /* Use the memory hogging query ID */ -#define OPTION_TREAT_CR_AS_SPACE 0x00002000 /* Treat CR in zone files as - * space */ -#define OPTION_USE_IXFR 0x00004000 /* Use by default ixfr in zone - * transfer */ -#define OPTION_MAINTAIN_IXFR_BASE 0x00008000 /* Part of IXFR file name logic. */ -#define OPTION_HITCOUNT 0x00010000 /* Keep track of each time an - * RR gets hit in the database */ - -#define DEFAULT_OPTION_FLAGS (OPTION_NODIALUP|OPTION_NONAUTH_NXDOMAIN|\ - OPTION_USE_ID_POOL|OPTION_NORFC2308_TYPE1) - -#ifdef BIND_UPDATE -#define SOAINCRINTVL 300 /* default value for the time after which - * the zone serial number must be incremented - * after a successful update has occurred */ -#define DUMPINTVL 3600 /* default interval at which to dump changed zones - * randomized, not exact */ -#define DEFERUPDCNT 100 /* default number of updates that can happen - * before the zone serial number will be - * incremented */ -#define UPDATE_TIMER XFER_TIMER -#endif /* BIND_UPDATE */ - -#define USE_MINIMUM 0xffffffff -#define MAXIMUM_TTL 0x7fffffff - -#define CLEAN_TIMER 0x01 -#define INTERFACE_TIMER 0x02 -#define STATS_TIMER 0x04 -#define HEARTBEAT_TIMER 0x08 - - /* IP address accessor, network byte order. */ -#define ina_ulong(ina) (ina.s_addr) - - /* IP address accessor, host byte order, read only. */ -#define ina_hlong(ina) ntohl(ina.s_addr) - - /* IP address equality. */ - /* XXX: assumes that network byte order won't affect equality. */ -#define ina_equal(a, b) (ina_ulong(a) == ina_ulong(b)) - - /* IP address equality with a mask. */ -#define ina_onnet(h, n, m) ((ina_ulong(h) & ina_ulong(m)) == ina_ulong(n)) - - /* Sequence space arithmetic. */ -#define SEQ_GT(a,b) ((int32_t)((a)-(b)) > 0) -#define SEQ_LT(a,b) ((int32_t)((a)-(b)) < 0) - -#define NS_OPTION_P(option) ((server_options == NULL) ? \ - (panic(panic_msg_no_options, NULL), 0) : \ - ((server_options->flags & option) != 0)) - -#define NS_ZOPTION_P(zp, option) \ - (((zp) != NULL && (((zp)->z_optset & option) != 0)) ? \ - (((zp)->z_options & option) != 0) : NS_OPTION_P(option)) - -#define NS_ZFWDTAB(zp) (((zp) == NULL) ? \ - server_options->fwdtab : (zp)->z_fwdtab) - -#define NS_INCRSTAT(addr, which) \ - do { \ - if ((int)which >= (int)nssLast) \ - ns_panic(ns_log_insist, 1, panic_msg_bad_which, \ - __FILE__, __LINE__, #which); \ - else { \ - if (NS_OPTION_P(OPTION_HOSTSTATS)) { \ - struct nameser *ns = \ - nameserFind(addr, NS_F_INSERT); \ - if (ns != NULL) \ - ns->stats[(int)which]++; \ - } \ - globalStats[(int)which]++; \ - } \ - } while (0) - -enum severity { ignore, warn, fail, not_set }; - -#ifdef BIND_NOTIFY -enum notify { notify_use_default=0, notify_yes, notify_no, notify_explicit }; -#endif - -enum zdialup { zdialup_use_default=0, zdialup_yes, zdialup_no }; - -enum axfr_format { axfr_use_default=0, axfr_one_answer, axfr_many_answers }; - -struct ip_match_direct { - struct in_addr address; - struct in_addr mask; -}; - -struct ip_match_indirect { - struct ip_match_list *list; -}; - -struct ip_match_key { - struct dst_key *key; -}; - -typedef enum { ip_match_pattern, ip_match_indirect, ip_match_localhost, - ip_match_localnets, ip_match_key } ip_match_type; - -typedef struct ip_match_element { - ip_match_type type; - u_int flags; - union { - struct ip_match_direct direct; - struct ip_match_indirect indirect; - struct ip_match_key key; - } u; - struct ip_match_element *next; -} *ip_match_element; - -/* Flags for ip_match_element */ -#define IP_MATCH_NEGATE 0x01 /* match means deny access */ - -typedef struct ip_match_list { - ip_match_element first; - ip_match_element last; -} *ip_match_list; - -typedef struct ztimer_info { - char *name; - int class; - int type; -} *ztimer_info; - -/* - * These fields are ordered to maintain word-alignment; - * be careful about changing them. - */ -struct zoneinfo { - char *z_origin; /* root domain name of zone */ - time_t z_time; /* time for next refresh */ - time_t z_lastupdate; /* time of last soa serial increment */ - u_int32_t z_refresh; /* refresh interval */ - u_int32_t z_retry; /* refresh retry interval */ - u_int32_t z_expire; /* expiration time for cached info */ - u_int32_t z_minimum; /* minimum TTL value */ - u_int32_t z_serial; /* changes if zone modified */ - char *z_source; /* source location of data */ - time_t z_ftime; /* modification time of source file */ - struct in_addr z_axfr_src; /* bind() the axfr socket to this */ - struct in_addr z_addr[NSMAX]; /* list of master servers for zone */ - struct dst_key * z_keys[NSMAX]; /* tsig key associated with master */ - u_char z_addrcnt; /* number of entries in z_addr[] */ - struct in_addr z_xaddr[NSMAX]; /* list of master servers for xfer */ - u_char z_xaddrcnt; /* number of entries in z_xaddr[] */ - u_char z_type; /* type of zone; see below */ - u_int32_t z_flags; /* state bits; see below */ - pid_t z_xferpid; /* xfer child pid */ - u_int z_options; /* options set specific to this zone */ - u_int z_optset; /* which opts override global opts */ - int z_class; /* class of zone */ - int z_numxfrs; /* Ref count of concurrent xfrs. */ - enum severity z_checknames; /* How to handle non-RFC-compliant names */ -#ifdef BIND_UPDATE - time_t z_dumptime; /* randomized time for next zone dump - * if Z_NEED_DUMP is set */ - u_int32_t z_dumpintvl; /* time interval between zone dumps */ - time_t z_soaincrintvl; /* interval for updating soa serial */ - time_t z_soaincrtime; /* time for soa increment */ - u_int32_t z_deferupdcnt; /* max number of updates before SOA - * serial number incremented */ - u_int32_t z_updatecnt; /* number of update requests processed - * since the last SOA serial update */ - char *z_updatelog; /* log file for updates */ -#endif - ip_match_list z_update_acl; /* list of who can issue dynamic - updates */ - ip_match_list z_query_acl; /* sites we'll answer questions for */ - ip_match_list z_transfer_acl; /* sites that may get a zone transfer - from us */ - long z_max_transfer_time_in; /* max num seconds for AXFR */ -#ifdef BIND_NOTIFY - enum notify z_notify; /* Notify mode */ - struct in_addr *z_also_notify; /* More nameservers to notify */ - int z_notify_count; -#endif - enum zdialup z_dialup; /* secondaries over a dialup link */ - char *z_ixfr_base; /* where to find the history of the zone */ - char *z_ixfr_tmp; /* tmp file for the ixfr */ - int z_maintain_ixfr_base; - long z_max_log_size_ixfr; - u_int32_t z_serial_ixfr_start; - evTimerID z_timer; /* maintenance timer */ - ztimer_info z_timerinfo; /* UAP associated with timer */ - time_t z_nextmaint; /* time of next maintenance */ - u_int16_t z_port; /* perform AXFR to this port */ - struct fwdinfo *z_fwdtab; /* zone-specific forwarders */ - LINK(struct zoneinfo) z_freelink; /* if it's on the free list. */ - LINK(struct zoneinfo) z_reloadlink; /* if it's on the reload list. */ -}; - - /* zone types (z_type) */ -enum zonetype { z_nil, z_master, z_slave, z_hint, z_stub, z_forward, - z_cache, z_any }; -#define Z_NIL z_nil /* XXX */ -#define Z_MASTER z_master /* XXX */ -#define Z_PRIMARY z_master /* XXX */ -#define Z_SLAVE z_slave /* XXX */ -#define Z_SECONDARY z_slave /* XXX */ -#define Z_HINT z_hint /* XXX */ -#define Z_CACHE z_cache /* XXX */ -#define Z_STUB z_stub /* XXX */ -#define Z_FORWARD z_forward /* XXX */ -#define Z_ANY z_any /* XXX*2 */ - - /* zone state bits (32 bits) */ -#define Z_AUTH 0x00000001 /* zone is authoritative */ -#define Z_NEED_XFER 0x00000002 /* waiting to do xfer */ -#define Z_XFER_RUNNING 0x00000004 /* asynch. xfer is running */ -#define Z_NEED_RELOAD 0x00000008 /* waiting to do reload */ -#define Z_SYSLOGGED 0x00000010 /* have logged timeout */ -#define Z_QSERIAL 0x00000020 /* sysquery()'ing for serial number */ -#define Z_FOUND 0x00000040 /* found in boot file when reloading */ -#define Z_INCLUDE 0x00000080 /* set if include used in file */ -#define Z_DB_BAD 0x00000100 /* errors when loading file */ -#define Z_TMP_FILE 0x00000200 /* backup file for xfer is temporary */ -#ifdef BIND_UPDATE -#define Z_DYNAMIC 0x00000400 /* allow dynamic updates */ -#define Z_NEED_DUMP 0x00000800 /* zone has changed, needs a dump */ -#define Z_NEED_SOAUPDATE 0x00001000 /* soa serial number needs increment */ -#endif /* BIND_UPDATE */ -#define Z_XFER_ABORTED 0x00002000 /* zone transfer has been aborted */ -#define Z_XFER_GONE 0x00004000 /* zone transfer process is gone */ -#define Z_TIMER_SET 0x00008000 /* z_timer contains a valid id */ -#ifdef BIND_NOTIFY -#define Z_NOTIFY 0x00010000 /* has an outbound notify executing */ -#endif -#define Z_NEED_QSERIAL 0x00020000 /* we need to re-call qserial() */ -#define Z_PARENT_RELOAD 0x00040000 /* we need to reload this as parent */ -#define Z_FORWARD_SET 0x00080000 /* has forwarders been set */ -#define Z_EXPIRED 0x00100000 /* expire timer has gone off */ -#define Z_NEEDREFRESH 0x00200000 /* need to perform a refresh check */ - - /* named_xfer exit codes */ -#define XFER_UPTODATE 0 /* zone is up-to-date */ -#define XFER_SUCCESS 1 /* performed transfer successfully */ -#define XFER_TIMEOUT 2 /* no server reachable/xfer timeout */ -#define XFER_FAIL 3 /* other failure, has been logged */ -#define XFER_SUCCESSAXFR 4 /* named-xfr recived a xfr */ -#define XFER_SUCCESSIXFR 5 /* named-xfr recived a ixfr */ -#define XFER_SUCCESSAXFRIXFRFILE 6 /* named-xfr received AXFR for IXFR */ -#define XFER_REFUSED 7 /* one master returned REFUSED */ -#define XFER_ISAXFR -1 /* the last XFR is AXFR */ -#define XFER_ISIXFR -2 /* the last XFR is IXFR */ -#define XFER_ISAXFRIXFR -3 /* the last XFR is AXFR but we must create IXFR base */ - -struct qserv { - struct sockaddr_in - ns_addr; /* address of NS */ - struct databuf *ns; /* databuf for NS record */ - struct databuf *nsdata; /* databuf for server address */ - struct timeval stime; /* time first query started */ - unsigned int forwarder:1; /* this entry is for a forwarder */ - unsigned int noedns:1; /* don't try edns */ - unsigned int lame:1; /* this server was lame, try it last */ - unsigned int nretry:29; /* # of times addr retried */ - u_int32_t serial; /* valid if Q_ZSERIAL */ -}; - -/* - * Structure for recording info on forwarded or generated queries. - */ -struct qinfo { - u_int16_t q_id; /* id of query */ - u_int16_t q_nsid; /* id of forwarded query */ - struct sockaddr_in - q_from; /* requestor's address */ - u_char *q_msg, /* the message */ - *q_cmsg; /* the cname message */ - int16_t q_msglen, /* len of message */ - q_msgsize, /* allocated size of message */ - q_cmsglen, /* len of cname message */ - q_cmsgsize; /* allocated size of cname message */ - int16_t q_dfd; /* UDP file descriptor */ - u_int16_t q_udpsize; /* UDP message size */ - int q_distance; /* distance this query is from the - * original query that the server - * received. */ - time_t q_time; /* time to retry */ - time_t q_expire; /* time to expire */ - struct qinfo *q_next; /* rexmit list (sorted by time) */ - struct qinfo *q_link; /* storage list (random order) */ - struct databuf *q_usedns[NSMAX]; /* databuf for NS that we've tried */ - struct qserv q_addr[NSMAX]; /* addresses of NS's */ -#ifdef notyet - struct nameser *q_ns[NSMAX]; /* name servers */ -#endif - struct dst_key *q_keys[NSMAX]; /* keys to use with this address */ - u_char q_naddr; /* number of addr's in q_addr */ - u_char q_curaddr; /* last addr sent to */ - u_char q_nusedns; /* number of elements in q_usedns[] */ - u_int8_t q_flags; /* see below */ - int16_t q_cname; /* # of cnames found */ - int16_t q_nqueries; /* # of queries required */ - struct qstream *q_stream; /* TCP stream, null if UDP */ - struct zoneinfo *q_zquery; /* Zone query is about (Q_ZSERIAL) */ - struct zoneinfo *q_fzone; /* Forwarding zone, if any */ - char *q_domain; /* domain of most enclosing zone cut */ - char *q_name; /* domain of query */ - u_int16_t q_class; /* class of query */ - u_int16_t q_type; /* type of query */ -#ifdef BIND_NOTIFY - int q_notifyzone; /* zone which needs another notify() - * when the reply to this comes in. - */ -#endif - struct tsig_record *q_tsig; /* forwarded query's TSIG record */ - struct tsig_record *q_nstsig; /* forwarded query's TSIG record */ -}; - - /* q_flags bits (8 bits) */ -#define Q_SYSTEM 0x01 /* is a system query */ -#define Q_PRIMING 0x02 /* generated during priming phase */ -#define Q_ZSERIAL 0x04 /* getting zone serial for xfer test */ -#define Q_USEVC 0x08 /* forward using tcp not udp */ -#define Q_EDNS 0x10 /* add edns opt record to answer */ - -#define Q_NEXTADDR(qp,n) (&(qp)->q_addr[n].ns_addr) - -#define RETRY_TIMEOUT 45 - -/* - * Return codes from ns_forw: - */ -#define FW_OK 0 -#define FW_DUP 1 -#define FW_NOSERVER 2 -#define FW_SERVFAIL 3 - -typedef void (*sq_closure)(struct qstream *qs); - -#ifdef BIND_UPDATE -struct fdlist { - int fd; - struct fdlist *next; -}; -#endif - - -typedef struct ns_delta { - LINK(struct ns_delta) d_link; - ns_updque d_changes; -} ns_delta; - -typedef LIST(ns_delta) ns_deltalist; - -typedef struct _interface { - int dfd, /* Datagram file descriptor */ - sfd; /* Stream file descriptor. */ - time_t gen; /* Generation number. */ - struct in_addr addr; /* Interface address. */ - u_int16_t port; /* Interface port. */ - u_int16_t flags; /* Valid bits for evXXXXID. */ - evFileID evID_d; /* Datagram read-event. */ - evConnID evID_s; /* Stream listen-event. */ - LINK(struct _interface) link; -} interface; - -#define INTERFACE_FILE_VALID 0x01 -#define INTERFACE_CONN_VALID 0x02 -#define INTERFACE_FORWARDING 0x04 - -struct qstream { - int s_rfd; /* stream file descriptor */ - int s_size; /* expected amount of data to rcv */ - int s_bufsize; /* amount of data received in s_buf */ - u_char *s_buf; /* buffer of received data */ - u_char *s_wbuf; /* send buffer */ - u_char *s_wbuf_send; /* next sendable byte of send buffer */ - u_char *s_wbuf_free; /* next free byte of send buffer */ - u_char *s_wbuf_end; /* byte after end of send buffer */ - sq_closure s_wbuf_closure; /* callback for writable descriptor */ - struct qstream *s_next; /* next stream */ - struct sockaddr_in - s_from; /* address query came from */ - interface *s_ifp; /* interface query came from */ - time_t s_time; /* time stamp of last transaction */ - int s_refcnt; /* number of outstanding queries */ - u_char s_temp[HFIXEDSZ]; -#ifdef BIND_UPDATE - int s_opcode; /* type of request */ - int s_linkcnt; /* number of client connections using - * this connection to forward updates - * to the primary */ - struct fdlist *s_fds; /* linked list of connections to the - * primaries that have been used by - * the server to forward this client's - * update requests */ -#endif - evStreamID evID_r; /* read event. */ - evFileID evID_w; /* writable event handle. */ - evConnID evID_c; /* connect event handle */ - u_int flags; /* see below */ - struct qstream_xfr { - enum { s_x_base, s_x_firstsoa, s_x_zone, - s_x_lastsoa, s_x_done, s_x_adding, - s_x_deleting, s_x_addsoa, s_x_deletesoa } - state; /* state of transfer. */ - u_char *msg, /* current assembly message. */ - *cp, /* where are we in msg? */ - *eom, /* end of msg. */ - *ptrs[128]; /* ptrs for dn_comp(). */ - int class, /* class of an XFR. */ - type, /* type of XFR. */ - id, /* id of an XFR. */ - opcode; /* opcode of an XFR. */ - u_int zone; /* zone being XFR'd. */ - union { - struct namebuf *axfr; /* top np of an AXFR. */ - ns_deltalist *ixfr; /* top udp of an IXFR. */ - } top; - int ixfr_zone; - u_int32_t serial; /* serial number requested in IXFR */ - ns_tcp_tsig_state *tsig_state; /* used by ns_sign_tcp */ - int tsig_skip; /* skip calling ns_sign_tcp - * during the next flush */ - int tsig_size; /* need to reserve this space - * for the tsig. */ - struct qs_x_lev { /* decompose the recursion. */ - enum {sxl_ns, sxl_all, sxl_sub} - state; /* what's this level doing? */ - int flags; /* see below (SXL_*). */ - char dname[MAXDNAME]; - struct namebuf *np, /* this node. */ - *nnp, /* next node to process. */ - **npp, /* subs. */ - **npe; /* end of subs. */ - struct databuf *dp; /* current rr. */ - struct qs_x_lev *next; /* link. */ - } *lev; /* LIFO. */ - enum axfr_format transfer_format; - } xfr; -}; -#define SXL_GLUING 0x01 -#define SXL_ZONECUT 0x02 - - /* flags */ -#define STREAM_MALLOC 0x01 -#define STREAM_WRITE_EV 0x02 -#define STREAM_READ_EV 0x04 -#define STREAM_CONNECT_EV 0x08 -#define STREAM_DONE_CLOSE 0x10 -#define STREAM_AXFR 0x20 -#define STREAM_AXFRIXFR 0x40 - -#define ALLOW_NETS 0x0001 -#define ALLOW_HOSTS 0x0002 -#define ALLOW_ALL (ALLOW_NETS | ALLOW_HOSTS) - -struct fwddata { - struct sockaddr_in - fwdaddr; /* address of NS */ - struct databuf *ns; /* databuf for NS record */ - struct databuf *nsdata; /* databuf for server address */ - int ref_count; /* how many users of this */ -}; - -struct fwdinfo { - struct fwdinfo *next; - struct fwddata *fwddata; -}; - -enum nameserStats { nssRcvdR, /* sent us an answer */ - nssRcvdNXD, /* sent us a negative response */ - nssRcvdFwdR, /* sent us a response we had to fwd */ - nssRcvdDupR, /* sent us an extra answer */ - nssRcvdFail, /* sent us a SERVFAIL */ - nssRcvdFErr, /* sent us a FORMERR */ - nssRcvdErr, /* sent us some other error */ - nssRcvdAXFR, /* sent us an AXFR */ - nssRcvdLDel, /* sent us a lame delegation */ - nssRcvdOpts, /* sent us some IP options */ - nssSentSysQ, /* sent them a sysquery */ - nssSentAns, /* sent them an answer */ - nssSentFwdQ, /* fwdd a query to them */ - nssSentDupQ, /* sent them a retry */ - nssSendtoErr, /* error in sendto */ - nssRcvdQ, /* sent us a query */ - nssRcvdIQ, /* sent us an inverse query */ - nssRcvdFwdQ, /* sent us a query we had to fwd */ - nssRcvdDupQ, /* sent us a retry */ - nssRcvdTCP, /* sent us a query using TCP */ - nssSentFwdR, /* fwdd a response to them */ - nssSentFail, /* sent them a SERVFAIL */ - nssSentFErr, /* sent them a FORMERR */ - nssSentNaAns, /* sent them a non autoritative answer */ - nssSentNXD, /* sent them a negative response */ - nssRcvdUQ, /* sent us an unapproved query */ - nssRcvdURQ, /* sent us an unapproved recursive query */ - nssRcvdUXFR, /* sent us an unapproved AXFR or IXFR */ - nssRcvdUUpd, /* sent us an unapproved update */ - nssLast }; - -struct nameser { - struct in_addr addr; /* key */ - u_long stats[nssLast]; /* statistics */ -#ifdef notyet - u_int32_t rtt; /* round trip time */ - /* XXX - need to add more stuff from "struct qserv", and use our rtt */ - u_int16_t flags; /* see below */ - u_int8_t xfers; /* #/xfers running right now */ -#endif -}; - -enum transport { primary_trans, secondary_trans, response_trans, update_trans, - num_trans }; - -/* types used by the parser or config routines */ - -typedef struct zone_config { - void *opaque; -} zone_config; - -typedef struct listen_info { - u_short port; - ip_match_list list; - struct listen_info *next; -} *listen_info; - -typedef struct listen_info_list { - listen_info first; - listen_info last; -} *listen_info_list; - -#ifndef RLIMIT_TYPE -#define RLIMIT_TYPE u_long -#endif -typedef RLIMIT_TYPE rlimit_type; - -struct control; -typedef struct control *control; -typedef LIST(struct control) controls; - -enum ordering { unknown_order, fixed_order, cyclic_order, random_order }; - -#define DEFAULT_ORDERING cyclic_order - -typedef struct rrset_order_element { - int class; - int type; - char *name; - enum ordering order; - struct rrset_order_element *next; -} *rrset_order_element ; - -typedef struct rrset_order_list { - rrset_order_element first; - rrset_order_element last; -} *rrset_order_list; - - -typedef struct options { - u_int32_t flags; - char *hostname; - char *version; - char *directory; - char *dump_filename; - char *pid_filename; - char *stats_filename; - char *memstats_filename; - char *named_xfer; - int transfers_in; - int transfers_per_ns; - int transfers_out; - int serial_queries; - int max_log_size_ixfr; - enum axfr_format transfer_format; - long max_transfer_time_in; - struct sockaddr_in query_source; - struct in_addr axfr_src; -#ifdef BIND_NOTIFY - int notify_count; - struct in_addr *also_notify; -#endif - ip_match_list query_acl; - ip_match_list recursion_acl; - ip_match_list transfer_acl; - ip_match_list blackhole_acl; - ip_match_list topology; - ip_match_list sortlist; - enum severity check_names[num_trans]; - u_long data_size; - u_long stack_size; - u_long core_size; - u_long files; - listen_info_list listen_list; - struct fwdinfo *fwdtab; - /* XXX need to add forward option */ - int clean_interval; - int interface_interval; - int stats_interval; - rrset_order_list ordering; - int heartbeat_interval; - u_int max_ncache_ttl; - u_int max_host_stats; - u_int lame_ttl; - int minroots; - u_int16_t preferred_glue; - u_int16_t edns_udp_size; - enum notify notify; -} *options; - -typedef struct key_list_element { - struct dst_key *key; - struct key_list_element *next; -} *key_list_element; - -typedef struct key_info_list { - key_list_element first; - key_list_element last; -} *key_info_list; - -typedef struct topology_config { - void *opaque; -} topology_config; - -#define UNKNOWN_TOPOLOGY_DISTANCE 9998 -#define MAX_TOPOLOGY_DISTANCE 9999 - -typedef struct topology_distance { - ip_match_list patterns; - struct topology_distance *next; -} *topology_distance; - -typedef struct topology_context { - topology_distance first; - topology_distance last; -} *topology_context; - -typedef struct acl_table_entry { - char *name; - ip_match_list list; - struct acl_table_entry *next; -} *acl_table_entry; - -typedef struct server_config { - void *opaque; -} server_config; - -#define SERVER_INFO_BOGUS 0x01 -#define SERVER_INFO_SUPPORT_IXFR 0x02 -#define SERVER_INFO_EDNS 0x04 - -typedef struct server_info { - struct in_addr address; - u_int flags; - int transfers; - enum axfr_format transfer_format; - key_info_list key_list; - /* could move statistics to here, too */ - struct server_info *next; -} *server_info; - -/* - * enum <--> name translation - */ - -struct ns_sym { - int number; /* Identifying number, like ns_log_default */ - const char * name; /* Its symbolic name, like "default" */ -}; - -/* - * Logging options - */ - -typedef enum ns_logging_categories { - ns_log_default = 0, - ns_log_config, - ns_log_parser, - ns_log_queries, - ns_log_lame_servers, - ns_log_statistics, - ns_log_panic, - ns_log_update, - ns_log_ncache, - ns_log_xfer_in, - ns_log_xfer_out, - ns_log_db, - ns_log_eventlib, - ns_log_packet, -#ifdef BIND_NOTIFY - ns_log_notify, -#endif - ns_log_cname, - ns_log_security, - ns_log_os, - ns_log_insist, - ns_log_maint, - ns_log_load, - ns_log_resp_checks, - ns_log_control, - ns_log_update_security, - ns_log_max_category -} ns_logging_categories; - -typedef struct log_config { - log_context log_ctx; - log_channel eventlib_channel; - log_channel packet_channel; - int default_debug_active; -} *log_config; - -struct map { - const char * token; - int val; -}; - -#define NOERROR_NODATA 15 /* only used internally by the server, used for - * -ve $ing non-existence of records. 15 is not - * a code used as yet anyway. - */ - -#define NTTL 600 /* ttl for negative data: 10 minutes? */ - -#define VQEXPIRY 900 /* a VQ entry expires in 15*60 = 900 seconds */ - -#ifdef BIND_UPDATE -enum req_action { Finish, Refuse, Return }; -#endif - -#ifdef INIT - error "INIT already defined, check system include files" -#endif -#ifdef DECL - error "DECL already defined, check system include files" -#endif - -#ifdef MAIN_PROGRAM -#define INIT(x) = x -#define DECL -#else -#define INIT(x) -#define DECL extern -#endif - -#define EDNS_MESSAGE_SZ 4096 diff --git a/contrib/bind/bin/named/ns_forw.c b/contrib/bind/bin/named/ns_forw.c deleted file mode 100644 index c527a80..0000000 --- a/contrib/bind/bin/named/ns_forw.c +++ /dev/null @@ -1,1331 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_forw.c 4.32 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_forw.c,v 8.92.6.1 2003/06/02 09:56:34 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> - -#include <errno.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" - -struct complaint { - u_long tag1, tag2; - time_t expire; - struct complaint *next; -}; - -static struct complaint *complaints = NULL; -static int retry_timer_set = 0; - -/* - * Forward the query to get the answer since its not in the database. - * Returns FW_OK if a request struct is allocated and the query sent. - * Returns FW_DUP if this is a duplicate of a pending request. - * Returns FW_NOSERVER if there were no addresses for the nameservers. - * Returns FW_SERVFAIL on memory allocation error or if asked to do something - * dangerous, such as fwd to ourselves or fwd to the host that asked us. - * - * (no action is taken on errors and qpp is not filled in.) - */ -int -ns_forw(struct databuf *nsp[], u_char *msg, int msglen, - struct sockaddr_in from, struct qstream *qsp, int dfd, - struct qinfo **qpp, const char *dname, int class, int type, - struct namebuf *np, int use_tcp, struct tsig_record *in_tsig) -{ - struct qinfo *qp; - char tmpdomain[MAXDNAME]; - struct sockaddr_in *nsa; - HEADER *hp; - u_int16_t id; - int sendto_errno = 0; - int n, has_tsig, oldqlen = 0; - u_char *oldqbuf = NULL; - u_char *smsg = NULL; - int smsglen, smsgsize = 0, siglen; - u_char sig[TSIG_SIG_SIZE]; - DST_KEY *key; - - ns_debug(ns_log_default, 3, "ns_forw()"); - - hp = (HEADER *) msg; - id = hp->id; - /* Look at them all */ - for (qp = nsqhead; qp != NULL; qp = qp->q_link) { - if (qp->q_id == id && - memcmp(&qp->q_from, &from, sizeof qp->q_from) == 0 && - ((qp->q_cmsglen == 0 && qp->q_msglen == msglen && - memcmp(qp->q_msg + 2, msg + 2, msglen - 2) == 0) || - (qp->q_cmsglen == msglen && - memcmp(qp->q_cmsg + 2, msg + 2, msglen - 2) == 0) - )) { - ns_debug(ns_log_default, 3, "forw: dropped DUP id=%d", - ntohs(id)); - nameserIncr(from.sin_addr, nssRcvdDupQ); - return (FW_DUP); - } - } - - qp = qnew(dname, class, type, 1); - getname(np, tmpdomain, sizeof tmpdomain); - qp->q_domain = savestr(tmpdomain, 1); - qp->q_from = from; /* nslookup wants to know this */ - if (NS_ZFWDTAB(qp->q_fzone)) - nsfwdadd(qp, NS_ZFWDTAB(qp->q_fzone)); - if (NS_ZOPTION_P(qp->q_fzone, OPTION_FORWARD_ONLY)) - n = 0; - else - n = nslookup(nsp, qp, dname, "ns_forw"); - if (n < 0) { - if (n == -1) - ns_debug(ns_log_default, 2, - "forw: nslookup reports danger"); - ns_freeqry(qp); - return (FW_SERVFAIL); - } - if (n == 0 && !NS_ZFWDTAB(qp->q_fzone)) { - ns_debug(ns_log_default, 2, "forw: no nameservers found"); - ns_freeqry(qp); - return (FW_NOSERVER); - } - qp->q_stream = qsp; - qp->q_curaddr = 0; - qp->q_dfd = dfd; - qp->q_id = id; - qp->q_expire = tt.tv_sec + RETRY_TIMEOUT*2; - if (in_tsig != NULL) - qp->q_tsig = new_tsig(in_tsig->key, in_tsig->sig, - in_tsig->siglen); - if (use_tcp) - qp->q_flags |= Q_USEVC; - hp->id = qp->q_nsid = htons(nsid_next()); - hp->ancount = htons(0); - hp->nscount = htons(0); - hp->arcount = htons(0); - if ((qp->q_msg = (u_char *)memget((unsigned)msglen)) == NULL) { - ns_notice(ns_log_default, "forw: memget: %s", - strerror(errno)); - ns_freeqry(qp); - return (FW_SERVFAIL); - } - qp->q_msgsize = msglen; - memcpy(qp->q_msg, msg, qp->q_msglen = msglen); - hp = (HEADER *) qp->q_msg; - hp->rd = (qp->q_addr[0].forwarder ? 1 : 0); - qp->q_addr[0].stime = tt; - - schedretry(qp, retrytime(qp)); - - nsa = Q_NEXTADDR(qp, 0); - ns_debug(ns_log_default, 1, - "forw: forw -> [%s].%d ds=%d nsid=%d id=%d %dms retry %dsec", - inet_ntoa(nsa->sin_addr), - ntohs(nsa->sin_port), ds, - ntohs(qp->q_nsid), ntohs(qp->q_id), - (qp->q_addr[0].nsdata != NULL) - ? qp->q_addr[0].nsdata->d_nstime - : -1, - (int)(qp->q_time - tt.tv_sec)); - -#ifdef DEBUG - if (debug >= 10) - res_pquery(&res, msg, msglen, log_get_stream(packet_channel)); -#endif - key = qp->q_keys[0]; - if (key == NULL) - key = qp->q_keys[0] = tsig_key_from_addr(nsa->sin_addr); - if (key != NULL || !qp->q_addr[0].noedns) { - smsgsize = qp->q_msglen + TSIG_BUF_SIZE + 11; - smsg = memget(smsgsize); - if (smsg == NULL) - ns_panic(ns_log_default, 1, "ns_forw: memget failed"); - smsglen = qp->q_msglen; - siglen = sizeof(sig); - memcpy(smsg, qp->q_msg, qp->q_msglen); - } - - if (!qp->q_addr[0].noedns) - smsglen += ns_add_opt(smsg, smsg + smsglen, smsgsize, 0, 0, - server_options->edns_udp_size, - 0, NULL, 0); - - if (key != NULL) { - n = ns_sign(smsg, &smsglen, smsgsize, NOERROR, key, NULL, 0, - sig, &siglen, 0); - if (n == 0) { - has_tsig = 1; - free_tsig(qp->q_nstsig); - qp->q_nstsig = new_tsig(key, sig, siglen); - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - INSIST(0); - } - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - } - - if (smsg != NULL) { - oldqbuf = qp->q_msg; - oldqlen = qp->q_msglen; - qp->q_msglen = smsglen; - qp->q_msg = smsg; - hp = (HEADER *) qp->q_msg; - } - - if (qp->q_flags & Q_USEVC) { - if (tcp_send(qp) != NOERROR) { - if (!haveComplained(ina_ulong(nsa->sin_addr), - (u_long)tcpsendStr)) - ns_info(ns_log_default, - "ns_forw: tcp_send(%s) failed: %s", - sin_ntoa(*nsa), strerror(errno)); - } - } else if (sendto(ds, (char *)qp->q_msg, qp->q_msglen, 0, - (struct sockaddr *)nsa, - sizeof(struct sockaddr_in)) < 0) { - sendto_errno = errno; - if (!haveComplained(ina_ulong(nsa->sin_addr), - (u_long)sendtoStr)) - ns_info(ns_log_default, "ns_forw: sendto(%s): %s", - sin_ntoa(*nsa), strerror(errno)); - nameserIncr(nsa->sin_addr, nssSendtoErr); - } - - if (smsgsize != 0) { - memput(smsg, smsgsize); - qp->q_msg = oldqbuf; - qp->q_msglen = oldqlen; - hp = (HEADER *) qp->q_msg; - } - - nameserIncr(from.sin_addr, nssRcvdFwdQ); - nameserIncr(nsa->sin_addr, nssSentFwdQ); - if (qpp) - *qpp = qp; - hp->rd = 1; - switch (sendto_errno) { - case ENETDOWN: - case ENETUNREACH: - case EHOSTDOWN: - case EHOSTUNREACH: - unsched(qp); - schedretry(qp, (time_t) 0); - } - return (0); -} - -/* haveComplained(tag1, tag2) - * check to see if we have complained about (tag1,tag2) recently - * returns: - * boolean: have we complained recently? - * side-effects: - * outdated complaint records removed from our static list - * author: - * Paul Vixie (DECWRL) April 1991 - */ -int -haveComplained(u_long tag1, u_long tag2) { - struct complaint *cur, *next, *prev; - int r = 0; - - for (cur = complaints, prev = NULL; - cur != NULL; - prev = cur, cur = next) { - next = cur->next; - if (tt.tv_sec > cur->expire) { - if (prev) - prev->next = next; - else - complaints = next; - memput(cur, sizeof *cur); - cur = prev; - } else if (tag1 == cur->tag1 && tag2 == cur->tag2) - r++; - } - if (!r) { - cur = (struct complaint *)memget(sizeof(struct complaint)); - if (cur) { - cur->tag1 = tag1; - cur->tag2 = tag2; - cur->expire = tt.tv_sec + INIT_REFRESH; /* "10:00" */ - cur->next = NULL; - if (prev) - prev->next = cur; - else - complaints = cur; - } - } - return (r); -} - -void -freeComplaints(void) { - struct complaint *cur, *next; - - for (cur = complaints; cur != NULL; cur = next) { - next = cur->next; - memput(cur, sizeof *cur); - } - complaints = NULL; -} - -/* void - * nslookupComplain(sysloginfo, queryname, complaint, dname, a_rr) - * Issue a complaint about a dangerous situation found by nslookup(). - * params: - * sysloginfo is a string identifying the complainant. - * queryname is the domain name associated with the problem. - * complaint is a string describing what is wrong. - * dname and a_rr are the problematic other name server. - */ -static void -nslookupComplain(const char *sysloginfo, const char *queryname, - const char *complaint, const char *dname, - const struct databuf *a_rr, const struct databuf *nsdp) -{ - char *a, *ns; - const char *a_type; - int print_a; - - ns_debug(ns_log_default, 2, "NS '%s' %s", dname, complaint); - if (sysloginfo && queryname && !haveComplained((u_long)queryname, - (u_long)complaint)) { - char nsbuf[20], abuf[20]; - - a = ns = (char *)NULL; - print_a = (a_rr->d_type == T_A); - a_type = p_type(a_rr->d_type); - if (a_rr->d_rcode) { - print_a = 0; - switch(a_rr->d_rcode) { - case NXDOMAIN: - a_type = "NXDOMAIN"; - break; - case NOERROR_NODATA: - a_type = "NODATA"; - break; - } - } - if (nsdp != NULL) { - if (nsdp->d_addr.s_addr != htonl(0)) { - strcpy(nsbuf, - inet_ntoa(nsdp->d_addr)); - ns = nsbuf; - } else { - ns = zones[nsdp->d_zone].z_origin; - } - } - if (a_rr->d_addr.s_addr != htonl(0)) { - strcpy(abuf, inet_ntoa(a_rr->d_addr)); - a = abuf; - } else { - a = zones[a_rr->d_zone].z_origin; - } - if (a != NULL || ns != NULL) - ns_info(ns_log_default, - "%s: query(%s) %s (%s:%s) learnt (%s=%s:NS=%s)", - sysloginfo, queryname, - complaint, dname, - print_a ? - inet_ntoa(ina_get(a_rr->d_data)) : "", - a_type, - a ? a : "<Not Available>", - ns ? ns : "<Not Available>" ); - else - ns_info(ns_log_default, "%s: query(%s) %s (%s:%s)", - sysloginfo, queryname, - complaint, dname, - print_a ? - inet_ntoa(ina_get(a_rr->d_data)) : ""); - } -} - -/* - * nslookup(nsp, qp, syslogdname, sysloginfo) - * Lookup the address for each nameserver in `nsp' and add it to - * the list saved in the qinfo structure pointed to by `qp'. - * Omits information about nameservers that we shouldn't ask. - * Detects the following dangerous operations: - * One of the A records for one of the nameservers in nsp - * refers to the address of one of our own interfaces; - * One of the A records refers to the nameserver port on - * the host that asked us this question. - * returns: the number of addresses added, or -1 if a dangerous operation - * is detected. - * side effects: - * logs if a dangerous situation is detected and - * (syslogdname && sysloginfo) - */ -int -nslookup(struct databuf *nsp[], struct qinfo *qp, - const char *syslogdname, const char *sysloginfo) -{ - struct namebuf *np; - struct databuf *dp, *nsdp; - struct qserv *qs; - int n; - u_int i; - struct hashbuf *tmphtp; - char *dname; - const char *fname; - int oldn, naddr, class, found_arr, potential_ns; - time_t curtime; - int found_auth6; - - ns_debug(ns_log_default, 3, "nslookup(nsp=%p, qp=%p, \"%s\", d=%d)", - nsp, qp, syslogdname, qp->q_distance); - - potential_ns = 0; - naddr = n = qp->q_naddr; - curtime = (u_long) tt.tv_sec; - while ((nsdp = *nsp++) != NULL && n < NSMAX) { - class = nsdp->d_class; - dname = (char *)nsdp->d_data; - ns_debug(ns_log_default, 3, - "nslookup: NS \"%s\" c=%d t=%d (flags 0x%lu)", - dname, class, nsdp->d_type, (u_long)nsdp->d_flags); - - /* don't put in servers we have tried */ - for (i = 0; i < qp->q_nusedns; i++) { - if (qp->q_usedns[i] == nsdp) { - ns_debug(ns_log_default, 2, - "skipping used NS w/name %s", - nsdp->d_data); - goto skipserver; - } - } - - found_arr = 0; - found_auth6 = 0; - tmphtp = ((nsdp->d_flags & DB_F_HINT) ?fcachetab :hashtab); - np = nlookup(dname, &tmphtp, &fname, 0); - if (np == NULL) { - ns_debug(ns_log_default, 3, "%s: not found %s %p", - dname, fname, np); - goto need_sysquery; - } - if (fname != dname) - goto need_sysquery; - oldn = n; - - /* look for name server addresses */ - (void)delete_stale(np); - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - struct in_addr nsa; - - if (dp->d_type == T_CNAME && dp->d_class == class) { - static const char *complaint = - "NS points to CNAME"; - if (dp->d_rcode) - continue; - nslookupComplain(sysloginfo, syslogdname, - complaint, dname, dp, nsdp); - goto skipserver; - } - if (dp->d_rcode == NXDOMAIN && dp->d_class == class) - goto skipserver; - if (dp->d_class == class && - (dp->d_type == T_AAAA || dp->d_type == ns_t_a6) && - (zones[dp->d_zone].z_type == z_master || - zones[dp->d_zone].z_type == z_slave)) { - found_auth6++; - continue; - } - if (dp->d_type != T_A || dp->d_class != class) - continue; - if (dp->d_rcode) { - /* Negative caching element. */ - goto skipserver; - } - if (ina_hlong(ina_get(dp->d_data)) == INADDR_ANY) { - static const char *complaint = - "Bogus (0.0.0.0) A RR"; - nslookupComplain(sysloginfo, syslogdname, - complaint, dname, dp, nsdp); - continue; - } -#ifdef INADDR_LOOPBACK - if (ina_hlong(ina_get(dp->d_data))==INADDR_LOOPBACK) { - static const char *complaint = - "Bogus LOOPBACK A RR"; - nslookupComplain(sysloginfo, syslogdname, - complaint, dname, dp, nsdp); - continue; - } -#endif -#ifdef INADDR_BROADCAST - if (ina_hlong(ina_get(dp->d_data))==INADDR_BROADCAST){ - static const char *complaint = - "Bogus BROADCAST A RR"; - nslookupComplain(sysloginfo, syslogdname, - complaint, dname, dp, nsdp); - continue; - } -#endif -#ifdef IN_MULTICAST - if (IN_MULTICAST(ina_hlong(ina_get(dp->d_data)))) { - static const char *complaint = - "Bogus MULTICAST A RR"; - nslookupComplain(sysloginfo, syslogdname, - complaint, dname, dp, nsdp); - continue; - } -#endif - /* - * Don't use records that may become invalid to - * reference later when we do the rtt computation. - * Never delete our safety-belt information! - */ - if ((dp->d_zone == DB_Z_CACHE) && - (dp->d_ttl < (u_int32_t)curtime) && - !(dp->d_flags & DB_F_HINT) ) - { - ns_debug(ns_log_default, 1, - "nslookup: stale '%s'", - NAME(*np)); - n = oldn; - found_arr = 0; - goto need_sysquery; - } - - found_arr++; - nsa = ina_get(dp->d_data); - /* don't put in duplicates */ - qs = qp->q_addr; - for (i = 0; i < (u_int)n; i++, qs++) - if (ina_equal(qs->ns_addr.sin_addr, nsa)) - goto skipaddr; - qs->ns_addr.sin_family = AF_INET; - qs->ns_addr.sin_port = ns_port; - qs->ns_addr.sin_addr = nsa; - qp->q_keys[n] = NULL; - qs->ns = nsdp; - qs->nsdata = dp; - qs->forwarder = 0; - qs->noedns = dp->d_noedns; - if (!qs->noedns) { - server_info si = find_server(nsa); - if (si && (si->flags & SERVER_INFO_EDNS) == 0) - qs->noedns = 1; - } - qs->lame = 0; - if ((nsdp->d_flags & DB_F_LAME) != 0) { - time_t when; - when = db_lame_find(qp->q_domain, nsdp); - if (when != 0 && when > tt.tv_sec) - qs->lame = 1; - } - qs->nretry = 0; - /* - * If this A RR has no RTT, initialize its RTT to a - * small random value. - */ - if (dp->d_nstime == 0) - dp->d_nstime = 1 + - (int)(25.0*rand()/(RAND_MAX + 1.0)); - /* - * if we are being asked to fwd a query whose - * nameserver list includes our own name/address(es), - * then we have detected a lame delegation and rather - * than melt down the network and hose down the other - * servers (who will hose us in return), we'll return - * -1 here which will cause SERVFAIL to be sent to - * the client's resolver which will hopefully then - * shut up. - * - * (originally done in nsContainsUs by vix@dec mar92; - * moved into nslookup by apb@und jan1993) - * - * try to limp along instead of denying service - * gdonl mar96 - */ - if (aIsUs(nsa)) { - static const char *complaint = - "contains our address"; - nslookupComplain(sysloginfo, syslogdname, - complaint, dname, dp, nsdp); - continue; - } - /* - * If we want to forward to a host that asked us - * this question then either we or they are sick - * (unless they asked from some port other than - * their nameserver port). (apb@und jan1993) - * - * try to limp along instead of denying service - * gdonl mar96 - */ - if (memcmp(&qp->q_from, &qs->ns_addr, - sizeof(qp->q_from)) == 0) - { - static const char *complaint = "forwarding loop"; - nslookupComplain(sysloginfo, syslogdname, - complaint, dname, dp, nsdp); - continue; - } -#ifdef BOGUSNS - /* - * Don't forward queries to bogus servers. Note - * that this is unlike the previous tests, which - * are fatal to the query. Here we just skip the - * server, which is only fatal if it's the last - * server. Note also that we antialias here -- all - * A RR's of a server are considered the same server, - * and if any of them is bogus we skip the whole - * server. Those of you using multiple A RR's to - * load-balance your servers will (rightfully) lose - * here. But (unfortunately) only if they are bogus. - */ - if (ip_match_address(bogus_nameservers, nsa) > 0) - goto skipserver; -#endif - if (server_options->blackhole_acl != NULL && - ip_match_address(server_options->blackhole_acl, - nsa) == 1) - continue; - - n++; - if (n >= NSMAX) - break; - skipaddr: - (void)NULL; - } - ns_debug(ns_log_default, 8, "nslookup: %d ns addrs", n); - need_sysquery: - if (found_arr == 0 && found_auth6 == 0) { - potential_ns++; - if (qp->q_distance < NS_MAX_DISTANCE) - (void) sysquery(dname, class, T_A, NULL, NULL, - 0, ns_port, QUERY, - qp->q_distance + 1); - } - skipserver: - (void)NULL; - } - ns_debug(ns_log_default, 3, "nslookup: %d ns addrs total", n); - qp->q_naddr = n; - if (n == 0 && potential_ns == 0 && !NS_ZFWDTAB(qp->q_fzone)) { - static const char *complaint = "No possible A RRs"; - if (sysloginfo && syslogdname && - !haveComplained((u_long)syslogdname, (u_long)complaint)) - { - ns_info(ns_log_default, "%s: query(%s) %s", - sysloginfo, syslogdname, complaint); - } - return (-1); - } - /* Update the refcounts before the sort. */ - for (i = naddr; i < (u_int)n; i++) { - DRCNTINC(qp->q_addr[i].nsdata); - DRCNTINC(qp->q_addr[i].ns); - } - /* Just sort the NS RR's we added, since the forwarders may - * be ahead of us (naddr > 0) - */ - if (n > naddr) { - qsort((char *)(qp->q_addr+naddr), n-naddr, sizeof(struct qserv), - (int (*)(const void *, const void *))qcomp); - } - return (n - naddr); -} - -/* - * qcomp - compare two NS addresses, and return a negative, zero, or - * positive value depending on whether the first NS address is - * "better than", "equally good as", or "inferior to" the second - * NS address. - * - * How "goodness" is defined (for the purposes of this routine): - * - If the estimated round trip times differ by an amount deemed significant - * then the one with the smaller estimate is preferred; else - * - If we can determine which one is topologically closer then the - * closer one is preferred; else - * - The one with the smaller estimated round trip time is preferred - * (zero is returned if the two estimates are identical). - * - * How "topological closeness" is defined (for the purposes of this routine): - * Ideally, named could consult some magic map of the Internet and - * determine the length of the path to an arbitrary destination. Sadly, - * no such magic map exists. However, named does have a little bit of - * topological information in the form of the sortlist (which includes - * the directly connected subnet(s), the directly connected net(s), and - * any additional nets that the administrator has added using the "sortlist" - * directive in the bootfile. Thus, if only one of the addresses matches - * something in the sortlist then it is considered to be topologically - * closer. If both match, but match different entries in the sortlist, - * then the one that matches the entry closer to the beginning of the - * sorlist is considered to be topologically closer. In all other cases, - * topological closeness is ignored because it's either indeterminate or - * equal. - * - * How times are compared: - * Both times are rounded to the closest multiple of the NOISE constant - * defined below and then compared. If the rounded values are equal - * then the difference in the times is deemed insignificant. Rounding - * is used instead of merely taking the absolute value of the difference - * because doing the latter would make the ordering defined by this - * routine be incomplete in the mathematical sense (e.g. A > B and - * B > C would not imply A > C). The mathematics are important in - * practice to avoid core dumps in qsort(). - * - * XXX: this doesn't solve the European root nameserver problem very well. - * XXX: we should detect and mark as inferior nameservers that give bogus - * answers - * - * (this was originally vixie's stuff but almquist fixed fatal bugs in it - * and wrote the above documentation) - */ - -/* - * RTT delta deemed to be significant, in milliseconds. With the current - * definition of RTTROUND it must be a power of 2. - */ -#define NOISE 64 - -#define RTTROUND(rtt) (((rtt) + (NOISE >> 1)) & ~(NOISE - 1)) - -int -qcomp(struct qserv *qs1, struct qserv *qs2) { - u_int rtt1, rtt2, rttr1, rttr2; - - /* sort lame servers to last */ - if (qs1->lame != qs2->lame) - return (qs1->lame - qs2->lame); - - /* sort by rtt */ - if (qs1->nsdata == NULL) { - rtt1 = 0; - rttr1 = 0; - } else { - rtt1 = qs1->nsdata->d_nstime; - rttr1 = RTTROUND(rtt1); - } - if (qs2->nsdata == NULL) { - rtt2 = 0; - rttr2 = 0; - } else { - rtt2 = qs2->nsdata->d_nstime; - rttr2 = RTTROUND(rtt2); - } - -#ifdef DEBUG - if (debug >= 10) { - char t[sizeof "255.255.255.255"]; - - strcpy(t, inet_ntoa(qs1->ns_addr.sin_addr)); - ns_debug(ns_log_default, 10, - "qcomp(%s, %s) %u (%u) - %u (%u) = %u", - t, inet_ntoa(qs2->ns_addr.sin_addr), - rtt1, rttr1, rtt2, rttr2, rtt1 - rtt2); - } -#endif - if (rttr1 == rttr2) { - int pos1, pos2, pdiff; - - pos1 = distance_of_address(server_options->topology, - qs1->ns_addr.sin_addr); - pos2 = distance_of_address(server_options->topology, - qs2->ns_addr.sin_addr); - pdiff = pos1 - pos2; - ns_debug(ns_log_default, 10, "\tpos1=%d, pos2=%d", pos1, pos2); - if (pdiff != 0) - return (pdiff); - } - return (rtt1 - rtt2); -} -#undef RTTROUND - -/* - * Arrange that forwarded query (qp) is retried after t seconds. - * Query list will be sorted after z_time is updated. - */ -void -schedretry(struct qinfo *qp, time_t t) { - struct qinfo *qp1, *qp2; - - ns_debug(ns_log_default, 4, "schedretry(%p, %ld sec)", qp, (long)t); - if (qp->q_time) - ns_debug(ns_log_default, 4, - "WARNING: schedretry(%#lx, %ld) q_time already %ld", - (u_long)qp, (long)t, (long)qp->q_time); - gettime(&tt); - t += (u_long) tt.tv_sec; - qp->q_time = t; - - if ((qp1 = retryqp) == NULL) { - retryqp = qp; - qp->q_next = NULL; - goto done; - } - if (t < qp1->q_time) { - qp->q_next = qp1; - retryqp = qp; - goto done; - } - while ((qp2 = qp1->q_next) != NULL && qp2->q_time < t) - qp1 = qp2; - qp1->q_next = qp; - qp->q_next = qp2; - done: - reset_retrytimer(); -} - -/* - * Unsched is called to remove a forwarded query entry. - */ -void -unsched(struct qinfo *qp) { - struct qinfo *np; - - ns_debug(ns_log_default, 3, "unsched(%#lx, %d)", - (u_long)qp, ntohs(qp->q_id)); - if (retryqp == qp) { - retryqp = qp->q_next; - } else { - for (np = retryqp; np->q_next != NULL; np = np->q_next) { - if (np->q_next != qp) - continue; - np->q_next = qp->q_next; /* dequeue */ - break; - } - } - qp->q_next = NULL; /* sanity check */ - qp->q_time = 0; - reset_retrytimer(); -} - -void -reset_retrytimer() { - static evTimerID id; - - if (retry_timer_set) { - (void) evClearTimer(ev, id); - retry_timer_set = 0; - } - - if (retryqp) { - evSetTimer(ev, retrytimer, NULL, - evConsTime(retryqp->q_time, 0), - evConsTime(0, 0), &id); - retry_timer_set = 1; - } else - memset(&id, 0, sizeof id); -} - -void -retrytimer(evContext ctx, void *uap, struct timespec due, - struct timespec ival) { - - UNUSED(ctx); - UNUSED(uap); - UNUSED(due); - UNUSED(ival); - - retry_timer_set = 0; - retry(retryqp, 0); -} - -/* - * Retry is called to retransmit query 'qp'. - */ -void -retry(struct qinfo *qp, int samehost) { - int n, has_tsig, oldqlen = 0; - HEADER *hp; - struct sockaddr_in *nsa; - int sendto_errno = 0; - u_char *oldqbuf = NULL; - u_char *smsg = NULL; - int smsglen, smsgsize = 0, siglen; - u_char sig[TSIG_SIG_SIZE]; - DST_KEY *key; - - ns_debug(ns_log_default, 3, "retry(%#lx) id=%d", (u_long)qp, - ntohs(qp->q_id)); - - if (qp->q_msg == NULL) { - qremove(qp); - return; - } - - if (qp->q_expire < tt.tv_sec) { - ns_debug(ns_log_default, 1, - "retry(%#lx): expired @ %lu (%d secs before now (%lu))", - (u_long)qp, (u_long)qp->q_expire, - (int)(tt.tv_sec - qp->q_expire), - (u_long)tt.tv_sec); - goto fail; - } - - /* Try next address. */ - n = qp->q_curaddr; - if (samehost) { - qp->q_addr[n].nretry++; - if (qp->q_addr[n].nretry < MAXRETRY) - goto found; - qp->q_addr[n].nretry--; - } - - if (qp->q_naddr > 0) { - qp->q_addr[n].noedns = 1; - ++qp->q_addr[n].nretry; - /* - * Look for a non-lame server. - */ - do { - if (++n >= (int)qp->q_naddr) - n = 0; - if ((qp->q_flags & Q_ZSERIAL) != 0 && - qp->q_addr[n].serial != 0) - continue; - if (qp->q_addr[n].lame) - continue; - if (qp->q_addr[n].nretry < MAXRETRY) - goto found; - } while (n != qp->q_curaddr); - /* - * Look for any server including lame servers. - */ - do { - if (++n >= (int)qp->q_naddr) - n = 0; - if ((qp->q_flags & Q_ZSERIAL) != 0 && - qp->q_addr[n].serial != 0) - continue; - if (qp->q_addr[n].nretry < MAXRETRY) - goto found; - } while (n != qp->q_curaddr); - if ((qp->q_flags & Q_ZSERIAL) != 0) { - qremove(qp); - return; - } - } - fail: - /* - * Give up. Can't reach destination. - */ - hp = (HEADER *)(qp->q_cmsg ? qp->q_cmsg : qp->q_msg); - if ((qp->q_flags & Q_PRIMING) != 0) { - /* Can't give up priming */ - if (qp->q_expire < tt.tv_sec) { - /* - * The query has expired. Reset it and retry from - * the beginning. - */ - hp->rcode = NOERROR; - hp->qr = hp->aa = 0; - for (n = 0; n < (int)qp->q_naddr; n++) - qp->q_addr[n].nretry = 0; - n = 0; - qp->q_expire = tt.tv_sec + RETRY_TIMEOUT*2; - goto found; - } - /* - * The query hasn't expired yet; it probably ran out - * of servers or forwarders. Wait up to 60 seconds - * past the expire time. - */ - unsched(qp); - schedretry(qp, (time_t)(qp->q_expire - tt.tv_sec + 60)); - return; - } - ns_debug(ns_log_default, 5, "give up"); - if ((qp->q_flags & Q_SYSTEM) == 0) { - n = (qp->q_cmsg ? qp->q_cmsglen : qp->q_msglen); - hp->id = qp->q_id; - hp->qr = 1; - hp->ra = (NS_OPTION_P(OPTION_NORECURSE) == 0); - hp->rd = 1; - hp->rcode = SERVFAIL; -#ifdef DEBUG - if (debug >= 10) - res_pquery(&res, qp->q_msg, n, - log_get_stream(packet_channel)); -#endif - if (send_msg((u_char *)hp, n, qp)) { - ns_debug(ns_log_default, 1, - "gave up retry(%#lx) nsid=%d id=%d", - (u_long)qp, - ntohs(qp->q_nsid), ntohs(qp->q_id)); - } - if (NS_OPTION_P(OPTION_HOSTSTATS)) - nameserIncr(qp->q_from.sin_addr, nssSentFail); - } - qremove(qp); - return; - - found: - if (qp->q_addr[n].nretry == 0) - qp->q_addr[n].stime = tt; - qp->q_curaddr = n; - hp = (HEADER *)qp->q_msg; - hp->rd = (qp->q_addr[n].forwarder ? 1 : 0); - nsa = Q_NEXTADDR(qp, n); - ns_debug(ns_log_default, 1, - "%s(addr=%d n=%d) -> [%s].%d ds=%d nsid=%d id=%d %dms", - (qp->q_addr[n].forwarder ? "reforw" : "resend"), - n, qp->q_addr[n].nretry, - inet_ntoa(nsa->sin_addr), - ntohs(nsa->sin_port), ds, - ntohs(qp->q_nsid), ntohs(qp->q_id), - (qp->q_addr[n].nsdata != 0) - ? qp->q_addr[n].nsdata->d_nstime - : (-1)); -#ifdef DEBUG - if (debug >= 10) - res_pquery(&res, qp->q_msg, qp->q_msglen, - log_get_stream(packet_channel)); -#endif - key = qp->q_keys[n]; - if (key == NULL) - key = qp->q_keys[n] = tsig_key_from_addr(nsa->sin_addr); - if (key != NULL || !qp->q_addr[n].noedns) { - smsgsize = qp->q_msglen + TSIG_BUF_SIZE + 11; - smsg = memget(smsgsize); - smsglen = qp->q_msglen; - siglen = sizeof(sig); - memcpy(smsg, qp->q_msg, qp->q_msglen); - } - - if (!qp->q_addr[n].noedns) - smsglen += ns_add_opt(smsg, smsg + smsglen, smsgsize, 0, 0, - server_options->edns_udp_size, - 0, NULL, 0); - - if (key != NULL) { - n = ns_sign(smsg, &smsglen, smsgsize, NOERROR, key, NULL, 0, - sig, &siglen, 0); - if (n == 0) { - has_tsig = 1; - free_tsig(qp->q_nstsig); - qp->q_nstsig = new_tsig(key, sig, siglen); - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - INSIST(0); - } - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - } - - if (smsg != NULL) { - oldqbuf = qp->q_msg; - oldqlen = qp->q_msglen; - qp->q_msglen = smsglen; - qp->q_msg = smsg; - } - - if (qp->q_flags & Q_USEVC) { - if (tcp_send(qp) != NOERROR) - ns_debug(ns_log_default, 3, - "error resending tcp msg: %s", - strerror(errno)); - } else if (sendto(ds, (char*)qp->q_msg, qp->q_msglen, 0, - (struct sockaddr *)nsa, - sizeof(struct sockaddr_in)) < 0) - { - sendto_errno = errno; - ns_debug(ns_log_default, 3, "error resending msg: %s", - strerror(errno)); - } - if (smsgsize != 0) { - memput(smsg, smsgsize); - qp->q_msg = oldqbuf; - qp->q_msglen = oldqlen; - } - hp->rd = 1; /* leave set to 1 for dup detection */ - nameserIncr(nsa->sin_addr, nssSentDupQ); - unsched(qp); - switch (sendto_errno) { - case ENETDOWN: - case ENETUNREACH: - case EHOSTDOWN: - case EHOSTUNREACH: - schedretry(qp, (time_t) 0); - return; - } - schedretry(qp, retrytime(qp)); -} - -/* - * Compute retry time for the next server for a query. - * Use a minimum time of RETRYBASE (4 sec.) or twice the estimated - * service time; * back off exponentially on retries, but place a 45-sec. - * ceiling on retry times for now. (This is because we don't hold a reference - * on servers or their addresses, and we have to finish before they time out.) - */ -time_t -retrytime(struct qinfo *qp) { - time_t t, u, v; - struct qserv *ns = &qp->q_addr[qp->q_curaddr]; - - if (ns->nsdata != NULL) - t = (time_t) MAX(RETRYBASE, 2 * ns->nsdata->d_nstime / 1000); - else - t = (time_t) RETRYBASE; - u = t << ns->nretry; - v = MIN(u, RETRY_TIMEOUT); /* max. retry timeout for now */ - ns_debug(ns_log_default, 3, - "retrytime: nstime%ldms t%ld nretry%ld u%ld : v%ld", - ns->nsdata ? (long)(ns->nsdata->d_nstime / 1000) : (long)-1, - (long)t, (long)ns->nretry, (long)u, (long)v); - return (v); -} - -void -qflush() { - while (nsqhead) - qremove(nsqhead); - nsqhead = NULL; - priming = 0; -} - -void -qremove(struct qinfo *qp) { - ns_debug(ns_log_default, 3, "qremove(%#lx)", (u_long)qp); - - if ((qp->q_flags & Q_ZSERIAL) != 0) - qserial_answer(qp); - unsched(qp); - ns_freeqry(qp); -} - -struct qinfo * -qfindid(u_int16_t id) { - struct qinfo *qp; - - for (qp = nsqhead; qp != NULL; qp = qp->q_link) - if (qp->q_nsid == id) - break; - ns_debug(ns_log_default, 3, "qfindid(%d) -> %#lx", ntohs(id), - (u_long)qp); - return (qp); -} - -struct qinfo * -qnew(const char *name, int class, int type, int forward) { - struct qinfo *qp; - const char *s; - int escape = 0; - - qp = (struct qinfo *)memget(sizeof *qp); - if (qp == NULL) - ns_panic(ns_log_default, 1, "qnew: memget failed"); - memset(qp, 0, sizeof *qp); - ns_debug(ns_log_default, 5, "qnew(%#lx)", (u_long)qp); -#ifdef BIND_NOTIFY - qp->q_notifyzone = DB_Z_CACHE; -#endif - qp->q_link = nsqhead; - nsqhead = qp; - qp->q_name = savestr(name, 1); - qp->q_class = (u_int16_t)class; - qp->q_type = (u_int16_t)type; - qp->q_flags = 0; - s = name; - qp->q_fzone = NULL; - for (;forward;) { /* find forwarding zone, if any */ - if ((qp->q_fzone = find_zone(s, class)) != NULL && - (qp->q_fzone->z_flags & Z_FORWARD_SET) != 0) - break; - qp->q_fzone = NULL; - if (*s == '\0') - break; - while (*s != '\0' && (escape || *s != '.')) { - escape = escape ? 0 : (*s == '\\'); - s++; - } - if (*s != '\0') - s++; - } - return (qp); -} - -void -ns_freeqns(struct qinfo *qp) { - unsigned int i; - - for (i = 0 ; i < qp->q_naddr ; i++) { - if (qp->q_addr[i].ns != NULL) - db_detach(&qp->q_addr[i].ns); - if (qp->q_addr[i].nsdata != NULL) - db_detach(&qp->q_addr[i].nsdata); - } -} - -void -ns_freeqry(struct qinfo *qp) { - struct qinfo *np; - - ns_debug(ns_log_default, 3, "ns_freeqry(%#lx)", (u_long)qp); - if (qp->q_next) - ns_debug(ns_log_default, 1, - "WARNING: ns_freeqry of linked ptr %#lx", (u_long)qp); - if (qp->q_msg != NULL) - memput(qp->q_msg, qp->q_msgsize); - if (qp->q_cmsg != NULL) - memput(qp->q_cmsg, qp->q_cmsgsize); - if (qp->q_domain != NULL) - qp->q_domain = freestr(qp->q_domain); - if (qp->q_name != NULL) - qp->q_name = freestr(qp->q_name); - if (qp->q_tsig != NULL) - memput(qp->q_tsig, sizeof(struct tsig_record)); - if (qp->q_nstsig != NULL) - memput(qp->q_nstsig, sizeof(struct tsig_record)); - ns_freeqns(qp); - if (nsqhead == qp) - nsqhead = qp->q_link; - else { - for(np = nsqhead; - np->q_link != NULL; - np = np->q_link) { - if (np->q_link != qp) - continue; - np->q_link = qp->q_link; /* dequeue */ - break; - } - } - memput(qp, sizeof *qp); -} - -void -nsfwdadd(struct qinfo *qp, struct fwdinfo *fwd) { - int i, n; - struct qserv *qs; - - n = qp->q_naddr; - while (fwd != NULL && n < NSMAX) { - qs = qp->q_addr; - for (i = 0; i < n; i++, qs++) - if (ina_equal(qs->ns_addr.sin_addr, - fwd->fwddata->fwdaddr.sin_addr)) - goto nextfwd; - qs->ns_addr = fwd->fwddata->fwdaddr; - qs->ns = fwd->fwddata->ns; - qs->nsdata = fwd->fwddata->nsdata; - qs->forwarder = 1; - qs->noedns = fwd->fwddata->nsdata->d_noedns; - if (!qs->noedns) { - server_info si = find_server(qs->ns_addr.sin_addr); - if (si && (si->flags & SERVER_INFO_EDNS) == 0) - qs->noedns = 1; - } - qs->nretry = 0; - n++; - nextfwd: - fwd = fwd->next; - } - - /* Update the refcounts before the sort. */ - for (i = qp->q_naddr; i < n; i++) { - DRCNTINC(qp->q_addr[i].nsdata); - DRCNTINC(qp->q_addr[i].ns); - } - qp->q_naddr = n; - if (n > 1) { - qsort((char *)qp->q_addr, n, sizeof(struct qserv), - (int (*)(const void *, const void *))qcomp); - } -} diff --git a/contrib/bind/bin/named/ns_func.h b/contrib/bind/bin/named/ns_func.h deleted file mode 100644 index 8b77283..0000000 --- a/contrib/bind/bin/named/ns_func.h +++ /dev/null @@ -1,528 +0,0 @@ -/* - * Copyright (c) 1985, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Check Point Software Technologies Incorporated not be used - * in advertising or publicity pertaining to distribution of the document - * or software without specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES - * INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - * IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED - * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR - * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* ns_func.h - declarations for ns_*.c's externally visible functions - * - * $Id: ns_func.h,v 8.120.8.1 2003/06/02 05:19:56 marka Exp $ - */ - -/* ++from ns_glue.c++ */ -struct in_addr ina_get(const u_char *data); -const char * sin_ntoa(struct sockaddr_in); -int ns_wouldlog(int category, int level); -void ns_debug(int, int, const char *, ...) ISC_FORMAT_PRINTF(3, 4); -void ns_info(int, const char *, ...) ISC_FORMAT_PRINTF(2, 3); -void ns_notice(int, const char *, ...) ISC_FORMAT_PRINTF(2, 3); -void ns_warning(int, const char *, ...) ISC_FORMAT_PRINTF(2, 3); -void ns_error(int, const char *, ...) ISC_FORMAT_PRINTF(2, 3); -void ns_critical(int, const char *, ...) ISC_FORMAT_PRINTF(2, 3); -void ns_panic(int, int, const char *, ...) ISC_FORMAT_PRINTF(3, 4); -void ns_assertion_failed(const char *file, int line, - assertion_type type, - const char *cond, int print_errno); -void panic(const char *, const void *); -void gettime(struct timeval *); -int nlabels(const char *); -int my_close(int); -int my_fclose(FILE *); -void * __freestr(char *); -char * __newstr(size_t, int); -char * __savestr(const char *, int); -const char * checked_ctime(const time_t *t); -const char * ctimel(long); -void * __freestr_record(char *, const char *, int); -char * __newstr_record(size_t, int, const char *, int); -char * __savestr_record(const char *, int, const char *, int); -u_char * ina_put(struct in_addr ina, u_char *data); -u_char * savebuf(const u_char *, size_t, int); -#ifdef DEBUG_STRINGS -char * debug_newstr(size_t, int, const char *, int); -char * debug_savestr(const char *, int, const char *, int); -void * debug_freestr(char *, const char *, int); -#define newstr(l, n) debug_newstr((l), (n), __FILE__, __LINE__) -#define savestr(s, n) debug_savestr((s), (n), __FILE__, __LINE__) -#define freestr(s) debug_freestr((s), __FILE__, __LINE__) -#else -#ifdef RECORD_STRINGS -#define newstr(l, n) __newstr_record((l), (n), __FILE__, __LINE__) -#define savestr(s, n) __savestr_record((s), (n), __FILE__, __LINE__) -#define freestr(s) __freestr_record((s), __FILE__, __LINE__) -#else -#define newstr(l, n) __newstr((l), (n)) -#define savestr(s, n) __savestr((s), (n)) -#define freestr(s) __freestr((s)) -#endif -#endif /* DEBUG_STRINGS */ -/* --from ns_glue.c-- */ - -/* ++from ns_notify.c++ */ -#ifdef BIND_NOTIFY -void ns_notify(const char *, ns_class, ns_type); -void notify_afterload(void); -void ns_unnotify(void); -void ns_stopnotify(const char *, ns_class); -#endif -/* --from ns_notify.c-- */ - -/* ++from ns_resp.c++ */ -void ns_resp(u_char *, int, struct sockaddr_in, - struct qstream *); -void prime_cache(void); -void delete_all(struct namebuf *, int, int); -int delete_stale(struct namebuf *); -struct qinfo * sysquery(const char *, int, int, - struct in_addr *, struct dst_key **keys, - int, u_int16_t, int, int); -int doupdate(u_char *, u_char *, struct databuf **, - int, int, int, u_int, struct sockaddr_in); -int send_msg(u_char *, int, struct qinfo *); -int findns(struct namebuf **, int, - struct databuf **, int *, int); -int finddata(struct namebuf *, int, int, HEADER *, - char **, int *, int *, int, int); -int add_data(struct namebuf *, - struct databuf **, - u_char *, int, int *); -int trunc_adjust(u_char *, int, int); -/* --from ns_resp.c-- */ - -/* ++from ns_req.c++ */ -int ns_get_opt(u_char *msg, u_char *eom, - u_int8_t *versionp, u_int16_t *rcodep, - u_int16_t *flagp, u_int16_t *bufsizep, - u_char **optionsp, size_t *optsizep); -int ns_add_opt(u_char *msg, u_char *cp, size_t buflen, - u_int8_t version, u_int16_t rcode, - u_int16_t size, u_int16_t flags, - u_char *options, size_t optlen); -void ns_req(u_char *, int, int, - struct qstream *, - struct sockaddr_in, - int); -void free_addinfo(void); -void free_nsp(struct databuf **); -int stale(struct databuf *); -int make_rr(const char *, struct databuf *, - u_char *, int, int, - u_char **, u_char **, int); -int doaddinfo(HEADER *, u_char *, int); -int doaddauth(HEADER *, u_char *, int, - struct namebuf *, - struct databuf *); -#ifdef BIND_NOTIFY -int findZonePri(const struct zoneinfo *, - const struct sockaddr_in); -#endif -int drop_port(u_int16_t); -/* --from ns_req.c-- */ - -/* ++from ns_xfr.c++ */ -void ns_xfr(struct qstream *qsp, struct namebuf *znp, - int zone, int class, int type, - int id, int opcode, u_int32_t serial_ixfr, - struct tsig_record *in_tsig); -void ns_stopxfrs(struct zoneinfo *); -void ns_freexfr(struct qstream *); -void sx_newmsg(struct qstream *qsp); -void sx_sendlev(struct qstream *qsp); -void sx_sendsoa(struct qstream *qsp); -/* --from ns_xfr.c-- */ - -/* ++from ns_ctl.c++ */ -void ns_ctl_initialize(void); -void ns_ctl_shutdown(void); -void ns_ctl_defaults(controls *); -void ns_ctl_add(controls *, control); -control ns_ctl_new_inet(struct in_addr, u_int, ip_match_list); -#ifndef NO_SOCKADDR_UN -control ns_ctl_new_unix(const char *, mode_t, uid_t, gid_t); -#endif -void ns_ctl_install(controls *); -/* --from ns_ctl.c-- */ - -/* ++from ns_ixfr.c++ */ -void sx_send_ixfr(struct qstream *); -int ixfr_log_maint(struct zoneinfo *); -/* --from ns_ixfr.c-- */ - -/* ++from ns_forw.c++ */ -time_t retrytime(struct qinfo *); -int ns_forw(struct databuf *nsp[], - u_char *msg, - int msglen, - struct sockaddr_in from, - struct qstream *qsp, - int dfd, - struct qinfo **qpp, - const char *dname, - int class, - int type, - struct namebuf *np, - int use_tcp, - struct tsig_record *in_tsig); -int haveComplained(u_long, u_long); -int nslookup(struct databuf *nsp[], - struct qinfo *qp, - const char *syslogdname, - const char *sysloginfo); -int qcomp(struct qserv *, struct qserv *); -void schedretry(struct qinfo *, time_t); -void unsched(struct qinfo *); -void reset_retrytimer(void); -void retrytimer(evContext ctx, void *uap, - struct timespec due, struct timespec ival); -void retry(struct qinfo *, int); -void qflush(void); -void qremove(struct qinfo *); -void ns_freeqns(struct qinfo *); -void ns_freeqry(struct qinfo *); -void freeComplaints(void); -void nsfwdadd(struct qinfo *, struct fwdinfo *); -struct qinfo * qfindid(u_int16_t); -struct qinfo * qnew(const char *, int, int, int); -/* --from ns_forw.c-- */ - -/* ++from ns_main.c++ */ -void toggle_qrylog(void); -struct in_addr net_mask(struct in_addr); -void sq_remove(struct qstream *); -void sq_flushw(struct qstream *); -void sq_flush(struct qstream *allbut); -void dq_remove_gen(time_t gen); -void dq_remove_all(void); -void sq_done(struct qstream *); -void ns_setproctitle(char *, int); -void getnetconf(int); -void nsid_init(void); -void ns_setoption(int option); -void writestream(struct qstream *, const u_char *, int); -void ns_need_unsafe(enum need); -void ns_need(enum need); -void opensocket_f(void); -void nsid_hash(u_char *, size_t); -u_int16_t nsid_next(void); -int sq_openw(struct qstream *, int); -int sq_writeh(struct qstream *, sq_closure); -int sq_write(struct qstream *, const u_char *, int); -int tcp_send(struct qinfo *); -int aIsUs(struct in_addr); -/* --from ns_main.c-- */ - -/* ++from ns_maint.c++ */ -void zone_maint(struct zoneinfo *); -void sched_zone_maint(struct zoneinfo *); -void ns_cleancache(evContext ctx, void *uap, - struct timespec due, - struct timespec inter); -void clean_cache_from(char *dname, struct hashbuf *htp); -void remove_zone(struct zoneinfo *, const char *); -void purge_zone(struct zoneinfo *, struct hashbuf *); -void loadxfer(void); -void qserial_retrytime(struct zoneinfo *, time_t); -void qserial_query(struct zoneinfo *); -void qserial_answer(struct qinfo *); -#ifdef DEBUG -void printzoneinfo(int, int, int); -#endif -void endxfer(void); -void tryxfer(void); -void addxfer(struct zoneinfo *); -void ns_zreload(void); -void ns_reload(void); -void ns_reconfig(void); -void ns_noexpired(void); -#if 0 -int reload_all_unsafe(void); -#endif -int zonefile_changed_p(struct zoneinfo *); -int reload_master(struct zoneinfo *); -const char * deferred_reload_unsafe(struct zoneinfo *); -struct namebuf * purge_node(struct hashbuf *htp, struct namebuf *np); -int clean_cache(struct hashbuf *, int); -void reapchild(void); -const char * zoneTypeString(unsigned int); -void ns_heartbeat(evContext ctx, void *uap, - struct timespec, struct timespec); -void make_new_zones(void); -void free_zone(struct zoneinfo *); -struct zoneinfo * find_auth_zone(const char *, ns_class); -int purge_nonglue(struct zoneinfo *, struct hashbuf *htp, - int log); -/* --from ns_maint.c-- */ - -/* ++from ns_sort.c++ */ -void sort_response(u_char *, u_char *, int, - struct sockaddr_in *); -/* --from ns_sort.c-- */ - -/* ++from ns_init.c++ */ -void ns_refreshtime(struct zoneinfo *, time_t); -void ns_retrytime(struct zoneinfo *, time_t); -time_t ns_init(const char *); -enum context ns_ptrcontext(const char *owner); -enum context ns_ownercontext(int type, enum transport); -int ns_nameok(const struct qinfo *qry, const char *name, - int class, struct zoneinfo *zp, - enum transport, enum context, - const char *owner, - struct in_addr source); -int ns_wildcard(const char *name); -void zoneinit(struct zoneinfo *); -void do_reload(struct zoneinfo *, int); -void ns_shutdown(void); -/* --from ns_init.c-- */ - -/* ++from ns_ncache.c++ */ -void cache_n_resp(u_char *, int, struct sockaddr_in, - const char *, int, int); -/* --from ns_ncache.c-- */ - -/* ++from ns_udp.c++ */ -void ns_udp(void); -/* --from ns_udp.c-- */ - -/* ++from ns_stats.c++ */ -void ns_stats(void); -void ns_stats_dumpandclear(void); -void ns_freestats(void); -void ns_logstats(evContext ctx, void *uap, - struct timespec, struct timespec); -void qtypeIncr(int qtype); -struct nameser * nameserFind(struct in_addr addr, int flags); -#define NS_F_INSERT 0x0001 -#define nameserIncr(a,w) NS_INCRSTAT(a,w) /* XXX should change name. */ -/* --from ns_stats.c-- */ - -/* ++from ns_update.c++ */ -struct databuf * findzonesoa(struct zoneinfo *); -void free_rrecp(ns_updque *, int rcode, struct sockaddr_in); -int findzone(const char *, int, int, int *, int); -u_char * findsoaserial(u_char *data); -u_int32_t get_serial_unchecked(struct zoneinfo *zp); -u_int32_t get_serial(struct zoneinfo *zp); -void set_serial(struct zoneinfo *zp, u_int32_t serial); -int schedule_soa_update(struct zoneinfo *, int); -int schedule_dump(struct zoneinfo *); -int incr_serial(struct zoneinfo *zp); -int merge_logs(struct zoneinfo *zp, char *logname); -int zonedump(struct zoneinfo *zp, int isixfr); -void dynamic_about_to_exit(void); -enum req_action req_update(HEADER *hp, u_char *cp, u_char *eom, - u_char *msg, struct sockaddr_in from, - struct tsig_record *in_tsig); -void rdata_dump(struct databuf *dp, FILE *fp); -/* --from ns_update.c-- */ - -/* ++from ns_config.c++ */ -void add_to_rrset_order_list(rrset_order_list, - rrset_order_element); -const char * p_order(int); -int set_zone_ixfr_file(zone_config, char *); -int set_zone_master_port(zone_config, u_short); -int set_zone_max_log_size_ixfr(zone_config, int); -int set_zone_dialup(zone_config, int); -int set_trusted_key(const char *, const int, - const int, const int, const char *); -int set_zone_ixfr_tmp(zone_config, char *); -void free_zone_timerinfo(struct zoneinfo *); -void free_zone_contents(struct zoneinfo *, int); -struct zoneinfo * find_zone(const char *, int); -zone_config begin_zone(char *, int); -void end_zone(zone_config, int); -int set_zone_type(zone_config, int); -int set_zone_filename(zone_config, char *); -int set_zone_checknames(zone_config, enum severity); -#ifdef BIND_NOTIFY -int set_zone_notify(zone_config, enum notify value); -#endif -int set_zone_maintain_ixfr_base(zone_config, int value); -int set_zone_update_acl(zone_config, ip_match_list); -int set_zone_query_acl(zone_config, ip_match_list); -int set_zone_transfer_acl(zone_config, ip_match_list); -int set_zone_transfer_source(zone_config, struct in_addr); -int set_zone_pubkey(zone_config, const int, const int, - const int, const char *); -int set_zone_transfer_time_in(zone_config, long); -int add_zone_master(zone_config, struct in_addr, - struct dst_key *); -#ifdef BIND_NOTIFY -int add_zone_notify(zone_config, struct in_addr); -#endif -void set_zone_forward(zone_config); -void add_zone_forwarder(zone_config, struct in_addr); -void set_zone_boolean_option(zone_config, int, int); -options new_options(void); -void free_options(options); -void free_rrset_order_list(rrset_order_list); -void set_global_boolean_option(options, int, int); -listen_info_list new_listen_info_list(void); -void free_listen_info_list(listen_info_list); -void add_listen_on(options, u_short, ip_match_list); -FILE * write_open(char *filename); -void update_pid_file(void); -void set_options(options, int); -void use_default_options(void); -enum ordering lookup_ordering(const char *); -rrset_order_list new_rrset_order_list(void); -rrset_order_element new_rrset_order_element(int, int, char *, enum ordering); -ip_match_list new_ip_match_list(void); -void free_ip_match_list(ip_match_list); -ip_match_element new_ip_match_pattern(struct in_addr, u_int); -ip_match_element new_ip_match_mask(struct in_addr, struct in_addr); -ip_match_element new_ip_match_indirect(ip_match_list); -ip_match_element new_ip_match_key(struct dst_key *dst_key); -ip_match_element new_ip_match_localhost(void); -ip_match_element new_ip_match_localnets(void); -void ip_match_negate(ip_match_element); -void add_to_ip_match_list(ip_match_list, ip_match_element); -void dprint_ip_match_list(int, ip_match_list, int, - const char *, const char *); -int ip_match_address(ip_match_list, struct in_addr); -int ip_match_addr_or_key(ip_match_list, struct in_addr, - struct dst_key *key); -int ip_address_allowed(ip_match_list, struct in_addr); -int ip_addr_or_key_allowed(ip_match_list iml, - struct in_addr, - struct dst_key *key); -int ip_match_network(ip_match_list, struct in_addr, - struct in_addr); -int ip_match_key_name(ip_match_list iml, char *name); -int distance_of_address(ip_match_list, struct in_addr); -int ip_match_is_none(ip_match_list); -#ifdef BIND_NOTIFY -void free_also_notify(options); -int add_global_also_notify(options, struct in_addr); -#endif -void add_global_forwarder(options, struct in_addr); -void free_forwarders(struct fwdinfo *); -server_info find_server(struct in_addr); -server_config begin_server(struct in_addr); -void end_server(server_config, int); -void set_server_option(server_config, int, int); -void set_server_transfers(server_config, int); -void set_server_transfer_format(server_config, - enum axfr_format); -void add_server_key_info(server_config, struct dst_key *); -struct dst_key *new_key_info(char *, char *, char *); -void free_key_info(struct dst_key *); -struct dst_key *find_key(char *name, char *algorithm); -void dprint_key_info(struct dst_key *); -key_info_list new_key_info_list(void); -void free_key_info_list(key_info_list); -void add_to_key_info_list(key_info_list, struct dst_key *); -void dprint_key_info_list(key_info_list); -log_config begin_logging(void); -void add_log_channel(log_config, int, log_channel); -void open_special_channels(void); -void set_logging(log_config, int); -void end_logging(log_config, int); -void use_default_logging(void); -void init_logging(void); -void shutdown_logging(void); -void init_configuration(void); -void shutdown_configuration(void); -time_t load_configuration(const char *); -/* --from ns_config.c-- */ - -/* ++from parser.y++ */ -ip_match_list lookup_acl(const char *); -void define_acl(const char *, ip_match_list); -struct dst_key *lookup_key(char *); -void define_key(const char *, struct dst_key *); -time_t parse_configuration(const char *); -void parser_initialize(void); -void parser_shutdown(void); -/* --from parser.y-- */ - -/* ++from ns_signal.c++ */ -void init_signals(void); -void block_signals(void); -void unblock_signals(void); -/* --from ns_signal.c-- */ diff --git a/contrib/bind/bin/named/ns_glob.h b/contrib/bind/bin/named/ns_glob.h deleted file mode 100644 index 35fcb6e..0000000 --- a/contrib/bind/bin/named/ns_glob.h +++ /dev/null @@ -1,347 +0,0 @@ -/* - * from ns.h 4.33 (Berkeley) 8/23/90 - * $Id: ns_glob.h,v 8.59 2002/07/19 22:44:08 marka Exp $ - */ - -/* - * Copyright (c) 1986 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Global variables for the name server. - */ - - /* original argv[] from main() */ -DECL char **saved_argv; - -#ifdef DEBUG -DECL int debug INIT(0); -DECL int desired_debug INIT(0); -#endif - - /* global event context */ -DECL evContext ev; - - /* global resolver context. */ -DECL struct __res_state res; - - /* list of open streams */ -DECL struct qstream *streamq; - - /* often set to the current time */ -DECL struct timeval tt; - - /* head of allocated queries */ -DECL struct qinfo *nsqhead; - - /* datagram socket for sysquery() and ns_forw(). */ -DECL int ds INIT(-1); - - /* event ID for reads of "ds". */ -DECL evFileID ds_evID; - -#ifdef QRYLOG - /* is query logging turned on? */ -DECL int qrylog; -#endif /*QRYLOG*/ - - /* port to which we send queries */ -DECL u_int16_t ns_port; - - /* Source addr of our internal resolver. */ -DECL struct sockaddr_in source_addr; /* INITs to <INADDR_ANY, 0>. */ - - /* Used by ns_stats */ -DECL time_t boottime; - -DECL time_t resettime; - - /* next query to retry */ -DECL struct qinfo *retryqp; - - /* configuration file name */ -DECL char *conffile; - - /* configuration file mtime */ -DECL time_t confmtime; - - /* default debug output file */ -DECL char *debugfile; - - /* zone information */ -DECL struct zoneinfo *zones; - - /* number of zones allocated */ -DECL int nzones; - - /* free list of unused zones[] elements. */ -DECL LIST(struct zoneinfo) freezones; - - /* list of zones that have a reload pending. */ -DECL LIST(struct zoneinfo) reloadingzones; - - /* set if we need a priming */ -DECL int needs_prime_cache; - - /* is cache being primed */ -DECL int priming; - - /* ptrs to dnames in msg for dn_comp */ -DECL u_char *dnptrs[40]; - - /* end pointer for dnptrs */ -DECL u_char **dnptrs_end - INIT(dnptrs + sizeof dnptrs / sizeof(u_char*)); - - /* data about all forwarders */ -DECL struct fwddata **fwddata; - /* how many forwarders are there in fwddata? */ -DECL int fwddata_count; - - /* number of names in addinfo */ -DECL int addcount; - - /* name of cache file */ -DECL const char *cache_file; - -#ifdef BIND_UPDATE -DECL const char * LogSignature INIT(";BIND LOG V8\n"); -DECL const char * DumpSignature INIT(";BIND DUMP V8\n"); -DECL const char * DumpSuffix INIT(".dumptmp"); -#endif - -DECL const char sendtoStr[] INIT("sendto"); -DECL const char tcpsendStr[] INIT("tcp_send"); - - /* defined in version.c, can't use DECL/INIT */ -extern char Version[]; -extern char ShortVersion[]; - - /* If getnum() has an error, here will be the result. */ -DECL int getnum_error INIT(0); - -enum context { domain_ctx, owner_ctx, mailname_ctx, hostname_ctx }; -DECL const char *context_strings[] -#ifdef MAIN_PROGRAM - = { "domain", "owner", "mail", "host", NULL } -#endif -; - -DECL const char *transport_strings[] -#ifdef MAIN_PROGRAM - = { "primary", "secondary", "response", NULL } -#endif -; - -DECL const char *severity_strings[] -#ifdef MAIN_PROGRAM - = { "ignore", "warn", "fail", "not_set", NULL } -#endif -; - -DECL struct in_addr inaddr_any; /* Inits to 0.0.0.0 */ - -DECL options server_options INIT(NULL); - -DECL server_info nameserver_info INIT(NULL); -DECL key_info_list secretkey_info INIT(NULL); - -DECL ip_match_list bogus_nameservers INIT(NULL); - -DECL log_context log_ctx; -DECL int log_ctx_valid INIT(0); - -DECL log_channel syslog_channel INIT(NULL); -DECL log_channel debug_channel INIT(NULL); -DECL log_channel stderr_channel INIT(NULL); -DECL log_channel eventlib_channel INIT(NULL); -DECL log_channel packet_channel INIT(NULL); -DECL log_channel null_channel INIT(NULL); - -DECL ip_match_list local_addresses INIT(NULL); -DECL ip_match_list local_networks INIT(NULL); - - /* are we running in no-fork mode? */ -DECL int foreground INIT(0); - -DECL const struct ns_sym logging_constants[] -#ifdef MAIN_PROGRAM -= { - { log_info, "info" }, - { log_notice, "notice" }, - { log_warning, "warning" }, - { log_error, "error" }, - { log_critical, "critical" }, - { 0, NULL } -} -#endif -; - -DECL const struct ns_sym syslog_constants[] -#ifdef MAIN_PROGRAM -= { - { LOG_KERN, "kern" }, - { LOG_USER, "user" }, - { LOG_MAIL, "mail" }, - { LOG_DAEMON, "daemon" }, - { LOG_AUTH, "auth" }, - { LOG_SYSLOG, "syslog" }, - { LOG_LPR, "lpr" }, -#ifdef LOG_NEWS - { LOG_NEWS, "news" }, -#endif -#ifdef LOG_UUCP - { LOG_UUCP, "uucp" }, -#endif -#ifdef LOG_CRON - { LOG_CRON, "cron" }, -#endif -#ifdef LOG_AUTHPRIV - { LOG_AUTHPRIV, "authpriv" }, -#endif -#ifdef LOG_FTP - { LOG_FTP, "ftp" }, -#endif - { LOG_LOCAL0, "local0"}, - { LOG_LOCAL1, "local1"}, - { LOG_LOCAL2, "local2"}, - { LOG_LOCAL3, "local3"}, - { LOG_LOCAL4, "local4"}, - { LOG_LOCAL5, "local5"}, - { LOG_LOCAL6, "local6"}, - { LOG_LOCAL7, "local7"}, - { 0, NULL } -} -#endif -; - -DECL const struct ns_sym category_constants[] -#ifdef MAIN_PROGRAM -= { - { ns_log_default, "default" }, - { ns_log_config, "config" }, - { ns_log_parser, "parser" }, - { ns_log_queries, "queries" }, - { ns_log_lame_servers, "lame-servers" }, - { ns_log_statistics, "statistics" }, - { ns_log_panic, "panic" }, - { ns_log_update, "update" }, - { ns_log_ncache, "ncache" }, - { ns_log_xfer_in, "xfer-in" }, - { ns_log_xfer_out, "xfer-out" }, - { ns_log_db, "db" }, - { ns_log_eventlib, "eventlib" }, - { ns_log_packet, "packet" }, -#ifdef BIND_NOTIFY - { ns_log_notify, "notify" }, -#endif - { ns_log_cname, "cname" }, - { ns_log_security, "security" }, - { ns_log_os, "os" }, - { ns_log_insist, "insist" }, - { ns_log_maint, "maintenance" }, - { ns_log_load, "load" }, - { ns_log_resp_checks, "response-checks" }, - { ns_log_control, "control" }, - { ns_log_update_security, "update-security" }, - { 0, NULL } -} -#endif -; - -DECL const char panic_msg_no_options[] - INIT("no server_options in NS_OPTION_P"); - -DECL const char panic_msg_insist_failed[] - INIT("%s:%d: insist '%s' failed: %s"); - -DECL const char panic_msg_bad_which[] - INIT("%s:%d: INCRSTATS(%s): bad \"which\""); - -DECL u_long globalStats[nssLast]; - -DECL evTimerID clean_timer; -DECL evTimerID interface_timer; -DECL evTimerID stats_timer; -DECL evTimerID heartbeat_timer; -DECL int active_timers INIT(0); - -DECL uid_t user_id; -DECL char * user_name INIT(NULL); -DECL gid_t group_id; -DECL char * group_name INIT(NULL); -DECL char * chroot_dir INIT(NULL); -DECL char * working_dir INIT(NULL); - -DECL int loading INIT(0); - -DECL int xfers_running INIT(0); -DECL int xfers_deferred INIT(0); -DECL int qserials_running INIT(0); -DECL int initial_configuration INIT(1); diff --git a/contrib/bind/bin/named/ns_glue.c b/contrib/bind/bin/named/ns_glue.c deleted file mode 100644 index 3d73c18..0000000 --- a/contrib/bind/bin/named/ns_glue.c +++ /dev/null @@ -1,469 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_glue.c,v 8.24 2002/01/07 02:54:37 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/uio.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <resolv.h> -#include <signal.h> -#include <stdarg.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> -#include <stdarg.h> -#include <unistd.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include "port_after.h" - -#include "named.h" - -/* - * IP address from unaligned octets. - */ -struct in_addr -ina_get(const u_char *data) { - struct in_addr ret; - u_int32_t i; - - GETLONG(i, data); - ina_ulong(ret) = htonl(i); - return (ret); -} - -/* - * IP address to unaligned octets. - */ -u_char * -ina_put(struct in_addr ina, u_char *data) { - PUTLONG(ntohl(ina_ulong(ina)), data); - return (data); -} - -/* - * IP address to presentation format. - */ -const char * -sin_ntoa(struct sockaddr_in sin) { - static char ret[sizeof "[111.222.333.444].55555"]; - - sprintf(ret, "[%s].%u", inet_ntoa(sin.sin_addr), ntohs(sin.sin_port)); - return (ret); -} - -/* - * Logging Support - */ - -int -ns_wouldlog(int category, int level) { - if (log_ctx_valid) - return (log_check(log_ctx, category, level)); - return (0); -} - -void -ns_debug(int category, int level, const char *format, ...) { - va_list args; - - if (!log_ctx_valid) - return; - va_start(args, format); - log_vwrite(log_ctx, category, log_debug(level), format, args); - va_end(args); -} - -void -ns_info(int category, const char *format, ...) { - va_list args; - - if (!log_ctx_valid) - return; - va_start(args, format); - log_vwrite(log_ctx, category, log_info, format, args); - va_end(args); -} - -void -ns_notice(int category, const char *format, ...) { - va_list args; - - if (!log_ctx_valid) - return; - va_start(args, format); - log_vwrite(log_ctx, category, log_notice, format, args); - va_end(args); -} - -void -ns_warning(int category, const char *format, ...) { - va_list args; - - if (!log_ctx_valid) - return; - va_start(args, format); - log_vwrite(log_ctx, category, log_warning, format, args); - va_end(args); -} - -void -ns_error(int category, const char *format, ...) { - va_list args; - - if (!log_ctx_valid) - return; - va_start(args, format); - log_vwrite(log_ctx, category, log_error, format, args); - va_end(args); -} - -void -ns_critical(int category, const char *format, ...) { - va_list args; - - if (!log_ctx_valid) - return; - va_start(args, format); - log_vwrite(log_ctx, category, log_critical, format, args); - va_end(args); -} - -void -ns_panic(int category, int dump_core, const char *format, ...) { - va_list args; - - if (!log_ctx_valid) - return; - va_start(args, format); - log_vwrite(log_ctx, category, log_critical, format, args); - va_end(args); - va_start(args, format); - log_vwrite(log_ctx, ns_log_panic, log_critical, format, args); - va_end(args); - if (dump_core) - abort(); - else - exit(1); -} - -void -ns_assertion_failed(const char *file, int line, assertion_type type, - const char *cond, int print_errno) -{ - ns_panic(ns_log_insist, 1, "%s:%d: %s(%s)%s%s failed.", - file, line, assertion_type_to_text(type), cond, - (print_errno) ? ": " : "", - (print_errno) ? strerror(errno) : ""); -} - -/* - * XXX This is for compatibility and should eventually be removed. - */ -void -panic(const char *msg, const void *arg) { - ns_panic(ns_log_default, 1, msg, arg); -} - -/* - * How many labels in this name? - * Note: the root label is not included in the count. - */ -int -nlabels(const char *dname) { - int count, i, found, escaped; - const char *tmpdname, *end_tmpdname; - int tmpdnamelen, c; - - INSIST(dname != NULL); - - count = 0; - tmpdname = dname; - tmpdnamelen = strlen(tmpdname); - /* - * Ignore a trailing label separator (i.e. an unescaped dot) - * in 'tmpdname'. - */ - if (tmpdnamelen && tmpdname[tmpdnamelen-1] == '.') { - escaped = 0; - /* note this loop doesn't get executed if tmpdnamelen==1 */ - for (i = tmpdnamelen - 2; i >= 0; i--) - if (tmpdname[i] == '\\') { - if (escaped) - escaped = 0; - else - escaped = 1; - } else - break; - if (!escaped) - tmpdnamelen--; - } - - end_tmpdname = tmpdname + tmpdnamelen; - - while(tmpdname != end_tmpdname) { - count++; - /* - * Strip off the first label if we're not already at - * the root label. - */ - for (escaped = found = 0; - (tmpdname != end_tmpdname) && !found; - tmpdname++) { - c = *tmpdname; - if (!escaped && (c == '.')) - found = 1; - - if (escaped) - escaped = 0; - else if (c == '\\') - escaped = 1; - } - } - - ns_debug(ns_log_default, 12, "nlabels of \"%s\" -> %d", dname, count); - return (count); -} - -/* - * Get current system time and put it in a global. - */ -void -gettime(struct timeval *ttp) { - if (gettimeofday(ttp, NULL) < 0) - ns_error(ns_log_default, "gettimeofday: %s", strerror(errno)); -} - -/* - * This is useful for tracking down lost file descriptors. - */ -int -my_close(int fd) { - int s; - - do { - errno = 0; - s = close(fd); - } while (s < 0 && errno == EINTR); - - /* - * Tru64 UNIX V5.1 can return a spurious EINVAL after connect() - * failures. - */ - if (s < 0 && errno != EBADF && errno != EINVAL) - ns_info(ns_log_default, "close(%d) failed: %s", fd, - strerror(errno)); - else - ns_debug(ns_log_default, 3, "close(%d) succeeded", fd); - return (s); -} - -/* - * This is useful for tracking down lost file descriptors. - */ -int -my_fclose(FILE *fp) { - int fd = fileno(fp), - s = fclose(fp); - - if (s < 0) - ns_info(ns_log_default, "fclose(%d) failed: %s", fd, - strerror(errno)); - else - ns_debug(ns_log_default, 3, "fclose(%d) succeeded", fd); - return (s); -} - -/* - * Save a counted buffer and return a pointer to it. - */ -u_char * -savebuf(const u_char *buf, size_t len, int needpanic) { - u_char *bp = (u_char *)memget(len); - - if (bp == NULL) { - if (needpanic) - panic("savebuf: memget failed (%s)", strerror(errno)); - else - return (NULL); - } - memcpy(bp, buf, len); - return (bp); -} - -char * -__newstr(size_t len, int needpanic) { - return (__newstr_record(len, needpanic, __FILE__, __LINE__)); -} - -char * -__savestr(const char *str, int needpanic) { - return (__savestr_record(str, needpanic, __FILE__, __LINE__)); -} - -void * -__freestr(char *str) { - __freestr_record(str, __FILE__, __LINE__); - return (NULL); -} - -#ifdef DEBUG_STRINGS -char * -debug_newstr(size_t len, int needpanic, const char *file, int line) { - size_t size; - - size = len + 3; /* 2 length bytes + NUL. */ - printf("%s:%d: newstr %d\n", file, line, size); - return (__newstr_record(len, needpanic, file, line)); -} - -char * -debug_savestr(const char *str, int needpanic, const char *file, int line) { - size_t len; - - len = strlen(str); - len += 3; /* 2 length bytes + NUL. */ - printf("%s:%d: savestr %d %s\n", file, line, len, str); - return (__savestr_record(str, needpanic, file, line)); -} - -void -debug_freestr(char *str, const char *file, int line) { - u_char *buf, *bp; - size_t len; - - buf = (u_char *)str - 2/*Len*/; - bp = buf; - NS_GET16(len, bp); - len += 3; /* 2 length bytes + NUL. */ - printf("%s:%d: freestr %d %s\n", file, line, len, str); - __freestr_record(str, file, line); - return (NULL); -} -#endif /* DEBUG_STRINGS */ - -/* - * Return a counted string buffer big enough for a string of length 'len'. - */ -char * -__newstr_record(size_t len, int needpanic, const char *file, int line) { - u_char *buf, *bp; - - REQUIRE(len <= 65536); - - buf = (u_char *)__memget_record(2/*Len*/ + len + 1/*Nul*/, file, line); - if (buf == NULL) { - if (needpanic) - panic("savestr: memget failed (%s)", strerror(errno)); - else - return (NULL); - } - bp = buf; - NS_PUT16(len, bp); - return ((char *)bp); -} - -/* - * Save a NUL terminated string and return a pointer to it. - */ -char * -__savestr_record(const char *str, int needpanic, const char *file, int line) { - char *buf; - size_t len; - - len = strlen(str); - if (len > 65536) { - if (needpanic) - ns_panic(ns_log_default, 1, - "savestr: string too long"); - else - return (NULL); - } - buf = __newstr_record(len, needpanic, file, line); - memcpy(buf, str, len + 1); - return (buf); -} - -void * -__freestr_record(char *str, const char *file, int line) { - u_char *buf, *bp; - size_t len; - - buf = (u_char *)str - 2/*Len*/; - bp = buf; - NS_GET16(len, bp); - __memput_record(buf, 2/*Len*/ + len + 1/*Nul*/, file, line); - return (NULL); -} - -const char * -checked_ctime(const time_t *t) { - const char *ctime_result; - - ctime_result = ctime(t); - if (ctime_result == NULL) { - ns_error(ns_log_default, "ctime() returned NULL!"); - ctime_result = "<unknown time>\n"; - } - - return (ctime_result); -} - -/* - * Since the fields in a "struct timeval" are longs, and the argument to ctime - * is a pointer to a time_t (which might not be a long), here's a bridge. - */ -const char * -ctimel(long l) { - time_t t = (time_t)l; - - return (checked_ctime(&t)); -} - -#ifdef ultrix -/* - * Some library routines in libc need to be able to see the res_send - * and res_close symbols with out __ prefix otherwise we get multiply - * defined symbol errors when linking named. - */ - -#undef res_send -int res_send(const u_char *buf, int buflen, u_char *ans, int anssiz) { - return __res_send(buf, buflen, ans, anssiz); -} -#undef _res_close -void _res_close(void) { - __res_close(); -} -#endif diff --git a/contrib/bind/bin/named/ns_init.c b/contrib/bind/bin/named/ns_init.c deleted file mode 100644 index 8cf0684..0000000 --- a/contrib/bind/bin/named/ns_init.c +++ /dev/null @@ -1,593 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_init.c 4.38 (Berkeley) 3/21/91"; -static const char rcsid[] = "$Id: ns_init.c,v 8.77.8.2 2003/09/04 04:09:09 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <errno.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" - -#ifdef DEBUG -static void content_zone(int, int); -#endif -static void purgeandload(struct zoneinfo *zp); - -/* - * Set new refresh time for zone. Use a random number in the last half of - * the refresh limit; we want it to be substantially correct while still - * preventing slave synchronization. - */ -void -ns_refreshtime(struct zoneinfo *zp, time_t timebase) { - u_long refresh = (zp->z_refresh > 0) ? zp->z_refresh : INIT_REFRESH; - time_t half = (refresh + 1) / 2; - - if (zp->z_flags & Z_NEEDREFRESH) { - zp->z_flags &= ~Z_NEEDREFRESH; - zp->z_time = timebase; - } else - zp->z_time = timebase + half + (rand() % half); -} - -/* - * Set new retry time for zone. - */ -void -ns_retrytime(struct zoneinfo *zp, time_t timebase) { - - zp->z_flags &= ~Z_NEEDREFRESH; - zp->z_time = timebase + zp->z_retry; -} - -/* - * Read configuration file and save it as internal state. - */ -time_t -ns_init(const char *conffile) { - struct zoneinfo *zp; - static int loads = 0; /* number of times loaded */ - time_t mtime; - - ns_debug(ns_log_config, 1, "ns_init(%s)", conffile); - gettime(&tt); - - if (loads == 0) { - /* Init zone data. */ - zones = NULL; - INIT_LIST(freezones); - INIT_LIST(reloadingzones); - nzones = 0; - make_new_zones(); - - /* Init cache. */ - zones[0].z_type = z_cache; - zones[0].z_origin = savestr("", 1); - - /* Allocate cache hash table, formerly the root hash table. */ - hashtab = savehash((struct hashbuf *)NULL); - - /* Allocate root-hints/file-cache hash table. */ - fcachetab = savehash((struct hashbuf *)NULL); - - /* Init other misc stuff. */ - dst_init(); - init_configuration(); - } else { - /* Mark previous zones as not yet found in boot file. */ - block_signals(); - for (zp = &zones[1]; zp < &zones[nzones]; zp++) - if (zp->z_type != z_nil) { - zp->z_flags &= ~Z_FOUND; - if (LINKED(zp, z_reloadlink)) - UNLINK(reloadingzones, zp, - z_reloadlink); - } - unblock_signals(); - } - -#ifdef DEBUG - if (debug >= 3) { - ns_debug(ns_log_config, 3, "content of zones before loading"); - content_zone(nzones - 1, 3); - } -#endif - - mtime = load_configuration(conffile); - - /* Erase all old zones that were not found. */ - for (zp = &zones[0]; zp < &zones[nzones]; zp++) { - if (zp->z_type == z_cache) - continue; - if (zp->z_type != z_nil && (zp->z_flags & Z_FOUND) == 0) - remove_zone(zp, "removed"); - } - /* Reload parent zones of zones removed */ - for (zp = &zones[0]; zp < &zones[nzones]; zp++) { - if (zp->z_type == z_cache) - continue; - if (zp->z_type != z_nil && - (zp->z_flags & Z_PARENT_RELOAD) != 0) { - zp->z_flags &= ~Z_PARENT_RELOAD; - purgeandload(zp); - } - } - -#ifdef DEBUG - if (debug >= 2) { - ns_debug(ns_log_config, 2, "content of zones after loading"); - content_zone(nzones-1, 2); - } -#endif - - ns_debug(ns_log_config, 1, "exit ns_init()"); - loads++; - return (mtime); -} - -void -zoneinit(struct zoneinfo *zp) { - struct stat sb; - int result; - - /* - * Try to load zone from backup file, - * if one was specified and it exists. - * If not, or if the data are out of date, - * we will refresh the zone from a primary - * immediately. - */ - if (zp->z_source == NULL) - return; - result = stat(zp->z_source, &sb); - if (result != -1) { - ns_stopxfrs(zp); - purge_zone(zp, hashtab); - } - if (result == -1 || - db_load(zp->z_source, zp->z_origin, zp, NULL, ISNOTIXFR)) - { - /* - * Set zone to be refreshed immediately. - */ - zp->z_refresh = INIT_REFRESH; - zp->z_retry = INIT_REFRESH; - if ((zp->z_flags & (Z_QSERIAL|Z_XFER_RUNNING)) == 0) { - zp->z_time = tt.tv_sec; - sched_zone_maint(zp); - } - } else { - zp->z_flags |= Z_AUTH; - zp->z_flags &= ~(Z_NEED_RELOAD|Z_EXPIRED); - ns_refreshtime(zp, tt.tv_sec); - sched_zone_maint(zp); - } -} - -/* - * Purge the zone and reload all parent zones. This needs to be done when - * we unload a zone, since the child zone will have stomped the parent's - * delegation to that child when it was first loaded. - */ -void -do_reload(struct zoneinfo *ozp, int mark) { - struct zoneinfo *zp; - const char *domain = ozp->z_origin; - int type = ozp->z_type; - int class = ozp->z_class; - - ns_debug(ns_log_config, 1, "do_reload: %s %d %d %d", - *domain ? domain : ".", type, class, mark); - - /* - * Check if the zone has changed type. If so, we might not need to - * do any purging or parent reloading. - * - * If the new zone is a master zone, then it will have purged the - * old data and loaded, so we don't need to do anything. - * - * If the new zone is a slave or stub zone and has successfully loaded, - * then we don't need to do anything either. - * - * NOTE: we take care not to match ourselves. - */ - zp = find_zone(domain, class); - if (zp != NULL && - ((type != z_master && zp->z_type == z_master) || - (type != z_slave && zp->z_type == z_slave && zp->z_serial != 0) || - (type != z_stub && zp->z_type == z_stub && zp->z_serial != 0))) - return; - - /* - * Clean up any leftover data. - */ - ns_stopxfrs(zp); - if (type == z_hint || (type == z_stub && *domain == 0)) - purge_zone(ozp, fcachetab); - else - purge_zone(ozp, hashtab); - - /* - * Reload - */ - while (*domain) { - const char *s; - int escaped; - - /* - * XXX this is presentation level hair and belongs elsewhere. - */ - escaped = 0; - for (s = domain; *s != '\0'; s++) { - if (!escaped) { - if (*s == '.') - break; - else if (*s == '\\') - escaped = 1; - } else - escaped = 0; - } - - if (*s != '\0') - domain = s + 1; /* skip label and its separator */ - else - domain = ""; /* root zone */ - - zp = find_zone(domain, class); - if (zp != NULL && zp->z_type != Z_HINT) { - ns_debug(ns_log_config, 1, "do_reload: matched %s", - *domain ? domain : "."); - if (mark) - zp->z_flags |= Z_PARENT_RELOAD; - else - purgeandload(zp); - break; - } - } -} - -static void -purgeandload(struct zoneinfo *zp) { - -#ifdef BIND_UPDATE - /* - * A dynamic zone might have changed, so we - * need to dump it before removing it. - */ - if (zp->z_type == Z_PRIMARY && - (zp->z_flags & Z_DYNAMIC) != 0 && - ((zp->z_flags & Z_NEED_SOAUPDATE) != 0 || - (zp->z_flags & Z_NEED_DUMP) != 0)) - (void) zonedump(zp, ISNOTIXFR); -#endif - ns_stopxfrs(zp); - - if (zp->z_type == Z_HINT) - purge_zone(zp, fcachetab); - else - purge_zone(zp, hashtab); - - zp->z_flags &= ~Z_AUTH; - - switch (zp->z_type) { - case Z_SECONDARY: - case Z_STUB: - zoneinit(zp); - break; - case Z_PRIMARY: - if (db_load(zp->z_source, zp->z_origin, zp, 0, ISNOTIXFR) == 0) - zp->z_flags |= Z_AUTH; - break; - case Z_HINT: - case Z_CACHE: - (void)db_load(zp->z_source, zp->z_origin, zp, 0, ISNOTIXFR); - break; - } -} - -#ifdef DEBUG -/* prints out the content of zones */ -static void -content_zone(int end, int level) { - int i; - - for (i = 0; i <= end; i++) { - printzoneinfo(i, ns_log_config, level); - } -} -#endif - -enum context -ns_ptrcontext(owner) - const char *owner; -{ - if (ns_samedomain(owner, "in-addr.arpa") || - ns_samedomain(owner, "ip6.int")) - return (hostname_ctx); - return (domain_ctx); -} - -enum context -ns_ownercontext(type, transport) - int type; - enum transport transport; -{ - enum context context = domain_ctx; - - switch (type) { - case T_A: - case T_WKS: - case T_MX: - switch (transport) { - case update_trans: - case primary_trans: - case secondary_trans: - context = owner_ctx; - break; - case response_trans: - context = hostname_ctx; - break; - default: - panic("impossible condition in ns_ownercontext()", - NULL); - } - break; - case T_MB: - case T_MG: - context = mailname_ctx; - break; - default: - /* Nothing to do. */ - break; - } - return (context); -} - -int -ns_nameok(const struct qinfo *qry, const char *name, int class, - struct zoneinfo *zp, enum transport transport, - enum context context, - const char *owner, - struct in_addr source) -{ - enum severity severity = not_set; - int ok = 1; - - if (zp != NULL) - severity = zp->z_checknames; - if (severity == not_set) - severity = server_options->check_names[transport]; - - if (severity == ignore) - return (1); - switch (context) { - case domain_ctx: - ok = (class != C_IN) || res_dnok(name); - break; - case owner_ctx: - ok = (class != C_IN) || res_ownok(name); - break; - case mailname_ctx: - ok = res_mailok(name); - break; - case hostname_ctx: - ok = res_hnok(name); - break; - default: - ns_panic(ns_log_default, 1, - "unexpected context %d in ns_nameok", (int)context); - } - if (!ok) { - char *q, *s, *o; - - if (source.s_addr == INADDR_ANY) - s = savestr(transport_strings[transport], 0); - else { - s = newstr(strlen(transport_strings[transport]) + - sizeof " from [000.000.000.000] for [000.000.000.000]", 0); - if (s != NULL) { - if (transport == response_trans && qry != NULL) { - if ((qry->q_flags & Q_PRIMING) != 0) { - sprintf(s, "%s from [%s] for priming", - transport_strings[transport], - inet_ntoa(source)); - } else if ((qry->q_flags & Q_ZSERIAL) != 0) { - sprintf(s, "%s from [%s] for soacheck", - transport_strings[transport], - inet_ntoa(source)); - } else if ((qry->q_flags & Q_SYSTEM) != 0) { - sprintf(s, "%s from [%s] for sysquery", - transport_strings[transport], - inet_ntoa(source)); - } else { - q=strdup(inet_ntoa(qry->q_from.sin_addr)); - sprintf(s, "%s from [%s] for [%s]", - transport_strings[transport], - inet_ntoa(source), - q != NULL ? q : "memget failed"); - free(q); - } - } else { - sprintf(s, "%s from [%s]", - (transport == response_trans) - ? "query" - : transport_strings[transport], - inet_ntoa(source)); - } - } - } - if (ns_samename(owner, name) == 1) - o = savestr("", 0); - else { - const char *t = (*owner == '\0') ? "." : owner; - - o = newstr(strlen(t) + sizeof " (owner \"\")", 0); - if (o) - sprintf(o, " (owner \"%s\")", t); - } - /* - * We use log_write directly here to avoid duplicating - * the message formatting and arguments. - */ - log_write(log_ctx, ns_log_default, - (transport != response_trans) || - (o == NULL) || (s == NULL) || - ( (qry != NULL) && - (qry->q_flags & (Q_PRIMING|Q_ZSERIAL)) ) ? - log_warning : log_info, - "%s name \"%s\"%s %s (%s) is invalid - %s", - context_strings[context], - name, o != NULL ? o : "[memget failed]", - p_class(class), - s != NULL ? s : "[memget failed]", - (severity == fail) ? - "rejecting" : "proceeding anyway"); - if (severity == warn) - ok = 1; - if (s != NULL) - (void)freestr(s); - if (o != NULL) - (void)freestr(o); - } - return (ok); -} - -int -ns_wildcard(const char *name) { - if (*name != '*') - return (0); - return (*++name == '\0'); -} - -void -ns_shutdown() { - struct zoneinfo *zp; - -#ifdef BIND_NOTIFY - ns_unnotify(); -#endif - /* Erase zones. */ - for (zp = &zones[0]; zp < &zones[nzones]; zp++) { - if (zp->z_type) { - if (zp->z_type != z_hint && zp->z_type != z_cache) { - ns_stopxfrs(zp); - purge_zone(zp, hashtab); - } else if (zp->z_type == z_hint) - purge_zone(zp, fcachetab); - free_zone_contents(zp, 1); - } - } - - /* Erase the cache. */ - clean_cache(hashtab, 1); - hashtab->h_cnt = 0; /* ??? */ - rm_hash(hashtab); - hashtab = NULL; - clean_cache(fcachetab, 1); - fcachetab->h_cnt = 0; /* ??? */ - rm_hash(fcachetab); - fcachetab = NULL; - - if (zones != NULL) - memput(zones, nzones * sizeof *zones); - zones = NULL; - - freeComplaints(); - shutdown_configuration(); -} diff --git a/contrib/bind/bin/named/ns_ixfr.c b/contrib/bind/bin/named/ns_ixfr.c deleted file mode 100644 index b6d632d..0000000 --- a/contrib/bind/bin/named/ns_ixfr.c +++ /dev/null @@ -1,584 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ixfr.c,v 8.33 2003/02/24 23:36:01 marka Exp $"; -#endif /* not lint */ - -/* - * Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Check Point Software Technologies Incorporated not be used - * in advertising or publicity pertaining to distribution of the document - * or software without specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES - * INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - * IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED - * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR - * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/param.h> -#include <sys/file.h> -#include <sys/stat.h> -#include <sys/socket.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <fcntl.h> -#include <resolv.h> -#include <res_update.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/misc.h> - -#include "port_after.h" - -#include "named.h" - -static void sx_new_ixfrmsg(struct qstream * qsp); -void sx_send_ixfr(struct qstream * qsp); - -static int sx_flush(struct qstream * qsp), - sx_addrr(struct qstream * qsp, - const char *dname, - struct databuf * dp); - -/* - * u_char * sx_new_ixfrmsg(msg) init the header of a message, reset the - * compression pointers, and reset the write pointer to the first byte - * following the header. - */ -static void -sx_new_ixfrmsg(struct qstream *qsp) { - HEADER * hp = (HEADER *) qsp->xfr.msg; - - memset(hp, 0, HFIXEDSZ); - hp->id = htons(qsp->xfr.id); - hp->opcode = qsp->xfr.opcode; - hp->qr = 1; - hp->aa = 1; - hp->rcode = NOERROR; - - qsp->xfr.ptrs[0] = qsp->xfr.msg; - qsp->xfr.ptrs[1] = NULL; - - qsp->xfr.cp = qsp->xfr.msg + HFIXEDSZ; - if (qsp->xfr.ixfr_zone == 0) { - int count, n; - int buflen; - struct namebuf *np; - struct hashbuf *htp; - struct zoneinfo *zp; - const char * fname; - - qsp->xfr.ixfr_zone = qsp->xfr.zone; - zp = &zones[qsp->xfr.zone]; - n = dn_comp(zp->z_origin, qsp->xfr.cp, - XFER_BUFSIZE - (qsp->xfr.cp - qsp->xfr.msg), NULL, NULL); - qsp->xfr.cp += n; - PUTSHORT((u_int16_t) T_IXFR, qsp->xfr.cp); - PUTSHORT((u_int16_t) zp->z_class, qsp->xfr.cp); - hp->qdcount = htons(ntohs(hp->qdcount) + 1); - count = qsp->xfr.cp - qsp->xfr.msg; - htp = hashtab; - np = nlookup(zp->z_origin, &htp, &fname, 0); - buflen = XFER_BUFSIZE; - } -} - -/* - * int - * sx_flush(qsp) - * flush the intermediate buffer out to the stream IO system. - * return: - * passed through from sq_write(). - */ -static int -sx_flush(struct qstream *qsp) { - int ret; - -#ifdef DEBUG - if (debug >= 10) - fp_nquery(qsp->xfr.msg, qsp->xfr.cp - qsp->xfr.msg, - log_get_stream(packet_channel)); -#endif - if (qsp->xfr.tsig_state != NULL && qsp->xfr.tsig_skip == 0) { - int msglen = qsp->xfr.cp - qsp->xfr.msg; - - ns_sign_tcp(qsp->xfr.msg, &msglen, qsp->xfr.eom - qsp->xfr.msg, - NOERROR, qsp->xfr.tsig_state, - qsp->xfr.state == s_x_done); - - if (qsp->xfr.state == s_x_done) { - memput(qsp->xfr.tsig_state, sizeof(ns_tcp_tsig_state)); - qsp->xfr.tsig_state = NULL; - } - qsp->xfr.cp = qsp->xfr.msg + msglen; - - } - if (qsp->xfr.cp - qsp->xfr.msg > 0) - ret = sq_write(qsp, qsp->xfr.msg, qsp->xfr.cp - qsp->xfr.msg); - else { - ns_debug(ns_log_default, 3, " Flush negative number *********"); - ret = -1; - } - if (ret >= 0) { - qsp->xfr.cp = NULL; - qsp->xfr.tsig_skip = 0; - } - else - qsp->xfr.tsig_skip = 1; - return (ret); -} -/* - * int sx_addrr(qsp, name, dp) add name/dp's RR to the current assembly - * message. if it won't fit, write current message out, renew the message, - * and then RR should fit. return: -1 = the sq_write() failed so we could not - * queue the full message. 0 = one way or another, everything is fine. side - * effects: on success, the ANCOUNT is incremented and the pointers are - * advanced. - */ -static int -sx_addrr(struct qstream *qsp, const char *dname, struct databuf *dp) { - HEADER *hp = (HEADER *) qsp->xfr.msg; - u_char **edp = qsp->xfr.ptrs + sizeof qsp->xfr.ptrs / sizeof(u_char *); - int n; - - if (qsp->xfr.cp != NULL) { - if (qsp->xfr.transfer_format == axfr_one_answer && - sx_flush(qsp) < 0) - return (-1); - } - if (qsp->xfr.cp == NULL) - sx_new_ixfrmsg(qsp); - n = make_rr(dname, dp, qsp->xfr.cp, qsp->xfr.eom - qsp->xfr.cp, - 0, qsp->xfr.ptrs, edp, 0); - if (n < 0) { - if (sx_flush(qsp) < 0) - return (-1); - if (qsp->xfr.cp == NULL) - sx_new_ixfrmsg(qsp); - n = make_rr(dname, dp, qsp->xfr.cp, qsp->xfr.eom - qsp->xfr.cp, - 0, qsp->xfr.ptrs, edp, 0); - INSIST(n >= 0); - } - hp->ancount = htons(ntohs(hp->ancount) + 1); - qsp->xfr.cp += n; - return (0); -} - -void -sx_send_ixfr(struct qstream *qsp) { - char * cp; - struct zoneinfo *zp = NULL; - struct databuf *soa_dp; - struct databuf *old_soadp; - ns_delta *dp; - ns_updrec *rp; - int foundsoa; - - zp = &zones[qsp->xfr.zone]; - soa_dp = (struct databuf *) findzonesoa(zp); - if (soa_dp == NULL) { - /* XXX should be more graceful */ - ns_panic(ns_log_update, 1, - "sx_send_ixfr: unable to locate soa"); - } - old_soadp = memget(BIND_DATASIZE(soa_dp->d_size)); - if (old_soadp == NULL) - ns_panic(ns_log_update, 1, "sx_send_ixfr: out of memory"); - memcpy(old_soadp, soa_dp, BIND_DATASIZE(soa_dp->d_size)); - - again: - switch (qsp->xfr.state) { - case s_x_firstsoa: - ns_debug(ns_log_default, 3, - "IXFR: s_x_firstsoa (%s)", zp->z_origin); - if (sx_addrr(qsp, zp->z_origin, soa_dp) < 0) - goto cleanup; - qsp->xfr.state = s_x_deletesoa; - /* FALLTHROUGH */ - case s_x_deletesoa: - ns_debug(ns_log_default, 3, - "IXFR: s_x_deletesoa (%s)", zp->z_origin); - dp = NULL; - if (qsp->xfr.top.ixfr != NULL && !EMPTY(*qsp->xfr.top.ixfr)) - dp = HEAD(*qsp->xfr.top.ixfr); - if (dp != NULL) { - foundsoa = 0; - - rp = HEAD(dp->d_changes); - while (rp != NULL) { - if (rp->r_opcode == DELETE && - rp->r_dp != NULL && - rp->r_dp->d_type == T_SOA) { - if (sx_addrr(qsp, rp->r_dname, - rp->r_dp) < 0) - goto cleanup; - db_detach(&rp->r_dp); - foundsoa = 1; - break; - } - rp = NEXT(rp, r_link); - } - - if (!foundsoa) { - cp = (char *)findsoaserial(old_soadp->d_data); - PUTLONG(HEAD(dp->d_changes)->r_zone, cp); - - if (sx_addrr(qsp, zp->z_origin, old_soadp) < 0) - goto cleanup; - } - } - qsp->xfr.state = s_x_deleting; - /* FALLTHROUGH */ - case s_x_deleting: - ns_debug(ns_log_default, 3, - "IXFR: s_x_deleting (%s)", zp->z_origin); - dp = NULL; - if (qsp->xfr.top.ixfr != NULL && !EMPTY(*qsp->xfr.top.ixfr)) - dp = HEAD(*qsp->xfr.top.ixfr); - if (dp != NULL) { - rp = HEAD(dp->d_changes); - while (rp != NULL) { - if (rp->r_opcode == DELETE && - rp->r_dp != NULL) { - /* - * Drop any SOA deletes - */ - if (rp->r_dp->d_type != T_SOA && - sx_addrr(qsp, rp->r_dname, - rp->r_dp) < 0) - goto cleanup; - db_detach(&rp->r_dp); - } - rp = NEXT(rp, r_link); - } - } - qsp->xfr.state = s_x_addsoa; - /* FALLTHROUGH */ - case s_x_addsoa: - ns_debug(ns_log_default, 3, - "IXFR: s_x_addsoa (%s)", zp->z_origin); - dp = NULL; - if (qsp->xfr.top.ixfr != NULL && !EMPTY(*qsp->xfr.top.ixfr)) - dp = HEAD(*qsp->xfr.top.ixfr); - if (dp != NULL) { - foundsoa = 0; - rp = HEAD(dp->d_changes); - while (rp != NULL) { - if (rp->r_opcode == ADD && - rp->r_dp != NULL && - rp->r_dp->d_type == T_SOA) { - if (sx_addrr(qsp, rp->r_dname, - rp->r_dp) < 0) - goto cleanup; - db_detach(&rp->r_dp); - foundsoa = 1; - break; - } - rp = NEXT(rp, r_link); - } - - if (!foundsoa) { - cp = (char *)findsoaserial(old_soadp->d_data); - if (NEXT(dp, d_link) != NULL) { - PUTLONG(HEAD(dp->d_changes)->r_zone, cp); - if (sx_addrr(qsp, zp->z_origin, - old_soadp) < 0) - goto cleanup; - } else { - if (sx_addrr(qsp, zp->z_origin, - soa_dp) < 0) - goto cleanup; - } - } - } - qsp->xfr.state = s_x_adding; - /* FALLTHROUGH */ - case s_x_adding: - ns_debug(ns_log_default, 3, - "IXFR: s_x_adding (%s)", zp->z_origin); - dp = NULL; - if (qsp->xfr.top.ixfr != NULL && !EMPTY(*qsp->xfr.top.ixfr)) { - dp = HEAD(*qsp->xfr.top.ixfr); - if (dp != NULL) { - /* see s_x_deleting */ - rp = HEAD(dp->d_changes); - while (rp != NULL) { - if (rp->r_opcode == ADD && - rp->r_dp != NULL && - rp->r_dp->d_type != T_SOA) { - if (sx_addrr(qsp, rp->r_dname, - rp->r_dp) < 0) - goto cleanup; - db_detach(&rp->r_dp); - } - rp = NEXT(rp, r_link); - } - - /* move to next update */ - UNLINK(*qsp->xfr.top.ixfr, dp, d_link); - - /* clean up old update */ - while ((rp = HEAD(dp->d_changes)) != NULL) { - UNLINK(dp->d_changes, rp, r_link); - if (rp->r_dp != NULL) - db_detach(&rp->r_dp); - res_freeupdrec(rp); - } - memput(dp, sizeof (*dp)); - if (HEAD(*qsp->xfr.top.ixfr) != NULL) { - qsp->xfr.state = s_x_deletesoa; - goto again; - } - } - } - qsp->xfr.state = s_x_lastsoa; - /* FALLTHROUGH */ - case s_x_lastsoa: - ns_debug(ns_log_default, 3, - "IXFR: s_x_lastsoa (%s)", zp->z_origin); - if (qsp->xfr.ixfr_zone != 0) - sx_addrr(qsp, zp->z_origin, soa_dp); - break; - default: - break; - } - ns_debug(ns_log_default, 3, "IXFR: flushing %s", zp->z_origin); - qsp->xfr.state = s_x_done; - sx_flush(qsp); - sq_writeh(qsp, sq_flushw); - if (qsp->xfr.top.ixfr != NULL) { - if(!EMPTY(*qsp->xfr.top.ixfr)) { - while ((dp = HEAD(*qsp->xfr.top.ixfr)) != NULL) { - UNLINK(*qsp->xfr.top.ixfr, dp, d_link); - while ((rp = HEAD(dp->d_changes)) != NULL) { - UNLINK(dp->d_changes, rp, r_link); - if (rp->r_dp != NULL) - db_detach(&rp->r_dp); - res_freeupdrec(rp); - } - memput(dp, sizeof *dp); - } - } - memput(qsp->xfr.top.ixfr, sizeof *qsp->xfr.top.ixfr); - qsp->xfr.top.ixfr = NULL; - } - cleanup: - memput(old_soadp, BIND_DATASIZE(old_soadp->d_size)); -} - - -#ifndef MAXBSIZE -#define MAXBSIZE 8192 -#endif - - -/* - * int ixfr_log_maint(struct zoneinfo *zp, int fast_trim) - * - * zp - pointer to the zone information - */ -int -ixfr_log_maint(struct zoneinfo *zp) { - int fd, rcount, wcount; - int found = 0; - int error = 0; - long seek = 0; - FILE *to_fp, *from_fp, *db_fp; - char *tmpname; - int len; - struct stat db_sb; - struct stat sb; - size_t check_size; - static char buf[MAXBSIZE]; - - ns_debug(ns_log_default, 3, "ixfr_log_maint(%s)", zp->z_origin); - - /* find out how big the zone db file is */ - if ((db_fp = fopen(zp->z_source, "r")) == NULL) { - ns_warning(ns_log_db, "%s: %s", - zp->z_source, strerror(errno)); - return (-1); - } - if (fstat(fileno(db_fp), &db_sb) < 0) { - ns_warning(ns_log_db, "%s: %s", - zp->z_source, strerror(errno)); - (void) my_fclose(db_fp); - return (-1); - } - (void) my_fclose(db_fp); - ns_debug(ns_log_default, 3, "%s, size %ld", - zp->z_source, (long)db_sb.st_size); - - /* open up the zone ixfr log */ - if ((from_fp = fopen(zp->z_ixfr_base, "r")) == NULL) { - ns_warning(ns_log_db, "%s: %s", - zp->z_ixfr_base, strerror(errno)); - return (-1); - } - - if (fstat(fileno(from_fp), &sb) < 0) { - ns_warning(ns_log_db, "%s: %s", - zp->z_ixfr_base, strerror(errno)); - (void) my_fclose(from_fp); - return (-1); - } - ns_debug(ns_log_default, 3, "%s, size %ld max %ld\n", zp->z_ixfr_base, - (long)sb.st_size, (long)zp->z_max_log_size_ixfr); - check_size = zp->z_max_log_size_ixfr; - if (!check_size) - check_size = db_sb.st_size / 2; - if (sb.st_size > check_size) - seek = (sb.st_size - check_size) + (check_size / 10); - else - seek = 0; - ns_debug(ns_log_default, 3, "seek: %ld", (long)seek); - if (seek < 1) { - ns_debug(ns_log_default, 3, "%s does not need to be reduced", - zp->z_ixfr_base); - (void) my_fclose(from_fp); - return (-1); - } - - len = strlen(zp->z_ixfr_base) + sizeof(".XXXXXX") + 1; - tmpname = memget(len); - if (!tmpname) { - ns_warning(ns_log_default, "memget failed"); - return (-1); - } -#ifdef SHORT_FNAMES - filenamecpy(tmpname, zp->z_ixfr_base); -#else - (void) strcpy(tmpname, zp->z_ixfr_base); -#endif /* SHORT_FNAMES */ - - (void) strcat(tmpname, ".XXXXXX"); - if ((fd = mkstemp(tmpname)) == -1) { - ns_warning(ns_log_db, "can't make tmpfile (%s): %s", - tmpname, strerror(errno)); - memput(tmpname, len); - (void) my_fclose(from_fp); - return (-1); - } - if ((to_fp = fdopen(fd, "r+")) == NULL) { - ns_warning(ns_log_db, "%s: %s", - tmpname, strerror(errno)); - (void) unlink(tmpname); - memput(tmpname, len); - (void) my_fclose(from_fp); - (void) close(fd); - return (-1); - } - - if (fgets(buf, sizeof(buf), from_fp) == NULL) { - ns_error(ns_log_update, "fgets() from %s failed: %s", - zp->z_ixfr_base, strerror(errno)); - error++; - goto clean_up; - } - if (strcmp(buf, LogSignature) != 0) { - ns_error(ns_log_update, "invalid log file %s", - zp->z_ixfr_base); - error++; - goto clean_up; - } - - if (fseek( from_fp, seek, 0) < 0) { - error++; - goto clean_up; - } - - found = 0; - for (;;) { - if (getword(buf, sizeof buf, from_fp, 0)) { - if (strcasecmp(buf, "[END_DELTA]") == 0) { - if (!(fgets(buf, 2, from_fp) == NULL)) /* eat <cr><lf> */ - found = 1; - break; - } - } - if (feof(from_fp)) - break; - } - if (found) { - ns_debug(ns_log_default, 1, - "ixfr_log_maint(): found [END_DELTA]"); - - fprintf(to_fp, "%s", LogSignature); - - while ((rcount = fread(buf, sizeof(char), MAXBSIZE, from_fp)) > 0) { - wcount = fwrite(buf, sizeof(char), rcount, to_fp); - if (rcount != wcount || wcount == -1) { - ns_warning(ns_log_default, - "ixfr_log_maint: error in writting copy"); - break; - } - } - if (rcount < 0) - ns_warning(ns_log_default, - "ixfr_log_maint: error in reading copy"); - } - clean_up: - (void) my_fclose(to_fp); - (void) my_fclose(from_fp); - if (error == 0) { - if (isc_movefile(tmpname, zp->z_ixfr_base) == -1) { - ns_warning(ns_log_default, - "can not rename %s to %s :%s", - tmpname, zp->z_ixfr_base, strerror(errno)); - } - if ((from_fp = fopen(zp->z_ixfr_base, "r")) == NULL) { - ns_warning(ns_log_db, "%s: %s", - zp->z_ixfr_base, strerror(errno)); - memput(tmpname, len); - return (-1); - } - if (fstat(fileno(from_fp), &sb) < 0) { - ns_warning(ns_log_db, "%s: %s", - zp->z_ixfr_base, strerror(errno)); - memput(tmpname, len); - (void) my_fclose(from_fp); - return (-1); - } - if (sb.st_size <= 0) - (void) unlink(zp->z_ixfr_base); - else if (chmod(zp->z_ixfr_base, 0644) < 0) - ns_error(ns_log_update, - "chmod(%s,%o) failed, pressing on: %s", - zp->z_source, sb.st_mode, strerror(errno)); - (void) my_fclose(from_fp); - } - (void) unlink(tmpname); - memput(tmpname, len); - - /* signal to read for lowest serial number */ - zp->z_serial_ixfr_start = 0; - - ns_debug(ns_log_default, 3, "%s, size %ld max %ld\n", zp->z_ixfr_base, - (long)sb.st_size, (long)zp->z_max_log_size_ixfr); - - if (error) - return(-1); - else - return (0); -} - diff --git a/contrib/bind/bin/named/ns_lexer.c b/contrib/bind/bin/named/ns_lexer.c deleted file mode 100644 index 3c09cf0..0000000 --- a/contrib/bind/bin/named/ns_lexer.c +++ /dev/null @@ -1,826 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_lexer.c,v 8.31.10.1 2003/06/02 09:56:35 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ctype.h> -#include <time.h> -#include <stdarg.h> -#include <syslog.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include "port_after.h" - -#include "named.h" -#include "ns_parser.h" -#include "ns_parseutil.h" -#include "ns_lexer.h" - -typedef enum lexer_state { - scan, number, identifier, ipv4, quoted_string -} LexerState; - -#define LEX_EOF 0x01 -#define LEXER_MAX_PUSHBACK 2 - -typedef struct lexer_file_context { - char * name; - FILE * stream; - int line_number; - LexerState state; - u_int flags; - int warnings; - int errors; - u_int pushback_count; - char pushback[LEXER_MAX_PUSHBACK]; - struct lexer_file_context * - next; -} *LexerFileContext; - -LexerFileContext current_file = NULL; - -#define LEX_LAST_WAS_DOT 0x01 -#define LEX_CONSECUTIVE_DOTS 0x02 - -typedef struct lexer_identifier { - char buffer[LEX_MAX_IDENT_SIZE+1]; - int index; - int num_dots; - unsigned int flags; -} *LexerIdentifier; - -static LexerIdentifier id; - -static char special_chars[256]; - -#define whitespace(c) ((c) == ' ' || (c) == '\t' || (c) == '\n') -#define domain_char(c) (isalnum((c)) || (c) == '.' || (c) == '-') -#define special_char(c) (special_chars[(c)] == 1) -#define identifier_char(c) (!whitespace(c) && !special_char(c)) - -static int last_token; -static YYSTYPE last_yylval; - -static int lexer_initialized = 0; - -/* - * Problem Reporting - */ - -static char * -token_to_text(int token, YYSTYPE lval) { - static char buffer[LEX_MAX_IDENT_SIZE+50]; - - if (token < 128) { - if (token == 0) - strcpy(buffer, "<end of file>"); - else - sprintf(buffer, "'%c'", token); - } else { - switch (token) { - case L_EOS: - strcpy(buffer, ";"); - break; - case L_STRING: - sprintf(buffer, "'%s'", lval.cp); - break; - case L_QSTRING: - sprintf(buffer, "\"%s\"", lval.cp); - break; - case L_IPADDR: - sprintf(buffer, "%s", inet_ntoa(lval.ip_addr)); - break; - case L_NUMBER: - sprintf(buffer, "%ld", lval.num); - break; - case L_END_INCLUDE: - sprintf(buffer, "<end of include>"); - break; - default: - sprintf(buffer, "%s", lval.cp); - } - } - - return (buffer); -} - -static char where[MAXPATHLEN + 100]; -static char message[20480]; - -static void -parser_complain(int is_warning, int print_last_token, const char *format, - va_list args) ISC_FORMAT_PRINTF(3, 0); - -static void -parser_complain(int is_warning, int print_last_token, const char *format, - va_list args) -{ - LexerFileContext lf; - int severity; - - if (is_warning) { - severity = log_warning; - } else { - severity = log_error; - } - - INSIST(current_file != NULL); - if (current_file->next != NULL) { - for (lf = current_file; lf != NULL; lf = lf->next) { - log_write(log_ctx, ns_log_parser, severity, - "%s '%s' line %d", - (lf == current_file) ? - "In" : "included from", - lf->name, lf->line_number); - } - } - sprintf(where, "%s:%d: ", current_file->name, - current_file->line_number); - vsprintf(message, format, args); - if (print_last_token) - log_write(log_ctx, ns_log_parser, severity, "%s%s near %s", - where, message, - token_to_text(last_token, last_yylval)); - else - log_write(log_ctx, ns_log_parser, severity, - "%s%s", where, message); -} - -int -parser_warning(int print_last_token, const char *format, ...) { - va_list args; - - va_start(args, format); - parser_complain(1, print_last_token, format, args); - va_end(args); - current_file->warnings++; - return (1); -} - -int -parser_error(int print_last_token, const char *format, ...) { - va_list args; - - va_start(args, format); - parser_complain(0, print_last_token, format, args); - va_end(args); - current_file->errors++; - return (1); -} - -void -yyerror(const char *message) { - parser_error(1, "%s", message); -} - -/* - * Keywords - */ - -struct keyword { - const char *name; - int token; -}; - -/* - * "keywords" is an array of the keywords which are the fixed syntactic - * elements of the configuration file. Each keyword has a string version - * of the keyword and a token id, which should be an identifier which - * matches that in a %token statement inside the parser.y file. - */ -static struct keyword keywords[] = { - {"acl", T_ACL}, - {"address", T_ADDRESS}, - {"algorithm", T_ALGID}, - {"allow", T_ALLOW}, - {"allow-query", T_ALLOW_QUERY}, - {"allow-recursion", T_ALLOW_RECURSION}, - {"allow-transfer", T_ALLOW_TRANSFER}, - {"allow-update", T_ALLOW_UPDATE}, -#ifdef BIND_NOTIFY - {"also-notify", T_ALSO_NOTIFY}, -#endif - {"auth-nxdomain", T_AUTH_NXDOMAIN}, - {"blackhole", T_BLACKHOLE}, - {"bogus", T_BOGUS}, - {"category", T_CATEGORY}, - {"class", T_CLASS}, - {"channel", T_CHANNEL}, - {"check-names", T_CHECK_NAMES}, - {"cleaning-interval", T_CLEAN_INTERVAL}, - {"controls", T_CONTROLS}, - {"coresize", T_CORESIZE}, - {"datasize", T_DATASIZE}, - {"deallocate-on-exit", T_DEALLOC_ON_EXIT}, - {"debug", T_DEBUG}, - {"default", T_DEFAULT}, - {"dialup", T_DIALUP}, - {"directory", T_DIRECTORY}, - {"dump-file", T_DUMP_FILE}, - {"dynamic", T_DYNAMIC}, - {"edns", T_EDNS}, - {"edns-udp-size", T_EDNS_UDP_SIZE}, - {"explicit", T_EXPLICIT}, - {"fail", T_FAIL}, - {"fake-iquery", T_FAKE_IQUERY}, - {"false", T_FALSE}, - {"fetch-glue", T_FETCH_GLUE}, - {"file", T_FILE}, - {"files", T_FILES}, - {"first", T_FIRST}, - {"forward", T_FORWARD}, - {"forwarders", T_FORWARDERS}, - {"group", T_GROUP}, - {"has-old-clients", T_HAS_OLD_CLIENTS}, - {"heartbeat-interval", T_HEARTBEAT}, - {"hint", T_HINT}, -#ifdef HITCOUNTS - {"hit-count", T_HITCOUNT}, -#endif /* HITCOUNTS */ - {"host-statistics", T_HOSTSTATS}, - {"host-statistics-max", T_HOSTSTATSMAX}, - {"hostname", T_HOSTNAME}, - {"if-no-answer", T_IF_NO_ANSWER}, - {"if-no-domain", T_IF_NO_DOMAIN}, - {"ignore", T_IGNORE}, - {"include", T_INCLUDE}, - {"inet", T_INET}, - {"interface-interval", T_INTERFACE_INTERVAL}, - {"ixfr-base", T_FILE_IXFR}, - {"ixfr-tmp-file", T_IXFR_TMP}, - {"key", T_SEC_KEY}, - {"keys", T_KEYS}, - {"lame-ttl", T_LAME_TTL}, - {"listen-on", T_LISTEN_ON}, - {"logging", T_LOGGING}, - {"maintain-ixfr-base", T_MAINTAIN_IXFR_BASE}, - {"many-answers", T_MANY_ANSWERS}, - {"master", T_MASTER}, - {"masters", T_MASTERS}, - {"max-ixfr-log-size", T_MAX_LOG_SIZE_IXFR}, - {"max-ncache-ttl", T_MAX_NCACHE_TTL}, - {"max-transfer-time-in", T_MAX_TRANSFER_TIME_IN}, - {"memstatistics-file", T_MEMSTATS_FILE}, - {"min-roots", T_MIN_ROOTS}, - {"multiple-cnames", T_MULTIPLE_CNAMES}, - {"name", T_NAME}, - {"named-xfer", T_NAMED_XFER}, - {"no", T_NO}, -#ifdef BIND_NOTIFY - {"notify", T_NOTIFY}, -#endif - {"null", T_NULL_OUTPUT}, - {"one-answer", T_ONE_ANSWER}, - {"only", T_ONLY}, - {"order", T_ORDER}, - {"options", T_OPTIONS}, - {"owner", T_OWNER}, - {"perm", T_PERM}, - {"pid-file", T_PIDFILE}, - {"port", T_PORT}, - {"preferred-glue", T_PREFERRED_GLUE}, - {"print-category", T_PRINT_CATEGORY}, - {"print-severity", T_PRINT_SEVERITY}, - {"print-time", T_PRINT_TIME}, - {"pubkey", T_PUBKEY}, - {"query-source", T_QUERY_SOURCE}, - {"rfc2308-type1", T_RFC2308_TYPE1}, - {"rrset-order", T_RRSET_ORDER}, - {"recursion", T_RECURSION}, - {"response", T_RESPONSE}, - {"secret", T_SECRET}, - {"serial-queries", T_SERIAL_QUERIES}, - {"server", T_SERVER}, - {"severity", T_SEVERITY}, - {"size", T_SIZE}, - {"slave", T_SLAVE}, - {"sortlist", T_SORTLIST}, - {"stacksize", T_STACKSIZE}, - {"statistics-file", T_STATS_FILE}, - {"statistics-interval", T_STATS_INTERVAL}, - {"stub", T_STUB}, - {"support-ixfr", T_SUPPORT_IXFR}, -#ifdef BIND_NOTIFY - {"suppress-initial-notify", T_NOTIFY_INITIAL}, -#endif - {"syslog", T_SYSLOG}, - {"topology", T_TOPOLOGY}, - {"transfer-format", T_TRANSFER_FORMAT}, - {"transfer-source", T_TRANSFER_SOURCE}, - {"transfers", T_TRANSFERS}, - {"transfers-in", T_TRANSFERS_IN}, - {"transfers-out", T_TRANSFERS_OUT}, - {"transfers-per-ns", T_TRANSFERS_PER_NS}, - {"treat-cr-as-space", T_TREAT_CR_AS_SPACE}, - {"true", T_TRUE}, - {"trusted-keys", T_TRUSTED_KEYS}, - {"type", T_TYPE}, - {"unix", T_UNIX}, - {"unlimited", T_UNLIMITED}, - {"use-id-pool", T_USE_ID_POOL}, - {"use-ixfr", T_USE_IXFR}, - {"version", T_VERSION}, - {"versions", T_VERSIONS}, - {"warn", T_WARN}, - {"yes", T_YES}, - {"zone", T_ZONE}, - {(char *) NULL, 0}, -}; - -/* - * The table size should be a prime chosen to minimize collisions. - */ -#define KEYWORD_TABLE_SIZE 461 - -static symbol_table keyword_table = NULL; - -static void -init_keywords() { - struct keyword *k; - symbol_value value; - - if (keyword_table != NULL) - free_symbol_table(keyword_table); - keyword_table = new_symbol_table(KEYWORD_TABLE_SIZE, NULL); - for (k = keywords; k->name != NULL; k++) { - value.integer = k->token; - define_symbol(keyword_table, k->name, 0, value, 0); - } - dprint_symbol_table(99, keyword_table); -} - -/* - * File Contexts - */ - -void -lexer_begin_file(const char *filename, FILE *stream) { - LexerFileContext lf; - - if (stream == NULL) { - stream = fopen(filename, "r"); - if (stream == NULL) { - parser_error(0, "couldn't open include file '%s'", - filename); - return; - } - } - lf = (LexerFileContext)memget(sizeof (struct lexer_file_context)); - if (lf == NULL) - panic("memget failed in lexer_begin_file", NULL); - INSIST(stream != NULL); - lf->stream = stream; - lf->name = savestr(filename, 1); - lf->line_number = 1; - lf->state = scan; - lf->flags = 0; - lf->warnings = 0; - lf->errors = 0; - lf->pushback_count = 0; - lf->next = current_file; - current_file = lf; -} - -void -lexer_end_file(void) { - LexerFileContext lf; - - INSIST(current_file != NULL); - lf = current_file; - current_file = lf->next; - fclose(lf->stream); - freestr(lf->name); - memput(lf, sizeof *lf); -} - -/* - * Character Input - */ - -#define LEXER_GETC(c, cf) \ - do { \ - if ((cf)->pushback_count > 0) { \ - (cf)->pushback_count--; \ - (c) = (cf)->pushback[(cf)->pushback_count]; \ - } else \ - (c) = getc((cf)->stream); \ - } while (0); - -#define LEXER_UNGETC(c, cf) \ - do { \ - INSIST((cf)->pushback_count < LEXER_MAX_PUSHBACK); \ - (cf)->pushback[(cf)->pushback_count++] = (c); \ - } while (0); - -static void -scan_to_comment_end(int c_plus_plus_style) { - int c; - int done = 0; - int prev_was_star = 0; - - while (!done) { - LEXER_GETC(c, current_file); - switch (c) { - case EOF: - if (!c_plus_plus_style) - parser_error(0, "EOF in comment"); - current_file->flags |= LEX_EOF; - done = 1; - break; - case '*': - prev_was_star = 1; - break; - case '/': - if (prev_was_star && !c_plus_plus_style) - done = 1; - prev_was_star = 0; - break; - case '\n': - if (c_plus_plus_style) { - /* don't consume the newline because - we want it to be a delimiter for - anything before the comment - started */ - LEXER_UNGETC(c, current_file); - done = 1; - } else { - current_file->line_number++; - } - prev_was_star = 0; - break; - default: - prev_was_star = 0; - } - } -} - -static int -get_next_char(int comment_ok) { - int c, nc; - - if (current_file->flags & LEX_EOF) - return (EOF); - - LEXER_GETC(c, current_file); - - if (comment_ok) { - while (c == '/' || c == '#') { - if (c == '#') { - scan_to_comment_end(1); - if (current_file->flags & LEX_EOF) - return (EOF); - LEXER_GETC(c, current_file); - } else { - LEXER_GETC(nc, current_file); - switch (nc) { - case EOF: - current_file->flags |= LEX_EOF; - return ('/'); - case '*': - case '/': - scan_to_comment_end((nc == '/')); - if (current_file->flags & LEX_EOF) - return (EOF); - LEXER_GETC(c, current_file); - break; - default: - LEXER_UNGETC(nc, current_file); - return ('/'); - } - } - } - } - - if (c == EOF) - current_file->flags |= LEX_EOF; - else if (c == '\n') - current_file->line_number++; - return (c); -} - -static void -put_back_char(int c) { - if (c == EOF) - current_file->flags |= LEX_EOF; - else { - LEXER_UNGETC(c, current_file); - if (c == '\n') - current_file->line_number--; - } -} - - -/* - * Identifiers - */ - -static void -clear_identifier(LexerIdentifier id) { - INSIST(id != NULL); - id->index = 0; - id->num_dots = 0; - id->flags = 0; -} - -static char * -dup_identifier(LexerIdentifier id) { - char *duplicate; - - INSIST(id != NULL); - duplicate = savestr(id->buffer, 1); - return (duplicate); -} - -static void -finish_identifier(LexerIdentifier id) { - INSIST(id != NULL && id->index < LEX_MAX_IDENT_SIZE); - id->buffer[id->index] = '\0'; -} - -static void -add_to_identifier(LexerIdentifier id, int c) { - INSIST(id != NULL); - id->buffer[id->index] = c; - id->index++; - if (id->index >= LEX_MAX_IDENT_SIZE) { - parser_error(0, "identifier too long"); - current_file->state = scan; - /* discard chars until we hit a non-identifier char */ - while (c != EOF && identifier_char(c)) { - c = get_next_char(1); - } - put_back_char(c); - clear_identifier(id); - } else { - if (c == '.') { - if (id->flags & LEX_LAST_WAS_DOT) - id->flags |= LEX_CONSECUTIVE_DOTS; - id->flags |= LEX_LAST_WAS_DOT; - id->num_dots++; - } else { - id->flags &= ~LEX_LAST_WAS_DOT; - } - } -} - -/* - * yylex() -- return the next token from the current input stream - */ -int -yylex() { - int c; - int comment_ok = 1; - int token = -1; - symbol_value value; - - while (token < 0) { - c = get_next_char(comment_ok); - switch(current_file->state) { - case scan: - if (c == EOF) { - if (current_file->next == NULL) - /* - * We don't want to call - * lexer_end_file() here because we - * want to keep the toplevel file - * context to log errors against. - */ - token = 0; - else { - lexer_end_file(); - token = L_END_INCLUDE; - } - break; - } - if (whitespace(c)) - break; - if (identifier_char(c)) { - if (isdigit(c)) - current_file->state = number; - else - current_file->state = identifier; - clear_identifier(id); - add_to_identifier(id, c); - } else - if (special_char(c)) { - if (c == ';') { - token = L_EOS; - break; - } - if (c == '"') { - clear_identifier(id); - current_file->state = - quoted_string; - comment_ok = 0; - break; - } - token = c; - } else { - parser_error(0, - "invalid character '%c'", - c); - } - break; - - case number: - if (c != EOF && identifier_char(c)) { - if (!isdigit(c)) - current_file->state = - (c == '.') ? ipv4 : identifier; - add_to_identifier(id, c); - } else { - put_back_char(c); - current_file->state = scan; - finish_identifier(id); - yylval.num = strtol(id->buffer, (char**)0, 0); - token = L_NUMBER; - } - break; - - case identifier: - if (c != EOF && identifier_char(c)) { - add_to_identifier(id, c); - } else { - put_back_char(c); - current_file->state = scan; - finish_identifier(id); - /* is it a keyword? */ - if (lookup_symbol(keyword_table, id->buffer, - 0, &value)) { - yylval.cp = id->buffer; - token = value.integer; - } else { - yylval.cp = dup_identifier(id); - token = L_STRING; - } - } - break; - - case ipv4: - if (c != EOF && identifier_char(c)) { - if (!isdigit(c)) { - if (c != '.' || - (id->flags & LEX_CONSECUTIVE_DOTS)) - current_file->state = - identifier; - } - add_to_identifier(id, c); - } else { - put_back_char(c); - if (id->num_dots > 3 || - (id->flags & LEX_LAST_WAS_DOT)) - current_file->state = identifier; - else { - if (id->num_dots == 1) { - add_to_identifier(id, '.'); - add_to_identifier(id, '0'); - add_to_identifier(id, '.'); - add_to_identifier(id, '0'); - } else if (id->num_dots == 2) { - add_to_identifier(id, '.'); - add_to_identifier(id, '0'); - } - current_file->state = scan; - finish_identifier(id); - token = L_IPADDR; - if (inet_aton(id->buffer, - &(yylval.ip_addr))==0) { - yylval.cp = dup_identifier(id); - token = L_STRING; - } - } - } - break; - - case quoted_string: - if (c == EOF) { - parser_error(0, "EOF in quoted string"); - return 0; - } else { - if (c == '"') { - comment_ok = 1; - current_file->state = scan; - finish_identifier(id); - yylval.cp = dup_identifier(id); - token = L_QSTRING; - } else { - /* XXX add backslash escapes here */ - add_to_identifier(id, c); - } - } - break; - - default: - panic("unhandled state in yylex", NULL); - } - } - - last_token = token; - last_yylval = yylval; - return (token); -} - -/* - * Initialization - */ - -symbol_table constants; - -static void -import_constants(const struct ns_sym *s, int type) { - symbol_value value; - for ((void)NULL; s != NULL && s->name != NULL; s++) { - value.integer = s->number; - define_symbol(constants, s->name, type, value, 0); - } -} - -static void -import_res_constants(const struct res_sym *r, int type) { - symbol_value value; - for ((void)NULL; r != NULL && r->name != NULL; r++) { - value.integer = r->number; - define_symbol(constants, r->name, type, value, 0); - } -} - -#define CONSTANTS_TABLE_SIZE 397 /* should be prime */ - -static void -import_all_constants() { - constants = new_symbol_table(CONSTANTS_TABLE_SIZE, NULL); - import_res_constants(__p_class_syms, SYM_CLASS); - import_constants(category_constants, SYM_CATEGORY); - import_constants(logging_constants, SYM_LOGGING); - import_constants(syslog_constants, SYM_SYSLOG); -} - -void -lexer_initialize() { - memset(special_chars, 0, sizeof special_chars); - special_chars[';'] = 1; - special_chars['{'] = 1; - special_chars['}'] = 1; - special_chars['!'] = 1; - special_chars['/'] = 1; - special_chars['"'] = 1; - special_chars['*'] = 1; - id = (LexerIdentifier)memget(sizeof (struct lexer_identifier)); - if (id == NULL) - panic("memget failed in lexer_initialize", NULL); - init_keywords(); - import_all_constants(); - lexer_initialized = 1; -} - -void -lexer_setup(void) { - REQUIRE(lexer_initialized); - - current_file = NULL; /* XXX should we INSIST(current_file==NULL)? */ - INSIST(id != NULL); -} - -void -lexer_shutdown(void) { - REQUIRE(lexer_initialized); - - free_symbol_table(keyword_table); - free_symbol_table(constants); - memput(id, sizeof (struct lexer_identifier)); - id = NULL; - lexer_initialized = 0; -} diff --git a/contrib/bind/bin/named/ns_lexer.h b/contrib/bind/bin/named/ns_lexer.h deleted file mode 100644 index 394338c..0000000 --- a/contrib/bind/bin/named/ns_lexer.h +++ /dev/null @@ -1,45 +0,0 @@ -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#ifndef _NS_LEXER_H -#define _NS_LEXER_H - -/* - * Note: <stdio.h> and "ns_parseutil.h" must be included - * before this file is included. - */ - -#define LEX_MAX_IDENT_SIZE 1024 - -#define SYM_CLASS 0x01 -#define SYM_CATEGORY 0x02 -#define SYM_LOGGING 0x04 -#define SYM_SYSLOG 0x08 - -int parser_warning(int, const char *, ...) ISC_FORMAT_PRINTF(2, 3); -int parser_error(int, const char *, ...) ISC_FORMAT_PRINTF(2, 3); -void yyerror(const char *); -void lexer_begin_file(const char *, FILE *); -void lexer_end_file(void); -int yylex(void); -void lexer_initialize(void); -void lexer_setup(void); -void lexer_shutdown(void); - -extern symbol_table constants; - -#endif /* !_NS_LEXER_H */ diff --git a/contrib/bind/bin/named/ns_main.c b/contrib/bind/bin/named/ns_main.c deleted file mode 100644 index d192ff6..0000000 --- a/contrib/bind/bin/named/ns_main.c +++ /dev/null @@ -1,3056 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_main.c,v 8.162.6.2 2003/06/08 22:08:02 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1989, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#if !defined(lint) && !defined(SABER) -char copyright[] = -"@(#) Copyright (c) 1986, 1989, 1990 The Regents of the University of California.\n" -"portions Copyright (c) 1993 Digital Equipment Corporation\n" -"portions Copyright (c) 1995-1999 Internet Software Consortium\n" -"portions Copyright (c) 1999 Check Point Software Technologies\n" -"All rights reserved.\n"; -#endif /* not lint */ - -/* - * Internet Name server (see RCF1035 & others). - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/file.h> -#include <sys/stat.h> -#include <sys/wait.h> -#include <sys/ioctl.h> -#include <sys/socket.h> -#include <sys/un.h> -#ifdef SVR4 /* XXX */ -# include <sys/sockio.h> -#else -#ifndef __hpux -# include <sys/mbuf.h> -#endif -#endif - -#include <netinet/in.h> -#include <net/route.h> -#include <net/if.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <errno.h> -#include <fcntl.h> -#include <grp.h> -#include <irs.h> -#include <stdio.h> -#include <stdlib.h> -#include <signal.h> -#include <netdb.h> -#include <pwd.h> -#include <resolv.h> -#include <string.h> -#include <syslog.h> -#include <time.h> -#include <unistd.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/list.h> - -#include "port_after.h" - -#ifdef HAVE_GETRUSAGE /* XXX */ -#include <sys/resource.h> -#endif - -#define MAIN_PROGRAM -#include "named.h" -#undef MAIN_PROGRAM - -#ifdef TRUCLUSTER5 -# include <clua/clua.h> -#endif - -typedef void (*handler)(void); - -typedef struct _savedg { - struct sockaddr_in from; - int dfd; - interface * ifp; - time_t gen; - u_char * buf; - u_int16_t buflen; -} savedg; - - /* list of interfaces */ -static LIST(struct _interface) iflist; -static int iflist_initialized = 0; -static int iflist_dont_rescan = 0; - -static const int drbufsize = 32 * 1024, /* UDP rcv buf size */ - dsbufsize = 48 * 1024, /* UDP snd buf size */ - sbufsize = 16 * 1024, /* TCP snd buf size */ -#ifdef BROKEN_RECVFROM - nudptrans = 1, -#else - nudptrans = 20, /* #/udps per select */ -#endif - listenmax = 50; - -static u_int16_t nsid_state; -static u_int16_t *nsid_pool; /* optional query id pool */ -static u_int16_t *nsid_vtable; /* optional shuffle table */ -static u_int32_t nsid_hash_state; -static u_int16_t nsid_a1, nsid_a2, nsid_a3; -static u_int16_t nsid_c1, nsid_c2, nsid_c3; -static u_int16_t nsid_state2; -static int nsid_algorithm; - -static int needs = 0, needs_exit = 0, needs_restart = 0; -static handler handlers[main_need_num]; -static void savedg_waitfunc(evContext, void*, const void*); -static void need_waitfunc(evContext, void *, const void *); -static int drain_rcvbuf(evContext, interface *, int, - int *, int *); -static int drain_all_rcvbuf(evContext); - -static struct qstream *sq_add(void); -static int opensocket_d(interface *), - opensocket_s(interface *); -static void sq_query(struct qstream *), - dq_remove(interface *); -static int sq_dowrite(struct qstream *); -static void use_desired_debug(void); -static void stream_write(evContext, void *, int, int); - -static interface * if_find(struct in_addr, u_int16_t port, - int anyport); - -static void deallocate_everything(void), - stream_accept(evContext, void *, int, - const void *, int, - const void *, int), - stream_getlen(evContext, void *, int, int), - stream_getmsg(evContext, void *, int, int), - datagram_read(evContext, void *, int, int), - dispatch_message(u_char *, int, int, - struct qstream *, - struct sockaddr_in, int, - interface *); -static void stream_send(evContext, void *, int, - const void *, int, - const void *, int); -static int only_digits(const char *); - -static void init_needs(void), - handle_needs(void), - exit_handler(void); - -#ifndef HAVE_CUSTOM -static void custom_init(void), - custom_shutdown(void); -#endif - -static void -usage() { - fprintf(stderr, -"Usage: named [-d #] [-q] [-r] [-v] [-f] [-p port] [[-b|-c] configfile]\n"); -#ifdef CAN_CHANGE_ID - fprintf(stderr, -" [-u (username|uid)] [-g (groupname|gid)]\n"); -#endif -#ifdef HAVE_CHROOT - fprintf(stderr, -" [-t directory]\n"); -#endif - exit(1); -} - -static const char bad_p_option[] = -"-p remote/local obsolete; use 'listen-on' in config file to specify local"; - -static const char bad_directory[] = "chdir failed for directory '%s': %s"; - -/*ARGSUSED*/ -int -main(int argc, char *argv[]) { - int n; - char *p; - int ch; - struct passwd *pw; - struct group *gr; - -#ifdef _AUX_SOURCE - set42sig(); -#endif - debugfile = savestr(_PATH_DEBUG, 1); - - user_id = getuid(); - group_id = getgid(); - - ns_port = htons(NAMESERVER_PORT); - desired_debug = debug; - - /* BSD has a better random number generator but it's not clear - * that we need it here. - */ - gettime(&tt); - srand(((unsigned)getpid()) + (unsigned)tt.tv_usec); - - (void) umask(022); - - /* Save argv[] before getopt() destroys it -- needed for execvp(). */ - saved_argv = malloc(sizeof(char *) * (argc + 1)); - INSIST(saved_argv != NULL); - for (n = 0; n < argc; n++) { - saved_argv[n] = strdup(argv[n]); - INSIST(saved_argv[n] != NULL); - } - saved_argv[argc] = NULL; - /* XXX we need to free() this for clean shutdowns. */ - - while ((ch = getopt(argc, argv, "b:c:d:g:p:t:u:vw:qrf")) != -1) { - switch (ch) { - case 'b': - case 'c': - if (conffile != NULL) - (void)freestr(conffile); - conffile = savestr(optarg, 1); - break; - - case 'd': - desired_debug = atoi(optarg); - if (desired_debug <= 0) - desired_debug = 1; - break; - - case 'p': - /* use nonstandard port number. - * usage: -p remote/local - * remote is the port number to which - * we send queries. local is the port - * on which we listen for queries. - * local defaults to same as remote. - */ - ns_port = htons((u_int16_t) atoi(optarg)); - p = strchr(optarg, '/'); - if (p) { - syslog(LOG_WARNING, bad_p_option); - fprintf(stderr, bad_p_option); - fputc('\n', stderr); - } - break; - - case 'w': - working_dir = savestr(optarg, 1); - break; -#ifdef QRYLOG - case 'q': - qrylog = 1; - break; -#endif - - case 'r': - ns_setoption(OPTION_NORECURSE); - break; - - case 'f': - foreground = 1; - break; - - case 't': - chroot_dir = savestr(optarg, 1); - break; - - case 'v': - fprintf(stdout, "%s\n", Version); - exit(0); - -#ifdef CAN_CHANGE_ID - case 'u': - user_name = savestr(optarg, 1); - if (only_digits(user_name)) - user_id = atoi(user_name); - else { - pw = getpwnam(user_name); - if (pw == NULL) { - fprintf(stderr, - "user \"%s\" unknown\n", - user_name); - exit(1); - } - user_id = pw->pw_uid; - if (group_name == NULL) { - char name[256]; - - sprintf(name, "%lu", - (u_long)pw->pw_gid); - group_name = savestr(name, 1); - group_id = pw->pw_gid; - } - } - break; - - case 'g': - if (group_name != NULL) - (void)freestr(group_name); - group_name = savestr(optarg, 1); - if (only_digits(group_name)) - group_id = atoi(group_name); - else { - gr = getgrnam(group_name); - if (gr == NULL) { - fprintf(stderr, - "group \"%s\" unknown\n", - group_name); - exit(1); - } - group_id = gr->gr_gid; - } - break; -#endif /* CAN_CHANGE_ID */ - - case '?': - default: - usage(); - } - } - argc -= optind; - argv += optind; - - if (argc) { - if (conffile != NULL) - (void)freestr(conffile); - conffile = savestr(*argv, 1); - argc--, argv++; - } - if (argc) - usage(); - - if (conffile == NULL) - conffile = savestr(_PATH_CONF, 1); - - /* - * Make sure we don't inherit any open descriptors - * other than those that daemon() can deal with. - */ - for (n = sysconf(_SC_OPEN_MAX) - 1; n >= 0; n--) - if (n != STDIN_FILENO && - n != STDOUT_FILENO && - n != STDERR_FILENO) - (void) close(n); - - /* - * Chroot if desired. - */ - if (chroot_dir != NULL) { -#ifdef HAVE_CHROOT - if (chroot(chroot_dir) < 0) { - fprintf(stderr, "chroot %s failed: %s\n", chroot_dir, - strerror(errno)); - exit(1); - } - if (chdir("/") < 0) { - fprintf(stderr, "chdir(\"/\") failed: %s\n", - strerror(errno)); - exit(1); - } -#else - fprintf(stderr, "warning: chroot() not available\n"); - chroot_dir = freestr(chroot_dir); -#endif - } - /* - * Set working directory. - */ - if (working_dir != NULL) { - if (chdir(working_dir) < 0) { - syslog(LOG_CRIT, bad_directory, working_dir, - strerror(errno)); - fprintf(stderr, bad_directory, working_dir, - strerror(errno)); - fputc('\n', stderr); - exit(1); - } - } - - /* Establish global event context. */ - evCreate(&ev); - - /* Establish global resolver context. */ - res_ninit(&res); - res.options &= ~(RES_DEFNAMES | RES_DNSRCH | RES_RECURSE); - - /* - * Set up logging. - */ - n = LOG_PID; -#ifdef LOG_NOWAIT - n |= LOG_NOWAIT; -#endif -#ifdef LOG_NDELAY - n |= LOG_NDELAY; -#endif -#if defined(LOG_CONS) && defined(USE_LOG_CONS) - n |= LOG_CONS; -#endif -#ifdef SYSLOG_42BSD - openlog("named", n); -#else - openlog("named", n, ISC_FACILITY); -#endif - - init_logging(); - set_assertion_failure_callback(ns_assertion_failed); - -#ifdef DEBUG - use_desired_debug(); -#endif - - /* Perform system-dependent initialization */ - custom_init(); - - init_needs(); - init_signals(); - - ns_notice(ns_log_default, "starting (%s). %s", conffile, Version); - - /* - * Initialize and load database. - */ - gettime(&tt); - buildservicelist(); - buildprotolist(); - confmtime = ns_init(conffile); - time(&boottime); - resettime = boottime; - - nsid_init(); - - /* - * Fork and go into background now that - * we've done any slow initialization - * and are ready to answer queries. - */ - - if (foreground == 0) { - if (daemon(1, 0)) - ns_panic(ns_log_default, 1, "daemon: %s", - strerror(errno)); - update_pid_file(); - } - - /* Check that udp checksums are on. */ - ns_udp(); - - /* - * We waited until now to log this because we wanted logging to - * be set up the way the user prefers. - */ - if (chroot_dir != NULL) - ns_info(ns_log_security, "chrooted to %s", chroot_dir); - -#ifdef CAN_CHANGE_ID - /* - * Set user and group if desired. - */ - if (group_name != NULL) { - if (setgid(group_id) < 0) - ns_panic(ns_log_security, 1, "setgid(%s): %s", - group_name, strerror(errno)); - ns_info(ns_log_security, "group = %s", group_name); - } - if (user_name != NULL) { - if (getuid() == 0 && initgroups(user_name, group_id) < 0) - ns_panic(ns_log_security, 1, "initgroups(%s, %d): %s", - user_name, (int)group_id, strerror(errno)); - endgrent(); - endpwent(); - if (setuid(user_id) < 0) - ns_panic(ns_log_security, 1, "setuid(%s): %s", - user_name, strerror(errno)); - ns_info(ns_log_security, "user = %s", user_name); - if (user_id != 0) - iflist_dont_rescan++; - } -#endif /* CAN_CHANGE_ID */ - - ns_notice(ns_log_default, "Ready to answer queries."); - gettime(&tt); - prime_cache(); - while (!needs_exit) { - evEvent event; - - ns_debug(ns_log_default, 15, "main loop"); - if (needs != 0) - handle_needs(); - else if (evGetNext(ev, &event, EV_WAIT) != -1) - INSIST_ERR(evDispatch(ev, event) != -1); - else - INSIST_ERR(errno == EINTR); - } - if (needs_restart) - ns_info(ns_log_default, "named restarting"); - else - ns_info(ns_log_default, "named shutting down"); -#ifdef BIND_UPDATE - dynamic_about_to_exit(); -#endif - if (server_options && server_options->pid_filename) - (void)unlink(server_options->pid_filename); - ns_logstats(ev, NULL, evNowTime(), evConsTime(0, 0)); - - if (NS_OPTION_P(OPTION_DEALLOC_ON_EXIT)) - deallocate_everything(); - else - shutdown_configuration(); - - if (needs_restart) - execvp(saved_argv[0], saved_argv); - else - /* Cleanup for system-dependent stuff */ - custom_shutdown(); - - return (0); -} - -static int -sq_closeone(void) { - struct qstream *sp, *nextsp; - struct qstream *candidate = NULL; - time_t lasttime, maxctime = 0; - int result = 0; - - gettime(&tt); - - for (sp = streamq; sp; sp = nextsp) { - nextsp = sp->s_next; - if (sp->s_refcnt) - continue; - lasttime = tt.tv_sec - sp->s_time; - if (lasttime >= VQEXPIRY) { - sq_remove(sp); - result = 1; - } else if (lasttime > maxctime) { - candidate = sp; - maxctime = lasttime; - } - } - if (candidate) { - sq_remove(candidate); - result = 1; - } - return (result); -} - -static int -ns_socket(int domain, int type, int protocol) { - int fd, tmp; - - again: - fd = socket(domain, type, protocol); -#ifdef F_DUPFD /* XXX */ - /* - * Leave a space for stdio to work in. - */ - if (fd >= 0 && fd <= 20) { - int new; - if ((new = fcntl(fd, F_DUPFD, 20)) == -1) - ns_notice(ns_log_default, "fcntl(fd, F_DUPFD, 20): %s", - strerror(errno)); - tmp = errno; - close(fd); - errno = tmp; - fd = new; - } -#endif - tmp = errno; - if (errno == EMFILE) - if (sq_closeone()) - goto again; - errno = tmp; - return (fd); -} - -#ifndef IP_OPT_BUF_SIZE -/* arbitrary size */ -#define IP_OPT_BUF_SIZE 50 -#endif - -static void -stream_accept(evContext lev, void *uap, int rfd, - const void *lav, int lalen, - const void *rav, int ralen) -{ - interface *ifp = uap; - struct qstream *sp; - struct iovec iov; - ISC_SOCKLEN_T len; - int n; - const int on = 1; -#ifdef IP_OPTIONS /* XXX */ - u_char ip_opts[IP_OPT_BUF_SIZE]; -#endif - const struct sockaddr_in *la, *ra; - - UNUSED(lalen); - UNUSED(ralen); - - la = (const struct sockaddr_in *)lav; - ra = (const struct sockaddr_in *)rav; - - INSIST(ifp != NULL); - -#ifdef F_DUPFD - /* - * Leave a space for stdio to work in. - */ - if (rfd >= 0 && rfd <= 20) { - int new, tmp; - new = fcntl(rfd, F_DUPFD, 20); - tmp = errno; - if (new == -1) - ns_notice(ns_log_default, - "fcntl(rfd, F_DUPFD, 20): %s", - strerror(errno)); - close(rfd); - errno = tmp; - rfd = new; - } -#endif - - if (rfd < 0) { - switch (errno) { - case EINTR: - case EAGAIN: -#if (EWOULDBLOCK != EAGAIN) - case EWOULDBLOCK: -#endif - case ECONNABORTED: -#ifdef EPROTO - case EPROTO: -#endif - case EHOSTUNREACH: - case EHOSTDOWN: - case ENETUNREACH: - case ENETDOWN: - case ECONNREFUSED: -#ifdef ENONET - case ENONET: -#endif - /* - * These errors are expected and harmless, so - * we ignore them. - */ - return; - case EBADF: - case ENOTSOCK: - case EFAULT: - /* - * If one these happens, we're broken. - */ - ns_panic(ns_log_default, 1, "accept: %s", - strerror(errno)); - case EMFILE: - /* - * If we're out of file descriptors, find the least - * busy fd and close it. Then we'll return to the - * eventlib which will call us right back. - */ - if (streamq) { - (void)sq_closeone(); - return; - } - /* fall through */ - default: - /* - * Either we got an error we didn't expect, or we - * got EMFILE and didn't have anything left to close. - * Log it and press on. - */ - ns_info(ns_log_default, "accept: %s", strerror(errno)); - return; - } - } - - /* Condition the socket. */ - -#ifndef CANNOT_SET_SNDBUF - if (setsockopt(rfd, SOL_SOCKET, SO_SNDBUF, - (const char*)&sbufsize, sizeof sbufsize) < 0) { - ns_info(ns_log_default, "setsockopt(rfd, SO_SNDBUF, %d): %s", - sbufsize, strerror(errno)); - (void) close(rfd); - return; - } -#endif - if (setsockopt(rfd, SOL_SOCKET, SO_KEEPALIVE, - (const char *)&on, sizeof on) < 0) { - ns_info(ns_log_default, "setsockopt(rfd, KEEPALIVE): %s", - strerror(errno)); - (void) close(rfd); - return; - } - -#ifdef USE_FIONBIO_IOCTL - if (ioctl(ifp->dfd, FIONBIO, (char *) &on) == -1) { - ns_info(ns_log_default, "ioctl(rfd, FIONBIO): %s", - strerror(errno)); - (void) close(rfd); - return; - } -#else - if ((n = fcntl(rfd, F_GETFL, 0)) == -1) { - ns_info(ns_log_default, "fcntl(rfd, F_GETFL): %s", - strerror(errno)); - (void) close(rfd); - return; - } - if (fcntl(rfd, F_SETFL, n|PORT_NONBLOCK) == -1) { - ns_info(ns_log_default, "fcntl(rfd, NONBLOCK): %s", - strerror(errno)); - (void) close(rfd); - return; - } -#endif - - /* - * We don't like IP options. Turn them off if the connection came in - * with any. log this event since it usually indicates a security - * problem. - */ -#if defined(IP_OPTIONS) /* XXX */ - len = sizeof ip_opts; - if (getsockopt(rfd, IPPROTO_IP, IP_OPTIONS, - (char *)ip_opts, &len) < 0) { - ns_info(ns_log_default, "getsockopt(rfd, IP_OPTIONS): %s", - strerror(errno)); - (void) close(rfd); - return; - } - if (len != 0) { - nameserIncr(ra->sin_addr, nssRcvdOpts); - if (!haveComplained(ina_ulong(ra->sin_addr), - (u_long)"rcvd ip options")) { - ns_info(ns_log_default, - "rcvd IP_OPTIONS from %s (ignored)", - sin_ntoa(*ra)); - } - if (setsockopt(rfd, IPPROTO_IP, IP_OPTIONS, NULL, 0) < 0) { - ns_info(ns_log_default, "setsockopt(!IP_OPTIONS): %s", - strerror(errno)); - (void) close(rfd); - } - } -#endif - - /* Create and populate a qsp for this socket. */ - if ((sp = sq_add()) == NULL) { - (void) close(rfd); - return; - } - sp->s_rfd = rfd; /* stream file descriptor */ - gettime(&tt); - sp->s_time = tt.tv_sec; /* last transaction time */ - sp->s_from = *ra; /* address to respond to */ - sp->s_ifp = ifp; - INSIST(sizeof sp->s_temp >= INT16SZ); - iov = evConsIovec(sp->s_temp, INT16SZ); - if (evRead(lev, rfd, &iov, 1, stream_getlen, sp, &sp->evID_r) == -1) { - ns_error(ns_log_default, "evRead(fd %d): %s", - rfd, strerror(errno)); - sq_remove(sp); - return; - } - sp->flags |= STREAM_READ_EV; - ns_debug(ns_log_default, 1, "IP/TCP connection from %s (fd %d)", - sin_ntoa(sp->s_from), rfd); -} - -int -tcp_send(struct qinfo *qp) { - struct qstream *sp; - struct sockaddr_in src; - int on = 1, n; - int fd; - - ns_debug(ns_log_default, 1, "tcp_send"); - if ((fd = ns_socket(AF_INET, SOCK_STREAM, PF_UNSPEC)) == -1) - return (SERVFAIL); - if (fd > evHighestFD(ev)) { - close(fd); - return (SERVFAIL); - } - if ((sp = sq_add()) == NULL) { - close(fd); - return (SERVFAIL); - } - sp->s_rfd = fd; - if (setsockopt(sp->s_rfd, SOL_SOCKET, SO_REUSEADDR, - (char*)&on, sizeof(on)) < 0) - ns_info(ns_log_default, - "tcp_send: setsockopt(SO_REUSEADDR): %s", - strerror(errno)); -#ifdef SO_REUSEPORT - if (setsockopt(sp->s_rfd, SOL_SOCKET, SO_REUSEPORT, - (char*)&on, sizeof(on)) < 0) - ns_info(ns_log_default, - "tcp_send: setsockopt(SO_REUSEPORT): %s", - strerror(errno)); -#endif - src = server_options->query_source; - src.sin_port = htons(0); - if (bind(sp->s_rfd, (struct sockaddr *)&src, sizeof(src)) < 0) - ns_info(ns_log_default, "tcp_send: bind(query_source): %s", - strerror(errno)); - if (fcntl(sp->s_rfd, F_SETFD, 1) < 0) { - sq_remove(sp); - return (SERVFAIL); - } -#ifdef USE_FIONBIO_IOCTL - if (ioctl(sp->s_rfd, FIONBIO, (char *) &on) == -1) { - sq_remove(sp); - return (SERVFAIL); - } -#else - if ((n = fcntl(sp->s_rfd, F_GETFL, 0)) == -1) { - sq_remove(sp); - return (SERVFAIL); - } - if (fcntl(sp->s_rfd, F_SETFL, n|PORT_NONBLOCK) == -1) { - sq_remove(sp); - return (SERVFAIL); - } -#endif - if (sq_openw(sp, qp->q_msglen + INT16SZ) == -1) { - sq_remove(sp); - return (SERVFAIL); - } - if (sq_write(sp, qp->q_msg, qp->q_msglen) == -1) { - sq_remove(sp); - return (SERVFAIL); - } - - if (setsockopt(sp->s_rfd, SOL_SOCKET, SO_KEEPALIVE, - (char*)&on, sizeof(on)) < 0) - ns_info(ns_log_default, - "tcp_send: setsockopt(SO_KEEPALIVE): %s", - strerror(errno)); - gettime(&tt); - sp->s_size = -1; - sp->s_time = tt.tv_sec; /* last transaction time */ - sp->s_refcnt = 1; - sp->flags |= STREAM_DONE_CLOSE; - sp->s_from = qp->q_addr[qp->q_curaddr].ns_addr; - if (evConnect(ev, sp->s_rfd, &sp->s_from, sizeof(sp->s_from), - stream_send, sp, &sp->evID_c) == -1) { - sq_remove(sp); - return (SERVFAIL); - } - sp->flags |= STREAM_CONNECT_EV; - return (NOERROR); -} - -static void -stream_send(evContext lev, void *uap, int fd, const void *la, int lalen, - const void *ra, int ralen) { - struct qstream *sp = uap; - - UNUSED(lev); - UNUSED(la); - UNUSED(lalen); - UNUSED(ra); - UNUSED(ralen); - - ns_debug(ns_log_default, 1, "stream_send"); - - sp->flags &= ~STREAM_CONNECT_EV; - - if (fd == -1) { - /* connect failed */ - sq_remove(sp); - return; - } - if (evSelectFD(ev, sp->s_rfd, EV_WRITE, - stream_write, sp, &sp->evID_w) < 0) { - sq_remove(sp); - return; - } - sp->flags |= STREAM_WRITE_EV; -} - -static void -stream_write(evContext ctx, void *uap, int fd, int evmask) { - struct qstream *sp = uap; - struct iovec iov; - - ns_debug(ns_log_default, 1, "stream_write"); - INSIST(evmask & EV_WRITE); - INSIST(fd == sp->s_rfd); - if (sq_dowrite(sp) < 0) { - sq_remove(sp); - return; - } - if (sp->s_wbuf_free != sp->s_wbuf_send) - return; - - if (sp->s_wbuf) { - memput(sp->s_wbuf, sp->s_wbuf_end - sp->s_wbuf); - sp->s_wbuf_send = sp->s_wbuf_free = NULL; - sp->s_wbuf_end = sp->s_wbuf = NULL; - } - (void) evDeselectFD(ev, sp->evID_w); - sp->flags &= ~STREAM_WRITE_EV; - sp->s_refcnt = 0; - iov = evConsIovec(sp->s_temp, INT16SZ); - if (evRead(ctx, fd, &iov, 1, stream_getlen, sp, &sp->evID_r) == -1) { - ns_error(ns_log_default, "evRead(fd %d): %s", - fd, strerror(errno)); - sq_remove(sp); - return; - } - sp->flags |= STREAM_READ_EV; -} - -static void -stream_getlen(evContext lev, void *uap, int fd, int bytes) { - struct qstream *sp = uap; - struct iovec iov; - - UNUSED(fd); - - sp->flags &= ~STREAM_READ_EV; - if (bytes != INT16SZ) { - /* - * bytes == 0 is normal EOF; see if something unusual - * happened. - */ - if (bytes < 0) { - /* - * ECONNRESET happens frequently and is not worth - * logging. - */ - if (errno != ECONNRESET) - ns_info(ns_log_default, - "stream_getlen(%s): %s", - sin_ntoa(sp->s_from), strerror(errno)); - } else if (bytes != 0) - ns_error(ns_log_default, - "stream_getlen(%s): unexpected byte count %d", - sin_ntoa(sp->s_from), bytes); - sq_remove(sp); - return; - } - - /* - * Unpack the size, allocate memory for the query. This is - * tricky since in a low memory situation with possibly very - * large (64KB) queries, we want to make sure we can read at - * least the header since we need it to send back a SERVFAIL - * (owing to the out-of-memory condition). - */ - sp->s_size = ns_get16(sp->s_temp); - ns_debug(ns_log_default, 5, "stream message: %d bytes", sp->s_size); - if (sp->s_size < HFIXEDSZ) { - ns_error(ns_log_default, - "stream_getlen(%s): request too small", - sin_ntoa(sp->s_from)); - sq_remove(sp); - return; - } - - if (!(sp->flags & STREAM_MALLOC)) { - sp->s_bufsize = 64*1024-1; /* maximum tcp message size */ - sp->s_buf = (u_char *)memget(sp->s_bufsize); - if (sp->s_buf != NULL) - sp->flags |= STREAM_MALLOC; - else { - sp->s_buf = sp->s_temp; - sp->s_bufsize = HFIXEDSZ; - } - } - - iov = evConsIovec(sp->s_buf, (sp->s_size <= sp->s_bufsize) ? - sp->s_size : sp->s_bufsize); - if (evRead(lev, sp->s_rfd, &iov, 1, stream_getmsg, sp, &sp->evID_r) - == -1) { - ns_error(ns_log_default, "evRead(fd %d): %s", - sp->s_rfd, strerror(errno)); - sq_remove(sp); - return; - } - sp->flags |= STREAM_READ_EV; -} - -static void -stream_getmsg(evContext lev, void *uap, int fd, int bytes) { - struct qstream *sp = uap; - - UNUSED(lev); - UNUSED(fd); - - sp->flags &= ~STREAM_READ_EV; - if (bytes == -1) { - ns_info(ns_log_default, "stream_getmsg(%s): %s", - sin_ntoa(sp->s_from), strerror(errno)); - sq_remove(sp); - return; - } - - gettime(&tt); - sp->s_time = tt.tv_sec; - - if (ns_wouldlog(ns_log_default,5)) { - ns_debug(ns_log_default, 5, - "sp %p rfd %d size %d time %ld next %p", - sp, sp->s_rfd, sp->s_size, (long)sp->s_time, - sp->s_next); - ns_debug(ns_log_default, 5, "\tbufsize %d bytes %d", sp->s_bufsize, - bytes); - } - - /* - * Do we have enough memory for the query? If not, and if we have a - * query id, then we will send a SERVFAIL error back to the client. - */ - if (bytes != sp->s_size) { - HEADER *hp = (HEADER *)sp->s_buf; - - hp->qr = 1; - hp->ra = (NS_OPTION_P(OPTION_NORECURSE) == 0); - hp->ancount = htons(0); - hp->qdcount = htons(0); - hp->nscount = htons(0); - hp->arcount = htons(0); - hp->rcode = SERVFAIL; - writestream(sp, sp->s_buf, HFIXEDSZ); - sp->flags |= STREAM_DONE_CLOSE; - return; - } - - nameserIncr(sp->s_from.sin_addr, nssRcvdTCP); - sq_query(sp); - dispatch_message(sp->s_buf, bytes, sp->s_bufsize, sp, sp->s_from, -1, - sp->s_ifp); -} - -static void -datagram_read(evContext lev, void *uap, int fd, int evmask) { - interface *ifp = uap; - struct sockaddr_in from; - ISC_SOCKLEN_T from_len = sizeof from; - int n, nudp; - union { - HEADER h; /* Force alignment of 'buf'. */ - u_char buf[EDNS_MESSAGE_SZ+1]; - } u; - - UNUSED(lev); - UNUSED(evmask); - - tt = evTimeVal(evNowTime()); - nudp = 0; - - more: - n = recvfrom(fd, (char *)u.buf, sizeof u.buf, 0, - (struct sockaddr *)&from, &from_len); - - if (n < 0) { - switch (errno) { - case EINTR: - case EAGAIN: -#if (EWOULDBLOCK != EAGAIN) - case EWOULDBLOCK: -#endif - case EHOSTUNREACH: - case EHOSTDOWN: - case ENETUNREACH: - case ENETDOWN: - case ECONNREFUSED: -#ifdef ENONET - case ENONET: -#endif - /* - * These errors are expected and harmless, so we - * ignore them. - */ - return; - default: - /* - * An error we don't expect. Log it and press - * on. - */ - ns_info(ns_log_default, "recvfrom: %s", - strerror(errno)); - return; - } - } - - /* Handle bogosity on systems that need it. */ - if (n == 0) - return; - - if (ns_wouldlog(ns_log_default, 1)) { - ns_debug(ns_log_default, 1, "datagram from %s, fd %d, len %d", - sin_ntoa(from), fd, n); - } - - if (n > EDNS_MESSAGE_SZ) { - /* - * The message is too big. It's probably a response to - * one of our questions, so we truncate it and press on. - */ - n = trunc_adjust(u.buf, EDNS_MESSAGE_SZ, EDNS_MESSAGE_SZ); - ns_debug(ns_log_default, 1, "truncated oversize UDP packet"); - } - - dispatch_message(u.buf, n, EDNS_MESSAGE_SZ, NULL, from, fd, ifp); - if (++nudp < nudptrans) - goto more; -} - -static void -savedg_waitfunc(evContext ctx, void *uap, const void *tag) { - savedg *dg = (savedg *)uap; - - UNUSED(ctx); - UNUSED(tag); - - if (!EMPTY(iflist) && HEAD(iflist)->gen == dg->gen) { - u_char buf[EDNS_MESSAGE_SZ]; - - memcpy(buf, dg->buf, dg->buflen); - dispatch_message(buf, dg->buflen, sizeof buf, NULL, - dg->from, dg->dfd, dg->ifp); - } - memput(dg->buf, dg->buflen); - memput(dg, sizeof *dg); -} - -static void -dispatch_message(u_char *msg, int msglen, int buflen, struct qstream *qsp, - struct sockaddr_in from, int dfd, interface *ifp) -{ - HEADER *hp = (HEADER *)msg; - - if (msglen < HFIXEDSZ) { - ns_debug(ns_log_default, 1, "dropping undersize message"); - if (qsp) { - qsp->flags |= STREAM_DONE_CLOSE; - sq_done(qsp); - } - return; - } - - if (server_options->blackhole_acl != NULL && - ip_match_address(server_options->blackhole_acl, - from.sin_addr) == 1) { - ns_debug(ns_log_default, 1, - "dropping blackholed %s from %s", - hp->qr ? "response" : "query", - sin_ntoa(from)); - if (qsp) { - qsp->flags |= STREAM_DONE_CLOSE; - sq_done(qsp); - } - return; - } - - /* Drop UDP packets from port zero. They are invariable forged. */ - if (qsp == NULL && ntohs(from.sin_port) == 0) { - ns_notice(ns_log_security, - "dropping source port zero packet from %s", - sin_ntoa(from)); - return; - } - - if (hp->qr) { - ns_resp(msg, msglen, from, qsp); - if (qsp) - sq_done(qsp); - /* Now is a safe time for housekeeping. */ - if (needs_prime_cache) - prime_cache(); - } else if (ifp != NULL) - ns_req(msg, msglen, buflen, qsp, from, dfd); - else { - ns_notice(ns_log_security, - "refused query on non-query socket from %s", - sin_ntoa(from)); - if (qsp) { - qsp->flags |= STREAM_DONE_CLOSE; - sq_done(qsp); - } - /* XXX Send refusal here. */ - } -} - -void -getnetconf(int periodic_scan) { - struct ifconf ifc; - struct ifreq ifreq; - struct in_addr ina; - interface *ifp; - char *buf, *cp, *cplim; - static int bufsiz = 4095; - time_t my_generation = time(NULL); - int s, cpsize, n; - int found; - listen_info li; - ip_match_element ime; - u_char *mask_ptr; - struct in_addr mask; -#ifdef TRUCLUSTER5 - struct sockaddr clua_addr; - int clua_cnt, clua_tot; -#endif - int clua_buf; - - if (iflist_initialized) { - if (iflist_dont_rescan) - return; - } else { - INIT_LIST(iflist); - iflist_initialized = 1; - } - - ns_debug(ns_log_default, 1, "getnetconf(generation %lu)", - (u_long)my_generation); - - /* Get interface list from system. */ - if ((s = socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - if (!periodic_scan) - ns_panic(ns_log_default, 1, "socket(SOCK_RAW): %s", - strerror(errno)); - ns_error(ns_log_default, "socket(SOCK_RAW): %s", - strerror(errno)); - return; - } - - if (local_addresses != NULL) - free_ip_match_list(local_addresses); - local_addresses = new_ip_match_list(); - if (local_networks != NULL) - free_ip_match_list(local_networks); - local_networks = new_ip_match_list(); - -#ifdef TRUCLUSTER5 - /* Find out how many cluster aliases there are */ - clua_cnt = 0; - clua_tot = 0; - while (clua_getaliasaddress(&clua_addr, &clua_cnt) == CLUA_SUCCESS) - clua_tot ++; - clua_buf = clua_tot * sizeof(ifreq); -#else - clua_buf = 0; -#endif - - for (;;) { - buf = memget(bufsiz + clua_buf); - if (!buf) - ns_panic(ns_log_default, 1, "memget(interface)"); - ifc.ifc_len = bufsiz; - ifc.ifc_buf = buf; -#ifdef IRIX_EMUL_IOCTL_SIOCGIFCONF - /* - * This is a fix for IRIX OS in which the call to ioctl with - * the flag SIOCGIFCONF may not return an entry for all the - * interfaces like most flavors of Unix. - */ - if (emul_ioctl(&ifc) >= 0) - break; -#else - if ((n = ioctl(s, SIOCGIFCONF, (char *)&ifc)) != -1) { - /* - * Some OS's just return what will fit rather - * than set EINVAL if the buffer is too small - * to fit all the interfaces in. If - * ifc.ifc_len is too near to the end of the - * buffer we will grow it just in case and - * retry. - */ - if ((int)(ifc.ifc_len + 2 * sizeof(ifreq)) < bufsiz) - break; - } -#endif - if ((n == -1) && errno != EINVAL) - ns_panic(ns_log_default, 1, - "get interface configuration: %s", - strerror(errno)); - - if (bufsiz > 1000000) - ns_panic(ns_log_default, 1, - "get interface configuration: maximum buffer size exceeded"); - memput(buf, bufsiz + clua_buf); - bufsiz += 4096; - } - -#ifdef TRUCLUSTER5 - /* Get the cluster aliases and create interface entries for them */ - clua_cnt = 0; - while (clua_tot--) { - memset(&ifreq, 0, sizeof (ifreq)); - if (clua_getaliasaddress(&ifreq.ifr_addr, &clua_cnt) != - CLUA_SUCCESS) - /* - * It is possible the count of aliases has changed; if - * it has increased, they won't be found this pass. - * If has decreased, stop the loop early. */ - break; - strcpy(ifreq.ifr_name, "lo0"); - memcpy(ifc.ifc_buf + ifc.ifc_len, &ifreq, sizeof (ifreq)); - ifc.ifc_len += sizeof (ifreq); - bufsiz += sizeof (ifreq); - } -#endif - - ns_debug(ns_log_default, 2, "getnetconf: SIOCGIFCONF: ifc_len = %d", - ifc.ifc_len); - - /* Parse system's interface list and open some sockets. */ - cplim = buf + ifc.ifc_len; /* skip over if's with big ifr_addr's */ - for (cp = buf; cp < cplim; cp += cpsize) { - memcpy(&ifreq, cp, sizeof ifreq); -#ifdef HAVE_SA_LEN -#ifdef FIX_ZERO_SA_LEN - if (ifreq.ifr_addr.sa_len == 0) - ifreq.ifr_addr.sa_len = 16; -#endif -#ifdef HAVE_MINIMUM_IFREQ - ns_debug(ns_log_default, 2, "%s sa_len = %d", - ifreq.ifr_name, (int)ifreq.ifr_addr.sa_len); - cpsize = sizeof ifreq; - if (ifreq.ifr_addr.sa_len > sizeof (struct sockaddr)) - cpsize += (int)ifreq.ifr_addr.sa_len - - (int)(sizeof (struct sockaddr)); -#else - cpsize = sizeof ifreq.ifr_name + ifreq.ifr_addr.sa_len; -#endif /* HAVE_MINIMUM_IFREQ */ -#elif defined SIOCGIFCONF_ADDR - cpsize = sizeof ifreq; -#else - cpsize = sizeof ifreq.ifr_name; - if (ioctl(s, SIOCGIFADDR, (char *)&ifreq) < 0) { - ns_notice(ns_log_default, - "get interface addr (%s): %s", - ifreq.ifr_name, strerror(errno)); - continue; - } -#endif - if (ifreq.ifr_addr.sa_family != AF_INET) { - ns_debug(ns_log_default, 2, - "getnetconf: %s AF %d != INET", - ifreq.ifr_name, ifreq.ifr_addr.sa_family); - continue; - } - ina = ina_get((u_char *)&((struct sockaddr_in *) - &ifreq.ifr_addr)->sin_addr); - ns_debug(ns_log_default, 1, - "getnetconf: considering %s [%s]", - ifreq.ifr_name, inet_ntoa(ina)); - /* - * Don't test IFF_UP, packets may still be received at this - * address if any other interface is up. - */ - if (ina_hlong(ina) == INADDR_ANY) { - ns_debug(ns_log_default, 2, - "getnetconf: INADDR_ANY, ignoring."); - continue; - } - - INSIST(server_options != NULL); - INSIST(server_options->listen_list != NULL); - - found=0; - for (li = server_options->listen_list->first; - li != NULL; - li = li->next) { - if (ip_match_address(li->list, ina) > 0) { - found++; - /* - * Look for an already existing source - * interface address/port pair. - * This happens mostly when reinitializing. - * Also, if the machine has multiple point to - * point interfaces, then the local address - * may appear more than once. - */ - ifp = if_find(ina, li->port, 0); - if (ifp != NULL) { - ns_debug(ns_log_default, 1, - "dup interface addr [%s].%u (%s)", - inet_ntoa(ina), - ntohs(li->port), - ifreq.ifr_name); - ifp->gen = my_generation; - continue; - } - - ifp = (interface *)memget(sizeof *ifp); - if (!ifp) - ns_panic(ns_log_default, 1, - "memget(interface)"); - memset(ifp, 0, sizeof *ifp); - INIT_LINK(ifp, link); - APPEND(iflist, ifp, link); - ifp->addr = ina; - ifp->port = li->port; - ifp->gen = my_generation; - ifp->flags = 0; - ifp->dfd = -1; - ifp->sfd = -1; - if (opensocket_d(ifp) < 0 || - opensocket_s(ifp) < 0) { - dq_remove(ifp); - found = 0; - break; - } - ns_info(ns_log_default, - "listening on [%s].%u (%s)", - inet_ntoa(ina), ntohs(li->port), - ifreq.ifr_name); - } - } - if (!found) - ns_debug(ns_log_default, 1, - "not listening on addr [%s] (%s)", - inet_ntoa(ina), ifreq.ifr_name); - - /* - * Add this interface's address to the list of local - * addresses if we haven't added it already. - */ - if (ip_match_address(local_addresses, ina) < 0) { - ime = new_ip_match_pattern(ina, 32); - add_to_ip_match_list(local_addresses, ime); - } - - /* - * Get interface flags. - */ - if (ioctl(s, SIOCGIFFLAGS, (char *)&ifreq) < 0) { - ns_notice(ns_log_default, "get interface flags: %s", - strerror(errno)); - continue; - } - - if ((ifreq.ifr_flags & IFF_POINTOPOINT)) { - /* - * The local network for a PPP link is just the - * two ends of the link, so for each endpoint we - * add a pattern that will only match the endpoint. - */ - if (ioctl(s, SIOCGIFDSTADDR, (char *)&ifreq) < 0) { - ns_notice(ns_log_default, "get dst addr: %s", - strerror(errno)); - continue; - } - - mask.s_addr = htonl(INADDR_BROADCAST); - - /* - * Our end. - * - * Only add it if we haven't seen it before. - */ - if (ip_match_network(local_networks, ina, mask) < 0) { - ime = new_ip_match_pattern(ina, 32); - add_to_ip_match_list(local_networks, ime); - } - - /* - * The other end. - */ - ina = ((struct sockaddr_in *) - &ifreq.ifr_addr)->sin_addr; - /* - * Only add it if we haven't seen it before. - */ - if (ip_match_network(local_networks, ina, mask) < 0) { - ime = new_ip_match_pattern(ina, 32); - add_to_ip_match_list(local_networks, ime); - } - } else { - /* - * Add this interface's network and netmask to the - * list of local networks. - */ - -#ifdef SIOCGIFNETMASK /* XXX */ - if (ioctl(s, SIOCGIFNETMASK, (char *)&ifreq) < 0) { - ns_notice(ns_log_default, "get netmask: %s", - strerror(errno)); - continue; - } - /* - * Use ina_get because the ifreq structure might not - * be aligned. - */ - mask_ptr = (u_char *) - &((struct sockaddr_in *)&ifreq.ifr_addr)->sin_addr; - mask = ina_get(mask_ptr); -#else - mask = net_mask(ina); -#endif - - ina.s_addr &= mask.s_addr; /* make network address */ - - /* - * Only add it if we haven't seen it before. - */ - if (ip_match_network(local_networks, ina, mask) < 0) { - ime = new_ip_match_mask(ina, mask); - add_to_ip_match_list(local_networks, ime); - } - } - } - close(s); - memput(buf, bufsiz); - - ns_debug(ns_log_default, 7, "local addresses:"); - dprint_ip_match_list(ns_log_default, local_addresses, 2, "", ""); - ns_debug(ns_log_default, 7, "local networks:"); - dprint_ip_match_list(ns_log_default, local_networks, 2, "", ""); - - /* - * now go through the iflist and delete anything that - * does not have the current generation number. this is - * how we catch interfaces that go away or change their - * addresses. note that 0.0.0.0 is the wildcard element - * and should never be deleted by this code. - */ - dq_remove_gen(my_generation); - - if (EMPTY(iflist)) - ns_warning(ns_log_default, "not listening on any interfaces"); -} - -/* opensocket_d(ifp) - * Open datagram socket bound to interface address. - * Returns: - * 0 on success. - * -1 on failure. - */ -static int -opensocket_d(interface *ifp) { - struct sockaddr_in nsa; - const int on = 1; - ISC_SOCKLEN_T m; - int n; - - memset(&nsa, 0, sizeof nsa); - nsa.sin_family = AF_INET; - nsa.sin_addr = ifp->addr; - nsa.sin_port = ifp->port; - - if ((ifp->dfd = ns_socket(AF_INET, SOCK_DGRAM, 0)) < 0) { - ns_error(ns_log_default, "socket(SOCK_DGRAM): %s", - strerror(errno)); - return (-1); - } - if (ifp->dfd > evHighestFD(ev)) { - ns_error(ns_log_default, "socket too high: %d", ifp->dfd); - close(ifp->dfd); - return (-1); - } -#ifdef USE_FIONBIO_IOCTL - if (ioctl(ifp->dfd, FIONBIO, (char *) &on) == -1) { - ns_info(ns_log_default, "ioctl(ifp->dfd, FIONBIO): %s", - strerror(errno)); - (void) close(ifp->dfd); - return (-1); - } -#else - if ((n = fcntl(ifp->dfd, F_GETFL, 0)) == -1) { - ns_info(ns_log_default, "fcntl(ifp->dfd, F_GETFL): %s", - strerror(errno)); - (void) close(ifp->dfd); - return (-1); - } - if (fcntl(ifp->dfd, F_SETFL, n|PORT_NONBLOCK) == -1) { - ns_info(ns_log_default, "fcntl(ifp->dfd, NONBLOCK): %s", - strerror(errno)); - (void) close(ifp->dfd); - return (-1); - } -#endif - if (fcntl(ifp->dfd, F_SETFD, 1) < 0) { - ns_error(ns_log_default, "F_SETFD: %s", strerror(errno)); - close(ifp->dfd); - return (-1); - } - ns_debug(ns_log_default, 1, "ifp->addr %s d_dfd %d", - sin_ntoa(nsa), ifp->dfd); - if (setsockopt(ifp->dfd, SOL_SOCKET, SO_REUSEADDR, - (const char *)&on, sizeof(on)) != 0) { - ns_notice(ns_log_default, "setsockopt(REUSEADDR): %s", - strerror(errno)); - /* XXX press on regardless, this is not too serious. */ - } -#ifdef SO_RCVBUF /* XXX */ - m = sizeof n; - if ((getsockopt(ifp->dfd, SOL_SOCKET, SO_RCVBUF, (char*)&n, &m) >= 0) - && (m == sizeof n) - && (n < drbufsize)) { - (void) setsockopt(ifp->dfd, SOL_SOCKET, SO_RCVBUF, - (const char *)&drbufsize, sizeof drbufsize); - } -#endif /* SO_RCVBUF */ -#ifndef CANNOT_SET_SNDBUF - if (setsockopt(ifp->dfd, SOL_SOCKET, SO_SNDBUF, - (const char*)&dsbufsize, sizeof dsbufsize) < 0) { - ns_info(ns_log_default, - "setsockopt(dfd=%d, SO_SNDBUF, %d): %s", - ifp->dfd, dsbufsize, strerror(errno)); - /* XXX press on regardless, this is not too serious. */ - } -#endif -#ifdef SO_BSDCOMPAT - if (setsockopt(ifp->dfd, SOL_SOCKET, SO_BSDCOMPAT, - (char*)&on, sizeof on) < 0) { - ns_info(ns_log_default, - "setsockopt(dfd=%d, SO_BSDCOMPAT): %s", - ifp->dfd, strerror(errno)); - } -#endif - if (bind(ifp->dfd, (struct sockaddr *)&nsa, sizeof nsa)) { - ns_error(ns_log_default, "bind(dfd=%d, %s): %s", - ifp->dfd, sin_ntoa(nsa), strerror(errno)); - return (-1); - } - if (evSelectFD(ev, ifp->dfd, EV_READ, datagram_read, ifp, - &ifp->evID_d) == -1) { - ns_error(ns_log_default, "evSelectFD(dfd=%d): %s", - ifp->dfd, strerror(errno)); - return (-1); - } - ifp->flags |= INTERFACE_FILE_VALID; - return (0); -} - -static int -drain_rcvbuf(evContext ctx, interface *ifp, int fd, int *mread, int *mstore) { - int drop = 0; - - drop = 0; - for (; *mread > 0; (*mread)--) { - union { - HEADER h; - u_char buf[EDNS_MESSAGE_SZ+1]; - } u; - struct sockaddr_in from; - ISC_SOCKLEN_T from_len = sizeof from; - savedg *dg; - int n; - - n = recvfrom(fd, (char *)u.buf, sizeof u.buf, 0, - (struct sockaddr *)&from, &from_len); - if (n <= 0) - break; /* Socket buffer assumed empty. */ - drop++; /* Pessimistic assumption. */ - if (n > EDNS_MESSAGE_SZ) - continue; /* Oversize message - EDNS0 needed. */ - if (from.sin_family != AF_INET) - continue; /* Not IPv4 - IPv6 needed. */ - if (u.h.opcode == ns_o_query && u.h.qr == 0) - continue; /* Query - what we're here to axe. */ - if (*mstore <= 0) - continue; /* Reached storage quota, ignore. */ - if ((dg = memget(sizeof *dg)) == NULL) - continue; /* No memory - probably fatal. */ - if ((dg->buf = memget(n)) == NULL) { - memput(dg, sizeof *dg); - continue; /* No memory - probably fatal. */ - } - dg->from = from; - dg->dfd = fd; - dg->ifp = ifp; - dg->gen = ifp->gen; - dg->buflen = n; - memcpy(dg->buf, u.buf, n); - if (evWaitFor(ctx, (void *)drain_all_rcvbuf, savedg_waitfunc, - dg, NULL) < 0) - { - memput(dg->buf, dg->buflen); - memput(dg, sizeof *dg); - continue; /* No memory - probably fatal. */ - } - drop--; /* Pessimism was inappropriate. */ - (*mstore)--; - } - return (drop); -} - -static int -drain_all_rcvbuf(evContext ctx) { - interface *ifp; - int mread = MAX_SYNCDRAIN; - int mstore = MAX_SYNCSTORE; - int drop = 0; - - for (ifp = HEAD(iflist); ifp != NULL; ifp = NEXT(ifp, link)) - if (ifp->dfd != -1) - drop += drain_rcvbuf(ctx, ifp, ifp->dfd, - &mread, &mstore); - if (mstore < MAX_SYNCSTORE) - INSIST_ERR(evDo(ctx, (void *)drain_all_rcvbuf) != -1); - return (drop); -} - -/* opensocket_s(ifp) - * Open stream (listener) socket bound to interface address. - * Returns: - * 0 on success. - * -1 on failure. - */ -static int -opensocket_s(interface *ifp) { - struct sockaddr_in nsa; - const int on = 1; - int n; - - memset(&nsa, 0, sizeof nsa); - nsa.sin_family = AF_INET; - nsa.sin_addr = ifp->addr; - nsa.sin_port = ifp->port; - - /* - * Open stream (listener) port. - */ - n = 0; - again: - if ((ifp->sfd = ns_socket(AF_INET, SOCK_STREAM, 0)) < 0) { - ns_error(ns_log_default, "socket(SOCK_STREAM): %s", - strerror(errno)); - return (-1); - } - if (ifp->sfd > evHighestFD(ev)) { - ns_error(ns_log_default, "socket too high: %d", ifp->sfd); - close(ifp->sfd); - return (-1); - } - if (fcntl(ifp->sfd, F_SETFD, 1) < 0) { - ns_error(ns_log_default, "F_SETFD: %s", strerror(errno)); - close(ifp->sfd); - return (-1); - } - if (setsockopt(ifp->sfd, SOL_SOCKET, SO_REUSEADDR, - (const char *)&on, sizeof on) != 0) { - ns_notice(ns_log_default, "setsockopt(REUSEADDR): %s", - strerror(errno)); - /* Consider that your first warning of trouble to come. */ - } - if (bind(ifp->sfd, (struct sockaddr *)&nsa, sizeof nsa) < 0) { - if (errno != EADDRINUSE || ++n > 4) { - if (errno == EADDRINUSE) - ns_error(ns_log_default, - "There may be a name server already running on %s", - sin_ntoa(nsa)); - else - ns_error(ns_log_default, - "bind(sfd=%d, %s): %s", ifp->sfd, - sin_ntoa(nsa), strerror(errno)); - return (-1); - } - - /* Retry opening the socket a few times */ - close(ifp->sfd); - ifp->sfd = -1; - sleep(30); - goto again; - } - if (evListen(ev, ifp->sfd, listenmax, stream_accept, ifp, &ifp->evID_s) - == -1) { - ns_error(ns_log_default, "evListen(sfd=%d): %s", - ifp->sfd, strerror(errno)); - return (-1); - } - ifp->flags |= INTERFACE_CONN_VALID; - return (0); -} - -/* opensocket_f() - * Open datagram socket bound to no particular interface; use for ns_forw - * and sysquery. - */ -void -opensocket_f() { - static struct sockaddr_in prev_qsrc; - static int been_here; - static interface *prev_ifp; - struct sockaddr_in nsa; - const int on = 1; - ISC_SOCKLEN_T n; - int need_close; - interface *ifp; - - need_close = 0; - if (been_here) { - if (prev_ifp != NULL) - prev_ifp->flags &= ~INTERFACE_FORWARDING; - else if (server_options->query_source.sin_port == htons(0) || - prev_qsrc.sin_addr.s_addr != - server_options->query_source.sin_addr.s_addr || - prev_qsrc.sin_port != - server_options->query_source.sin_port) - need_close = 1; - } else - ds = -1; - - been_here = 1; - INSIST(server_options != NULL); - - if (need_close) { - evDeselectFD(ev, ds_evID); - close(ds); - ds = -1; - } - - /* - * If we're already listening on the query_source address and port, - * we don't need to open another socket. We mark the interface, so - * we'll notice we're in trouble if it goes away. - */ - ifp = if_find(server_options->query_source.sin_addr, - server_options->query_source.sin_port, 0); - if (ifp != NULL) { - ifp->flags |= INTERFACE_FORWARDING; - prev_ifp = ifp; - ds = ifp->dfd; - ns_info(ns_log_default, "forwarding source address is %s", - sin_ntoa(server_options->query_source)); - return; - } - - /* - * If we're already using the correct query source, we're done. - */ - if (ds >= 0) - return; - - prev_qsrc = server_options->query_source; - prev_ifp = NULL; - - if ((ds = socket(AF_INET, SOCK_DGRAM, 0)) < 0) - ns_panic(ns_log_default, 1, "socket(SOCK_DGRAM): %s", - strerror(errno)); - if (ds > evHighestFD(ev)) - ns_panic(ns_log_default, 1, "socket too high: %d", ds); - if (fcntl(ds, F_SETFD, 1) < 0) - ns_panic(ns_log_default, 1, "F_SETFD: %s", strerror(errno)); - if (setsockopt(ds, SOL_SOCKET, SO_REUSEADDR, - (const char *)&on, sizeof on) != 0) { - ns_notice(ns_log_default, "setsockopt(REUSEADDR): %s", - strerror(errno)); - /* XXX press on regardless, this is not too serious. */ - } -#ifdef SO_BSDCOMPAT - if (setsockopt(ds, SOL_SOCKET, SO_BSDCOMPAT, - (char *)&on, sizeof on) != 0) { - ns_notice(ns_log_default, "setsockopt(BSDCOMPAT): %s", - strerror(errno)); - /* XXX press on regardless, this is not too serious. */ - } -#endif - if (bind(ds, (struct sockaddr *)&server_options->query_source, - sizeof server_options->query_source) < 0) - ns_panic(ns_log_default, 0, "opensocket_f: bind(%s): %s", - sin_ntoa(server_options->query_source), - strerror(errno)); - - n = sizeof nsa; - if (getsockname(ds, (struct sockaddr *)&nsa, &n) < 0) - ns_panic(ns_log_default, 1, "opensocket_f: getsockaddr: %s", - strerror(errno)); - - ns_debug(ns_log_default, 1, "fwd ds %d addr %s", ds, sin_ntoa(nsa)); - ns_info(ns_log_default, "Forwarding source address is %s", - sin_ntoa(nsa)); - - if (evSelectFD(ev, ds, EV_READ, datagram_read, NULL, &ds_evID) == -1) - ns_panic(ns_log_default, 1, "evSelectFD(fd %d): %s", - ds, strerror(errno)); - /* XXX: should probably use a different FileFunc that only accepts - * responses, since requests on this socket make no sense. - */ -} - -static void -setdebug(int new_debug) { -#ifdef DEBUG - int old_debug; - - if (!new_debug) - ns_debug(ns_log_default, 1, "Debug off"); - old_debug = debug; - debug = new_debug; - log_option(log_ctx, LOG_OPTION_DEBUG, debug); - log_option(log_ctx, LOG_OPTION_LEVEL, debug); - if (old_debug && !debug) - log_close_debug_channels(log_ctx); - evSetDebug(ev, debug, log_get_stream(eventlib_channel)); - if (debug) { - if (!old_debug) - open_special_channels(); - ns_debug(ns_log_default, 1, "Debug level %d", debug); - if (!old_debug) { - ns_debug(ns_log_default, 1, "Version = %s", Version); - ns_debug(ns_log_default, 1, "conffile = %s", conffile); - } - } -#endif -} - -/* -** Routines for managing stream queue -*/ - -static struct qstream * -sq_add() { - struct qstream *sqp; - - if (!(sqp = (struct qstream *)memget(sizeof *sqp))) { - ns_error(ns_log_default, "sq_add: memget: %s", - strerror(errno)); - return (NULL); - } - memset(sqp, 0, sizeof *sqp); - ns_debug(ns_log_default, 3, "sq_add(%#lx)", (u_long)sqp); - - sqp->flags = 0; - /* XXX should init other fields too? */ - sqp->s_next = streamq; - streamq = sqp; - return (sqp); -} - -/* sq_remove(qp) - * remove stream queue structure `qp'. - * no current queries may refer to this stream when it is removed. - * side effects: - * memory is deallocated. sockets are closed. lists are relinked. - */ -void -sq_remove(struct qstream *qp) { - struct qstream *qsp; - - ns_debug(ns_log_default, 2, "sq_remove(%#lx, %d) rfcnt=%d", - (u_long)qp, qp->s_rfd, qp->s_refcnt); - - if (qp->s_wbuf != NULL) { - memput(qp->s_wbuf, qp->s_wbuf_end - qp->s_wbuf); - qp->s_wbuf_send = qp->s_wbuf_free = NULL; - qp->s_wbuf_end = qp->s_wbuf = NULL; - } - if (qp->flags & STREAM_MALLOC) - memput(qp->s_buf, qp->s_bufsize); - if (qp->flags & STREAM_READ_EV) - INSIST_ERR(evCancelRW(ev, qp->evID_r) != -1); - if (qp->flags & STREAM_WRITE_EV) - INSIST_ERR(evDeselectFD(ev, qp->evID_w) != -1); - if (qp->flags & STREAM_CONNECT_EV) - INSIST_ERR(evCancelConn(ev, qp->evID_c) != -1); - if (qp->flags & STREAM_AXFR || qp->flags & STREAM_AXFRIXFR) - ns_freexfr(qp); - (void) close(qp->s_rfd); - if (qp == streamq) - streamq = qp->s_next; - else { - for (qsp = streamq; - qsp && (qsp->s_next != qp); - qsp = qsp->s_next) - (void)NULL; - if (qsp) - qsp->s_next = qp->s_next; - } - memput(qp, sizeof *qp); -} - -/* void - * sq_flush(allbut) - * call sq_remove() on all open streams except `allbut' - * side effects: - * global list `streamq' modified - * idiocy: - * is N^2 due to the scan inside of sq_remove() - */ -void -sq_flush(struct qstream *allbut) { - struct qstream *sp, *spnext; - - for (sp = streamq; sp != NULL; sp = spnext) { - spnext = sp->s_next; - if (sp != allbut) - sq_remove(sp); - } -} - -/* int - * sq_openw(qs, buflen) - * add a write buffer to a stream - * return: - * 0 = success - * -1 = failure (check errno) - */ -int -sq_openw(struct qstream *qs, int buflen) { -#ifdef DO_SO_LINGER /* XXX */ - static const struct linger ll = { 1, 120 }; -#endif - - INSIST(qs->s_wbuf == NULL); - qs->s_wbuf = (u_char *)memget(buflen); - if (qs->s_wbuf == NULL) - return (-1); - qs->s_wbuf_send = qs->s_wbuf; - qs->s_wbuf_free = qs->s_wbuf; - qs->s_wbuf_end = qs->s_wbuf + buflen; -#ifdef DO_SO_LINGER /* XXX */ - /* kernels that map pages for IO end up failing if the pipe is full - * at exit and we take away the final buffer. this is really a kernel - * bug but it's harmless on systems that are not broken, so... - */ - setsockopt(qs->s_rfd, SOL_SOCKET, SO_LINGER, (char *)&ll, sizeof ll); -#endif - return (0); -} - -/* static void - * sq_dowrite(qs) - * try to submit data to the system, remove it from our queue. - */ -static int -sq_dowrite(struct qstream *qs) { - if (qs->s_wbuf_free > qs->s_wbuf_send) { - int n = write(qs->s_rfd, qs->s_wbuf_send, - qs->s_wbuf_free - qs->s_wbuf_send); - INSIST(qs->s_wbuf != NULL); - if (n < 0) { - if (errno != EINTR && errno != EAGAIN -#if (EWOULDBLOCK != EAGAIN) - && errno != EWOULDBLOCK -#endif - ) - return (-1); - return (0); - } - qs->s_wbuf_send += n; - if (qs->s_wbuf_free > qs->s_wbuf_send) { - /* XXX: need some kind of delay here during which the - * socket will be deselected so we don't spin. - */ - n = qs->s_wbuf_free - qs->s_wbuf_send; - memmove(qs->s_wbuf, qs->s_wbuf_send, n); - qs->s_wbuf_send = qs->s_wbuf; - qs->s_wbuf_free = qs->s_wbuf + n; - } - } - if (qs->s_wbuf_free == qs->s_wbuf_send) - qs->s_wbuf_free = qs->s_wbuf_send = qs->s_wbuf; - return (0); -} - -/* void - * sq_flushw(qs) - * called when the socket becomes writable and we want to flush our - * buffers and the system's socket buffers. use as a closure with - * sq_writeh(). - */ -void -sq_flushw(struct qstream *qs) { - if (qs->s_wbuf_free == qs->s_wbuf_send) { - sq_writeh(qs, NULL); - sq_done(qs); - } -} - -/* static void - * sq_writable(ctx, uap, fd, evmask) - * glue between eventlib closures and qstream closures - */ -static void -sq_writable(evContext ctx, void *uap, int fd, int evmask) { - struct qstream *qs = uap; - - UNUSED(ctx); - - INSIST(evmask & EV_WRITE); - INSIST(fd == qs->s_rfd); - if (sq_dowrite(qs) < 0) { - sq_remove(qs); - return; - } - if (qs->s_wbuf_closure - && qs->s_wbuf_end - qs->s_wbuf_free >= HFIXEDSZ+2) /* XXX guess */ - (*qs->s_wbuf_closure)(qs); - if (sq_dowrite(qs) < 0) { - sq_remove(qs); - return; - } -} - -/* int - * sq_writeh(qs, closure) - * register a closure to be called when a stream becomes writable - * return: - * 0 = success - * -1 = failure (check errno) - */ -int -sq_writeh(struct qstream *qs, sq_closure c) { - if (c) { - if (!qs->s_wbuf_closure) { - if (evSelectFD(ev, qs->s_rfd, EV_WRITE, - sq_writable, qs, &qs->evID_w) < 0) { - return (-1); - } - qs->flags |= STREAM_WRITE_EV; - } - } else { - (void) evDeselectFD(ev, qs->evID_w); - qs->flags &= ~STREAM_WRITE_EV; - } - qs->s_wbuf_closure = c; - return (0); -} - -/* int - * sq_write(qs, buf, len) - * queue a message onto the stream, prepended by a two byte length field - * return: - * 0 = success - * -1 = failure (check errno; E2BIG means we can't handle this right now) - */ -int -sq_write(struct qstream *qs, const u_char *buf, int len) { - INSIST(qs->s_wbuf != NULL); - if (NS_INT16SZ + len > qs->s_wbuf_end - qs->s_wbuf_free) { - if (sq_dowrite(qs) < 0) - return (-1); - if (NS_INT16SZ + len > qs->s_wbuf_end - qs->s_wbuf_free) { - errno = E2BIG; - return (-1); - } - } - ns_put16(len, qs->s_wbuf_free); - qs->s_wbuf_free += NS_INT16SZ; - memcpy(qs->s_wbuf_free, buf, len); - qs->s_wbuf_free += len; - return (0); -} - -/* - * Initiate query on stream; - * mark as referenced and stop selecting for input. - */ -static void -sq_query(struct qstream *sp) { - sp->s_refcnt++; -} - -/* - * Note that the current request on a stream has completed, - * and that we should continue looking for requests on the stream. - */ -void -sq_done(struct qstream *sp) { - struct iovec iov; - - if (sp->s_wbuf != NULL) { - INSIST(sp->s_wbuf_send == sp->s_wbuf_free); - memput(sp->s_wbuf, sp->s_wbuf_end - sp->s_wbuf); - sp->s_wbuf_send = sp->s_wbuf_free = NULL; - sp->s_wbuf_end = sp->s_wbuf = NULL; - } - if (sp->flags & STREAM_AXFR || sp->flags & STREAM_AXFRIXFR) - ns_freexfr(sp); - sp->s_refcnt = 0; - sp->s_time = tt.tv_sec; - if (sp->flags & STREAM_DONE_CLOSE) { - /* XXX */ - sq_remove(sp); - return; - } - iov = evConsIovec(sp->s_temp, INT16SZ); - if (evRead(ev, sp->s_rfd, &iov, 1, stream_getlen, sp, &sp->evID_r) == - -1) { - ns_error(ns_log_default, "evRead(fd %d): %s", - sp->s_rfd, strerror(errno)); - sq_remove(sp); - return; - } - sp->flags |= STREAM_READ_EV; -} - -/* void - * dq_remove_gen(gen) - * close/deallocate all the udp sockets (except 0.0.0.0) which are - * not from the current generation. - * side effects: - * global list `iflist' is modified. - */ -void -dq_remove_gen(time_t gen) { - interface *this, *next; - - for (this = HEAD(iflist); this != NULL; this = next) { - next = NEXT(this, link); - if (this->gen != gen && ina_hlong(this->addr) != INADDR_ANY) - dq_remove(this); - } -} - -/* void - * dq_remove_all() - * close/deallocate all interfaces. - * side effects: - * global list `iflist' is modified. - */ -void -dq_remove_all() { - interface *this, *next; - - for (this = HEAD(iflist); this != NULL; this = next) { - next = NEXT(this, link); - /* - * Clear the forwarding flag so we don't panic the server. - */ - this->flags &= ~INTERFACE_FORWARDING; - dq_remove(this); - } -} - -/* void - * dq_remove(interface *this) - * close/deallocate an interface's sockets. called on errors - * or if the interface disappears. - * side effects: - * global list `iflist' is modified. - */ -static void -dq_remove(interface *this) { - ns_notice(ns_log_default, "deleting interface [%s].%u", - inet_ntoa(this->addr), ntohs(this->port)); - - if ((this->flags & INTERFACE_FORWARDING) != 0) - ns_panic(ns_log_default, 0, - "forwarding interface [%s].%u gone", - inet_ntoa(this->addr), - ntohs(this->port)); - - /* Deallocate fields. */ - if ((this->flags & INTERFACE_FILE_VALID) != 0) - (void) evDeselectFD(ev, this->evID_d); - if (this->dfd >= 0) - (void) close(this->dfd); - if ((this->flags & INTERFACE_CONN_VALID) != 0) - (void) evCancelConn(ev, this->evID_s); - if (this->sfd >= 0) - (void) close(this->sfd); - - UNLINK(iflist, this, link); - memput(this, sizeof *this); -} - -/* struct in_addr - * net_mask(ina) - * makes a classful assumption in a classless world, and returns it. - */ -struct in_addr -net_mask(struct in_addr ina) { - u_long hl = ina_hlong(ina); - struct in_addr ret; - - if (IN_CLASSA(hl)) - hl = IN_CLASSA_NET; - else if (IN_CLASSB(hl)) - hl = IN_CLASSB_NET; - else if (IN_CLASSC(hl)) - hl = IN_CLASSC_NET; - else - hl = INADDR_BROADCAST; - ina_ulong(ret) = htonl(hl); - return (ret); -} - -/* aIsUs(addr) - * scan our list of interface addresses for "addr". - * returns: - * 0: address isn't one of our interfaces - * >0: address is one of our interfaces, or INADDR_ANY - */ -int -aIsUs(struct in_addr addr) { - - if (ina_hlong(addr) == INADDR_ANY || if_find(addr, 0, 1) != NULL) - return (1); - return (0); -} - -/* interface * - * if_find(addr, port, anyport) - * scan our list of interface addresses for "addr" and port. - * returns: - * pointer to interface with this address/port, or NULL if there isn't - * one. - */ -static interface * -if_find(struct in_addr addr, u_int16_t port, int anyport) { - interface *ifp; - - for (ifp = HEAD(iflist); ifp != NULL; ifp = NEXT(ifp, link)) - if (ina_equal(addr, ifp->addr)) - if (anyport || ifp->port == port) - break; - return (ifp); -} - -/* - * These are here in case we ever want to get more clever, like perhaps - * using a bitmap to keep track of outstanding queries and a random - * allocation scheme to make it a little harder to predict them. Note - * that the resolver will need the same protection so the cleverness - * should be put there rather than here; this is just an interface layer. - * - * This is true but ... most clients only send out a few queries, they - * use varying port numbers, and the queries aren't sent to the outside - * world which we know is full of spoofers. Doing a good job of randomizing - * ids may also be to expensive for each client. Queries forwarded by the - * server always come from the same port (unless you let 8.x pick a port - * and restart it periodically - maybe it should open several and use - * them randomly). The server sends out lots more queries, and if it's - * cache is corrupted, it has the potential to affect more clients. - * NOTE: - randomizing the ID or source port doesn't help a bit if the - * queries can be sniffed. - * -- DL - */ - -/* - * Allow the user to pick one of two ID randomization algorithms. - * - * The first algorithm is an adaptation of the sequence shuffling - * algorithm discovered by Carter Bays and S. D. Durham [ACM Trans. Math. - * Software 2 (1976), 59-64], as documented as Algorithm B in Chapter - * 3.2.2 in Volume 2 of Knuth's "The Art of Computer Programming". We use - * a randomly selected linear congruential random number generator with a - * modulus of 2^16, whose increment is a randomly picked odd number, and - * whose multiplier is picked from a set which meets the following - * criteria: - * Is of the form 8*n+5, which ensures "high potency" according to - * principle iii in the summary chapter 3.6. This form also has a - * gcd(a-1,m) of 4 which is good according to principle iv. - * - * Is between 0.01 and 0.99 times the modulus as specified by - * principle iv. - * - * Passes the spectral test "with flying colors" (ut >= 1) in - * dimensions 2 through 6 as calculated by Algorithm S in Chapter - * 3.3.4 and the ratings calculated by formula 35 in section E. - * - * Of the multipliers that pass this test, pick the set that is - * best according to the theoretical bounds of the serial - * correlation test. This was calculated using a simplified - * version of Knuth's Theorem K in Chapter 3.3.3. - * - * These criteria may not be important for this use, but we might as well - * pick from the best generators since there are so many possible ones and - * we don't have that many random bits to do the picking. - * - * We use a modulus of 2^16 instead of something bigger so that we will - * tend to cycle through all the possible IDs before repeating any, - * however the shuffling will perturb this somewhat. Theoretically there - * is no minimimum interval between two uses of the same ID, but in - * practice it seems to be >64000. - * - * Our adaptatation of Algorithm B mixes the hash state which has - * captured various random events into the shuffler to perturb the - * sequence. - * - * One disadvantage of this algorithm is that if the generator parameters - * were to be guessed, it would be possible to mount a limited brute force - * attack on the ID space since the IDs are only shuffled within a limited - * range. - * - * The second algorithm uses the same random number generator to populate - * a pool of 65536 IDs. The hash state is used to pick an ID from a window - * of 4096 IDs in this pool, then the chosen ID is swapped with the ID - * at the beginning of the window and the window position is advanced. - * This means that the interval between uses of the ID will be no less - * than 65536-4096. The ID sequence in the pool will become more random - * over time. - * - * For both algorithms, two more linear congruential random number generators - * are selected. The ID from the first part of algorithm is used to seed - * the first of these generators, and its output is used to seed the second. - * The strategy is use these generators as 1 to 1 hashes to obfuscate the - * properties of the generator used in the first part of either algorithm. - * - * The first algorithm may be suitable for use in a client resolver since - * its memory requirements are fairly low and it's pretty random out of - * the box. It is somewhat succeptible to a limited brute force attack, - * so the second algorithm is probably preferable for a longer running - * program that issues a large number of queries and has time to randomize - * the pool. - */ - -#define NSID_SHUFFLE_TABLE_SIZE 100 /* Suggested by Knuth */ -/* - * Pick one of the next 4096 IDs in the pool. - * There is a tradeoff here between randomness and how often and ID is reused. - */ -#define NSID_LOOKAHEAD 4096 /* Must be a power of 2 */ -#define NSID_SHUFFLE_ONLY 1 /* algorithm 1 */ -#define NSID_USE_POOL 2 /* algorithm 2 */ - -/* - * Keep a running hash of various bits of data that we'll use to - * stir the ID pool or perturb the ID generator - */ -void -nsid_hash(u_char *data, size_t len) { - /* - * Hash function similar to the one we use for hashing names. - * We don't fold case or toss the upper bit here, though. - * This hash doesn't do much interesting when fed binary zeros, - * so there may be a better hash function. - * This function doesn't need to be very strong since we're - * only using it to stir the pool, but it should be reasonably - * fast. - */ - while (len-- > 0) { - nsid_hash_state = HASHROTATE(nsid_hash_state); - nsid_hash_state += *data++; - } -} - -/* - * Table of good linear congruential multipliers for modulus 2^16 - * in order of increasing serial correlation bounds (so trim from - * the end). - */ -static const u_int16_t nsid_multiplier_table[] = { - 17565, 25013, 11733, 19877, 23989, 23997, 24997, 25421, - 26781, 27413, 35901, 35917, 35973, 36229, 38317, 38437, - 39941, 40493, 41853, 46317, 50581, 51429, 53453, 53805, - 11317, 11789, 12045, 12413, 14277, 14821, 14917, 18989, - 19821, 23005, 23533, 23573, 23693, 27549, 27709, 28461, - 29365, 35605, 37693, 37757, 38309, 41285, 45261, 47061, - 47269, 48133, 48597, 50277, 50717, 50757, 50805, 51341, - 51413, 51581, 51597, 53445, 11493, 14229, 20365, 20653, - 23485, 25541, 27429, 29421, 30173, 35445, 35653, 36789, - 36797, 37109, 37157, 37669, 38661, 39773, 40397, 41837, - 41877, 45293, 47277, 47845, 49853, 51085, 51349, 54085, - 56933, 8877, 8973, 9885, 11365, 11813, 13581, 13589, - 13613, 14109, 14317, 15765, 15789, 16925, 17069, 17205, - 17621, 17941, 19077, 19381, 20245, 22845, 23733, 24869, - 25453, 27213, 28381, 28965, 29245, 29997, 30733, 30901, - 34877, 35485, 35613, 36133, 36661, 36917, 38597, 40285, - 40693, 41413, 41541, 41637, 42053, 42349, 45245, 45469, - 46493, 48205, 48613, 50861, 51861, 52877, 53933, 54397, - 55669, 56453, 56965, 58021, 7757, 7781, 8333, 9661, - 12229, 14373, 14453, 17549, 18141, 19085, 20773, 23701, - 24205, 24333, 25261, 25317, 27181, 30117, 30477, 34757, - 34885, 35565, 35885, 36541, 37957, 39733, 39813, 41157, - 41893, 42317, 46621, 48117, 48181, 49525, 55261, 55389, - 56845, 7045, 7749, 7965, 8469, 9133, 9549, 9789, - 10173, 11181, 11285, 12253, 13453, 13533, 13757, 14477, - 15053, 16901, 17213, 17269, 17525, 17629, 18605, 19013, - 19829, 19933, 20069, 20093, 23261, 23333, 24949, 25309, - 27613, 28453, 28709, 29301, 29541, 34165, 34413, 37301, - 37773, 38045, 38405, 41077, 41781, 41925, 42717, 44437, - 44525, 44613, 45933, 45941, 47077, 50077, 50893, 52117, - 5293, 55069, 55989, 58125, 59205, 6869, 14685, 15453, - 16821, 17045, 17613, 18437, 21029, 22773, 22909, 25445, - 25757, 26541, 30709, 30909, 31093, 31149, 37069, 37725, - 37925, 38949, 39637, 39701, 40765, 40861, 42965, 44813, - 45077, 45733, 47045, 50093, 52861, 52957, 54181, 56325, - 56365, 56381, 56877, 57013, 5741, 58101, 58669, 8613, - 10045, 10261, 10653, 10733, 11461, 12261, 14069, 15877, - 17757, 21165, 23885, 24701, 26429, 26645, 27925, 28765, - 29197, 30189, 31293, 39781, 39909, 40365, 41229, 41453, - 41653, 42165, 42365, 47421, 48029, 48085, 52773, 5573, - 57037, 57637, 58341, 58357, 58901, 6357, 7789, 9093, - 10125, 10709, 10765, 11957, 12469, 13437, 13509, 14773, - 15437, 15773, 17813, 18829, 19565, 20237, 23461, 23685, - 23725, 23941, 24877, 25461, 26405, 29509, 30285, 35181, - 37229, 37893, 38565, 40293, 44189, 44581, 45701, 47381, - 47589, 48557, 4941, 51069, 5165, 52797, 53149, 5341, - 56301, 56765, 58581, 59493, 59677, 6085, 6349, 8293, - 8501, 8517, 11597, 11709, 12589, 12693, 13517, 14909, - 17397, 18085, 21101, 21269, 22717, 25237, 25661, 29189, - 30101, 31397, 33933, 34213, 34661, 35533, 36493, 37309, - 40037, 4189, 42909, 44309, 44357, 44389, 4541, 45461, - 46445, 48237, 54149, 55301, 55853, 56621, 56717, 56901, - 5813, 58437, 12493, 15365, 15989, 17829, 18229, 19341, - 21013, 21357, 22925, 24885, 26053, 27581, 28221, 28485, - 30605, 30613, 30789, 35437, 36285, 37189, 3941, 41797, - 4269, 42901, 43293, 44645, 45221, 46893, 4893, 50301, - 50325, 5189, 52109, 53517, 54053, 54485, 5525, 55949, - 56973, 59069, 59421, 60733, 61253, 6421, 6701, 6709, - 7101, 8669, 15797, 19221, 19837, 20133, 20957, 21293, - 21461, 22461, 29085, 29861, 30869, 34973, 36469, 37565, - 38125, 38829, 39469, 40061, 40117, 44093, 47429, 48341, - 50597, 51757, 5541, 57629, 58405, 59621, 59693, 59701, - 61837, 7061, 10421, 11949, 15405, 20861, 25397, 25509, - 25893, 26037, 28629, 28869, 29605, 30213, 34205, 35637, - 36365, 37285, 3773, 39117, 4021, 41061, 42653, 44509, - 4461, 44829, 4725, 5125, 52269, 56469, 59085, 5917, - 60973, 8349, 17725, 18637, 19773, 20293, 21453, 22533, - 24285, 26333, 26997, 31501, 34541, 34805, 37509, 38477, - 41333, 44125, 46285, 46997, 47637, 48173, 4925, 50253, - 50381, 50917, 51205, 51325, 52165, 52229, 5253, 5269, - 53509, 56253, 56341, 5821, 58373, 60301, 61653, 61973, - 62373, 8397, 11981, 14341, 14509, 15077, 22261, 22429, - 24261, 28165, 28685, 30661, 34021, 34445, 39149, 3917, - 43013, 43317, 44053, 44101, 4533, 49541, 49981, 5277, - 54477, 56357, 57261, 57765, 58573, 59061, 60197, 61197, - 62189, 7725, 8477, 9565, 10229, 11437, 14613, 14709, - 16813, 20029, 20677, 31445, 3165, 31957, 3229, 33541, - 36645, 3805, 38973, 3965, 4029, 44293, 44557, 46245, - 48917, 4909, 51749, 53709, 55733, 56445, 5925, 6093, - 61053, 62637, 8661, 9109, 10821, 11389, 13813, 14325, - 15501, 16149, 18845, 22669, 26437, 29869, 31837, 33709, - 33973, 34173, 3677, 3877, 3981, 39885, 42117, 4421, - 44221, 44245, 44693, 46157, 47309, 5005, 51461, 52037, - 55333, 55693, 56277, 58949, 6205, 62141, 62469, 6293, - 10101, 12509, 14029, 17997, 20469, 21149, 25221, 27109, - 2773, 2877, 29405, 31493, 31645, 4077, 42005, 42077, - 42469, 42501, 44013, 48653, 49349, 4997, 50101, 55405, - 56957, 58037, 59429, 60749, 61797, 62381, 62837, 6605, - 10541, 23981, 24533, 2701, 27333, 27341, 31197, 33805, - 3621, 37381, 3749, 3829, 38533, 42613, 44381, 45901, - 48517, 51269, 57725, 59461, 60045, 62029, 13805, 14013, - 15461, 16069, 16157, 18573, 2309, 23501, 28645, 3077, - 31541, 36357, 36877, 3789, 39429, 39805, 47685, 47949, - 49413, 5485, 56757, 57549, 57805, 58317, 59549, 62213, - 62613, 62853, 62933, 8909, 12941, 16677, 20333, 21541, - 24429, 26077, 26421, 2885, 31269, 33381, 3661, 40925, - 42925, 45173, 4525, 4709, 53133, 55941, 57413, 57797, - 62125, 62237, 62733, 6773, 12317, 13197, 16533, 16933, - 18245, 2213, 2477, 29757, 33293, 35517, 40133, 40749, - 4661, 49941, 62757, 7853, 8149, 8573, 11029, 13421, - 21549, 22709, 22725, 24629, 2469, 26125, 2669, 34253, - 36709, 41013, 45597, 46637, 52285, 52333, 54685, 59013, - 60997, 61189, 61981, 62605, 62821, 7077, 7525, 8781, - 10861, 15277, 2205, 22077, 28517, 28949, 32109, 33493, - 3685, 39197, 39869, 42621, 44997, 48565, 5221, 57381, - 61749, 62317, 63245, 63381, 23149, 2549, 28661, 31653, - 33885, 36341, 37053, 39517, 42805, 45853, 48997, 59349, - 60053, 62509, 63069, 6525, 1893, 20181, 2365, 24893, - 27397, 31357, 32277, 33357, 34437, 36677, 37661, 43469, - 43917, 50997, 53869, 5653, 13221, 16741, 17893, 2157, - 28653, 31789, 35301, 35821, 61613, 62245, 12405, 14517, - 17453, 18421, 3149, 3205, 40341, 4109, 43941, 46869, - 48837, 50621, 57405, 60509, 62877, 8157, 12933, 12957, - 16501, 19533, 3461, 36829, 52357, 58189, 58293, 63053, - 17109, 1933, 32157, 37701, 59005, 61621, 13029, 15085, - 16493, 32317, 35093, 5061, 51557, 62221, 20765, 24613, - 2629, 30861, 33197, 33749, 35365, 37933, 40317, 48045, - 56229, 61157, 63797, 7917, 17965, 1917, 1973, 20301, - 2253, 33157, 58629, 59861, 61085, 63909, 8141, 9221, - 14757, 1581, 21637, 26557, 33869, 34285, 35733, 40933, - 42517, 43501, 53653, 61885, 63805, 7141, 21653, 54973, - 31189, 60061, 60341, 63357, 16045, 2053, 26069, 33997, - 43901, 54565, 63837, 8949, 17909, 18693, 32349, 33125, - 37293, 48821, 49053, 51309, 64037, 7117, 1445, 20405, - 23085, 26269, 26293, 27349, 32381, 33141, 34525, 36461, - 37581, 43525, 4357, 43877, 5069, 55197, 63965, 9845, - 12093, 2197, 2229, 32165, 33469, 40981, 42397, 8749, - 10853, 1453, 18069, 21693, 30573, 36261, 37421, 42533 -}; -#define NSID_MULT_TABLE_SIZE \ - ((sizeof nsid_multiplier_table)/(sizeof nsid_multiplier_table[0])) - -void -nsid_init(void) { - struct timeval now; - pid_t mypid; - u_int16_t a1ndx, a2ndx, a3ndx, c1ndx, c2ndx, c3ndx; - int i; - - if (nsid_algorithm != 0) - return; - - gettimeofday(&now, NULL); - mypid = getpid(); - - /* Initialize the state */ - nsid_hash_state = 0; - nsid_hash((u_char *)&now, sizeof now); - nsid_hash((u_char *)&mypid, sizeof mypid); - - /* - * Select our random number generators and initial seed. - * We could really use more random bits at this point, - * but we'll try to make a silk purse out of a sows ear ... - */ - /* generator 1 */ - a1ndx = ((u_long) NSID_MULT_TABLE_SIZE * - (nsid_hash_state & 0xFFFF)) >> 16; - nsid_a1 = nsid_multiplier_table[a1ndx]; - c1ndx = (nsid_hash_state >> 9) & 0x7FFF; - nsid_c1 = 2*c1ndx + 1; - /* generator 2, distinct from 1 */ - a2ndx = ((u_long) (NSID_MULT_TABLE_SIZE - 1) * - ((nsid_hash_state >> 10) & 0xFFFF)) >> 16; - if (a2ndx >= a1ndx) - a2ndx++; - nsid_a2 = nsid_multiplier_table[a2ndx]; - c2ndx = nsid_hash_state % 32767; - if (c2ndx >= c1ndx) - c2ndx++; - nsid_c2 = 2*c2ndx + 1; - /* generator 3, distinct from 1 and 2 */ - a3ndx = ((u_long) (NSID_MULT_TABLE_SIZE - 2) * - ((nsid_hash_state >> 20) & 0xFFFF)) >> 16; - if (a3ndx >= a1ndx || a3ndx >= a2ndx) - a3ndx++; - if (a3ndx >= a1ndx && a3ndx >= a2ndx) - a3ndx++; - nsid_a3 = nsid_multiplier_table[a3ndx]; - c3ndx = nsid_hash_state % 32766; - if (c3ndx >= c1ndx || c3ndx >= c2ndx) - c3ndx++; - if (c3ndx >= c1ndx && c3ndx >= c2ndx) - c3ndx++; - nsid_c3 = 2*c3ndx + 1; - - nsid_state = ((nsid_hash_state >> 16) ^ (nsid_hash_state)) & 0xFFFF; - - /* Do the algorithm specific initialization */ - INSIST(server_options != NULL); - if (NS_OPTION_P(OPTION_USE_ID_POOL) == 0) { - /* Algorithm 1 */ - nsid_algorithm = NSID_SHUFFLE_ONLY; - nsid_vtable = memget(NSID_SHUFFLE_TABLE_SIZE * - (sizeof(u_int16_t)) ); - if (!nsid_vtable) - ns_panic(ns_log_default, 1, "memget(nsid_vtable)"); - for (i = 0; i < NSID_SHUFFLE_TABLE_SIZE; i++) { - nsid_vtable[i] = nsid_state; - nsid_state = (((u_long) nsid_a1 * nsid_state) + nsid_c1) - & 0xFFFF; - } - nsid_state2 = nsid_state; - } else { - /* Algorithm 2 */ - nsid_algorithm = NSID_USE_POOL; - nsid_pool = memget(0x10000 * (sizeof(u_int16_t))); - if (!nsid_pool) - ns_panic(ns_log_default, 1, "memget(nsid_pool)"); - for (i = 0; ; i++) { - nsid_pool[i] = nsid_state; - nsid_state = (((u_long) nsid_a1 * nsid_state) + nsid_c1) & 0xFFFF; - if (i == 0xFFFF) - break; - } - } -} - -#define NSID_RANGE_MASK (NSID_LOOKAHEAD - 1) - -#define NSID_POOL_MASK 0xFFFF /* used to wrap the pool index */ - -u_int16_t -nsid_next() { - u_int16_t id, compressed_hash; - - compressed_hash = ((nsid_hash_state >> 16) ^ (nsid_hash_state)) & - 0xFFFF; - if (nsid_algorithm == NSID_SHUFFLE_ONLY) { - u_int16_t j; - - /* - * This is the original Algorithm B - * j = ((u_long) NSID_SHUFFLE_TABLE_SIZE * nsid_state2) - * >> 16; - * - * We'll perturb it with some random stuff ... - */ - j = ((u_long) NSID_SHUFFLE_TABLE_SIZE * - (nsid_state2 ^ compressed_hash)) >> 16; - nsid_state2 = id = nsid_vtable[j]; - nsid_state = (((u_long) nsid_a1 * nsid_state) + nsid_c1) & - 0xFFFF; - nsid_vtable[j] = nsid_state; - } else if (nsid_algorithm == NSID_USE_POOL) { - u_int16_t pick; - - pick = compressed_hash & NSID_RANGE_MASK; - id = nsid_pool[(nsid_state + pick) & NSID_POOL_MASK]; - if (pick != 0) { - /* Swap two IDs to stir the pool */ - nsid_pool[(nsid_state + pick) & NSID_POOL_MASK] = - nsid_pool[nsid_state]; - nsid_pool[nsid_state] = id; - } - - /* increment the base pointer into the pool */ - if (nsid_state == 65535) - nsid_state = 0; - else - nsid_state++; - } else { - id = 0; /* silence compiler */ - ns_panic(ns_log_default, 1, "Unknown ID algorithm"); - } - - /* Now lets obfuscate ... */ - id = (((u_long) nsid_a2 * id) + nsid_c2) & 0xFFFF; - id = (((u_long) nsid_a3 * id) + nsid_c3) & 0xFFFF; - - return (id); -} - -/* Note: this function CAN'T deallocate the saved_argv[]. */ -static void -deallocate_everything(void) { - FILE *f; - - f = write_open(server_options->memstats_filename); - - ns_freestats(); - qflush(); - sq_flush(NULL); - free_addinfo(); - ns_shutdown(); - dq_remove_all(); - db_lame_destroy(); - if (local_addresses != NULL) - free_ip_match_list(local_addresses); - if (local_networks != NULL) - free_ip_match_list(local_networks); - destroyservicelist(); - destroyprotolist(); - shutdown_logging(); - evDestroy(ev); - if (conffile != NULL) - freestr(conffile); - conffile = NULL; - if (debugfile != NULL) - freestr(debugfile); - debugfile = NULL; - if (user_name != NULL) - freestr(user_name); - user_name = NULL; - if (group_name != NULL) - freestr(group_name); - group_name = NULL; - if (chroot_dir != NULL) - freestr(chroot_dir); - chroot_dir = NULL; - if (working_dir != NULL) - freestr(working_dir); - working_dir = NULL; - if (nsid_pool != NULL) - memput(nsid_pool, 0x10000 * (sizeof(u_int16_t))); - nsid_pool = NULL; - if (nsid_vtable != NULL) - memput(nsid_vtable, NSID_SHUFFLE_TABLE_SIZE * - (sizeof(u_int16_t))); - nsid_vtable = NULL; - irs_destroy(); - if (f != NULL) { - memstats(f); - (void)fclose(f); - } - if (memactive()) - abort(); -} - -static void -ns_restart(void) { - needs_restart = 1; - needs_exit = 1; -} - -static void -use_desired_debug(void) { -#ifdef DEBUG - sigset_t set; - - /* Protect against race conditions by blocking debugging signals. */ - - if (sigemptyset(&set) < 0) { - ns_error(ns_log_os, - "sigemptyset failed in use_desired_debug: %s", - strerror(errno)); - return; - } - if (sigaddset(&set, SIGUSR1) < 0) { - ns_error(ns_log_os, - "sigaddset SIGUSR1 failed in use_desired_debug: %s", - strerror(errno)); - return; - } - if (sigaddset(&set, SIGUSR2) < 0) { - ns_error(ns_log_os, - "sigaddset SIGUSR2 failed in use_desired_debug: %s", - strerror(errno)); - return; - } - if (sigprocmask(SIG_BLOCK, &set, NULL) < 0) { - ns_error(ns_log_os, - "sigprocmask to block USR1 and USR2 failed: %s", - strerror(errno)); - return; - } - setdebug(desired_debug); - if (sigprocmask(SIG_UNBLOCK, &set, NULL) < 0) - ns_error(ns_log_os, - "sigprocmask to unblock USR1 and USR2 failed: %s", - strerror(errno)); -#endif -} - -void -toggle_qrylog(void) { - qrylog = !qrylog; - ns_notice(ns_log_default, "query log %s\n", qrylog ?"on" :"off"); -} - -static void -wild(void) { - ns_panic(ns_log_default, 1, "wild need"); -} - -/* - * This is a functional interface to the global needs and options. - */ - -static void -init_needs(void) { - int need; - - for (need = 0; need < main_need_num; need++) - handlers[need] = wild; - handlers[main_need_zreload] = ns_zreload; - handlers[main_need_reload] = ns_reload; - handlers[main_need_reconfig] = ns_reconfig; - handlers[main_need_endxfer] = endxfer; - handlers[main_need_zoneload] = loadxfer; - handlers[main_need_dump] = doadump; - handlers[main_need_statsdump] = ns_stats; - handlers[main_need_statsdumpandclear] = ns_stats_dumpandclear; - handlers[main_need_exit] = exit_handler; - handlers[main_need_qrylog] = toggle_qrylog; - handlers[main_need_debug] = use_desired_debug; - handlers[main_need_restart] = ns_restart; - handlers[main_need_reap] = reapchild; - handlers[main_need_noexpired] = ns_noexpired; - handlers[main_need_tryxfer] = tryxfer; -} - -static void -handle_needs(void) { - int need, queued = 0; - - ns_debug(ns_log_default, 15, "handle_needs()"); - block_signals(); - for (need = 0; need < main_need_num; need++) - if ((needs & (1 << need)) != 0) { - INSIST_ERR(evWaitFor(ev, (void *)handle_needs, - need_waitfunc, - (void *)handlers[need], - NULL) != -1); - queued++; - } - needs = 0; - unblock_signals(); - ns_debug(ns_log_default, 15, "handle_needs(): queued %d", queued); - if (queued != 0) { - INSIST_ERR(evDo(ev, (void *)handle_needs) != -1); - return; - } - ns_panic(ns_log_default, 1, "ns_handle_needs: queued == 0"); -} - -static void -need_waitfunc(evContext ctx, void *uap, const void *tag) { - handler hand = (handler) uap; - time_t begin; - long syncdelay; - - UNUSED(tag); - - begin = time(NULL); - (*hand)(); - syncdelay = time(NULL) - begin; - - if (syncdelay > MAX_SYNCDELAY) - ns_notice(ns_log_default, "drained %d queries (delay %ld sec)", - drain_all_rcvbuf(ctx), syncdelay); -} - -void -ns_need(enum need need) { - block_signals(); - ns_need_unsafe(need); - unblock_signals(); -} - -/* Note: this function should only be called with signals blocked. */ -void -ns_need_unsafe(enum need need) { - needs |= (1 << need); -} - -static void -exit_handler(void) { - needs_exit = 1; -} - -void -ns_setoption(int option) { - ns_warning(ns_log_default, "used obsolete ns_setoption(%d)", option); -} - -void -writestream(struct qstream *sp, const u_char *msg, int msglen) { - if (sq_openw(sp, msglen + INT16SZ) == -1) { - sq_remove(sp); - return; - } - if (sq_write(sp, msg, msglen) == -1) { - sq_remove(sp); - return; - } - sq_writeh(sp, sq_flushw); -} - -static int -only_digits(const char *s) { - if (*s == '\0') - return (0); - while (*s != '\0') { - if (!isdigit(*s)) - return (0); - s++; - } - return (1); -} -#if defined(__GNUC__) && defined(__BOUNDS_CHECKING_ON) - /* Use bounds checking malloc, etc. */ -void * -memget(size_t len) { - return (malloc(len)); -} - -void -memput(void *addr, size_t len) { - free(addr); -} - -int -meminit(size_t init_max_size, size_t target_size) { - return (0); -} - -void * -memget_debug(size_t size, const char *file, int line) { - void *ptr; - ptr = __memget(size); - fprintf(stderr, "%s:%d: memget(%lu) -> %p\n", file, line, - (u_long)size, ptr); - return (ptr); -} - -void -memput_debug(void *ptr, size_t size, const char *file, int line) { - fprintf(stderr, "%s:%d: memput(%p, %lu)\n", file, line, ptr, - (u_long)size); - __memput(ptr, size); -} - -void -memstats(FILE *out) { - fputs("No memstats\n", out); -} -#endif - -#ifndef HAVE_CUSTOM -/* Standard implementation has nothing here */ -static void -custom_init(void) { - /* Noop. */ -} - -static void -custom_shutdown(void) { - /* Noop. */ -} -#endif diff --git a/contrib/bind/bin/named/ns_maint.c b/contrib/bind/bin/named/ns_maint.c deleted file mode 100644 index 0618ab9..0000000 --- a/contrib/bind/bin/named/ns_maint.c +++ /dev/null @@ -1,2092 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_maint.c 4.39 (Berkeley) 3/2/91"; -static const char rcsid[] = "$Id: ns_maint.c,v 8.137.8.1 2003/06/02 05:34:25 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1988 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Check Point Software Technologies Incorporated not be used - * in advertising or publicity pertaining to distribution of the document - * or software without specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES - * INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - * IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED - * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR - * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/param.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/wait.h> -#include <sys/stat.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/inet.h> -#include <arpa/nameser.h> - -#include <assert.h> -#include <errno.h> -#include <signal.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> -#include <unistd.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/dst.h> -#include <isc/misc.h> - -#include "port_after.h" - -#include "named.h" - -static int nxfers(struct zoneinfo *), - bottom_of_zone(struct databuf *, int); - -static void startxfer(struct zoneinfo *), - abortxfer(struct zoneinfo *), - purge_z_2(struct hashbuf *, int); -static int purge_nonglue_2(const char *, struct hashbuf *, - int, int, int, int); - -#ifndef HAVE_SPAWNXFER -static pid_t spawnxfer(char **, struct zoneinfo *); -#endif - - /* State of all running zone transfers */ -static struct { - pid_t xfer_pid; - int xfer_state; /* see below */ - WAIT_T xfer_status; - struct in_addr xfer_addr; -} xferstatus[MAX_XFERS_RUNNING]; - -#define XFER_IDLE 0 -#define XFER_RUNNING 1 -#define XFER_DONE 2 - - -/* - * Perform routine zone maintenance. - */ -void -zone_maint(struct zoneinfo *zp) { - gettime(&tt); - - ns_debug(ns_log_maint, 1, "zone_maint('%s'); now %lu", - zp->z_origin[0] == '\0' ? "." : zp->z_origin, - (u_long)tt.tv_sec); - -#ifdef DEBUG - if (debug >= 2) - printzoneinfo((zp - zones), ns_log_maint, 2); -#endif - - switch (zp->z_type) { - - case Z_SECONDARY: - /*FALLTHROUGH*/ -#ifdef STUBS - case Z_STUB: -#endif - if (zp->z_serial != 0 && - ((zp->z_lastupdate+zp->z_expire) < (u_int32_t)tt.tv_sec)) { - if ((zp->z_flags & Z_NOTIFY) != 0) - ns_stopnotify(zp->z_origin, zp->z_class); - /* calls purge_zone */ - do_reload(zp, 0); - /* reset zone state */ - if (!haveComplained((u_long)zp, (u_long)stale)) { - ns_notice(ns_log_default, - "%s zone \"%s\" expired", - zoneTypeString(zp->z_type), - zp->z_origin); - } - zp->z_flags &= ~Z_AUTH; - zp->z_flags |= Z_EXPIRED; - zp->z_refresh = INIT_REFRESH; - zp->z_retry = INIT_REFRESH; - zp->z_serial = 0; - } - if ((zp->z_flags & (Z_NEED_RELOAD|Z_NEED_XFER|Z_QSERIAL)) != 0) - { - ns_retrytime(zp, tt.tv_sec); - break; - } - if (zp->z_flags & Z_XFER_RUNNING) { - abortxfer(zp); - /* - * Check again in 30 seconds in case the first - * abort doesn't work. - */ - if (zp->z_time != 0 && zp->z_time <= tt.tv_sec) - zp->z_time = tt.tv_sec + 30; - break; - } - /* - * If we don't have the zone loaded or dialup is off - * or we attempted a qserial_query before and the queue was - * full attempt to verify / load the zone. - */ - if ((zp->z_serial == 0) || (zp->z_flags & Z_NEED_QSERIAL) || - (zp->z_dialup == zdialup_no) || - (zp->z_dialup == zdialup_use_default && - NS_OPTION_P(OPTION_NODIALUP))) - qserial_query(zp); - else { - ns_info(ns_log_default, "Suppressed qserial_query(%s)", - *(zp->z_origin) ? zp->z_origin : "."); - ns_refreshtime(zp, tt.tv_sec); - } - break; - -#ifdef BIND_UPDATE - case Z_PRIMARY: - if ((zp->z_flags & Z_DYNAMIC) == 0) - break; - if (tt.tv_sec >= zp->z_soaincrtime && - zp->z_soaincrintvl > 0 && - zp->z_flags & Z_NEED_SOAUPDATE) { - if (incr_serial(zp) < 0) { - /* Try again later. */ - ns_error(ns_log_maint, - "error updating serial number for %s from %d", - zp->z_origin, - zp->z_serial); - zp->z_soaincrtime = 0; - (void)schedule_soa_update(zp, 0); - } - - } - if (tt.tv_sec >= zp->z_dumptime && - zp->z_dumpintvl > 0 && - zp->z_flags & Z_NEED_DUMP) { - if (zonedump(zp, ISNOTIXFR) < 0) { - /* Try again later. */ - ns_error(ns_log_maint, - "zone dump for '%s' failed, rescheduling", - zp->z_origin); - zp->z_dumptime = 0; - (void)schedule_dump(zp); - } - } - if (zp->z_maintain_ixfr_base) - ixfr_log_maint(zp); - break; -#endif /* BIND_UPDATE */ - - default: - break; - } - - if (zp->z_time != 0 && zp->z_time < tt.tv_sec) - zp->z_time = tt.tv_sec; - - sched_zone_maint(zp); -} - -static void -do_zone_maint(evContext ctx, void *uap, struct timespec due, - struct timespec inter) { - ztimer_info zti = uap; - struct zoneinfo *zp; - - UNUSED(ctx); - UNUSED(due); - UNUSED(inter); - - INSIST(zti != NULL); - - ns_debug(ns_log_maint, 1, "do_zone_maint for zone %s (class %s)", - zti->name, p_class(zti->class)); - zp = find_zone(zti->name, zti->class); - if (zp == NULL) { - ns_error(ns_log_maint, - "do_zone_maint: %s zone '%s' (class %s) is not authoritative", - zoneTypeString(zti->type), zti->name, - p_class(zti->class)); - return; - } - if (zp->z_type != zti->type) { - ns_error(ns_log_maint, - "do_zone_maint: %s zone '%s' (class %s) has changed its type", - zoneTypeString(zti->type), zti->name, - p_class(zti->class)); - return; - } - - free_zone_timerinfo(zp); - - zp->z_flags &= ~Z_TIMER_SET; - zone_maint(zp); -} - -/* - * Figure out the next maintenance time for the zone and set a timer. - */ -void -sched_zone_maint(struct zoneinfo *zp) { - time_t next_maint = (time_t)0; - ztimer_info zti; - - if (zp->z_time != 0) - next_maint = zp->z_time; -#ifdef BIND_UPDATE - if (zp->z_type == z_master && (zp->z_flags & Z_DYNAMIC) != 0) { - if (zp->z_soaincrintvl > 0 && - (next_maint == 0 || next_maint > zp->z_soaincrtime)) - next_maint = zp->z_soaincrtime; - if (zp->z_dumpintvl > 0 && - (next_maint == 0 || next_maint > zp->z_dumptime)) - next_maint = zp->z_dumptime; - } -#endif - - if (next_maint != 0) { - if (next_maint < tt.tv_sec) - next_maint = tt.tv_sec; - - if (zp->z_flags & Z_TIMER_SET) { - if (next_maint == zp->z_nextmaint) { - ns_debug(ns_log_maint, 1, - "no schedule change for zone '%s'", - zp->z_origin[0] == '\0' ? "." : - zp->z_origin); - return; - } - - if (evResetTimer(ev, zp->z_timer, - do_zone_maint, zp->z_timerinfo, - evConsTime(next_maint, 0), - evConsTime(0, 0)) < 0) { - ns_error(ns_log_maint, - "evChangeTimer failed in sched_zone_maint for zone '%s': %s", - zp->z_origin[0] == '\0' ? "." : - zp->z_origin, - strerror(errno)); - return; - } - } else { - zti = (ztimer_info)memget(sizeof *zti); - if (zti == NULL) - ns_panic(ns_log_maint, 1, - "memget failed in sched_zone_maint"); - zti->name = savestr(zp->z_origin, 1); - zti->class = zp->z_class; - zti->type = zp->z_type; - if (evSetTimer(ev, do_zone_maint, zti, - evConsTime(next_maint, 0), - evConsTime(0, 0), &zp->z_timer) < 0) { - ns_error(ns_log_maint, - "evSetTimer failed in sched_zone_maint for zone '%s': %s", - zp->z_origin[0] == '\0' ? "." : - zp->z_origin, - strerror(errno)); - return; - } - zp->z_flags |= Z_TIMER_SET; - zp->z_timerinfo = zti; - } - ns_debug(ns_log_maint, 1, - "next maintenance for zone '%s' in %lu sec", - zp->z_origin[0] == '\0' ? "." : zp->z_origin, - (u_long)(next_maint - tt.tv_sec)); - } else { - if (zp->z_flags & Z_TIMER_SET) { - free_zone_timerinfo(zp); - if (evClearTimer(ev, zp->z_timer) < 0) - ns_error(ns_log_maint, - "evClearTimer failed in sched_zone_maint for zone '%s': %s", - zp->z_origin[0] == '\0' ? "." : - zp->z_origin, - strerror(errno)); - zp->z_flags &= ~Z_TIMER_SET; - } - ns_debug(ns_log_maint, 1, - "no scheduled maintenance for zone '%s'", - zp->z_origin[0] == '\0' ? "." : zp->z_origin); - } - zp->z_nextmaint = next_maint; -} - -void -ns_cleancache(evContext ctx, void *uap, - struct timespec due, - struct timespec inter) -{ - int deleted; - - UNUSED(ctx); - UNUSED(due); - UNUSED(inter); - - gettime(&tt); - INSIST(uap == NULL); - deleted = clean_cache(hashtab, 0); - ns_info(ns_log_maint, "Cleaned cache of %d RRset%s", - deleted, (deleted==1) ? "" : "s"); -} - -void -ns_heartbeat(evContext ctx, void *uap, struct timespec due, - struct timespec inter) -{ - struct zoneinfo *zp; - - UNUSED(ctx); - UNUSED(due); - UNUSED(inter); - - gettime(&tt); - INSIST(uap == NULL); - - for (zp = zones; zp < &zones[nzones]; zp++) { - enum zonetype zt = zp->z_type; - - if ((zt == z_nil) || - (zp->z_dialup == zdialup_no) || - (zp->z_dialup == zdialup_use_default && - NS_OPTION_P(OPTION_NODIALUP))) - continue; - /* - * Perform the refresh query that was suppressed. - */ - if ((zt == z_slave || zt == z_stub) && - (zp->z_flags & - (Z_NEED_RELOAD|Z_NEED_XFER|Z_QSERIAL|Z_XFER_RUNNING) - ) == 0) { - ns_info(ns_log_default, - "Heartbeat: qserial \"%s\"", - *(zp->z_origin) ? zp->z_origin : "."); - qserial_query(zp); - } -#ifdef BIND_NOTIFY - /* - * Trigger a refresh query while the link is up by - * sending a notify. - */ - if (((zp->z_notify == notify_yes) || - (zp->z_notify == notify_explicit) || - ((zp->z_notify == notify_use_default) && - server_options->notify != notify_no)) && - (zt == z_master || zt == z_slave) && !loading && - ((zp->z_flags & Z_AUTH) != 0)) - ns_notify(zp->z_origin, zp->z_class, ns_t_soa); -#endif - } -} - - -/* - * Mark a zone "up to date" after named-xfer tells us this or we - * discover it through the qserial_*() logic. - * The caller is responsible for calling sched_zone_maint(zp). - */ -static void -markUpToDate(struct zoneinfo *zp) { - struct stat f_time; - - zp->z_flags &= ~Z_SYSLOGGED; - zp->z_lastupdate = tt.tv_sec; - ns_refreshtime(zp, tt.tv_sec); - /* - * Restore Z_AUTH in case expired, - * but only if there were no errors - * in the zone file. - */ - if ((zp->z_flags & Z_DB_BAD) == 0) { - zp->z_flags |= Z_AUTH; - zp->z_flags &= ~Z_EXPIRED; - } - if (zp->z_source) { - struct timeval t[2]; - - t[0] = tt; - t[1] = tt; - (void) utimes(zp->z_source, t); - } - /* we use "stat" to set zp->z_ftime instead of just - setting it to tt.tv_sec in order to avoid any - possible rounding problems in utimes(). */ - if (stat(zp->z_source, &f_time) != -1) - zp->z_ftime = f_time.st_mtime; - /* XXX log if stat fails? */ -} - -void -qserial_retrytime(struct zoneinfo *zp, time_t timebase) { - zp->z_time = timebase + 5 + (rand() % 25); -} - -/* - * Query for the serial number of a zone, so that we can check to see if - * we need to transfer it. If there are too many outstanding serial - * number queries, we'll try again later. - * The caller is responsible for calling sched_zone_maint(zp). - */ -void -qserial_query(struct zoneinfo *zp) { - struct qinfo *qp; - - ns_debug(ns_log_default, 1, "qserial_query(%s)", zp->z_origin); - - if (qserials_running >= server_options->serial_queries) { - qserial_retrytime(zp, tt.tv_sec); - zp->z_flags |= Z_NEED_QSERIAL; - return; - } - - qp = sysquery(zp->z_origin, zp->z_class, T_SOA, - zp->z_addr, zp->z_keys, zp->z_addrcnt, - ntohs(zp->z_port) ? zp->z_port : ns_port, - QUERY, 0); - if (qp == NULL) { - ns_debug(ns_log_default, 1, - "qserial_query(%s): sysquery FAILED", - zp->z_origin); - /* XXX - this is bad, we should do something */ - qserial_retrytime(zp, tt.tv_sec); - zp->z_flags |= Z_NEED_QSERIAL; - return; - } - qp->q_flags |= Q_ZSERIAL; - qp->q_zquery = zp; - zp->z_flags |= Z_QSERIAL; - zp->z_flags &= ~Z_NEED_QSERIAL; - zp->z_xaddrcnt = 0; - ns_refreshtime(zp, tt.tv_sec); - qserials_running++; - ns_debug(ns_log_default, 1, "qserial_query(%s) QUEUED", zp->z_origin); -} - -static int -qserv_compare(const void *a, const void *b) { - const struct qserv *qs1 = a, *qs2 = b; - u_int32_t s1 = qs1->serial, s2 = qs2->serial; - - /* Note that we sort the "best" serial numbers to the front. */ - if (s1 == s2) - return (0); - if (s1 == 0) - return (-1); - if (s2 == 0) - return (1); - if (!SEQ_GT(s1, s2)) - return (1); - assert(SEQ_GT(s1, s2)); - return (-1); -} - -void -qserial_answer(struct qinfo *qp) { - struct zoneinfo *zp = qp->q_zquery; - struct qserv *qs = NULL; - u_int32_t serial = 0; - int n, cnt = 0; - - /* Take this query out of the global quotas. */ - zp->z_flags &= ~Z_QSERIAL; - qp->q_flags &= ~Q_ZSERIAL; /* keeps us from being called twice */ - qserials_running--; - - /* Find best serial among those returned. */ - for (n = 0; n < qp->q_naddr; n++) { - qs = &qp->q_addr[n]; - ns_debug(ns_log_default, 1, "qserial_answer(%s): [%s] -> %lu", - zp->z_origin, inet_ntoa(qs->ns_addr.sin_addr), - (unsigned long)qs->serial); - /* Don't consider serials which weren't set by a response. */ - if (qs->serial == 0) - continue; - /* Count valid answers. */ - cnt++; - /* Remove from consideration serials which aren't "better." */ - if (zp->z_serial != 0 && !SEQ_GT(qs->serial, zp->z_serial)) { - if (serial == 0 && qs->serial == zp->z_serial) - serial = qs->serial; - - if (qs->serial != zp->z_serial) - ns_notice(ns_log_xfer_in, - "Zone \"%s\" (%s) SOA serial# (%lu) rcvd from [%s] is < ours (%lu)%s", - zp->z_origin, p_class(zp->z_class), - (u_long) qs->serial, - inet_ntoa(qs->ns_addr.sin_addr), - (u_long) zp->z_serial, - qp->q_naddr!=1 ? ": skipping" : ""); - qs->serial = 0; - continue; - } - if (serial == 0 || SEQ_GT(qs->serial, serial)) - serial = qs->serial; - } - - /* If we have an existing serial number, then sort by "better." */ - if (zp->z_serial != 0) { - qsort(qp->q_addr, qp->q_naddr, sizeof(struct qserv), - qserv_compare); - for (n = 0; n < qp->q_naddr; n++) { - qs = &qp->q_addr[n]; - ns_debug(ns_log_default, 1, - "qserial_answer after sort: [%s] -> %lu", - inet_ntoa(qs->ns_addr.sin_addr), - (unsigned long)qs->serial); - } - } - - /* Now see about kicking off an inbound transfer. */ - if (serial == 0) { - /* An error occurred, or the all queries timed out. */ - if (qp->q_naddr != cnt) - ns_info(ns_log_xfer_in, - "Err/TO getting serial# for \"%s\"", - zp->z_origin); - addxfer(zp); - } else if (zp->z_serial == 0 || SEQ_GT(serial, zp->z_serial)) { - ns_debug(ns_log_xfer_in, 1, - "qserial_answer: zone is out of date"); - /* Use all servers whose serials are better than ours. */ - zp->z_xaddrcnt = 0; - for (n = 0; n < qp->q_naddr; n++) { - qs = &qp->q_addr[n]; - if (qs->serial != 0) - zp->z_xaddr[zp->z_xaddrcnt++] = - qs->ns_addr.sin_addr; - } - addxfer(zp); - } else if (zp->z_serial == serial) { - ns_debug(ns_log_xfer_in, 1, - "qserial_answer: zone serial is still OK"); - markUpToDate(zp); - sched_zone_maint(zp); - } -} - -/* - * Writes TSIG key info for an address to a file, optionally opening it first. - * Returns: - * -1: Error. - * 0: No action taken. - * 1: Tsig info successfully written. - */ -static int -write_tsig_info(struct zoneinfo *zp, struct in_addr addr, char *name, int *fd) { - server_info si; - DST_KEY *dst_key = NULL; - int tsig_fd = *fd; - char tsig_str[1024], secret_buf64[172]; - u_char secret_buf[128]; - int secret_len, len; - int i; - - for (i = 0; i < zp->z_addrcnt ; i++) - if (memcmp(&addr, &zp->z_addr[i], sizeof(addr)) == 0) { - dst_key = zp->z_keys[i]; - break; - } - - if (dst_key == NULL) { - si = find_server(addr); - if (si == NULL || si->key_list == NULL || - si->key_list->first == NULL) - return(0); - dst_key = si->key_list->first->key; - } - if (tsig_fd == -1) { - *fd = tsig_fd = mkstemp(name); - if (tsig_fd < 0) { - ns_warning(ns_log_default, - "write_tsig_info: mkstemp(%s) for TSIG info failed", - name); - return(-1); - } - (void) fchown(tsig_fd, user_id, group_id); - } - - memset(secret_buf, 0, sizeof(secret_buf)); - secret_len = dst_key_to_buffer(dst_key, secret_buf, sizeof(secret_buf)); - if (secret_len == 0) - return (-1); - len = b64_ntop(secret_buf, secret_len, secret_buf64, - sizeof(secret_buf64)); - if (len == -1) - return (-1); - /* We need snprintf! */ - if (strlen(dst_key->dk_key_name) + len + sizeof("XXX.XXX.XXX.XXX") + - sizeof("123") + 5 > sizeof(tsig_str)) - return (-1); - sprintf(tsig_str, "%s\n%s\n%d\n%s\n", - inet_ntoa(addr), dst_key->dk_key_name, dst_key->dk_alg, - secret_buf64); - len = strlen(tsig_str); - if (write(tsig_fd, tsig_str, strlen(tsig_str)) != len) - return (-1); - return (1); -} - -/* - * Returns number of tsigs written or -1. - */ -static int -write_tsigs(struct zoneinfo *zp, char *tsig_name) { - struct in_addr a; - int tsig_ret; - int tsig_fd = -1; - int cnt; - int records = 0; - - for (cnt = 0; cnt < zp->z_xaddrcnt; cnt++) { - a = zp->z_xaddr[cnt]; - if (aIsUs(a) && ns_port == zp->z_port) - continue; - - tsig_ret = write_tsig_info(zp, a, tsig_name, &tsig_fd); - switch (tsig_ret) { - case -1: - goto error; - case 0: - break; - case 1: - records++; - break; - } - } - - if (tsig_fd != -1) - close(tsig_fd); - return (records); - - error: - if (tsig_fd != -1) { - unlink(tsig_name); - close(tsig_fd); - } - return (-1); -} - -#ifdef BIND_IXFR -static int -supports_ixfr(struct zoneinfo *zp) { - int cnt = 0; - for (cnt = 0; cnt < zp->z_xaddrcnt; cnt++) { - struct in_addr a; - server_info si; - - a = zp->z_xaddr[cnt]; - if (aIsUs(a) && ns_port == zp->z_port) - continue; - si = find_server(a); - - if (si != NULL && (si->flags & SERVER_INFO_SUPPORT_IXFR) != 0) - return(1); - } - return(0); -} -#endif - -/* - * Start an asynchronous zone transfer for a zone. Depends on current time - * being in tt. Caller must do a sched_zone_maint(zp) after we return. - */ -static void -startxfer(struct zoneinfo *zp) { - char *argv[NSMAX*2 + 20]; - char argv_ns[NSMAX][MAXDNAME]; - int argc = 0, argc_ns = 0, i; - pid_t pid; - u_int cnt; - char debug_str[10]; - char serial_str[10]; - char port_str[10]; - char class_str[10]; - char src_str[20]; - char tsig_name[MAXPATHLEN+1]; - int tsig_ret = 0; - - ns_debug(ns_log_default, 1, "startxfer() %s", - zp->z_origin[0] != '\0' ? zp->z_origin : "."); - - argv[argc++] = server_options->named_xfer; - DE_CONST("-z", argv[argc++]); - DE_CONST(*zp->z_origin ? zp->z_origin : ".", argv[argc++]); - DE_CONST("-f", argv[argc++]); - argv[argc++] = zp->z_source; -#ifdef BIND_IXFR - if (supports_ixfr(zp) && zp->z_ixfr_tmp != NULL) { - DE_CONST("-i", argv[argc++]); - argv[argc++] = zp->z_ixfr_tmp; - } -#endif - if (zp->z_serial != 0) { - DE_CONST("-s", argv[argc++]); - sprintf(serial_str, "%u", zp->z_serial); - argv[argc++] = serial_str; - } - if (zp->z_axfr_src.s_addr != 0 || - server_options->axfr_src.s_addr != 0) { - DE_CONST("-x", argv[argc++]); - argv[argc++] = strcpy(src_str, inet_ntoa( - (zp->z_axfr_src.s_addr != 0) ? zp->z_axfr_src : - server_options->axfr_src)); - } - DE_CONST("-C", argv[argc++]); - sprintf(class_str, "%d", zp->z_class); - argv[argc++] = class_str; - if (zp->z_flags & Z_SYSLOGGED) - DE_CONST("-q", argv[argc++]); - DE_CONST("-P", argv[argc++]); - sprintf(port_str, "%d", ntohs(zp->z_port) != 0 ? zp->z_port : ns_port); - argv[argc++] = port_str; -#ifdef STUBS - if (zp->z_type == Z_STUB) - DE_CONST("-S", argv[argc++]); -#endif -#ifdef DEBUG - if (debug) { - DE_CONST("-d", argv[argc++]); - sprintf(debug_str, "%d", debug); - argv[argc++] = debug_str; - DE_CONST("-l", argv[argc++]); - DE_CONST(_PATH_XFERDDT, argv[argc++]); - if (debug > 5) { - DE_CONST("-t", argv[argc++]); - DE_CONST(_PATH_XFERTRACE, argv[argc++]); - } - } -#endif - - if (zp->z_xaddrcnt == 0) { - for (zp->z_xaddrcnt = 0; - zp->z_xaddrcnt < zp->z_addrcnt; - zp->z_xaddrcnt++) - zp->z_xaddr[zp->z_xaddrcnt] = - zp->z_addr[zp->z_xaddrcnt]; - } - - /* - * Store TSIG keys if we have them. - */ - strcpy(tsig_name, "tsigs.XXXXXX"); - tsig_ret = write_tsigs(zp, tsig_name); - if (tsig_ret == -1) { - ns_error(ns_log_xfer_in, "unable to write tsig info: '%s'", - zp->z_origin); - return; - } - if (tsig_ret != 0) { - DE_CONST("-T", argv[argc++]); - argv[argc++] = tsig_name; - } - - /* - * Copy the server ip addresses into argv, after converting - * to ascii and saving the static inet_ntoa result. - * Also, send TSIG key info into a file for the child. - */ - for (cnt = 0; cnt < zp->z_xaddrcnt; cnt++) { - struct in_addr a; - - a = zp->z_xaddr[cnt]; - if (aIsUs(a) && ns_port == zp->z_port) { - if (!haveComplained((u_long)zp, (u_long)startxfer)) - ns_notice(ns_log_default, - "attempted to fetch zone %s from self (%s)", - zp->z_origin, inet_ntoa(a)); - continue; - } - argv[argc++] = strcpy(argv_ns[argc_ns++], inet_ntoa(a)); -#ifdef BIND_IXFR - if (zp->z_ixfr_tmp != NULL) { - server_info si = find_server(a); - - if (si != NULL && - (si->flags & SERVER_INFO_SUPPORT_IXFR) != 0) - DE_CONST("ixfr", argv[argc++]); - else - DE_CONST("axfr", argv[argc++]); - } -#endif - } - - argv[argc] = NULL; - -#ifdef DEBUG - if (debug >= 1) { - char buffer[1024]; - char *curr, *last; - int len; - - curr = buffer; - last = &buffer[sizeof buffer - 1]; /* leave room for \0 */ - for (i = 0; i < argc; i++) { - len = strlen(argv[i]); - if (len + 1 >= last - curr) { - ns_debug(ns_log_xfer_in, 1, - "xfer args debug printout truncated"); - break; - } - strncpy(curr, argv[i], len); - curr += len; - *curr = ' '; - curr++; - } - *curr = '\0'; - ns_debug(ns_log_xfer_in, 1, "%s", buffer); - } -#endif /* DEBUG */ - - gettime(&tt); - for (i = 0; i < MAX_XFERS_RUNNING; i++) - if (xferstatus[i].xfer_pid == 0) - break; - if (i == MAX_XFERS_RUNNING) { - ns_warning(ns_log_default, - "startxfer: too many xfers running"); - zp->z_time = tt.tv_sec + 10; - return; - } - - if ((pid = spawnxfer(argv, zp)) == -1) { - unlink(tsig_name); - return; - } - - xferstatus[i].xfer_state = XFER_RUNNING; - xferstatus[i].xfer_pid = pid; /* XXX - small race condition here if we - * can't hold signals */ - xferstatus[i].xfer_addr = zp->z_xaddr[0]; - ns_debug(ns_log_default, 1, "started xfer child %d", pid); - zp->z_flags &= ~Z_NEED_XFER; - zp->z_flags |= Z_XFER_RUNNING; - zp->z_xferpid = pid; - xfers_running++; - xfers_deferred--; - if (zp->z_max_transfer_time_in) - zp->z_time = tt.tv_sec + zp->z_max_transfer_time_in; - else - zp->z_time = tt.tv_sec + server_options->max_transfer_time_in; -} - -const char * -zoneTypeString(u_int type) { - static char ret[sizeof "(4294967296?)"]; /* 2^32 */ - - switch (type) { - case Z_MASTER: return ("master"); - case Z_SLAVE: return ("slave"); -#ifdef STUBS - case Z_STUB: return ("stub"); -#endif - case Z_HINT: return ("hint"); - case Z_CACHE: return ("cache"); - case Z_FORWARD: return ("forward"); - default: - sprintf(ret, "(%u?)", type); - return (ret); - } -} - -#ifdef DEBUG -void -printzoneinfo(int zonenum, int category, int level) { - struct timeval tt; - struct zoneinfo *zp = &zones[zonenum]; - - if (debug == 0) - return; - - if (!zp->z_origin) - return; - - gettime(&tt); - - ns_debug(category, level, "zone %d: %s, class %s, type %s", zonenum, - zp->z_origin[0] ? zp->z_origin : ".", - p_class(zp->z_class), zoneTypeString(zp->z_type)); - if (zp->z_source) - ns_debug(category, level, "\tsource %s", zp->z_source); - ns_debug(category, level, "\tflags %lx, serial %u, minimum %u", - (u_long)zp->z_flags, zp->z_serial, zp->z_minimum); - ns_debug(category, level, "\trefresh %u, retry %u, expire %u", - zp->z_refresh, zp->z_retry, zp->z_expire); - if (zp->z_time) - ns_debug(category, level, "\tz_time %lu (now %lu, left: %lu)", - zp->z_time, (u_long)tt.tv_sec, - (u_long)(zp->z_time - tt.tv_sec)); - else - ns_debug(category, level, "\tz_time %lu", zp->z_time); -#ifdef BIND_UPDATE - if (zp->z_type == z_master && (zp->z_flags & Z_DYNAMIC) != 0) { - ns_debug(category, level, - "\tdumpintvl %lu, soaincrintvl %lu deferupdcnt %lu", - (unsigned long)zp->z_dumpintvl, - (unsigned long)zp->z_soaincrintvl, - (unsigned long)zp->z_deferupdcnt); - if (zp->z_soaincrtime) - ns_debug(category, level, - "\tz_soaincrtime %lu (now %lu, left: %lu)", - zp->z_soaincrtime, (u_long)tt.tv_sec, - (u_long)(zp->z_soaincrtime - tt.tv_sec)); - else - ns_debug(category, level, "\tz_soaincrtime %lu", - zp->z_soaincrtime); - if (zp->z_dumptime) - ns_debug(category, level, - "\tz_dumptime %lu (now %lu, left: %lu)", - zp->z_dumptime, (u_long)tt.tv_sec, - (u_long)(zp->z_dumptime - tt.tv_sec)); - else - ns_debug(category, level, "\tz_dumptime %lu", - zp->z_dumptime); - } -#endif -} -#endif /* DEBUG */ - -/* - * Remove all cached data below dname, class independent. - */ -void -clean_cache_from(char *dname, struct hashbuf *htp) { - const char *fname; - struct databuf *dp, *pdp; - struct namebuf *np; - struct hashbuf *phtp = htp; - int root_zone = 0; - - ns_debug(ns_log_default, 1, "clean_cache_from(%s)", dname); - if ((np = nlookup(dname, &phtp, &fname, 0)) && dname == fname && - !ns_wildcard(NAME(*np))) { - for (pdp = NULL, dp = np->n_data; dp != NULL; (void)NULL) { - if (dp->d_zone == DB_Z_CACHE) - dp = rm_datum(dp, np, pdp, NULL); - else { - pdp = dp; - dp = dp->d_next; - } - } - - if (*dname == '\0') - root_zone = 1; - - if (np->n_hash != NULL || root_zone) { - struct hashbuf *h; - - if (root_zone) - h = htp; - else - h = np->n_hash; - (void)clean_cache(h, 1); - if (h->h_cnt == 0 && !root_zone) { - rm_hash(np->n_hash); - np->n_hash = NULL; - } - } - - if (!root_zone && np->n_hash == NULL && np->n_data == NULL) - (void) purge_node(htp, np); - } -} - -/* clean_cache(htp, all) - * Scan the entire cache looking for expired TTL's on nonauthoritative - * data, and remove it. if `all' is true, ignore TTL and rm everything. - * notes: - * this should be lazy and eventlib driven. - * return: - * number of deleted RRs (all=1) or RRsets (all=0). - */ -int -clean_cache(struct hashbuf *htp, int all) { - struct databuf *dp, *pdp; - struct namebuf *np, *pnp, *npn; - struct namebuf **npp, **nppend; - int deleted = 0; - - nppend = htp->h_tab + htp->h_size; - for (npp = htp->h_tab; npp < nppend; npp++) { - for (pnp = NULL, np = *npp; np != NULL; np = npn) { - again: - for (pdp = NULL, dp = np->n_data; dp != NULL; - (void)NULL) { - if (all && dp->d_zone == DB_Z_CACHE) { - dp = rm_datum(dp, np, pdp, NULL); - deleted++; - } else if (dp->d_zone == DB_Z_CACHE && - stale(dp)) { - delete_all(np, dp->d_class, dp->d_type); - deleted++; - goto again; - } else { - pdp = dp; - dp = dp->d_next; - } - } /*for(pdp)*/ - - if (np->n_hash) { - /* Call recursively to remove subdomains. */ - deleted += clean_cache(np->n_hash, all); - - /* If now empty, free it */ - if (np->n_hash->h_cnt == 0) { - rm_hash(np->n_hash); - np->n_hash = NULL; - } - } - - if (np->n_hash == NULL && np->n_data == NULL) { - npn = rm_name(np, npp, pnp); - htp->h_cnt--; - } else { - npn = np->n_next; - pnp = np; - } - } /*for(pnp)*/ - } /*for(npp)*/ - return (deleted); -} - -/* struct namebuf * - * purge_node(htp, np) - * Remove entry from cache. - * Prerequisites: - * Node is empty and has no children. - * Paramters: - * htp - root of recursive hash table this node is part of. - * np - the node to be deleted. - * Return: - * pointer to parent. - */ -struct namebuf * -purge_node(struct hashbuf *htp, struct namebuf *np) { - struct namebuf **npp, **nppend; - struct namebuf *npn, *pnp, *nnp, *parent; - struct hashbuf *phtp; - - ns_debug(ns_log_default, 3, "purge_node: cleaning cache"); - INSIST(np->n_hash == NULL && np->n_data == NULL); - - /* Walk parent hashtable looking for ourself. */ - parent = np->n_parent; - if (parent != NULL) - phtp = parent->n_hash; - else - phtp = htp; - - if (phtp == NULL) { - /* XXX why shouldn't we panic? */ - } else { - nppend = phtp->h_tab + phtp->h_size; - for (npp = phtp->h_tab; npp < nppend; npp++) { - for (pnp = NULL, nnp = *npp; nnp != NULL; nnp = npn) { - if (nnp == np) { - ns_debug(ns_log_default, 3, - "purge_node: found ourself"); - npn = rm_name(nnp, npp, pnp); - phtp->h_cnt--; - } else { - npn = nnp->n_next; - pnp = nnp; - } - } - } - } - return (parent); -} - -void -remove_zone(struct zoneinfo *zp, const char *verb) { -#ifdef BIND_UPDATE - /* - * A dynamic zone might have changed, so we - * need to dump it before removing it. - */ - if ((zp->z_flags & Z_DYNAMIC) != 0 && - ((zp->z_flags & Z_NEED_SOAUPDATE) != 0 || - (zp->z_flags & Z_NEED_DUMP) != 0)) - (void) zonedump(zp, ISNOTIXFR); -#endif - if ((zp->z_flags & Z_NOTIFY) != 0) - ns_stopnotify(zp->z_origin, zp->z_class); - if ((zp->z_flags & Z_NEED_XFER) != 0) { - zp->z_flags &= ~Z_NEED_XFER; - xfers_deferred--; - } - ns_stopxfrs(zp); - if ((zp->z_flags & Z_XFER_RUNNING) != 0) { - int i; - /* Kill and abandon the current transfer. */ - for (i = 0; i < MAX_XFERS_RUNNING; i++) { - if (xferstatus[i].xfer_pid == zp->z_xferpid) { - xferstatus[i].xfer_pid = 0; - xferstatus[i].xfer_state = XFER_IDLE; - xfers_running--; - break; - } - } - (void)kill(zp->z_xferpid, SIGTERM); - zp->z_flags &= ~(Z_XFER_RUNNING|Z_XFER_ABORTED|Z_XFER_GONE); - zp->z_xferpid = 0; - ns_need(main_need_tryxfer); - } - do_reload(zp, 1); - ns_notice(ns_log_config, "%s zone \"%s\" (%s) %s", - zoneTypeString(zp->z_type), zp->z_origin, - p_class(zp->z_class), verb); - free_zone_contents(zp, 1); - memset(zp, 0, sizeof(*zp)); - zp->z_type = z_nil; /* Pedantic; memset() did it. */ - INIT_LINK(zp, z_reloadlink); - INIT_LINK(zp, z_freelink); - free_zone(zp); -} - -int -purge_nonglue(struct zoneinfo *zp, struct hashbuf *htp, int log) { - const char *dname = zp->z_origin; - const char *fname; - struct namebuf *np; - struct hashbuf *phtp = htp; - int root_zone = 0; - int errs = 0; - int zone = zp - zones; - struct databuf *pdp, *dp; - int class = zp->z_class; - - ns_debug(ns_log_default, 1, "purge_nonglue(%s/%d)", dname, class); - if ((np = nlookup(dname, &phtp, &fname, 0)) && dname == fname && - !ns_wildcard(NAME(*np))) { - - for (pdp = NULL, dp = np->n_data; dp != NULL; (void)NULL) { - if (dp->d_class == class && dp->d_zone != zone) - dp = rm_datum(dp, np, pdp, NULL); - else { - pdp = dp; - dp = dp->d_next; - } - } - - if (*dname == '\0') - root_zone = 1; - - if (np->n_hash != NULL || root_zone) { - struct hashbuf *h; - - if (root_zone) - h = htp; - else - h = np->n_hash; - errs += purge_nonglue_2(dname, h, class, 0, log, zone); - if (h->h_cnt == 0 && !root_zone) { - rm_hash(np->n_hash); - np->n_hash = NULL; - } - } - } - return (errs); -} - -static int -valid_glue(struct databuf *dp, char *name, int belowcut) { - - /* NS records are only valid glue at the zone cut */ - if (belowcut && dp->d_type == T_NS) - return(0); - - if (ISVALIDGLUE(dp)) /* T_NS/T_A/T_AAAA/T_A6 */ - return (1); - - if (belowcut) - return (0); - - /* Parent NXT record? */ - if (dp->d_type == T_NXT && !ns_samedomain((char*)dp->d_data, name) && - ns_samedomain((char*)dp->d_data, zones[dp->d_zone].z_origin)) - return (1); - - /* KEY RRset may be in the parent */ - if (dp->d_type == T_KEY) - return (1); - - /* NXT & KEY records may be signed */ - if (!belowcut && dp->d_type == T_SIG && - (SIG_COVERS(dp) == T_NXT || SIG_COVERS(dp) == T_KEY)) - return (1); - return (0); -} - -static int -purge_nonglue_2(const char *dname, struct hashbuf *htp, int class, - int belowcut, int log, int zone) -{ - struct databuf *dp, *pdp; - struct namebuf *np, *pnp, *npn; - struct namebuf **npp, **nppend; - int errs = 0; - int zonecut; - char name[MAXDNAME]; - - nppend = htp->h_tab + htp->h_size; - for (npp = htp->h_tab; npp < nppend; npp++) { - for (pnp = NULL, np = *npp; np != NULL; np = npn) { - if (!bottom_of_zone(np->n_data, class)) { - zonecut = belowcut; - for (dp = np->n_data; dp != NULL; - dp = dp->d_next) { - if (match(dp, class, ns_t_ns)) { - zonecut = 1; - break; - } - } - getname(np, name, sizeof name); - for (pdp = NULL, dp = np->n_data; - dp != NULL; - (void)NULL) { - int delete = 0; - if (!zonecut && - dp->d_class == class && - dp->d_zone != zone) - delete = 1; - if (zonecut && - dp->d_class == class && - !valid_glue(dp, name, belowcut)) { - if (log && - dp->d_zone == zone) { - ns_error(ns_log_load, - "zone: %s/%s: non-glue record %s bottom of zone: %s/%s", - *dname ? dname : ".", - p_class(dp->d_class), - belowcut ? "below" : - "at", - *name ? name : ".", - p_type(dp->d_type)); - errs++; - } - delete = 1; - } - if (delete) - dp = rm_datum(dp, np, pdp, - NULL); - else { - pdp = dp; - dp = dp->d_next; - } - } - if (np->n_hash) { - /* - * call recursively to clean - * subdomains - */ - errs += purge_nonglue_2(dname, - np->n_hash, - class, - zonecut || - belowcut, - log, zone); - - /* if now empty, free it */ - if (np->n_hash->h_cnt == 0) { - rm_hash(np->n_hash); - np->n_hash = NULL; - } - } - } - - if (np->n_hash == NULL && np->n_data == NULL) { - npn = rm_name(np, npp, pnp); - htp->h_cnt--; - } else { - npn = np->n_next; - pnp = np; - } - } - } - return (errs); -} - -void -purge_zone(struct zoneinfo *zp, struct hashbuf *htp) { - const char *fname; - struct databuf *dp, *pdp; - struct namebuf *np; - struct hashbuf *phtp = htp; - int root_zone = 0; - int zone = zp - zones; - char *dname = zp->z_origin; - - ns_debug(ns_log_default, 1, "purge_zone(%s)", dname); - if ((np = nlookup(dname, &phtp, &fname, 0)) && dname == fname && - !ns_wildcard(NAME(*np))) { - for (pdp = NULL, dp = np->n_data; dp != NULL; (void)NULL) { - if (dp->d_zone == zone) - dp = rm_datum(dp, np, pdp, NULL); - else { - pdp = dp; - dp = dp->d_next; - } - } - - if (*dname == '\0') - root_zone = 1; - - if (np->n_hash != NULL || root_zone) { - struct hashbuf *h; - - if (root_zone) - h = htp; - else - h = np->n_hash; - purge_z_2(h, zone); - if (h->h_cnt == 0 && !root_zone) { - rm_hash(np->n_hash); - np->n_hash = NULL; - } - } - - if (!root_zone && np->n_hash == NULL && np->n_data == NULL) - (void) purge_node(htp, np); - } -} - -static void -purge_z_2(struct hashbuf *htp, int zone) { - struct databuf *dp, *pdp; - struct namebuf *np, *pnp, *npn; - struct namebuf **npp, **nppend; - - nppend = htp->h_tab + htp->h_size; - for (npp = htp->h_tab; npp < nppend; npp++) { - for (pnp = NULL, np = *npp; np != NULL; np = npn) { - for (pdp = NULL, dp = np->n_data; - dp != NULL; - (void)NULL) { - if (dp->d_zone == zone) - dp = rm_datum(dp, np, pdp, - NULL); - else { - pdp = dp; - dp = dp->d_next; - } - } - if (np->n_hash) { - /* call recursively to rm subdomains */ - purge_z_2(np->n_hash, zone); - - /* if now empty, free it */ - if (np->n_hash->h_cnt == 0) { - rm_hash(np->n_hash); - np->n_hash = NULL; - } - } - - if (np->n_hash == NULL && np->n_data == NULL) { - npn = rm_name(np, npp, pnp); - htp->h_cnt--; - } else { - npn = np->n_next; - pnp = np; - } - } - } -} - -static int -bottom_of_zone(struct databuf *dp, int class) { - int ret = 0; - - for ((void)NULL; dp; dp = dp->d_next) { - if (dp->d_class != class) - continue; - if (dp->d_zone == DB_Z_CACHE) - continue; - if (dp->d_rcode) /* This should not occur. */ - continue; - if (dp->d_type != T_SOA) - continue; - ret = 1; - break; - } - ns_debug(ns_log_default, 3, "bottom_of_zone() == %d", ret); - return (ret); -} - -/* - * Handle XFER limit for a nameserver. - */ - - -static int -nxfers(struct zoneinfo *zp) { - struct in_addr nsa; - int ret; - int i; - - if (zp->z_xaddrcnt != 0) - nsa = zp->z_xaddr[0]; /* first ns holds zone's xfer limit */ - else if (zp->z_addrcnt != 0) - nsa = zp->z_addr[0]; /* first ns holds zone's xfer limit */ - else - return (-1); - - ret = 0; - for (i = 0; i < MAX_XFERS_RUNNING; i++) - if (xferstatus[i].xfer_status == XFER_RUNNING && - xferstatus[i].xfer_addr.s_addr == nsa.s_addr) - ret++; - return (ret); -} - -/* - * Abort an xfer that has taken too long. - */ -static void -abortxfer(struct zoneinfo *zp) { - if (zp->z_flags & (Z_XFER_GONE|Z_XFER_ABORTED)) { - int i; - - for (i = 0; i < MAX_XFERS_RUNNING; i++) { - if (xferstatus[i].xfer_pid == zp->z_xferpid) { - xferstatus[i].xfer_pid = 0; - xferstatus[i].xfer_state = XFER_IDLE; - break; - } - } - - if (zp->z_flags & Z_XFER_GONE) - ns_warning(ns_log_default, - "zone transfer timeout for \"%s\"; pid %lu missing", - zp->z_origin, (u_long)zp->z_xferpid); - else if (kill(zp->z_xferpid, SIGKILL) == -1) - ns_warning(ns_log_default, - "zone transfer timeout for \"%s\"; kill pid %lu: %s", - zp->z_origin, (u_long)zp->z_xferpid, - strerror(errno)); - else - ns_warning(ns_log_default, -"zone transfer timeout for \"%s\"; second kill \ -pid %lu - forgetting, processes may accumulate", - zp->z_origin, (u_long)zp->z_xferpid); - - zp->z_xferpid = 0; - xfers_running--; - zp->z_flags &= ~(Z_XFER_RUNNING|Z_XFER_ABORTED|Z_XFER_GONE); - } else if (kill(zp->z_xferpid, SIGTERM) == -1) { - if (errno == ESRCH) - /* No warning on first time, it may have just exited */ - zp->z_flags |= Z_XFER_GONE; - else { - ns_warning(ns_log_default, - "zone transfer timeout for \"%s\"; pid %lu kill failed %s", - zp->z_origin, (u_long)zp->z_xferpid, - strerror(errno)); - zp->z_flags |= Z_XFER_ABORTED; - } - } else { - ns_notice(ns_log_default, - "zone transfer timeout for \"%s\"; pid %lu killed", - zp->z_origin, (u_long)zp->z_xferpid); - zp->z_flags |= Z_XFER_ABORTED; - } -} - -/* - * Process exit of xfer's. - */ -void -reapchild(void) { - int i; - pid_t pid; - WAIT_T status; - - gettime(&tt); - while ((pid = (pid_t)waitpid(-1, &status, WNOHANG)) > 0) { - for (i = 0; i < MAX_XFERS_RUNNING; i++) { - if (xferstatus[i].xfer_pid == pid) { - xferstatus[i].xfer_status = status; - xferstatus[i].xfer_state = XFER_DONE; - ns_need(main_need_endxfer); - break; - } - } - } -} - -/* - * Finish processing of of finished xfers - */ -void -endxfer() { - struct zoneinfo *zp; - int exitstatus, i; - pid_t pid; - WAIT_T status; - - gettime(&tt); - - for (i = 0; i < MAX_XFERS_RUNNING; i++) { - if (xferstatus[i].xfer_state != XFER_DONE) - continue; - pid = xferstatus[i].xfer_pid; - status = xferstatus[i].xfer_status; - exitstatus = WIFEXITED(status) ? WEXITSTATUS(status) : 0; - - for (zp = zones; zp < &zones[nzones]; zp++) { - if (zp->z_xferpid != pid) - continue; - xfers_running--; - zp->z_xferpid = 0; - zp->z_flags &= - ~(Z_XFER_RUNNING|Z_XFER_ABORTED|Z_XFER_GONE); - ns_debug(ns_log_default, 1, - "\nendxfer: child %d zone %s returned status=%d termsig=%d", - pid, zp->z_origin, exitstatus, - WIFSIGNALED(status) ? WTERMSIG(status) : -1); - if (WIFSIGNALED(status)) { - if (WTERMSIG(status) != SIGKILL) { - ns_notice(ns_log_default, - "named-xfer \"%s\" exited with signal %d", - zp->z_origin[0]?zp->z_origin:".", - WTERMSIG(status)); - } - ns_retrytime(zp, tt.tv_sec); - sched_zone_maint(zp); - } else { - switch (exitstatus) { - case XFER_UPTODATE: - markUpToDate(zp); - sched_zone_maint(zp); - break; - - case XFER_SUCCESSAXFR: - case XFER_SUCCESSAXFRIXFRFILE: - zp->z_xferpid = XFER_ISAXFR; - if (exitstatus == XFER_SUCCESSAXFRIXFRFILE) { - zp->z_xferpid = XFER_ISAXFRIXFR; - if (zp->z_ixfr_tmp != NULL) - isc_movefile( - zp->z_ixfr_tmp, - zp->z_source); - } - /* XXX should incorporate loadxfer() */ - zp->z_flags |= Z_NEED_RELOAD; - zp->z_flags &= ~Z_SYSLOGGED; - ns_need(main_need_zoneload); - break; - - case XFER_SUCCESSIXFR: - zp->z_xferpid = XFER_ISIXFR; - ns_notice(ns_log_default, - "IXFR Success %s", - zp->z_ixfr_tmp); - if (merge_logs(zp, zp->z_ixfr_tmp) >= 0) { - ns_notice(ns_log_default, - "IXFR Merge success %s", - zp->z_ixfr_tmp); - - (void)unlink(zp->z_updatelog); - (void)unlink(zp->z_ixfr_base); - isc_movefile(zp->z_ixfr_tmp, - zp->z_ixfr_base); - (void)unlink(zp->z_ixfr_tmp); - if (zonedump(zp, ISIXFR) < 0) - ns_warning(ns_log_db, - "error in write ixfr updates to zone file %s", - zp ->z_source); - ns_refreshtime(zp, tt.tv_sec); - sched_zone_maint(zp); - } else { - ns_notice(ns_log_default, - "IXFR Merge failed %s", - zp->z_ixfr_tmp); - ns_retrytime(zp, tt.tv_sec); - sched_zone_maint(zp); - } - break; - - case XFER_TIMEOUT: - if (!(zp->z_flags & Z_SYSLOGGED)) { - zp->z_flags |= Z_SYSLOGGED; - ns_notice(ns_log_default, - "zoneref: Masters for slave zone \"%s\" unreachable", - zp->z_origin); - } - ns_retrytime(zp, tt.tv_sec); - sched_zone_maint(zp); - break; - - case XFER_REFUSED: - if (!(zp->z_flags & Z_SYSLOGGED)) { - zp->z_flags |= Z_SYSLOGGED; - ns_error(ns_log_xfer_in, - "zoneref: Masters for slave zone \"%s\" REFUSED transfer", - zp->z_origin); - } - ns_retrytime(zp, tt.tv_sec); - sched_zone_maint(zp); - break; - - default: - if (!(zp->z_flags & Z_SYSLOGGED)) { - zp->z_flags |= Z_SYSLOGGED; - ns_notice(ns_log_default, - "named-xfer for \"%s\" exited %d", - zp->z_origin, - exitstatus); - } - /* FALLTHROUGH */ - case XFER_FAIL: - zp->z_flags |= Z_SYSLOGGED; - ns_retrytime(zp, tt.tv_sec); - sched_zone_maint(zp); - break; - } - break; - } - } - xferstatus[i].xfer_state = XFER_IDLE; - xferstatus[i].xfer_pid = 0; - } - tryxfer(); -} - -/* - * Try to start some xfers - new "fair scheduler" by Bob Halley @DEC (1995) - */ -void -tryxfer() { - static struct zoneinfo *zp = NULL; - static struct zoneinfo *lastzones = NULL; - static int lastnzones = 0; - struct zoneinfo *startzp, *stopzp; - - /* initialize, and watch out for changes in zones! */ - if (lastzones != zones) { - if (lastzones != NULL) - ns_debug(ns_log_default, 3, "zones changed: %p != %p", - lastzones, zones); - lastzones = zones; - zp = zones; - } - - /* did zones shrink? */ - if (lastnzones > nzones) { - ns_debug(ns_log_default, 3, "zones shrunk"); - zp = zones; - } - lastnzones = nzones; - - if (zp == zones) - stopzp = &zones[nzones-1]; - else - stopzp = zp - 1; - - ns_debug(ns_log_default, 3, - "tryxfer start zp=%p stopzp=%p def=%d running=%d", - zp, stopzp, xfers_deferred, xfers_running); - - startzp = zp; - for (;;) { - int xfers; - - if (!xfers_deferred || - xfers_running >= server_options->transfers_in) - break; - - if ((xfers = nxfers(zp)) != -1 && - xfers < server_options->transfers_per_ns && - (zp->z_flags & Z_NEED_XFER)) { - startxfer(zp); - sched_zone_maint(zp); - } - - if (zp == stopzp) { - ns_debug(ns_log_default, 3, "tryxfer stop mark"); - zp = startzp; - break; - } - - zp++; - /* wrap around? */ - if (zp == &zones[nzones]) - zp = zones; - } - ns_debug(ns_log_default, 3, "tryxfer stop zp=%p", zp); -} - -/* - * Reload zones whose transfers have completed. - */ -void -loadxfer(void) { - struct zoneinfo *zp; - u_int32_t old_serial,new_serial; - char *tmpnom; - int isixfr; - - gettime(&tt); - for (zp = zones; zp < &zones[nzones]; zp++) { - if (zp->z_flags & Z_NEED_RELOAD) { - ns_debug(ns_log_default, 1, "loadxfer() \"%s\"", - zp->z_origin[0] ? zp->z_origin : "."); - zp->z_flags &= ~(Z_NEED_RELOAD|Z_AUTH); -/* XXX this is bad, should be done in ns_zreload() for primary changes. */ - ns_stopxfrs(zp); - old_serial = zp->z_serial; - if (zp->z_xferpid == XFER_ISIXFR) { - tmpnom = zp->z_ixfr_tmp; - isixfr = ISIXFR; - } else { - tmpnom = zp->z_source; - purge_zone(zp, hashtab); - isixfr = ISNOTIXFR; - } - if (zp->z_xferpid == XFER_ISAXFRIXFR) { - tmpnom= zp->z_source; - purge_zone(zp, hashtab); - isixfr = ISNOTIXFR; - } - - if (!db_load(tmpnom, zp->z_origin, zp, NULL, isixfr)) { - zp->z_flags |= Z_AUTH; - zp->z_flags &= ~Z_EXPIRED; - if (isixfr == ISIXFR) { - new_serial= zp ->z_serial; - ns_warning(ns_log_db, "ISIXFR"); - ns_warning(ns_log_db, "error in updating ixfr data base file %s from %s", zp -> z_ixfr_base, zp ->z_ixfr_tmp); - if (zonedump(zp,ISIXFR)<0) - ns_warning(ns_log_db, "error in write ixfr updates to zone file %s", zp ->z_source); - - } - } - zp->z_xferpid = 0; - if (zp->z_flags & Z_TMP_FILE) - (void) unlink(zp->z_source); - sched_zone_maint(zp); - } - } -} - -/* - * Add this zone to the set of those needing transfers. - */ -void -addxfer(struct zoneinfo *zp) { - if (!(zp->z_flags & Z_NEED_XFER)) { - zp->z_flags |= Z_NEED_XFER; - xfers_deferred++; - tryxfer(); - } -} - -/* - * Mark one zone as requiring a reload. - * Note that it should be called with signals blocked, - * and should not allocate memory (since it can be called from a sighandler). - */ -const char * -deferred_reload_unsafe(struct zoneinfo *zp) { - INSIST(zp->z_type != z_nil); - if (!zonefile_changed_p(zp)) - return ("Zone file has not changed."); - if (LINKED(zp, z_reloadlink)) - return ("Zone is already scheduled for reloading."); - APPEND(reloadingzones, zp, z_reloadlink); - ns_need_unsafe(main_need_zreload); - return ("Zone is now scheduled for reloading."); -} - -/* - * If we've loaded this file, and the file has not been modified and contains - * no $INCLUDE, then there's no need to reload. - */ -int -zonefile_changed_p(struct zoneinfo *zp) { - struct stat sb; - - INSIST(zp->z_type != z_nil); - return ((zp->z_flags & Z_INCLUDE) != 0 || - stat(zp->z_source, &sb) == -1 || - zp->z_ftime != sb.st_mtime); -} - -int -reload_master(struct zoneinfo *zp) { - INSIST(zp->z_type == z_master); - zp->z_flags &= ~Z_AUTH; - ns_stopxfrs(zp); - /* XXX what about parent zones? */ -#ifdef BIND_UPDATE - /* - * A dynamic zone might have changed, so we - * need to dump it before reloading it. - */ - if ((zp->z_flags & Z_DYNAMIC) != 0 && - ((zp->z_flags & Z_NEED_SOAUPDATE) != 0 || - (zp->z_flags & Z_NEED_DUMP) != 0)) - (void) zonedump(zp, ISNOTIXFR); -#endif - purge_zone(zp, hashtab); - ns_debug(ns_log_config, 1, "reloading zone"); -#ifdef BIND_UPDATE - if ((zp->z_flags & Z_DYNAMIC) != 0) { - struct stat sb; - - if (stat(zp->z_source, &sb) < 0) - ns_error(ns_log_config, "stat(%s) failed: %s", - zp->z_source, strerror(errno)); - else { - if ((sb.st_mode & (S_IWUSR|S_IWGRP|S_IWOTH)) != 0) - ns_warning(ns_log_config, - "dynamic zone file '%s' is writable", - zp->z_source); - } - } -#endif - if (!db_load(zp->z_source, zp->z_origin, zp, NULL, ISNOTIXFR)) - zp->z_flags |= Z_AUTH; - zp->z_refresh = 0; /* no maintenance needed */ - zp->z_time = 0; -#ifdef BIND_UPDATE - zp->z_lastupdate = 0; - if ((zp->z_flags & Z_DYNAMIC) != 0) - if (merge_logs(zp, zp->z_updatelog) == 1) - return (1); -#endif - return (0); -} - -/* - * Called by main() when main_need_zreload has been set. Should pull one - * zone off of the reloadingzones list and reload it, then if the list is - * not then empty, should turn main_need_zreload on again for the next call. - * It is not an error to call this when the reloadingzones list is empty. - */ -void -ns_zreload(void) { - struct zoneinfo *zp; - - block_signals(); - if (EMPTY(reloadingzones)) { - unblock_signals(); - return; - } - zp = HEAD(reloadingzones); - UNLINK(reloadingzones, zp, z_reloadlink); - unblock_signals(); - - reload_master(zp); - - block_signals(); - if (!EMPTY(reloadingzones)) - ns_need_unsafe(main_need_zreload); - unblock_signals(); -} - -/* - * Flush and reload configuration file and data base. - */ -void -ns_reload(void) { - ns_notice(ns_log_default, "%s %snameserver", - (reconfiging != 0) ? "reconfiguring" : "reloading", - (noexpired == 1) ? "(-noexpired) " : ""); - - INSIST(reloading == 0); - qflush(); - sq_flush(NULL); - reloading++; /* To force transfer if slave and backing up. */ - confmtime = ns_init(conffile); - time(&resettime); - reloading--; - ns_notice(ns_log_default, "Ready to answer queries."); -} - -/* - * Reload configuration, look for new or deleted zones, not changed ones - * also ignore expired zones. - */ -void -ns_noexpired(void) { - INSIST(noexpired == 0); - noexpired++; /* To ignore zones which are expired */ - ns_reconfig(); - noexpired--; -} - -/* - * Reload configuration, look for new or deleted zones, not changed ones. - */ -void -ns_reconfig(void) { - INSIST(reconfiging == 0); - reconfiging++; /* To ignore zones which aren't new or deleted. */ - ns_reload(); - reconfiging--; -} - -void -make_new_zones(void) { - struct zoneinfo *zp; - int n; - int newzones = (nzones == 0) ? INITIALZONES : NEWZONES; - - ns_debug(ns_log_config, 1, "Adding %d template zones", NEWZONES); - zp = (struct zoneinfo *) - memget((nzones + newzones) * sizeof(struct zoneinfo)); - if (zp == NULL) - panic("no memory for more zones", NULL); - memset(zp, 0, (nzones + newzones) * sizeof(struct zoneinfo)); - if (zones != NULL) { - memcpy(zp, zones, nzones * sizeof(struct zoneinfo)); - memput(zones, nzones * sizeof(struct zoneinfo)); - } - zones = zp; - block_signals(); - for (n = 0; n < newzones; n++) { - INIT_LINK(&zones[nzones], z_reloadlink); - INIT_LINK(&zones[nzones], z_freelink); - if (nzones != 0) - free_zone(&zones[nzones]); - nzones++; - } - unblock_signals(); -} - -void -free_zone(struct zoneinfo *zp) { - if (LINKED(zp, z_reloadlink)) - panic("freeing reloading zone", NULL); - if (zp->z_type != z_nil) - panic("freeing unfree zone", NULL); - APPEND(freezones, zp, z_freelink); -} - -#ifndef HAVE_SPAWNXFER -static pid_t -spawnxfer(char **argv, struct zoneinfo *zp) { - pid_t pid = (pid_t)vfork(); - - if (pid == -1) { - ns_error(ns_log_default, "xfer vfork: %s", strerror(errno)); - zp->z_time = tt.tv_sec + 10; - return (pid); - } - if (pid == 0) { - /* Child. */ - execv(server_options->named_xfer, argv); - ns_error(ns_log_default, "can't exec %s: %s", - server_options->named_xfer, strerror(errno)); - _exit(XFER_FAIL); /* Avoid duplicate buffer flushes. */ - } - return (pid); -} -#endif - -struct zoneinfo * -find_auth_zone(const char *zname, ns_class zclass) { - struct zoneinfo *zp; - struct hashbuf *htp; - struct namebuf *np; - const char *fname; - int zn; - - zp = find_zone(zname, zclass); - if (zp != NULL && - (zp->z_type == z_slave || - zp->z_type == z_master || - zp->z_type == z_stub)) - return (zp); - - htp = hashtab; - np = nlookup(zname, &htp, &fname, 0); - if (np != NULL && (zn = findMyZone(np, zclass)) != DB_Z_CACHE) - return (&zones[zn]); - - return (NULL); -} diff --git a/contrib/bind/bin/named/ns_ncache.c b/contrib/bind/bin/named/ns_ncache.c deleted file mode 100644 index efabc33..0000000 --- a/contrib/bind/bin/named/ns_ncache.c +++ /dev/null @@ -1,269 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_ncache.c,v 8.30 2002/11/17 14:51:51 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/file.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> - -#include <errno.h> -#include <resolv.h> -#include <stdio.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> - -#include "port_after.h" - -#include "named.h" - -#define BOUNDS_CHECK(ptr, count) \ - do { \ - if ((ptr) + (count) > eom) { \ - return; \ - } \ - } while (0) - -void -cache_n_resp(u_char *msg, int msglen, struct sockaddr_in from, - const char *qname, int qclass, int qtype) -{ - struct databuf *dp; - HEADER *hp; - u_char *cp, *eom, *rdatap; - char dname[MAXDNAME]; - int n, type, class, flags; - u_int ancount, nscount, dlen; -#ifdef RETURNSOA - u_int32_t ttl; - u_int16_t atype; - u_char *sp, *cp1; - u_char data[MAXDATA]; - u_char *eod = data + sizeof(data); -#endif - - nameserIncr(from.sin_addr, nssRcvdNXD); - - hp = (HEADER *)msg; - cp = msg + HFIXEDSZ; - eom = msg + msglen; - - switch (ntohs(hp->qdcount)) { - case 0: - dname[sizeof dname - 1] = '\0'; - strncpy(dname, qname, sizeof dname); - if (dname[sizeof dname - 1] != '\0') { - ns_debug(ns_log_ncache, 1, - "qp->qname too long (%d)", strlen(qname)); - hp->rcode = FORMERR; - return; - } - class = qclass; - type = qtype; - break; - case 1: - n = dn_expand(msg, eom, cp, dname, sizeof dname); - if (n < 0) { - ns_debug(ns_log_ncache, 1, - "Query expand name failed: cache_n_resp"); - hp->rcode = FORMERR; - return; - } - cp += n; - BOUNDS_CHECK(cp, 2 * INT16SZ); - GETSHORT(type, cp); - GETSHORT(class, cp); - if (class > CLASS_MAX) { - ns_debug(ns_log_ncache, 1, - "bad class in cache_n_resp"); - hp->rcode = FORMERR; - return; - } - break; - default: - ns_debug(ns_log_ncache, 1, - "QDCOUNT>1 (%d) in cache_n_resp", ntohs(hp->qdcount)); - hp->rcode = FORMERR; - return; - } - ns_debug(ns_log_ncache, 1, "ncache: dname %s, type %d, class %d", - dname, type, class); - - ancount = ntohs(hp->ancount); - nscount = ntohs(hp->nscount); - - while (ancount--) { - u_int32_t ttl; - int atype, aclass; - - n = dn_skipname(cp, eom); - if (n < 0) { - ns_debug(ns_log_ncache, 3, "ncache: form error"); - return; - } - cp += n; - BOUNDS_CHECK(cp, 3 * INT16SZ + INT32SZ); - GETSHORT(atype, cp); - GETSHORT(aclass, cp); - if (atype != T_CNAME || aclass != class) { - ns_debug(ns_log_ncache, 3, - "ncache: not CNAME (%s) or wrong class (%s)", - p_type(atype), p_class(aclass)); - return; - } - GETLONG(ttl, cp); - GETSHORT(dlen, cp); - BOUNDS_CHECK(cp, dlen); - rdatap = cp; - n = dn_expand(msg, msg + msglen, cp, dname, sizeof dname); - if (n < 0) { - ns_debug(ns_log_ncache, 3, "ncache: bad cname target"); - return; - } - cp += n; - if (cp != rdatap + dlen) { - ns_debug(ns_log_ncache, 3, "ncache: bad cname rdata"); - return; - } - } - - dp = NULL; -#ifdef RETURNSOA - while (nscount--) { - sp = cp; - - /* we store NXDOMAIN as T_SOA regardless of the query type */ - if (hp->rcode == NXDOMAIN) - type = T_SOA; - - /* store ther SOA record */ - n = dn_skipname(cp, msg + msglen); - if (n < 0) { - ns_debug(ns_log_ncache, 3, "ncache: form error"); - return; - } - cp += n; - - BOUNDS_CHECK(cp, 3 * INT16SZ + INT32SZ); - GETSHORT(atype, cp); /* type */ - cp += INT16SZ; /* class */ - GETLONG(ttl, cp); /* ttl */ - GETSHORT(dlen, cp); /* dlen */ - BOUNDS_CHECK(cp, dlen); - if (atype != T_SOA) { - ns_debug(ns_log_ncache, 3, - "ncache: type (%d) != T_SOA", atype); - cp += dlen; - continue; - } - rdatap = cp; - - /* origin */ - n = dn_expand(msg, msg + msglen, cp, (char*)data, eod - data); - if (n < 0) { - ns_debug(ns_log_ncache, 3, - "ncache: origin form error"); - return; - } - cp += n; - n = strlen((char*)data) + 1; - cp1 = data + n; - /* mail */ - n = dn_expand(msg, msg + msglen, cp, (char*)cp1, eod - cp1); - if (n < 0) { - ns_debug(ns_log_ncache, 3, "ncache: mail form error"); - return; - } - cp += n; - n = strlen((char*)cp1) + 1; - cp1 += n; - n = 5 * INT32SZ; - if (n > (eod - cp1)) /* Can't happen. See MAXDATA. */ - return; - BOUNDS_CHECK(cp, n); - memcpy(cp1, cp, n); - /* serial, refresh, retry, expire, min */ - cp1 += n; - cp += n; - if (cp != rdatap + dlen) { - ns_debug(ns_log_ncache, 3, "ncache: form error"); - return; - } - /* store the zone of the soa record */ - n = dn_expand(msg, msg + msglen, sp, (char*)cp1, eod - cp1); - if (n < 0) { - ns_debug(ns_log_ncache, 3, "ncache: form error 2"); - return; - } - n = strlen((char*)cp1) + 1; - cp1 += n; - - /* - * we only want to store these long enough so that - * ns_resp can find it. - */ - if (qtype == T_SOA && hp->rcode == NXDOMAIN) - ttl = 0; - dp = savedata(class, type, - MIN(ttl, server_options->max_ncache_ttl) + - tt.tv_sec, data, - cp1 - data); - break; - } -#endif - if (dp == NULL) -#ifdef STRICT_RFC2308 - dp = savedata(class, type, tt.tv_sec, NULL, 0); -#else - dp = savedata(class, type, NTTL + tt.tv_sec, NULL, 0); -#endif - dp->d_zone = DB_Z_CACHE; - dp->d_cred = hp->aa ? DB_C_AUTH : DB_C_ANSWER; - dp->d_secure = DB_S_INSECURE; /* BEW - should be UNCHECKED */ - dp->d_clev = 0; - if(hp->rcode == NXDOMAIN) { - dp->d_rcode = NXDOMAIN; - flags = DB_NODATA|DB_NOTAUTH|DB_NOHINTS; - } else { - dp->d_rcode = NOERROR_NODATA; - flags = DB_NOTAUTH|DB_NOHINTS; - } - - n = db_update(dname, dp, dp, NULL, flags, hashtab, from); - if (n != OK) - ns_debug(ns_log_ncache, 1, - "db_update failed (%d), cache_n_resp()", n); - else - ns_debug(ns_log_ncache, 4, - "ncache succeeded: [%s %s %s] rcode:%d ttl:%ld", - dname, p_type(type), p_class(class), - dp->d_rcode, (long)(dp->d_ttl - tt.tv_sec)); - db_detach(&dp); -} diff --git a/contrib/bind/bin/named/ns_notify.c b/contrib/bind/bin/named/ns_notify.c deleted file mode 100644 index 286b3eb..0000000 --- a/contrib/bind/bin/named/ns_notify.c +++ /dev/null @@ -1,462 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_notify.c,v 8.20 2002/04/25 05:27:12 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1994-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* Import. */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/file.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <limits.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" - -#ifdef BIND_NOTIFY - -/* Types. */ - -struct pnotify { - char * name; - ns_class class; - ns_type type; - evTimerID timer; - LINK(struct pnotify) link; -}; - -/* Forward. */ - -static void sysnotify(const char *, ns_class, ns_type); -static void sysnotify_slaves(const char *, const char *, - ns_class, ns_type, int, int *, int *); -static void sysnotify_ns(const char *, const char *, - ns_class, ns_type, int, int *, int *); -static void free_notify(struct pnotify *); -static void notify_timer(evContext, void *, - struct timespec, struct timespec); - -/* Local. */ - -static LIST(struct pnotify) pending_notifies; -static LIST(struct pnotify) loading_notifies; - -/* Public. */ - -/* - * ns_notify(dname, class, type) - * call this when a zone has changed and its slaves need to know. - */ -void -ns_notify(const char *dname, ns_class class, ns_type type) { - static const char no_room[] = "%s failed, cannot notify for zone %s"; - int delay, max_delay; - struct zoneinfo *zp; - struct pnotify *ni; - - zp = find_auth_zone(dname, class); - if (zp == NULL) { - ns_warning(ns_log_notify, - "no zone found for notify (\"%s\" %s %s)", - (dname && *dname) ? dname : ".", - p_class(class), p_type(type)); - return; - } - if (ns_samename(dname, zp->z_origin) != 1) { - ns_warning(ns_log_notify, - "notify not called with top of zone (\"%s\" %s %s)", - (dname && *dname) ? dname : ".", - p_class(class), p_type(type)); - return; - } - if ((zp->z_flags & Z_NOTIFY) != 0) { - ns_info(ns_log_notify, - "suppressing duplicate notify (\"%s\" %s %s)", - (dname && *dname) ? dname : ".", - p_class(class), p_type(type)); - return; - } - ni = memget(sizeof *ni); - if (ni == NULL) { - ns_info(ns_log_notify, no_room, "memget", dname); - return; - } - ni->name = savestr(dname, 0); - if (ni->name == NULL) { - memput(ni, sizeof *ni); - ni = NULL; - ns_info(ns_log_notify, no_room, "memget", dname); - return; - } - ni->class = class; - ni->type = type; - INIT_LINK(ni, link); - evInitID(&ni->timer); - - if (loading != 0) { - APPEND(loading_notifies, ni, link); - return; - } - - /* Delay notification for from five seconds up to fifteen minutes. */ - max_delay = MIN(nzones, 895); - max_delay = MAX(max_delay, 25); - delay = 5 + (rand() % max_delay); - if (evSetTimer(ev, notify_timer, ni, - evAddTime(evNowTime(), evConsTime(delay, 0)), - evConsTime(0, 0), &ni->timer) < 0) { - ns_error(ns_log_notify, "evSetTimer() failed: %s", - strerror(errno)); - ni->name = freestr(ni->name); - memput(ni, sizeof *ni); - return; - } - - zp->z_flags |= Z_NOTIFY; - APPEND(pending_notifies, ni, link); - ns_debug(ns_log_notify, 3, - "ns_notify(%s, %s, %s): ni %p, zp %p, delay %d", - (dname && *dname) ? dname : ".", - p_class(class), p_type(type), - ni, zp, delay); -} - -void -notify_afterload() { - struct pnotify *ni; - - INSIST(loading == 0); - while ((ni = HEAD(loading_notifies)) != NULL) { - UNLINK(loading_notifies, ni, link); - ns_notify(ni->name, ni->class, ni->type); - ni->name = freestr(ni->name); - memput(ni, sizeof *ni); - } -} - -/* - * ns_unnotify() - * call this when all pending notifies are now considered junque. - */ -void -ns_unnotify(void) { - while (!EMPTY(pending_notifies)) { - struct pnotify *ni = HEAD(pending_notifies); - - INSIST(LINKED(ni, link)); - UNLINK(pending_notifies, ni, link); - free_notify(ni); - } -} - -/* - * ns_stopnotify(const char *dname, ns_class class) - * stop notifies for this particular zone. - */ -void -ns_stopnotify(const char *dname, ns_class class) { - struct pnotify *ni; - - ni = HEAD(pending_notifies); - while (ni != NULL && - (ni->class != class || ns_samename(ni->name, dname) != 1)) - ni = NEXT(ni, link); - - if (ni != NULL) { - UNLINK(pending_notifies, ni, link); - free_notify(ni); - } -} - -/* Private. */ - -/* - * sysnotify(dname, class, type) - * cause a NOTIFY request to be sysquery()'d to each slave server - * of the zone that "dname" is within. - */ -static void -sysnotify(const char *dname, ns_class class, ns_type type) { - const char *zname; - u_int32_t zserial; - int nns, na, i; - struct zoneinfo *zp; - struct in_addr *also_addr; - - ns_debug(ns_log_notify, 3, "sysnotify(%s, %s, %s)", - dname, p_class(class), p_type(type)); - zp = find_auth_zone(dname, class); - if (zp == NULL) { - ns_warning(ns_log_notify, "sysnotify: can't find \"%s\" (%s)", - dname, p_class(class)); - return; - } - if (ns_samename(dname, zp->z_origin) != 1) { - ns_warning(ns_log_notify, "sysnotify: not auth for zone %s", - dname); - return; - } - if (zp->z_notify == notify_no || - (zp->z_notify == notify_use_default && - server_options->notify == notify_no)) - return; - if (zp->z_type != z_master && zp->z_type != z_slave) { - ns_warning(ns_log_notify, "sysnotify: %s not master or slave", - dname); - return; - } - zname = zp->z_origin; - zserial = zp->z_serial; - nns = na = 0; - if (zp->z_notify == notify_yes || - (zp->z_notify == notify_use_default && - server_options->notify == notify_yes)) - sysnotify_slaves(dname, zname, class, type, - zp - zones, &nns, &na); - - /* - * Handle any global or zone-specific also-notify clauses - */ - if (zp->z_notify_count != 0) { - /* zone-specific also notify */ - - ns_debug(ns_log_notify, 3, "zone notify ns = %d", - zp->z_notify_count); - - also_addr = zp->z_also_notify; - for (i = 0; i < zp->z_notify_count; i++) { - ns_debug(ns_log_notify, 4, "notifying %s", - inet_ntoa(*also_addr)); - sysquery(dname, class, type, also_addr, NULL, 1, - ns_port, NS_NOTIFY_OP, 0); - also_addr++; - } - nns += zp->z_notify_count; - na += zp->z_notify_count; - } else if (server_options->notify_count != 0) { - ns_debug(ns_log_notify, 4, "global notify ns = %d", - server_options->notify_count); - also_addr = server_options->also_notify; - for (i = 0; i < server_options->notify_count; i++) { - ns_debug(ns_log_notify, 3, "notifying %s", - inet_ntoa(*also_addr)); - sysquery(dname, class, type, also_addr, NULL, 1, - ns_port, ns_o_notify, 0); - also_addr++; - } - nns += server_options->notify_count; - na += server_options->notify_count; - } - - if (nns != 0 || na != 0) - ns_info(ns_log_notify, - "Sent NOTIFY for \"%s %s %s %u\" (%s); %d NS, %d A", - dname, p_class(class), p_type(type), zserial, zname, nns, na); -} - -static void -sysnotify_slaves(const char *dname, const char *zname, - ns_class class, ns_type type, - int zn, int *nns, int *na) -{ - const char *mname, *fname; - struct hashbuf *htp; - struct namebuf *np; - struct databuf *dp; - - /* - * Master. - */ - htp = hashtab; - np = nlookup(zname, &htp, &fname, 0); - if (np == NULL) { - ns_warning(ns_log_notify, - "sysnotify: found name \"%s\" but not zone", - dname); - return; - } - mname = NULL; - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (dp->d_zone == DB_Z_CACHE || !match(dp, class, ns_t_soa)) - continue; - if (dp->d_type == ns_t_sig) - continue; - if (mname) { - ns_notice(ns_log_notify, - "multiple SOA's for zone \"%s\"?", - zname); - return; - } - mname = (char *) dp->d_data; - } - if (mname == NULL) { - ns_notice(ns_log_notify, "no SOA found for zone \"%s\"", - zname); - return; - } - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (dp->d_zone == DB_Z_CACHE || !match(dp, class, ns_t_ns)) - continue; - if (dp->d_type == ns_t_sig) - continue; - if (ns_samename((char*)dp->d_data, mname) == 1) - continue; - sysnotify_ns(dname, (char *)dp->d_data, class, type, - zn, nns, na); - } -} - -static void -sysnotify_ns(const char *dname, const char *aname, - ns_class class, ns_type type, - int zn, int *nns, int *na) -{ - struct databuf *adp; - struct namebuf *anp; - const char *fname; - struct in_addr nss[NSMAX]; - struct hashbuf *htp; - int is_us, nsc, auth6, neg; - int cname = 0; - - htp = hashtab; - anp = nlookup(aname, &htp, &fname, 0); - nsc = 0; - is_us = 0; - auth6 = 0; - neg = 0; - if (anp != NULL) - for (adp = anp->n_data; adp; adp = adp->d_next) { - struct in_addr ina; - - if (adp->d_class != class) - continue; - if (adp->d_rcode == NXDOMAIN) { - neg = 1; - break; - } - if (adp->d_type == T_CNAME && adp->d_rcode == 0) { - cname = 1; - ns_error(ns_log_notify, - "NS '%s' for '%s/%s' is a CNAME", - *aname ? aname : ".", - *dname ? dname : ".", - p_class(class)); - break; - } - if ((adp->d_type == T_AAAA || adp->d_type == ns_t_a6) && - (zones[adp->d_class].z_type == z_master || - zones[adp->d_class].z_type == z_slave)) { - auth6 = 1; - continue; - } - if (!match(adp, class, T_A)) - continue; - if (adp->d_rcode) { - neg = 1; - continue; - } - if (adp->d_type == ns_t_sig) - continue; - ina = ina_get(adp->d_data); - if (aIsUs(ina)) { - is_us = 1; - continue; - } - if (nsc < NSMAX) - nss[nsc++] = ina; - } /*next A*/ - if (nsc == 0) { - if (!is_us && !cname && !auth6 && !neg && - !NS_OPTION_P(OPTION_NOFETCHGLUE)) { - struct qinfo *qp; - - qp = sysquery(aname, class, ns_t_a, NULL, NULL, 0, - ns_port, ns_o_query, 0); - if (qp != NULL) - qp->q_notifyzone = zn; - } - return; - } - sysquery(dname, class, type, nss, NULL, nsc, ns_port, ns_o_notify, 0); - (*nns)++; - *na += nsc; -} - -static void -free_notify(struct pnotify *ni) { - struct zoneinfo *zp; - - INSIST(!LINKED(ni, link)); - zp = find_auth_zone(ni->name, ni->class); - if (zp != NULL && ns_samename(ni->name, zp->z_origin) == 1) { - INSIST((zp->z_flags & Z_NOTIFY) != 0); - zp->z_flags &= ~Z_NOTIFY; - } - if (evTestID(ni->timer)) { - evClearTimer(ev, ni->timer); - evInitID(&ni->timer); - } - ni->name = freestr(ni->name); - memput(ni, sizeof *ni); -} - -static void -notify_timer(evContext ctx, void *uap, - struct timespec due, - struct timespec inter) -{ - struct pnotify *ni = uap; - - UNUSED(ctx); - UNUSED(due); - UNUSED(inter); - - INSIST(evTestID(ni->timer)); - evInitID(&ni->timer); - INSIST(LINKED(ni, link)); - UNLINK(pending_notifies, ni, link); - sysnotify(ni->name, ni->class, ni->type); - free_notify(ni); -} - -#endif /*BIND_NOTIFY*/ diff --git a/contrib/bind/bin/named/ns_parser.y b/contrib/bind/bin/named/ns_parser.y deleted file mode 100644 index c8ddc72..0000000 --- a/contrib/bind/bin/named/ns_parser.y +++ /dev/null @@ -1,2079 +0,0 @@ -%{ -#if !defined(lint) && !defined(SABER) -static char rcsid[] = "$Id: ns_parser.y,v 8.81.8.1 2003/06/02 09:56:35 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* Global C stuff goes here. */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <limits.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" -#include "ns_parseutil.h" -#include "ns_lexer.h" - -#define SYM_ZONE 0x010000 -#define SYM_SERVER 0x020000 -#define SYM_KEY 0x030000 -#define SYM_ACL 0x040000 -#define SYM_CHANNEL 0x050000 -#define SYM_PORT 0x060000 - -#define SYMBOL_TABLE_SIZE 29989 /* should always be prime */ -static symbol_table symtab; - -#define AUTH_TABLE_SIZE 397 /* should always be prime */ -static symbol_table authtab = NULL; -static symbol_table channeltab = NULL; - -static zone_config current_zone; -static int should_install; - -static options current_options; -static int seen_options; -static int logged_options_error; - -static controls current_controls; - -static int seen_topology; - -static server_config current_server; -static int seen_server; - -static char *current_algorithm; -static char *current_secret; - -static log_config current_logging; -static int current_category; -static int chan_type; -static int chan_level; -static u_int chan_flags; -static int chan_facility; -static char *chan_name; -static int chan_versions; -static u_long chan_max_size; - -static log_channel lookup_channel(char *); -static void define_channel(const char *, log_channel); -static char *canonical_name(char *); - -int yyparse(); - -%} - -%union { - char * cp; - int s_int; - long num; - u_long ul_int; - u_int16_t us_int; - struct in_addr ip_addr; - ip_match_element ime; - ip_match_list iml; - rrset_order_list rol; - rrset_order_element roe; - struct dst_key * keyi; - enum axfr_format axfr_fmt; -} - -/* Lexical analyzer return values. */ -%token L_EOS -%token <ip_addr> L_IPADDR -%token <num> L_NUMBER -%token <cp> L_STRING -%token <cp> L_QSTRING -%token L_END_INCLUDE - -/* Include support */ -%token T_INCLUDE - -/* Items related to the "options" statement: */ -%token T_OPTIONS -%token T_DIRECTORY T_PIDFILE T_NAMED_XFER -%token T_DUMP_FILE T_STATS_FILE T_MEMSTATS_FILE -%token T_FAKE_IQUERY T_RECURSION T_FETCH_GLUE -%token T_HITCOUNT T_PREFERRED_GLUE -%token T_QUERY_SOURCE T_LISTEN_ON T_PORT T_ADDRESS -%token T_RRSET_ORDER T_ORDER T_NAME T_CLASS -%token T_CONTROLS T_INET T_UNIX T_PERM T_OWNER T_GROUP T_ALLOW -%type <us_int> in_port -%type <us_int> maybe_port -%type <us_int> maybe_zero_port -%type <us_int> maybe_wild_port -%type <ip_addr> maybe_wild_addr -%token T_DATASIZE T_STACKSIZE T_CORESIZE -%token T_DEFAULT T_UNLIMITED -%token T_FILES T_VERSION T_HOSTNAME -%token T_HOSTSTATS T_HOSTSTATSMAX T_DEALLOC_ON_EXIT -%token T_TRANSFERS_IN T_TRANSFERS_OUT T_TRANSFERS_PER_NS -%token T_TRANSFER_FORMAT T_MAX_TRANSFER_TIME_IN -%token T_SERIAL_QUERIES T_ONE_ANSWER T_MANY_ANSWERS -%type <axfr_fmt> transfer_format -%token T_NOTIFY T_EXPLICIT T_NOTIFY_INITIAL T_AUTH_NXDOMAIN -%token T_MULTIPLE_CNAMES T_USE_IXFR T_MAINTAIN_IXFR_BASE -%token T_CLEAN_INTERVAL T_INTERFACE_INTERVAL T_STATS_INTERVAL -%token T_MAX_LOG_SIZE_IXFR -%token T_HEARTBEAT T_USE_ID_POOL -%token T_MAX_NCACHE_TTL T_HAS_OLD_CLIENTS T_RFC2308_TYPE1 -%token T_LAME_TTL T_MIN_ROOTS -%token T_TREAT_CR_AS_SPACE -%token T_EDNS_UDP_SIZE - -/* Items used for the "logging" statement: */ -%token T_LOGGING T_CATEGORY T_CHANNEL T_SEVERITY T_DYNAMIC -%token T_FILE T_VERSIONS T_SIZE -%token T_SYSLOG T_DEBUG T_NULL_OUTPUT -%token T_PRINT_TIME T_PRINT_CATEGORY T_PRINT_SEVERITY -%type <s_int> category -%type <cp> category_name channel_name facility_name -%type <s_int> maybe_syslog_facility - -/* Items used for the "sortlist" statement: */ -%token T_SORTLIST - -/* Items used for the "topology" statement: */ -%token T_TOPOLOGY - -%type <s_int> ordering_class -%type <s_int> ordering_type -%type <cp> ordering_name -%type <rol> rrset_ordering_list -%type <roe> rrset_ordering_element - -/* ip_match_list */ -%type <ime> address_match_simple address_match_element address_name -%type <iml> address_match_list - -/* Items used for "server" statements: */ -%token T_SERVER -%token T_LONG_AXFR -%token T_BOGUS -%token T_TRANSFERS -%token T_KEYS -%token T_SUPPORT_IXFR -%token T_EDNS - -/* Items used for "zone" statements: */ -%token T_ZONE -%type <num> optional_class -%type <s_int> zone_type -%token T_IN T_CHAOS T_HESIOD -%token T_TYPE -%token T_MASTER T_SLAVE T_STUB T_RESPONSE -%token T_HINT -%token T_MASTERS T_TRANSFER_SOURCE -%token T_PUBKEY -%token T_ALSO_NOTIFY -%token T_DIALUP -%token T_FILE_IXFR -%token T_IXFR_TMP - -/* Items used for "trusted-keys" statements: */ -%token T_TRUSTED_KEYS - -/* Items used for access control lists and "allow" clauses: */ -%token T_ACL -%token T_ALLOW_UPDATE T_ALLOW_QUERY T_ALLOW_TRANSFER -%token T_ALLOW_RECURSION -%token T_BLACKHOLE - -/* Items related to the "key" statement: */ -%token T_SEC_KEY T_ALGID T_SECRET -%type <keyi> key_ref -%type <cp> algorithm_id secret - -/* Items used for "size_spec" clauses: */ -%type <ul_int> size_spec - -/* Items used for a "check-names" clause: */ -%token T_CHECK_NAMES -%type <s_int> check_names_type -%type <s_int> check_names_opt -%token T_WARN T_FAIL T_IGNORE - -/* Items used for "forward" clauses: */ -%token T_FORWARD T_FORWARDERS -%token T_ONLY T_FIRST T_IF_NO_ANSWER T_IF_NO_DOMAIN - -/* Items used for yes/no responses: */ -%type <num> yea_or_nay -%token T_YES T_TRUE T_NO T_FALSE - -/* Miscellaneous items (used in several places): */ -%type <cp> any_string - -%% -config_file: statement_list - { - if (EMPTY(current_controls)) - ns_ctl_defaults(¤t_controls); - ns_ctl_install(¤t_controls); - } - ; - -statement_list: statement - | statement_list statement - ; - -statement: include_stmt - | options_stmt L_EOS - | controls_stmt L_EOS - | logging_stmt L_EOS - | server_stmt L_EOS - | zone_stmt L_EOS - | trusted_keys_stmt L_EOS - | acl_stmt L_EOS - | key_stmt L_EOS - | L_END_INCLUDE - | error L_EOS - | error L_END_INCLUDE - ; - -include_stmt: T_INCLUDE L_QSTRING L_EOS - { - lexer_begin_file($2, NULL); - (void)freestr($2); - } - ; - -/* - * Options - */ - -options_stmt: T_OPTIONS - { - if (seen_options) - parser_error(0, "cannot redefine options"); - current_options = new_options(); - } - '{' options '}' - { - if (!seen_options) - set_options(current_options, 0); - else - free_options(current_options); - current_options = NULL; - seen_options = 1; - } - ; - -options: option L_EOS - | options option L_EOS - ; - -option: /* Empty */ - | T_HOSTNAME L_QSTRING - { - if (current_options->hostname != NULL) - (void)freestr(current_options->hostname); - current_options->hostname = $2; - } - | T_VERSION L_QSTRING - { - if (current_options->version != NULL) - (void)freestr(current_options->version); - current_options->version = $2; - } - | T_DIRECTORY L_QSTRING - { - if (current_options->directory != NULL) - (void)freestr(current_options->directory); - current_options->directory = $2; - } - | T_NAMED_XFER L_QSTRING - { - if (current_options->named_xfer != NULL) - (void)freestr(current_options->named_xfer); - current_options->named_xfer = $2; - } - | T_PIDFILE L_QSTRING - { - if (current_options->pid_filename != NULL) - (void)freestr(current_options->pid_filename); - current_options->pid_filename = $2; - } - | T_STATS_FILE L_QSTRING - { - if (current_options->stats_filename != NULL) - (void)freestr(current_options->stats_filename); - current_options->stats_filename = $2; - } - | T_MEMSTATS_FILE L_QSTRING - { - if (current_options->memstats_filename != NULL) - (void)freestr(current_options->memstats_filename); - current_options->memstats_filename = $2; - } - | T_DUMP_FILE L_QSTRING - { - if (current_options->dump_filename != NULL) - (void)freestr(current_options->dump_filename); - current_options->dump_filename = $2; - } - | T_PREFERRED_GLUE L_STRING - { - current_options->preferred_glue = - strcasecmp($2, "aaaa") ? T_A : T_AAAA; - } - | T_FAKE_IQUERY yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_FAKE_IQUERY, $2); - } - | T_RECURSION yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_NORECURSE, !$2); - } - | T_FETCH_GLUE yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_NOFETCHGLUE, !$2); - } - | T_HITCOUNT yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_HITCOUNT, $2); - } - | T_NOTIFY T_EXPLICIT - { - current_options->notify = notify_explicit; - } - | T_NOTIFY yea_or_nay - { - if ($2) - current_options->notify = notify_yes; - else - current_options->notify = notify_no; - } - | T_NOTIFY_INITIAL yea_or_nay - { - if (initial_configuration && $2) - ns_notice(ns_log_default, - "suppressing initial notifies"); - set_global_boolean_option(current_options, - OPTION_SUPNOTIFY_INITIAL, $2); - } - | T_HOSTSTATS yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_HOSTSTATS, $2); - } - | T_DEALLOC_ON_EXIT yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_DEALLOC_ON_EXIT, $2); - } - | T_USE_IXFR yea_or_nay - { - set_global_boolean_option(current_options, OPTION_USE_IXFR, $2); - } - | T_MAINTAIN_IXFR_BASE yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_MAINTAIN_IXFR_BASE, $2); - } - | T_HAS_OLD_CLIENTS yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_NORFC2308_TYPE1, $2); - set_global_boolean_option(current_options, - OPTION_NONAUTH_NXDOMAIN, !$2); - } - | T_AUTH_NXDOMAIN yea_or_nay - { - set_global_boolean_option(current_options, OPTION_NONAUTH_NXDOMAIN, - !$2); - } - | T_MULTIPLE_CNAMES yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_MULTIPLE_CNAMES, $2); - } - | T_CHECK_NAMES check_names_type check_names_opt - { - current_options->check_names[$2] = (enum severity)$3; - } - | T_USE_ID_POOL yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_USE_ID_POOL, $2); - } - | T_RFC2308_TYPE1 yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_NORFC2308_TYPE1, !$2); - } - | T_LISTEN_ON maybe_port '{' address_match_list '}' - { - char port_string[10]; - symbol_value value; - - (void)sprintf(port_string, "%u", $2); - if (lookup_symbol(symtab, port_string, SYM_PORT, NULL)) - parser_error(0, - "cannot redefine listen-on for port %u", - ntohs($2)); - else { - add_listen_on(current_options, $2, $4); - value.pointer = NULL; - define_symbol(symtab, port_string, SYM_PORT, value, 0); - } - - } - | T_FORWARD forward_opt - | T_FORWARDERS - { - if (current_options->fwdtab) { - free_forwarders(current_options->fwdtab); - current_options->fwdtab = NULL; - } - } - '{' opt_forwarders_list '}' - | T_QUERY_SOURCE query_source - | T_TRANSFER_SOURCE maybe_wild_addr - { - current_options->axfr_src = $2; - } - | T_ALLOW_QUERY '{' address_match_list '}' - { - if (current_options->query_acl) { - parser_warning(0, - "options allow-query acl already set; skipping"); - free_ip_match_list($3); - } else - current_options->query_acl = $3; - } - | T_ALLOW_RECURSION '{' address_match_list '}' - { - if (current_options->recursion_acl) { - parser_warning(0, - "options allow-recursion acl already set; skipping"); - free_ip_match_list($3); - } else - current_options->recursion_acl = $3; - } - | T_ALLOW_TRANSFER '{' address_match_list '}' - { - if (current_options->transfer_acl) { - parser_warning(0, - "options allow-transfer acl already set; skipping"); - free_ip_match_list($3); - } else - current_options->transfer_acl = $3; - } - | T_SORTLIST '{' address_match_list '}' - { - if (current_options->sortlist) { - parser_warning(0, - "options sortlist already set; skipping"); - free_ip_match_list($3); - } else - current_options->sortlist = $3; - } - | T_ALSO_NOTIFY - { - if (current_options->also_notify) { - parser_warning(0, - "duplicate also-notify clause: overwriting"); - free_also_notify(current_options); - current_options->also_notify = NULL; - } - } - '{' opt_also_notify_list '}' - | T_BLACKHOLE '{' address_match_list '}' - { - if (current_options->blackhole_acl) { - parser_warning(0, - "options blackhole already set; skipping"); - free_ip_match_list($3); - } else - current_options->blackhole_acl = $3; - } - | T_TOPOLOGY '{' address_match_list '}' - { - if (current_options->topology) { - parser_warning(0, - "options topology already set; skipping"); - free_ip_match_list($3); - } else - current_options->topology = $3; - } - | size_clause - { - /* To get around the $$ = $1 default rule. */ - } - | transfer_clause - | T_TRANSFER_FORMAT transfer_format - { - current_options->transfer_format = $2; - } - | T_MAX_TRANSFER_TIME_IN L_NUMBER - { - current_options->max_transfer_time_in = $2 * 60; - } - | T_SERIAL_QUERIES L_NUMBER - { - current_options->serial_queries = $2; - } - | T_CLEAN_INTERVAL L_NUMBER - { - current_options->clean_interval = $2 * 60; - } - | T_INTERFACE_INTERVAL L_NUMBER - { - current_options->interface_interval = $2 * 60; - } - | T_STATS_INTERVAL L_NUMBER - { - current_options->stats_interval = $2 * 60; - } - | T_HOSTSTATSMAX L_NUMBER - { - current_options->max_host_stats = $2; - } - | T_MAX_LOG_SIZE_IXFR size_spec - { - current_options->max_log_size_ixfr = $2; - } - | T_MAX_NCACHE_TTL L_NUMBER - { - current_options->max_ncache_ttl = $2; - } - | T_LAME_TTL L_NUMBER - { - current_options->lame_ttl = $2; - } - | T_HEARTBEAT L_NUMBER - { - current_options->heartbeat_interval = $2 * 60; - } - | T_DIALUP yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_NODIALUP, !$2); - } - | T_RRSET_ORDER '{' rrset_ordering_list '}' - { - if (current_options->ordering) - free_rrset_order_list(current_options->ordering); - current_options->ordering = $3; - } - | T_TREAT_CR_AS_SPACE yea_or_nay - { - set_global_boolean_option(current_options, - OPTION_TREAT_CR_AS_SPACE, $2); - } - | T_MIN_ROOTS L_NUMBER - { - if ($2 >= 1) - current_options->minroots = $2; - } - | - | T_EDNS_UDP_SIZE L_NUMBER - { - if ($2 < 512) - current_options->edns_udp_size = 512; - else if ($2 > EDNS_MESSAGE_SZ) - current_options->edns_udp_size = EDNS_MESSAGE_SZ; - else - current_options->edns_udp_size = $2; - } - | error - ; - -/* - * Controls. - */ -controls_stmt: T_CONTROLS '{' controls '}' - ; - -controls: control L_EOS - | controls control L_EOS - ; - -control: /* Empty */ - | T_INET maybe_wild_addr T_PORT in_port - T_ALLOW '{' address_match_list '}' - { - ns_ctl_add(¤t_controls, ns_ctl_new_inet($2, $4, $7)); - } - | T_INET maybe_wild_addr - T_ALLOW '{' address_match_list '}' - T_KEYS '{' dummy_key_list '}' - { - parser_warning(0, "Ignoring BIND 9 inet control clause"); - free_ip_match_list($5); - } - | T_INET maybe_wild_addr T_PORT in_port - T_ALLOW '{' address_match_list '}' - T_KEYS '{' dummy_key_list '}' - { - parser_warning(0, "Ignoring BIND 9 inet control clause"); - free_ip_match_list($7); - } - | T_UNIX L_QSTRING T_PERM L_NUMBER T_OWNER L_NUMBER T_GROUP L_NUMBER - { -#ifndef NO_SOCKADDR_UN - ns_ctl_add(¤t_controls, ns_ctl_new_unix($2, $4, $6, $8)); -#endif - freestr($2); - } - | error - ; - -rrset_ordering_list: rrset_ordering_element L_EOS - { - rrset_order_list rol; - - rol = new_rrset_order_list(); - if ($1 != NULL) { - add_to_rrset_order_list(rol, $1); - } - - $$ = rol; - } - | rrset_ordering_list rrset_ordering_element L_EOS - { - if ($2 != NULL) { - add_to_rrset_order_list($1, $2); - } - $$ = $1; - } - ; - -ordering_class: /* nothing */ - { - $$ = C_ANY; - } - | T_CLASS any_string - { - symbol_value value; - - if (lookup_symbol(constants, $2, SYM_CLASS, &value)) - $$ = value.integer; - else { - parser_error(0, "unknown class '%s'; using ANY", $2); - $$ = C_ANY; - } - (void)freestr($2); - } - ; - -ordering_type: /* nothing */ - { - $$ = ns_t_any; - } - | T_TYPE any_string - { - int success; - - if (strcmp($2, "*") == 0) { - $$ = ns_t_any; - } else { - $$ = __sym_ston(__p_type_syms, $2, &success); - if (success == 0) { - $$ = ns_t_any; - parser_error(0, - "unknown type '%s'; assuming ANY", - $2); - } - } - (void)freestr($2); - } - ; - -ordering_name: /* nothing */ - { - $$ = savestr("*", 1); - } - | T_NAME L_QSTRING - { - if (strcmp(".",$2) == 0 || strcmp("*.",$2) == 0) { - $$ = savestr("*", 1); - (void)freestr($2); - } else { - $$ = $2 ; - } - /* XXX Should do any more name validation here? */ - } - ; - -rrset_ordering_element: ordering_class ordering_type ordering_name T_ORDER L_STRING - { - enum ordering o; - - if (strlen($5) == 0) { - parser_error(0, "null order name"); - $$ = NULL ; - } else { - o = lookup_ordering($5); - if (o == unknown_order) { - o = (enum ordering)DEFAULT_ORDERING; - parser_error(0, - "invalid order name '%s'; using %s", - $5, p_order(o)); - } - - (void)freestr($5); - - $$ = new_rrset_order_element($1, $2, $3, o); - } - } - ; - -transfer_format: T_ONE_ANSWER - { - $$ = axfr_one_answer; - } - | T_MANY_ANSWERS - { - $$ = axfr_many_answers; - } - ; - -maybe_wild_addr: L_IPADDR { $$ = $1; } - | '*' { $$.s_addr = htonl(INADDR_ANY); } - ; - -maybe_wild_port: in_port { $$ = $1; } - | '*' { $$ = htons(0); } - ; - -query_source_address: T_ADDRESS maybe_wild_addr - { - current_options->query_source.sin_addr = $2; - } - ; - -query_source_port: T_PORT maybe_wild_port - { - current_options->query_source.sin_port = $2; - } - ; - -query_source: query_source_address - | query_source_port - | query_source_address query_source_port - | query_source_port query_source_address - ; - -maybe_port: /* nothing */ { $$ = htons(NS_DEFAULTPORT); } - | T_PORT in_port { $$ = $2; } - ; - -maybe_zero_port: /* nothing */ { $$ = htons(0); } - | T_PORT in_port { $$ = $2; } - ; - - -yea_or_nay: T_YES - { - $$ = 1; - } - | T_TRUE - { - $$ = 1; - } - | T_NO - { - $$ = 0; - } - | T_FALSE - { - $$ = 0; - } - | L_NUMBER - { - if ($1 == 1 || $1 == 0) { - $$ = $1; - } else { - parser_warning(0, - "number should be 0 or 1; assuming 1"); - $$ = 1; - } - } - ; - -check_names_type: T_MASTER - { - $$ = primary_trans; - } - | T_SLAVE - { - $$ = secondary_trans; - } - | T_RESPONSE - { - $$ = response_trans; - } - ; - -check_names_opt: T_WARN - { - $$ = warn; - } - | T_FAIL - { - $$ = fail; - } - | T_IGNORE - { - $$ = ignore; - } - ; - -forward_opt: T_ONLY - { - set_global_boolean_option(current_options, - OPTION_FORWARD_ONLY, 1); - } - | T_FIRST - { - set_global_boolean_option(current_options, - OPTION_FORWARD_ONLY, 0); - } - | T_IF_NO_ANSWER - { - parser_warning(0, "forward if-no-answer is unimplemented"); - } - | T_IF_NO_DOMAIN - { - parser_warning(0, "forward if-no-domain is unimplemented"); - } - ; - -size_clause: T_DATASIZE size_spec - { - current_options->data_size = $2; - } - | T_STACKSIZE size_spec - { - current_options->stack_size = $2; - } - | T_CORESIZE size_spec - { - current_options->core_size = $2; - } - | T_FILES size_spec - { - current_options->files = $2; - } - ; - -size_spec: any_string - { - u_long result; - - if (unit_to_ulong($1, &result)) - $$ = result; - else { - parser_error(0, "invalid unit string '%s'", $1); - /* 0 means "use default" */ - $$ = 0; - } - (void)freestr($1); - } - | L_NUMBER - { - $$ = (u_long)$1; - } - | T_DEFAULT - { - $$ = 0; - } - | T_UNLIMITED - { - $$ = ULONG_MAX; - } - ; - -transfer_clause: T_TRANSFERS_IN L_NUMBER - { - current_options->transfers_in = (u_long) $2; - } - | T_TRANSFERS_OUT L_NUMBER - { - current_options->transfers_out = (u_long) $2; - } - | T_TRANSFERS_PER_NS L_NUMBER - { - current_options->transfers_per_ns = (u_long) $2; - } - ; - -opt_forwarders_list: /* nothing */ - | forwarders_in_addr_list - ; - -forwarders_in_addr_list: forwarders_in_addr L_EOS - { - /* nothing */ - } - | forwarders_in_addr_list forwarders_in_addr L_EOS - { - /* nothing */ - } - ; - -forwarders_in_addr: L_IPADDR - { - add_global_forwarder(current_options, $1); - } - ; - -opt_also_notify_list: /* nothing */ - | also_notify_in_addr_list - ; - -also_notify_in_addr_list: also_notify_in_addr L_EOS - { - /* nothing */ - } - | also_notify_in_addr_list also_notify_in_addr L_EOS - { - /* nothing */ - } - ; - -also_notify_in_addr: L_IPADDR - { - add_global_also_notify(current_options, $1); - } - ; - -/* - * Logging - */ - -logging_stmt: T_LOGGING - { - current_logging = begin_logging(); - } - '{' logging_opts_list '}' - { - end_logging(current_logging, 1); - current_logging = NULL; - } - ; - -logging_opts_list: logging_opt L_EOS - | logging_opts_list logging_opt L_EOS - | error - ; - -logging_opt: T_CATEGORY category - { - current_category = $2; - } - '{' channel_list '}' - | T_CHANNEL channel_name - { - chan_type = log_null; - chan_flags = 0; - chan_level = log_info; - } - '{' channel_opt_list '}' - { - log_channel current_channel = NULL; - - if (lookup_channel($2) != NULL) { - parser_error(0, "can't redefine channel '%s'", $2); - } else { - switch (chan_type) { - case log_file: - current_channel = - log_new_file_channel(chan_flags, - chan_level, - chan_name, NULL, - chan_versions, - chan_max_size); - log_set_file_owner(current_channel, - user_id, group_id); - chan_name = freestr(chan_name); - break; - case log_syslog: - current_channel = - log_new_syslog_channel(chan_flags, - chan_level, - chan_facility); - break; - case log_null: - current_channel = log_new_null_channel(); - break; - default: - ns_panic(ns_log_parser, 1, - "unknown channel type: %d", - chan_type); - } - if (current_channel == NULL) - ns_panic(ns_log_parser, 0, - "couldn't create channel"); - define_channel($2, current_channel); - } - (void)freestr($2); - } - ; - -channel_severity: any_string - { - symbol_value value; - - if (lookup_symbol(constants, $1, SYM_LOGGING, &value)) { - chan_level = value.integer; - } else { - parser_error(0, "unknown severity '%s'", $1); - chan_level = log_debug(99); - } - (void)freestr($1); - } - | T_DEBUG - { - chan_level = log_debug(1); - } - | T_DEBUG L_NUMBER - { - chan_level = $2; - } - | T_DYNAMIC - { - chan_level = 0; - chan_flags |= LOG_USE_CONTEXT_LEVEL|LOG_REQUIRE_DEBUG; - } - ; - -version_modifier: T_VERSIONS L_NUMBER - { - chan_versions = $2; - } - | T_VERSIONS T_UNLIMITED - { - chan_versions = LOG_MAX_VERSIONS; - } - ; - -size_modifier: T_SIZE size_spec - { - chan_max_size = $2; - } - ; - -maybe_file_modifiers: /* nothing */ - { - chan_versions = 0; - chan_max_size = ULONG_MAX; - } - | version_modifier - { - chan_max_size = ULONG_MAX; - } - | size_modifier - { - chan_versions = 0; - } - | version_modifier size_modifier - | size_modifier version_modifier - ; - -channel_file: T_FILE L_QSTRING maybe_file_modifiers - { - chan_flags |= LOG_CLOSE_STREAM; - chan_type = log_file; - chan_name = $2; - } - ; - - -facility_name: any_string { $$ = $1; } - | T_SYSLOG { $$ = savestr("syslog", 1); } - ; - -maybe_syslog_facility: /* nothing */ { $$ = LOG_DAEMON; } - | facility_name - { - symbol_value value; - - if (lookup_symbol(constants, $1, SYM_SYSLOG, &value)) { - $$ = value.integer; - } else { - parser_error(0, "unknown facility '%s'", $1); - $$ = LOG_DAEMON; - } - (void)freestr($1); - } - ; - -channel_syslog: T_SYSLOG maybe_syslog_facility - { - chan_type = log_syslog; - chan_facility = $2; - } - ; - -channel_opt: channel_file { /* nothing to do */ } - | channel_syslog { /* nothing to do */ } - | T_NULL_OUTPUT - { - chan_type = log_null; - } - | T_SEVERITY channel_severity { /* nothing to do */ } - | T_PRINT_TIME yea_or_nay - { - if ($2) - chan_flags |= LOG_TIMESTAMP; - else - chan_flags &= ~LOG_TIMESTAMP; - } - | T_PRINT_CATEGORY yea_or_nay - { - if ($2) - chan_flags |= LOG_PRINT_CATEGORY; - else - chan_flags &= ~LOG_PRINT_CATEGORY; - } - | T_PRINT_SEVERITY yea_or_nay - { - if ($2) - chan_flags |= LOG_PRINT_LEVEL; - else - chan_flags &= ~LOG_PRINT_LEVEL; - } - ; - -channel_opt_list: channel_opt L_EOS - | channel_opt_list channel_opt L_EOS - | error - ; - -channel_name: any_string - | T_NULL_OUTPUT { $$ = savestr("null", 1); } - ; - -channel: channel_name - { - log_channel channel; - - if (current_category >= 0) { - channel = lookup_channel($1); - if (channel != NULL) { - add_log_channel(current_logging, - current_category, channel); - } else - parser_error(0, "unknown channel '%s'", $1); - } - (void)freestr($1); - } - ; - -channel_list: channel L_EOS - | channel_list channel L_EOS - | error - ; - -category_name: any_string - | T_DEFAULT { $$ = savestr("default", 1); } - | T_NOTIFY { $$ = savestr("notify", 1); } - ; - -category: category_name - { - symbol_value value; - - if (lookup_symbol(constants, $1, SYM_CATEGORY, &value)) - $$ = value.integer; - else { - parser_error(0, "invalid logging category '%s'", - $1); - $$ = -1; - } - (void)freestr($1); - } - ; - -/* - * Server Information - */ - -server_stmt: T_SERVER L_IPADDR - { - const char *ip_printable; - symbol_value value; - - ip_printable = inet_ntoa($2); - value.pointer = NULL; - if (lookup_symbol(symtab, ip_printable, SYM_SERVER, NULL)) - seen_server = 1; - else - seen_server = 0; - if (seen_server) - parser_error(0, "cannot redefine server '%s'", - ip_printable); - else - define_symbol(symtab, ip_printable, SYM_SERVER, value, - 0); - current_server = begin_server($2); - } - '{' server_info_list '}' - { - end_server(current_server, !seen_server); - } - ; - -server_info_list: server_info L_EOS - | server_info_list server_info L_EOS - ; - -server_info: T_BOGUS yea_or_nay - { - set_server_option(current_server, SERVER_INFO_BOGUS, $2); - } - | T_SUPPORT_IXFR yea_or_nay - { - set_server_option(current_server, SERVER_INFO_SUPPORT_IXFR, $2); - } - | T_TRANSFERS L_NUMBER - { - set_server_transfers(current_server, (int)$2); - } - | T_TRANSFER_FORMAT transfer_format - { - set_server_transfer_format(current_server, $2); - } - | T_KEYS '{' key_list '}' - | T_EDNS yea_or_nay - { - set_server_option(current_server, SERVER_INFO_EDNS, $2); - } - | error - ; - -/* - * Address Matching - */ - -address_match_list: address_match_element L_EOS - { - ip_match_list iml; - - iml = new_ip_match_list(); - if ($1 != NULL) - add_to_ip_match_list(iml, $1); - $$ = iml; - } - | address_match_list address_match_element L_EOS - { - if ($2 != NULL) - add_to_ip_match_list($1, $2); - $$ = $1; - } - ; - -address_match_element: address_match_simple - | '!' address_match_simple - { - if ($2 != NULL) - ip_match_negate($2); - $$ = $2; - } - | T_SEC_KEY L_STRING - { - char *key_name; - struct dst_key *dst_key; - - key_name = canonical_name($2); - if (key_name == NULL) { - parser_error(0, "can't make key name '%s' canonical", - $2); - key_name = savestr("__bad_key__", 1); - } - dst_key = find_key(key_name, NULL); - if (dst_key == NULL) { - parser_error(0, "key \"%s\" not found", key_name); - $$ = NULL; - } - else - $$ = new_ip_match_key(dst_key); - (void)freestr(key_name); - freestr($2); - } - ; - -address_match_simple: L_IPADDR - { - $$ = new_ip_match_pattern($1, 32); - } - | L_IPADDR '/' L_NUMBER - { - if ($3 < 0 || $3 > 32) { - parser_error(0, "mask bits out of range; skipping"); - $$ = NULL; - } else { - $$ = new_ip_match_pattern($1, $3); - if ($$ == NULL) - parser_error(0, - "address/mask mismatch; skipping"); - } - } - | L_NUMBER '/' L_NUMBER - { - struct in_addr ia; - - if ($1 > 255) { - parser_error(0, "address out of range; skipping"); - $$ = NULL; - } else { - if ($3 < 0 || $3 > 32) { - parser_error(0, - "mask bits out of range; skipping"); - $$ = NULL; - } else { - ia.s_addr = htonl(($1 & 0xff) << 24); - $$ = new_ip_match_pattern(ia, $3); - if ($$ == NULL) - parser_error(0, - "address/mask mismatch; skipping"); - } - } - } - | address_name - | '{' address_match_list '}' - { - char name[256]; - - /* - * We want to be able to clean up this iml later so - * we give it a name and treat it like any other acl. - */ - sprintf(name, "__internal_%p", $2); - define_acl(name, $2); - $$ = new_ip_match_indirect($2); - } - ; - -address_name: any_string - { - ip_match_list iml; - - iml = lookup_acl($1); - if (iml == NULL) { - parser_error(0, "unknown ACL '%s'", $1); - $$ = NULL; - } else - $$ = new_ip_match_indirect(iml); - (void)freestr($1); - } - ; - -/* - * Keys - */ - -key_ref: any_string - { - struct dst_key *dst_key; - char *key_name; - - key_name = canonical_name($1); - if (key_name == NULL) { - parser_error(0, "can't make key name '%s' canonical", - $1); - $$ = NULL; - } else { - dst_key = lookup_key(key_name); - if (dst_key == NULL) { - parser_error(0, "unknown key '%s'", key_name); - $$ = NULL; - } else - $$ = dst_key; - key_name = freestr(key_name); - } - (void)freestr($1); - } - ; - -key_list_element: key_ref - { - if ($1 == NULL) - parser_error(0, "empty key not added to server list "); - else - add_server_key_info(current_server, $1); - } - ; - -key_list: key_list_element L_EOS - | key_list key_list_element L_EOS - | error - ; - -dummy_key_list_element: key_ref { /* empty */ } ; - -dummy_key_list: dummy_key_list_element L_EOS - | dummy_key_list dummy_key_list_element L_EOS - | error - ; - -key_stmt: T_SEC_KEY - { - current_algorithm = NULL; - current_secret = NULL; - } - any_string '{' key_definition '}' - { - struct dst_key *dst_key; - char *key_name; - - key_name = canonical_name($3); - if (key_name == NULL) { - parser_error(0, "can't make key name '%s' canonical", - $3); - } else if (lookup_key(key_name) != NULL) { - parser_error(0, "can't redefine key '%s'", key_name); - } else { - if (current_algorithm == NULL || - current_secret == NULL) { - parser_error(0, "skipping bad key '%s'", - key_name); - } else { - dst_key = new_key_info(key_name, - current_algorithm, - current_secret); - if (dst_key != NULL) { - define_key(key_name, dst_key); - if (secretkey_info == NULL) - secretkey_info = - new_key_info_list(); - add_to_key_info_list(secretkey_info, - dst_key); - } - } - } - if (key_name != NULL) - key_name = freestr(key_name); - if (current_algorithm != NULL) - current_algorithm = freestr(current_algorithm); - if (current_secret != NULL) - current_secret = freestr(current_secret); - (void)freestr($3); - } - ; - -key_definition: algorithm_id secret - { - current_algorithm = $1; - current_secret = $2; - } - | secret algorithm_id - { - current_algorithm = $2; - current_secret = $1; - } - | error - { - current_algorithm = NULL; - current_secret = NULL; - } - ; - -algorithm_id: T_ALGID any_string L_EOS { $$ = $2; } - ; - -secret: T_SECRET any_string L_EOS { $$ = $2; } - ; - -/* - * ACLs - */ - -acl_stmt: T_ACL any_string '{' address_match_list '}' - { - if (lookup_acl($2) != NULL) { - parser_error(0, "can't redefine ACL '%s'", $2); - } else - define_acl($2, $4); - (void)freestr($2); - } - ; - -/* - * Zones - */ - -zone_stmt: T_ZONE L_QSTRING optional_class - { - int sym_type; - symbol_value value; - char *zone_name; - - if (!seen_options && !logged_options_error) { - parser_error(0, - "no options statement before first zone; using previous/default"); - logged_options_error = 1; - } - sym_type = SYM_ZONE | ($3 & 0xffff); - value.pointer = NULL; - zone_name = canonical_name($2); - if (zone_name == NULL) { - parser_error(0, "can't make zone name '%s' canonical", - $2); - should_install = 0; - zone_name = savestr("__bad_zone__", 1); - } else { - if (lookup_symbol(symtab, zone_name, sym_type, NULL)) { - should_install = 0; - parser_error(0, - "cannot redefine zone '%s' class %s", - *zone_name ? zone_name : ".", - p_class($3)); - } else { - should_install = 1; - define_symbol(symtab, zone_name, sym_type, - value, 0); - } - } - (void)freestr($2); - current_zone = begin_zone(zone_name, $3); - } - optional_zone_options_list - { - end_zone(current_zone, should_install); - } - ; - -optional_zone_options_list: /* Empty */ - | '{' zone_option_list '}' - ; - -optional_class: /* Empty */ - { - $$ = C_IN; - } - | any_string - { - symbol_value value; - - if (lookup_symbol(constants, $1, SYM_CLASS, &value)) - $$ = value.integer; - else { - /* the zone validator will give the error */ - $$ = C_NONE; - } - (void)freestr($1); - } - ; - -zone_type: T_MASTER - { - $$ = Z_MASTER; - } - | T_SLAVE - { - $$ = Z_SLAVE; - } - | T_HINT - { - $$ = Z_HINT; - } - | T_STUB - { - $$ = Z_STUB; - } - | T_FORWARD - { - $$ = Z_FORWARD; - } - ; - -zone_option_list: zone_option L_EOS - | zone_option_list zone_option L_EOS - ; - -zone_option: T_TYPE zone_type - { - if (!set_zone_type(current_zone, $2)) - parser_warning(0, "zone type already set; skipping"); - } - | T_FILE L_QSTRING - { - if (!set_zone_filename(current_zone, $2)) - parser_warning(0, - "zone filename already set; skipping"); - } - | T_FILE_IXFR L_QSTRING - { - if (!set_zone_ixfr_file(current_zone, $2)) - parser_warning(0, - "zone ixfr data base already set; skipping"); - } - | T_IXFR_TMP L_QSTRING - { - if (!set_zone_ixfr_tmp(current_zone, $2)) - parser_warning(0, - "zone ixfr temp filename already set; skipping"); - } - | T_MASTERS maybe_zero_port '{' master_in_addr_list '}' - { - set_zone_master_port(current_zone, $2); - } - | T_TRANSFER_SOURCE maybe_wild_addr - { - set_zone_transfer_source(current_zone, $2); - } - | T_CHECK_NAMES check_names_opt - { - if (!set_zone_checknames(current_zone, (enum severity)$2)) - parser_warning(0, - "zone checknames already set; skipping"); - } - | T_ALLOW_UPDATE '{' address_match_list '}' - { - if (!set_zone_update_acl(current_zone, $3)) - parser_warning(0, - "zone update acl already set; skipping"); - } - | T_ALLOW_QUERY '{' address_match_list '}' - { - if (!set_zone_query_acl(current_zone, $3)) - parser_warning(0, - "zone query acl already set; skipping"); - } - | T_ALLOW_TRANSFER '{' address_match_list '}' - { - if (!set_zone_transfer_acl(current_zone, $3)) - parser_warning(0, - "zone transfer acl already set; skipping"); - } - | T_FORWARD zone_forward_opt - | T_FORWARDERS - { - struct zoneinfo *zp = current_zone.opaque; - if (zp->z_fwdtab) { - free_forwarders(zp->z_fwdtab); - zp->z_fwdtab = NULL; - } - - } - '{' opt_zone_forwarders_list '}' - | T_MAX_TRANSFER_TIME_IN L_NUMBER - { - if (!set_zone_transfer_time_in(current_zone, $2*60)) - parser_warning(0, - "zone max transfer time (in) already set; skipping"); - } - | T_MAX_LOG_SIZE_IXFR size_spec - { - set_zone_max_log_size_ixfr(current_zone, $2); - } - | T_NOTIFY T_EXPLICIT - { - set_zone_notify(current_zone, notify_explicit); - } - | T_NOTIFY yea_or_nay - { - if ($2) - set_zone_notify(current_zone, notify_yes); - else - set_zone_notify(current_zone, notify_no); - } - | T_MAINTAIN_IXFR_BASE yea_or_nay - { - set_zone_maintain_ixfr_base(current_zone, $2); - } - | T_PUBKEY L_NUMBER L_NUMBER L_NUMBER L_QSTRING - { - /* flags proto alg key */ - set_zone_pubkey(current_zone, $2, $3, $4, $5); - } - | T_PUBKEY L_STRING L_NUMBER L_NUMBER L_QSTRING - { - /* flags proto alg key */ - char *endp; - int flags = (int) strtol($2, &endp, 0); - if (*endp != '\0') - ns_panic(ns_log_parser, 1, - "Invalid flags string: %s", $2); - set_zone_pubkey(current_zone, flags, $3, $4, $5); - - } - | T_ALSO_NOTIFY '{' opt_notify_in_addr_list '}' - | T_DIALUP yea_or_nay - { - set_zone_dialup(current_zone, $2); - } - | error - ; - -master_in_addr_list: master_in_addr L_EOS - { - /* nothing */ - } - | master_in_addr_list master_in_addr L_EOS - { - /* nothing */ - } - ; - -master_in_addr: L_IPADDR - { - add_zone_master(current_zone, $1, NULL); - } - | L_IPADDR T_SEC_KEY key_ref - { - add_zone_master(current_zone, $1, $3); - } - ; - -opt_notify_in_addr_list: /* nothing */ - | notify_in_addr_list - ; - -notify_in_addr_list: notify_in_addr L_EOS - { - /* nothing */ - } - | notify_in_addr_list notify_in_addr L_EOS - { - /* nothing */ - } - ; - -notify_in_addr: L_IPADDR - { - add_zone_notify(current_zone, $1); - } - ; - -zone_forward_opt: T_ONLY - { - set_zone_boolean_option(current_zone, OPTION_FORWARD_ONLY, 1); - } - | T_FIRST - { - set_zone_boolean_option(current_zone, OPTION_FORWARD_ONLY, 0); - } - ; - -opt_zone_forwarders_list: /* nothing */ - { - set_zone_forward(current_zone); - } - | zone_forwarders_in_addr_list - ; - -zone_forwarders_in_addr_list: zone_forwarders_in_addr L_EOS - { - /* nothing */ - } - | zone_forwarders_in_addr_list zone_forwarders_in_addr L_EOS - { - /* nothing */ - } - ; - -zone_forwarders_in_addr: L_IPADDR - { - add_zone_forwarder(current_zone, $1); - } - ; - -/* - * Trusted Key statement - */ - -trusted_keys_stmt: T_TRUSTED_KEYS '{' trusted_keys_list '}' - { - } - ; -trusted_keys_list: trusted_key L_EOS - { - /* nothing */ - } - | trusted_keys_list trusted_key L_EOS - { - /* nothing */ - } - ; -trusted_key: L_STRING L_NUMBER L_NUMBER L_NUMBER L_QSTRING - { - /* name flags proto alg key */ - set_trusted_key($1, $2, $3, $4, $5); - } - | L_STRING L_STRING L_NUMBER L_NUMBER L_QSTRING - { - /* name flags proto alg key */ - char *endp; - int flags = (int) strtol($2, &endp, 0); - if (*endp != '\0') - ns_panic(ns_log_parser, 1, - "Invalid flags string: %s", $2); - set_trusted_key($1, flags, $3, $4, $5); - } - ; - -/* - * Misc. - */ - -in_port: L_NUMBER - { - if ($1 < 0 || $1 > 65535) { - parser_warning(0, - "invalid IP port number '%d'; setting port to 0", - (int)$1); - $1 = 0; - } else - $$ = htons($1); - } - ; - -any_string: L_STRING - | L_QSTRING - ; - -%% - -static char * -canonical_name(char *name) { - char canonical[MAXDNAME]; - - if (strlen(name) >= MAXDNAME) - return (NULL); - strcpy(canonical, name); - if (makename(canonical, ".", sizeof canonical) < 0) - return (NULL); - return (savestr(canonical, 0)); -} - -static void -init_acls() { - ip_match_element ime; - ip_match_list iml; - struct in_addr address; - - /* Create the predefined ACLs */ - - address.s_addr = 0U; - - /* ACL "any" */ - ime = new_ip_match_pattern(address, 0); - iml = new_ip_match_list(); - add_to_ip_match_list(iml, ime); - define_acl("any", iml); - - /* ACL "none" */ - ime = new_ip_match_pattern(address, 0); - ip_match_negate(ime); - iml = new_ip_match_list(); - add_to_ip_match_list(iml, ime); - define_acl("none", iml); - - /* ACL "localhost" */ - ime = new_ip_match_localhost(); - iml = new_ip_match_list(); - add_to_ip_match_list(iml, ime); - define_acl("localhost", iml); - - /* ACL "localnets" */ - ime = new_ip_match_localnets(); - iml = new_ip_match_list(); - add_to_ip_match_list(iml, ime); - define_acl("localnets", iml); -} - -static void -free_sym_value(int type, void *value) { - ns_debug(ns_log_parser, 99, "free_sym_value: type %06x value %p", - type, value); - type &= ~0xffff; - switch (type) { - case SYM_ACL: - free_ip_match_list(value); - break; - case SYM_KEY: - free_key_info(value); - break; - case SYM_CHANNEL: - INSIST(log_free_channel(value) == 0); - break; - default: - ns_panic(ns_log_parser, 1, - "unhandled case in free_sym_value()"); - /* NOTREACHED */ - break; - } -} - -static log_channel -lookup_channel(char *name) { - symbol_value value; - - if (lookup_symbol(channeltab, name, SYM_CHANNEL, &value)) - return ((log_channel)(value.pointer)); - return (NULL); -} - -static void -define_channel(const char *name, log_channel channel) { - symbol_value value; - - value.pointer = channel; - INSIST(log_inc_references(channel) == 0); - define_symbol(channeltab, name, SYM_CHANNEL, value, SYMBOL_FREE_VALUE); -} - -static void -define_builtin_channels() { - define_channel("default_syslog", syslog_channel); - define_channel("default_debug", debug_channel); - define_channel("default_stderr", stderr_channel); - define_channel("null", null_channel); -} - -static void -parser_setup() { - seen_options = 0; - logged_options_error = 0; - seen_topology = 0; - symtab = new_symbol_table(SYMBOL_TABLE_SIZE, NULL); - if (authtab != NULL) - free_symbol_table(authtab); - authtab = new_symbol_table(AUTH_TABLE_SIZE, free_sym_value); - if (channeltab != NULL) - free_symbol_table(channeltab); - channeltab = new_symbol_table(AUTH_TABLE_SIZE, free_sym_value); - init_acls(); - define_builtin_channels(); - INIT_LIST(current_controls); -} - -static void -parser_cleanup() { - if (symtab != NULL) - free_symbol_table(symtab); - symtab = NULL; - /* - * We don't clean up authtab here because the ip_match_lists are in - * use. - */ -} - -/* - * Public Interface - */ - -ip_match_list -lookup_acl(const char *name) { - symbol_value value; - - if (lookup_symbol(authtab, name, SYM_ACL, &value)) - return ((ip_match_list)(value.pointer)); - return (NULL); -} - -void -define_acl(const char *name, ip_match_list iml) { - symbol_value value; - - INSIST(name != NULL); - INSIST(iml != NULL); - - value.pointer = iml; - define_symbol(authtab, name, SYM_ACL, value, SYMBOL_FREE_VALUE); - ns_debug(ns_log_parser, 7, "acl %s", name); - dprint_ip_match_list(ns_log_parser, iml, 2, "allow ", "deny "); -} - -struct dst_key * -lookup_key(char *name) { - symbol_value value; - - if (lookup_symbol(authtab, name, SYM_KEY, &value)) - return ((struct dst_key *)(value.pointer)); - return (NULL); -} - -void -define_key(const char *name, struct dst_key *dst_key) { - symbol_value value; - - INSIST(name != NULL); - INSIST(dst_key != NULL); - - value.pointer = dst_key; - define_symbol(authtab, name, SYM_KEY, value, SYMBOL_FREE_VALUE); - dprint_key_info(dst_key); -} - -time_t -parse_configuration(const char *filename) { - FILE *config_stream; - struct stat sb; - - config_stream = fopen(filename, "r"); - if (config_stream == NULL) - ns_panic(ns_log_parser, 0, "can't open '%s'", filename); - if (fstat(fileno(config_stream), &sb) == -1) - ns_panic(ns_log_parser, 0, "can't stat '%s'", filename); - - lexer_setup(); - parser_setup(); - lexer_begin_file(filename, config_stream); - (void)yyparse(); - lexer_end_file(); - parser_cleanup(); - return (sb.st_mtime); -} - -void -parser_initialize(void) { - lexer_initialize(); -} - -void -parser_shutdown(void) { - if (authtab != NULL) - free_symbol_table(authtab); - if (channeltab != NULL) - free_symbol_table(channeltab); - lexer_shutdown(); -} diff --git a/contrib/bind/bin/named/ns_parseutil.c b/contrib/bind/bin/named/ns_parseutil.c deleted file mode 100644 index 3619dc7..0000000 --- a/contrib/bind/bin/named/ns_parseutil.c +++ /dev/null @@ -1,243 +0,0 @@ -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* Global C stuff goes here. */ - - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> - -#include <ctype.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include "port_after.h" - -#include "named.h" -#include "ns_parseutil.h" - - -/* - * Symbol Table - */ - -symbol_table -new_symbol_table(int size_guess, free_function free_value) { - symbol_table st; - - st = (symbol_table)memget(sizeof (struct symbol_table)); - if (st == NULL) - panic("memget failed in new_symbol_table()", NULL); - st->table = (symbol_entry *)memget(size_guess * sizeof *st->table); - if (st->table == NULL) - panic("memget failed in new_symbol_table()", NULL); - memset(st->table, 0, size_guess * sizeof (symbol_entry)); - st->size = size_guess; /* size_guess should be prime */ - st->free_value = free_value; - return (st); -} - -void -free_symbol(symbol_table st, symbol_entry ste) { - ste->key = freestr(ste->key); - if (ste->flags & SYMBOL_FREE_VALUE) - (st->free_value)(ste->type, ste->value.pointer); -} - -void -free_symbol_table(symbol_table st) { - int i; - symbol_entry ste, ste_next; - - for (i = 0; i < st->size; i++) { - for (ste = st->table[i]; ste != NULL; ste = ste_next) { - ste_next = ste->next; - free_symbol(st, ste); - memput(ste, sizeof *ste); - } - } - memput(st->table, st->size * sizeof (symbol_entry)); - memput(st, sizeof *st); -} - -void -dprint_symbol_table(int level, symbol_table st) { - int i; - symbol_entry ste; - - for (i = 0; i < st->size; i++) { - for (ste = st->table[i]; ste != NULL; ste = ste->next) - ns_debug(ns_log_parser, level, - "%7d: (%s: %d %p/%d %04x) ", - i, ste->key, ste->type, ste->value.pointer, - ste->value.integer, ste->flags); - } -} - -/* - * P. J. Weinberger's hash function, adapted from p. 436 of - * _Compilers: Principles, Techniques, and Tools_, Aho, Sethi - * and Ullman, Addison-Wesley, 1986, ISBN 0-201-10088-6. - */ -static int -symbol_hash(const char *key, int prime) { - const char *s; - unsigned int h = 0; - unsigned int g; - int c; - - for (s = key; *s != '\0'; s++) { - c = *s; - if (isascii(c) && isupper(c)) - c = tolower(c); - h = ( h << 4 ) + c; - if ((g = ( h & 0xf0000000 )) != 0) { - h = h ^ (g >> 24); - h = h ^ g; - } - } - return (h % prime); -} - -int -lookup_symbol(symbol_table st, const char *key, int type, - symbol_value *value) { - int hash; - symbol_entry ste; - - hash = symbol_hash(key, st->size); - for (ste = st->table[hash]; ste != NULL; ste = ste->next) - if ((type == 0 || ste->type == type) && - strcasecmp(ste->key, key) == 0) - break; - if (ste != NULL) { - if (value != NULL) - *value = ste->value; - return (1); - } - return (0); -} - -void -define_symbol(symbol_table st, const char *key, int type, symbol_value value, - unsigned int flags) { - int hash; - symbol_entry ste; - - hash = symbol_hash(key, st->size); - for (ste = st->table[hash]; ste != NULL; ste = ste->next) - if ((type == 0 || ste->type == type) && - strcasecmp(ste->key, key) == 0) - break; - if (ste == NULL) { - ste = (symbol_entry)memget(sizeof *ste); - if (ste == NULL) - panic("memget failed in define_symbol()", NULL); - ste->key = savestr(key, 1); - ste->type = type; - ste->value = value; - ste->flags = flags; - ste->next = st->table[hash]; - st->table[hash] = ste; - } else { - ns_debug(ns_log_parser, 7, "redefined symbol %s type %d", - key, type); - free_symbol(st, ste); - ste->key = savestr(key, 1); - ste->value = value; - ste->flags = flags; - } -} - -void -undefine_symbol(symbol_table st, char *key, int type) { - int hash; - symbol_entry prev_ste, ste; - - hash = symbol_hash(key, st->size); - for (prev_ste = NULL, ste = st->table[hash]; - ste != NULL; - prev_ste = ste, ste = ste->next) - if ((type == 0 || ste->type == type) && - strcasecmp(ste->key, key) == 0) - break; - if (ste != NULL) { - free_symbol(st, ste); - if (prev_ste != NULL) - prev_ste->next = ste->next; - else - st->table[hash] = ste->next; - memput(ste, sizeof *ste); - } -} - -/* - * Conversion Routines - */ - -int -unit_to_ulong(char *in, u_long *out) { - int c, units_done = 0; - u_long result = 0L; - - INSIST(in != NULL); - - for (; (c = *in) != '\0'; in++) { - if (units_done) - return (0); - if (isdigit(c)) { - result *= 10; - result += (c - '0'); - } else { - switch (c) { - case 'k': - case 'K': - result *= 1024; - units_done = 1; - break; - case 'm': - case 'M': - result *= (1024*1024); - units_done = 1; - break; - case 'g': - case 'G': - result *= (1024*1024*1024); - units_done = 1; - break; - default: - return (0); - } - } - } - - *out = result; - return (1); -} diff --git a/contrib/bind/bin/named/ns_parseutil.h b/contrib/bind/bin/named/ns_parseutil.h deleted file mode 100644 index efb5c8f..0000000 --- a/contrib/bind/bin/named/ns_parseutil.h +++ /dev/null @@ -1,64 +0,0 @@ -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#ifndef _NS_PARSEUTIL_H -#define _NS_PARSEUTIL_H - -/* - * Symbol Table - */ - -#define SYMBOL_FREE_VALUE 0x02 - -typedef union symbol_value { - void *pointer; - int integer; -} symbol_value; - -typedef void (*free_function)(int, void *); - -typedef struct symbol_entry { - char *key; - int type; - symbol_value value; - unsigned int flags; - struct symbol_entry *next; -} *symbol_entry; - -typedef struct symbol_table { - int size; - symbol_entry *table; - free_function free_value; -} *symbol_table; - -symbol_table new_symbol_table(int, free_function); -void free_symbol(symbol_table, symbol_entry); -void free_symbol_table(symbol_table); -void dprint_symbol_table(int, symbol_table); -int lookup_symbol(symbol_table, const char *, int, - symbol_value *); -void define_symbol(symbol_table, const char *, int, - symbol_value, unsigned int); -void undefine_symbol(symbol_table, char *, int type); - -/* - * Conversion Routines - */ - -int unit_to_ulong(char *, u_long *); - -#endif /* !_NS_PARSEUTIL_H */ diff --git a/contrib/bind/bin/named/ns_req.c b/contrib/bind/bin/named/ns_req.c deleted file mode 100644 index 1272f04..0000000 --- a/contrib/bind/bin/named/ns_req.c +++ /dev/null @@ -1,2560 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_req.c 4.47 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_req.c,v 8.175.6.2 2003/06/02 09:56:35 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1988, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/uio.h> -#include <sys/file.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <fcntl.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" - -struct addinfo { - char *a_dname; /* domain name */ - char *a_rname; /* referred by */ - u_int16_t a_rtype; /* referred by */ - u_int16_t a_type; /* type for data */ - u_int16_t a_class; /* class for data */ -}; - - -#ifndef BIND_UPDATE -enum req_action { Finish, Refuse, Return }; -#endif - -static struct addinfo addinfo[NADDRECS]; -static void addname(const char *, const char *, - u_int16_t, u_int16_t, u_int16_t); -static void copyCharString(u_char **, const char *); - -static enum req_action req_query(HEADER *hp, u_char **cpp, u_char *eom, - struct qstream *qsp, - int *buflenp, int *msglenp, - u_char *msg, int dfd, int *ra, - struct sockaddr_in from, - struct tsig_record *in_tsig, - u_int16_t udpsize); - -static enum req_action req_iquery(HEADER *hp, u_char **cpp, u_char *eom, - int *buflenp, struct sockaddr_in from); - -#ifdef BIND_NOTIFY -static enum req_action req_notify(HEADER *hp, u_char **cpp, u_char *eom, - u_char *msg,struct sockaddr_in from); -#endif - -/* - * See if there is a OPT record at the end of the message. - * - * Results: - * -1 FORMERR - * 0 last RR is not a OPT record - * n>0 lenght of OPT record - */ -int -ns_get_opt(u_char *msg, u_char *eom, - u_int8_t *versionp, u_int16_t *rcodep, u_int16_t *flagp, - u_int16_t *bufsizep, u_char **optionsp, size_t *optsizep) -{ - HEADER *hp = (HEADER *) msg; - u_char *start, *options, *cp; - u_int8_t version; - u_int16_t rdlen, type, bufsize, flags, optsize, rcode; - int i, n, root; - - if (msg == NULL || eom == NULL || (msg + HFIXEDSZ) > eom) - return (-1); - - if (ntohs(hp->arcount) == 0) - return (0); - - cp = msg + HFIXEDSZ; - n = ns_skiprr(cp, eom, ns_s_qd, ntohs(hp->qdcount)); - if (n < 0) - return (-1); - cp += n; - n = ns_skiprr(cp, eom, ns_s_an, ntohs(hp->ancount)); - if (n < 0) - return (-1); - cp += n; - n = ns_skiprr(cp, eom, ns_s_ns, ntohs(hp->nscount)); - if (n < 0) - return (-1); - cp += n; - i = ntohs(hp->arcount); - while (i-- > 0) { - start = cp; - if (cp >= eom) - return (-1); - root = (*cp == 0); - n = dn_skipname(cp, eom); - if (n < 0) - return (-1); - cp += n; - if (cp + (2 + 2 + 4 + 2) > eom) - return (-1); - GETSHORT(type, cp); - if (type != ns_t_opt) { - cp += INT16SZ + INT32SZ; /* class, ttl */ - GETSHORT(rdlen, cp); - if (cp + rdlen > eom) - return (-1); - cp += rdlen; - continue; - } - /* We have the OPT record. Check it out in detail. */ - if (!root) - return (-1); - GETSHORT(bufsize, cp); - rcode = (*cp++ <<4) + hp->rcode ; - version = *cp++; - GETSHORT(flags, cp); - GETSHORT(rdlen, cp); - if (cp + rdlen > eom) - return (-1); - options = cp; - optsize = rdlen; - if (versionp != NULL) - *versionp = version; - if (rcodep != NULL) - *rcodep = rcode; - if (flagp != NULL) - *flagp = flags; - if (bufsizep != NULL) - *bufsizep = bufsize; - if (optionsp != NULL) - *optionsp = options; - if (optsizep != NULL) - *optsizep = optsize; - return (cp - start); - } - /* OPT not found */ - return (0); -} - -int -ns_add_opt(u_char *msg, u_char *cp, size_t buflen, u_int8_t version, - u_int16_t rcode, u_int16_t size, u_int16_t flags, - u_char *options, size_t optlen) -{ - HEADER *hp = (HEADER *) msg; - - if ((cp + 1 + 2 + 2 + 4 + 2 + optlen) > (msg + buflen)) - return (-1); - - *cp++ = 0; /* "." */ - PUTSHORT(ns_t_opt, cp); /* type */ - PUTSHORT(size, cp); /* class (udp size) */ - *cp++ = (rcode >> 4) & 0xff; /* ttl (rcode + version + flags) */ - hp->rcode = rcode & 0xf; - *cp++ = version; - PUTSHORT(flags, cp); - PUTSHORT(optlen, cp); /* rdlen */ - memcpy(cp, options, optlen); /* options */ - hp->arcount = htons(ntohs(hp->arcount) + 1); - return (1 + 2 + 2 + 4 + 2 + optlen); -} - -/* - * Process request using database; assemble and send response. - */ -void -ns_req(u_char *msg, int msglen, int buflen, struct qstream *qsp, - struct sockaddr_in from, int dfd) -{ - HEADER *hp = (HEADER *) msg; - u_char *cp, *eom; - enum req_action action = Return; - int n, ra, has_tsig, tsig_size = 0, opt_size = 0, sig2len; - u_char *tsigstart; - u_char sig[TSIG_SIG_SIZE], sig2[TSIG_SIG_SIZE]; - struct tsig_record *in_tsig = NULL; - int error = NOERROR; - int msglen_orig = msglen; - int buflen_orig = buflen; - int siglen = sizeof sig; - DST_KEY *key = NULL; - time_t tsig_time; - int opt = 0; - u_int8_t version = 0; - u_int16_t rcode = ns_r_noerror; - u_int16_t udpsize = 0; - int drop; - int tsig_adjust = 0; - -#ifdef DEBUG - if (debug > 3) { - ns_debug(ns_log_packet, 3, "ns_req(from %s)", sin_ntoa(from)); - fp_nquery(msg, msglen, log_get_stream(packet_channel)); - } -#endif - - drop = drop_port(ntohs(from.sin_port)); - if (qsp == NULL && drop == 1) - return; - - tsigstart = ns_find_tsig(msg, msg + msglen); - if (tsigstart == NULL) - has_tsig = 0; - else { - char buf[MAXDNAME]; - u_char tmp[NS_MAXCDNAME]; - - has_tsig = 1; - n = ns_name_unpack(msg, msg + msglen, tsigstart, - tmp, sizeof tmp); - if (n > 0) { - tsig_adjust = dn_skipname(tmp, tmp + sizeof(tmp)) - n; - if (ns_name_ntop(tmp, buf, sizeof buf) == -1) - n = -1; - else if (buf[0] == '.') - buf[0] = '\0'; - } - if (n < 0) { - ns_debug(ns_log_default, 1, - "ns_req: bad TSIG key name"); - error = ns_r_formerr; - hp->rcode = ns_r_formerr; - key = NULL; - } else if ((key = find_key(buf, NULL)) == NULL) { - error = ns_r_badkey; - hp->rcode = ns_r_notauth; - ns_debug(ns_log_default, 1, - "ns_req: TSIG verify failed - unknown key %s", - buf); - } -#ifdef LOG_TSIG_BUG - if (n < 0 || key == NULL) - ns_error(ns_log_security, - "SECURITY: POSSIBLE ATTEMPT TO EXERCISE \"TSIG BUG\" FROM %s: %s%s%s", - sin_ntoa(from), - (n < 0) ? "bad key (formerr)" : - "unknown key (", - (n < 0) ? "" : (buf[0] != '\0' ? buf : "."), - (n < 0) ? "" : ")"); -#endif - } - if (has_tsig && key != NULL) { - n = ns_verify(msg, &msglen, key, NULL, 0, sig, &siglen, - &tsig_time, 0); - if (n != 0) { - hp->rcode = ns_r_notauth; - /* A query should never have an error code set */ - if (n == ns_r_badsig || n == ns_r_badkey || - n == ns_r_badtime) { - ns_debug(ns_log_default, 1, - "ns_req: TSIG verify failed - query had error %s (%d) set", - p_rcode(n), n); - error = n; - action = Return; - } - /* If there's a processing error just respond */ - else if (n == -ns_r_badsig || n == -ns_r_badkey || - n == -ns_r_badtime) { - n = -n; - ns_debug(ns_log_default, 1, - "ns_req: TSIG verify failed - %s (%d)", - p_rcode(n), n); - error = n; - } else { - ns_debug(ns_log_default, 1, - "ns_req: TSIG verify failed - FORMERR"); - error = ns_r_formerr; - } - action = Finish; - } - in_tsig = memget(sizeof(struct tsig_record)); - if (in_tsig == NULL) - ns_panic(ns_log_default, 1, "memget failed"); - in_tsig->key = key; - in_tsig->siglen = siglen; - memcpy(in_tsig->sig, sig, siglen); - tsig_size = msglen_orig - msglen; - /* AXFR/IXFR need the uncompressed tsig size. */ - in_tsig->tsig_size = tsig_size + tsig_adjust; - } else if (has_tsig) { - action = Finish; - in_tsig = memget(sizeof(struct tsig_record)); - if (in_tsig == NULL) - ns_panic(ns_log_default, 1, "memget failed"); - in_tsig->key = NULL; - in_tsig->siglen = 0; - tsig_size = msg + msglen - tsigstart; - in_tsig->tsig_size = tsig_size; - msglen = tsigstart - msg; - } - - /* Hash some stuff so it's nice and random */ - nsid_hash((u_char *)&tt, sizeof(tt)); - nsid_hash(msg, (msglen > 512) ? 512 : msglen); - - if (error == NOERROR) { - - opt = ns_get_opt(msg, msg + msglen, &version, - NULL, NULL, &udpsize, NULL, NULL); - if (opt < 0) { - rcode = ns_r_formerr; - action = Finish; - } else if (opt == 0) { - if (qsp == NULL && buflen > PACKETSZ) - buflen_orig = buflen = PACKETSZ; - } else if (opt > 0) { - if (version != 0) { - rcode = ns_r_badvers; - action = Finish; - } - opt_size = 11; - if (udpsize < 512) - udpsize = 512; - if (qsp == NULL && buflen > udpsize) - buflen_orig = buflen = udpsize; - } - } else if (qsp == NULL && buflen > PACKETSZ) - buflen_orig = buflen = PACKETSZ; - - /* - * It's not a response so these bits have no business - * being set. will later simplify work if we can - * safely assume these are always 0 when a query - * comes in. - */ -#ifdef BIND_NOTIFY - if (hp->opcode != ns_o_notify) -#endif - hp->aa = 0; - hp->ra = 0; - ra = (NS_OPTION_P(OPTION_NORECURSE) == 0); - - if (error == NOERROR) - hp->rcode = ns_r_noerror; - if (rcode == ns_r_noerror) - rcode = hp->rcode; - cp = msg + HFIXEDSZ; - eom = msg + msglen; - buflen -= HFIXEDSZ; - - free_addinfo(); /* sets addcount to zero */ - dnptrs[0] = NULL; - - if (error == NOERROR && rcode == ns_r_noerror) { - switch (hp->opcode) { - case ns_o_query: - action = req_query(hp, &cp, eom, qsp, - &buflen, &msglen, - msg, dfd, &ra, from, - in_tsig, udpsize); - break; - - case ns_o_iquery: - action = req_iquery(hp, &cp, eom, &buflen, from); - break; - -#ifdef BIND_NOTIFY - case ns_o_notify: - action = req_notify(hp, &cp, eom, msg, from); - break; -#endif - -#ifdef BIND_UPDATE - case ns_o_update: - action = req_update(hp, cp, eom, msg, from, in_tsig); - break; -#endif /* BIND_UPDATE */ - - default: - ns_debug(ns_log_default, 1, - "ns_req: Opcode %d not implemented", - hp->opcode); - /* XXX - should syslog, limited by haveComplained */ - hp->qdcount = htons(0); - hp->ancount = htons(0); - hp->nscount = htons(0); - hp->arcount = htons(0); - hp->rcode = ns_r_notimpl; - action = Finish; - } - rcode = hp->rcode; - } - - if (in_tsig != NULL) { - memput(in_tsig, sizeof(struct tsig_record)); - in_tsig = NULL; - } - - /* - * Loop advoidance. - */ - if (qsp == NULL && drop == 2 && - (hp->rcode == FORMERR || hp->rcode == NOTIMP)) - action = Return; - - /* - * Vector via internal opcode. - */ - switch (action) { - case Return: - return; - case Refuse: - rcode = hp->rcode = ns_r_refused; - cp = eom; - /*FALLTHROUGH*/ - case Finish: - /* rest of the function handles this case */ - break; - default: - panic("ns_req: bad action variable", NULL); - /*NOTREACHED*/ - } - - /* - * Apply final polish. - */ - hp->qr = 1; /* set Response flag */ - hp->ra = ra; /* init above, may be modified by req_query */ - - if (!hp->tc && (has_tsig > 0 || opt > 0) && - buflen < (tsig_size + opt_size)) - hp->tc = 1; - - /* - * If there was a format error, then we don't know what the msg has. - */ - if (hp->rcode == ns_r_formerr || rcode == ns_r_badvers) { - hp->qdcount = htons(0); - hp->ancount = htons(0); - hp->nscount = htons(0); - hp->arcount = htons(0); - cp = msg + HFIXEDSZ; - } - - /* - * If the query had a TSIG / OPT and the message is truncated or - * there was a TSIG error, build a new message with no data and a - * TSIG / OPT. - */ - if ((hp->tc || error != NOERROR) && (has_tsig > 0 || opt > 0)) { - sign_again: - hp->ancount = htons(0); - hp->nscount = htons(0); - hp->arcount = htons(0); - cp = msg + HFIXEDSZ; - cp += ns_skiprr(cp, msg + msglen, ns_s_qd, ntohs(hp->qdcount)); - ns_name_rollback(cp, (const u_char **)dnptrs, - (const u_char **)dnptrs_end); - if (opt > 0) { - n = ns_add_opt(msg, cp, buflen_orig, 0, rcode, - server_options->edns_udp_size, - 0, NULL, 0); - if (n < 0) { - hp->qdcount = htons(0); - goto sign_again; - } - cp += n; - } - if (has_tsig > 0) { - sig2len = sizeof sig2; - msglen = cp - msg; - buflen = buflen_orig - msglen; - n = ns_sign2(msg, &msglen, msglen + buflen, error, key, - sig, siglen, sig2, &sig2len, tsig_time, - dnptrs, dnptrs_end); - if (n == NS_TSIG_ERROR_NO_SPACE && - ntohs(hp->qdcount) != 0) { - hp->qdcount = htons(0); - goto sign_again; - } - if (n != 0) - ns_info(ns_log_default, - "ns_req: unable to sign response"); - cp = msg + msglen; - } - } - /* Either the message is not truncated or there was no TSIG & OPT */ - else { - /* - * Reserve space for tsig if required. - */ - if (has_tsig > 0 || opt_size != 0) - buflen -= tsig_size + opt_size; - INSIST(buflen >= 0); - msglen = cp - msg; - n = doaddinfo(hp, cp, buflen); - cp += n; - buflen -= n; - msglen += n; - if (opt > 0) { - buflen += opt_size; - n = ns_add_opt(msg, cp, msglen + buflen, 0, rcode, - server_options->edns_udp_size, - 0, NULL, 0); - INSIST(n > 0); - cp += n; - buflen -= n; - msglen += n; - } - if (has_tsig > 0) { - buflen += tsig_size; - sig2len = sizeof sig2; - n = ns_sign2(msg, &msglen, msglen + buflen, error, key, - sig, siglen, sig2, &sig2len, tsig_time, - dnptrs, dnptrs_end); - if (n != 0) { - INSIST(0); - } - cp = msg + msglen; - } - } - -#ifdef DEBUG - if (ns_wouldlog(ns_log_default, 1)) { - ns_debug(ns_log_default, 1, - "ns_req: answer -> %s fd=%d id=%d size=%d rc=%d", - sin_ntoa(from), (qsp == NULL) ? dfd : qsp->s_rfd, - ntohs(hp->id), cp - msg, hp->rcode); - } - if (debug >= 10) - res_pquery(&res, msg, cp - msg, - log_get_stream(packet_channel)); -#endif /*DEBUG*/ - if (qsp == NULL) { - if (sendto(dfd, (char*)msg, cp - msg, 0, - (struct sockaddr *)&from, - sizeof from) < 0) { - if (!haveComplained(ina_ulong(from.sin_addr), - (u_long)sendtoStr)) - ns_info(ns_log_default, - "ns_req: sendto(%s): %s", - sin_ntoa(from), strerror(errno)); - nameserIncr(from.sin_addr, nssSendtoErr); - } - nameserIncr(from.sin_addr, nssSentAns); - if (hp->rcode == ns_r_nxdomain) - nameserIncr(from.sin_addr, nssSentNXD); - if (!hp->aa) - nameserIncr(from.sin_addr, nssSentNaAns); - } else - writestream(qsp, msg, cp - msg); - - /* Is now a safe time? */ - if (needs_prime_cache) - prime_cache(); -} - -#ifdef BIND_NOTIFY -int -findZonePri(const struct zoneinfo *zp, const struct sockaddr_in from) { - struct in_addr ina; - int i; - - ina = from.sin_addr; - for (i = 0; (u_int)i < zp->z_addrcnt; i++) - if (ina_equal(zp->z_addr[i], ina)) - return (i); - return (-1); -} - -static enum req_action -req_notify(HEADER *hp, u_char **cpp, u_char *eom, u_char *msg, - struct sockaddr_in from) -{ - int n, type, class; - char dnbuf[MAXDNAME]; - struct zoneinfo *zp; - - /* valid notify's are authoritative */ - if (!hp->aa) { - ns_debug(ns_log_notify, 1, - "FORMERR Notify request without AA"); -#ifdef not_yet - hp->rcode = ns_r_formerr; - return (Finish); -#endif - } - hp->aa = 0; - - /* valid notify's have one question */ - if (ntohs(hp->qdcount) != 1) { - ns_debug(ns_log_notify, 1, - "FORMERR Notify header counts wrong"); - hp->rcode = ns_r_formerr; - return (Finish); - } - - n = dn_expand(msg, eom, *cpp, dnbuf, sizeof dnbuf); - if (n < 0) { - ns_debug(ns_log_notify, 1, - "FORMERR Query expand name failed"); - hp->rcode = ns_r_formerr; - return (Finish); - } - *cpp += n; - if (*cpp + 2 * INT16SZ > eom) { - ns_debug(ns_log_notify, 1, - "FORMERR notify too short"); - hp->rcode = ns_r_formerr; - return (Finish); - } - GETSHORT(type, *cpp); - GETSHORT(class, *cpp); - ns_info(ns_log_notify, "rcvd NOTIFY(%s, %s, %s) from %s", - dnbuf, p_class(class), p_type(type), sin_ntoa(from)); - /* XXX - when answers are allowed, we'll need to do compression - * correctly here, and we will need to check for packet underflow. - */ - /* - * We are ignoring the other field, make sure the header reflects - * *cpp. - */ - hp->ancount = htons(0); - hp->nscount = htons(0); - hp->arcount = htons(0); - /* Find the zone this NOTIFY refers to. */ - zp = find_auth_zone(dnbuf, class); - if (zp == NULL) { - ns_info(ns_log_notify, - "rcvd NOTIFY for \"%s\", name not one of our zones", - dnbuf); - hp->rcode = ns_r_servfail; - return (Finish); - } - /* Access control. */ - switch (type) { - case T_SOA: - if (zp->z_type != z_slave) { - /* - * This can come if a user did an AXFR of some zone - * somewhere and that zone's server now wants to - * tell us that the SOA has changed. AXFR's always - * come from nonpriv ports so it isn't possible to - * know whether it was the server or just "dig". - * This condition can be avoided by using secure - * zones since that way only real secondaries can - * AXFR from you. - */ - ns_info(ns_log_notify, - "NOTIFY(SOA) for non-slave zone (%s), from %s", - dnbuf, sin_ntoa(from)); - goto refuse; - } - if (ns_samename(dnbuf, zp->z_origin) != 1) { - ns_info(ns_log_notify, - "NOTIFY(SOA) for non-origin (%s), from %s", - dnbuf, sin_ntoa(from)); - goto refuse; - } - if (findZonePri(zp, from) == -1) { - ns_debug(ns_log_notify, 1, - "NOTIFY(SOA) from non-master server (zone %s), from %s", - zp->z_origin, sin_ntoa(from)); - goto refuse; - } - break; - default: - /* No access requirements defined for other types. */ - break; - } - /* The work occurs here. */ - switch (type) { - case T_SOA: - if (zp->z_flags & - (Z_NEED_RELOAD|Z_NEED_XFER|Z_QSERIAL|Z_XFER_RUNNING)) { - ns_info(ns_log_notify, - "NOTIFY(SOA) for zone already xferring (%s)", - dnbuf); - zp->z_flags |= Z_NEEDREFRESH; - goto noerror; - } - zp->z_time = tt.tv_sec; - qserial_query(zp); - sched_zone_maint(zp); - break; - default: - /* - * Unimplemented, but it's not a protocol error, just - * something to be ignored. - */ - hp->rcode = ns_r_notimpl; - return (Finish); - } - noerror: - hp->rcode = ns_r_noerror; - hp->aa = 1; - return (Finish); - refuse: - hp->rcode = ns_r_refused; - return (Finish); -} -#endif /*BIND_NOTIFY*/ - -static int -add_bind(HEADER *hp, u_char **cpp, u_char *msg, int *msglenp, - const char *label, const char *data) -{ - u_char *tp; - - hp->ancount = htons(1); - hp->nscount = htons(0); - hp->arcount = htons(0); - hp->rcode = ns_r_noerror; - hp->aa = 1; - hp->ra = 0; - copyCharString(cpp, label); /* Name */ - copyCharString(cpp, "BIND"); - *(*cpp)++ = 0x00; - PUTSHORT(T_TXT, *cpp); /* Type */ - PUTSHORT(C_CHAOS, *cpp); /* Class */ - PUTLONG(0, *cpp); /* TTL */ - tp = *cpp; /* Temp RdLength */ - PUTSHORT(0, *cpp); - copyCharString(cpp, data); - PUTSHORT((*cpp) - (tp + INT16SZ), tp); /* Real RdLength */ - *msglenp = *cpp - msg; /* Total message length */ - return (Finish); -} - -static enum req_action -req_query(HEADER *hp, u_char **cpp, u_char *eom, struct qstream *qsp, - int *buflenp, int *msglenp, u_char *msg, int dfd, int *ra, - struct sockaddr_in from, struct tsig_record *in_tsig, - u_int16_t udpsize) -{ - int n, class, type, count, zone, foundname, founddata, omsglen, cname; - int recursion_blocked_by_acl; - u_int16_t id; - u_int32_t serial_ixfr = 0; - int ixfr_found; - int ixfr_error = 0; - char dnbuf2[MAXDNAME]; - u_char **dpp, *omsg, *answers, *afterq; - char dnbuf[MAXDNAME], *dname; - const char *fname; - struct hashbuf *htp; - struct databuf *nsp[NSMAX]; - struct namebuf *np, *anp; - struct qinfo *qp; - struct zoneinfo *zp; - struct databuf *dp; - DST_KEY *in_key = (in_tsig != NULL) ? in_tsig->key : NULL; - int access_class; - int adjustlen = 0; - int pass = 0; - char tsig_keyname_mesg[15+MAXDNAME] = ""; - int glueok; - - nameserIncr(from.sin_addr, nssRcvdQ); - - nsp[0] = NULL; - dpp = dnptrs; - *dpp++ = msg; - *dpp = NULL; - /* - * Make gcc happy. - */ - omsglen = 0; - omsg = NULL; - id = 0; - recursion_blocked_by_acl = 0; - - /* valid queries have one question and zero answers */ - if ((ntohs(hp->qdcount) != 1) - || ntohs(hp->ancount) != 0) { - ns_debug(ns_log_default, 1, - "FORMERR Query header counts wrong"); - hp->rcode = ns_r_formerr; - return (Finish); - } - - if (ntohs(hp->arcount) != 0) { - ns_debug(ns_log_default, 1, "Ignoring addition section"); - hp->arcount = htons(0); - adjustlen = 1; - } - - /* - * Get domain name, class, and type. - */ - if ((**cpp & INDIR_MASK) == 0) - *dpp++ = *cpp; /* remember name for compression */ - *dpp = NULL; - n = dn_expand(msg, eom, *cpp, dnbuf, sizeof dnbuf); - if (n < 0) { - ns_debug(ns_log_default, 1, - "FORMERR Query expand name failed"); - hp->rcode = ns_r_formerr; - return (Finish); - } - *cpp += n; - if (*cpp + 2 * INT16SZ > eom) { - ns_debug(ns_log_default, 1, - "FORMERR Query message length short"); - hp->rcode = ns_r_formerr; - return (Finish); - } - GETSHORT(type, *cpp); - GETSHORT(class, *cpp); - if (*cpp < eom && type != ns_t_ixfr) { - if (!adjustlen) - ns_debug(ns_log_default, 6, - "message length > received message"); - *msglenp = *cpp - msg; - } - - if (((ntohs(hp->nscount) != 0) && (type != ns_t_ixfr)) || - ((ntohs(hp->nscount) != 1) && (type == ns_t_ixfr))) - { - ns_debug(ns_log_default, 1, "FORMERR Query nscount wrong"); - hp->rcode = ns_r_formerr; - return (Finish); - } - - afterq = *cpp; - qtypeIncr(type); - - /* - * Process query. - */ - if (type == ns_t_ixfr) { - ns_info(ns_log_security, "Request %s from %s", - p_type(type), sin_ntoa(from)); - hp->nscount = htons(0); - hp->rd = 0; /* Force IXFR queries to be non recursive. */ - n = dn_expand(msg, eom, *cpp, dnbuf2, sizeof dnbuf2); - if (n < 0) { - ns_debug(ns_log_default, 1, - "FORMERR Query expand name failed"); - hp->rcode = ns_r_formerr; - return (Finish); - } - *cpp += n; - if (*cpp + 3 * INT16SZ + INT32SZ > eom) { - ns_debug(ns_log_default, 1, - "ran out of data in IXFR query"); - hp->rcode = ns_r_formerr; - return (Finish); - } - GETSHORT(n, *cpp); - if (n != ns_t_soa || ns_samename(dnbuf, dnbuf2) != 1) { - ns_debug(ns_log_default, 1, - "FORMERR SOA record expected"); - hp->rcode = ns_r_formerr; - return (Finish); - } - *cpp += INT32SZ + INT16SZ * 2; /* skip class, ttl, dlen */ - if (0 >= (n = dn_skipname(*cpp, eom))) { - ns_debug(ns_log_default, 1, - "FORMERR Query expand name failed"); - hp->rcode = ns_r_formerr; - return (Finish); - } - *cpp += n; /* mname */ - if (0 >= (n = dn_skipname(*cpp, eom))) { - ns_debug(ns_log_default, 1, - "FORMERR Query expand name failed"); - hp->rcode = ns_r_formerr; - return (Finish); - } - *cpp += n; /* rname */ - if (*cpp + 5 * INT32SZ > eom) { - ns_debug(ns_log_default, 1, - "ran out of data in IXFR query"); - hp->rcode = ns_r_formerr; - return (Finish); - } - GETLONG(serial_ixfr, *cpp); - /* ignore other soa counters */ - if ((*cpp + (4 * INT32SZ)) < eom && !adjustlen) - ns_debug(ns_log_default, 6, - "ixfr: message length > received message"); - /* Reset msglenp to cover just the question. */ - *msglenp = afterq - msg; - } - *cpp = afterq; - - if (!ns_t_udp_p(type)) { - /* Refuse request if not a TCP connection. */ - if (qsp == NULL) { - ns_info(ns_log_default, - "rejected UDP %s from %s for \"%s\"", - p_type(type), sin_ntoa(from), - *dnbuf ? dnbuf : "."); - return (Refuse); - } - /* The position of this is subtle. */ - nameserIncr(from.sin_addr, nssRcvdAXFR); - hp->rd = 0; /* Recursion not possible. */ - } - *buflenp -= (*msglenp - HFIXEDSZ); - count = 0; - founddata = 0; - dname = dnbuf; - cname = 0; - -#ifdef QRYLOG - if (qrylog) { - ns_info(ns_log_queries, "%s/%s/%s/%s/%s", - (hp->rd) ? "XX+" : "XX ", - inet_ntoa(from.sin_addr), - (dname[0] == '\0') ? "." : dname, - p_type(type), p_class(class)); - } -#endif /*QRYLOG*/ - - try_again: - pass++; - foundname = 0; - ns_debug(ns_log_default, 1, "req: nlookup(%s) id %d type=%d class=%d", - dname, ntohs(hp->id), type, class); - htp = hashtab; /* lookup relative to root */ - if ((anp = np = nlookup(dname, &htp, &fname, 0)) == NULL) - fname = ""; - ns_debug(ns_log_default, 1, "req: %s '%s' as '%s' (cname=%d)", - np == NULL ? "missed" : "found", - dname, fname, cname); - -#ifdef YPKLUDGE - /* Some braindamaged resolver software will not - recognize internet addresses in dot notation and - send out address queries for "names" such as - 128.93.8.1. This kludge will prevent those - from flooding higher level servers. - We simply claim to be authoritative and that - the domain doesn't exist. - Note that we could return the address but we - don't do that in order to encourage that broken - software is fixed. - */ - - if (!np && type == T_A && class == C_IN && dname) { - struct in_addr ina; - - if (inet_aton(dname, &ina)) { - hp->rcode = ns_r_nxdomain; - hp->aa = 1; - ns_debug(ns_log_default, 3, - "ypkludge: hit as '%s'", dname); - return (Finish); - } - } -#endif /*YPKLUDGE*/ - - /* - * Don't accept in a query names which would be rejected in responses. - * (This is primarily in case we have to forward it, but it's also a - * matter of architectural symmetry.) - */ - if (!ns_nameok(NULL, dname, class, NULL, response_trans, - ns_ownercontext(type, response_trans), - dname, from.sin_addr)) { - ns_debug(ns_log_default, 1, "bad name in query"); - hp->rcode = ns_r_formerr; - return (Refuse); - } - - /* - * Begin Access Control Point - */ - zone = DB_Z_CACHE; - - /* - * Map class ANY to to class IN for the purpose of access control. - */ - access_class = (class == C_ANY && !ns_t_xfr_p(type)) ? C_IN : class; - - if (np) { -#ifndef FORWARD_ALLOWS - struct namebuf *access_np; - - /* - * Find out which zone this will be answered from. Note - * that we look for a zone with the same class as ours. - * The np that we found in the database might not be the - * one we asked for (i.e. dname might not equal fname). This - * is OK, since if a name doesn't exist, we need to go up - * the tree until we find the closest enclosing zone that - * is of the same class. - */ - for (access_np = np; access_np != NULL; - access_np = np_parent(access_np)) { - dp = access_np->n_data; - while (dp && dp->d_class != access_class) - dp = dp->d_next; - if (dp != NULL) { - zone = dp->d_zone; - break; - } - } -#else - /* - * Try looking for forward zone. It can be deeper than - * any entry in the cache. - */ - if (zone == DB_Z_CACHE) { - char *s = dname; - int escape = 0; - while ((zp = find_zone(s, access_class)) == NULL) { - if (*s == '\0') - break; - while (*s != '\0' && (escape || *s != '.')) { - escape = escape ? 0 : (*s == '\\'); - s++; - } - if (*s == '.') - s++; - } - if (zp != NULL) - zone = zp - zones; - } -#endif - } - - zp = &zones[zone]; - - ixfr_found = 0; - if (type == ns_t_ixfr && zone != DB_Z_CACHE) { - if (SEQ_GT(serial_ixfr, zp->z_serial)) - ixfr_found = 0; - else { - ixfr_error = ixfr_have_log(zp, serial_ixfr, - zp->z_serial); - if (ixfr_error < 0) { - ns_info(ns_log_security, "No %s log from %d for \"%s\"", - p_type(type), serial_ixfr, *dname ? dname : "."); - ns_debug(ns_log_default, - 1, "ixfr_have_log(%d %d) failed %d", - serial_ixfr, zp->z_serial, ixfr_error); - ixfr_found = 0; /* Refuse IXFR and send AXFR */ - } else if (ixfr_error == 1) { - ixfr_found = 1; - } - } - ns_debug(ns_log_default, 1, "IXFR log lowest serial: %d", - zp->z_serial_ixfr_start); - } - /* - * If recursion is turned on, we need to check recursion ACL - * if it exists - and return result to caller. - */ - { - ip_match_list recursion_acl; - - recursion_acl = server_options->recursion_acl; - if (!NS_OPTION_P(OPTION_NORECURSE) && recursion_acl != NULL - && !ip_address_allowed(recursion_acl, from.sin_addr)) { - recursion_blocked_by_acl = 1; - *ra = 0; - } - } - - /* - * Are queries allowed from this host? - */ - if (!ns_t_xfr_p(type)) { - ip_match_list query_acl; - - if (zp->z_query_acl != NULL) - query_acl = zp->z_query_acl; - else - query_acl = server_options->query_acl; - - if (query_acl != NULL - && !ip_addr_or_key_allowed(query_acl, from.sin_addr, - in_key)) - { - /* - * If this is *not* a zone acl and we would not - * have recursed and we have some answer return - * what we have with a referral. - */ - if ((zp->z_query_acl == NULL) && - (!hp->rd || NS_OPTION_P(OPTION_NORECURSE) || - recursion_blocked_by_acl) && - (ntohs(hp->ancount) != 0)) { - goto fetchns; - } - - /* - * See if we would have made a referral from - * an enclosing zone if we are actually in the - * cache. - */ - if (zp->z_type == z_cache && np != NULL) { - struct namebuf *access_np; - - zone = DB_Z_CACHE; - for (access_np = np; access_np != NULL; - access_np = np_parent(access_np)) { - dp = access_np->n_data; - while (dp && - (dp->d_class != access_class || - dp->d_zone == DB_Z_CACHE)) - dp = dp->d_next; - if (dp != NULL) { - zone = dp->d_zone; - np = access_np; - break; - } - } - zp = &zones[zone]; - if (zp->z_type != z_cache && - zp->z_query_acl != NULL && - ip_addr_or_key_allowed(zp->z_query_acl, - from.sin_addr, in_key) && - (!hp->rd || recursion_blocked_by_acl || - NS_OPTION_P(OPTION_NORECURSE))) { - goto fetchns; - } - } -#ifdef NXDOMAIN_ON_DENIAL - hp->rcode = ns_r_nxdomain; - return (Finish); -#else - ns_notice(ns_log_security, - "denied query from %s for \"%s\" %s/%s", - sin_ntoa(from), *dname ? dname : ".", - p_type(type), p_class(class)); - nameserIncr(from.sin_addr, nssRcvdUQ); - return (Refuse); -#endif - } - } else { - ip_match_list transfer_acl; - - /* Do they have permission to do a zone transfer? */ - - if (zp->z_transfer_acl != NULL) - transfer_acl = zp->z_transfer_acl; - else - transfer_acl = server_options->transfer_acl; - - if (transfer_acl != NULL - && !ip_addr_or_key_allowed(transfer_acl, from.sin_addr, - in_key)) - { - ns_notice(ns_log_security, - "denied %s from %s for \"%s\" %s (acl)", - p_type(type), sin_ntoa(from), - *dname ? dname : ".", p_class(class)); - nameserIncr(from.sin_addr, nssRcvdUXFR); - if (type == ns_t_ixfr) { - hp->rcode = ns_r_refused; - return (Finish); - } - return (Refuse); - } - - /* Are we master or slave? */ - - if (zp->z_type != z_master && zp->z_type != z_slave) { - ns_notice(ns_log_security, - "denied %s from %s for \"%s\" (not master/slave)", - p_type(type), sin_ntoa(from), - *dname ? dname : "."); - nameserIncr(from.sin_addr, nssRcvdUXFR); - if (type == ns_t_ixfr) { - hp->rcode = ns_r_refused; - return (Finish); - } - return (Refuse); - } - - /* Are we authoritative? */ - - if ((zp->z_flags & Z_AUTH) == 0) { - ns_notice(ns_log_security, - "denied %s from %s for \"%s\" %s (not authoritative)", - p_type(type), sin_ntoa(from), - *dname ? dname : ".", p_class(class)); - nameserIncr(from.sin_addr, nssRcvdUXFR); - if (type == ns_t_ixfr) { - hp->rcode = ns_r_refused; - return (Finish); - } - return (Refuse); - } - - /* Is the name at a zone cut? */ - - if (ns_samename(zp->z_origin, dname) != 1) { - ns_notice(ns_log_security, - "denied %s from %s for \"%s\" %s (not zone top)", - p_type(type), sin_ntoa(from), - *dname ? dname : ".", p_class(class)); - nameserIncr(from.sin_addr, nssRcvdUXFR); - if (type == ns_t_ixfr) { - hp->rcode = ns_r_refused; - return (Finish); - } - return (Refuse); - } - - if (in_key != NULL) - sprintf(tsig_keyname_mesg, " (TSIG key \"%s\")", - in_key->dk_key_name); - - if (type == ns_t_ixfr) - ns_info(ns_log_security, "approved %s from %s for \"%s\"%s", - (ixfr_found) ? p_type(type) : "IXFR/AXFR", - sin_ntoa(from), *dname ? dname : ".", - tsig_keyname_mesg); - else - ns_info(ns_log_security, "approved %s from %s for \"%s\"%s", - p_type(type), sin_ntoa(from), *dname ? dname : ".", - tsig_keyname_mesg); - } - - /* - * End Access Control Point - */ - /* - * Yow! - */ - if (class == ns_c_chaos && type == ns_t_txt && - ns_samename(dnbuf, "VERSION.BIND") == 1 && - server_options->version != NULL && - server_options->version[0] != '\0') - return (add_bind(hp, cpp, msg, msglenp, - "VERSION", server_options->version)); - - if (class == ns_c_chaos && type == ns_t_txt && - ns_samename(dnbuf, "HOSTNAME.BIND") == 1 && - server_options->hostname != NULL && - server_options->hostname[0] != '\0') - return (add_bind(hp, cpp, msg, msglenp, - "HOSTNAME", server_options->hostname)); - - /* - * If we don't know anything about the requested name, - * go look for nameservers. - */ - if (!np || fname != dname) - goto fetchns; - - foundname++; - answers = *cpp; - count = *cpp - msg; - - /* The response is authoritative until we add insecure data */ - hp->ad = 1; - - /* Look for NXDOMAIN record with appropriate class - * if found return immediately - */ - for (dp = np->n_data; dp; dp = dp->d_next) { - if (!stale(dp) && (dp->d_rcode == ns_r_nxdomain) && - (dp->d_class == class)) { -#ifdef RETURNSOA - n = finddata(np, class, T_SOA, hp, &dname, - buflenp, &count, pass, 1); - if (n != 0) { - if (count) { - *cpp += n; - *buflenp -= n; - *msglenp += n; - hp->nscount = htons((u_int16_t)count); - } - if (hp->rcode == NOERROR_NODATA) { - /* this should not occur */ - hp->rcode = ns_r_noerror; - return (Finish); - } - } -#else - count = 0; -#endif - hp->rcode = ns_r_nxdomain; - /* - * XXX forcing AA all the time isn't right, but - * we have to work that way by default - * for compatibility with older servers. - */ - if (!NS_OPTION_P(OPTION_NONAUTH_NXDOMAIN)) - hp->aa = 1; - ns_debug(ns_log_default, 3, "NXDOMAIN aa = %d", - hp->aa); - if ((count == 0) || NS_OPTION_P(OPTION_NORFC2308_TYPE1)) - return (Finish); - founddata = 1; - goto fetchns; - } - } - - /* - * If not NXDOMAIN, the NOERROR_NODATA record might be - * anywhere in the chain. Have to go through the grind. - */ - glueok = !NS_OPTION_P(OPTION_NORECURSE); - n = finddata(np, class, type, hp, &dname, buflenp, &count, pass, - glueok); - if (n == 0) { - /* - * NO data available. Refuse transfer requests, or - * look for better servers for other requests. - */ - if (ns_t_xfr_p(type)) { - ns_debug(ns_log_default, 1, - "transfer refused: no data"); - return (Refuse); - } - goto fetchns; - } - - if (hp->rcode == NOERROR_NODATA) { - hp->rcode = ns_r_noerror; -#ifdef RETURNSOA - if (count) { - *cpp += n; - *buflenp -= n; - *msglenp += n; - hp->nscount = htons(count); - } -#endif - founddata = 1; - ns_debug(ns_log_default, 1, "count = %d", count); - if ((count == 0) || NS_OPTION_P(OPTION_NORFC2308_TYPE1)) - return (Finish); - goto fetchns; - } - - *cpp += n; - *buflenp -= n; - *msglenp += n; - hp->ancount = htons(ntohs(hp->ancount) + (u_int16_t)count); - if (fname != dname && type != T_CNAME && type != T_ANY) { - if (cname++ >= MAXCNAMES) { - ns_debug(ns_log_default, 3, - "resp: leaving, MAXCNAMES exceeded"); - hp->rcode = ns_r_servfail; - return (Finish); - } - goto try_again; - } - founddata = 1; - ns_debug(ns_log_default, 3, - "req: foundname=%d, count=%d, founddata=%d, cname=%d", - foundname, count, founddata, cname); - - if (ns_t_xfr_p(type)) { -#ifdef BIND_UPDATE - if ((zp->z_flags & Z_NEED_SOAUPDATE) != 0) - if (incr_serial(zp) < 0) - ns_error(ns_log_default, - "error updating serial number for %s from %d", - zp->z_origin, zp->z_serial); -#endif - /* - * Just return SOA if "up to date". - */ - if (type == ns_t_ixfr) { - hp->aa = 1; - if ((SEQ_GT(serial_ixfr, zp->z_serial) || - serial_ixfr == zp->z_serial)) { - return (Finish); - } - } - - /* - * We don't handle UDP based IXFR queries (yet). - * Tell client to retry with TCP by returning SOA. - */ - if (qsp == NULL) - return (Finish); - else { - if (!ixfr_found && type == ns_t_ixfr) { - qsp->flags |= STREAM_AXFRIXFR; - hp->qdcount = htons(1); - } - ns_xfr(qsp, np, zone, class, type, - hp->opcode, ntohs(hp->id), - serial_ixfr, in_tsig); - } - return (Return); - } - - if (count > 1 && type == T_A && !NS_OPTION_P(OPTION_NORECURSE) && - hp->rd) - sort_response(answers, *cpp, count, &from); - - fetchns: - /* - * If we're already out of room in the response, we're done. - */ - if (hp->tc) - return (Finish); - - if (hp->ancount == 0) - hp->ad = 0; - - /* - * Look for name servers to refer to and fill in the authority - * section or record the address for forwarding the query - * (recursion desired). - */ - free_nsp(nsp); - nsp[0] = NULL; - count = 0; - switch (findns(&np, class, nsp, &count, 0)) { - case NXDOMAIN: - /* We are authoritative for this np. */ - if (!foundname) - hp->rcode = ns_r_nxdomain; - ns_debug(ns_log_default, 3, "req: leaving (%s, rcode %d)", - dname, hp->rcode); - if (class != C_ANY) { - if (!cname) - hp->aa = 1; - if (np && (!foundname || !founddata)) { - n = doaddauth(hp, *cpp, *buflenp, np, nsp[0]); - *cpp += n; - *buflenp -= n; -#ifdef ADDAUTH - } else if (ntohs(hp->ancount) != 0) { - /* don't add NS records for NOERROR NODATA - as some servers can get confused */ - free_nsp(nsp); - switch (findns(&np, class, nsp, &count, 1)) { - case NXDOMAIN: - case SERVFAIL: - break; - default: - if (np && - (type != T_NS || np != anp) - ) { - n = add_data(np, nsp, *cpp, - *buflenp, &count); - if (n < 0) { - hp->tc = 1; - n = (-n); - } - *cpp += n; - *buflenp -= n; - hp->nscount = - htons((u_int16_t) - count); - } - } -#endif /*ADDAUTH*/ - } - } - free_nsp(nsp); - return (Finish); - - case SERVFAIL: - /* We're authoritative but the zone isn't loaded. */ - if (!founddata && - !(NS_ZOPTION_P(zp, OPTION_FORWARD_ONLY) && - NS_ZFWDTAB(zp))) { - hp->rcode = ns_r_servfail; - free_nsp(nsp); - return (Finish); - } - } - - if (!founddata && hp->rd && recursion_blocked_by_acl) { - ns_notice(ns_log_security, - "denied recursion for query from %s for %s %s", - sin_ntoa(from), *dname ? dname : ".", p_class(class)); - nameserIncr(from.sin_addr, nssRcvdURQ); - } - - /* - * If we successfully found the answer in the cache, - * or this is not a recursive query, or we are purposely - * never recursing, or recursion is prohibited by ACL, then - * add the nameserver references("authority section") here - * and we're done. - */ - if (founddata || !hp->rd || NS_OPTION_P(OPTION_NORECURSE) - || recursion_blocked_by_acl) { - /* - * If the qtype was NS, and the np of the authority is - * the same as the np of the data, we don't need to add - * another copy of the answer here in the authority - * section. - */ - if (!founddata || type != T_NS || anp != np) { - n = add_data(np, nsp, *cpp, *buflenp, &count); - if (n < 0) { - hp->tc = 1; - n = (-n); - } - *cpp += n; - *buflenp -= n; - hp->nscount = htons(ntohs(hp->nscount) + - (u_int16_t)count); - } - free_nsp(nsp); - - /* Our caller will handle the Additional section. */ - return (Finish); - } - - /* - * At this point, we don't have the answer, but we do - * have some NS's to try. If the user would like us - * to recurse, create the initial query. If a cname - * is involved, we need to build a new query and save - * the old one in cmsg/cmsglen. - */ - if (cname) { - omsg = (u_char *)memget((unsigned) *msglenp); - if (omsg == NULL) { - ns_info(ns_log_default, "ns_req: Out Of Memory"); - hp->rcode = ns_r_servfail; - free_nsp(nsp); - return (Finish); - } - id = hp->id; - omsglen = *msglenp; - memcpy(omsg, msg, omsglen); - n = res_nmkquery(&res, QUERY, dname, class, type, - NULL, 0, NULL, msg, - *msglenp + *buflenp); - if (n < 0) { - ns_info(ns_log_default, "res_mkquery(%s) failed", - dname); - memcpy(msg, omsg, omsglen); - memput(omsg, omsglen); - hp->rcode = ns_r_servfail; - free_nsp(nsp); - return (Finish); - } - *msglenp = n; - } - n = ns_forw(nsp, msg, *msglenp, from, qsp, dfd, &qp, - dname, class, type, np, 0, in_tsig); - if (n != FW_OK && cname) { - memcpy(msg, omsg, omsglen); - memput(omsg, omsglen); - *msglenp = omsglen; - omsg = NULL; - } - switch (n) { - case FW_OK: - if (cname) { - qp->q_cname = cname; - qp->q_cmsg = omsg; - qp->q_cmsglen = omsglen; - qp->q_cmsgsize = omsglen; - qp->q_id = id; - } - if (udpsize != 0) { - qp->q_flags |= Q_EDNS; - qp->q_udpsize = udpsize; - } else - qp->q_udpsize = PACKETSZ; - break; - case FW_DUP: - break; /* Duplicate request dropped */ - case FW_NOSERVER: - /* - * Don't go into an infinite loop if - * the admin gave root NS records in the cache - * file without giving address records - * for the root servers. - */ - if (np) { - if (NAME(*np)[0] == '\0') { - ns_notice(ns_log_default, - "ns_req: no address for root server"); - hp->rcode = ns_r_servfail; - free_nsp(nsp); - return (Finish); - } - for (dp = np->n_data; dp ; dp = dp->d_next) - if (dp->d_zone && match(dp, class, T_NS)) - break; - if (dp) { - /* - * we know the child zone exists but are - * missing glue. - * - * nslookup has called sysquery() to get the - * missing glue. - * - * for UDP, drop the response and let the - * client retry. for TCP, we should probably - * (XXX) hold open the TCP connection for a - * while in case the sysquery() comes back - * soon. meanwhile we SERVFAIL. - */ - if (qsp) - goto do_servfail; - break; - } - np = np_parent(np); - } - goto fetchns; /* Try again. */ - case FW_SERVFAIL: - do_servfail: - hp->rcode = ns_r_servfail; - free_nsp(nsp); - return (Finish); - } - free_nsp(nsp); - return (Return); -} - -static enum req_action -req_iquery(HEADER *hp, u_char **cpp, u_char *eom, int *buflenp, - struct sockaddr_in from) -{ - u_int rdata_offset; - size_t alen; - int dlen, n; - ns_type type; - ns_class class; - u_char anbuf[PACKETSZ], *anptr; - char dnbuf[MAXDNAME]; - - nameserIncr(from.sin_addr, nssRcvdIQ); - - if (ntohs(hp->ancount) != 1 || - ntohs(hp->qdcount) != 0 || - ntohs(hp->nscount) != 0 || - ntohs(hp->arcount) != 0) { - ns_debug(ns_log_default, 1, - "FORMERR IQuery header counts wrong"); - hp->rcode = ns_r_formerr; - return (Finish); - } - - /* - * Skip domain name, get class, and type. - */ - anptr = *cpp; - n = dn_skipname(*cpp, eom); - if (n < 0) { - ns_debug(ns_log_default, 1, - "FORMERR IQuery packet name problem"); - hp->rcode = ns_r_formerr; - return (Finish); - } - *cpp += n; - if (*cpp + 3 * INT16SZ + INT32SZ > eom) { - ns_debug(ns_log_default, 1, - "FORMERR IQuery message too short"); - hp->rcode = ns_r_formerr; - return (Finish); - } - GETSHORT(type, *cpp); - GETSHORT(class, *cpp); - *cpp += INT32SZ; /* ttl */ - GETSHORT(dlen, *cpp); - if (*cpp + dlen != eom) { - ns_debug(ns_log_default, 1, - "FORMERR IQuery message length off"); - hp->rcode = ns_r_formerr; - return (Finish); - } - rdata_offset = *cpp - anptr; - *cpp += dlen; - INSIST(*cpp == eom); - - /* - * Not all inverse queries are handled. - */ - if (type != ns_t_a) { - ns_warning(ns_log_security, - "unsupported iquery type from %s", - inet_ntoa(from.sin_addr)); - return (Refuse); - } - if (dlen != INT32SZ) { - ns_warning(ns_log_security, - "bad iquery from %s", - inet_ntoa(from.sin_addr)); - return (Refuse); - } - if (!NS_OPTION_P(OPTION_FAKE_IQUERY)) - return (Refuse); - - ns_debug(ns_log_default, 1, - "req: IQuery class %d type %d", class, type); - - alen = eom - anptr; - if (alen > sizeof anbuf) { - ns_warning(ns_log_security, - "bad iquery from %s", - inet_ntoa(from.sin_addr)); - return (Refuse); - } - memcpy(anbuf, anptr, alen); - *cpp = anptr; - *buflenp -= HFIXEDSZ; - -#ifdef QRYLOG - if (qrylog) { - char tmp[sizeof "255.255.255.255"]; - - strcpy(tmp, inet_ntoa(from.sin_addr)); - ns_info(ns_log_queries, "XX /%s/%s/-%s", - tmp, inet_ntoa(ina_get(&anbuf[rdata_offset])), - p_type(type)); - } -#endif /*QRYLOG*/ - - /* - * We can only get here if the option "fake-iquery" is on in the boot - * file. - * - * What we do here is send back a bogus response of "[dottedquad]". - * A better strategy would be to turn this into a PTR query, but that - * would legitimize inverse queries in a way they do not deserve. - */ - sprintf(dnbuf, "[%s]", inet_ntoa(ina_get(&anbuf[rdata_offset]))); - *buflenp -= QFIXEDSZ; - n = dn_comp(dnbuf, *cpp, *buflenp, NULL, NULL); - if (n < 0) { - hp->tc = 1; - return (Finish); - } - *cpp += n; - *buflenp -= n; - PUTSHORT((u_int16_t)type, *cpp); - *buflenp -= INT16SZ; - PUTSHORT((u_int16_t)class, *cpp); - *buflenp -= INT16SZ; - - hp->qdcount = htons(1); - if ((int)alen > *buflenp) { - hp->tc = 1; - return (Finish); - } - memcpy(*cpp, anbuf, alen); - *cpp += alen; - *buflenp -= alen; - return (Finish); -} - -/* - * Test a datum for validity and return non-zero if it is out of date. - */ -int -stale(struct databuf *dp) { - struct zoneinfo *zp = &zones[dp->d_zone]; - -#ifdef CHECK_MAGIC - INSIST(dp->d_magic == DATABUF_MAGIC); -#endif - - switch (zp->z_type) { - - case z_master: - return (0); - -#ifdef STUBS - case z_stub: - /* root stub zones have DB_F_HINT set */ - if (dp->d_flags & DB_F_HINT) - return (0); - /* FALLTROUGH */ -#endif - case z_slave: - /* - * Check to see whether a slave zone has expired or - * time warped; if so clear authority flag for zone, - * schedule the zone for immediate maintenance, and - * return true. - */ - if ((int32_t)(tt.tv_sec - zp->z_lastupdate) - > (int32_t)zp->z_expire) { - ns_debug(ns_log_default, 1, - "stale: slave zone %s expired", - zp->z_origin); - if (!haveComplained((u_long)zp, (u_long)stale)) { - ns_notice(ns_log_default, - "slave zone \"%s\" expired", - zp->z_origin); - } - zp->z_flags &= ~Z_AUTH; - if ((zp->z_flags & (Z_QSERIAL|Z_XFER_RUNNING)) == 0) { - zp->z_time = tt.tv_sec; - sched_zone_maint(zp); - } - return (1); - } - if (zp->z_lastupdate > tt.tv_sec) { - if (!haveComplained((u_long)zp, (u_long)stale)) { - ns_notice(ns_log_default, - "slave zone \"%s\" time warp", - zp->z_origin); - } - zp->z_flags &= ~Z_AUTH; - if ((zp->z_flags & (Z_QSERIAL|Z_XFER_RUNNING)) == 0) { - zp->z_time = tt.tv_sec; - sched_zone_maint(zp); - } - return (1); - } - return (0); - - case z_hint: - case z_cache: - if (dp->d_flags & DB_F_HINT || - dp->d_ttl >= (u_int32_t)tt.tv_sec) - return (0); - ns_debug(ns_log_default, 3, "stale: ttl %d %ld (x%lx)", - dp->d_ttl, (long)(dp->d_ttl - tt.tv_sec), - (u_long)dp->d_flags); - return (1); - - default: - /* FALLTHROUGH */ ; - } - panic("stale: impossible condition", NULL); - /* NOTREACHED */ - return (0); /* Make gcc happy. */ -} - -/* - * Copy databuf into a resource record for replies. - * Return size of RR if OK, -1 if buffer is full. - */ -int -make_rr(const char *name, struct databuf *dp, u_char *buf, - int buflen, int doadd, u_char **comp_ptrs, u_char **edp, - int use_minimum) -{ - u_char *cp; - u_char *cp1, *sp; - struct zoneinfo *zp; - int32_t n; - int16_t type = dp->d_type; - u_int32_t ttl; - u_char naptr_flag; - - ns_debug(ns_log_default, 5, - "make_rr(%s, %lx, %lx, %d, %d) %d zone %d ttl %lu", - name, (u_long)dp, (u_long)buf, - buflen, doadd, dp->d_size, dp->d_zone, (u_long)dp->d_ttl); - - if (dp->d_rcode && dp->d_size == 0) - panic("make_rr: impossible d_rcode value", NULL); - - zp = &zones[dp->d_zone]; - /* check for outdated RR before updating comp_ptrs[] by dn_comp() */ - if (zp->z_type == Z_CACHE) { - if ((dp->d_flags & DB_F_HINT) != 0 - || dp->d_ttl < (u_int32_t)tt.tv_sec) { - ttl = 0; - } else - ttl = dp->d_ttl - (u_int32_t) tt.tv_sec; - } else { - if (dp->d_ttl != USE_MINIMUM && !use_minimum) - ttl = dp->d_ttl; - else - ttl = zp->z_minimum; /* really default */ - } - - buflen -= RRFIXEDSZ; - if (buflen < 0) - return (-1); -#ifdef RETURNSOA - if (dp->d_rcode) { - name = (char *)dp->d_data; - name += strlen(name) +1; - name += strlen(name) +1; - name += 5 * INT32SZ; - type = T_SOA; - } -#endif - if ((n = dn_comp(name, buf, buflen, comp_ptrs, edp)) < 0) - goto cleanup; - cp = buf + n; - buflen -= n; - if (buflen < 0) - goto cleanup; - PUTSHORT((u_int16_t)type, cp); - PUTSHORT((u_int16_t)dp->d_class, cp); - PUTLONG(ttl, cp); - sp = cp; - cp += INT16SZ; - switch (type) { - case T_CNAME: - case T_MG: - case T_MR: - case T_PTR: - n = dn_comp((char *)dp->d_data, cp, buflen, comp_ptrs, edp); - if (n < 0) - goto cleanup; - PUTSHORT((u_int16_t)n, sp); - cp += n; - break; - - case T_MB: - case T_NS: - /* Store domain name in answer */ - n = dn_comp((char *)dp->d_data, cp, buflen, comp_ptrs, edp); - if (n < 0) - goto cleanup; - PUTSHORT((u_int16_t)n, sp); - cp += n; - if (doadd) { - addname((char*)dp->d_data, name, - type, T_A, dp->d_class); - addname(name, name, type, T_KEY, dp->d_class); - } - break; - - case T_SOA: - case T_MINFO: - case T_RP: - cp1 = dp->d_data; - n = dn_comp((char *)cp1, cp, buflen, comp_ptrs, edp); - if (n < 0) - goto cleanup; - cp += n; - buflen -= type == T_SOA ? n + 5 * INT32SZ : n; - if (buflen < 0) - goto cleanup; - cp1 += strlen((char *)cp1) + 1; - n = dn_comp((char *)cp1, cp, buflen, comp_ptrs, edp); - if (n < 0) - goto cleanup; - cp += n; - if (type == T_SOA) { - cp1 += strlen((char *)cp1) + 1; -#ifdef BIND_UPDATE - if (zp->z_flags & Z_NEED_SOAUPDATE) - if (incr_serial(zp) < 0) - ns_error(ns_log_default, - "error updating serial number for %s from %d", - zp->z_origin, zp->z_serial); -#endif - n = 5 * INT32SZ; - memcpy(cp, cp1, n); - cp += n; - if (doadd) - addname(name, name, type, T_KEY, dp->d_class); - } - n = (u_int16_t)((cp - sp) - INT16SZ); - PUTSHORT((u_int16_t)n, sp); - break; - - case T_NAPTR: - /* cp1 == our data/ cp == data of RR */ - cp1 = dp->d_data; - - /* copy order */ - buflen -= INT16SZ; - if (buflen < 0) - goto cleanup; - memcpy(cp, cp1, INT16SZ); - cp += INT16SZ; - cp1 += INT16SZ; - n = (u_int16_t)((cp - sp) - INT16SZ); - ns_debug(ns_log_default, 1, "current size n = %u", n); - - /* copy preference */ - buflen -= INT16SZ; - if (buflen < 0) - goto cleanup; - memcpy(cp, cp1, INT16SZ); - cp += INT16SZ; - cp1 += INT16SZ; - n = (u_int16_t)((cp - sp) - INT16SZ); - ns_debug(ns_log_default, 1, "current size n = %u", n); - - /* Flags */ - n = *cp1++; - ns_debug(ns_log_default, 1, "size of n at flags = %d", n); - buflen -= n + 1; - if (buflen < 0) - goto cleanup; - naptr_flag = (n == 1) ? *cp1 : 0; - *cp++ = n; - memcpy(cp, cp1, n); - cp += n; - cp1 += n; - n = (u_int16_t)((cp - sp) - INT16SZ); - ns_debug(ns_log_default, 1, "current size n = %u", n); - - /* Service */ - n = *cp1++; - buflen -= n + 1; - if (buflen < 0) - goto cleanup; - *cp++ = n; - memcpy(cp, cp1, n); - cp += n; - cp1 += n; - n = (u_int16_t)((cp - sp) - INT16SZ); - ns_debug(ns_log_default, 1, "current size n = %u", n); - - /* Regexp */ - n = *cp1++; - buflen -= n + 1; - if (buflen < 0) - goto cleanup; - *cp++ = n; - memcpy(cp, cp1, n); - cp += n; - cp1 += n; - n = (u_int16_t)((cp - sp) - INT16SZ); - ns_debug(ns_log_default, 1, "current size n = %u", n); - - /* Replacement */ - ns_debug(ns_log_default, 1, "Replacement = %s", cp1); - n = dn_comp((char *)cp1, cp, buflen, NULL, NULL); - ns_debug(ns_log_default, 1, "dn_comp's n = %u", n); - if (n < 0) - goto cleanup; - cp += n; - if (doadd && *cp1 != 0) { - if (naptr_flag == 's' || naptr_flag == 'S') - addname((char*)cp1, name, type, T_SRV, - dp->d_class); - if (naptr_flag == 'a' || naptr_flag == 'A') - addname((char*)cp1, name, type, T_A, - dp->d_class); - } - - /* save data length */ - n = (u_int16_t)((cp - sp) - INT16SZ); - ns_debug(ns_log_default, 1, "saved size n = %u", n); - PUTSHORT((u_int16_t)n, sp); - - break; - - case T_MX: - case T_AFSDB: - case T_RT: - case T_SRV: - /* cp1 == our data/ cp == data of RR */ - cp1 = dp->d_data; - - if ((buflen -= INT16SZ) < 0) - goto cleanup; - - /* copy preference */ - memcpy(cp, cp1, INT16SZ); - cp += INT16SZ; - cp1 += INT16SZ; - - if (type == T_SRV) { - buflen -= INT16SZ*2; - if (buflen < 0) - goto cleanup; - memcpy(cp, cp1, INT16SZ*2); - cp += INT16SZ*2; - cp1 += INT16SZ*2; - } - - n = dn_comp((char *)cp1, cp, buflen, - (type == ns_t_mx) ? comp_ptrs : NULL, - (type == ns_t_mx) ? edp : NULL); - if (n < 0) - goto cleanup; - cp += n; - - /* save data length */ - n = (u_int16_t)((cp - sp) - INT16SZ); - PUTSHORT((u_int16_t)n, sp); - if (doadd) - addname((char*)cp1, name, type, T_A, dp->d_class); - break; - - case T_PX: - cp1 = dp->d_data; - - if ((buflen -= INT16SZ) < 0) - goto cleanup; - - /* copy preference */ - memcpy(cp, cp1, INT16SZ); - cp += INT16SZ; - cp1 += INT16SZ; - - n = dn_comp((char *)cp1, cp, buflen, comp_ptrs, edp); - if (n < 0) - goto cleanup; - cp += n; - buflen -= n; - cp1 += strlen((char *)cp1) + 1; - n = dn_comp((char *)cp1, cp, buflen, comp_ptrs, edp); - if (n < 0) - goto cleanup; - cp += n; - - /* save data length */ - n = (u_int16_t)((cp - sp) - INT16SZ); - PUTSHORT((u_int16_t)n, sp); - break; - - case T_SIG: - /* cp1 == our data; cp == data of target RR */ - cp1 = dp->d_data; - - /* first just copy over the type_covered, algorithm, */ - /* labels, orig ttl, two timestamps, and the footprint */ - if (buflen < 18) - goto cleanup; /* out of room! */ - memcpy(cp, cp1, 18); - cp += 18; - cp1 += 18; - buflen -= 18; - - /* then the signer's name */ - n = dn_comp((char *)cp1, cp, buflen, NULL, NULL); - if (n < 0) - goto cleanup; - cp += n; - buflen -= n; - cp1 += strlen((char*)cp1)+1; - - /* finally, we copy over the variable-length signature */ - n = dp->d_size - (u_int16_t)((cp1 - dp->d_data)); - if (n > buflen) - goto cleanup; /* out of room! */ - memcpy(cp, cp1, n); - cp += n; - - /* save data length & return */ - n = (u_int16_t)((cp - sp) - INT16SZ); - PUTSHORT((u_int16_t)n, sp); - break; - - case T_NXT: - cp1 = dp->d_data; - n = dn_comp((char *)cp1, cp, buflen, NULL, NULL); - if (n < 0) - goto cleanup; - - cp += n; - buflen -=n; - cp1 += strlen((char *)cp1) + 1; - - /* copy nxt bit map */ - n = dp->d_size - (u_int16_t)((cp1 - dp->d_data)); - if (n > buflen) - goto cleanup; /* out of room! */ - memcpy(cp, cp1, n); - cp += n; - buflen -= n; - - n = (u_int16_t)((cp - sp) - INT16SZ); - PUTSHORT((u_int16_t)n, sp); - - break; - - default: - if ((type == T_A || type == T_AAAA) && doadd) - addname(name, name, type, T_KEY, dp->d_class); - if (dp->d_size > buflen) - goto cleanup; - memcpy(cp, dp->d_data, dp->d_size); - PUTSHORT((u_int16_t)dp->d_size, sp); - cp += dp->d_size; - } - return (cp - buf); - - cleanup: - /* Rollback RR. */ - ns_name_rollback(buf, (const u_char **)comp_ptrs, - (const u_char **)edp); - return (-1); -} - -static void -addname(const char *dname, const char *rname, - u_int16_t rtype, u_int16_t type, u_int16_t class) -{ - struct addinfo *ap; - int n; - - for (ap = addinfo, n = addcount; --n >= 0; ap++) - if (ns_samename(ap->a_dname, dname) == 1 && ap->a_type == type) - return; - - /* add domain name to additional section */ - if (addcount < NADDRECS) { - addcount++; - ap->a_dname = savestr(dname, 1); - ap->a_rname = savestr(rname, 1); - ap->a_rtype = rtype; - ap->a_type = type; - ap->a_class = class; - } -} - -/* - * Lookup addresses/keys for names in addinfo and put into the message's - * additional section. - */ -int -doaddinfo(HEADER *hp, u_char *msg, int msglen) { - register struct namebuf *np; - register struct databuf *dp; - register struct addinfo *ap; - register u_char *cp; - struct hashbuf *htp; - const char *fname; - register int n, count; - register int ns_logging; - int pass = 0; - int i, doadd; - - - if (!addcount) - return (0); - - ns_logging = ns_wouldlog(ns_log_default, 3); - - if (ns_logging) - ns_debug(ns_log_default, 3, - "doaddinfo() addcount = %d", addcount); - - if (hp->tc) { - ns_debug(ns_log_default, 4, - "doaddinfo(): tc already set, bailing"); - return (0); - } - - count = 0; - cp = msg; -loop: - for (ap = addinfo, i = 0; i < addcount; ap++, i++) { - int auth = 0, - drop = 0, - founda = 0, - foundaaaa = 0, - foundcname = 0, - save_count = count, - save_msglen = msglen; - u_char *save_cp = cp; - - if ((pass != 0 && - (pass != 1 || server_options->preferred_glue == 0) && - ap->a_type == T_A) || - (pass != 0 && ap->a_type == T_SRV) || - (pass != 2 && ap->a_type == T_KEY)) - continue; - if (ns_logging) - ns_debug(ns_log_default, 3, - "do additional \"%s\" (from \"%s\")", - ap->a_dname, ap->a_rname); - htp = hashtab; /* because "nlookup" stomps on arg. */ - np = nlookup(ap->a_dname, &htp, &fname, 0); - if (np == NULL || fname != ap->a_dname) - goto next_rr; - if (ns_logging) - ns_debug(ns_log_default, 3, "found it"); - /* look for the data */ - (void)delete_stale(np); - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (dp->d_class != ap->a_class) - continue; - if (dp->d_rcode == NXDOMAIN) { - founda = foundaaaa = 1; - continue; - } - switch (dp->d_type) { - case ns_t_a: founda = 1; break; - case ns_t_aaaa: foundaaaa = 1; break; - } - if (!dp->d_rcode && dp->d_type == T_CNAME) { - foundcname++; - break; - } - if (auth == 0 && ap->a_type == T_A && - (dp->d_type == ns_t_a || dp->d_type == ns_t_aaaa) && - (zones[dp->d_zone].z_type == z_master || - zones[dp->d_zone].z_type == z_slave)) - auth = 1; - if (pass == 0 && ap->a_type == T_A && - server_options->preferred_glue != 0 && - !match(dp, (int)ap->a_class, - server_options->preferred_glue)) { - continue; - } - if (pass != 0 && ap->a_type == T_A && - server_options->preferred_glue != 0 && - match(dp, (int)ap->a_class, - server_options->preferred_glue)) { - continue; - } - if (ap->a_type == T_A && - !match(dp, (int)ap->a_class, T_A) && - !match(dp, (int)ap->a_class, T_AAAA)) { - continue; - } - if (ap->a_type == T_KEY && - !match(dp, (int)ap->a_class, T_KEY)) - continue; - if (ap->a_type == T_SRV && - !match(dp, (int)ap->a_class, T_SRV)) - continue; - if (dp->d_rcode) - continue; - if (drop) - continue; - /* - * Should be smart and eliminate duplicate - * data here. XXX - */ - doadd = 0; - if (ap->a_type == T_SRV) - doadd = 1; - if ((n = make_rr(ap->a_dname, dp, cp, msglen, doadd, - dnptrs, dnptrs_end, 0)) < 0) { - /* truncation in the additional-data section - * is not all that serious. we do not set TC, - * since the answer and authority sections are - * OK; however, since we're not setting TC we - * have to make sure that none of the RR's for - * this name go out (!TC implies that all - * {name,type} appearances are complete -- and - * since we only do A RR's here, the name is - * the key). vixie, 23apr93 - */ - ns_debug(ns_log_default, 5, - "addinfo: not enough room, remaining msglen = %d", - save_msglen); - /* Rollback RRset. */ - ns_name_rollback(save_cp, - (const u_char **)dnptrs, - (const u_char **)dnptrs_end); - cp = save_cp; - msglen = save_msglen; - count = save_count; - /* - * Continue processing list to prevent - * unnecessary fetches for glue. - * Prevent partial RRsets being sent by - * setting drop. - */ - drop = 1; - continue; - } - ns_debug(ns_log_default, 5, - "addinfo: adding address data n = %d", n); - cp += n; - msglen -= n; - count++; - } - next_rr: - if (!NS_OPTION_P(OPTION_NOFETCHGLUE) && - !foundcname && ap->a_type == T_A) { - /* ask a real server for this info */ - if (!founda && !auth) - (void) sysquery(ap->a_dname, (int)ap->a_class, - ns_t_a, NULL, NULL, 0, ns_port, - QUERY, 0); - if (!foundaaaa && !auth) - (void) sysquery(ap->a_dname, (int)ap->a_class, - ns_t_aaaa, NULL, NULL, 0, - ns_port, QUERY, 0); - } - if (foundcname) { - if (!haveComplained(nhash(ap->a_dname), - nhash(ap->a_rname))) { - ns_info(ns_log_cname, - "\"%s %s %s\" points to a CNAME (%s)", - ap->a_rname, p_class(ap->a_class), - p_type(ap->a_rtype), ap->a_dname); - } - } - } - if (pass++ < 2) - goto loop; /* now do the KEYs... */ - hp->arcount = htons((u_int16_t)count); - for (ap = addinfo, i = 0; i < addcount; ap++, i++) { - ap->a_dname = freestr(ap->a_dname); - ap->a_rname = freestr(ap->a_rname); - } - addcount = 0; - return (cp - msg); -} - -int -doaddauth(HEADER *hp, u_char *cp, int buflen, - struct namebuf *np, struct databuf *dp) -{ - char dnbuf[MAXDNAME]; - int n; - - getname(np, dnbuf, sizeof dnbuf); - if (stale(dp)) { - ns_debug(ns_log_default, 1, - "doaddauth: can't add stale '%s' (%d)", - dnbuf, buflen); - return (0); - } - n = make_rr(dnbuf, dp, cp, buflen, 1, dnptrs, dnptrs_end, 1); - if (n <= 0) { - ns_debug(ns_log_default, 1, - "doaddauth: can't add oversize '%s' (%d) (n=%d)", - dnbuf, buflen, n); - if (n < 0) { - hp->tc = 1; - } - return (0); - } - if (dp->d_secure != DB_S_SECURE) - hp->ad = 0; - hp->nscount = htons(ntohs(hp->nscount) + 1); - return (n); -} - -void -free_addinfo() { - struct addinfo *ap; - - for (ap = addinfo; --addcount >= 0; ap++) { - ap->a_dname = freestr(ap->a_dname); - ap->a_rname = freestr(ap->a_rname); - } - addcount = 0; -} - -void -free_nsp(struct databuf **nsp) { - while (*nsp) - db_detach(nsp++); -} - -static void -copyCharString(u_char **dst, const char *src) { - size_t len = strlen(src) & 0xff; - *(*dst)++ = (u_char) len; - memcpy(*dst, src, len); - *dst += len; -} - -/* - * Questionable source ports for queries / responses. - */ -int -drop_port(u_int16_t port) { - switch (port) { - case 7: /* echo */ - case 13: /* daytime */ - case 19: /* chargen */ - case 37: /* time */ - return (1); - case 464: /* kpasswd */ - return (2); - } - return (0); -} diff --git a/contrib/bind/bin/named/ns_resp.c b/contrib/bind/bin/named/ns_resp.c deleted file mode 100644 index 7bc166a..0000000 --- a/contrib/bind/bin/named/ns_resp.c +++ /dev/null @@ -1,4141 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_resp.c 4.65 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_resp.c,v 8.186.6.5 2003/09/04 03:03:18 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1988, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1995 by International Business Machines, Inc. - * - * International Business Machines, Inc. (hereinafter called IBM) grants - * permission under its copyrights to use, copy, modify, and distribute this - * Software with or without fee, provided that the above copyright notice and - * all paragraphs of this notice appear in all copies, and that the name of IBM - * not be used in connection with the marketing of any product incorporating - * the Software or modifications thereof, without specific, written prior - * permission. - * - * To the extent it has a right to do so, IBM grants an immunity from suit - * under its patents, if any, for the use, sale or manufacture of products to - * the extent that such products are used for performing Domain Name System - * dynamic updates in TCP/IP networks by means of the Software. No immunity is - * granted for any product per se or for any other function of any product. - * - * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A - * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, - * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING - * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN - * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/file.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <limits.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" - -static u_int8_t norootlogged[MAXCLASS]; /* XXX- should be a bitmap */ - -static const char skipnameFailedAnswer[] = "skipname failed in answer", - skipnameFailedAuth[] = "skipname failed in authority", - skipnameFailedQuery[] = "skipname failed in query", - outofDataQuery[] = "ran out of data in query", - outofDataAnswer[] = "ran out of data in answer", - notSingleQuery[] = "not exactly one query", - expandFailedQuery[] = "dn_expand failed in query", - expandFailedAnswer[] = "dn_expand failed in answer", - expandFailedAuth[] = "dn_expand failed in authority", - outofDataAuth[] = "ran out of data in authority", - dlenOverrunAnswer[] = "dlen overrun in answer", - dlenOverrunAuth[] = "dlen overrun in authority", - dlenUnderrunAnswer[] = "dlen underrun in answer", - outofDataFinal[] = "out of data in final pass", - outofDataAFinal[] = "out of data after final pass", - badNameFound[] = "found an invalid domain name", - wrongQuestion[] = "answer to wrong question", - danglingCname[] = "dangling CNAME pointer", - nonRecursiveForwarder[]= "non-recursive forwarder"; - -struct db_list { - struct db_list *db_next; - struct databuf *db_dp; -}; - -struct flush_set { - char * fs_name; - int fs_type; - int fs_class; - u_int fs_cred; - struct db_list *fs_list; - struct db_list *fs_last; -}; - -static void rrsetadd(struct flush_set *, const char *, - struct databuf *), - rrsetupdate(struct flush_set *, int flags, - struct sockaddr_in, int), - flushrrset(struct flush_set *, struct sockaddr_in), - free_flushset(struct flush_set *, int), - check_hints(struct flush_set *); -static int rrsetcmp(char *, struct db_list *, struct hashbuf *), - check_root(void), - check_ns(void), - wanted(const struct databuf *, int, int), - wantedsig(const struct databuf *, int, int), - rrextract(u_char *, int, u_char *, - struct databuf **, char *, int, - struct sockaddr_in, char **); -static void mark_bad(struct qinfo *qp, struct sockaddr_in from); -static void mark_lame(struct qinfo *qp, struct sockaddr_in from); -static int mark_noedns(struct qinfo *qp, struct sockaddr_in from, - int cache); -static void fast_retry(struct qinfo *qp, struct sockaddr_in from, - int samehost); -static void add_related_additional(char *); -static void free_related_additional(void); -static int related_additional(char *); -static void freestr_maybe(char **); -static enum ordering match_order(const struct namebuf *, int, int); -static int match_name(const struct namebuf *, const char *, size_t); - -#define MAX_RELATED 100 - -static int num_related = 0; -static char *related[MAX_RELATED]; - -static char * -learntFrom(struct qinfo *qp, struct sockaddr_in *server) { - static char *buf = NULL; - const char *a, *ns, *na; - struct databuf *db; - int i; - char nsbuf[20]; - char abuf[20]; - static const char fmt[] = " '%s': learnt (A=%s,NS=%s)"; - - a = ns = na = "<Not Available>"; - - for (i = 0; (u_int)i < qp->q_naddr; i++) { - if (ina_equal(qp->q_addr[i].ns_addr.sin_addr, - server->sin_addr)) { - db = qp->q_addr[i].ns; - if (db != NULL) { - if (db->d_addr.s_addr != htonl(0)) { - strcpy(nsbuf, inet_ntoa(db->d_addr)); - ns = nsbuf; - } else { - ns = zones[db->d_zone].z_origin; - } - if (db->d_rcode == 0) - na = (char*)qp->q_addr[i].ns->d_data; - } - db = qp->q_addr[i].nsdata; - if (db != NULL) { - if (db->d_addr.s_addr != htonl(0)) { - strcpy(abuf, inet_ntoa(db->d_addr)); - a = abuf; - } else { - a = zones[db->d_zone].z_origin; - } - } - break; - } - } - - if (a == ns && ns == na) /* all "UNKNOWN" */ - return (NULL); - - if (*a == '\0') - a = "\".\""; - if (*ns == '\0') - ns = "\".\""; - if (*na == '\0') - na = "\".\""; - - - buf = newstr(sizeof fmt + strlen(na) + strlen(a) + strlen(ns), 0); - if (buf == NULL) - return (NULL); - sprintf(buf, fmt, na, a, ns); - return (buf); -} - -void -ns_resp(u_char *msg, int msglen, struct sockaddr_in from, struct qstream *qsp) -{ - struct qinfo *qp; - HEADER *hp; - struct qserv *qs = NULL; - struct databuf *ns, *ns2; - u_char *cp, *answers, *eom = msg + msglen; - struct flush_set *flushset = NULL; - int flushset_size = 0; - struct sockaddr_in *nsa; - struct databuf *nsp[NSMAX]; - int i, c, n, qdcount, ancount, aucount, nscount, arcount, arfirst; - int soacount; - u_int qtype, qclass; - int validanswer, dbflags; - int cname, lastwascname, externalcname, cachenegative; - int count, founddata, foundname; - int buflen; - int newmsglen; - char name[MAXDNAME], qname[MAXDNAME], aname[MAXDNAME]; - char msgbuf[MAXDNAME+100]; - char *dname, tmpdomain[MAXDNAME]; - const char *fname; - const char *formerrmsg = "brain damage"; - u_char newmsg[NS_MAXMSG]; - u_char **dpp, *tp; - time_t rtrip; - struct hashbuf *htp; - struct namebuf *np; - struct fwdinfo *fwd; - struct databuf *dp; - char *tname = NULL; - int sendto_errno = 0; - int has_tsig, oldqlen = 0; - u_char *oldqbuf = NULL; - u_char *smsg = NULL; - int smsglen, smsgsize = 0, siglen; - u_char sig[TSIG_SIG_SIZE]; - time_t tsig_time; - DST_KEY *key; - int expect_cname; - int pass = 0; - - nameserIncr(from.sin_addr, nssRcvdR); - nsp[0] = NULL; - hp = (HEADER *) msg; - if ((qp = qfindid(hp->id)) == NULL ) { - ns_debug(ns_log_default, 1, "DUP? dropped (id %d)", - ntohs(hp->id)); - nameserIncr(from.sin_addr, nssRcvdDupR); - return; - } - - if (ns_wouldlog(ns_log_default, 2)) { - ns_debug(ns_log_default, 2, "Response (%s %s %s) nsid=%d id=%d", - (qp->q_flags & Q_SYSTEM) ?"SYSTEM" :"USER", - (qp->q_flags & Q_PRIMING) ?"PRIMING" :"NORMAL", - (qp->q_flags & Q_ZSERIAL) ?"ZSERIAL" :"-", - ntohs(qp->q_nsid), ntohs(qp->q_id)); - } - - if (qp->q_nstsig == NULL) - has_tsig = 0; - else { - int ret; - - ret = ns_verify(msg, &msglen, qp->q_nstsig->key, - qp->q_nstsig->sig, qp->q_nstsig->siglen, - NULL, NULL, &tsig_time, 0); - if (ret == 0) - has_tsig = 1; - else { - if (hp->rcode == NOERROR) - hp->rcode = NOTAUTH; - ns_debug(ns_log_default, 1, - "resp: error bad tsig, record dropped"); - return; - } - } - - /* - * Here we handle high level formatting problems by parsing the header. - */ - qdcount = ntohs(hp->qdcount); - ancount = ntohs(hp->ancount); - aucount = ntohs(hp->nscount); - arcount = ntohs(hp->arcount); - free_addinfo(); /* sets addcount to zero */ - cp = msg + HFIXEDSZ; - dpp = dnptrs; - *dpp++ = msg; - if ((*cp & INDIR_MASK) == 0) - *dpp++ = cp; - *dpp = NULL; - if (qdcount == 1) { - n = dn_expand(msg, eom, cp, qname, sizeof(qname)); - if (n <= 0) { - formerrmsg = expandFailedQuery; - goto formerr; - } - cp += n; - if (cp + 2 * INT16SZ > eom) { - formerrmsg = outofDataQuery; - goto formerr; - } - GETSHORT(qtype, cp); - GETSHORT(qclass, cp); - if (!ns_nameok(qp, qname, qclass, NULL, response_trans, - ns_ownercontext(qtype, response_trans), - qname, from.sin_addr)) { - formerrmsg = badNameFound; - goto refused; - } - if (cp > eom) { - formerrmsg = outofDataQuery; - goto formerr; - } - if (qp->q_msg && qp->q_msglen && - !res_nameinquery(qname, qtype, qclass, - qp->q_msg, qp->q_msg + qp->q_msglen)) { - sprintf(msgbuf, - "query section mismatch (%s %s %s)", - qname, p_class(qclass), p_type(qtype)); - formerrmsg = msgbuf; - goto formerr; - } - if (ns_samename(qp->q_name, qname) != 1 || - qp->q_class != qclass || - qp->q_type != qtype) { - formerrmsg = wrongQuestion; - goto formerr; - } - } else { - strcpy(qname, qp->q_name); - qclass = qp->q_class; - qtype = qp->q_type; - } - - /* cp now points after the query section. */ - - /* - * Here we handle bad responses from servers. - * Several possibilities come to mind: - * The server is sick and returns SERVFAIL - * The server returns some garbage opcode (it's sick) - * The server can't understand our query and return FORMERR - * In all these cases, we drop the packet, disable retries on - * this server and immediately force a retry. - */ - if ((hp->rcode != NOERROR && hp->rcode != NXDOMAIN) - || (hp->opcode != QUERY -#ifdef BIND_NOTIFY - && hp->opcode != NS_NOTIFY_OP -#endif - )) { - int noedns = 1; - ns_debug(ns_log_default, 2, - "resp: error (ret %d, op %d), dropped", - hp->rcode, hp->opcode); - switch (hp->rcode) { - case SERVFAIL: - nameserIncr(from.sin_addr, nssRcvdFail); - noedns = mark_noedns(qp, from, 0); - break; - case FORMERR: - nameserIncr(from.sin_addr, nssRcvdFErr); - noedns = mark_noedns(qp, from, 1); - break; - case NOTIMP: - nameserIncr(from.sin_addr, nssRcvdErr); - noedns = mark_noedns(qp, from, 1); - break; - default: - nameserIncr(from.sin_addr, nssRcvdErr); - break; - } - if (ns_samename(qp->q_name, qp->q_domain) == 1 && - hp->rcode == SERVFAIL && hp->opcode == QUERY && - noedns) - mark_lame(qp, from); - if (noedns) - mark_bad(qp, from); - fast_retry(qp, from, noedns ? 0 : 1); - return; - } - - if (qdcount != 1) { - /* We don't generate or forward these (yet). */ - formerrmsg = notSingleQuery; - goto formerr; - } - - /* - * Determine if the response came from a forwarder. Packets from - * anyplace not listed as a forwarder or as a server to whom we - * might have forwarded the query will be dropped. - * XXX - should put this in STATS somewhere. - */ - for (fwd = NS_ZFWDTAB(qp->q_fzone); fwd; fwd = fwd->next) - if (ina_equal(fwd->fwddata->fwdaddr.sin_addr, from.sin_addr)) - break; - /* - * find the qinfo pointer and update - * the rtt and fact that we have called on this server before. - */ - { - struct timeval *stp; - - for (n = 0, qs = qp->q_addr; (u_int)n < qp->q_naddr; n++, qs++) - if (ina_equal(qs->ns_addr.sin_addr, from.sin_addr)) - break; - if ((u_int)n >= qp->q_naddr) { - if (!haveComplained(ina_ulong(from.sin_addr), - (u_long)"unexpected source")) { - ns_info(ns_log_default, - "Response from unexpected source (%s) for query \"%s %s %s\"", - sin_ntoa(from), - *(qp->q_name) ? qp->q_name : ".", - p_class(qp->q_class), p_type(qp->q_type)); - } - /* - * We don't know who this response came from so it - * gets dropped on the floor. - */ - return; - } - stp = &qs->stime; - - /* Handle response from different (untried) interface. */ - if (qs->ns != NULL && stp->tv_sec == 0) { - ns = qs->ns; - while (qs > qp->q_addr - && (qs->stime.tv_sec == 0 || qs->ns != ns)) - qs--; - *stp = qs->stime; - /* XXX - sometimes stp still ends up pointing to - * a zero timeval, in spite of the above attempt. - * Why? What should we do about it? - */ - /* XXX - catch aliases here */ - } - - /* compute query round trip time */ - /* XXX - avoid integer overflow, which is quite likely if stp - * points to a zero timeval (see above). - * rtrip is of type time_t, which we assume is at least - * as big as an int. - */ - if ((tt.tv_sec - stp->tv_sec) > (INT_MAX-999)/1000) { - rtrip = INT_MAX; - } else { - rtrip = ((tt.tv_sec - stp->tv_sec) * 1000 + - (tt.tv_usec - stp->tv_usec) / 1000); - } - - if (ns_wouldlog(ns_log_default, 3)) { - ns_debug(ns_log_default, 3, - "stime %lu/%lu now %lu/%lu rtt %ld", - (u_long)stp->tv_sec, (u_long)stp->tv_usec, - (u_long)tt.tv_sec, (u_long)tt.tv_usec, - (long)rtrip); - } - - /* prevent floating point overflow, limit to 1000 sec */ - if (rtrip > 1000000) { - rtrip = 1000000; - } - ns = qs->nsdata; - /* - * Don't update nstime if this doesn't look - * like an address databuf now. XXX - */ - if (ns && - ns->d_type == T_A && - ns->d_class == qs->ns->d_class) { - u_long t; - - if (ns->d_nstime == 0) - t = rtrip; - else - t = ns->d_nstime * ALPHA - + - (1 - ALPHA) * rtrip; - if (t > 65535) - t = 65535; - else if (t == 0) - t = 1; - ns->d_nstime = (u_int16_t)t; - } - - /* - * Record the source so that we do not use this NS again. - */ - if (ns && qs->ns && (qp->q_nusedns < NSMAX)) { - qp->q_usedns[qp->q_nusedns++] = qs->ns; - if (ns_wouldlog(ns_log_default, 2)) { - ns_debug(ns_log_default, 2, - "NS #%d addr %s used, rtt %d", - n, sin_ntoa(qs->ns_addr), - ns->d_nstime); - } - } - - /* - * Penalize those who had earlier chances but failed - * by multiplying round-trip times by BETA (>1). - * Improve nstime for unused addresses by applying GAMMA. - * The GAMMA factor makes unused entries slowly - * improve, so they eventually get tried again. - * GAMMA should be slightly less than 1. - * Watch out for records that may have timed out - * and are no longer the correct type. XXX - */ - - for (n = 0, qs = qp->q_addr; - (u_int)n < qp->q_naddr; - n++, qs++) { - u_long t; - - ns2 = qs->nsdata; - if (!ns2 || ns2 == ns) - continue; - if (ns2->d_type != T_A || - ns2->d_class != qs->ns->d_class) /* XXX */ - continue; - if (qs->stime.tv_sec) { - if (ns2->d_nstime == 0) - t = (rtrip * BETA) + 1; - else - t = ns2->d_nstime * BETA - + - (1 - ALPHA) * rtrip + 1; - } else - t = ns2->d_nstime * GAMMA; - if (t > 65535) - t = 65535; - else if (t == 0) - t = 1; - ns2->d_nstime = (u_int16_t)t; - if (ns_wouldlog(ns_log_default, 2)) { - ns_debug(ns_log_default, 2, - "NS #%d %s rtt now %d", n, - sin_ntoa(qs->ns_addr), - ns2->d_nstime); - } - } - } - -#ifdef BIND_NOTIFY - /* - * For now, NOTIFY isn't defined for ANCOUNT!=0, AUCOUNT!=0, - * or ADCOUNT!=0. Therefore the only real work to be done for - * a NOTIFY-QR is to remove it from the query queue. - */ - if (hp->opcode == NS_NOTIFY_OP) { - ns_info(ns_log_notify, - "Received NOTIFY answer (%sAA) from %s for \"%s %s %s\"", - hp->aa ? "" : "!", - inet_ntoa(from.sin_addr), - *(qp->q_name) ? qp->q_name : ".", - p_class(qp->q_class), p_type(qp->q_type)); - qremove(qp); - return; - } -#endif - - if ((qp->q_flags & Q_ZSERIAL) != 0) { - if (hp->aa && ancount > 0 && hp->rcode == NOERROR && - qtype == T_SOA && (qclass == C_IN || qclass == C_HS)) - { - int n; - u_int type, class, dlen; - u_int32_t serial; - u_char *tp = cp; - u_char *rdatap; - - n = dn_expand(msg, eom, tp, name, sizeof name); - if (n < 0) { - formerrmsg = expandFailedAnswer; - goto formerr; - } - tp += n; /* name */ - if (tp + 3 * INT16SZ + INT32SZ > eom) { - formerrmsg = outofDataAnswer; - goto formerr; - } - GETSHORT(type, tp); /* type */ - GETSHORT(class, tp); /* class */ - tp += INT32SZ; /* ttl */ - GETSHORT(dlen, tp); /* dlen */ - rdatap = tp; /* start of rdata */ - if (!ns_nameok(qp, name, class, NULL, response_trans, - ns_ownercontext(type, response_trans), - name, from.sin_addr)) { - formerrmsg = badNameFound; - goto refused; - } - if (ns_samename(qname, name) != 1 || - qtype != type || qclass != class) { - sprintf(msgbuf, - "qserial answer mismatch (%s %s %s)", - name, p_class(class), p_type(type)); - formerrmsg = msgbuf; - goto formerr; - } - if (0 >= (n = dn_skipname(tp, eom))) { - formerrmsg = skipnameFailedAnswer; - goto formerr; - } - tp += n; /* mname */ - if (0 >= (n = dn_skipname(tp, eom))) { - formerrmsg = skipnameFailedAnswer; - goto formerr; - } - tp += n; /* rname */ - if (tp + 5 * INT32SZ > eom) { - formerrmsg = dlenUnderrunAnswer; - goto formerr; - } - GETLONG(serial, tp); - tp += 4 * INT32SZ; /* Skip rest of SOA. */ - if ((u_int)(tp - rdatap) != dlen) { - formerrmsg = dlenOverrunAnswer; - goto formerr; - } - for (n = 0, qs = qp->q_addr; (u_int)n < qp->q_naddr; - n++, qs++) - if (ina_equal(qs->ns_addr.sin_addr, - from.sin_addr)) - break; - if (n == qp->q_naddr) { - qserial_answer(qp); - qremove(qp); - return; - } - qs->serial = serial; - } - retry(qp, 0); - return; - } - - /* - * Non-authoritative, no answer, no error, with referral. - */ - if (hp->rcode == NOERROR && !hp->tc && !hp->aa && - ancount == 0 && aucount > 0 -#ifdef BIND_NOTIFY - && hp->opcode != NS_NOTIFY_OP -#endif - ) { - u_char *tp; - int type, class = 0, dlen; - int foundns, foundsoa; -#ifdef DEBUG - if (debug > 0) - res_pquery(&res, msg, msglen, - log_get_stream(packet_channel)); -#endif - /* - * Since there is no answer section (ancount == 0), - * we must be pointing at the authority section (aucount > 0). - */ - tp = cp; - foundns = foundsoa = 0; - for (i = 0 ; i < aucount ; i++) { - n = dn_expand(msg, eom, tp, name, sizeof name); - if (n < 0) { - formerrmsg = expandFailedAuth; - goto formerr; - } - tp += n; - if (tp + 3 * INT16SZ + INT32SZ > eom) { - formerrmsg = outofDataAuth; - goto formerr; - } - GETSHORT(type, tp); - GETSHORT(class, tp); - tp += INT32SZ; /* ttl */ - GETSHORT(dlen, tp); - if (!ns_nameok(qp, name, class, NULL, response_trans, - ns_ownercontext(type, response_trans), - name, from.sin_addr)) { - formerrmsg = badNameFound; - goto refused; - } - /* skip rest of record */ - if (tp + dlen > eom) { - formerrmsg = outofDataAuth; - goto formerr; - } - tp += dlen; - if (type == T_NS) { - strcpy(aname, name); - foundns = 1; - } - if (type == T_SOA) - foundsoa = 1; - } - - /* - * If the answer delegates us either to the same level in - * the hierarchy or closer to the root, we consider this - * server lame. Note that for now we only log the message - * if the T_NS was C_IN, which is technically wrong (NS is - * visible in all classes) but necessary anyway (non-IN - * classes tend to not have good strong delegation graphs). - */ - - if (foundns && !foundsoa && - ns_samedomain(qp->q_domain, aname)) { - if (fwd == NULL) { - nameserIncr(from.sin_addr, nssRcvdLDel); - mark_lame(qp, from); - } - mark_bad(qp, from); - if (class == C_IN && fwd == NULL && - !haveComplained(ina_ulong(from.sin_addr), - nhash(qp->q_domain))) { - char *learnt_from = learntFrom(qp, &from); - - ns_info(ns_log_lame_servers, - "Lame server on '%s' (in '%s'?): %s%s", - qname, qp->q_domain, - sin_ntoa(from), - (learnt_from == NULL) ? "" : - learnt_from); - if (learnt_from != NULL) - learnt_from = freestr(learnt_from); - } else if (fwd != NULL) { - if (!haveComplained(ina_ulong(from.sin_addr), - (u_long)nonRecursiveForwarder)) - ns_warning(ns_log_default, "%s: %s", - nonRecursiveForwarder, - sin_ntoa(from)); - } - - fast_retry(qp, from, 0); - return; - } - } - - /* - * Add the info received in the response to the data base. - */ - arfirst = ancount + aucount; - c = arfirst + arcount; - - /* Don't return if it's a TSIG signed truncated message */ - if (has_tsig > 0 && hp->tc) - goto tcp_retry; - - /* -ve $ing non-existence of record, must handle non-authoritative - * NOERRORs with c == 0. - */ - if (!hp->aa && !hp->tc && hp->rcode == NOERROR && c == 0) - goto return_msg; - - if (qp->q_flags & Q_SYSTEM) - dbflags = DB_NOTAUTH | DB_NODATA; - else - dbflags = DB_NOTAUTH | DB_NODATA | DB_NOHINTS; - count = c; - if (qp->q_flags & Q_PRIMING) - dbflags |= DB_PRIMING; - if (hp->tc) { - count -= arcount; /* truncation had to affect this */ - if (!arcount) { - count -= aucount; /* guess it got this too */ - } - if (!(arcount || aucount)) { - count -= ancount; /* things are pretty grim */ - } - -tcp_retry: - /* retry using tcp provided this was not a tcp query */ - if (!(qp->q_flags & Q_USEVC)) { - qp->q_flags |= Q_USEVC; - unsched(qp); - schedretry(qp, 60); - - nsa = Q_NEXTADDR(qp, 0); - - key = qp->q_keys[0]; - if (key != NULL) - key = qp->q_keys[0] = - tsig_key_from_addr(nsa->sin_addr); - if (key != NULL) { - smsgsize = qp->q_msglen + TSIG_BUF_SIZE; - smsg = memget(smsgsize); - smsglen = qp->q_msglen; - siglen = sizeof(sig); - memcpy(smsg, qp->q_msg, qp->q_msglen); - n = ns_sign(smsg, &smsglen, smsgsize, - NOERROR, key, NULL, 0, - sig, &siglen, 0); - if (n == 0) { - oldqbuf = qp->q_msg; - oldqlen = qp->q_msglen; - qp->q_msglen = smsglen; - qp->q_msg = smsg; - has_tsig = 1; - free_tsig(qp->q_nstsig); - qp->q_nstsig = new_tsig(key, sig, - siglen); - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - INSIST(0); - } - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - } - - if (tcp_send(qp) != NOERROR) - /* - * We're probably in trouble if tcp_send - * failed, but we'll try to press on because - * there isn't anything else to do. - */ - retry(qp, 0); - - if (has_tsig == 1) { - memput(qp->q_msg, smsgsize); - qp->q_msg = oldqbuf; - qp->q_msglen = oldqlen; - } - return; - } else if (!qsp) { - /* outstanding udp response */ - return; - } - - /* XXX truncated tcp response */ - ns_error(ns_log_default, - "ns_resp: TCP truncated: \"%s\" %s %s from %s", - qname, p_class(qclass), p_type(qtype), - sin_ntoa(from)); - /* mark this server as bad */ - mark_bad(qp, from); - /* try another server, it may have a bigger write buffer */ - retry(qp, 0); - return; - } - - tp = cp; - - validanswer = -1; - nscount = 0; - soacount = 0; - cname = 0; - lastwascname = 0; - externalcname = 0; - cachenegative = 1; - strcpy(aname, qname); - - if (count) { - /* allocate 1 extra record for end of set detection */ - flushset_size = (count + 1) * sizeof *flushset; - flushset = memget(flushset_size); - if (flushset == NULL) - panic("flushset: out of memory", NULL); - memset(flushset, 0, flushset_size); - } else - flushset = NULL; - - expect_cname = 1; - for (i = 0; i < count; i++) { - struct databuf *dp; - int type; - - freestr_maybe(&tname); - if (cp >= eom) { - free_related_additional(); - if (flushset != NULL) - free_flushset(flushset, flushset_size); - formerrmsg = outofDataFinal; - goto formerr; - } - n = rrextract(msg, msglen, cp, &dp, name, sizeof name, from, - &tname); - if (n < 0) { - free_related_additional(); - freestr_maybe(&tname); - if (flushset != NULL) - free_flushset(flushset, flushset_size); - formerrmsg = outofDataFinal; - if (hp->rcode == REFUSED) - goto refused; - else - goto formerr; - } - cp += n; - if (!dp) - continue; - type = dp->d_type; - if (i < ancount) { - /* Answer section. */ - /* - * Check for attempts to overflow the buffer in - * getnameanswer. - */ - if (type == ns_t_cname && !expect_cname) { - ns_warning(ns_log_security, - "late CNAME in answer section for %s %s from %s", - *qname ? qname : ".", p_type(qtype), - sin_ntoa(from)); - - } else if (type != ns_t_cname && type != ns_t_dname && - type != ns_t_sig) - expect_cname = 0; - if (externalcname || ns_samename(name, aname) != 1) { - if (!externalcname) - ns_info(ns_log_resp_checks, - "wrong ans. name (%s != %s)", - name[0] ? name : ".", - aname[0] ? aname : "."); - else - ns_debug(ns_log_resp_checks, 3, - "ignoring answer '%s' after external cname", - name); - db_detach(&dp); - validanswer = 0; - cachenegative = 0; - continue; - } - if (type == T_CNAME && - qtype != T_CNAME && qtype != T_ANY) { - strcpy(aname, (char *)dp->d_data); - if (!ns_samedomain(aname, qp->q_domain)) - externalcname = 1; - cname++; - lastwascname = 1; - } else { - if (validanswer) - validanswer = 1; - lastwascname = 0; - } - - if (tname != NULL) { - add_related_additional(tname); - tname = NULL; - } - - /* Cache for current tick. */ - if (type == T_SOA) - dp->d_ttl = tt.tv_sec; - - dp->d_cred = (hp->aa && ns_samename(name, qname) == 1) - ? DB_C_AUTH - : DB_C_ANSWER; - } else { - /* After answer section. */ - if (lastwascname) { - ns_debug(ns_log_resp_checks, 3, - "last was cname, ignoring auth. and add."); - db_detach(&dp); - validanswer = 0; - cachenegative = 0; - break; - } - if (i < arfirst) { - /* Authority section. */ - switch (type) { - case T_NS: - case T_SOA: - if (!ns_samedomain(aname, name)) { - ns_info(ns_log_resp_checks, - "bad referral (%s !< %s) from %s", - aname[0] ? aname : ".", - name[0] ? name : ".", - sin_ntoa(from)); - db_detach(&dp); - validanswer = 0; - cachenegative = 0; - continue; - } else if (!ns_samedomain(name, - qp->q_domain)) { - if (fwd == NULL && - !externalcname) - ns_info(ns_log_resp_checks, - "bad referral (%s !< %s) from %s", - name[0] ? name : ".", - qp->q_domain[0] ? - qp->q_domain : ".", - sin_ntoa(from)); - db_detach(&dp); - validanswer = 0; - cachenegative = 0; - continue; - } - if (type == T_NS) { - nscount++; - add_related_additional(tname); - tname = NULL; - } - if (type == T_SOA) { - soacount++; - /* -ve caching only. */ - db_detach(&dp); - continue; - } - break; - case T_NXT: - /* XXX check */ - break; - case T_SIG: - /* XXX check that it relates to an - NS or SOA or NXT */ - break; - default: - ns_info(ns_log_resp_checks, - "invalid RR type '%s' in authority section (name = '%s') from %s", - p_type(type), name, - sin_ntoa(from)); - db_detach(&dp); - validanswer = 0; - continue; - } - dp->d_cred = (hp->aa && (cname == 0)) ? - DB_C_AUTH : (qp->q_flags & Q_PRIMING) - ? DB_C_ANSWER - : DB_C_ADDITIONAL; - } else { - /* Additional section. */ - switch (type) { - case T_A: - case ns_t_a6: - case T_AAAA: - case T_SRV: - if (externalcname || - !ns_samedomain(name, qp->q_domain)) { - ns_debug(ns_log_resp_checks, 3, - "ignoring additional info '%s' type %s", - name, p_type(type)); - db_detach(&dp); - validanswer = 0; - continue; - } - if (!related_additional(name)) { - ns_info(ns_log_resp_checks, - "unrelated additional info '%s' type %s from %s", - name, p_type(type), - sin_ntoa(from)); - db_detach(&dp); - validanswer = 0; - continue; - } - if (type == T_SRV && tname != NULL) { - add_related_additional(tname); - tname = NULL; - } - break; - case T_KEY: - /* XXX check? */ - break; - case T_SIG: - /* - * XXX a SIG RR should relate - * to some other RR in this section, - * although if it's the last RR - * it might be a transaction signature. - */ - break; - case ns_t_opt: - /* - * OPT does not get cached. - */ - db_detach(&dp); - validanswer = 0; - continue; - default: - ns_info(ns_log_resp_checks, - "invalid RR type '%s' in additional section (name = '%s') from %s", - p_type(type), name, - sin_ntoa(from)); - db_detach(&dp); - validanswer = 0; - continue; - } - dp->d_cred = (qp->q_flags & Q_PRIMING) - ? DB_C_ANSWER - : DB_C_ADDITIONAL; - } - } -#ifdef HITCOUNTS - ++dp->d_hitcnt; - ++db_total_hits; -#endif /* HITCOUNTS */ - rrsetadd(flushset, name, dp); - db_detach(&dp); - } - free_related_additional(); - freestr_maybe(&tname); - if (flushset != NULL) { - if ((qp->q_flags & Q_SYSTEM) && (qp->q_flags & Q_PRIMING)) { - check_hints(flushset); /* before rrsetupdate */ - rrsetupdate(flushset, dbflags, from, 1); - } else - rrsetupdate(flushset, dbflags, from, 0); - free_flushset(flushset, flushset_size); - } - if (lastwascname && !externalcname) - ns_debug(ns_log_cname, 3, "%s (%s) q(%s %s %s) %s qd(%s)", - danglingCname, aname, - (qname && *qname) ? qname : ".", - p_class(qclass), p_type(qtype), - sin_ntoa(from), qp->q_domain); - - if (cp > eom) { - formerrmsg = outofDataAFinal; - goto formerr; - } - - if ((qp->q_flags & Q_SYSTEM) && ancount) { - if ((qp->q_flags & Q_PRIMING) && !check_root()) { - /* mark server as bad */ - mark_bad(qp, from); - fast_retry(qp, from, 0); - return; - } - ns_debug(ns_log_default, 3, - "resp: leaving, SYSQUERY ancount %d", ancount); -#ifdef BIND_NOTIFY - if (qp->q_notifyzone != DB_Z_CACHE) { - struct zoneinfo *zp = &zones[qp->q_notifyzone]; - - qp->q_notifyzone = DB_Z_CACHE; - ns_notify(zp->z_origin, zp->z_class, ns_t_soa); - } -#endif - qremove(qp); - return; - } - - /* - * We might want to cache this negative answer. - * - * if ancount != 0 and rcode == NOERROR we cannot determine if the - * CNAME chain has been processed to completion or not, so just - * restart the query. DNS needs a NODATA return code! - * - * As some servers incorrectly return a NODATA indication when - * there is a CNAME chain instead of NXDOMAIN, we requery to get - * a definitive answer. - */ - if ((hp->rcode == NXDOMAIN && cname == ancount) || - (hp->rcode == NOERROR && ancount == 0 && - (nscount == 0 || soacount != 0) - ) - ) - { - if (cachenegative) - cache_n_resp(msg, msglen, from, qp->q_name, - qp->q_class, qp->q_type); - - if (!qp->q_cmsglen && validanswer) { - ns_debug(ns_log_default, 3, - "resp: leaving NO: auth = %d", hp->aa); - goto return_msg; - } - } - - /* - * All messages in here need further processing. i.e. they - * are either CNAMEs or we got referred again. - */ - count = 0; - founddata = 0; - dname = name; - /* - * XXX - the restart stuff doesn't work if any of the answer RRs - * is not cacheable (TTL==0 or unknown RR type), since all of the - * answer must pass through the cache and be re-assembled. - */ - if (qp->q_cmsglen != 0) { - ns_debug(ns_log_default, 1, "Cname second pass"); - newmsglen = MIN(EDNS_MESSAGE_SZ, qp->q_cmsglen); - memcpy(newmsg, qp->q_cmsg, newmsglen); - } else { - newmsglen = MIN(EDNS_MESSAGE_SZ, msglen); - memcpy(newmsg, msg, newmsglen); - } - hp = (HEADER *) newmsg; - hp->ancount = htons(0); - hp->nscount = htons(0); - hp->arcount = htons(0); - hp->rcode = NOERROR; - dnptrs[0] = newmsg; - dnptrs[1] = NULL; - cp = newmsg + HFIXEDSZ; - /* - * Keep in mind that none of this code works when QDCOUNT>1. - * cp ends up pointed just past the query section in both cases. - */ - /* - * Arrange for dname to contain the query name. The query - * name can be either the original query name if restart==0 - * or the target of the last CNAME if we are following a - * CNAME chain and were referred. - */ - n = dn_expand(newmsg, newmsg + newmsglen, cp, dname, sizeof name); - if (n < 0) { - ns_debug(ns_log_default, 1, "dn_expand failed"); - goto servfail; - } - if (!res_dnok(dname)) { - ns_debug(ns_log_default, 1, "bad name (%s)", dname); - goto servfail; - } - cp += n + QFIXEDSZ; - buflen = (qp->q_stream != NULL) ? NS_MAXMSG : - MIN(EDNS_MESSAGE_SZ, qp->q_udpsize); - buflen -= (cp - newmsg); - /* - * Reserve space for TSIG / EDNS - */ - if (qp->q_tsig != NULL) - buflen -= qp->q_tsig->tsig_size; - if ((qp->q_flags & Q_EDNS) != 0) - buflen -= 11; - cname = 0; - - try_again: - pass++; - ns_debug(ns_log_default, 1, "resp: nlookup(%s) qtype=%d", dname, - qtype); - foundname = 0; - fname = ""; - htp = hashtab; /* lookup relative to root */ - np = nlookup(dname, &htp, &fname, 0); - ns_debug(ns_log_default, 1, "resp: %s '%s' as '%s' (cname=%d)", - np == NULL ? "missed" : "found", dname, fname, cname); - if (np == NULL || fname != dname) - goto fetch_ns; - - foundname++; - answers = cp; - count = cp - newmsg; - /* - * Look for NXDOMAIN record. - */ - for (dp = np->n_data; dp; dp = dp->d_next) { - if (!stale(dp) && (dp->d_rcode == NXDOMAIN) && - (dp->d_class == (int)qclass)) { -#ifdef RETURNSOA - n = finddata(np, qclass, T_SOA, hp, &dname, - &buflen, &count, pass, 1); - if ( n != 0) { - if (count) { - cp += n; - buflen -= n; - newmsglen += n; - hp->nscount = htons((u_int16_t)count); - } - if (hp->rcode == NOERROR_NODATA) { - hp->rcode = NOERROR; - goto return_newmsg; - } - } -#else - count = 0; -#endif - hp->rcode = NXDOMAIN; - /* - * XXX forcing AA all the time isn't right, but - * we have to work that way by default - * for compatibility with older servers. - */ - if (!NS_OPTION_P(OPTION_NONAUTH_NXDOMAIN)) - hp->aa = 1; - ns_debug(ns_log_default, 3, "resp: NXDOMAIN aa = %d", - hp->aa); - if ((count == 0) || NS_OPTION_P(OPTION_NORFC2308_TYPE1)) - goto return_newmsg; - founddata = 1; - goto fetch_ns; - } - } - n = finddata(np, qclass, qtype, hp, &dname, &buflen, &count, pass, 1); - if (n == 0) - goto fetch_ns; /* NO data available */ - if (hp->rcode) { - if (hp->rcode == NOERROR_NODATA) - hp->rcode = NOERROR; -#ifdef RETURNSOA - if (count) { - cp += n; - buflen -= n; - hp->nscount = htons((u_int16_t)count); - } -#endif - if ((count == 0) || NS_OPTION_P(OPTION_NORFC2308_TYPE1)) - goto return_newmsg; - founddata = 1; - goto fetch_ns; - } - cp += n; - buflen -= n; - hp->ancount = htons(ntohs(hp->ancount) + (u_int16_t)count); - if (fname != dname && qtype != T_CNAME && qtype != T_ANY) { - cname++; - goto try_again; - } - founddata = 1; - - ns_debug(ns_log_default, 3, - "resp: foundname=%d, count=%d, founddata=%d, cname=%d", - foundname, count, founddata, cname); - - if (count > 1 && qtype == T_A) - sort_response(answers, cp, count, &qp->q_from); - - fetch_ns: - if (hp->tc) - goto return_newmsg; - - /* - * Look for name servers to refer to and fill in the authority - * section or record the address for forwarding the query - * (recursion desired). - */ - free_nsp(nsp); - switch (findns(&np, qclass, nsp, &count, 0)) { - case NXDOMAIN: /* shouldn't happen */ - ns_debug(ns_log_default, 3, "req: leaving (%s, rcode %d)", - dname, hp->rcode); - if (!foundname) - hp->rcode = NXDOMAIN; - if (qclass != C_ANY) { - if (!cname) - hp->aa = 1; - if (np && (!foundname || !founddata)) { - n = doaddauth(hp, cp, buflen, np, nsp[0]); - cp += n; - buflen -= n; - } - } - goto return_newmsg; - - case SERVFAIL: - goto servfail; - } - - if (founddata) { - hp = (HEADER *)newmsg; - n = add_data(np, nsp, cp, buflen, &count); - if (n < 0) { - hp->tc = 1; - n = (-n); - } - cp += n; - buflen -= n; - hp->nscount = htons((u_int16_t)count + ntohs(hp->nscount)); - goto return_newmsg; - } - - /* - * If we get here, we don't have the answer yet and are about - * to iterate to try and get it. First, infinite loop avoidance. - */ - if (qp->q_nqueries++ > MAXQUERIES) { - ns_debug(ns_log_default, 1, - "resp: MAXQUERIES exceeded (%s %s %s)", - dname, p_class(qclass), p_type(qtype)); - ns_info(ns_log_default, - "MAXQUERIES exceeded, possible data loop in resolving (%s)", - dname); - goto servfail; - } - - /* Reset the query control structure */ - - ns_freeqns(qp); - qp->q_naddr = 0; - qp->q_curaddr = 0; - nsfwdadd(qp, NS_ZFWDTAB(qp->q_fzone)); - - if (qp->q_domain != NULL) - (void)freestr(qp->q_domain); - getname(np, tmpdomain, sizeof tmpdomain); - qp->q_domain = savestr(tmpdomain, 1); - - if (NS_ZOPTION_P(qp->q_fzone, OPTION_FORWARD_ONLY)) - n = 0; - else if ((n = nslookup(nsp, qp, dname, "ns_resp")) <= 0) { - if (n < 0) { - if (n == -1) - ns_debug(ns_log_default, 3, - "resp: nslookup reports danger"); - if (cname) /* a remote CNAME that does not have data */ - goto return_newmsg; - goto servfail; - } else { - ns_debug(ns_log_default, 3, - "resp: no addrs found for NS's"); - /* - * Timeout while sysquery looks up the NS addresses. - * - * Hopefully we'll have them when the client asks - * again. - * - * too bad we can't just wait for the sysquery - * response to restart this query (it's too hard). - * - * We could try to crawl back up the tree looking - * for reachable servers, but we may have just - * gotten delegated down here by a response with - * no A RRs for the servers. If we blindly tried - * this strategy, we bang on the same server forever. - */ - goto timeout; - } - } - for (n = 0; (u_int)n < qp->q_naddr; n++) - qp->q_addr[n].stime.tv_sec = 0; - qp->q_addr[0].stime = tt; - if (cname) { - if (qp->q_cname++ == MAXCNAMES) { - ns_debug(ns_log_default, 3, - "resp: leaving, MAXCNAMES exceeded"); - goto servfail; - } - ns_debug(ns_log_default, 1, "q_cname = %d", qp->q_cname); - ns_debug(ns_log_default, 3, - "resp: building recursive query; nslookup"); - if (qp->q_cmsg == NULL) { - qp->q_cmsg = qp->q_msg; - qp->q_cmsglen = qp->q_msglen; - qp->q_cmsgsize = qp->q_msgsize; - } else if (qp->q_msg != NULL) - memput(qp->q_msg, qp->q_msgsize); - qp->q_msg = (u_char *)memget(PACKETSZ); - if (qp->q_msg == NULL) { - ns_notice(ns_log_default, "resp: memget error"); - goto servfail; - } - qp->q_msgsize = PACKETSZ; - n = res_nmkquery(&res, QUERY, dname, qclass, qtype, - NULL, 0, NULL, qp->q_msg, PACKETSZ); - if (n < 0) { - ns_info(ns_log_default, "resp: res_mkquery(%s) failed", - dname); - goto servfail; - } - if (qp->q_name != NULL) - (void)freestr(qp->q_name); - qp->q_name = savestr(dname, 1); - qp->q_msglen = n; - hp = (HEADER *) qp->q_msg; - hp->rd = 0; - } else - hp = (HEADER *) qp->q_msg; - hp->id = qp->q_nsid = htons(nsid_next()); - hp->rd = (qp->q_addr[0].forwarder ? 1 : 0); - unsched(qp); - schedretry(qp, retrytime(qp)); - nsa = Q_NEXTADDR(qp, 0); - if (ns_wouldlog(ns_log_default, 1)) { - ns_debug(ns_log_default, 1, - "resp: forw -> %s ds=%d nsid=%d id=%d %dms", - sin_ntoa(*nsa), ds, - ntohs(qp->q_nsid), ntohs(qp->q_id), - (qp->q_addr[0].nsdata != NULL) - ? qp->q_addr[0].nsdata->d_nstime - : -1); - } -#ifdef DEBUG - if (debug >= 10) - res_pquery(&res, qp->q_msg, qp->q_msglen, - log_get_stream(packet_channel)); -#endif - key = qp->q_keys[0]; - if (key == NULL) - key = qp->q_keys[0] = tsig_key_from_addr(nsa->sin_addr); - if (key != NULL || !qp->q_addr[0].noedns) { - smsgsize = qp->q_msglen + TSIG_BUF_SIZE + 11; - smsg = memget(smsgsize); - smsglen = qp->q_msglen; - siglen = sizeof(sig); - memcpy(smsg, qp->q_msg, qp->q_msglen); - } - - if (!qp->q_addr[0].noedns) - smsglen += ns_add_opt(smsg, smsg + smsglen, smsgsize, 0, 0, - server_options->edns_udp_size, - 0, NULL, 0); - if (key != NULL) { - n = ns_sign(smsg, &smsglen, smsgsize, NOERROR, key, NULL, 0, - sig, &siglen, 0); - if (n == 0) { - has_tsig = 1; - free_tsig(qp->q_nstsig); - qp->q_nstsig = new_tsig(key, sig, siglen); - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - INSIST(0); - } - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - } - - if (smsg != NULL) { - oldqbuf = qp->q_msg; - oldqlen = qp->q_msglen; - qp->q_msglen = smsglen; - qp->q_msg = smsg; - } - - if (qp->q_flags & Q_USEVC) { - if (tcp_send(qp) != NOERROR) { - if (!haveComplained(ina_ulong(nsa->sin_addr), - (u_long)tcpsendStr)) - ns_info(ns_log_default, - "ns_resp: tcp_send(%s) failed: %s", - sin_ntoa(*nsa), strerror(errno)); - } - } else if (sendto(ds, (char*)qp->q_msg, qp->q_msglen, 0, - (struct sockaddr *)nsa, - sizeof(struct sockaddr_in)) < 0) - { - sendto_errno = errno; - if (!haveComplained(ina_ulong(nsa->sin_addr), - (u_long)sendtoStr)) - ns_info(ns_log_default, "ns_resp: sendto(%s): %s", - sin_ntoa(*nsa), strerror(errno)); - nameserIncr(nsa->sin_addr, nssSendtoErr); - } - - if (smsgsize != 0) { - memput(smsg, smsgsize); - qp->q_msg = oldqbuf; - qp->q_msglen = oldqlen; - } - hp->rd = 0; /* leave set to 0 for dup detection */ - nameserIncr(nsa->sin_addr, nssSentFwdR); - nameserIncr(qp->q_from.sin_addr, nssRcvdFwdR); - ns_debug(ns_log_default, 3, "resp: Query sent."); - free_nsp(nsp); - switch (sendto_errno) { - case ENETDOWN: - case ENETUNREACH: - case EHOSTDOWN: - case EHOSTUNREACH: - unsched(qp); - schedretry(qp, (time_t) 0); - } - return; - - formerr: - if (!haveComplained(ina_ulong(from.sin_addr), (u_long)formerrmsg)) - ns_info(ns_log_resp_checks, "Malformed response from %s (%s)", - sin_ntoa(from), formerrmsg); - fast_retry(qp, from, 0); - free_nsp(nsp); - return; - - return_msg: - nameserIncr(from.sin_addr, nssRcvdFwdR); - nameserIncr(qp->q_from.sin_addr, nssSentFwdR); - nameserIncr(qp->q_from.sin_addr, nssSentAns); - if (!hp->aa) - nameserIncr(qp->q_from.sin_addr, nssSentNaAns); - if (hp->rcode == NXDOMAIN) - nameserIncr(qp->q_from.sin_addr, nssSentNXD); - /* The "standard" return code */ - hp->qr = 1; - hp->id = qp->q_id; - hp->rd = 1; - hp->ra = (NS_OPTION_P(OPTION_NORECURSE) == 0); - (void) send_msg(msg, msglen, qp); - qremove(qp); - free_nsp(nsp); - return; - - return_newmsg: - nameserIncr(qp->q_from.sin_addr, nssSentAns); - - if (!hp->aa) - nameserIncr(qp->q_from.sin_addr, nssSentNaAns); - if (hp->rcode == NXDOMAIN) - nameserIncr(qp->q_from.sin_addr, nssSentNXD); - n = doaddinfo(hp, cp, buflen); - cp += n; - buflen -= n; - hp->qr = 1; - hp->id = qp->q_id; - hp->rd = 1; - hp->ra = (NS_OPTION_P(OPTION_NORECURSE) == 0); - (void) send_msg(newmsg, cp - newmsg, qp); - qremove(qp); - free_nsp(nsp); - return; - - refused: - hp = (HEADER *)(qp->q_cmsglen ? qp->q_cmsg : qp->q_msg); - hp->rcode = REFUSED; - hp->qr = 1; - hp->id = qp->q_id; - hp->rd = 1; - hp->ra = (NS_OPTION_P(OPTION_NORECURSE) == 0); - (void) send_msg((u_char *)hp, - (qp->q_cmsglen ? qp->q_cmsglen : qp->q_msglen), - qp); - qremove(qp); - free_nsp(nsp); - return; - - servfail: - nameserIncr(qp->q_from.sin_addr, nssSentFail); - hp = (HEADER *)(qp->q_cmsglen ? qp->q_cmsg : qp->q_msg); - hp->rcode = SERVFAIL; - hp->qr = 1; - hp->id = qp->q_id; - hp->rd = 1; - hp->ra = (NS_OPTION_P(OPTION_NORECURSE) == 0); - (void) send_msg((u_char *)hp, - (qp->q_cmsglen ? qp->q_cmsglen : qp->q_msglen), - qp); - qremove(qp); - free_nsp(nsp); - return; - - timeout: - if (qp->q_stream) - sq_remove(qp->q_stream); - qremove(qp); - free_nsp(nsp); - return; -} - -#define BOUNDS_CHECK(ptr, count) \ - do { \ - if ((ptr) + (count) > eom) { \ - hp->rcode = FORMERR; \ - return (-1); \ - } \ - } while (0) - -static int -rrextract(u_char *msg, int msglen, u_char *rrp, struct databuf **dpp, - char *dname, int namelen, struct sockaddr_in from, char **tnamep) -{ - u_char *cp, *eom, *rdatap; - u_int class, type, dlen; - int n, n1, n2; - u_int32_t ttl; - u_char *cp1, data[MAXDATA*2]; - HEADER *hp = (HEADER *)msg; - enum context context; - - if (tnamep != NULL) - *tnamep = NULL; - - *dpp = NULL; - cp = rrp; - eom = msg + msglen; - if ((n = dn_expand(msg, eom, cp, dname, namelen)) < 0) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - BOUNDS_CHECK(cp, 2*INT16SZ + INT32SZ + INT16SZ); - GETSHORT(type, cp); - GETSHORT(class, cp); - if (type != ns_t_opt && class > CLASS_MAX) { - ns_debug(ns_log_default, 3, "bad class in rrextract"); - hp->rcode = FORMERR; - return (-1); - } - GETLONG(ttl, cp); - if (ttl > MAXIMUM_TTL) { - ns_debug(ns_log_default, 5, "%s: converted TTL > %u to 0", - dname, MAXIMUM_TTL); - ttl = 0; - } - GETSHORT(dlen, cp); - BOUNDS_CHECK(cp, dlen); - rdatap = cp; - if (!ns_nameok(NULL, dname, class, NULL, response_trans, - ns_ownercontext(type, response_trans), - dname, from.sin_addr)) { - hp->rcode = REFUSED; - return (-1); - } - ns_debug(ns_log_default, 3, - "rrextract: dname %s type %d class %d ttl %d", - dname, type, class, ttl); - /* - * Convert the resource record data into the internal - * database format. - * - * On entry to the switch: - * CP points to the RDATA section of the wire-format RR. - * DLEN is its length. - * The memory area at DATA is available for processing. - * - * On exit from the switch: - * CP has been incremented past the RR. - * CP1 points to the RDATA section of the database-format RR. - * N contains the length of the RDATA section of the dbase-format RR. - * - * The new data at CP1 for length N will be copied into the database, - * so it need not be in any particular storage location. - */ - switch (type) { - case T_A: - if (dlen != INT32SZ) { - hp->rcode = FORMERR; - return (-1); - } - /*FALLTHROUGH*/ - case T_WKS: - case T_HINFO: - case T_TXT: - case T_X25: - case T_ISDN: - case T_NSAP: - case T_AAAA: - case T_LOC: - case T_KEY: - case ns_t_cert: - case ns_t_opt: - cp1 = cp; - n = dlen; - cp += n; - break; - - case T_CNAME: - case T_MB: - case T_MG: - case T_MR: - case T_NS: - case T_PTR: - n = dn_expand(msg, eom, cp, (char *)data, sizeof data); - if (n < 0) { - hp->rcode = FORMERR; - return (-1); - } - if (!ns_nameok(NULL, (char *)data, class, NULL, response_trans, - type == T_PTR ?ns_ptrcontext(dname) :domain_ctx, - dname, from.sin_addr)) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - cp1 = data; - n = strlen((char *)data) + 1; - if (tnamep != NULL && (type == T_NS || type == T_MB)) - *tnamep = savestr((char *)cp1, 1); - break; - - case T_SOA: - context = hostname_ctx; - goto soa_rp_minfo; - case T_RP: - case T_MINFO: - context = mailname_ctx; - /* FALLTHROUGH */ - soa_rp_minfo: - n = dn_expand(msg, eom, cp, (char *)data, sizeof data); - if (n < 0) { - hp->rcode = FORMERR; - return (-1); - } - if (!ns_nameok(NULL, (char *)data, class, NULL, response_trans, - context, dname, from.sin_addr)) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - /* - * The next use of 'cp' is dn_expand(), so we don't have - * to BOUNDS_CHECK() here. - */ - cp1 = data + (n = strlen((char *)data) + 1); - n1 = sizeof(data) - n; - if (type == T_SOA) - n1 -= 5 * INT32SZ; - n = dn_expand(msg, eom, cp, (char *)cp1, n1); - if (n < 0) { - hp->rcode = FORMERR; - return (-1); - } - if (type == T_RP) - context = domain_ctx; - else - context = mailname_ctx; - if (!ns_nameok(NULL, (char *)cp1, class, NULL, response_trans, - context, dname, from.sin_addr)) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - cp1 += strlen((char *)cp1) + 1; - if (type == T_SOA) { - n = 5 * INT32SZ; - BOUNDS_CHECK(cp, n); - memcpy(cp1, cp, n); - cp += n; - cp1 += n; - } - n = cp1 - data; - cp1 = data; - if (tnamep != NULL && type == T_SOA) - *tnamep = savestr((char *)cp1, 1); - break; - - case T_NAPTR: - /* Grab weight and port. */ - BOUNDS_CHECK(cp, INT16SZ*2); - memcpy(data, cp, INT16SZ*2); - cp1 = data + INT16SZ*2; - cp += INT16SZ*2; - - /* Flags */ - BOUNDS_CHECK(cp, 1); - n = *cp++; - BOUNDS_CHECK(cp, n); - *cp1++ = n; - memcpy(cp1, cp, n); - cp += n; cp1 += n; - - /* Service */ - BOUNDS_CHECK(cp, 1); - n = *cp++; - BOUNDS_CHECK(cp, n); - *cp1++ = n; - memcpy(cp1, cp, n); - cp += n; cp1 += n; - - /* Regexp */ - BOUNDS_CHECK(cp, 1); - n = *cp++; - BOUNDS_CHECK(cp, n); - *cp1++ = n; - memcpy(cp1, cp, n); - cp += n; cp1 += n; - - /* Replacement */ - n = dn_expand(msg, eom, cp, (char *)cp1, - sizeof data - (cp1 - data)); - if (n < 0) { - hp->rcode = FORMERR; - return (-1); - } - if (!ns_nameok(NULL, (char *)cp1, class, NULL, response_trans, - hostname_ctx, dname, from.sin_addr)) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - - if (tnamep != NULL && *cp1 != 0) - *tnamep = savestr((char *)cp1, 1); - - /* compute end of data */ - cp1 += strlen((char *)cp1) + 1; - /* compute size of data */ - n = cp1 - data; - cp1 = data; - break; - - case T_MX: - case T_AFSDB: - case T_RT: - case T_SRV: - /* grab preference */ - BOUNDS_CHECK(cp, INT16SZ); - memcpy(data, cp, INT16SZ); - cp1 = data + INT16SZ; - cp += INT16SZ; - - if (type == T_SRV) { - /* Grab weight and port. */ - BOUNDS_CHECK(cp, INT16SZ*2); - memcpy(cp1, cp, INT16SZ*2); - cp1 += INT16SZ*2; - cp += INT16SZ*2; - } - - /* get name */ - n = dn_expand(msg, eom, cp, (char *)cp1, - sizeof data - (cp1 - data)); - if (n < 0) { - hp->rcode = FORMERR; - return (-1); - } - if (!ns_nameok(NULL, (char *)cp1, class, NULL, response_trans, - hostname_ctx, dname, from.sin_addr)) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - - if (tnamep != NULL) - *tnamep = savestr((char *)cp1, 1); - - /* compute end of data */ - cp1 += strlen((char *)cp1) + 1; - /* compute size of data */ - n = cp1 - data; - cp1 = data; - break; - - case T_PX: - /* grab preference */ - BOUNDS_CHECK(cp, INT16SZ); - memcpy(data, cp, INT16SZ); - cp1 = data + INT16SZ; - cp += INT16SZ; - - /* get MAP822 name */ - n = dn_expand(msg, eom, cp, (char *)cp1, - sizeof data - INT16SZ); - if (n < 0) { - hp->rcode = FORMERR; - return (-1); - } - if (!ns_nameok(NULL, (char *)cp1, class, NULL, response_trans, - domain_ctx, dname, from.sin_addr)) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - /* - * The next use of 'cp' is dn_expand(), so we don't have - * to BOUNDS_CHECK() here. - */ - cp1 += (n = strlen((char *)cp1) + 1); - n1 = sizeof(data) - n - INT16SZ; - n = dn_expand(msg, eom, cp, (char *)cp1, n1); - if (n < 0) { - hp->rcode = FORMERR; - return (-1); - } - if (!ns_nameok(NULL, (char *)cp1, class, NULL, response_trans, - domain_ctx, dname, from.sin_addr)) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - cp1 += strlen((char *)cp1) + 1; - n = cp1 - data; - cp1 = data; - break; - - case T_SIG: { - u_int32_t origTTL, exptime, signtime, timetilexp, now; - u_int8_t alg; - - /* Check signature time, expiration, and adjust TTL. */ - /* This code is similar to that in db_load.c. */ - - /* Skip coveredType, save alg, skip labels */ - BOUNDS_CHECK(cp, INT16SZ + 1 + 1 + 3*INT32SZ); - cp1 = cp + INT16SZ; - alg = *cp1++; - cp1++; - GETLONG(origTTL, cp1); - GETLONG(exptime, cp1); - GETLONG(signtime, cp1); - now = time(NULL); /* Get current time in GMT/UTC */ - - /* Don't let bogus name servers increase the signed TTL */ - if (ttl > origTTL) { - ns_debug(ns_log_default, 3, - "shrinking SIG TTL from %lu to origTTL %lu", - (unsigned long)ttl, (unsigned long)origTTL); - ttl = origTTL; - } - - /* - * Check that expire and signature times are internally - * consistant. - */ - if (!SEQ_GT(exptime, signtime) && exptime != signtime) { - ns_debug(ns_log_default, 3, - "ignoring SIG: signature expires before it was signed"); - return ((cp - rrp) + dlen); - } - - /* Don't let bogus signers "sign" in the future. */ - if (SEQ_GT(signtime, now)) { - ns_debug(ns_log_default, 3, - "ignoring SIG: signature date %s is in the future", - p_secstodate (signtime)); - return ((cp - rrp) + dlen); - } - - /* Ignore received SIG RR's that are already expired. */ - if (SEQ_GT(now, exptime)) { - ns_debug(ns_log_default, 3, - "ignoring SIG: expiration %s is in the past", - p_secstodate (exptime)); - return ((cp - rrp) + dlen); - } - - /* Lop off the TTL at the expiration time. */ - timetilexp = exptime - now; - if (timetilexp < ttl) { - ns_debug(ns_log_default, 3, - "shrinking expiring %s SIG TTL from %d to %d", - p_secstodate (exptime), ttl, timetilexp); - ttl = timetilexp; - } - - /* The following code is copied from named-xfer.c. */ - cp1 = (u_char *)data; - - /* first just copy over the type_covered, algorithm, */ - /* labels, orig ttl, two timestamps, and the footprint */ - BOUNDS_CHECK(cp, 18); - memcpy(cp1, cp, 18); - cp += 18; - cp1 += 18; - - /* then the signer's name */ - n = dn_expand(msg, eom, cp, (char *)cp1, (sizeof data) - 18); - if (n < 0 || n + NS_SIG_SIGNER > (int)dlen) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - cp1 += strlen((char*)cp1)+1; - - /* finally, we copy over the variable-length signature. - Its size is the total data length, minus what we copied. */ - n = dlen - (NS_SIG_SIGNER + n); - - if (n > (int)(sizeof data) - (cp1 - (u_char *)data)) { - hp->rcode = FORMERR; - return (-1); /* out of room! */ - } - - switch (alg) { - case NS_ALG_MD5RSA: - if (n < NS_MD5RSA_MIN_SIZE || n > NS_MD5RSA_MAX_SIZE) - hp->rcode = FORMERR; - break; - - case NS_ALG_DSA: - if (n != NS_DSA_SIG_SIZE) - hp->rcode = FORMERR; - break; - - default: - break; - } - - if (hp->rcode == FORMERR) - return (-1); - - memcpy(cp1, cp, n); - cp += n; - cp1 += n; - - /* compute size of data */ - n = cp1 - (u_char *)data; - cp1 = (u_char *)data; - break; - } - - case T_NXT: - n = dn_expand(msg, eom, cp, (char *)data, sizeof data); - /* - * By testing if n >= dlen, we are requiring that the type - * bitmap be at least one octet. This is reasonable - * because we always have to look at the 0 bit to see if - * this is a "different format" NXT or not. - */ - if (n < 0 || n >= (int)dlen) { - hp->rcode = FORMERR; - return (-1); - } - if (!ns_nameok(NULL, (char *)data, class, NULL, response_trans, - domain_ctx, dname, from.sin_addr)) { - hp->rcode = FORMERR; - return (-1); - } - cp += n; - n1 = strlen((char *)data) + 1; - cp1 = data + n1; - /* - * We don't need to BOUNDS_CHECK() cp here because we've - * previously checked that 'dlen' bytes are in bounds, and - * we know that n < dlen. - */ - n2 = dlen - n; - /* - * The first bit of the first octet determines the format - * of the NXT record. A format for types >= 128 has not - * yet been defined, so if bit zero is set, we just copy - * what's there because we don't understand it. - */ - if ((*cp & 0x80) == 0) { - /* - * Bit zero is not set; this is an ordinary NXT - * record. The bitmap must be at least 4 octets - * because the NXT bit should be set. It should be - * less than or equal to 16 octets because this NXT - * format is only defined for types < 128. - */ - if (n2 < 4 || n2 > 16) { - hp->rcode = FORMERR; - return (-1); - } - } - if (n2 > (int)(sizeof data - n1)) { - hp->rcode = FORMERR; - return (-1); - } - memcpy(cp1, cp, n2); - cp += n2; - cp1 += n2; - - /* compute size of data */ - n = cp1 - (u_char *)data; - cp1 = (u_char *)data; - break; - - default: - /* treat as opaque data */ - ns_debug(ns_log_default, 3, "unknown type %d", type); - cp1 = cp; - n = dlen; - cp += n; - } - - if (cp > eom) { - hp->rcode = FORMERR; - return (-1); - } - if ((u_int)(cp - rdatap) != dlen) { - ns_debug(ns_log_default, 3, - "encoded rdata length is %u, but actual length was %u", - dlen, (u_int)(cp - rdatap)); - hp->rcode = FORMERR; - return (-1); - } - if (n > MAXDATA) { - ns_debug(ns_log_default, 1, - "update type %d: %d bytes is too much data", - type, n); - hp->rcode = FORMERR; - return (-1); - } - - ttl += tt.tv_sec; - if (type == ns_t_opt) - class = 0; /* Lie. */ - *dpp = savedata(class, type, ttl, cp1, n); - return (cp - rrp); -} - -int -send_msg(u_char *msg, int msglen, struct qinfo *qp) { - HEADER *hp = (HEADER *) msg; - u_char *oldmsg; - int oldlen = 0; - int msgsize; - int ret; - int trunc; - int adjust = 0; - - if (qp->q_flags & Q_SYSTEM) - return (1); - - trunc = (qp->q_stream != NULL) ? NS_MAXMSG : qp->q_udpsize; - if (qp->q_tsig != NULL) - adjust += qp->q_tsig->tsig_size; - if ((qp->q_flags & Q_EDNS) != 0) - adjust += 11; - if (msglen > trunc - adjust) - msglen = trunc_adjust(msg, msglen, trunc - adjust); - - if (ns_wouldlog(ns_log_default, 1)) { - ns_debug(ns_log_default, 1, "send_msg -> %s (%s %d) id=%d", - sin_ntoa(qp->q_from), - qp->q_stream == NULL ? "UDP" : "TCP", - qp->q_stream == NULL ? qp->q_dfd : qp->q_stream->s_rfd, - ntohs(qp->q_id)); - } -#ifdef DEBUG - if (ns_wouldlog(ns_log_default, 4)) { - struct qinfo *tqp; - - for (tqp = nsqhead; tqp != NULL; tqp = tqp->q_link) { - ns_debug(ns_log_default, 4, - "qp %#lx q_id: %d q_nsid: %d q_msglen: %d", - (u_long)tqp, tqp->q_id, - tqp->q_nsid, tqp->q_msglen); - ns_debug(ns_log_default, 4, - "\tq_naddr: %d q_curaddr: %d", - tqp->q_naddr, tqp->q_curaddr); - ns_debug(ns_log_default, 4, - "\tq_next: %#lx q_link: %#lx", - (u_long)qp->q_next, (u_long)qp->q_link); - } - } -#endif /* DEBUG */ - - if (adjust != 0) { - oldmsg = msg; - oldlen = msglen; - msgsize = msglen + adjust; - msg = memget(msgsize); - memcpy(msg, oldmsg, oldlen); - } else - msgsize = msglen; /* silence compiler */ - - if ((qp->q_flags & Q_EDNS) != 0) - msglen += ns_add_opt(msg, msg + msglen, msgsize, 0, hp->rcode, - server_options->edns_udp_size, - 0, NULL, 0); - - if (qp->q_tsig != NULL) { - u_char sig[TSIG_SIG_SIZE]; - int siglen = sizeof(sig); - - ret = ns_sign(msg, &msglen, msgsize, NOERROR, qp->q_tsig->key, - qp->q_tsig->sig, qp->q_tsig->siglen, - sig, &siglen, 0); - - if (ret != 0) { - INSIST(0); - } - } - -#ifdef DEBUG - if (debug >= 6) - res_pquery(&res, msg, msglen, log_get_stream(packet_channel)); -#endif /* DEBUG */ - - if (qp->q_stream == NULL) { - /* - * Don't send FORMERR to certian well known ports. - */ - if (hp->rcode == FORMERR && - drop_port(ntohs(qp->q_from.sin_port))) - return (-1); - if (sendto(qp->q_dfd, (char*)msg, msglen, 0, - (struct sockaddr *)&qp->q_from, - sizeof(qp->q_from)) < 0) { - if (!haveComplained(ina_ulong(qp->q_from.sin_addr), - (u_long)sendtoStr)) -#if defined(SPURIOUS_ECONNREFUSED) - if (errno != ECONNREFUSED) -#endif - ns_info(ns_log_default, - "send_msg: sendto(%s): %s", - sin_ntoa(qp->q_from), - strerror(errno)); - nameserIncr(qp->q_from.sin_addr, nssSendtoErr); - return (1); - } - } else - writestream(qp->q_stream, (u_char*)msg, msglen); - - if (adjust != 0) - memput(msg, oldlen + adjust); - - return (0); -} - -static int -root_server_p(ns_class class) { - struct zoneinfo *zp = find_zone("", class); - - return (zp != NULL && - (zp->z_type == z_master || zp->z_type == z_slave)); -} - -void -prime_cache(void) { - int root = root_server_p(ns_c_in); - - ns_debug(ns_log_default, 1, "prime_cache: priming = %d, root = %d", - priming, root); - if (!priming && !root) { - struct qinfo *qp = sysquery("", ns_c_in, ns_t_ns, - NULL, NULL, 0, ns_port, - ns_o_query, 0); - - if (qp != NULL) { - qp->q_flags |= (Q_SYSTEM | Q_PRIMING); - priming++; - } - } - needs_prime_cache = 0; -} - -struct qinfo * -sysquery(const char *dname, int class, int type, - struct in_addr *nss, struct dst_key **keys, int nsc, - u_int16_t port, int opcode, int distance) -{ - struct qinfo *qp, *oqp; - HEADER *hp; - char tmpdomain[MAXDNAME]; - struct namebuf *np = NULL; - struct databuf *nsp[NSMAX]; - struct hashbuf *htp1; - struct hashbuf *htp2; - struct hashbuf *htp3; - struct sockaddr_in *nsa; - const char *fname; - int n, count; - int sendto_errno = 0; - u_char *oldqbuf = NULL; - int oldqlen = 0, has_tsig; - u_char *smsg = NULL; - int smsglen, smsgsize = 0, siglen; - u_char sig[TSIG_SIG_SIZE]; - DST_KEY *key; - - nsp[0] = NULL; - ns_debug(ns_log_default, 3, "sysquery(%s, %d, %d, %p, %p, %d, %d)", - dname, class, type, nss, keys, nsc, ntohs(port)); - qp = qnew(dname, class, type, (nss != NULL && nsc != 0) ? 0 : 1); - - qp->q_distance = distance; - - if (nss != NULL && nsc != 0) - np = NULL; - else if (!NS_ZOPTION_P(qp->q_fzone, OPTION_FORWARD_ONLY)) { - htp1 = hashtab; - htp2 = hashtab; - htp3 = fcachetab; - if (priming && dname[0] == '\0') { - np = NULL; - } else if (((np = nlookup(dname, &htp1, &fname, 0)) == NULL) && - ((np = nlookup("", &htp2, &fname, 0)) == NULL) && - ((np = nlookup("", &htp3, &fname, 0)) == NULL)) { - ns_info(ns_log_default, - "sysquery: nlookup error on %s?", - dname); - err1: - ns_freeqry(qp); - return (NULL); - } - - n = findns(&np, class, nsp, &count, 0); - switch (n) { - case NXDOMAIN: - case SERVFAIL: - ns_info(ns_log_default, - "sysquery: findns error (%s) on %s?", - n == NXDOMAIN ? "NXDOMAIN" : "SERVFAIL", - dname); - err2: - free_nsp(nsp); - goto err1; - } - } - - /* Build new qinfo struct. */ - qp->q_cmsg = qp->q_msg = NULL; - qp->q_dfd = ds; - if (nss == NULL || nsc == 0) - nsfwdadd(qp, NS_ZFWDTAB(qp->q_fzone)); - qp->q_expire = tt.tv_sec + RETRY_TIMEOUT*2; - qp->q_flags |= Q_SYSTEM; - - getname(np, tmpdomain, sizeof tmpdomain); - qp->q_domain = savestr(tmpdomain, 1); - - if ((qp->q_msg = (u_char *)memget(PACKETSZ)) == NULL) { - ns_notice(ns_log_default, "sysquery: memget failed"); - goto err2; - } - qp->q_msgsize = PACKETSZ; - n = res_nmkquery(&res, opcode, dname, class, - type, NULL, 0, NULL, - qp->q_msg, PACKETSZ); - if (n < 0) { - ns_info(ns_log_default, - "sysquery: res_mkquery(%s) failed", dname); - goto err2; - } - qp->q_msglen = n; - hp = (HEADER *) qp->q_msg; - hp->id = qp->q_nsid = htons(nsid_next()); - hp->rd = (qp->q_addr[qp->q_curaddr].forwarder ? 1 : 0); - hp->aa = (opcode == NS_NOTIFY_OP); - - /* First check for an already pending query for this data. */ - for (oqp = nsqhead; oqp != NULL; oqp = oqp->q_link) { - if ((oqp != qp) - && (oqp->q_msglen == qp->q_msglen) - && memcmp(oqp->q_msg+2, qp->q_msg + 2, - qp->q_msglen - 2) == 0 - ) { -#ifdef BIND_NOTIFY - /* XXX - need fancier test to suppress duplicate - * NOTIFYs to the same server (compare nss?) - */ - if (opcode != NS_NOTIFY_OP) -#endif /*BIND_NOTIFY*/ - { - ns_debug(ns_log_default, 3, - "sysquery: duplicate"); - goto err2; - } - } - } - - if (nss != NULL && nsc != 0) { - int i; - struct qserv *qs; - - for (i = 0, qs = qp->q_addr; i < nsc; i++, qs++) { - qs->ns_addr.sin_family = AF_INET; - qs->ns_addr.sin_addr = nss[i]; - qs->ns_addr.sin_port = port; - if (keys != NULL) - qp->q_keys[i] = keys[i]; - qs->ns = NULL; - qs->nsdata = NULL; - qs->stime = tt; - qs->forwarder = 0; - qs->noedns = 1; /* XXXMPA */ - qs->lame = 0; - qs->nretry = 0; - } - qp->q_naddr = nsc; - } else if (!NS_ZOPTION_P(qp->q_fzone, OPTION_FORWARD_ONLY)) { - fetch_a: - count = nslookup(nsp, qp, dname, "sysquery"); - if (count <= 0) { - if (count < 0) { - if (n == -1) - ns_info(ns_log_default, - "sysquery: nslookup reports danger (%s)", - dname); - goto err2; - } else if (np && NAME(*np)[0] == '\0') { - /* - * It's not too serious if we don't have - * the root server addresses if we have to - * go through a forwarder anyway. Don't - * bother to log it, since prime_cache() - * won't do anything about it as currently - * implemented. - * - * XXX - should we skip setting - * needs_prime_cache as well? - * - * XXX - what happens when we implement - * selective forwarding? - */ - if (!NS_OPTION_P(OPTION_FORWARD_ONLY)) - ns_warning(ns_log_default, - "sysquery: no addrs found for root NS (%s)", - dname); - if (class == C_IN && !priming) - needs_prime_cache = 1; - goto err2; - } - if (np) { - free_nsp(nsp); - nsp[0] = NULL; - np = np_parent(np); - n = findns(&np, class, nsp, &count, 0); - switch (n) { - case NXDOMAIN: /*FALLTHROUGH*/ - case SERVFAIL: - ns_info(ns_log_default, - "sysquery: findns error (%d) on %s?", - n, dname); - goto err2; - } - getname(np, tmpdomain, sizeof tmpdomain); - if (qp->q_domain != NULL) - (void)freestr(qp->q_domain); - qp->q_domain = savestr(tmpdomain, 1); - goto fetch_a; - } - goto err2; - } - } - - schedretry(qp, retrytime(qp)); - qp->q_addr[0].stime = tt; /* XXX - why not every? */ - nsa = Q_NEXTADDR(qp, 0); - - if (ns_wouldlog(ns_log_default, 1)) { - ns_debug(ns_log_default, 1, - "sysquery: send -> %s dfd=%d nsid=%d id=%d retry=%ld", - sin_ntoa(*nsa), qp->q_dfd, - ntohs(qp->q_nsid), ntohs(qp->q_id), - (long)qp->q_time); - } -#ifdef DEBUG - if (debug >= 10) - res_pquery(&res, qp->q_msg, qp->q_msglen, - log_get_stream(packet_channel)); -#endif - - key = qp->q_keys[0]; - if (key == NULL) - key = qp->q_keys[0] = tsig_key_from_addr(nsa->sin_addr); - if (key != NULL || !qp->q_addr[0].noedns) { - smsgsize = qp->q_msglen + TSIG_BUF_SIZE + 11; - smsg = memget(smsgsize); - smsglen = qp->q_msglen; - siglen = sizeof(sig); - memcpy(smsg, qp->q_msg, qp->q_msglen); - } - - if (!qp->q_addr[0].noedns) - smsglen += ns_add_opt(smsg, smsg + smsglen, smsgsize, 0, 0, - server_options->edns_udp_size, - 0, NULL, 0); - - if (key != NULL) { - n = ns_sign(smsg, &smsglen, smsgsize, NOERROR, key, NULL, 0, - sig, &siglen, 0); - if (n == 0) { - has_tsig = 1; - free_tsig(qp->q_nstsig); - qp->q_nstsig = new_tsig(key, sig, siglen); - } else { - INSIST(0); - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - } - } else { - has_tsig = 0; - free_tsig(qp->q_nstsig); - qp->q_nstsig = NULL; - } - - if (smsgsize != 0) { - oldqbuf = qp->q_msg; - oldqlen = qp->q_msglen; - qp->q_msglen = smsglen; - qp->q_msg = smsg; - } - - if (sendto(qp->q_dfd, (char*)qp->q_msg, qp->q_msglen, 0, - (struct sockaddr *)nsa, - sizeof(struct sockaddr_in)) < 0) { - sendto_errno = errno; - if (!haveComplained(ina_ulong(nsa->sin_addr), - (u_long)sendtoStr)) - ns_info(ns_log_default, "sysquery: sendto(%s): %s", - sin_ntoa(*nsa), strerror(errno)); - nameserIncr(nsa->sin_addr, nssSendtoErr); - } - - if (smsgsize != 0) { - memput(smsg, smsgsize); - qp->q_msg = oldqbuf; - qp->q_msglen = oldqlen; - } - - nameserIncr(nsa->sin_addr, nssSentSysQ); - free_nsp(nsp); - switch (sendto_errno) { - case ENETDOWN: - case ENETUNREACH: - case EHOSTDOWN: - case EHOSTUNREACH: - unsched(qp); - schedretry(qp, (time_t) 0); - } - return (qp); -} - -/* - * Check the list of root servers after receiving a response - * to a query for the root servers. - */ -static int -check_root() { - struct databuf *dp, *pdp; - struct namebuf *np; - int count = 0; - - priming = 0; - for (np = hashtab->h_tab[0]; np != NULL; np = np->n_next) - if (NAME(*np)[0] == '\0') - break; - if (np == NULL) { - ns_notice(ns_log_default, "check_root: Can't find root!"); - return (0); - } - for (dp = np->n_data; dp != NULL; dp = dp->d_next) - if (dp->d_type == T_NS) - count++; - ns_debug(ns_log_default, 1, "%d root servers", count); - if (count < server_options->minroots) { - ns_notice(ns_log_default, - "check_root: %d root servers after query to root server < min", - count); - return (0); - } - pdp = NULL; - dp = np->n_data; - while (dp != NULL) { - if (dp->d_type == T_NS && dp->d_zone == DB_Z_CACHE && - dp->d_ttl < (u_int32_t)tt.tv_sec) { - ns_debug(ns_log_default, 1, - "deleting old root server '%s'", - dp->d_data); - dp = rm_datum(dp, np, pdp, NULL); - /* SHOULD DELETE FROM HINTS ALSO */ - continue; - } - pdp = dp; - dp = dp->d_next; - } - if (check_ns()) - return (1); - else { - priming = 1; - return (0); - } -} - -/* - * Check the root to make sure that for each NS record we have a A RR - */ -static int -check_ns() { - struct databuf *dp, *tdp; - struct namebuf *np, *tnp; - struct hashbuf *htp; - char *dname; - int found_arr; - const char *fname; - time_t curtime; - int servers = 0, rrsets = 0; - - ns_debug(ns_log_default, 2, "check_ns()"); - - curtime = (u_int32_t) tt.tv_sec; - for (np = hashtab->h_tab[0]; np != NULL; np = np->n_next) { - if (NAME(*np)[0] != '\0') - continue; - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - int cnames = 0; - - if (dp->d_rcode) - continue; - - if (dp->d_type != T_NS) - continue; - - servers++; - - /* look for A records */ - dname = (caddr_t) dp->d_data; - htp = hashtab; - tnp = nlookup(dname, &htp, &fname, 0); - if (tnp == NULL || fname != dname) { - ns_debug(ns_log_default, 3, - "check_ns: %s: not found %s %#lx", - dname, fname, (u_long)tnp); - sysquery(dname, dp->d_class, T_A, NULL, NULL, - 0, ns_port, QUERY, 0); - continue; - } - /* look for name server addresses */ - found_arr = 0; - (void)delete_stale(tnp); - for (tdp = tnp->n_data; - tdp != NULL; - tdp = tdp->d_next) { - if (tdp->d_rcode) - continue; - if (tdp->d_type == T_CNAME) - cnames++; - if (tdp->d_type != T_A || - tdp->d_class != dp->d_class) - continue; - if ((tdp->d_zone == DB_Z_CACHE) && - (tdp->d_ttl < (u_int32_t)curtime)) { - ns_debug(ns_log_default, 3, - "check_ns: stale entry '%s'", - NAME(*tnp)); - found_arr = 0; - break; - } - found_arr++; - } - if (found_arr) - rrsets++; - else if (cnames > 0) - ns_info(ns_log_default, - "Root NS %s -> CNAME %s", - NAME(*np), NAME(*tnp)); - else - sysquery(dname, dp->d_class, T_A, NULL, NULL, - 0, ns_port, QUERY, 0); - } - } - - ns_debug(ns_log_default, 2, "check_ns: %d %d", servers, rrsets); - return ((servers <= 2) - ? (rrsets == servers) - : ((rrsets * 2) >= servers) - ); -} - -/* int findns(npp, class, nsp, countp, flag) - * Find NS's or an SOA - * npp, class: - * dname whose most enclosing NS is wanted - * nsp, countp: - * result array and count; array will also be NULL terminated - * flag: - * boolean: we're being called from ADDAUTH, bypass authority checks - * return value: - * NXDOMAIN: we are authoritative for this {dname,class} - * *countp is bogus, but nsp[] has a single SOA returned in it. - * SERVFAIL: we are auth but zone isn't loaded; or, no root servers found - * *countp and nsp[] are bogus. - * OK: we are not authoritative, and here are the NS records we found. - * *countp and nsp[] return NS records of interest. - */ -int -findns(struct namebuf **npp, int class, - struct databuf **nsp, int *countp, int flag) -{ - struct namebuf *np = *npp; - struct databuf *dp; - struct databuf **nspp; - struct hashbuf *htp; - - nsp[0] = NULL; - - if (priming && (np == NULL || NAME(*np)[0] == '\0')) - htp = fcachetab; - else - htp = hashtab; - - try_again: - if (htp == fcachetab && class == C_IN && !priming) - /* - * XXX - do we want to set needs_prime_cache if - * OPTION_FORWARD_ONLY? - */ - needs_prime_cache = 1; - if (np == NULL) { - /* find the root */ - for (np = htp->h_tab[0]; np != NULL; np = np->n_next) - if (NAME(*np)[0] == '\0') - break; - } - while (np != NULL) { - ns_debug(ns_log_default, 5, "findns: np %p '%s'", np, - NAME(*np)); - /* Look first for SOA records. */ -#ifdef ADDAUTH - if (!flag) -#endif - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (dp->d_zone != DB_Z_CACHE && - ((zones[dp->d_zone].z_type == Z_PRIMARY) || - (zones[dp->d_zone].z_type == Z_SECONDARY)) && - match(dp, class, T_SOA) && dp->d_type == T_SOA) { - ns_debug(ns_log_default, 3, - "findns: SOA found"); - if (zones[dp->d_zone].z_flags & Z_AUTH) { - *npp = np; - nsp[0] = dp; - nsp[1] = NULL; - DRCNTINC(dp); - return (NXDOMAIN); - } else { - /* XXX: zone isn't loaded but we're - * primary or slave for it. - * should we fwd this? - */ - return (SERVFAIL); - } - } - } - - /* If no SOA records, look for NS records. */ - nspp = &nsp[0]; - *nspp = NULL; - (void)delete_stale(np); - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (!match(dp, class, T_NS)) - continue; - if (dp->d_rcode) - continue; - /* - * Don't use records that may become invalid to - * reference later when we do the rtt computation. - * Never delete our safety-belt information! - * - * XXX: this is horribly bogus. - */ - if ((dp->d_zone == DB_Z_CACHE) && - (dp->d_ttl < (u_int32_t)tt.tv_sec) && - !(dp->d_flags & DB_F_HINT)) { - ns_debug(ns_log_default, 1, - "findns: stale entry '%s'", - NAME(*np)); - /* - * We may have already added NS databufs - * and are going to throw them away. Fix - * reference counts. We don't need to free - * them here as we just got them from the - * cache. - */ - while (nspp > &nsp[0]) - db_detach(--nspp); - nsp[0] = NULL; - goto try_parent; - } - if (nspp < &nsp[NSMAX-1]) { - *nspp++ = dp; - DRCNTINC(dp); - } - } - - *countp = nspp - nsp; - if (*countp > 0) { - ns_debug(ns_log_default, 3, - "findns: %d NS's added for '%s'", - *countp, NAME(*np)); - *nspp = NULL; - *npp = np; - return (OK); /* Success, got some NS's */ - } - try_parent: - np = np_parent(np); - } - if (htp == hashtab) { - htp = fcachetab; - goto try_again; - } - ns_debug(ns_log_default, 1, - "findns: No root nameservers for class %s?", p_class(class)); - if (!NS_OPTION_P(OPTION_FORWARD_ONLY) && - (unsigned)class < MAXCLASS && norootlogged[class] == 0) { - norootlogged[class] = 1; - ns_info(ns_log_default, "No root nameservers for class %s", - p_class(class)); - } - return (SERVFAIL); -} - - -/* - * Extract RR's from the given node that match class and type. - * Return number of bytes added to response. - * If no matching data is found, then 0 is returned. - */ -int -finddata(struct namebuf *np, int class, int type, - HEADER *hp, char **dnamep, int *lenp, int *countp, int pass, - int glueok) -{ - struct databuf *dp; - char *cp; - int buflen, n, count = 0; - char *new_dnamep = NULL; - int defer = 0, found_count = 0, choice, i; - struct databuf **found = NULL; - struct databuf **tmpfound = NULL; - int foundcname; - int stalecount; - int ret = 0; - - stalecount = delete_stale(np); - - /* We don't want to return cached SIG records when asked for SIGs, - * since we may have an incomplete set. - */ - if (type == T_SIG && findMyZone(np, class) == DB_Z_CACHE) - return(0); - - if (type != T_ANY && type != T_PTR && type != T_NXT) { - found = memget((stalecount + 1) * sizeof *found); - tmpfound = memget((stalecount + 1) * sizeof *tmpfound); - if (found == NULL || tmpfound == NULL) - ns_panic(ns_log_default, 1, "finddata: out of memory"); - defer = 1; - } - - buflen = *lenp; - -#ifdef DEBUG - if (buflen > PACKETSZ) - ns_debug(ns_log_default, 1, "finddata(): buflen=%d", buflen); -#endif - cp = ((char *)hp) + *countp; - foundcname = 0; - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (!wanted(dp, class, type)) - continue; - if (dp->d_cred == DB_C_ADDITIONAL) { -#ifdef NOADDITIONAL - continue; -#else - /* we want to expire additional data very - * quickly. current strategy is to cut 5% - * off each time it is accessed. this makes - * stale(dp) true earlier when this datum is - * used often. - */ - dp->d_ttl = tt.tv_sec - + - 0.95 * (int) (dp->d_ttl - tt.tv_sec); -#endif - } - /* -ve $ing stuff, anant@isi.edu - * if we have a -ve $ed record, change the rcode on the - * header to reflect that - */ - if (dp->d_rcode == NOERROR_NODATA) { - if (count != 0) { - /* - * This should not happen, yet it does... - */ - ns_info(ns_log_default, - "NODATA & data for \"%s\" type %d class %d", - *dnamep, type, class); - continue; - } - if (type == T_ANY && dp->d_type != T_ANY) - continue; - hp->rcode = NOERROR_NODATA; - if (dp->d_size == 0) { /* !RETURNSOA */ - ret = 1; - goto done; - } - } - if (dp->d_rcode == NXDOMAIN) { - if (count != 0) { - /* - * This should not happen, yet it might... - */ - ns_info(ns_log_default, - "NXDOMAIN & data for \"%s\" type %d class %d", - *dnamep, type, class); - continue; - } - hp->rcode = NXDOMAIN; - if (dp->d_size == 0) { /* !RETURNSOA */ - ret = 1; - goto done; - } - } -#ifdef HITCOUNTS - ++dp->d_hitcnt; - ++db_total_hits; -#endif /* HITCOUNTS */ - - /* Don't put anything but key or sig RR's in response to - requests for key or sig */ - if (((type == T_SIG) || (type == T_KEY)) && - (!((dp->d_type == T_SIG) || (dp->d_type == T_KEY))) ) - continue; - - /* Don't return glue (NS/A/AAAA) */ - if (!glueok && findMyZone(np, class) == DB_Z_CACHE) - continue; - - if (!defer) { - if (foundcname != 0 && dp->d_type == T_CNAME) - continue; - - if ((n = make_rr(*dnamep, dp, (u_char *)cp, buflen, 1, - dnptrs, dnptrs_end, 0)) < 0) { - hp->tc = 1; - ret = *lenp - buflen; - goto done; - } - if (dp->d_secure != DB_S_SECURE) - hp->ad = 0; - cp += n; - buflen -= n; - count++; - - if (dp->d_type == T_CNAME) { - foundcname = 1; - -#define SETAA(pass, class, dp) \ - (pass == 1 && class != C_ANY && dp->d_zone != DB_Z_CACHE && \ - (zones[dp->d_zone].z_type == z_master || \ - zones[dp->d_zone].z_type == z_slave) && \ - (zones[dp->d_zone].z_flags & Z_AUTH) != 0) - - if (SETAA(pass, class, dp)) - hp->aa = 1; - -#define FOLLOWCNAME(type) \ - (type != T_KEY) && (type != T_SIG) && (type != T_NXT) && (type != T_ANY) - /* don't alias if querying for key, sig, nxt, or any */ - - if (FOLLOWCNAME(type)) - new_dnamep = (char *)dp->d_data; - } - } else { - if (dp->d_type == T_CNAME) { - foundcname = 1; - - if (SETAA(pass, class, dp)) - hp->aa = 1; - - } - found[found_count++] = dp; - } - } - - if (found_count == 0 && count == 0) { - ret = 0; - goto done; - } - - /* - * If the query type was SIG or ANY we will have returned the SIG - * records already. - */ - if (type != T_SIG && type != T_ANY) { - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (!wantedsig(dp, class, type)) - continue; - if (dp->d_cred == DB_C_ADDITIONAL) { -#ifdef NOADDITIONAL - continue; -#else - /* we want to expire additional data very - * quickly. current strategy is to cut 5% - * off each time it is accessed. this makes - * stale(dp) true earlier when this datum is - * used often. - */ - dp->d_ttl = tt.tv_sec - + - 0.95 * (int) (dp->d_ttl - tt.tv_sec); -#endif - } - if (!defer) { - if ((n = make_rr(*dnamep, dp, (u_char *)cp, - buflen, 1, dnptrs, dnptrs_end, - 0)) < 0) { - hp->tc = 1; - ret = *lenp - buflen; - goto done; - } - if (dp->d_secure != DB_S_SECURE) - hp->ad = 0; - cp += n; - buflen -= n; - count++; - } else - found[found_count++] = dp; - } - } - - if (defer && found_count > 0) { - int first_sig; - int non_sig_count; - int sig_count; /* number of SIG records in found */ - int idx, jdx; - enum ordering order; - - order = match_order(np, class, foundcname ? T_CNAME : type); - - /* - * shuffle the SIG records down to the bottom of the array - * as we need to make sure they get packed last, no matter - * what the ordering is. We're sure to maintain the - * original ordering within the two sets of records (so - * that fixed_order can work). - * First we pack the non-SIG records into the temp array. - */ - for (idx = jdx = 0 ; idx < found_count ; idx++) { - if (found[idx]->d_type != T_SIG) { - tmpfound[jdx++] = found[idx]; - } - } - non_sig_count = jdx; - sig_count = found_count - jdx; - first_sig = jdx ; - - /* - * now shift the SIG records down to the end of the array - * and copy in the non-SIG records - */ - for (i = idx = found_count - 1 ; i >= 0 ; idx--) { - if (i < non_sig_count) { - found[i] = tmpfound[i]; - i--; - } else if (found[idx]->d_type == T_SIG) { - found[i--] = found[idx] ; - } - } - - foundcname = 0; - switch (order) { - case fixed_order: - for (i = 0; i < found_count; i++) { - dp = found[i]; - if (foundcname != 0 && dp->d_type == T_CNAME) - continue; - if (dp->d_type == T_CNAME) { - foundcname = 1; - if (FOLLOWCNAME(type)) { - new_dnamep = (char *)dp->d_data; - } - } - if ((n = make_rr(*dnamep, dp, (u_char *)cp, - buflen, 1, - dnptrs, dnptrs_end, 0)) < 0) { - hp->tc = 1; - ret = *lenp - buflen; - goto done; - } - if (dp->d_secure != DB_S_SECURE) - hp->ad = 0; - cp += n; - buflen -= n; - count++; - } - break; - - case random_order: { - /* first we shuffle the non-SIG records */ - int iters = non_sig_count; - for (i = 0; i < iters; i++) { - choice = ((u_int)rand()>>3) % non_sig_count; - non_sig_count--; - dp = found[choice]; - found[choice] = found[non_sig_count]; - if (foundcname != 0 && dp->d_type == T_CNAME) - continue; - if (dp->d_type == T_CNAME) { - foundcname = 1; - if (FOLLOWCNAME(type)) { - new_dnamep = (char *)dp->d_data; - } - } - if ((n = make_rr(*dnamep, dp, (u_char *)cp, - buflen, 1, - dnptrs, dnptrs_end, 0)) < 0) { - hp->tc = 1; - ret = *lenp - buflen; - goto done; - } - if (dp->d_secure != DB_S_SECURE) - hp->ad = 0; - cp += n; - buflen -= n; - count++; - } - - /* now shuffle the SIG records */ - iters = sig_count; - for (i = 0; i < iters; i++) { - choice = ((u_int)rand()>>3) % sig_count; - choice += first_sig; - sig_count--; - dp = found[choice]; - found[choice] = found[sig_count + first_sig]; - if ((n = make_rr(*dnamep, dp, (u_char *)cp, - buflen, 1, - dnptrs, dnptrs_end, 0)) < 0) { - hp->tc = 1; - ret = *lenp - buflen; - goto done; - } - if (dp->d_secure != DB_S_SECURE) - hp->ad = 0; - cp += n; - buflen -= n; - count++; - } - break; - } - - case cyclic_order: - /* first we do the non-SIG records */ - if (non_sig_count > 0) - choice = ((u_int)rand()>>3) % non_sig_count; - else - choice = 0; - for (i = 0; i < non_sig_count ; i++) { - dp = found[(i + choice) % non_sig_count]; - if (foundcname != 0 && dp->d_type == T_CNAME) - continue; - if (dp->d_type == T_CNAME) { - foundcname = 1; - if (FOLLOWCNAME(type)) { - new_dnamep = (char *)dp->d_data; - } - } - if ((n = make_rr(*dnamep, dp, (u_char *)cp, - buflen, 1, - dnptrs, dnptrs_end, 0)) < 0) { - hp->tc = 1; - ret = *lenp - buflen; - goto done; - } - if (dp->d_secure != DB_S_SECURE) - hp->ad = 0; - cp += n; - buflen -= n; - count++; - } - - /* now do the SIG record rotation. */ - if (sig_count > 0) { - choice = ((u_int)rand()>>3) % sig_count; - choice += first_sig; - i = choice; - do { - dp = found[i]; - if ((n = make_rr(*dnamep, dp, - (u_char *)cp, - buflen, 1, - dnptrs, - dnptrs_end, 0)) < 0) { - hp->tc = 1; - ret = *lenp - buflen; - goto done; - } - if (dp->d_secure != DB_S_SECURE) - hp->ad = 0; - cp += n; - buflen -= n; - count++; - i++; - if (i >= found_count) - i = first_sig; - } while (i != choice); - } - - break; - - default: - ns_warning(ns_log_default, "finddata: unknown ordering: %d", - order); - break; - } - } - - if (new_dnamep != NULL) - *dnamep = new_dnamep; - - ns_debug(ns_log_default, 3, "finddata: added %d class %d type %d RRs", - count, class, type); - ret = *lenp - buflen; - done: - if (found != NULL) - memput(found, (stalecount + 1) * sizeof *found); - if (tmpfound != NULL) - memput(tmpfound, (stalecount + 1) * sizeof *tmpfound); - *countp = count; - return (ret); -} - -/* - * Do we want this data record based on the class and type? - */ -static int -wanted(const struct databuf *dp, int class, int type) { - const u_char *cp; - int coveredType; - time_t expiration; -#ifdef DEBUG - char pclass[15], ptype[15]; -#endif - -#ifdef DEBUG - strcpy(pclass, p_class(class)); - strcpy(ptype, p_type(type)); - ns_debug(ns_log_default, 3, "wanted(%p, %s %s) [%s %s]", - dp, pclass, ptype, - p_class(dp->d_class), p_type(dp->d_type)); -#endif - - if (dp->d_class != class && class != C_ANY) - return (0); - /* - * Must check SIG for expiration below, other matches - * return OK here. - */ - if (type == dp->d_type && (type != T_SIG)) - return (1); - /* For a T_ANY query, we do not want to return -ve $ed RRs. */ - if (type == T_ANY && dp->d_rcode == NOERROR_NODATA) - return (0); - - /* First, look at the type of RR. */ - switch (dp->d_type) { - - /* Cases to deal with: - T_ANY search, return all unexpired SIGs. - T_SIG search, return all unexpired SIGs. - T_<foo> search, return all unexp SIG <FOO>s. - */ - case T_SIG: - cp = dp->d_data; - GETSHORT(coveredType, cp); - cp += INT16SZ + INT32SZ; /* skip alg, labels, & orig TTL */ - GETLONG(expiration,cp); - - if (type == T_ANY || type == T_SIG) { - if (expiration > time(0)) - return (1); /* Unexpired matching SIG */ - } - return (0); /* We don't return this SIG. */ - - case T_ANY: - return (1); - case T_CNAME: - if (dp->d_rcode != NOERROR_NODATA) - return (1); - else - break; - } - /* OK, now look at the type of query. */ - if (type == ns_t_any) - return (1); - else if (type == ns_t_mailb) - switch (dp->d_type) { - case T_MR: - case T_MB: - case T_MG: - case T_MINFO: - return (1); - } - else if (ns_t_xfr_p(type)) { - /* - * This is used to validate transfer requests, not - * generate transfer responses. Is there an SOA? - */ - if (dp->d_type == ns_t_soa && dp->d_zone != DB_Z_CACHE - && (zones[dp->d_zone].z_flags & Z_AUTH)) - return (1); - } - return (0); -} - -static int -wantedsig(const struct databuf *dp, int class, int type) { - const u_char *cp; - int coveredType; - time_t expiration; -#ifdef DEBUG - char pclass[15], ptype[15]; -#endif - -#ifdef DEBUG - strcpy(pclass, p_class(class)); - strcpy(ptype, p_type(type)); - ns_debug(ns_log_default, 3, "wantedtsig(%p, %s %s) [%s %s]", - dp, pclass, ptype, - p_class(dp->d_class), p_type(dp->d_type)); -#endif - - if (dp->d_class != class && class != C_ANY) - return (0); - if (dp->d_type != T_SIG || dp->d_rcode != 0) - return (0); - - cp = dp->d_data; - GETSHORT(coveredType, cp); - cp += INT16SZ + INT32SZ; /* skip alg, labels, & orig TTL */ - GETLONG(expiration,cp); - if (expiration < time(0)) - return (0); - - if (type == T_ANY || type == T_SIG || type == coveredType) - return (1); - if (type == ns_t_mailb) { - switch (coveredType) { - case T_MR: - case T_MB: - case T_MG: - case T_MINFO: - return (1); - } - } - return (0); -} - -/* - * Add RR entries from dpp array to a query/response. - * Return the number of bytes added or negative the amount - * added if truncation occured. Typically you are - * adding NS records to a response. - */ -int -add_data(struct namebuf *np, struct databuf **dpp, - u_char *cp, int buflen, int *countp) -{ - struct databuf *dp; - char dname[MAXDNAME]; - int n, bytes; - - bytes = *countp = 0; - getname(np, dname, sizeof(dname)); - for (dp = *dpp++; dp != NULL; dp = *dpp++) { - if (stale(dp)) - continue; /* ignore old cache entry */ - if (dp->d_rcode) - continue; - if ((n = make_rr(dname, dp, cp, buflen, 1, - dnptrs, dnptrs_end, 0)) < 0) - return (-bytes); /* Truncation */ - cp += n; - buflen -= n; - bytes += n; - (*countp)++; - } - return (bytes); -} - -static void -rrsetadd(struct flush_set *flushset, const char *name, struct databuf *dp) { - struct flush_set *fs = flushset; - struct db_list *dbl; - - while (fs->fs_name && ( - ns_samename(fs->fs_name,name) != 1 || - (fs->fs_class != dp->d_class) || - (fs->fs_type != dp->d_type) || - (fs->fs_cred != dp->d_cred))) { - fs++; - } - if (!fs->fs_name) { - fs->fs_name = savestr(name, 1); - fs->fs_class = dp->d_class; - fs->fs_type = dp->d_type; - fs->fs_cred = dp->d_cred; - fs->fs_list = NULL; - fs->fs_last = NULL; - } - dbl = (struct db_list *)memget(sizeof(struct db_list)); - if (!dbl) - panic("rrsetadd: out of memory", NULL); - dbl->db_next = NULL; - dbl->db_dp = dp; - DRCNTINC(dbl->db_dp); - if (fs->fs_last == NULL) - fs->fs_list = dbl; - else - fs->fs_last->db_next = dbl; - fs->fs_last = dbl; -} - -static int -ttlcheck(const char *name, struct db_list *dbl, int update) { - int type = dbl->db_dp->d_type; - int class = dbl->db_dp->d_class; - struct hashbuf *htp = hashtab; - const char *fname; - struct namebuf *np; - struct db_list *dbp = dbl; - struct databuf *dp; - u_int32_t ttl = 0; /* Make gcc happy. */ - int first; - - - np = nlookup(name, &htp, &fname, 0); - if (np == NULL || fname != name || ns_wildcard(NAME(*np))) - return (1); - - /* check that all the ttl's we have are the same, if not return 1 */ - first = 1; - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (!match(dp, class, type)) - continue; - if (first) { - /* we can't update zone data so return early */ - if (dp->d_zone != DB_Z_CACHE) - return (0); - ttl = dp->d_ttl; - first = 0; - } else if (ttl != dp->d_ttl) - return (1); - } - - /* there are no records of this type in the cache */ - if (first) - return(1); - - /* - * the ttls of all records we have in the cache are the same - * if the ttls differ in the new set we don't want it. - */ - - /* check that all the ttl's we have are the same, if not return 0 */ - first = 1; - while (dbp) { - if (first) { - ttl = dbp->db_dp->d_ttl; - first = 0; - } else if (ttl != dbp->db_dp->d_ttl) { - return(0); - } - dbp = dbp->db_next; - } - - /* update ttl if required */ - if (update) { - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (!match(dp, class, type)) - continue; - if (dp->d_ttl > ttl) - break; - dp->d_ttl = ttl; - fixttl(dp); - } - } - - return(1); -} - -/* - * lookup rrset in table and compare to dbl - * tri state result - * -1: lookup failed - * 0: rrsets same - * 1: rrsets differ - */ - -static int -rrsetcmp(char * name, struct db_list * dbl, struct hashbuf * table) { - int type = dbl->db_dp->d_type; - int class = dbl->db_dp->d_class; - struct hashbuf *htp = table; - const char *fname; - struct namebuf *np; - struct db_list *dbp = dbl; - struct databuf *dp; - int exists = 0; - - - np = nlookup(name, &htp, &fname, 0); - if (np == NULL || fname != name || ns_wildcard(NAME(*np))) { - ns_debug(ns_log_default, 3, "rrsetcmp: name not in database"); - return (-1); - } - - /* check that all entries in dbl are in the cache */ - while (dbp) { - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (!match(dp, class, type)) - continue; - exists = 1; - if (!db_cmp(dp, dbp->db_dp) -#ifdef NOADDITIONAL - && ((dp->d_cred == dbp->db_dp->d_cred) || - (dp->d_cred != DB_C_ADDITIONAL)) -#endif - ) - break; - } - if (!dp) { - ns_debug(ns_log_default, 3, - "rrsetcmp: %srecord%s in database", - exists ? "" : "no ", exists ? " not" : "s"); - return (exists ? 1 : -1); - } - dbp = dbp->db_next; - } - - /* Check that all cache entries are in the list. */ - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (!match(dp, class, type)) - continue; -#ifdef NCACHE - if (dp->d_rcode) - return (1); -#endif - dbp = dbl; - while (dbp) { - if (!db_cmp(dp, dbp->db_dp)) - break; - dbp = dbp->db_next; - } - if (!dbp) { - ns_debug(ns_log_default, 3, - "rrsetcmp: record not in rrset"); - return (1); - } - } - ns_debug(ns_log_default, 3, "rrsetcmp: rrsets matched"); - return (0); -} - -/* - * verify incoming answer against what we already have in the hints - * issue warnings / errors if differences detected. - */ - -static void -check_hints(struct flush_set * flushset) { - struct zoneinfo *zp; - struct flush_set *fs; - struct db_list *dbp; - - /* We don't use hints when in forward only mode */ - if (NS_OPTION_P(OPTION_FORWARD_ONLY)) - return; - - /* find "." NS rrset and hence class */ - for (fs = flushset; fs->fs_name != NULL; fs++) { - if ((fs->fs_name[0] != '\0') || (fs->fs_type != ns_t_ns)) - continue; - - /* see if we are a root server */ - zp = find_zone(fs->fs_name, fs->fs_class); - if (zp != NULL && - (zp->z_type == z_master || zp->z_type == z_slave)) - return; - switch (rrsetcmp(fs->fs_name, fs->fs_list, fcachetab)) { - case -1: - ns_error(ns_log_default, - "check_hints: no NS records for class %d in hints", - fs->fs_class); - break; - case 1: - ns_warning(ns_log_default, - "check_hints: root NS list in hints for class %d does not match root NS list", - fs->fs_class); - break; - case 0: - break; - default: - ns_error(ns_log_default, - "check_hints: unexpected response from rrsetcmp"); - break; - } - break; - } - - if (fs->fs_name == NULL) /* no root NS records */ - return; - - dbp = fs->fs_list; - while (dbp) { - /* for each NS find A rrset in answer and check */ - for (fs = flushset; fs->fs_name != NULL; fs++) { - if (ns_samename(fs->fs_name, (char *)dbp->db_dp->d_data) != 1 - || fs->fs_type != ns_t_a) - continue; - switch (rrsetcmp(fs->fs_name, fs->fs_list, fcachetab)) { - case -1: - ns_error(ns_log_default, - "check_hints: no A records for %s class %d in hints", - fs->fs_name[0] ? fs->fs_name : ".", - fs->fs_class); - break; - case 1: - ns_warning(ns_log_default, - "check_hints: A records for %s class %d do not match hint records", - fs->fs_name[0] ? fs->fs_name : ".", - fs->fs_class); - break; - case 0: - break; - default: - ns_error(ns_log_default, - "check_hints: unexpected response from rrsetcmp"); - break; - } - break; - } - - if (fs->fs_name == NULL) - ns_debug(ns_log_default, 2, - "check_hints: no A records for %s", - dbp->db_dp->d_data); - - dbp = dbp->db_next; - } -} - -static void -rrsetupdate(struct flush_set * flushset, int flags, struct sockaddr_in from, - int updatettl) { - struct flush_set *fs = flushset; - struct db_list *dbp, *odbp; - int n; - void *state = NULL; - - while (fs->fs_name) { - ns_debug(ns_log_default, 2, "rrsetupdate: %s", - fs->fs_name[0] ? fs->fs_name : "."); - if ((n = rrsetcmp(fs->fs_name, fs->fs_list, hashtab)) && - ttlcheck(fs->fs_name, fs->fs_list, 0)) { - if (n > 0) - flushrrset(fs, from); - - dbp = fs->fs_list; - while (dbp) { - n = db_set_update(fs->fs_name, dbp->db_dp, - &state, flags, - &hashtab, from, NULL, - 0, NULL); - ns_debug(ns_log_default, 3, - "rrsetupdate: %s %d", - fs->fs_name[0] ? fs->fs_name : ".", - n); - odbp = dbp; - dbp = dbp->db_next; - db_detach(&odbp->db_dp); - memput(odbp, sizeof *odbp); - } - ns_debug(ns_log_default, 3, - "rrsetupdate: %s %d", - fs->fs_name[0] ? fs->fs_name : ".", n); - } else { - if ((n == 0) && updatettl) - (void)ttlcheck(fs->fs_name,fs->fs_list, 1); - dbp = fs->fs_list; - while (dbp) { - db_detach(&dbp->db_dp); - odbp = dbp; - dbp = dbp->db_next; - memput(odbp, sizeof *odbp); - } - } - fs->fs_list = NULL; - fs++; - } - n = db_set_update(NULL, NULL, &state, flags, &hashtab, from, - NULL, 0, NULL); -} - -static void -flushrrset(struct flush_set * fs, struct sockaddr_in from) { - struct databuf *dp; - int n; - - ns_debug(ns_log_default, 2, "flushrrset(%s, %s, %s, %d)", - fs->fs_name[0]?fs->fs_name:".", p_type(fs->fs_type), - p_class(fs->fs_class), fs->fs_cred); - dp = savedata(fs->fs_class, fs->fs_type, 0, NULL, 0); - dp->d_zone = DB_Z_CACHE; - dp->d_cred = fs->fs_cred; - dp->d_clev = 0; - do { - n = db_update(fs->fs_name, dp, NULL, NULL, DB_DELETE, hashtab, - from); - ns_debug(ns_log_default, 3, "flushrrset: %d", n); - } while (n == OK); - db_detach(&dp); -} - -static void -free_flushset(struct flush_set *flushset, int flushset_size) { - struct flush_set *fs; - struct db_list *dbl; - - for (fs = flushset; fs->fs_name != NULL; fs++) { - fs->fs_name = freestr(fs->fs_name); - while ((dbl = fs->fs_list) != NULL) { - fs->fs_list = dbl->db_next; - dbl->db_next = NULL; - db_detach(&dbl->db_dp); - memput(dbl, sizeof(*dbl)); - } - } - memput(flushset, flushset_size); -} - -/* - * This is best thought of as a "cache invalidate" function. - * It is called whenever a piece of data is determined to have - * become invalid either through a timeout or a validation - * failure. It is better to have no information, than to - * have partial information you pass off as complete. - */ -void -delete_all(struct namebuf *np, int class, int type) { - struct databuf *dp, *pdp; - - ns_debug(ns_log_default, 3, "delete_all(%p:\"%s\" %s %s)", - np, NAME(*np), p_class(class), p_type(type)); - pdp = NULL; - dp = np->n_data; - while (dp != NULL) { - if (dp->d_zone == DB_Z_CACHE && (dp->d_flags & DB_F_HINT) == 0 - && match(dp, class, type)) { - dp = rm_datum(dp, np, pdp, NULL); - continue; - } - pdp = dp; - dp = dp->d_next; - } -} - -/* delete_stale(np) - * for all RRs associated with this name, check for staleness (& delete) - * arguments: - * np = pointer to namebuf to be cleaned. - * returns: - * number of RRs associated with this name. - * side effects: - * delete_all() can be called, freeing memory and relinking chains. - */ -int -delete_stale(np) - struct namebuf *np; -{ - struct databuf *dp; - int count; - again: - count = 0; - for (dp = np->n_data; dp != NULL; dp = dp->d_next) { - if (dp->d_zone == DB_Z_CACHE && stale(dp)) { - delete_all(np, dp->d_class, dp->d_type); - goto again; - } - count++; - } - return (count); -} - - -/* - * Adjust answer message so that it fits in outlen. Set tc if required. - * - * If outlen = msglen, can be used to verify qdcount, ancount, nscount - * and arcount. - * - * return new length - */ - -int -trunc_adjust(u_char *msg, int msglen, int outlen) { - register HEADER *hp; - u_int qdcount, ancount, nscount, arcount, dlen; - u_char *cp = msg, *cp1, *eom_in, *eom_out; - int n; - - eom_in = msg + msglen; - eom_out = msg + outlen; - - hp = (HEADER *)msg; - qdcount = ntohs(hp->qdcount); - ancount = ntohs(hp->ancount); - nscount = ntohs(hp->nscount); - arcount = ntohs(hp->arcount); - cp += HFIXEDSZ; - - while ((qdcount || ancount || nscount || arcount) && - cp < eom_in && cp < eom_out) { - - cp1 = cp; /* use temporary in case we break */ - - n = dn_skipname(cp1, eom_in); - if (n < 0) - break; - cp1 += n + 2 * INT16SZ; /* type, class */ - - if (!qdcount) { - cp1 += INT32SZ; /* ttl */ - if (cp1 + INT16SZ > eom_in) - break; - GETSHORT(dlen, cp1); - cp1 += dlen; - } - - if (cp1 > eom_in || cp1 > eom_out) - break; - - cp = cp1; - - if (qdcount) - qdcount--; - else if (ancount) - ancount--; - else if (nscount) - nscount--; - else - arcount--; - } - - if (qdcount || ancount || nscount || arcount) { - ns_debug(ns_log_default, 1, - "trunc_adjust:%s %d %d %d %d %d, %d %d %d %d %d", - hp->tc?" tc":"", msglen, - ntohs(hp->qdcount), ntohs(hp->ancount), - ntohs(hp->nscount), ntohs(hp->arcount), - cp-msg, qdcount, ancount, nscount, arcount); - hp->tc = 1; - hp->qdcount = htons(ntohs(hp->qdcount) - qdcount); - hp->ancount = htons(ntohs(hp->ancount) - ancount); - hp->nscount = htons(ntohs(hp->nscount) - nscount); - hp->arcount = htons(ntohs(hp->arcount) - arcount); - } - ENSURE(cp <= eom_out); - return (cp - msg); -} - -/* - * mark the server "from" bad in the qp structure so it won't be retried. - */ -static int -mark_noedns(struct qinfo *qp, struct sockaddr_in from, int cache) { - int i; - - for (i = 0; i < (int)qp->q_naddr; i++) - if (ina_equal(qp->q_addr[i].ns_addr.sin_addr, from.sin_addr)) { - if (qp->q_addr[i].noedns) - return (1); - if (qp->q_addr[i].nsdata && cache) - qp->q_addr[i].nsdata->d_noedns = 1; - qp->q_addr[i].noedns = 1; - break; - } - return (0); -} - -static void -mark_bad(struct qinfo *qp, struct sockaddr_in from) { - int i; - - for (i = 0; i < (int)qp->q_naddr; i++) - if (ina_equal(qp->q_addr[i].ns_addr.sin_addr, from.sin_addr)) - qp->q_addr[i].nretry = MAXRETRY; -} - -static void -mark_lame(struct qinfo *qp, struct sockaddr_in from) { - int i; - - for (i = 0; i < (int)qp->q_naddr; i++) - if (ina_equal(qp->q_addr[i].ns_addr.sin_addr, from.sin_addr) && - qp->q_addr[i].ns != NULL) { - qp->q_addr[i].ns->d_flags |= DB_F_LAME; - db_lame_add(qp->q_domain, - (char*)qp->q_addr[i].ns->d_data, - tt.tv_sec + server_options->lame_ttl); - } -} - -/* - * Retry the message if and only if from matches where the query was - * last sent to. The code does not handle responses sent from the - * wrong interface an a multihomed server. - */ -static void -fast_retry(struct qinfo *qp, struct sockaddr_in from, int samehost) { - if (ina_equal(qp->q_addr[qp->q_curaddr].ns_addr.sin_addr, - from.sin_addr)) - retry(qp, samehost); -} - -static void -add_related_additional(char *name) { - int i; - - if (num_related >= MAX_RELATED - 1) - return; - for (i = 0; i < num_related; i++) - if (ns_samename(name, related[i]) == 1) { - (void)freestr(name); - return; - } - related[num_related++] = name; -} - -static void -free_related_additional() { - int i; - - for (i = 0; i < num_related; i++) - related[i] = freestr(related[i]); - num_related = 0; -} - -static int -related_additional(char *name) { - int i; - - for (i = 0; i < num_related; i++) - if (ns_samename(name, related[i]) == 1) - return (1); - return (0); -} - -static void -freestr_maybe(char **tname) { - if (tname == NULL || *tname == NULL) - return; - *tname = freestr(*tname); -} - -/* - * Match a request namebuf against the configured rrset-order info. First - * match wins. There is an implicit '*.' at the front to the ordering names. - */ -static enum ordering -match_order(const struct namebuf *np, int class, int type) { - rrset_order_list orders = server_options->ordering; - rrset_order_element roe; - - if (orders == NULL) - return (DEFAULT_ORDERING); - - for (roe = orders->first ; roe != NULL ; roe = roe->next) { - if (roe->class != C_ANY && roe->class != class) - continue; - if (roe->type != T_ANY && roe->type != type) - continue; - - if (match_name(np, roe->name, strlen(roe->name)) == 0) { - return (roe->order); - } - } - - /* none matched so use default */ - return (DEFAULT_ORDERING); -} - -/* Do a simple compare of the NP data against the given NAME, recursively - * looking at the NP parent if necessary. NAMELEN is the length of the NAME - * that needs to be matched. Matching happen from right to left. Returns -1 - * on failure, on success the index of the first character of the matched - * portion of the string is returned. In the first level call a return - * value of 0 is of interest. - */ -static int -match_name(const struct namebuf *np, const char *name, size_t namelen) -{ - int matched ; - - if (name[0] == '*' && name[1] == '\0') - return 0; - - if (np->n_parent != NULL) { /* recurse to end of np list */ - matched = match_name(np->n_parent,name,namelen); - } else { - matched = namelen; - } - - if (matched > 0) { - int labellen = NAMELEN(*np); - char pch; - const char *start; - - if (labellen > matched) { - return -1; - } else if (labellen < matched) { - /* string is longer than this namebuf's data, so - make sure there's a period before the end of the - match so we don't just match a suffix. */ - start = name + (matched - labellen); - pch = start[-1]; - if (pch != '.') { - return -1; - } - } else { - start = name ; - } - - if (strncasecmp(start, NAME(*np), labellen) == 0) { - /* looking good. tell our caller what portion of - the tail of string has been matched */ - if (start == name) - return (0) ; - else - return (start - name - 1); /* matched '.' too */ - } else { - return (-1); - } - } - - return (matched); -} - diff --git a/contrib/bind/bin/named/ns_signal.c b/contrib/bind/bin/named/ns_signal.c deleted file mode 100644 index a8a957d..0000000 --- a/contrib/bind/bin/named/ns_signal.c +++ /dev/null @@ -1,297 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static const char rcsid[] = "$Id: ns_signal.c,v 8.15 2002/05/18 01:39:15 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1989, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* Import. */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/file.h> -#include <sys/stat.h> -#include <sys/wait.h> -#include <sys/ioctl.h> -#include <sys/socket.h> -#ifdef SVR4 /* XXX */ -# include <sys/sockio.h> -#else -#ifndef __hpux -# include <sys/mbuf.h> -#endif -#endif - -#include <netinet/in.h> -#include <net/route.h> -#include <net/if.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <errno.h> -#include <fcntl.h> -#include <grp.h> -#include <stdio.h> -#include <stdlib.h> -#include <signal.h> -#include <netdb.h> -#include <pwd.h> -#include <resolv.h> -#include <string.h> -#include <syslog.h> -#include <time.h> -#include <unistd.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/list.h> - -#include "port_after.h" -#include "named.h" - -/* Forward. */ - -static SIG_FN onhup(int); -static SIG_FN onintr(int); -static SIG_FN setdumpflg(int); -static SIG_FN setIncrDbgFlg(int); -static SIG_FN setNoDbgFlg(int); -static SIG_FN setQrylogFlg(int); -static SIG_FN setstatsflg(int); -static SIG_FN discard_pipe(int); -static SIG_FN setreapflg(int); - -/* Data. */ - -static struct { - int sig; - SIG_FN (*hand)(int); -} sighandlers[] = { -#ifdef DEBUG - { SIGUSR1, setIncrDbgFlg }, - { SIGUSR2, setNoDbgFlg }, -#endif -#if defined(SIGWINCH) && defined(QRYLOG) - { SIGWINCH, setQrylogFlg }, -#endif -#if defined(SIGXFSZ) - { SIGXFSZ, onhup }, /* Wierd DEC Hesiodism, harmless. */ -#endif - { SIGINT, setdumpflg }, - { SIGILL, setstatsflg }, - { SIGHUP, onhup }, - { SIGCHLD, setreapflg }, - { SIGPIPE, discard_pipe }, - { SIGTERM, onintr } -}; - -static sigset_t mask; -static int blocked = 0; - -/* Private. */ - -static SIG_FN -onhup(int sig) { - - UNUSED(sig); - - ns_need_unsafe(main_need_reload); -} - -static SIG_FN -onintr(int sig) { - - UNUSED(sig); - - ns_need_unsafe(main_need_exit); -} - -static SIG_FN -setdumpflg(int sig) { - - UNUSED(sig); - - ns_need_unsafe(main_need_dump); -} - -#ifdef DEBUG -static SIG_FN -setIncrDbgFlg(int sig) { - - UNUSED(sig); - - desired_debug++; - ns_need_unsafe(main_need_debug); -} - -static SIG_FN -setNoDbgFlg(int sig) { - - UNUSED(sig); - - desired_debug = 0; - ns_need_unsafe(main_need_debug); -} -#endif /*DEBUG*/ - -#if defined(QRYLOG) && defined(SIGWINCH) -static SIG_FN -setQrylogFlg(int sig) { - - UNUSED(sig); - - ns_need_unsafe(main_need_qrylog); -} -#endif /*QRYLOG && SIGWINCH*/ - -static SIG_FN -setstatsflg(int sig) { - - UNUSED(sig); - - ns_need_unsafe(main_need_statsdump); -} - -static SIG_FN -discard_pipe(int sig) { -#ifdef SIGPIPE_ONE_SHOT - int saved_errno = errno; - struct sigaction sa; - - UNUSED(sig); - - memset(&sa, 0, sizeof sa); - sa.sa_mask = mask; - sa.sa_handler = discard_pipe; - if (sigaction(SIGPIPE, &sa, NULL) < 0) - ns_error(ns_log_os, "sigaction failed in discard_pipe: %s", - strerror(errno)); - errno = saved_errno; -#else - UNUSED(sig); -#endif -} - -static SIG_FN -setreapflg(int sig) { - - UNUSED(sig); - - ns_need_unsafe(main_need_reap); -} - -/* Public. */ - -void -init_signals(void) { - size_t sh; - - /* The mask of all our handlers will block all our other handlers. */ - (void)sigemptyset(&mask); - for (sh = 0; sh < sizeof sighandlers / sizeof sighandlers[0]; sh++) - sigaddset(&mask, sighandlers[sh].sig); - - /* Install our signal handlers with that shared mask. */ - for (sh = 0; sh < sizeof sighandlers / sizeof sighandlers[0]; sh++) { - struct sigaction sa; - - memset(&sa, 0, sizeof sa); - sa.sa_mask = mask; - sa.sa_handler = sighandlers[sh].hand; - if (sigaction(sighandlers[sh].sig, &sa, NULL) < 0) - ns_error(ns_log_os, - "sigaction failed in set_signal_handler(%d): %s", - sighandlers[sh].sig, strerror(errno)); - } - /* Unblock all signals that we expect to handle. */ - if (sigprocmask(SIG_UNBLOCK, &mask, NULL) < 0) - ns_panic(ns_log_os, 1, "sigblock failed: %s", strerror(errno)); -} - -void -block_signals(void) { - INSIST(!blocked); - if (sigprocmask(SIG_BLOCK, &mask, NULL) < 0) - ns_panic(ns_log_os, 1, "sigblock failed: %s", strerror(errno)); - blocked = 1; -} - -void -unblock_signals(void) { - INSIST(blocked); - if (sigprocmask(SIG_UNBLOCK, &mask, NULL) < 0) - ns_panic(ns_log_os, 1, "sigblock failed: %s", strerror(errno)); - blocked = 0; -} diff --git a/contrib/bind/bin/named/ns_sort.c b/contrib/bind/bin/named/ns_sort.c deleted file mode 100644 index 6489c4d..0000000 --- a/contrib/bind/bin/named/ns_sort.c +++ /dev/null @@ -1,414 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_sort.c 4.10 (Berkeley) 3/3/91"; -static const char rcsid[] = "$Id: ns_sort.c,v 8.8 2001/09/25 04:50:22 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986, 1990 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Sorting should really be handled by the resolver, but: - * 1) There are too many brain dead resolvers out there that can't be replaced. - * 2) It would be a pain to individually configure all those resolvers anyway. - * - * Here's the scoop: - * - * To enable address sorting in responses, you need to supply the sortlist - * statement in the config file. The sortlist statement takes an - * address match list and interprets it even more specially than the - * topology statement does. - * - * Each top level statement in the sortlist must itself be an explicit - * address match list with one or two elements. The first element - * (which may be an IP address, an IP prefix, an ACL name or nested - * address match list) of each top level list is checked against the - * source address of the query until a match is found. - * - * Once the source address of the query has been matched, if the top level - * statement contains only one element, the actual primitive element that - * matched the source address is used to select the address in the response - * to move to the beginning of the response. If the statement is a list - * of two elements, then the second element is treated like the address - * match list in a topology statement. Each top level element is assigned - * a distance and the address in the response with the minimum distance is - * moved to the beginning of the response. - * - * In the following example, any queries received from any of the addresses - * of the host itself will get responses preferring addresses on any of - * the locally connected networks. Next most preferred are addresses on - * the 192.168.1/24 network, and after that either the 192.168.2/24 or - * 192.168.3/24 network with no preference shown between these two networks. - * Queries received from a host on the 192.168.1/24 network will prefer - * other addresses on that network to the 192.168.2/24 and 192.168.3/24 - * networks. Queries received from a host on the 192.168.4/24 or the - * 192.168.5/24 network will only prefer other addresses on their - * directly connected networks. - * - * sortlist { - * { - * localhost; - * { - * localnets; - * 192.168.1/24; - * { 192,168.2/24; 192.168.3/24; }; - * }; - * }; - * { - * 192.168.1/24; - * { - * 192.168.1/24; - * { 192.168.2/24; 192.168.3/24; }; - * }; - * }; - * { - * 192.168.2/24; - * { - * 192.168.2/24; - * { 192.168.1/24; 192.168.3/24; }; - * }; - * }; - * { - * 192.168.3/24; - * { - * 192.168.3/24; - * { 192.168.1/24; 192.168.2/24; }; - * }; - * }; - * { - * { 192.168.4/24; 192.168.5/24; }; - * }; - * }; - * - * - * The following example will give reasonable behaviour for the local host - * and hosts on directly connected networks. It is similar to the behavior - * of the address sort in BIND 4.9.x. Responses sent to queries from the - * local host will favor any of the directly connected networks. Responses - * sent to queries from any other hosts on a directly connected network will - * prefer addresses on that same network. Responses to other queries will - * not be sorted. - * - * sortlist { - * { localhost; localnets; }; - * { localnets; }; - * }; - * - * XXX - it wouldb e nice to have an ACL called "source" that matched the - * source address of a query so that a host could be configured to - * automatically prefer itself, and an ACL called "sourcenet", that - * would return the primitive IP match element that matched the source - * address so that you could do: - * { localnets; { sourcenet; { other stuff ...}; }; - * and automatically get similar behaviour to what you get with: - * { localnets; }; - * - */ - -#include "port_before.h" - -#include <sys/param.h> -#include <sys/types.h> -#include <sys/socket.h> -#include <sys/file.h> -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> -#include <stdio.h> -#include <syslog.h> -#include <resolv.h> -#include <string.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> - -#include "port_after.h" - -#include "named.h" - -static int sort_rr(u_char *cp, u_char *eom, int ancount, ip_match_list iml); - -static int ip_match_address_elt(ip_match_list, struct in_addr, - ip_match_element *); - -void -sort_response(u_char *cp, u_char *eom, int ancount, struct sockaddr_in *from) { - struct in_addr address; - struct ip_match_element imelement; - ip_match_element imetl, imematch, imeprimitive; - struct ip_match_list imlist; - ip_match_list iml; - int indirect, matched; - - if (server_options->sortlist == NULL) - return; - - if (from->sin_family != AF_INET) - return; - - address = from->sin_addr; - - for (imetl = server_options->sortlist->first; imetl != NULL; - imetl = imetl->next) { - if (imetl->type == ip_match_indirect) - imematch = imetl->u.indirect.list->first; - else - /* - * allow a bare pattern as a top level statement - * and treat it like {pattern;}; - */ - imematch = imetl; - - switch (imematch->type) { - case ip_match_pattern: - indirect = 0; - break; - case ip_match_indirect: - indirect = 1; - break; - case ip_match_localhost: - imematch->u.indirect.list = local_addresses; - indirect = 1; - break; - case ip_match_localnets: - imematch->u.indirect.list = local_networks; - indirect = 1; - break; - default: - indirect = 0; - panic("unexpected ime type in ip_match_address()", - NULL); - } - if (indirect) { - imeprimitive = NULL; - matched = ip_match_address_elt(imematch->u.indirect.list, - address, &imeprimitive); - if (matched >= 0) { - if (imematch->flags & IP_MATCH_NEGATE) - /* Don't sort */ - return; - } else - continue; - } else { - if (ina_onnet(address, imematch->u.direct.address, - imematch->u.direct.mask)) { - if (imematch->flags & IP_MATCH_NEGATE) - /* Don't sort */ - return; - else - imeprimitive = imematch; - } else - continue; - } - if (imetl != imematch && imematch->next != NULL) { - /* - * Not a bare pattern at the top level, but a two - * element list - */ - switch (imematch->next->type) { - case ip_match_pattern: - case ip_match_localhost: - case ip_match_localnets: - imelement = *(imematch->next); - imelement.next = NULL; - iml = &imlist; - iml->first = iml->last = &imelement; - break; - case ip_match_indirect: - iml = imematch->next->u.indirect.list; - break; - default: - iml = NULL; - panic("unexpected ime type in ip_match_address()", - NULL); - } - } else if (imeprimitive) { - imelement = *imeprimitive; - imelement.next = NULL; - iml = &imlist; - iml->first = iml->last = &imelement; - } else { - /* Don't sort because we'd just use "any" */ - return; - } - sort_rr(cp, eom, ancount, iml); - break; - } - - return; -} - -static int -sort_rr(u_char *cp, u_char *eom, int ancount, ip_match_list iml) { - int type, class, dlen, n, c, distance, closest = 0; - struct in_addr inaddr; - u_char *rr1 = NULL, *rrbest = NULL, *cpstart; - - rr1 = NULL; - cpstart = cp; - for (c = ancount; c > 0; --c) { - n = dn_skipname(cp, eom); - if (n < 0) - return (1); /* bogus, stop processing */ - cp += n; - if (cp + QFIXEDSZ > eom) - return (1); - GETSHORT(type, cp); - GETSHORT(class, cp); - cp += INT32SZ; - GETSHORT(dlen, cp); - if (dlen > eom - cp) - return (1); /* bogus, stop processing */ - switch (type) { - case T_A: - switch (class) { - case C_IN: - case C_HS: - memcpy((char *)&inaddr, cp, INADDRSZ); - /* Find the address with the minimum distance */ - if (rr1 == NULL) { - rr1 = cp; - rrbest = cp; - closest = distance_of_address(iml, inaddr); - } else { - distance = distance_of_address(iml, inaddr); - if (distance < closest) { - rrbest = cp; - closest = distance; - } - } - break; - } - break; - } - cp += dlen; - } - if (rr1 != rrbest && rr1 != NULL) { - memcpy((char *)&inaddr, rrbest, INADDRSZ); - memcpy(rrbest, rr1, INADDRSZ); - memcpy(rr1, (char *)&inaddr, INADDRSZ); - } - return (0); -} - -/* - * Just like ip_match_address(), but also returns a pointer to the primitive - * element that matched. - */ - -static int -ip_match_address_elt(ip_match_list iml, struct in_addr address, - ip_match_element *imep) { - ip_match_element ime; - int ret; - int indirect; - - INSIST(iml != NULL); - for (ime = iml->first; ime != NULL; ime = ime->next) { - switch (ime->type) { - case ip_match_pattern: - indirect = 0; - break; - case ip_match_indirect: - indirect = 1; - break; - case ip_match_localhost: - ime->u.indirect.list = local_addresses; - indirect = 1; - break; - case ip_match_localnets: - ime->u.indirect.list = local_networks; - indirect = 1; - break; - default: - indirect = 0; - panic("unexpected ime type in ip_match_address()", - NULL); - } - if (indirect) { - ret = ip_match_address_elt(ime->u.indirect.list, - address, imep); - if (ret >= 0) { - if (ime->flags & IP_MATCH_NEGATE) - ret = (ret) ? 0 : 1; - return (ret); - } - } else { - if (ina_onnet(address, ime->u.direct.address, - ime->u.direct.mask)) { - *imep = ime; - if (ime->flags & IP_MATCH_NEGATE) - return (0); - else - return (1); - } - } - } - return (-1); -} diff --git a/contrib/bind/bin/named/ns_stats.c b/contrib/bind/bin/named/ns_stats.c deleted file mode 100644 index 3c5abb1..0000000 --- a/contrib/bind/bin/named/ns_stats.c +++ /dev/null @@ -1,452 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char sccsid[] = "@(#)ns_stats.c 4.10 (Berkeley) 6/27/90"; -static const char rcsid[] = "$Id: ns_stats.c,v 8.34 2001/08/09 13:17:21 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1986 - * The Regents of the University of California. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * This product includes software developed by the University of - * California, Berkeley and its contributors. - * 4. Neither the name of the University nor the names of its contributors - * may be used to endorse or promote products derived from this software - * without specific prior written permission. - * - * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - */ - -/* - * Portions Copyright (c) 1993 by Digital Equipment Corporation. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Digital Equipment Corporation not be used in advertising or - * publicity pertaining to distribution of the document or software without - * specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL - * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT - * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <resolv.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/tree.h> - -#include "port_after.h" - -#ifdef HAVE_GETRUSAGE /* XXX */ -#include <sys/time.h> -#include <sys/resource.h> -#endif - -#include "named.h" - -static u_long typestats[T_ANY+1]; -static void nameserStats(FILE *); -static u_int32_t ns_stats_cnt = 0; -static int ns_stats_disabled = 0; - -void -ns_stats_dumpandclear() { - time_t timenow = time(NULL); - FILE *f; - - ns_stats(); - if (!(f = fopen(server_options->stats_filename, "a"))) { - ns_notice(ns_log_statistics, "cannot open stat file, \"%s\"", - server_options->stats_filename); - } - if (f != NULL) { - (void) fchown(fileno(f), user_id, group_id); - fprintf(f, "+++ Host Statistics Cleared +++ (%ld) %s", - (long)timenow, checked_ctime(&timenow)); - (void) my_fclose(f); - } - ns_freestats(); -} - -void -ns_stats() { - time_t timenow = time(NULL); - FILE *f; - int i; - - ns_notice(ns_log_statistics, "dumping nameserver stats"); - - if (!(f = fopen(server_options->stats_filename, "a"))) { - ns_notice(ns_log_statistics, "cannot open stat file, \"%s\"", - server_options->stats_filename); - return; - } - (void) fchown(fileno(f), user_id, group_id); - - fprintf(f, "+++ Statistics Dump +++ (%ld) %s", - (long)timenow, checked_ctime(&timenow)); - fprintf(f, "%ld\ttime since boot (secs)\n", - (long)(timenow - boottime)); - fprintf(f, "%ld\ttime since reset (secs)\n", - (long)(timenow - resettime)); - - /* query type statistics */ - fprintf(f, "%lu\tUnknown query types\n", (u_long)typestats[0]); - for (i = 1; i < T_ANY+1; i++) - fprintf(f, "%lu\t%s queries\n", typestats[i], p_type(i)); - - /* name server statistics */ - nameserStats(f); - - fprintf(f, "--- Statistics Dump --- (%ld) %s", - (long)timenow, checked_ctime(&timenow)); - (void) my_fclose(f); - - /* Now do the memory statistics file */ - if (!(f = fopen(server_options->memstats_filename, "a"))) { - ns_notice(ns_log_statistics, "cannot open memstat file, \"%s\"", - server_options->memstats_filename); - return; - } - (void) fchown(fileno(f), user_id, group_id); - - fprintf(f, "+++ Memory Statistics Dump +++ (%ld) %s", - (long)timenow, checked_ctime(&timenow)); - - fprintf(f, "%ld\ttime since boot (secs)\n", - (long)(timenow - boottime)); - fprintf(f, "%ld\ttime since reset (secs)\n", - (long)(timenow - resettime)); - - fprintf(f, "++ Memory Statistics ++\n"); - memstats(f); - fprintf(f, "-- Memory Statistics --\n"); - - fprintf(f, "--- Memory Statistics Dump --- (%ld) %s", - (long)timenow, checked_ctime(&timenow)); - (void) my_fclose(f); - - ns_notice(ns_log_statistics, "done dumping nameserver stats"); -} - -void -qtypeIncr(qtype) - int qtype; -{ - if (qtype < T_A || qtype > T_ANY) - qtype = 0; /* bad type */ - typestats[qtype]++; -} - -static tree *nameserTree; -static int nameserInit; - -static FILE *nameserStatsFile; -static const char *statNames[nssLast] = { - "RR", /* sent us an answer */ - "RNXD", /* sent us a negative response */ - "RFwdR", /* sent us a response we had to fwd */ - "RDupR", /* sent us an extra answer */ - "RFail", /* sent us a SERVFAIL */ - "RFErr", /* sent us a FORMERR */ - "RErr", /* sent us some other error */ - "RAXFR", /* sent us an AXFR */ - "RLame", /* sent us a lame delegation */ - "ROpts", /* sent us some IP options */ - "SSysQ", /* sent them a sysquery */ - "SAns", /* sent them an answer */ - "SFwdQ", /* fwdd a query to them */ - "SDupQ", /* sent them a retry */ - "SErr", /* sent failed (in sendto) */ - "RQ", /* sent us a query */ - "RIQ", /* sent us an inverse query */ - "RFwdQ", /* sent us a query we had to fwd */ - "RDupQ", /* sent us a retry */ - "RTCP", /* sent us a query using TCP */ - "SFwdR", /* fwdd a response to them */ - "SFail", /* sent them a SERVFAIL */ - "SFErr", /* sent them a FORMERR */ - "SNaAns", /* sent them a non autoritative answer */ - "SNXD", /* sent them a negative response */ - "RUQ", /* sent us an unapproved query */ - "RURQ", /* sent us an unapproved recursive query */ - "RUXFR", /* sent us an unapproved AXFR or IXFR */ - "RUUpd", /* sent us an unapproved update */ - }; - -/* - * Note that addresses in network byte order always have the high byte first. - * XXX - this is horribly IPv4 dependent, but it's performance critical. - */ -static int -nameserCompar(const tree_t t1, const tree_t t2) { - u_char *p1 = (u_char *)t1, *p2 = (u_char *)t2; - int i; - - for (i = INADDRSZ; i > 0; i--) { - u_char c1 = *p1++, c2 = *p2++; - - if (c1 < c2) - return (-1); - if (c1 > c2) - return (1); - } - return (0); -} - -struct nameser * -nameserFind(addr, flags) - struct in_addr addr; - int flags; -{ - struct nameser dummy; - struct nameser *ns; - - if (!nameserInit) { - tree_init(&nameserTree); - nameserInit++; - ns_stats_cnt = 0; - ns_stats_disabled = 0; - } - - dummy.addr = addr; - ns = (struct nameser *)tree_srch(&nameserTree, nameserCompar, - (tree_t)&dummy); - if (ns == NULL && (flags & NS_F_INSERT) != 0) { - if (server_options->max_host_stats != 0 && - ns_stats_cnt > server_options->max_host_stats) { - if (!ns_stats_disabled) - ns_notice(ns_log_statistics, - "ns_stats_disabled: %s reached", - "host-statistics-max"); - ns_stats_disabled = 1; - return (NULL); - } - ns = (struct nameser *)memget(sizeof(struct nameser)); - if (ns == NULL) { - nomem: if (!haveComplained((u_long)nameserFind, 0)) - ns_notice(ns_log_statistics, - "nameserFind: memget failed; %s", - strerror(errno)); - return (NULL); - } - memset(ns, 0, sizeof *ns); - ns->addr = addr; - if (!tree_add(&nameserTree, nameserCompar, (tree_t)ns, NULL)) { - int save = errno; - memput(ns, sizeof *ns); - errno = save; - goto nomem; - } - ns_stats_cnt++; - } - return (ns); -} - -static void -nameserStatsOut(f, stats) - FILE *f; - u_long stats[]; -{ - int i; - const char *pre = "\t"; - - for (i = 0; i < (int)nssLast; i++) { - fprintf(f, "%s%lu", pre, (u_long)stats[i]); - pre = ((i+1) % 5) ? " " : " "; - } - fputc('\n', f); -} - -static void -nameserStatsHdr(f) - FILE *f; -{ - int i; - const char *pre = "\t"; - - fprintf(f, "(Legend)\n"); - for (i = 0; i < (int)nssLast; i++) { - fprintf(f, "%s%s", pre, - statNames[i] ? statNames[i] : ""); - pre = ((i+1) % 5) ? "\t" : "\n\t"; - } - fputc('\n', f); -} - -static int -nameserStatsTravUAR(t) - tree_t t; -{ - struct nameser *ns = (struct nameser *)t; - - fprintf(nameserStatsFile, "[%s]\n", /* : rtt %u */ - inet_ntoa(ns->addr) /*, ns->rtt*/ ); - nameserStatsOut(nameserStatsFile, ns->stats); - return (1); -} - -static void -nameserStats(f) - FILE *f; -{ - nameserStatsFile = f; - fprintf(f, "++ Name Server Statistics ++\n"); - nameserStatsHdr(f); - fprintf(f, "(Global)\n"); - nameserStatsOut(f, globalStats); - if (NS_OPTION_P(OPTION_HOSTSTATS)) { - tree_trav(&nameserTree, nameserStatsTravUAR); - if (ns_stats_disabled) - fprintf(f, "++ Host Statistics Incomplete ++\n"); - } - fprintf(f, "-- Name Server Statistics --\n"); - nameserStatsFile = NULL; -} - -void -ns_logstats(evContext ctx, void *uap, struct timespec due, - struct timespec inter) -{ - char buffer[1024]; - char buffer2[32], header[128]; - time_t timenow = time(NULL); - int i; -#ifdef HAVE_GETRUSAGE - struct rusage usage, childu; -#endif /*HAVE_GETRUSAGE*/ - -#ifdef HAVE_GETRUSAGE -# define tv_float(tv) ((tv).tv_sec + ((tv).tv_usec / 1000000.0)) - - UNUSED(ctx); - UNUSED(uap); - UNUSED(due); - UNUSED(inter); - - getrusage(RUSAGE_SELF, &usage); - getrusage(RUSAGE_CHILDREN, &childu); - - /* - * Get around a stupid compiler bug in gcc on solaris. - * There is a problem if three or more doubles are passed to - * sprintf. - * <http://gcc.gnu.org/cgi-bin/gnatsweb.pl?cmd=view&pr=337&database=gcc> - */ - sprintf(buffer, "CPU=%gu/%gs CHILDCPU=", tv_float(usage.ru_utime), - tv_float(usage.ru_stime)); - sprintf(header, "%gu/%gs", tv_float(childu.ru_utime), - tv_float(childu.ru_stime)); - ns_info(ns_log_statistics, "USAGE %lu %lu %s%s", (u_long)timenow, - (u_long)boottime, buffer, header); -# undef tv_float -#endif /*HAVE_GETRUSAGE*/ - - sprintf(header, "NSTATS %lu %lu", (u_long)timenow, (u_long)boottime); - strcpy(buffer, header); - - for (i = 0; i < T_ANY+1; i++) { - if (typestats[i]) { - sprintf(buffer2, " %s=%lu", p_type(i), typestats[i]); - if (strlen(buffer) + strlen(buffer2) > - sizeof(buffer) - 1) { - ns_info(ns_log_statistics, "%s", buffer); - strcpy(buffer, header); - } - strcat(buffer, buffer2); - } - } - ns_info(ns_log_statistics, "%s", buffer); - - sprintf(header, "XSTATS %lu %lu", (u_long)timenow, (u_long)boottime); - strcpy(buffer, header); - for (i = 0; i < (int)nssLast; i++) { - sprintf(buffer2, " %s=%lu", - statNames[i]?statNames[i]:"?", (u_long)globalStats[i]); - if (strlen(buffer) + strlen(buffer2) > sizeof(buffer) - 1) { - ns_info(ns_log_statistics, "%s", buffer); - strcpy(buffer, header); - } - strcat(buffer, buffer2); - } - ns_info(ns_log_statistics, "%s", buffer); -} - -static void -nameserFree(void *uap) { - struct nameser *ns = uap; - - memput(ns, sizeof *ns); -} - -void -ns_freestats(void) { - if (nameserTree == NULL) - return; - tree_mung(&nameserTree, nameserFree); - nameserInit = 0; - ns_stats_cnt = 0; - ns_stats_disabled = 0; -} diff --git a/contrib/bind/bin/named/ns_udp.c b/contrib/bind/bin/named/ns_udp.c deleted file mode 100644 index 23f4377..0000000 --- a/contrib/bind/bin/named/ns_udp.c +++ /dev/null @@ -1,124 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_udp.c,v 8.9 2000/04/21 06:54:13 vixie Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/types.h> -#include <sys/param.h> -#include <sys/stat.h> -#include <sys/socket.h> -#include <sys/file.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <ctype.h> -#include <errno.h> -#include <netdb.h> -#include <nlist.h> -#include <resolv.h> -#include <stdio.h> -#include <syslog.h> -#include <time.h> -#include <unistd.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> - -#include "port_after.h" - -#include "named.h" - -void -ns_udp() { -#if defined(CHECK_UDP_SUM) || defined(FIX_UDP_SUM) - struct nlist nl[2]; - int fd; - int sum; - u_long res, offset; - - nl[0].n_name = UDPSUM; - nl[1].n_name = 0; - - if (nlist(KSYMS, nl)) { - ns_debug(ns_log_default, 1, "ns_udp: nlist (%s,%s) failed", - KSYMS, UDPSUM); - return; - } - - ns_debug(ns_log_default, 1, "ns_udp: %s %d %lu (%ld)", - nl[0].n_name, nl[0].n_type, nl[0].n_value, nl[0].n_value); - - if (!nl[0].n_type) - return; - - if ((fd = open(KMEM, O_RDWR, 0)) < 0) { - ns_debug(ns_log_default, 1, "ns_udp: open %s failed: %s", KMEM, - strerror(errno)); - return; - } - - offset = nl[0].n_value; -#ifdef KMAP - offset &= ((~0UL)>>1); -#endif - - res = lseek(fd, offset, SEEK_SET); - if (res != offset) { - ns_debug(ns_log_default, 1, "ns_udp: lseek %lu failed %lu: %s", - offset, res, strerror(errno)); - goto cleanup; - } - - if (read(fd, &sum, sizeof(sum)) != sizeof(sum)) { - ns_debug(ns_log_default, 1, "ns_udp: read failed: %s", - strerror(errno)); - goto cleanup; - } - - ns_debug(ns_log_default, 1, "ns_udp: %d", sum); - if (sum == 0) { -#ifdef FIX_UDP_SUM - sum = 1; - lseek(fd, offset, SEEK_SET); - if (res != offset) { - ns_debug(ns_log_default, 1, - "ns_udp: lseek %lu failed %lu: %s", - offset, res, strerror(errno)); - goto cleanup; - } - if (write(fd, &sum, sizeof(sum)) != sizeof(sum)) { - ns_debug(ns_log_default, 1, "ns_udp: write failed: %s", - strerror(errno)); - goto cleanup; - } - ns_warning(ns_log_default, "ns_udp: check sums turned on"); -#else - ns_panic(ns_log_default, 0, - "ns_udp: checksums NOT turned on, exiting"); -#endif - } -cleanup: - close(fd); -#endif -} diff --git a/contrib/bind/bin/named/ns_update.c b/contrib/bind/bin/named/ns_update.c deleted file mode 100644 index 1c88e25..0000000 --- a/contrib/bind/bin/named/ns_update.c +++ /dev/null @@ -1,3066 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_update.c,v 8.106 2002/07/19 22:44:07 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -/* - * Portions Copyright (c) 1999 by Check Point Software Technologies, Inc. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies, and that - * the name of Check Point Software Technologies Incorporated not be used - * in advertising or publicity pertaining to distribution of the document - * or software without specific, written prior permission. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND CHECK POINT SOFTWARE TECHNOLOGIES - * INCORPORATED DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE, - * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. - * IN NO EVENT SHALL CHECK POINT SOFTWARE TECHNOLOGIES INCORPRATED - * BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR - * ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER - * IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT - * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - */ - -/* - * Based on the Dynamic DNS reference implementation by Viraj Bais - * <viraj_bais@ccm.fm.intel.com> - */ - -#include "port_before.h" - -#include <sys/param.h> -#include <sys/uio.h> -#include <sys/file.h> -#include <sys/socket.h> -#include <sys/stat.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <fcntl.h> -#include <limits.h> -#include <resolv.h> -#include <res_update.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <ctype.h> -#include <syslog.h> -#include <time.h> -#include <unistd.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> -#include <isc/dst.h> -#include <isc/misc.h> - -#include "port_after.h" - -#include "named.h" - -#define WRITEABLE_MASK (S_IWUSR | S_IWGRP | S_IWOTH) - -/* XXXRTH almost all funcs. in here should be static! - map rdata_dump to db_to_textual - map rdata_expand to wire_to_db - make a textual_to_db and use it in merge_logs? - replace all this "map" stuff with the new routines (from 4.9.5 I think) - */ - -/* from ns_req.c */ - -static struct map m_opcode[] = { - { "nxdomain", NXDOMAIN }, - { "yxdomain", YXDOMAIN }, - { "nxrrset", NXRRSET }, - { "yxrrset", YXRRSET }, - { "delete", DELETE }, - { "add", ADD }, -}; -#define M_OPCODE_CNT (sizeof(m_opcode) / sizeof(struct map)) - -/* XXXRTH workaround map difficulties */ -#define M_CLASS_CNT m_class_cnt -#define M_TYPE_CNT m_type_cnt - -static const char *opcodes[] = { - "delete", - "add", - "", - "nxdomain", - "", - "", - "yxdomain", - "yxrrset", - "nxrrset", - "", - "", -}; - - -/* from db_load.c */ - -static struct map m_section[] = { - { "zone", S_ZONE }, - { "prereq", S_PREREQ }, - { "update", S_UPDATE }, - { "reserved", S_ADDT }, -}; -#define M_SECTION_CNT (sizeof(m_section) / sizeof(struct map)) - -/* Forward. */ - -static int rdata_expand(const u_char *, const u_char *, const u_char *, - u_int, size_t, u_char *, size_t); - - -static FILE * -open_transaction_log(struct zoneinfo *zp) { - FILE *fp = fopen(zp->z_updatelog, "a+"); - - if (fp == NULL) { - ns_error(ns_log_update, "can't open %s: %s", zp->z_updatelog, - strerror(errno)); - return (NULL); - } - (void) fchown(fileno(fp), user_id, group_id); - if (fseek(fp, 0L, SEEK_END) != 0) { - ns_error(ns_log_update, "can't fseek(%s, 0, SEEK_END)", - zp->z_updatelog); - fclose(fp); - return (NULL); - } - if (ftell(fp) == 0L) { - fprintf(fp, "%s", LogSignature); - zp->z_serial_ixfr_start = get_serial(zp); - } - else - zp->z_serial_ixfr_start = 0; - return (fp); -} - -static FILE * -open_ixfr_log(struct zoneinfo *zp) { - FILE *fp = fopen(zp->z_ixfr_base, "a+"); - - if (fp == NULL) { - ns_error(ns_log_update, "can't open %s: %s", zp->z_ixfr_base, - strerror(errno)); - return (NULL); - } - (void) fchown(fileno(fp), user_id, group_id); - if (fseek(fp, 0L, SEEK_END) != 0) { - ns_error(ns_log_update, "can't fseek(%s, 0, SEEK_END)", - zp->z_ixfr_base); - fclose(fp); - return (NULL); - } - if (ftell(fp) == 0L) { - fprintf(fp, "%s", LogSignature); - } - return (fp); -} - -static int -close_transaction_log(struct zoneinfo *zp, FILE *fp) { - if (fflush(fp) == EOF) { - ns_error(ns_log_update, "fflush() of %s failed: %s", - zp->z_updatelog, strerror(errno)); - return (-1); - } - if (fsync(fileno(fp)) < 0) { - ns_error(ns_log_update, "fsync() of %s failed: %s", - zp->z_updatelog, strerror(errno)); - return (-1); - } - if (fclose(fp) == EOF) { - ns_error(ns_log_update, "fclose() of %s failed: %s", - zp->z_updatelog, strerror(errno)); - return (-1); - } - return (0); -} - -static int -close_ixfr_log(struct zoneinfo *zp, FILE *fp) { - if (fflush(fp) == EOF) { - ns_error(ns_log_update, "fflush() of %s failed: %s", - zp->z_ixfr_base, strerror(errno)); - fclose(fp); - return (-1); - } - if (fsync(fileno(fp)) < 0) { - ns_error(ns_log_update, "fsync() of %s failed: %s", - zp->z_ixfr_base, strerror(errno)); - fclose(fp); - return (-1); - } - if (fclose(fp) == EOF) { - ns_error(ns_log_update, "fclose() of %s failed: %s", - zp->z_ixfr_base, strerror(errno)); - return (-1); - } - return (0); -} - -/* - * return true if 'db' had been added. - */ -static int -was_added(const ns_updque *updlist, struct databuf *dp) { - ns_updrec *rrecp; - - for (rrecp = HEAD(*updlist); rrecp != NULL; rrecp = NEXT(rrecp, r_link)) - if (rrecp->r_section == S_UPDATE && rrecp->r_dp == dp) - return (1); - return (0); -} - -/* - * return true if 'db' had been deleted. - */ -static int -was_deleted(const ns_updque *updlist, struct databuf *dp) { - ns_updrec *rrecp; - struct databuf *adp; - - - for (rrecp = HEAD(*updlist); rrecp != NULL; rrecp = NEXT(rrecp, r_link)) - if (rrecp->r_section == S_UPDATE && - rrecp->r_deldp != NULL) { - adp = rrecp->r_deldp; - do { - if (adp == dp) - return (1); - } while ((adp = adp->d_next) != NULL); - } - return (0); -} - -/* - * printupdatelog(srcaddr, updlist, hp, zp, old_serial) - * append an ascii form to the zone's transaction log file. - */ -static void -printupdatelog(struct sockaddr_in srcaddr, - const ns_updque *updlist, - HEADER *hp, - struct zoneinfo *zp, - u_int32_t old_serial) -{ - struct databuf *dp; - ns_updrec *rrecp; - int opcode; - char time[25]; - FILE *fp, *ifp; - - if (EMPTY(*updlist)) - return; - - fp = open_transaction_log(zp); - if (fp == NULL) - return; - - if (zp->z_maintain_ixfr_base == 1) { - ifp = open_ixfr_log(zp); - if (ifp == NULL) { - (void) close_transaction_log(zp, fp); - return; - } - } - else - ifp = NULL; - - sprintf(time, "at %lu", (u_long)tt.tv_sec); - fprintf(fp, "[DYNAMIC_UPDATE] id %u from %s %s (named pid %ld):\n", - ntohs(hp->id), sin_ntoa(srcaddr), time, (long)getpid()); - if (ifp) - fprintf(ifp, - "[DYNAMIC_UPDATE] id %u from %s %s (named pid %ld):\n", - ntohs(hp->id), sin_ntoa(srcaddr), time, - (long)getpid()); - for (rrecp = HEAD(*updlist); rrecp != NULL; rrecp = NEXT(rrecp, r_link)) { - INSIST(zp == &zones[rrecp->r_zone]); - switch (rrecp->r_section) { - case S_ZONE: - fprintf(fp, "zone:\torigin %s class %s serial %u\n", - zp->z_origin, p_class(zp->z_class), - old_serial); - if (ifp) - fprintf(ifp, - "zone:\torigin %s class %s serial %lu\n", - zp->z_origin, p_class(zp->z_class), - (u_long)old_serial); - break; - case S_PREREQ: - opcode = rrecp->r_opcode; - fprintf(fp, "prereq:\t{%s} %s. %s ", - opcodes[opcode], rrecp->r_dname, - p_class(zp->z_class)); - if (opcode == NXRRSET || opcode == YXRRSET) { - fprintf(fp, "%s ", p_type(rrecp->r_type)); - if ((dp = rrecp->r_dp) && dp->d_size > 0) { - dp->d_class = zp->z_class; - (void) rdata_dump(dp, fp); - } - } - fprintf(fp, "\n"); - break; - case S_UPDATE: - opcode = rrecp->r_opcode; - /* - * Translate all deletes into explict actions by - * looking at what was actually deleted from the - * zone for the ixfr log. - */ - dp = rrecp->r_deldp; - while (dp != NULL) { - if (dp->d_rcode == 0 && - !was_added(updlist, dp)) { - if (ifp) { - fprintf(ifp, - "update:\t{%s} %s. %u %s %s ", - "delete", - rrecp->r_dname, - dp->d_ttl, - p_class(dp->d_class), - p_type(dp->d_type)); - (void) rdata_dump(dp, ifp); - fprintf(ifp, "\n"); - } - } - dp = dp->d_next; - } - /* - * Only successful adds should be recorded. - * Don't add changes that are undone later. - * SOA additions performed later. - */ - if (opcode == ADD && (dp = rrecp->r_dp) != NULL && - dp->d_type != T_SOA && - (dp->d_mark & D_MARK_ADDED) != 0 && - !was_deleted(updlist, dp)) { - if (ifp) { - fprintf(ifp, "update:\t{%s} %s. ", - opcodes[opcode], rrecp->r_dname); - fprintf(ifp, "%u ", rrecp->r_ttl); - fprintf(ifp, "%s ", p_class(zp->z_class)); - fprintf(ifp, "%s ", p_type(rrecp->r_type)); - (void) rdata_dump(dp, ifp); - fprintf(ifp, "\n"); - } - } - /* Update log. */ - fprintf(fp, "update:\t{%s} %s. ", - opcodes[opcode], rrecp->r_dname); - if (opcode == ADD) - fprintf(fp, "%u ", rrecp->r_ttl); - fprintf(fp, "%s ", p_class(zp->z_class)); - if (rrecp->r_type != T_ANY) - fprintf(fp, "%s ", p_type(rrecp->r_type)); - if ((dp = rrecp->r_dp) && dp->d_size > 0) { - dp->d_class = zp->z_class; - (void) rdata_dump(dp, fp); - } - fprintf(fp, "\n"); - break; - case S_ADDT: - break; - default: - ns_panic(ns_log_update, 1, - "printupdatelog - impossible condition"); - /*NOTREACHED*/ - } - } - /* - * SOA additions must be last in this update as they - * (or [INCR_SERIAL]) terminate an IXFR chunk. Only the last SOA - * addition will be emitted for any dynamic update regardless - * of the number of SOA changes in the update. - */ - for (rrecp = HEAD(*updlist); rrecp != NULL; rrecp = NEXT(rrecp, r_link)) { - INSIST(zp == &zones[rrecp->r_zone]); - switch (rrecp->r_section) { - case S_UPDATE: - opcode = rrecp->r_opcode; - if (opcode == ADD && (dp = rrecp->r_dp) != NULL && - dp->d_type == T_SOA && - (dp->d_mark & D_MARK_ADDED) != 0 && - !was_deleted(updlist, dp)) { - if (ifp) { - fprintf(ifp, "update:\t{%s} %s. ", - opcodes[opcode], rrecp->r_dname); - fprintf(ifp, "%u ", rrecp->r_ttl); - fprintf(ifp, "%s ", p_class(zp->z_class)); - fprintf(ifp, "%s ", p_type(rrecp->r_type)); - (void) rdata_dump(dp, ifp); - fprintf(ifp, "\n[END_DELTA]\n"); - } - } - break; - default: - break; - } - } - fprintf(fp, "\n"); - (void) close_transaction_log(zp, fp); - if (ifp) - (void) close_ixfr_log(zp, ifp); -} - -static void -cancel_soa_update(struct zoneinfo *zp) { - ns_debug(ns_log_update, 3, "cancel_soa_update for %s", zp->z_origin); - zp->z_flags &= ~Z_NEED_SOAUPDATE; - zp->z_soaincrtime = 0; - zp->z_updatecnt = 0; -} - -/* - * Figure out when a SOA serial number update should happen. - * Returns non-zero if the caller should call sched_zone_maint(zp). - */ -int -schedule_soa_update(struct zoneinfo *zp, int numupdated) { - (void) gettime(&tt); - - zp->z_flags |= Z_NEED_SOAUPDATE; - - /* - * Only z_deferupdcnt updates are allowed before we force - * a serial update. - */ - zp->z_updatecnt += numupdated; - if (zp->z_updatecnt >= zp->z_deferupdcnt) { - if (zp->z_soaincrtime > tt.tv_sec) { - zp->z_soaincrtime = tt.tv_sec; - return (1); - } - } - - if (zp->z_soaincrintvl > 0) { - /* We want automatic updates in this zone. */ - if (zp->z_soaincrtime > 0) { - /* Already scheduled. */ - ns_debug(ns_log_update, 3, - "schedule_soa_update('%s'): already scheduled", - zp->z_origin); - return (0); - } else { - /* First update since the soa was last incremented. */ - zp->z_updatecnt = numupdated; - zp->z_soaincrtime = tt.tv_sec + zp->z_soaincrintvl; - /* - * Never schedule soaincrtime to occur after - * dumptime. - */ - if (zp->z_soaincrtime > zp->z_dumptime) - zp->z_soaincrtime = zp->z_dumptime; - ns_debug(ns_log_update, 3, - "schedule_soa_update('%s'): scheduled for %lu", - zp->z_origin, (u_long)zp->z_soaincrtime); - return (1); - } - } - return (0); -} - -/* - * Figure out when a zone dump should happen. - * Returns non-zero if the caller should call sched_zone_maint(zp). - */ -int -schedule_dump(struct zoneinfo *zp) { - time_t half; - - (void) gettime(&tt); - - zp->z_flags |= Z_NEED_DUMP; - - if (zp->z_dumpintvl > 0) { - /* We want automatic dumping in this zone. */ - if (zp->z_dumptime > 0) { - /* Already scheduled. */ - ns_debug(ns_log_update, 3, - "schedule_dump('%s'): already scheduled", - zp->z_origin); - return (0); - } else { - /* - * Set new dump time for dynamic zone. Use a random - * number in the last half of the dump limit; we want - * it to be substantially correct while still - * preventing dump synchronization among various - * dynamic zones. - */ - half = (zp->z_dumpintvl + 1) / 2; - zp->z_dumptime = tt.tv_sec + half + (rand() % half); - /* - * Never schedule soaincrtime to occur after - * dumptime. - */ - if (zp->z_soaincrtime > zp->z_dumptime) - zp->z_soaincrtime = zp->z_dumptime; - ns_debug(ns_log_update, 3, - "schedule_dump('%s'): scheduled for %lu", - zp->z_origin, (u_long)zp->z_dumptime); - return (1); - } - } - return (0); -} - -/* - * int - * process_prereq(rec, rcodep) - * Process one prerequisite. - * returns: - * >0 prerequisite was satisfied. - * =0 prerequisite was not satisfied, or an error occurred. - * side effects: - * sets *rcodep if an error occurs or prerequisite isn't satisfied. - */ -static int -process_prereq(ns_updrec *ur, int *rcodep, u_int16_t zclass) { - const char *dname = ur->r_dname; - u_int16_t class = ur->r_class; - u_int16_t type = ur->r_type; - u_int32_t ttl = ur->r_ttl; - struct databuf *rdp = ur->r_dp; - const char *fname; - struct hashbuf *htp; - struct namebuf *np; - struct databuf *dp; - - /* - * An element in the list might have already been - * processed if it is in the same RRset as a previous - * RRset Exists (value dependent) prerequisite. - */ - if (rdp && (rdp->d_mark & D_MARK_FOUND) != 0) { - /* Already processed. */ - return (1); - } - if (ttl != 0) { - ns_debug(ns_log_update, 1, - "process_prereq: ttl!=0 in prereq section"); - *rcodep = FORMERR; - return (0); - } - htp = hashtab; - np = nlookup(dname, &htp, &fname, 0); - /* - * Matching by wildcard not allowed here. - * We need to post check for a wildcard match. - */ - if (fname != dname || - (np != NULL && ns_wildcard(NAME(*np)) && - (dname[0] != '*' || (dname[1] != '.' && dname[1] != '\0')))) - np = NULL; - - if (class == C_ANY) { - if (rdp->d_size) { - ns_debug(ns_log_update, 1, - "process_prereq: empty rdata required in prereq section with class=ANY"); - *rcodep = FORMERR; - return (0); - } - if (type == T_ANY) { - /* Name is in use. */ - ur->r_opcode = YXDOMAIN; - if (np == NULL || np->n_data == NULL) { - /* - * Name does not exist or is - * an empty nonterminal. - */ - ns_debug(ns_log_update, 1, - "process_prereq: %s not in use", - dname); - *rcodep = NXDOMAIN; - return (0); - } - } else { - /* RRset exists (value independent). */ - int found = 0; - - ur->r_opcode = YXRRSET; - if (np != NULL) - for (dp = np->n_data; - dp && !found; - dp = dp->d_next) - if (match(dp, class, type) && - dp->d_type == type) - found = 1; - if (!found) { - ns_debug(ns_log_update, 1, - "process_prereq: RRset (%s,%s,%s) does not exist", - dname, p_type(type), p_class(zclass)); - *rcodep = NXRRSET; - return (0); - } - } - } else if (class == C_NONE) { - if (rdp->d_size) { - ns_debug(ns_log_update, 1, - "process_prereq: empty rdata required in prereq section with class=NONE"); - *rcodep = FORMERR; - return (0); - } - if (type == T_ANY) { - /* Name is not in use. */ - ur->r_opcode = NXDOMAIN; - if (np != NULL && np->n_data != NULL) { - /* - * Name exists and is not an - * empty nonterminal. - */ - ns_debug(ns_log_update, 1, - "process_prereq: %s exists", - dname); - *rcodep = YXDOMAIN; - return (0); - } - } else { - /* RRset does not exist. */ - int found = 0; - - ur->r_opcode = NXRRSET; - class = zclass; - if (np != NULL) - for (dp = np->n_data; - dp && !found; - dp = dp->d_next) - if (match(dp, class, type)) - found = 1; - if (found) { - ns_debug(ns_log_update, 1, - "process_prereq: RRset (%s,%s) exists", - dname, p_type(type)); - *rcodep = YXRRSET; - return (0); - } - } - } else if (class == zclass) { - /* - * RRset exists (value dependent). - * - * Check for RRset equality also. - */ - ns_updrec *tmp; - - ur->r_opcode = YXRRSET; - if (!rdp) { - ns_debug(ns_log_update, 1, - "process_prereq: nonempty rdata required in prereq section with class=%s", - p_class(class)); - *rcodep = FORMERR; - return (0); - } - if (np == NULL || fname != dname) { - *rcodep = NXRRSET; - return (0); - } - for (dp = np->n_data; dp; dp = dp->d_next) { - if (match(dp, class, type) && dp->d_type == type) { - int found = 0; - - for (tmp = ur; - tmp != NULL && !found; - tmp = NEXT(tmp, r_link)) { - if (tmp->r_section != S_PREREQ) - break; - if (!db_cmp(dp, tmp->r_dp)) { - tmp->r_dp->d_mark |= - D_MARK_FOUND; - found = 1; - } - } - if (!found) { - *rcodep = NXRRSET; - return (0); - } - } - } - for (tmp = ur; tmp != NULL; tmp = NEXT(tmp, r_link)) - if (tmp->r_section == S_PREREQ && - ns_samename(dname, tmp->r_dname) == 1 && - tmp->r_class == class && - tmp->r_type == type && - (ur->r_dp->d_mark & D_MARK_FOUND) == 0) { - *rcodep = NXRRSET; - return (0); - } else { - tmp->r_opcode = YXRRSET; - } - } else { - ns_debug(ns_log_update, 1, - "process_prereq: incorrect class %s", - p_class(class)); - *rcodep = FORMERR; - return (0); - } - /* Through the gauntlet, and out. */ - return (1); -} - -static int -prescan_nameok(ns_updrec *ur, int *rcodep, u_int16_t zclass, - struct zoneinfo *zp) -{ - const char *owner = ur->r_dname; - u_int16_t class = ur->r_class; - u_int16_t type = ur->r_type; - char *cp = (char *)ur->r_dp->d_data; - enum context context; - enum transport transport; - - /* We don't care about deletes */ - if (ur->r_class != zclass) - return (1); - - if (zp->z_type == Z_PRIMARY) - transport = primary_trans; - else - transport = secondary_trans; - - context = ns_ownercontext(type, transport); - if (!ns_nameok(NULL, owner, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - - switch (type) { - case ns_t_soa: - context = hostname_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - cp += strlen(cp) + 1; - context = mailname_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_rp: - context = mailname_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - cp += strlen(cp) + 1; - context = domain_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_minfo: - context = mailname_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - cp += strlen(cp) + 1; - context = mailname_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_ns: - context = hostname_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_cname: - case ns_t_mb: - case ns_t_mg: - case ns_t_mr: - context = domain_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_ptr: - context = ns_ptrcontext(owner); - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_naptr: - /* - * Order (2) - * Preference (2) - */ - cp += 4; - /* Flags (txt) */ - cp += (*cp&0xff) + 1; - /* Service (txt) */ - cp += (*cp&0xff) + 1; - /* Pattern (txt) */ - cp += (*cp&0xff) + 1; - context = domain_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, - context, owner, inaddr_any)) - goto refused; - break; - case ns_t_srv: - cp += 4; - /* FALLTHROUGH */ - case ns_t_mx: - case ns_t_afsdb: - case ns_t_rt: - case ns_t_kx: - cp += 2; - context = hostname_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_px: - cp += 2; - context = domain_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - cp += strlen(cp) + 1; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_sig: - /* - * Type covered (2) - * Alg (1) * - * Labels (1) - * ttl (4) - * expires (4) - * signed (4) - * footprint (2) - */ - cp += 18; - context = domain_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - case ns_t_nxt: - context = domain_ctx; - if (!ns_nameok(NULL, cp, class, zp, transport, context, owner, - inaddr_any)) - goto refused; - break; - default: - break; - } - return (1); - refused: - *rcodep = REFUSED; - return (0); -} - -/* - * int - * prescan_update(ur, rcodep) - * Process one prerequisite. - * returns: - * >0 update looks OK (format wise; who knows if it will succeed?) - * =0 update has something wrong with it. - * side effects: - * sets *rcodep if an error occurs or prerequisite isn't satisfied. - */ -static int -prescan_update(ns_updrec *ur, int *rcodep, u_int16_t zclass) { - u_int16_t class = ur->r_class; - u_int16_t type = ur->r_type; - u_int32_t ttl = ur->r_ttl; - struct databuf *rdp = ur->r_dp; - - if (class == zclass) { - if (!ns_t_rr_p(type)) { - ns_debug(ns_log_update, 1, - "prescan_update: invalid type (%s)", - p_type(type)); - *rcodep = FORMERR; - return (0); - } - if (ttl > MAXIMUM_TTL) { - ns_debug(ns_log_update, 1, - "prescan_update: invalid ttl (%u)", ttl); - *rcodep = FORMERR; - return (0); - } - } else if (class == C_ANY) { - if (ttl != 0 || rdp->d_size || - (!ns_t_rr_p(type) && type != T_ANY)) - { - ns_debug(ns_log_update, 1, - "prescan_update: formerr(#2)"); - *rcodep = FORMERR; - return (0); - } - } else if (class == C_NONE) { - if (ttl != 0 || !ns_t_rr_p(type)) { - ns_debug(ns_log_update, 1, - "prescan_update: formerr(#3) %d %s", - ttl, p_type(type)); - *rcodep = FORMERR; - return (0); - } - } else { - ns_debug(ns_log_update, 1, - "prescan_update: invalid class (%s)", - p_class(class)); - *rcodep = FORMERR; - return (0); - } - /* No format errors found. */ - return (1); -} - -/* - * int - * process_updates(updlist, rcodep, from) - * Process prerequisites and apply updates from the list to the database. - * returns: - * number of successful updates, 0 if none were successful. - * side effects: - * *rcodep gets the transaction return code. - * can schedule maintainance for zone dumps and soa.serial# increments. - */ -static int -process_updates(const ns_updque *updlist, int *rcodep, - struct sockaddr_in from) -{ - int j, n, dbflags, matches, zonenum; - int numupdated = 0, soaupdated = 0, schedmaint = 0; - u_int16_t zclass; - ns_updrec *ur; - struct databuf *dp, *savedp; - struct zoneinfo *zp; - int zonelist[MAXDNAME]; - - *rcodep = SERVFAIL; - if (EMPTY(*updlist)) - return (0); - ur = HEAD(*updlist); - if (ur->r_section == S_ZONE) { - zclass = ur->r_class; - zonenum = ur->r_zone; - zp = &zones[zonenum]; - } else { - ns_debug(ns_log_update, 1, - "process_updates: missing zone record"); - return (0); - } - - /* Process prereq records and prescan update records. */ - for (ur = HEAD(*updlist); ur != NULL; ur = NEXT(ur, r_link)) { - const char * dname = ur->r_dname; - u_int16_t class = ur->r_class; - u_int16_t type = ur->r_type; - u_int32_t ttl = ur->r_ttl; - struct databuf *rdp = ur->r_dp; - u_int section = ur->r_section; - - ns_debug(ns_log_update, 3, -"process_update: record section=%s, dname=%s, \ -class=%s, type=%s, ttl=%d, dp=%p", - p_section(section, ns_o_update), dname, - p_class(class), p_type(type), ttl, rdp); - - matches = findzone(dname, zclass, MAXDNAME, - zonelist, MAXDNAME); - ur->r_zone = 0; - for (j = 0; j < matches && !ur->r_zone; j++) - if (zonelist[j] == zonenum) - ur->r_zone = zonelist[j]; - if (!ur->r_zone || - (section != S_ADDT && type == T_SOA && - ns_samename(dname, zp->z_origin) != 1)) { - ns_debug(ns_log_update, 1, - "process_updates: record does not belong to the zone %s", - zones[zonenum].z_origin); - *rcodep = NOTZONE; - return (0); - } - - switch (section) { - case S_ZONE: - break; - case S_PREREQ: - if (!process_prereq(ur, rcodep, zclass)) - return (0); /* *rcodep has been set. */ - ns_debug(ns_log_update, 3, "prerequisite satisfied"); - break; - case S_UPDATE: - if (!prescan_update(ur, rcodep, zclass)) - return (0); /* *rcodep has been set. */ - if (!prescan_nameok(ur, rcodep, zclass, zp)) - return (0); /* *rcodep has been set. */ - ns_debug(ns_log_update, 3, "update prescan succeeded"); - break; - case S_ADDT: - break; - default: - ns_panic(ns_log_update, 1, - "process_updates: impossible section"); - /* NOTREACHED */ - } - } - - /* Now process the records in update section. */ - for (ur = HEAD(*updlist); ur != NULL; ur = NEXT(ur, r_link)) { - const char * dname = ur->r_dname; - u_int16_t class = ur->r_class; - - if (ur->r_section != S_UPDATE) - continue; - dbflags = 0; - savedp = NULL; - dp = ur->r_dp; - if (class == zp->z_class) { - /* ADD databuf dp to hash table */ - /* - * Handling of various SOA/WKS/CNAME scenarios - * is done in db_update(). - */ - ur->r_opcode = ADD; - dbflags |= DB_NODATA | DB_REPLACE; - n = db_update(dname, dp, dp, &savedp, - dbflags, hashtab, from); - if (!((n == OK) || - ((zp->z_xferpid == XFER_ISIXFR) && (n == DATAEXISTS)))) { - ns_debug(ns_log_update, 3, - "process_updates: failed to add databuf (%d)", - n); - } else { - ns_debug(ns_log_update, 3, - "process_updates: added databuf %p", - dp); - dp->d_mark = D_MARK_ADDED; - numupdated++; - if (dp->d_type == T_SOA) - soaupdated = 1; - } - } else if (class == C_ANY || class == C_NONE) { - /* - * DELETE databuf's matching dp from the hash table. - * - * handling of various SOA/NS scenarios done - * in db_update(). - */ - ur->r_opcode = DELETE; - /* - * we know we're deleting now, and db_update won't - * match with class==C_NONE, so we use the zone's - * class. - */ - if (class == C_NONE) - ur->r_dp->d_class = zp->z_class; - dbflags |= DB_DELETE; - n = db_update(dname, dp, NULL, &savedp, - dbflags, hashtab, from); - if (!((n == OK) || - ((zp->z_xferpid == XFER_ISIXFR) && (n == NODATA)))) { - ns_debug(ns_log_update, 3, - "process_updates: delete failed"); - } else { - ns_debug(ns_log_update, 3, - "process_updates: delete succeeded"); - numupdated++; - } - } - /* - * Even an addition could have caused some deletions like - * replacing old SOA or CNAME or WKS record or records of - * lower cred/clev. - * - * We need to save the deleted databuf's in case we wish to - * abort this update transaction and roll back all updates - * applied from this packet. - */ - ur->r_deldp = savedp; - } - - /* - * If we got here, things are OK, so set rcodep to indicate so. - */ - *rcodep = NOERROR; - - if (!numupdated) - return (0); - - /* - * schedule maintenance for dumps and SOA.serial# increment - * (this also sets Z_NEED_DUMP and Z_NEED_SOAUPDATE appropriately) - */ - schedmaint = 0; - if (schedule_dump(zp)) - schedmaint = 1; - if (soaupdated) { - /* - * SOA updated by this update transaction, so - * we need to set the zone serial number, stop any - * automatic updates that may be pending, and send out - * a NOTIFY message. - */ - zp->z_serial = get_serial_unchecked(zp); - cancel_soa_update(zp); - schedmaint = 1; -#ifdef BIND_NOTIFY - if (!loading) - ns_notify(zp->z_origin, zp->z_class, ns_t_soa); -#endif - } else { - if (schedule_soa_update(zp, numupdated)) - schedmaint = 1; - } - if (schedmaint) - sched_zone_maint(zp); - return (numupdated); -} - -static enum req_action -req_update_private(HEADER *hp, u_char *cp, u_char *eom, u_char *msg, - struct sockaddr_in from, struct tsig_record *in_tsig, - ns_updque *curupd) -{ - char dnbuf[MAXDNAME], *dname; - u_int zocount, prcount, upcount, adcount, class, type, dlen; - u_int32_t ttl; - int i, n, matches, zonenum, numupdated = 0; - int rcode = NOERROR; - u_int section; - u_char rdata[MAXDATA]; - struct databuf *dp, *nsp[NSMAX]; - struct zoneinfo *zp; - ns_updrec *rrecp; - int zonelist[MAXDNAME]; - u_int32_t old_serial; - DST_KEY *in_key = (in_tsig != NULL) ? in_tsig->key : NULL; - - nsp[0] = NULL; - - zocount = ntohs(hp->qdcount); - prcount = ntohs(hp->ancount); - upcount = ntohs(hp->nscount); - adcount = ntohs(hp->arcount); - - /* Process zone section. */ - ns_debug(ns_log_update, 3, "req_update: section ZONE, count %d", - zocount); - if ((n = dn_expand(msg, eom, cp, dnbuf, sizeof(dnbuf))) < 0) { - ns_debug(ns_log_update, 1, "req_update: expand name failed"); - hp->rcode = FORMERR; - return (Finish); - } - dname = dnbuf; - cp += n; - if (cp + 2 * INT16SZ > eom) { - ns_debug(ns_log_update, 1, "req_update: too short"); - hp->rcode = FORMERR; - return (Finish); - } - GETSHORT(type, cp); - GETSHORT(class, cp); - if (zocount != 1 || type != T_SOA) { - ns_debug(ns_log_update, 1, - "req_update: incorrect count or type for zone section: %d", - zocount); - hp->rcode = FORMERR; - return (Finish); - } - - matches = findzone(dname, class, 0, zonelist, MAXDNAME); - if (matches == 1) { - zonenum = zonelist[0]; - zp = &zones[zonenum]; - if (zp->z_class != (int)class || - (zp->z_type != z_master && zp->z_type != z_slave)) - matches = 0; - } - if (matches != 1) { - ns_debug(ns_log_update, 1, - "req_update: non-authoritative server for %s", - dname); - hp->rcode = NOTAUTH; - return (Finish); - } - - /* - * Begin Access Control Point - */ - - if (!ip_addr_or_key_allowed(zp->z_update_acl, from.sin_addr, in_key)) { - ns_notice(ns_log_update_security, - "denied update from %s for \"%s\" %s", - sin_ntoa(from), *dname ? dname : ".", p_class(class)); - nameserIncr(from.sin_addr, nssRcvdUUpd); - return (Refuse); - } - - /* - * End Access Control Point - */ - - /* we should be authoritative */ - if (!(zp->z_flags & Z_AUTH)) { - ns_debug(ns_log_update, 1, - "req_update: zone %s: Z_AUTH not set", - dname); - hp->rcode = NOTAUTH; - return (Finish); - } - - if (zp->z_type == Z_SECONDARY) { - /* - * XXX The code below is broken. - * Until fixed, we just return NOTIMPL. - */ -#if 1 - hp->rcode = ns_r_notimpl; - return (Finish); -#else - /* We are a slave for this zone, forward it to the master. */ - for (cnt = 0; cnt < zp->z_addrcnt; cnt++) - *nspp++ = savedata(zp->z_class, T_A, USE_MINIMUM, - (u_char *)&zp->z_addr[cnt].s_addr, - INT32SZ); - *nspp = NULL; - /* - * If the request came in over TCP, forward it over TCP - */ - should_use_tcp = (qsp != NULL); - if (in_tsig != NULL) { - tsig_len = ns_skiprr(eom, eom + TSIG_BUF_SIZE, - ns_s_ar, 1); - eom += tsig_len; - } - n = ns_forw(nsp, msg, eom-msg, from, qsp, dfd, &qp, - dname, class, type, NULL, should_use_tcp, NULL); - if (in_tsig != NULL) - eom -= tsig_len; - free_nsp(nsp); - switch (n) { - case FW_OK: - case FW_DUP: - return (Return); - case FW_NOSERVER: - /* should not happen */ - case FW_SERVFAIL: - hp->rcode = SERVFAIL; - return (Finish); - } -#endif - } - /* - * We are the primary master server for this zone, - * proceed further and process update packet - */ - if (!(zp->z_flags & Z_DYNAMIC)) { - ns_debug(ns_log_update, 1, - "req_update: dynamic flag not set for zone %s", - dname); - return (Refuse); - } - old_serial = get_serial(zp); - ns_debug(ns_log_update, 3, - "req_update: update request for zone %s, class %s", - zp->z_origin, p_class(class)); - rrecp = res_mkupdrec(S_ZONE, dname, class, type, 0); - rrecp->r_zone = zonenum; - - APPEND(*curupd, rrecp, r_link); - - /* - * Parse the prerequisite and update sections for format errors. - */ - for (i = 0; (u_int)i < prcount + upcount; i++) { - if ((n = dn_expand(msg, eom, cp, dnbuf, sizeof(dnbuf))) < 0) { - ns_debug(ns_log_update, 1, - "req_update: expand name failed"); - hp->rcode = FORMERR; - return (Finish); - } - dname = dnbuf; - cp += n; - if (cp + RRFIXEDSZ > eom) { - ns_debug(ns_log_update, 1, - "req_update: overrun in answer"); - hp->rcode = FORMERR; - return (Finish); - } - GETSHORT(type, cp); - GETSHORT(class, cp); - if (class > CLASS_MAX) { - ns_debug(ns_log_update, 1, - "req_update: bad class"); - hp->rcode = FORMERR; - return (Finish); - } - GETLONG(ttl, cp); - GETSHORT(dlen, cp); - n = 0; - dp = NULL; - if (dlen > 0) { - if (cp + dlen > eom) { - ns_debug(ns_log_update, 1, - "req_update: bad dlen"); - hp->rcode = FORMERR; - return (Finish); - } - n = rdata_expand(msg, eom, cp, type, dlen, - rdata, sizeof rdata); - if (n == 0 || n > MAXDATA) { - ns_debug(ns_log_update, 1, - "req_update: failed to expand record"); - hp->rcode = FORMERR; - return (Finish); - } - cp += dlen; - } - section = ((u_int)i < prcount) ? S_PREREQ : S_UPDATE; - rrecp = res_mkupdrec(section, dname, class, type, ttl); - dp = savedata(class, type, ttl, rdata, n); - dp->d_zone = zonenum; - dp->d_cred = DB_C_ZONE; - dp->d_secure = DB_S_INSECURE; /* should be UNCHECKED */ - dp->d_clev = nlabels(zp->z_origin); - /* XXX - also record in dp->d_ns, which host this came from */ - rrecp->r_dp = dp; - /* Append the current record to the end of list of records. */ - APPEND(*curupd, rrecp, r_link); - if (cp > eom) { - ns_info(ns_log_update, - "Malformed response from %s (overrun)", - inet_ntoa(from.sin_addr)); - hp->rcode = FORMERR; - return (Finish); - } - } - - /* Now process all parsed records in the prereq and update sections. */ - numupdated = process_updates(curupd, &rcode, from); - hp->rcode = rcode; - if (numupdated <= 0) { - if (rcode != NOERROR) - ns_error(ns_log_update, - "error processing update packet (%s) id %d from %s", - p_rcode(rcode), ntohs(hp->id), sin_ntoa(from)); - return (Finish); - } - - /* - * Stop any outbound zone transfers. - * (Eventlib is synchronous for this.) - */ - ns_stopxfrs(zp); - - /* Make a log of the update. */ - (void) printupdatelog(from, curupd, hp, zp, old_serial); - - return (Finish); -} - -void -free_rrecp(ns_updque *updlist, int rcode, struct sockaddr_in from) { - ns_updrec *rrecp, *first_rrecp, *next_rrecp; - struct databuf *dp, *tmpdp; - char *dname; - const char *msg; - - if (rcode == NOERROR) { - first_rrecp = HEAD(*updlist); - msg = "free_rrecp: update transaction succeeded, cleaning up"; - } else { - first_rrecp = TAIL(*updlist); - msg = "free_rrecp: update transaction aborted, rolling back"; - } - ns_debug(ns_log_update, 1, "%s", msg); - for (rrecp = first_rrecp; rrecp != NULL; rrecp = next_rrecp) { - if (rcode == NOERROR) - next_rrecp = NEXT(rrecp, r_link); - else - next_rrecp = PREV(rrecp, r_link); - UNLINK(*updlist, rrecp, r_link); - if (rrecp->r_section != S_UPDATE) { - if (rrecp->r_dp) - db_detach(&rrecp->r_dp); - INSIST(rrecp->r_deldp == NULL); - res_freeupdrec(rrecp); - continue; - } - dname = rrecp->r_dname; - dp = rrecp->r_dp; - rrecp->r_dp = NULL; - if ((dp->d_mark & D_MARK_ADDED) != 0) { - if (rcode == NOERROR) { - /* - * This databuf is now a part of hashtab, - * or has been deleted by a subsequent update. - * Either way, we must not free it. - */ - dp->d_mark &= ~D_MARK_ADDED; - } else { - /* Delete the databuf. */ - if (db_update(dname, dp, NULL, NULL, - DB_DELETE, hashtab, from) - != OK) { - ns_error(ns_log_update, - "free_rrecp: failed to delete databuf: dname=%s, type=%s", - dname, p_type(dp->d_type)); - } else { - ns_debug(ns_log_update, 3, - "free_rrecp: deleted databuf %p", - dp); - } - } - } - db_detach(&dp); - - /* Process deleted databuf's. */ - dp = rrecp->r_deldp; - rrecp->r_deldp = NULL; - while (dp != NULL) { - tmpdp = dp; - dp = dp->d_next; - tmpdp->d_next = NULL; - if (rcode != NOERROR) { - /* Add the databuf back. */ - tmpdp->d_mark &= ~D_MARK_DELETED; - if (db_update(dname, tmpdp, tmpdp, NULL, - DB_REPLACE, hashtab, from) != OK) { - ns_error(ns_log_update, - "free_rrecp: failed to add back databuf: dname=%s, type=%s", - dname, p_type(tmpdp->d_type)); - } else { - ns_debug(ns_log_update, 3, - "free_rrecp: added back databuf %p", - tmpdp); - } - } - db_detach(&tmpdp); - } - res_freeupdrec(rrecp); - } -} - -enum req_action -req_update(HEADER *hp, u_char *cp, u_char *eom, u_char *msg, - struct sockaddr_in from, struct tsig_record *in_tsig) -{ - enum req_action ret; - ns_updque curupd; - - INIT_LIST(curupd); - ret = req_update_private(hp, cp, eom, msg, from, in_tsig, &curupd); - free_rrecp(&curupd, ret == Refuse ? ns_r_refused : hp->rcode, from); - if (ret == Finish) { - hp->qdcount = hp->ancount = hp->nscount = hp->arcount = 0; - memset(msg + HFIXEDSZ, 0, (eom - msg) - HFIXEDSZ); - } - return (ret); -} - -/* - * expand rdata portion of a compressed resource record at cp into cp1 - * and return the length of the expanded rdata (length of the compressed - * rdata is "dlen"). - */ -static int -rdata_expand(const u_char *msg, const u_char *eom, const u_char *cp, - u_int type, size_t dlen, u_char *cp1, size_t size) -{ - const u_char *cpinit = cp; - const u_char *cp1init = cp1; - int n, i, n1; - - switch (type) { - case T_A: - case T_AAAA: - if ((type == T_A && dlen != INT32SZ) || - (type == T_AAAA && dlen != NS_IN6ADDRSZ)) - return (0); - /*FALLTHROUGH*/ - case T_WKS: - case T_HINFO: - case T_TXT: - case T_X25: - case T_ISDN: - case T_NSAP: - case T_LOC: - case T_KEY: - case ns_t_cert: - if (size < dlen) - return (0); - memcpy(cp1, cp, dlen); - return (dlen); - case T_CNAME: - case T_MB: - case T_MG: - case T_MR: - case T_NS: - case T_PTR: - n = dn_expand(msg, eom, cp, (char *)cp1, size); - if (n < 0 || (u_int)n != dlen) - return (0); - return (strlen((char *)cp1) + 1); - case T_MINFO: - case T_SOA: - case T_RP: - /* Get two compressed domain names. */ - for (i = 0; i < 2; i++) { - n = dn_expand(msg, eom, cp, (char *)cp1, size); - if (n < 0) - return (0); - cp += n; - n = strlen((char *)cp1) + 1; - cp1 += n; - size -= n; - } - if (type == T_SOA) { - n = 5 * INT32SZ; - if (size < (size_t)n || cp + n > eom) - return(0); - size -= n; - memcpy(cp1, cp, n); - cp += n; - cp1 += n; - } - if (cp != cpinit + dlen) - return (0); - return (cp1 - cp1init); - case T_MX: - case T_AFSDB: - case T_RT: - case T_SRV: - /* Grab preference. */ - if (size < INT16SZ || cp + INT16SZ > eom) - return (0); - size -= INT16SZ; - memcpy(cp1, cp, INT16SZ); - cp += INT16SZ; - cp1 += INT16SZ; - - if (type == T_SRV) { - if (size < INT16SZ*2 || cp + INT16SZ*2 > eom) - return (0); - size -= INT16SZ*2; - /* Grab weight and port. */ - memcpy(cp1, cp, INT16SZ*2); - cp1 += INT16SZ*2; - cp += INT16SZ*2; - } - - /* Get name. */ - n = dn_expand(msg, eom, cp, (char *)cp1, size); - if (n < 0) - return (0); - cp += n; - n = strlen((char *)cp1) + 1; - cp1 += n; - if (cp != cpinit + dlen) - return (0); - return (cp1 - cp1init); - case T_PX: - /* Grab preference. */ - if (size < INT16SZ || cp + INT16SZ > eom) - return (0); - size -= INT16SZ; - memcpy(cp1, cp, INT16SZ); - cp += INT16SZ; - cp1 += INT16SZ; - /* Get MAP822 name. */ - n = dn_expand(msg, eom, cp, (char *)cp1, size); - if (n < 0) - return (0); - cp += n; - n = strlen((char *)cp1) + 1; - cp1 += n; - size -= n; - n = dn_expand(msg, eom, cp, (char *)cp1, size); - if (n < 0) - return (0); - cp += n; - n = strlen((char *)cp1) + 1; - cp1 += n; - if (cp != cpinit + dlen) - return (0); - return (cp1 - cp1init); - case T_SIG: - if (dlen < SIG_HDR_SIZE || size < dlen) - return (0); - memcpy(cp1, cp, SIG_HDR_SIZE); - size -= SIG_HDR_SIZE; - cp += SIG_HDR_SIZE; - cp1 += SIG_HDR_SIZE; - n = dn_expand(msg, eom, cp, (char *)cp1, size); - if (n < 0 || n + SIG_HDR_SIZE > (int)dlen) - return (0); - cp += n; - n1 = dlen - n - SIG_HDR_SIZE; - n = strlen((char *)cp1) + 1; - cp1 += n; - if ((int)size < n1) - return (0); - memcpy(cp1, cp, n1); - cp1 += n1; - return (cp1 - cp1init); - case T_NXT: - n = dn_expand(msg, eom, cp, (char *)cp1, size); - if (n < 0 || (u_int)n >= dlen) - return (0); - size -= n; - cp += n; - n1 = dlen - n; - n = strlen((char *)cp1) + 1; - cp1 += n; - /* - * The first bit of the first octet determines the format - * of the NXT record. A format for types >= 128 has not - * yet been defined, so if bit zero is set, we just copy - * what's there because we don't understand it. - */ - if ((*cp & 0x80) == 0) { - /* - * Bit zero is not set; this is an ordinary NXT - * record. The bitmap must be at least 4 octets - * because the NXT bit should be set. It should be - * less than or equal to 16 octets because this NXT - * format is only defined for types < 128. - */ - if (n1 < 4 || n1 > 16) - return (0); - } - if (n1 > (int)size) - return (0); - memcpy(cp1, cp, n1); - cp1 += n1; - return (cp1 - cp1init); - default: - if (size < dlen) - return (0); - memcpy(cp1, cp, dlen); - return (dlen); - } -} - -/* - * Print out rdata portion of a resource record from a databuf into a file. - * - * XXX - similar code in db_dump() should be replaced by a call to this - * function. - */ -void -rdata_dump(struct databuf *dp, FILE *fp) { - u_int32_t n, addr; - u_char *cp, *end; - int i, j; - const char *proto; - u_char *savecp; - char temp_base64[NS_MD5RSA_MAX_BASE64]; - u_int16_t keyflags; - u_char *sigdata, *certdata; - - cp = (u_char *)dp->d_data; - switch (dp->d_type) { - case T_A: - switch (dp->d_class) { - case C_IN: - case C_HS: - GETLONG(n, cp); - n = htonl(n); - fputs(inet_ntoa(*(struct in_addr *)&n), fp); - break; - } - if (dp->d_nstime) - fprintf(fp, ";\tNT=%d", dp->d_nstime); - break; - case T_CNAME: - case T_MB: - case T_MG: - case T_MR: - case T_PTR: - fprintf(fp, "%s.", cp); - break; - case T_NS: - cp = (u_char *)dp->d_data; - if (cp[0] == '\0') - fprintf(fp, ".\t"); - else - fprintf(fp, "%s.", cp); - break; - case T_HINFO: - case T_ISDN: - if ((n = *cp++) != '\0') { - fprintf(fp, "\"%.*s\"", (int)n, cp); - cp += n; - } else - fprintf(fp, "\"\""); - if ((n = *cp++) != '\0') - fprintf(fp, " \"%.*s\"", (int)n, cp); - else - fprintf(fp, " \"\""); - break; - case T_SOA: - fprintf(fp, "%s.", cp); - cp += strlen((char *)cp) + 1; - fprintf(fp, " %s. ( ", cp); -#if defined(RETURNSOA) && defined(NCACHE) - if (dp->d_rcode == NXDOMAIN) - fputs(";", fp); -#endif - cp += strlen((char *)cp) + 1; - GETLONG(n, cp); - fprintf(fp, "%u", n); - GETLONG(n, cp); - fprintf(fp, " %u", n); - GETLONG(n, cp); - fprintf(fp, " %u", n); - GETLONG(n, cp); - fprintf(fp, " %u", n); - GETLONG(n, cp); - fprintf(fp, " %u )", n); -#if defined(RETURNSOA) && defined(NCACHE) - if (dp->d_rcode == NXDOMAIN) - fprintf(fp, ";%s.;NXDOMAIN;\t-$", cp); -#endif - break; - case T_MX: - case T_AFSDB: - case T_RT: - GETSHORT(n, cp); - fprintf(fp, "%u", n); - fprintf(fp, " %s.", cp); - break; - case T_SRV: - GETSHORT(n, cp); /* priority */ - fprintf(fp, "%u ", n); - GETSHORT(n, cp); /* weight */ - fprintf(fp, "%u ", n); - GETSHORT(n, cp); /* port */ - fprintf(fp, "%u ", n); - fprintf(fp, " %s.", cp); - break; - case T_PX: - GETSHORT(n, cp); - fprintf(fp, "%u", n); - fprintf(fp, " %s.", cp); - cp += strlen((char *)cp) + 1; - fprintf(fp, " %s.", cp); - break; - case T_TXT: - case T_X25: - end = (u_char *)dp->d_data + dp->d_size; - (void) putc('"', fp); - while (cp < end) { - if ((n = *cp++) != '\0') { - for (j = n; j > 0 && cp < end; j--) - if ((*cp < ' ') || (*cp > '~')) { - fprintf(fp, "\\%03d", *cp++); - } else if (*cp == '\\' || *cp =='"') { - putc('\\', fp); - putc(*cp++, fp); - } else - (void) putc(*cp++, fp); - } - if (cp != end) - fputs("\" \"", fp); - } - /* XXXVIX need to keep the segmentation (see 4.9.5). */ - (void) fputs("\"", fp); - break; - case T_NSAP: - (void) fputs(inet_nsap_ntoa(dp->d_size, dp->d_data, NULL), fp); - break; - case T_LOC: - (void) fputs(loc_ntoa(dp->d_data, NULL), fp); - break; - case T_WKS: - GETLONG(addr, cp); - addr = htonl(addr); - fputs(inet_ntoa(*(struct in_addr *)&addr), fp); - proto = protocolname((u_char)*cp); - cp += sizeof(char); - fprintf(fp, "%s ", proto); - i = 0; - while(cp < (u_char *)dp->d_data + dp->d_size) { - j = *cp++; - do { - if (j & 0200) - fprintf(fp, " %s", - servicename(i, proto)); - j <<= 1; - } while (++i & 07); - } - break; - case T_MINFO: - case T_RP: - fprintf(fp, "%s.", cp); - cp += strlen((char *)cp) + 1; - fprintf(fp, " %s.", cp); - break; - case T_KEY: - savecp = cp; /* save the beginning */ - /*>>> Flags (unsigned_16) */ - NS_GET16(keyflags,cp); - fprintf(fp, "0x%04x ", keyflags); - /*>>> Protocol (8-bit decimal) */ - fprintf(fp, "%3u ", *cp++); - /*>>> Algorithm id (8-bit decimal) */ - fprintf(fp, "%3u ", *cp++); - - /*>>> Public-Key Data (multidigit BASE64) */ - /* containing ExponentLen, Exponent, and Modulus */ - i = b64_ntop(cp, dp->d_size - (cp - savecp), - temp_base64, sizeof temp_base64); - if (i < 0) - fprintf(fp, "; BAD BASE64"); - else - fprintf(fp, "%s", temp_base64); - break; - case T_SIG: - sigdata = cp; - /* RRtype (char *) */ - NS_GET16(n,cp); - fprintf(fp, "%s ", p_type(n)); - /* Algorithm id (8-bit decimal) */ - fprintf(fp, "%d ", *cp++); - /* Labels (8-bit decimal) (not saved in file) */ - /* XXXX FIXME -- check value and print err if bad */ - cp++; - /* OTTL (u_long) */ - NS_GET32(n, cp); - fprintf(fp, "%u ", n); - /* Texp (u_long) */ - NS_GET32(n, cp); - fprintf(fp, "%s ", p_secstodate (n)); - /* Tsig (u_long) */ - NS_GET32(n, cp); - fprintf(fp, "%s ", p_secstodate (n)); - /* Kfootprint (unsigned_16) */ - NS_GET16(n, cp); - fprintf(fp, "%u ", n); - /* Signer's Name (char *) */ - fprintf(fp, "%s ", cp); - cp += strlen((char *)cp) + 1; - /* Signature (base64 of any length) */ - i = b64_ntop(cp, dp->d_size - (cp - sigdata), - temp_base64, sizeof temp_base64); - if (i < 0) - fprintf(fp, "; BAD BASE64"); - else - fprintf(fp, "%s", temp_base64); - break; - - case T_NXT: - fprintf(fp, "%s.", cp); - n = strlen ((char *)cp) + 1; - cp += n; - i = 8 * (dp->d_size - n); /* How many bits? */ - for (n = 0; n < (u_int32_t)i; n++) { - if (NS_NXT_BIT_ISSET(n, cp)) - fprintf(fp," %s",__p_type(n)); - } - break; - case ns_t_cert: - certdata = cp; - NS_GET16(n,cp); - fprintf(fp, "%d ", n); /* cert type */ - - NS_GET16(n,cp); - fprintf(fp, "%d %d ", n, *cp++); /* tag & alg */ - - /* Certificate (base64 of any length) */ - i = b64_ntop(cp, dp->d_size - (cp - certdata), - temp_base64, sizeof(temp_base64)); - if (i < 0) - fprintf(fp, "; BAD BASE64"); - else - fprintf(fp, "%s", temp_base64); - break; - case ns_t_aaaa: { - char t[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; - - (void) fputs(inet_ntop(AF_INET6, dp->d_data, t, sizeof t), fp); - break; - } - default: - fprintf(fp, "\\# %u", dp->d_size); - if (dp->d_size) { - fputs(" ( ", fp); - isc_puthexstring(fp, dp->d_data, dp->d_size, - 28, 48, "\n\t\t\t\t"); - fputs(" )", fp); - } - } -} - -/* - * Return the number of authoritative zones that "dname" could belong to by - * stripping up to "depth" labels from dname. Up to the first "maxzones" - * authoritative zone numbers will be stored in "zonelist", ordered - * deepest match first. - */ -int -findzone(const char *dname, int class, int depth, int *zonelist, int maxzones){ - char *tmpdname; - char tmpdnamebuf[MAXDNAME]; - char *zonename; - int tmpdnamelen, zonenamelen, zonenum, i, j, c; - int matches = 0; - int escaped, found, done; - - ns_debug(ns_log_update, 4, "findzone(dname=%s, class=%d, depth=%d, \ -zonelist=%p, maxzones=%d)", - dname, class, depth, zonelist, maxzones); -#ifdef DEBUG - if (debug >= 5) { - ns_debug(ns_log_update, 5, "zone dump:"); - for (zonenum = 1; zonenum < nzones; zonenum++) - printzoneinfo(zonenum, ns_log_update, 5); - } -#endif - - strcpy(tmpdnamebuf, dname); - tmpdname = tmpdnamebuf; - /* - * The code to handle trailing dots and escapes is adapted - * from ns_samedomain(). - */ - tmpdnamelen = strlen(tmpdname); - /* - * Ignore a trailing label separator (i.e. an unescaped dot) - * in 'tmpdname'. - */ - if (tmpdnamelen && tmpdname[tmpdnamelen-1] == '.') { - escaped = 0; - /* note this loop doesn't get executed if tmpdnamelen==1 */ - for (j = tmpdnamelen - 2; j >= 0; j--) - if (tmpdname[j] == '\\') { - if (escaped) - escaped = 0; - else - escaped = 1; - } else { - break; - } - if (!escaped) { - tmpdnamelen--; - tmpdname[tmpdnamelen] = '\0'; - } - } - - for (done = i = 0; i <= depth && !done; i++) { - for (zonenum = 1; zonenum < nzones; zonenum++) { - if (zones[zonenum].z_type == z_nil) - continue; - if (zones[zonenum].z_class != class) - continue; - zonename = zones[zonenum].z_origin; - zonenamelen = strlen(zonename); - /* - * Ignore a trailing label separator - * (i.e. an unescaped dot) in 'zonename'. - */ - if (zonenamelen && zonename[zonenamelen-1] == '.') { - escaped = 0; - for (j = zonenamelen - 2; j >= 0; j--) - if (zonename[j] == '\\') { - if (escaped) - escaped = 0; - else - escaped = 1; - } else { - break; - } - if (!escaped) - zonenamelen--; - } - - if (tmpdnamelen != zonenamelen) - continue; - ns_debug(ns_log_update, 5, - "about to strncasecmp('%s', '%s', %d)", - tmpdname, zonename, tmpdnamelen); - /* XXXRTH I'm doing a special test for zonenamelen == 0 - because I worry that some implementations of - strncasecmp might not handle comparisions where - n==0 correctly */ - if (zonenamelen == 0 || - !strncasecmp(tmpdname, zonename, tmpdnamelen)) { - ns_debug(ns_log_update, 5, "match"); - zonelist[matches++] = zonenum; - if (matches == maxzones) { - /* XXX should signal error */ - return (matches); - } - } - } - - /* - * Strip off the first label if we're not already at - * the root label. - */ - if (*tmpdname != '\0') { - for (escaped = found = 0; - (c = *tmpdname) && !found; - tmpdname++) { - if (!escaped && (c == '.')) - /* - * Note the loop increment will - * make tmpdname point past the '.' - * before the '!found' test causes - * us to exit the loop. - */ - found = 1; - - if (escaped) - escaped = 0; - else if (c == '\\') - escaped = 1; - } - } else - done = 1; - - tmpdnamelen = strlen(tmpdname); - } - ns_debug(ns_log_update, 4, - "findzone: returning %d match(es)", matches); - return (matches); -} - -/* - * reapply lost updates from log file for the zone to the zone - * - * returns -1 on error, 0 on success, 1 if dump reload needed - */ -int -merge_logs(struct zoneinfo *zp, char *logname) { - char origin[MAXDNAME], data[MAXDATA], dnbuf[MAXDNAME], sclass[3]; - char buf[BUFSIZ]; - FILE *fp; - u_int32_t serial, ttl, old_serial, new_serial; - char *dname, *cp, *cp1; - int type, class; - int i, c, section, opcode, matches, zonenum = 0, err, multiline; - int nonempty_lineno = -1, prev_pktdone = 0, cont = 0, inside_next = 0; - int id, rcode = NOERROR; - u_int32_t n; - struct map *mp; - ns_updrec *rrecp; - struct databuf *dp; - struct in_addr ina; - int zonelist[MAXDNAME]; - struct stat st; - struct sockaddr_in empty_from; - int datasize; - unsigned long l; - ns_updque curupd; - unsigned long lutmp; - - empty_from.sin_family = AF_INET; - empty_from.sin_addr.s_addr = htonl(INADDR_ANY); - empty_from.sin_port = htons(0); - - /* XXX - much of this stuff is similar to that in nsupdate.c - * getword_str() was used in nsupdate.c for reasons described there - * getword() is used here just to be consistent with db_load() - */ - - ns_debug(ns_log_update, 3, "merge_logs(%s)", logname); - - /* If there is no log file, just return. */ - if (stat(logname, &st) < 0) { - if (errno != ENOENT) - ns_error(ns_log_update, - "unexpected stat(%s) failure: %s", - logname, strerror(errno)); - return (-1); - } - fp = fopen(logname, "r"); - if (fp == NULL) { - ns_error(ns_log_update, "fopen(%s) failed: %s", - logname, strerror(errno)); - return (-1); - } - - /* - * See if we really have a log file -- it might be a zone dump - * that was in the process of being isc_movefiled, or it might - * be garbage! - */ - - if (fgets(buf, sizeof(buf), fp)==NULL) { - ns_error(ns_log_update, "fgets() from %s failed: %s", - logname, strerror(errno)); - fclose(fp); - return (-1); - } - if (strcmp(buf, DumpSignature) == 0) { - /* It's a dump; finish isc_movefile that was interrupted. */ - ns_info(ns_log_update, - "completing interrupted dump isc_movefile for %s", - zp->z_source); - fclose(fp); - if (isc_movefile(logname, zp->z_source) < 0) { - ns_error(ns_log_update, - "isc_movefile(%s,%s) failed: %s :1", - logname, zp->z_source, - strerror(errno)); - return (-1); - } - /* Finally, tell caller to reload zone. */ - return (1); - } - if (strcmp(buf, LogSignature) != 0) { - /* Not a dump and not a log; complain and then bail out. */ - ns_error(ns_log_update, "invalid log file %s", - logname); - fclose(fp); - return (-1); - } - - ns_debug(ns_log_update, 3, "merging logs for %s from %s", - zp->z_origin, logname); - lineno = 1; - INIT_LIST(curupd); - for (;;) { - err = 0; - dname = NULL; - if (!getword(buf, sizeof buf, fp, 0)) { - if (lineno == (nonempty_lineno + 1) && !(feof(fp))) { - /* - * End of a nonempty line inside an update - * packet or not inside an update packet. - */ - continue; - } - /* - * Empty line or EOF. - * - * Marks completion of current update packet. - */ - inside_next = 0; - prev_pktdone = 1; - cont = 1; - } else { - nonempty_lineno = lineno; - } - - if (!strcasecmp(buf, "[DYNAMIC_UPDATE]") || - !strcasecmp(buf, "[IXFR_UPDATE]")) { - err = 0; - rcode = NOERROR; - cp = fgets(buf, sizeof buf, fp); - if (cp != NULL) - lineno++; - if (cp == NULL || !sscanf((char *)cp, "id %d", &id)) - id = -1; - inside_next = 1; - prev_pktdone = 1; - cont = 1; - } else if (!strcasecmp(buf, "[INCR_SERIAL]")) { - /* XXXRTH not enough error checking here */ - cp = fgets(buf, sizeof buf, fp); - if (cp != NULL) - lineno++; - if (cp == NULL || - !sscanf((char *)cp, "from %u to %u", - &old_serial, &new_serial)) { - ns_error(ns_log_update, - "incr_serial problem with %s", - logname); - } else { - serial = get_serial(zp); - if (serial != old_serial) { - ns_error(ns_log_update, - "serial number mismatch (log=%u, zone=%u) in %s", old_serial, - serial, logname); - } else { - set_serial(zp, new_serial); - /* - * The zone has changed; make sure - * a dump is scheduled. - */ - (void)schedule_dump(zp); - sched_zone_maint(zp); - ns_info(ns_log_update, - "set serial to %u (log file %s)", - new_serial, logname); - } - } - prev_pktdone = 1; - cont = 1; - } else if (!strcasecmp(buf, "[END_DELTA]")) { - prev_pktdone = 1; - cont = 1; - } - if (prev_pktdone) { - if (!EMPTY(curupd)) { - n = process_updates(&curupd, &rcode, - empty_from); - free_rrecp(&curupd, rcode, empty_from); - if (n > 0) - ns_info(ns_log_update, - "successfully merged update id %d from log file %s", - id, logname); - else { - ns_error(ns_log_update, - "error merging update id %d from log file %s", - id, logname); - fclose(fp); - return(-1); - } - } - prev_pktdone = 0; - if (feof(fp)) - break; - } - if (cont) { - cont = 0; - continue; - } - if (!inside_next) - continue; - /* - * inside the same update packet, - * continue accumulating records. - */ - section = -1; - n = strlen(buf); - if (buf[n-1] == ':') - buf[--n] = '\0'; - for (mp = m_section; mp < m_section+M_SECTION_CNT; mp++) - if (!strcasecmp(buf, mp->token)) { - section = mp->val; - break; - } - ttl = 0; - type = -1; - class = zp->z_class; - n = 0; - data[0] = '\0'; - switch (section) { - case S_ZONE: - cp = fgets(buf, sizeof buf, fp); - if (!cp) - *buf = '\0'; - n = sscanf(cp, "origin %s class %s serial %lu", - origin, sclass, &lutmp); - serial = lutmp; - if (n != 3 || ns_samename(origin, zp->z_origin) != 1) - err++; - if (cp) - lineno++; - if (!err && serial != zp->z_serial) { - ns_error(ns_log_update, - "serial number mismatch in update id %d (log=%u, zone=%u) in %s", - id, serial, zp->z_serial, - logname); - inside_next = 0; - err++; - } - if (!err && inside_next) { - int success; - - dname = origin; - type = T_SOA; - class = res_nametoclass(sclass, &success); - if (!success) { - err++; - break; - } - matches = findzone(dname, class, 0, - zonelist, MAXDNAME); - if (matches) - zonenum = zonelist[0]; - else - err++; - } - break; - case S_PREREQ: - case S_UPDATE: - /* Operation code. */ - if (!getword(buf, sizeof buf, fp, 0)) { - err++; - break; - } - opcode = -1; - if (buf[0] == '{') { - n = strlen(buf); - for (i = 0; (u_int32_t)i < n; i++) - buf[i] = buf[i+1]; - if (buf[n-2] == '}') - buf[n-2] = '\0'; - } - for (mp = m_opcode; mp < m_opcode+M_OPCODE_CNT; mp++) - if (!strcasecmp(buf, mp->token)) { - opcode = mp->val; - break; - } - if (opcode == -1) { - err++; - break; - } - /* Owner's domain name. */ - if (!getword((char *)dnbuf, sizeof dnbuf, fp, 1)) { - err++; - break; - } - n = strlen((char *)dnbuf) - 1; - if (dnbuf[n] == '.') - dnbuf[n] = '\0'; - dname = dnbuf; - ttl = 0; - type = -1; - class = zp->z_class; - n = 0; - data[0] = '\0'; - (void) getword(buf, sizeof buf, fp, 1); - if (isdigit(buf[0])) { /* ttl */ - if (ns_parse_ttl(buf, &l) < 0) { - err++; - break; - } - ttl = l; - (void) getword(buf, sizeof buf, fp, 1); - } - - /* possibly class */ - if (buf[0] != '\0') { - int success; - int maybe_class; - - maybe_class = res_nametoclass(buf, &success); - if (success) { - class = maybe_class; - (void) getword(buf, - sizeof buf, - fp, 1); - } - } - /* possibly type */ - if (buf[0] != '\0') { - int success; - int maybe_type; - - maybe_type = res_nametotype(buf, &success); - - if (success) { - type = maybe_type; - (void) getword(buf, - sizeof buf, - fp, 1); - } - } - if (buf[0] != '\0') /* possibly rdata */ - /* - * Convert the ascii data 'buf' to the proper - * format based on the type and pack into - * 'data'. - * - * XXX - same as in db_load(), - * consolidation needed - */ - switch (type) { - case T_A: - if (!inet_aton(buf, &ina)) { - err++; - break; - } - n = ntohl(ina.s_addr); - cp = data; - PUTLONG(n, cp); - n = INT32SZ; - break; - case T_HINFO: - case T_ISDN: - n = strlen(buf); - data[0] = n; - memcpy(data+1, buf, n); - n++; - if (!getword(buf, sizeof buf, - fp, 0)) { - i = 0; - } else { - endline(fp); - i = strlen(buf); - } - data[n] = i; - memcpy(data+n+1, buf, i); - break; - case T_SOA: - case T_MINFO: - case T_RP: - (void) strcpy(data, buf); - cp = data + strlen(data) -1; - *(cp++) = 0; /* ditch dot */ - if (!getword((char *)cp, - sizeof data - (cp - data), - fp, 1)) { - err++; - break; - } - cp += strlen((char *)cp) -1; - *(cp++) = 0; /* ditch dot */ - if (type != T_SOA) { - n = cp - data; - break; - } - else - n = cp - data; - if (class != zp->z_class || - ns_samename(dname, zp->z_origin) != 1) { - err++; - break; - } - c = getnonblank(fp, logname, 1); - if (c == '(') { - multiline = 1; - } else { - multiline = 0; - ungetc(c, fp); - } - n = getnum(fp, logname, GETNUM_SERIAL, - &multiline); - if (getnum_error) { - err++; - break; - } - PUTLONG(n, cp); - for (i = 0; i < 4; i++) { - if (getttl(fp, logname, lineno, - &n, &multiline) <= 0) - { - err++; - break; - } - PUTLONG(n, cp); - } - if (multiline) { - c = getnonblank(fp, logname, 1); - if (c != ')') { - ungetc(c, fp); - err++; - break; - } - } - n = cp - data; - endline(fp); - break; - case T_WKS: - if (!inet_aton(buf, &ina)) { - err++; - break; - } - n = ntohl(ina.s_addr); - cp = data; - PUTLONG(n, cp); - *cp = (char)getprotocol(fp, - logname - ); - n = INT32SZ + sizeof(char); - n = getservices((int)n, data, - fp, logname); - break; - case T_NS: - case T_CNAME: - case T_MB: - case T_MG: - case T_MR: - case T_PTR: - (void) strcpy(data, buf); - if (makename(data, origin, - sizeof(data)) == -1) { - err++; - break; - } - n = strlen(data) + 1; - break; - case T_MX: - case T_AFSDB: - case T_RT: - n = 0; - cp = buf; - while (isdigit(*cp)) - n = n * 10 + (*cp++ - '0'); - /* catch bad values */ - cp = data; - PUTSHORT((u_int16_t)n, cp); - if (!getword(buf, sizeof(buf), - fp, 1)) { - err++; - break; - } - (void) strcpy((char *)cp, buf); - if (makename((char *)cp, origin, - sizeof(data) - (cp-data)) - == -1) { - err++; - break; - } - /* advance pointer to end of data */ - cp += strlen((char *)cp) +1; - /* now save length */ - n = (cp - data); - break; - case T_PX: - n = 0; - data[0] = '\0'; - cp = buf; - while (isdigit(*cp)) - n = n * 10 + (*cp++ - '0'); - cp = data; - PUTSHORT((u_int16_t)n, cp); - for (i = 0; i < 2; i++) { - if (!getword(buf, - sizeof(buf), - fp, 0)) { - err++; - break; - } - (void) strcpy((char *)cp, - buf); - cp += strlen((char *)cp) + 1; - } - n = cp - data; - break; - case T_TXT: - case T_X25: - i = strlen(buf); - cp = data; - datasize = sizeof data; - cp1 = buf; - while (i > MAXCHARSTRING) { - if (datasize <= MAXCHARSTRING){ - ns_error(ns_log_update, - "record too big"); - fclose(fp); - return (-1); - } - datasize -= MAXCHARSTRING; - *cp++ = (char)MAXCHARSTRING; - memcpy(cp, cp1, MAXCHARSTRING); - cp += MAXCHARSTRING; - cp1 += MAXCHARSTRING; - i -= MAXCHARSTRING; - } - if (datasize < i + 1) { - ns_error(ns_log_update, - "record too big"); - fclose(fp); - return (-1); - } - *cp++ = i; - memcpy(cp, cp1, i); - cp += i; - n = cp - data; - endline(fp); - /* XXXVIX: segmented texts 4.9.5 */ - break; - case T_NSAP: - n = inet_nsap_addr(buf, - (u_char *)data, - sizeof data); - endline(fp); - break; - case T_LOC: - cp = buf + (n = strlen(buf)); - *cp = ' '; - cp++; - while ((i = getc(fp), *cp = i, - i != EOF) - && *cp != '\n' - && (n < MAXDATA)) { - cp++; - n++; - } - if (*cp == '\n') - ungetc(*cp, fp); - *cp = '\0'; - n = loc_aton(buf, (u_char *)data); - if (n == 0) { - err++; - break; - } - endline(fp); - break; - case ns_t_sig: - case ns_t_key: - case ns_t_nxt: - case ns_t_cert: - { - const char * errmsg = NULL; - int s; - - s = parse_sec_rdata(buf, sizeof(buf), - 1, - (u_char *)data, - sizeof(data), - fp, zp, dnbuf, - ttl, type, - domain_ctx, - primary_trans, - &errmsg); - if (s < 0) { - err++; - break; - } - break; - } - default: - if (strcmp(buf, "\\#") != 0) { - err++; - break; - } - if (!getword(buf, sizeof buf, fp, 0) || - !isdigit((unsigned char)buf[0])) { - err++; - break; - } - errno = 0; - n = strtoul(buf, &cp, 10); - if (errno != 0 || n > 0xffff || - *cp != '\0') { - err++; - break; - } - multiline = 0; - i = isc_gethexstring((u_char *)data, - sizeof(data), - n, fp, &multiline); - if (i == -1) { - err++; - break; - } - if (multiline) { - c = getnonblank(fp, - zp->z_updatelog, - 1); - if (c != ')') { - ungetc(c, fp); - err++; - break; - } - multiline = 0; - } - endline(fp); - } - if (section == S_PREREQ) { - ttl = 0; - if (opcode == NXDOMAIN) { - class = C_NONE; - type = T_ANY; - n = 0; - } else if (opcode == YXDOMAIN) { - class = C_ANY; - type = T_ANY; - n = 0; - } else if (opcode == NXRRSET) { - class = C_NONE; - n = 0; - } else if (opcode == YXRRSET) { - if (n == 0) - class = C_ANY; - } - } else { /* section == S_UPDATE */ - if (opcode == DELETE) { - ttl = 0; - if (n == 0) { - class = C_ANY; - if (type == -1) - type = T_ANY; - /* WTF? C_NONE or C_ANY _must_ be the case if - * we really are to delete this. If - * C_NONE is used, according to process_updates(), - * the class is gotten from the zone's class. - * This still isn't perfect, but it will at least - * work. - * - * Question: What is so special about the class - * of the update while we are deleting?? - */ - } else /* if (zp->z_xferpid != XFER_ISIXFR) */ { - class = C_NONE; - } - } - } - break; - case S_ADDT: - default: - ns_debug(ns_log_update, 1, - "cannot interpret section: %d", section); - inside_next = 0; - err++; - } - if (err) { - ns_debug(ns_log_update, 1, - "merge of update id %d failed due to error at line %d", - id, lineno); - free_rrecp(&curupd, FORMERR, empty_from); - fclose(fp); - return(-1); - } - rrecp = res_mkupdrec(section, dname, class, type, ttl); - if (section != S_ZONE) { - dp = savedata(class, type, ttl, (u_char *)data, n); - dp->d_zone = zonenum; - dp->d_cred = DB_C_ZONE; - dp->d_clev = nlabels(zp->z_origin); - dp->d_secure = DB_S_INSECURE; /* should be UNCHECKED */ - rrecp->r_dp = dp; - } else { - rrecp->r_zone = zonenum; - } - APPEND(curupd, rrecp, r_link); - } /* for (;;) */ - INSIST(EMPTY(curupd)); - fclose(fp); - return (0); -} - - -/* - * Create a disk database to back up zones - */ -int -zonedump(struct zoneinfo *zp, int mode) { - FILE *fp; - const char *fname; - struct hashbuf *htp; - char *op; - struct stat st; - char tmp_name[MAXPATHLEN]; - int escaped; - char c; - - /* - * We must check to see if Z_NEED_SOAUPDATE is set, and if so - * we must do it. This won't be the case normally - * (when called from ns_maint()), but it is possible if we're - * exiting named. - */ - - if (zp->z_flags & Z_NEED_SOAUPDATE) { - u_int32_t serial, old_serial; - - old_serial = get_serial(zp); - serial = old_serial + 1; - if (serial == 0) - serial = 1; - set_serial(zp, serial); - } - - /* Only dump zone if there is a cache specified */ - if (zp->z_source && *(zp->z_source)) { - ns_debug(ns_log_update, 1, "zonedump(%s)", zp->z_source); - - if (strlen(zp->z_source)+strlen(DumpSuffix) >= MAXPATHLEN) { - ns_error(ns_log_update, - "filename %s too long in zonedump", - zp->z_source); - /* - * This problem won't ever get better, so we - * clear the "need dump" flag. - */ - zp->z_flags &= ~Z_NEED_DUMP; - return (-1); - } - (void)sprintf(tmp_name, "%s%s", zp->z_source, DumpSuffix); - if ((fp = write_open(tmp_name)) == NULL) { - ns_error(ns_log_update, "fopen() of %s failed: %s", - tmp_name, strerror(errno)); - return (-1); - } - fprintf(fp, "%s", DumpSignature); - op = zp->z_origin; - escaped = 0; - while (*op && (((c = *op++) != '.') || escaped)) - escaped = (c == '\\') && !escaped; - gettime(&tt); - htp = hashtab; - if (nlookup(zp->z_origin, &htp, &fname, 0) != NULL) { - if (db_dump(htp, fp, zp-zones, op) != OK) { - ns_error(ns_log_update, - "error dumping zone file %s", - zp->z_source); - (void)fclose(fp); - return (-1); - } - } - if (fflush(fp) == EOF) { - ns_error(ns_log_update, "fflush() of %s failed: %s", - tmp_name, strerror(errno)); - fclose(fp); - return (-1); - } - if (fsync(fileno(fp)) < 0) { - ns_error(ns_log_update, "fsync() of %s failed: %s", - tmp_name, strerror(errno)); - fclose(fp); - return (-1); - } - if (fclose(fp) == EOF) { - ns_error(ns_log_update, "fclose() of %s failed: %s", - tmp_name, strerror(errno)); - return (-1); - } - /* - * Try to make read only, so people will be less likely to - * edit dynamic domains. - */ - if (stat(tmp_name, &st) < 0) { - ns_error(ns_log_update, - "stat(%s) failed, pressing on: %s", - tmp_name, strerror(errno)); - } else { - zp->z_ftime = st.st_mtime; - st.st_mode &= ~WRITEABLE_MASK; - if (chmod(tmp_name, st.st_mode) < 0) - ns_error(ns_log_update, - "chmod(%s,%o) failed, pressing on: %s", - tmp_name, st.st_mode, - strerror(errno)); - } - - if (mode == ISIXFR) { - if (isc_movefile(tmp_name, zp->z_ixfr_tmp) < 0) { - ns_error(ns_log_update, - "isc_movefile(%s,%s) failed: %s :2", - tmp_name, zp->z_ixfr_tmp, - strerror(errno)); - return (-1); - } - if (chmod(zp->z_source, 0644) < 0) - ns_error(ns_log_update, - "chmod(%s,%o) failed, pressing on: %s", - zp->z_source, st.st_mode, - strerror(errno)); - if (isc_movefile(zp->z_ixfr_tmp, zp->z_source) < 0) { - ns_error(ns_log_update, - "isc_movefile(%s,%s) failed: %s :3", - zp->z_ixfr_tmp, zp->z_source, - strerror(errno)); - return (-1); - } - st.st_mode &= ~WRITEABLE_MASK; - if (chmod(zp->z_source, st.st_mode) < 0) - ns_error(ns_log_update, - "chmod(%s,%o) failed, pressing on: %s", - zp->z_source, st.st_mode, - strerror(errno)); - } else if (mode == ISNOTIXFR) { - if (isc_movefile(tmp_name, zp->z_updatelog) < 0) { - ns_error(ns_log_update, - "isc_movefile(%s,%s) failed: %s :4", - tmp_name, zp->z_updatelog, - strerror(errno)); - return (-1); - } - if (isc_movefile(zp->z_updatelog, zp->z_source) < 0) { - ns_error(ns_log_update, - "isc_movefile(%s,%s) failed: %s :5", - zp->z_updatelog, zp->z_source, - strerror(errno)); - return (-1); - } - } else { - if (isc_movefile(tmp_name, zp->z_source) < 0) { - ns_error(ns_log_update, - "isc_movefile(%s,%s) failed: %s :6", - tmp_name, zp->z_source, - strerror(errno)); - return (-1); - } - } - } else - ns_debug(ns_log_update, 1, "zonedump: no zone to dump"); - - zp->z_flags &= ~Z_NEED_DUMP; - zp->z_dumptime = 0; - return (0); -} - -struct databuf * -findzonesoa(struct zoneinfo *zp) { - struct hashbuf *htp; - struct namebuf *np; - struct databuf *dp; - const char *fname; - - htp = hashtab; - np = nlookup(zp->z_origin, &htp, &fname, 0); - if (np == NULL || fname != zp->z_origin) - return (NULL); - foreach_rr(dp, np, T_SOA, zp->z_class, zp - zones) - return (dp); - return (NULL); -} - -u_char * -findsoaserial(u_char *data) { - char *cp = (char *)data; - - cp += strlen(cp) + 1; /* Nameserver. */ - cp += strlen(cp) + 1; /* Mailbox. */ - return ((u_char *)cp); -} - -u_int32_t -get_serial_unchecked(struct zoneinfo *zp) { - struct databuf *dp; - u_char *cp; - u_int32_t ret; - - dp = findzonesoa(zp); - if (!dp) - ns_panic(ns_log_update, 1, - "get_serial_unchecked(%s): can't locate zone SOA", - zp->z_origin); - cp = findsoaserial(dp->d_data); - GETLONG(ret, cp); - return (ret); -} - -u_int32_t -get_serial(struct zoneinfo *zp) { - u_int32_t ret; - - ret = get_serial_unchecked(zp); - if (ret != zp->z_serial) - ns_panic(ns_log_update, 1, - "get_serial(%s): db and zone serial numbers differ", - zp->z_origin); - return (ret); -} - -void -set_serial(struct zoneinfo *zp, u_int32_t serial) { - struct databuf *dp; - u_char *cp; - - dp = findzonesoa(zp); - if (!dp) - ns_panic(ns_log_update, 1, - "set_serial(%s): can't locate zone SOA", - zp->z_origin); - cp = findsoaserial(dp->d_data); - PUTLONG(serial, cp); - zp->z_serial = serial; - zp->z_flags &= ~Z_NEED_SOAUPDATE; - zp->z_soaincrtime = 0; - zp->z_updatecnt = 0; -#ifdef BIND_NOTIFY - if (!loading) - ns_notify(zp->z_origin, zp->z_class, ns_t_soa); -#endif - /* - * Note: caller is responsible for scheduling a dump. - */ -} - -/* - * Increment serial number in zoneinfo structure and hash table SOA databuf - */ - -int -incr_serial(struct zoneinfo *zp) { - u_int32_t serial, old_serial; - FILE *fp, *ifp; - time_t t; - struct databuf *dp, *olddp; - unsigned char *cp; - - old_serial = get_serial(zp); - serial = old_serial + 1; - if (serial == 0) - serial = 1; - set_serial(zp, serial); - - (void) gettime(&tt); - t = (time_t)tt.tv_sec; - fp = open_transaction_log(zp); - if (fp == NULL) - return (-1); - fprintf(fp, "[INCR_SERIAL] from %u to %u %s\n", - old_serial, serial, checked_ctime(&t)); - if (close_transaction_log(zp, fp)<0) - return (-1); - if (zp->z_maintain_ixfr_base) { - ifp = open_ixfr_log(zp); - if (ifp == NULL) - return (-1); - dp = findzonesoa(zp); - if (dp) { - olddp = memget(BIND_DATASIZE(dp->d_size)); - if (olddp != NULL) { - memcpy(olddp, dp, BIND_DATASIZE(dp->d_size)); - cp = findsoaserial(olddp->d_data); - PUTLONG(old_serial, cp); - fprintf(ifp, "update: {delete} %s. %u %s %s ", - zp->z_origin, dp->d_ttl, - p_class(dp->d_class), - p_type(dp->d_type)); - (void) rdata_dump(olddp, ifp); - fprintf(ifp, "\n"); - memput(olddp, BIND_DATASIZE(dp->d_size)); - } - fprintf(ifp, "update: {add} %s. %u %s %s ", - zp->z_origin, dp->d_ttl, - p_class(dp->d_class), p_type(dp->d_type)); - (void) rdata_dump(dp, ifp); - fprintf(ifp, "\n"); - } - fprintf(ifp, "[END_DELTA]\n"); - if (close_ixfr_log(zp, ifp) < 0) - return (-1); - } - - /* - * This shouldn't happen, but we check to be sure. - */ - if (!(zp->z_flags & Z_NEED_DUMP)) { - ns_warning(ns_log_update, - "incr_serial: Z_NEED_DUMP not set for zone '%s'", - zp->z_origin); - (void)schedule_dump(zp); - } - - sched_zone_maint(zp); - - return (0); -} - -void -dynamic_about_to_exit(void) { - struct zoneinfo *zp; - - ns_debug(ns_log_update, 1, - "shutting down; dumping zones that need it"); - for (zp = zones; zp < &zones[nzones]; zp++) { - if ((zp->z_flags & Z_DYNAMIC) && - ((zp->z_flags & Z_NEED_SOAUPDATE) || - (zp->z_flags & Z_NEED_DUMP))) - (void)zonedump(zp, ISNOTIXFR); - } -} diff --git a/contrib/bind/bin/named/ns_xfr.c b/contrib/bind/bin/named/ns_xfr.c deleted file mode 100644 index 7b1c99b..0000000 --- a/contrib/bind/bin/named/ns_xfr.c +++ /dev/null @@ -1,871 +0,0 @@ -#if !defined(lint) && !defined(SABER) -static const char rcsid[] = "$Id: ns_xfr.c,v 8.69 2002/06/05 03:53:49 marka Exp $"; -#endif /* not lint */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include "port_before.h" - -#include <sys/param.h> -#include <sys/file.h> -#include <sys/socket.h> -#include <sys/un.h> - -#include <netinet/in.h> -#include <arpa/nameser.h> -#include <arpa/inet.h> - -#include <errno.h> -#include <fcntl.h> -#include <resolv.h> -#include <res_update.h> -#include <stdio.h> -#include <stdlib.h> -#include <string.h> -#include <syslog.h> -#include <time.h> -#include <unistd.h> - -#include <isc/eventlib.h> -#include <isc/logging.h> -#include <isc/memcluster.h> - -#include <isc/dst.h> - -#include "port_after.h" - -#include "named.h" - -static struct qs_x_lev *sx_freelev(struct qs_x_lev *lev); - -static int sx_flush(struct qstream *qsp), - sx_addrr(struct qstream *qsp, - const char *dname, - struct databuf *dp), - sx_nsrrs(struct qstream *qsp), - sx_allrrs(struct qstream *qsp), - sx_pushlev(struct qstream *qsp, struct namebuf *np); -static struct databuf *db_next(struct databuf *dp); - -/* - * void - * ns_xfr(qsp, znp, zone, class, type, opcode, id, serial_ixfr, in_tsig) - * Initiate a concurrent (event driven) outgoing zone transfer. - */ -void -ns_xfr(struct qstream *qsp, struct namebuf *znp, - int zone, int class, int type, - int opcode, int id, u_int32_t serial_ixfr, struct tsig_record *in_tsig) -{ - server_info si; -#ifdef SO_SNDBUF - static const int sndbuf = XFER_BUFSIZE * 2; -#endif -#ifdef SO_SNDLOWAT - static const int sndlowat = XFER_BUFSIZE; -#endif - ns_deltalist *changes; - - switch (type) { - case ns_t_ixfr: - ns_info(ns_log_xfer_out, - "zone transfer (%s) of \"%s\" (%s) to %s serial %u -> %u", - p_type(type), zones[zone].z_origin, p_class(class), - sin_ntoa(qsp->s_from), serial_ixfr, - zones[zone].z_serial); - break; - case ns_t_axfr: /*FALLTHROUGH*/ -#ifdef BIND_ZXFR - case ns_t_zxfr: -#endif - ns_info(ns_log_xfer_out, - "zone transfer (%s) of \"%s\" (%s) to %s serial %u", - p_type(type), zones[zone].z_origin, p_class(class), - sin_ntoa(qsp->s_from), zones[zone].z_serial); - break; - default: - ns_warning(ns_log_xfer_out, - "unsupported XFR (type %s) of \"%s\" (%s) to %s", - p_type(type), zones[zone].z_origin, p_class(class), - sin_ntoa(qsp->s_from)); - goto abort; - } - -#ifdef SO_SNDBUF - /* - * The default seems to be 4K, and we'd like it to have enough room - * to parallelize sending the pushed data with accumulating more - * write() data from us. - */ - (void) setsockopt(qsp->s_rfd, SOL_SOCKET, SO_SNDBUF, - (const char *)&sndbuf, sizeof sndbuf); -#endif -#ifdef SO_SNDLOWAT - /* - * We don't want select() to show writability 'til we can write - * an XFER_BUFSIZE block of data. - */ - (void) setsockopt(qsp->s_rfd, SOL_SOCKET, SO_SNDLOWAT, - (const char *)&sndlowat, sizeof sndlowat); -#endif - if (sq_openw(qsp, 64*1024) == -1) { - ns_error(ns_log_xfer_out, "ns_xfr: out of memory"); - goto abort; - } - memset(&qsp->xfr, 0, sizeof qsp->xfr); - qsp->xfr.top.axfr = znp; - qsp->xfr.zone = zone; - qsp->xfr.class = class; - if (qsp->flags & STREAM_AXFRIXFR) - type = ns_t_axfr; - qsp->xfr.type = type; - qsp->xfr.id = id; - qsp->xfr.opcode = opcode; - qsp->xfr.msg = memget(XFER_BUFSIZE); - if (!qsp->xfr.msg) { - ns_error(ns_log_xfer_out, "ns_xfr: out of memory"); - goto abort; - } - qsp->xfr.eom = qsp->xfr.msg + XFER_BUFSIZE; - qsp->xfr.cp = NULL; - qsp->xfr.state = s_x_firstsoa; - zones[zone].z_numxfrs++; - qsp->flags |= STREAM_AXFR; - -#ifdef BIND_ZXFR - if (type == ns_t_zxfr) { - enum { rd = 0, wr = 1 }; - int z[2]; - pid_t p; - - if (pipe(z) < 0) { - ns_error(ns_log_xfer_out, "pipe: %s", strerror(errno)); - goto abort; - } - p = vfork(); - if (p < 0) { - ns_error(ns_log_xfer_out, "vfork: %s", strerror(errno)); - goto abort; - } - if (p == 0) { - /* Child. */ - dup2(z[rd], STDIN_FILENO); - dup2(qsp->s_rfd, STDOUT_FILENO); - execlp("gzip", "gzip", NULL); - ns_error(ns_log_xfer_out, "execlp: %s", strerror(errno)); - _exit(1); - } - ns_info(ns_log_xfer_out, "zxfr gzip pid %lu", p); - /* Parent. */ - dup2(z[wr], qsp->s_rfd); - close(z[wr]); - close(z[rd]); - - /* When a ZXFR completes, there can be no more requests. */ - qsp->flags |= STREAM_DONE_CLOSE; - } -#endif - - si = find_server(qsp->s_from.sin_addr); - if (si != NULL && si->transfer_format != axfr_use_default) - qsp->xfr.transfer_format = si->transfer_format; - else - qsp->xfr.transfer_format = server_options->transfer_format; - if (in_tsig == NULL) { - qsp->xfr.tsig_state = NULL; - qsp->xfr.tsig_size = 0; - } else { - qsp->xfr.tsig_state = memget(sizeof(ns_tcp_tsig_state)); - ns_sign_tcp_init(in_tsig->key, in_tsig->sig, in_tsig->siglen, - qsp->xfr.tsig_state); - qsp->xfr.tsig_skip = 0; - qsp->xfr.tsig_size = in_tsig->tsig_size; - } - - if (type == ns_t_ixfr) { - changes = ixfr_get_change_list(&zones[zone], serial_ixfr, - zones[zone].z_serial); - ixfr_log_maint(&zones[zone]); - if (changes != NULL) { - qsp->xfr.serial = serial_ixfr; - qsp->xfr.top.ixfr = changes; - } - else { - qsp->xfr.top.ixfr = NULL; - goto abort; - } - } else { - if (sx_pushlev(qsp, znp) < 0) { - ns_error(ns_log_xfer_out, "ns_xfr: out of memory"); - abort: - (void) shutdown(qsp->s_rfd, 2); - sq_remove(qsp); - return; - } - } - if (type != ns_t_ixfr) { - ns_debug(ns_log_default, 3, "sq_writeh sx_sendsoa (%s)", - zones[zone].z_origin); - (void) sq_writeh(qsp, sx_sendsoa); - } else { - ns_debug(ns_log_default, 3, "sq_writeh sx_send_ixfr (%s)", - zones[zone].z_origin); - (void) sq_writeh(qsp, sx_send_ixfr); - } -} - -/* - * void - * ns_stopxfrs(zp) - * Stop (abort, reset) all transfers of the zone specified by 'zp'. - */ -void -ns_stopxfrs(struct zoneinfo *zp) { - struct qstream *this, *next; - u_int zone = (u_int)(zp - zones); - - ns_debug(ns_log_default, 3, "ns_stopxfrs (%s)", zp->z_origin); - - for (this = streamq; this; this = next) { - next = this->s_next; - if (this->xfr.zone == zone) { - (void) shutdown(this->s_rfd, 2); - sq_remove(this); - } - } - INSIST(zp->z_numxfrs == 0); -} - -/* - * void - * ns_freexfr(qsp) - * Free all xfr-related dynamic data associated with qsp. - */ -void -ns_freexfr(struct qstream *qsp) { - ns_delta *dp; - ns_updrec *rp; - - if (qsp->xfr.msg != NULL) { - memput(qsp->xfr.msg, XFER_BUFSIZE); - qsp->xfr.msg = NULL; - } - if (qsp->xfr.type == ns_t_ixfr && qsp->xfr.top.ixfr != NULL) { - while ((dp = HEAD(*qsp->xfr.top.ixfr)) != NULL) { - UNLINK(*qsp->xfr.top.ixfr, dp, d_link); - while ((rp = HEAD(dp->d_changes)) != NULL) { - UNLINK(dp->d_changes, rp, r_link); - if (rp->r_dp != NULL) - db_detach(&rp->r_dp); - res_freeupdrec(rp); - } - memput(dp, sizeof *dp); - } - memput(qsp->xfr.top.ixfr, sizeof *qsp->xfr.top.ixfr); - qsp->xfr.top.ixfr = NULL; - } - while (qsp->xfr.lev) - qsp->xfr.lev = sx_freelev(qsp->xfr.lev); - if (qsp->xfr.tsig_state != NULL) { - memput(qsp->xfr.tsig_state, sizeof(ns_tcp_tsig_state)); - qsp->xfr.tsig_state = NULL; - } - zones[qsp->xfr.zone].z_numxfrs--; - qsp->flags &= ~(STREAM_AXFR | STREAM_AXFRIXFR); -} - -/* - * u_char * - * sx_newmsg(msg) - * init the header of a message, reset the compression pointers, and - * reset the write pointer to the first byte following the header. - */ -void -sx_newmsg(struct qstream *qsp) { - HEADER *hp = (HEADER *)qsp->xfr.msg; - - memset(hp, 0, HFIXEDSZ); - hp->id = htons(qsp->xfr.id); - hp->opcode = qsp->xfr.opcode; - hp->qr = 1; - hp->rcode = NOERROR; - - qsp->xfr.ptrs[0] = qsp->xfr.msg; - qsp->xfr.ptrs[1] = NULL; - - qsp->xfr.cp = qsp->xfr.msg + HFIXEDSZ; - - qsp->xfr.eom = qsp->xfr.msg + XFER_BUFSIZE; - - if (qsp->xfr.tsig_state != NULL) - qsp->xfr.eom -= TSIG_BUF_SIZE; -} - -/* - * int - * sx_flush(qsp) - * flush the intermediate buffer out to the stream IO system. - * return: - * passed through from sq_write(). - */ -static int -sx_flush(struct qstream *qsp) { - int ret; - -#ifdef DEBUG - if (debug >= 10) - res_pquery(&res, qsp->xfr.msg, qsp->xfr.cp - qsp->xfr.msg, - log_get_stream(packet_channel)); -#endif - if (qsp->xfr.tsig_state != NULL && qsp->xfr.tsig_skip == 0) { - int msglen = qsp->xfr.cp - qsp->xfr.msg; - - ns_sign_tcp(qsp->xfr.msg, &msglen, qsp->xfr.eom - qsp->xfr.msg, - NOERROR, qsp->xfr.tsig_state, - qsp->xfr.state == s_x_done); - - if (qsp->xfr.state == s_x_done) { - memput(qsp->xfr.tsig_state, sizeof(ns_tcp_tsig_state)); - qsp->xfr.tsig_state = NULL; - } - qsp->xfr.cp = qsp->xfr.msg + msglen; - - } - ret = sq_write(qsp, qsp->xfr.msg, qsp->xfr.cp - qsp->xfr.msg); - if (ret >= 0) { - qsp->xfr.cp = NULL; - qsp->xfr.tsig_skip = 0; - } - else - qsp->xfr.tsig_skip = 1; - return (ret); -} - -/* - * int - * sx_addrr(qsp, name, dp) - * add name/dp's RR to the current assembly message. if it won't fit, - * write current message out, renew the message, and then RR *must* fit. - * return: - * -1 = the sx_flush() failed so we could not queue the full message. - * 0 = one way or another, everything is fine. - * side effects: - * on success, the ANCOUNT is incremented and the pointers are advanced. - */ -static int -sx_addrr(struct qstream *qsp, const char *dname, struct databuf *dp) { - HEADER *hp = (HEADER *)qsp->xfr.msg; - u_char **edp = qsp->xfr.ptrs + sizeof qsp->xfr.ptrs / sizeof(u_char*); - int n, type; - - if (qsp->xfr.cp != NULL) { - if (qsp->xfr.transfer_format == axfr_one_answer && - sx_flush(qsp) < 0) - return (-1); - } - if (qsp->xfr.cp == NULL) - sx_newmsg(qsp); - - /* - * Add question to first answer. - */ - if (qsp->xfr.state == s_x_firstsoa && dp->d_type == T_SOA) { - n = dn_comp(dname, qsp->xfr.cp, qsp->xfr.eom - qsp->xfr.cp, - qsp->xfr.ptrs, edp); - if (n > 0 && (qsp->xfr.cp + n + INT16SZ * 2) <= qsp->xfr.eom) { - qsp->xfr.cp += n; - if (qsp->xfr.type == ns_t_zxfr) - type = ns_t_axfr; - else if ((qsp->flags & STREAM_AXFRIXFR) != 0) - type = ns_t_ixfr; - else - type = qsp->xfr.type; - PUTSHORT((u_int16_t) type, qsp->xfr.cp); - PUTSHORT((u_int16_t) qsp->xfr.class, qsp->xfr.cp); - hp->qdcount = htons(ntohs(hp->qdcount) + 1); - } - } - - n = make_rr(dname, dp, qsp->xfr.cp, qsp->xfr.eom - qsp->xfr.cp - - qsp->xfr.tsig_size, 0, qsp->xfr.ptrs, edp, 0); - if (n < 0) { - if (sx_flush(qsp) < 0) - return (-1); - if (qsp->xfr.cp == NULL) - sx_newmsg(qsp); - n = make_rr(dname, dp, qsp->xfr.cp, qsp->xfr.eom - - qsp->xfr.cp - qsp->xfr.tsig_size, - 0, qsp->xfr.ptrs, edp, 0); - INSIST(n >= 0); - } - hp->ancount = htons(ntohs(hp->ancount) + 1); - qsp->xfr.cp += n; - return (0); -} - -/* - * int - * sx_soarr(qsp) - * add the SOA RR's at the current level's top np to the assembly message. - * return: - * 0 = success - * -1 = write buffer full, cannot continue at this time - * side effects: - * if progress was made, header and pointers will be advanced. - */ -static int -sx_soarr(struct qstream *qsp) { - struct databuf *dp; - int added_soa = 0; - - foreach_rr(dp, qsp->xfr.top.axfr, T_SOA, qsp->xfr.class, - qsp->xfr.zone) { - if (sx_addrr(qsp, zones[qsp->xfr.zone].z_origin, dp) < 0) { - /* RR wouldn't fit. Bail out. */ - return (-1); - } - added_soa = 1; - break; - } - if (added_soa == 0) - ns_panic(ns_log_xfer_out, 1, "no SOA at zone top"); - if (qsp->xfr.state == s_x_firstsoa) { - foreach_rr(dp, qsp->xfr.top.axfr, T_SIG, qsp->xfr.class, - qsp->xfr.zone) - { - if (SIG_COVERS(dp) != T_SOA) - continue; - if (sx_addrr(qsp, zones[qsp->xfr.zone].z_origin, dp) < - 0) - { - /* RR wouldn't fit. Bail out. */ - return (-1); - } - } - } - return (0); -} - -/* - * int - * sx_nsrrs(qsp) - * add the NS RR's at the current level's current np to the assembly msg. - * This function also adds the SIG(NS), KEY, SIG(KEY), NXT, SIG(NXT), - * since these records are also part of the delegation (see DNSSEC). - * return: - * >1 = number of NS RRs added, note that there may be more - * 0 = success, there are no more NS RRs at this level - * -1 = write buffer full, cannot continue at this time - * side effects: - * if progress was made, header and pointers will be advanced. - * note: - * this is meant for AXFR, which includes glue as part of the answer - * sections. this is different from and incompatible with the additional - * data of a referral response. - */ -static int -sx_nsrrs(struct qstream *qsp) { - struct databuf *dp, *tdp, *gdp; - struct namebuf *gnp, *tnp, *top; - struct hashbuf *htp; - const char *fname; - int class; - - class = qsp->xfr.class; - top = qsp->xfr.top.axfr; - for ((void)NULL; - (dp = qsp->xfr.lev->dp) != NULL; - qsp->xfr.lev->dp = db_next(dp)) { - if (dp->d_class != class && class != C_ANY) - continue; - if (dp->d_rcode) - continue; - /* - * It might not be in the same zone, if we are authoritative - * for both parent and child, but it does have to be a zone. - * - * XXX: this is sort of a bug, since it means we merge the - * @ NS RRset into our parent's zone. But that is what - * db_load() does, so for now we have no choice. - */ - if (dp->d_zone == DB_Z_CACHE) - continue; - - if (dp->d_type != T_NS && dp->d_type != T_KEY && - dp->d_type != T_NXT && dp->d_type != T_SIG) - continue; - if (dp->d_type == T_SIG && ((SIG_COVERS(dp) != T_NS) && - (SIG_COVERS(dp) != T_KEY) && (SIG_COVERS(dp) != T_NXT))) - continue; - if (!(qsp->xfr.lev->flags & SXL_GLUING)) { - if (sx_addrr(qsp, qsp->xfr.lev->dname, dp) < 0) { - /* RR wouldn't fit. Bail out. */ - return (-1); - } - if (dp->d_type != T_NS) /* no glue processing */ - continue; - /* Remember we have found a zone cut */ - if (qsp->xfr.top.axfr != qsp->xfr.lev->np) - qsp->xfr.lev->flags |= SXL_ZONECUT; - } - - /* - * Glue the sub domains together by sending the address - * records for the sub domain name servers along if necessary. - * Glue is necessary if the server is in any zone delegated - * from the current (top) zone. Such a delegated zone might - * or might not be that referred to by the NS record now - * being handled. - */ - htp = hashtab; - gnp = nlookup((char *)dp->d_data, &htp, &fname, 0); - if (gnp == NULL || fname != (char *)dp->d_data) - continue; - for (tnp = gnp; - tnp != NULL && tnp != top; - tnp = tnp->n_parent) - (void)NULL; - if (tnp == NULL && NAME(*top)[0] != '\0') - continue; /* name server is not below top domain */ - for (tnp = gnp; - tnp != NULL && tnp != top; - tnp = tnp->n_parent) { - foreach_rr(tdp, tnp, T_NS, class, DB_Z_CACHE) - break; - /* If we found a zone cut, we're outta here. */ - if (tdp != NULL) - break; - } - /* If name server is not in a delegated zone, skip it. */ - if (tnp == top || (tnp == NULL && NAME(*top)[0] == '\0')) - continue; - /* Now we know glue records are needed. Send them. */ - qsp->xfr.lev->flags |= SXL_GLUING; - foreach_rr(gdp, gnp, T_A, class, DB_Z_CACHE) - if (sx_addrr(qsp, fname, gdp) < 0) { - /* - * Rats. We already sent the NS RR, too. - * Note that SXL_GLUING is being left on. - */ - return (-1); - } - /* for IPv6 glue AAAA record transfer */ - /* patched by yasuhiro@nic.ad.jp, 1999/5/23 */ - foreach_rr(gdp, gnp, T_AAAA, class, DB_Z_CACHE) - if (sx_addrr(qsp, fname, gdp) < 0) { - /* - * Rats. We already sent the NS RR, too. - * Note that SXL_GLUING is being left on. - */ - return (-1); - } - foreach_rr(gdp, gnp, ns_t_a6, class, DB_Z_CACHE) - if (sx_addrr(qsp, fname, gdp) < 0) { - /* - * Rats. We already sent the NS RR, too. - * Note that SXL_GLUING is being left on. - */ - return (-1); - } - qsp->xfr.lev->flags &= ~SXL_GLUING; - } - return (0); -} - -/* - * int - * sx_allrrs(qsp) - * add the non-(SOA,NS) RR's at the current level's current np, - * to the assembly message - * do not add the DNSSEC types KEY and NXT as the delegation check - * wrote these types out. - * return: - * >0 = number of RR's added, note that there may be more - * 0 = success, there are no more RRs at this level - * -1 = write buffer full, cannot continue at this time - * side effects: - * if progress was made, header and pointers will be advanced. - * note: - * this is meant for AXFR, which includes glue as part of the answer - * sections. this is different from and incompatible with the additional - * data of a referral response. - */ -static int -sx_allrrs(struct qstream *qsp) { - struct databuf *dp; - struct namebuf *top; - int rrcount, class; - u_int zone; - - class = qsp->xfr.class; - top = qsp->xfr.top.axfr; - zone = qsp->xfr.zone; - rrcount = 0; - for ((void)NULL; - (dp = qsp->xfr.lev->dp) != NULL; - qsp->xfr.lev->dp = db_next(dp)) { - if (dp->d_class != class && class != C_ANY) - continue; - if (dp->d_rcode) - continue; - if (dp->d_zone != zone || stale(dp)) - continue; - if (dp->d_type == T_SOA || dp->d_type == T_NS || - dp->d_type == T_NXT || dp->d_type == T_KEY) - continue; - if (dp->d_type == T_SIG && - (SIG_COVERS(dp) == T_SOA || SIG_COVERS(dp) == T_NS || - SIG_COVERS(dp) == T_KEY || SIG_COVERS(dp) == T_NXT)) - continue; - INSIST(!(qsp->xfr.lev->flags & SXL_GLUING)); - - if (sx_addrr(qsp, qsp->xfr.lev->dname, dp) < 0) { - /* RR wouldn't fit. Bail out. */ - return (-1); - } - rrcount++; - } - return (rrcount); -} - -/* - * void - * sx_sendlev(qsp) - * send all the RRs at the current level (really a domain name), and - * do a decomposed recursion to get all subdomains up to and including - * but not exceeding bottom zone cuts. - * side effects: - * advances qsp->xfr pointers. changes qsp->xfr.lev quite often. - * causes messages to be sent to a remote TCP client. changes the - * qsp->xfr.state at the end of the topmost level. changes the - * qsp->xfr.lev->state several times per domain name. - */ -void -sx_sendlev(struct qstream *qsp) { - struct qs_x_lev *lev; - - again: - lev = qsp->xfr.lev; - switch (lev->state) { - case sxl_ns: { - while (lev->dp) { - /* Was the child zone reloaded under us? */ - if ((lev->dp->d_flags & DB_F_ACTIVE) == 0) { - (void) shutdown(qsp->s_rfd, 2); - sq_remove(qsp); - return; - } - /* If we can't pack this one in, come back later. */ - if (sx_nsrrs(qsp) < 0) - return; - } - /* No more DP's for the NS RR pass on this NP. */ - if (lev->flags & SXL_ZONECUT) { - /* Zone cut, so go directly to end of level. */ - break; - } - /* No NS RR's, so it's safe to send other types. */ - lev->state = sxl_all; - lev->dp = lev->np->n_data; - if (lev->dp) - DRCNTINC(lev->dp); - goto again; - } - case sxl_all: { - while (lev->dp) { - /* Was a record updated under us? */ - if ((lev->dp->d_flags & DB_F_ACTIVE) == 0) { - (void) shutdown(qsp->s_rfd, 2); - sq_remove(qsp); - return; - } - /* If we can't pack this one in, come back later. */ - if (sx_allrrs(qsp) < 0) - return; - } - /* No more non-NS DP's for this NP, do subdomains. */ - lev->state = sxl_sub; - goto again; - } - case sxl_sub: { - struct namebuf *np; - - /* Get next in-use hash chain if we're not following one. */ - while (lev->nnp == NULL) { - /* If no, or no more subdomains, end of level. */ - if (lev->npp == NULL || lev->npp == lev->npe) - break; - lev->nnp = *lev->npp++; - } - /* If we encountered the end of the level, we're outta here. */ - if ((np = lev->nnp) == NULL) - break; - /* Next time, we'll do the following NP, or the next chain. */ - lev->nnp = np->n_next; - /* Skip our own NP if it appears as a subdom (as in root). */ - if (np != lev->np) - sx_pushlev(qsp, np); - goto again; - } - default: - abort(); - } - - /* End of level. Pop it off the stack. */ - - if ((qsp->xfr.lev = sx_freelev(lev)) == NULL) { - /* End of topmost level. */ - qsp->xfr.state = s_x_lastsoa; - sq_writeh(qsp, sx_sendsoa); - return; - } - goto again; -} - -/* - * void - * sx_sendsoa(qsp) - * send either the first or last SOA needed for an AXFR. - * side effects: - * changes qsp->xfr.state. adds RR to output buffer. - */ -void -sx_sendsoa(struct qstream *qsp) { - HEADER * hp = (HEADER *) qsp->xfr.msg; - - if (sx_soarr(qsp) == -1) - return; /* No state change, come back here later. */ - - hp->aa = 1; - - switch (qsp->xfr.state) { - case s_x_firstsoa: { - /* Next thing to do is send the zone. */ - qsp->xfr.state = s_x_zone; - sq_writeh(qsp, sx_sendlev); - break; - } - case s_x_lastsoa: { - /* Next thing to do is go back and wait for another query. */ - qsp->xfr.state = s_x_done; - (void)sx_flush(qsp); - sq_writeh(qsp, sq_flushw); - break; - } - default: { - ns_panic(ns_log_xfer_out, 1, - "unexpected state %d in sx_sendsoa", qsp->xfr.state); - } - } -} - -/* int - * sx_pushlev(qsp, np) - * manage the decomposed recursion. set up for a new level (domain). - * returns: - * 0 = success - * -1 = failure (check errno) - */ -static int -sx_pushlev(struct qstream *qsp, struct namebuf *np) { - struct qs_x_lev *new = memget(sizeof *new); - struct hashbuf *htp; - - if (!new) { - errno = ENOMEM; - return (-1); - } - memset(new, 0, sizeof *new); - new->state = sxl_ns; - new->np = np; - new->dp = np->n_data; - if (new->dp) - DRCNTINC(new->dp); - getname(np, new->dname, sizeof new->dname); - /* - * We find the subdomains by looking in the hash table for this - * domain, but the root domain needs special treatment, because - * of the following wart in the database design: - * - * The top level hash table (pointed to by the global `hashtab' - * variable) contains pointers to the namebuf's for the root as - * well as for the top-level domains below the root, in contrast - * to the usual situation where a hash table contains entries - * for domains at the same level. The n_hash member of the - * namebuf for the root domain is NULL instead of pointing to a - * hashbuf for the top-level domains. The n_parent members of - * the namebufs for the top-level domains are NULL instead of - * pointing to the namebuf for the root. - * - * We work around the wart as follows: - * - * If we are not dealing with the root zone then we just set - * htp = np->n_hash, pointing to the hash table for the current - * domain, and we walk through the hash table as usual, - * processing the namebufs for all the subdomains. - * - * If we are dealing with the root zone, then we set - * htp = hashtab, pointing to the global hash table (because - * there is no hash table associated with the root domain's - * namebuf. While we walk this hash table, we take care not to - * recursively process the entry for the root namebuf. - * - * (apb@und nov1990) - */ - htp = ((new->dname[0] == '\0') ? hashtab : np->n_hash); - if (htp) { - new->npp = htp->h_tab; - new->npe = htp->h_tab + htp->h_size; - } else { - new->npp = NULL; - new->npe = NULL; - } - new->nnp = NULL; - new->next = qsp->xfr.lev; - qsp->xfr.lev = new; - return (0); -} - -/* - * qs_x_lev * - * sx_freelev(lev) - * free the memory occupied by a level descriptor - * return: - * pointer to "next" level descriptor - */ -static struct qs_x_lev * -sx_freelev(struct qs_x_lev *lev) { - struct qs_x_lev *next = lev->next; - - if (lev->dp) - db_detach(&lev->dp); - memput(lev, sizeof *lev); - return (next); -} - -static struct databuf * -db_next(struct databuf *dp) { - struct databuf *next = dp->d_next; - - db_detach(&dp); - if (next) - DRCNTINC(next); - - return (next); -} - diff --git a/contrib/bind/bin/named/pathtemplate.h b/contrib/bind/bin/named/pathtemplate.h deleted file mode 100644 index 3011713..0000000 --- a/contrib/bind/bin/named/pathtemplate.h +++ /dev/null @@ -1,78 +0,0 @@ -/* - * $Id: pathtemplate.h,v 8.6 2000/04/21 06:54:15 vixie Exp $ - */ - -/* - * Copyright (c) 1996-2000 by Internet Software Consortium. - * - * Permission to use, copy, modify, and distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS - * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES - * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE - * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL - * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR - * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS - * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS - * SOFTWARE. - */ - -#include <paths.h> - -#ifndef _PATH_CONF -#define _PATH_CONF "%DESTETC%/named.conf" -#endif - -#ifndef _PATH_DEBUG -#define _PATH_DEBUG "named.run" -#endif - -#ifndef _PATH_DUMPFILE -#define _PATH_DUMPFILE "named_dump.db" -#endif - -#ifndef _PATH_NAMED -#define _PATH_NAMED "%DESTSBIN%/named" -#endif - -#ifndef _PATH_PIDFILE -#define _PATH_PIDFILE "%DESTRUN%/named.pid" -#endif - -#ifndef _PATH_NDCSOCK -#ifdef NEED_SECURE_DIRECTORY -#define _PATH_NDCSOCK "%DESTRUN%/ndc.d/ndc" -#else -#define _PATH_NDCSOCK "%DESTRUN%/ndc" -#endif -#endif - -#ifndef _PATH_STATS -#define _PATH_STATS "named.stats" -#endif - -#ifndef _PATH_MEMSTATS -#define _PATH_MEMSTATS "named.memstats" -#endif - -#ifndef _PATH_TMPXFER -#define _PATH_TMPXFER "xfer.ddt.XXXXXX" -#endif - -#ifndef _PATH_XFER -#define _PATH_XFER "%DESTEXEC%/named-xfer" -#endif - -#ifndef _PATH_XFERTRACE -#define _PATH_XFERTRACE "xfer.trace" -#endif - -#ifndef _PATH_XFERDDT -#define _PATH_XFERDDT "xfer.ddt" -#endif - -#ifndef _PATH_DEVNULL -#define _PATH_DEVNULL "/dev/null" -#endif diff --git a/contrib/bind/bin/named/test/127.0.0.zone b/contrib/bind/bin/named/test/127.0.0.zone deleted file mode 100644 index b9b7bf5..0000000 --- a/contrib/bind/bin/named/test/127.0.0.zone +++ /dev/null @@ -1,11 +0,0 @@ -$ORIGIN 0.0.127.in-addr.arpa. - -@ 1D IN SOA localhost. root.localhost. ( - 42 ; serial (d. adams) - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - 1D IN NS localhost. -1 1D IN PTR localhost. diff --git a/contrib/bind/bin/named/test/localhost.zone b/contrib/bind/bin/named/test/localhost.zone deleted file mode 100644 index ad5e68e..0000000 --- a/contrib/bind/bin/named/test/localhost.zone +++ /dev/null @@ -1,10 +0,0 @@ -$ORIGIN localhost. -@ 1D IN SOA @ root ( - 42 ; serial (d. adams) - 3H ; refresh - 15M ; retry - 1W ; expiry - 1D ) ; minimum - - 1D IN NS @ - 1D IN A 127.0.0.1 diff --git a/contrib/bind/bin/named/test/named.conf b/contrib/bind/bin/named/test/named.conf deleted file mode 100644 index 0e43eac..0000000 --- a/contrib/bind/bin/named/test/named.conf +++ /dev/null @@ -1,45 +0,0 @@ -// This is a configuration file for named (from BIND 8.1 or later). -// It would normally be installed as /etc/named.conf. - -options { -// directory "/var/named"; - check-names master warn; /* default. */ - datasize 20M; - deallocate-on-exit yes; - listen-on { 10.0.0.53; }; -}; - -zone "localhost" IN { - type master; - file "localhost.zone"; - check-names fail; - allow-update { none; }; - allow-transfer { any; }; -}; - -zone "0.0.127.in-addr.arpa" IN { - type master; - file "127.0.0.zone"; - check-names fail; - allow-update { none; }; - allow-transfer { any; }; -}; - -zone "." IN { - type hint; - file "root.hint"; -}; - -logging { - channel xfer-log { - file "/var/tmp/bind-xfer.log" versions unlimited size 10m; - print-category yes; - print-severity yes; - print-time yes; - severity info; - }; - category xfer-in { xfer-log; }; - category xfer-out { xfer-log; }; - category notify { xfer-log; }; - category load { xfer-log; }; -}; diff --git a/contrib/bind/bin/named/test/root.hint b/contrib/bind/bin/named/test/root.hint deleted file mode 100644 index 0b8f372..0000000 --- a/contrib/bind/bin/named/test/root.hint +++ /dev/null @@ -1,37 +0,0 @@ - -; <<>> DiG 2.2 <<>> @192.5.5.241 -; (1 server found) -;; res options: init recurs defnam dnsrch -;; got answer: -;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10 -;; flags: qr aa rd; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 9 -;; QUERY SECTION: -;; ., type = NS, class = IN - -;; ANSWER SECTION: -. 6D IN NS C.ROOT-SERVERS.NET. -. 6D IN NS D.ROOT-SERVERS.NET. -. 6D IN NS E.ROOT-SERVERS.NET. -. 6D IN NS I.ROOT-SERVERS.NET. -. 6D IN NS F.ROOT-SERVERS.NET. -. 6D IN NS G.ROOT-SERVERS.NET. -. 6D IN NS A.ROOT-SERVERS.NET. -. 6D IN NS H.ROOT-SERVERS.NET. -. 6D IN NS B.ROOT-SERVERS.NET. - -;; ADDITIONAL SECTION: -C.ROOT-SERVERS.NET. 5w6d16h IN A 192.33.4.12 -D.ROOT-SERVERS.NET. 5w6d16h IN A 128.8.10.90 -E.ROOT-SERVERS.NET. 5w6d16h IN A 192.203.230.10 -I.ROOT-SERVERS.NET. 5w6d16h IN A 192.36.148.17 -F.ROOT-SERVERS.NET. 5w6d16h IN A 192.5.5.241 -G.ROOT-SERVERS.NET. 5w6d16h IN A 192.112.36.4 -A.ROOT-SERVERS.NET. 5w6d16h IN A 198.41.0.4 -H.ROOT-SERVERS.NET. 5w6d16h IN A 128.63.2.53 -B.ROOT-SERVERS.NET. 5w6d16h IN A 128.9.0.107 - -;; Total query time: 8 msec -;; FROM: wisdom.home.vix.com to SERVER: 192.5.5.241 -;; WHEN: Fri Nov 22 00:08:05 1996 -;; MSG SIZE sent: 17 rcvd: 312 - diff --git a/contrib/bind/bin/named/version.c b/contrib/bind/bin/named/version.c deleted file mode 100644 index 31820f5..0000000 --- a/contrib/bind/bin/named/version.c +++ /dev/null @@ -1,89 +0,0 @@ -/* - * @(#)Version.c 4.9 (Berkeley) 7/21/90 - * $Id: version.c,v 8.3 1999/01/02 06:05:14 vixie Exp $ - */ - -#ifndef lint -char sccsid[] = "@(#)named %VERSION% %WHEN% %WHOANDWHERE%"; -char rcsid[] = "$Id: version.c,v 8.3 1999/01/02 06:05:14 vixie Exp $"; -#endif /* not lint */ - -char Version[] = "named %VERSION% %WHEN%\n\t%WHOANDWHERE%"; -char ShortVersion[] = "%VERSION%"; - -#ifdef COMMENT - -SCCS/s.Version.c: - -D 4.8.3 90/06/27 17:05:21 bloom 37 35 00031/00028/00079 -Version distributed with 4.3 Reno tape (June 1990) - -D 4.8.2 89/09/18 13:57:11 bloom 35 34 00020/00014/00087 -Interim fixes release - -D 4.8.1 89/02/08 17:12:15 karels 34 33 00026/00017/00075 -branch for 4.8.1 - -D 4.8 88/07/09 14:27:00 karels 33 28 00043/00031/00049 -4.8 is here! - -D 4.7 87/11/20 13:15:52 karels 25 24 00000/00000/00062 -4.7.3 beta - -D 4.6 87/07/21 12:15:52 karels 25 24 00000/00000/00062 -4.6 declared stillborn - -D 4.5 87/02/10 12:33:25 kjd 24 18 00000/00000/00062 -February 1987, Network Release. Child (bind) grows up, parent (kevin) leaves home. - -D 4.4 86/10/01 10:06:26 kjd 18 12 00020/00017/00042 -October 1, 1986 Network Distribution - -D 4.3 86/06/04 12:12:18 kjd 12 7 00015/00028/00044 -Version distributed with 4.3BSD - -D 4.2 86/04/30 20:57:16 kjd 7 1 00056/00000/00016 -Network distribution Freeze and one more version until 4.3BSD - -D 1.1 86/04/30 19:30:00 kjd 1 0 00016/00000/00000 -date and time created 86/04/30 19:30:00 by kjd - -code versions: - -Makefile - Makefile 4.14 (Berkeley) 2/28/88 -db.h - db.h 4.13 (Berkeley) 2/17/88 -db_dump.c - db_dump.c 4.20 (Berkeley) 2/17/88 -db_load.c - db_load.c 4.26 (Berkeley) 2/28/88 -db_lookup.c - db_lookup.c 4.14 (Berkeley) 2/17/88 -db_reload.c - db_reload.c 4.15 (Berkeley) 2/28/88 -db_save.c - db_save.c 4.13 (Berkeley) 2/17/88 -db_update.c - db_update.c 4.16 (Berkeley) 2/28/88 -ns_forw.c - ns_forw.c 4.26 (Berkeley) 3/28/88 -ns_init.c - ns_init.c 4.23 (Berkeley) 2/28/88 -ns_main.c - Copyright (c) 1986 Regents of the University of California.\n\ - ns_main.c 4.30 (Berkeley) 3/7/88 -ns_maint.c - ns_maint.c 4.23 (Berkeley) 2/28/88 -ns_req.c - ns_req.c 4.32 (Berkeley) 3/31/88 -ns_resp.c - ns_resp.c 4.50 (Berkeley) 4/7/88 -ns_sort.c - ns_sort.c 4.3 (Berkeley) 2/17/88 -ns_stats.c - ns_stats.c 4.3 (Berkeley) 2/17/88 -newvers.sh - newvers.sh 4.4 (Berkeley) 3/28/88 - -#endif /* COMMENT */ |
