#if !defined(lint) && !defined(SABER) static char sccsid[] = "@(#)db_load.c 4.38 (Berkeley) 3/2/91"; static char rcsid[] = "$Id: db_load.c,v 8.41 1998/02/13 20:02:28 halley Exp $"; #endif /* not lint */ /* * Copyright (c) 1986, 1988, 1990 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. All advertising materials mentioning features or use of this software * must display the following acknowledgement: * This product includes software developed by the University of * California, Berkeley and its contributors. * 4. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Portions Copyright (c) 1993 by Digital Equipment Corporation. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies, and that * the name of Digital Equipment Corporation not be used in advertising or * publicity pertaining to distribution of the document or software without * specific, written prior permission. * * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. */ /* * Portions Copyright (c) 1995 by International Business Machines, Inc. * * International Business Machines, Inc. (hereinafter called IBM) grants * permission under its copyrights to use, copy, modify, and distribute this * Software with or without fee, provided that the above copyright notice and * all paragraphs of this notice appear in all copies, and that the name of IBM * not be used in connection with the marketing of any product incorporating * the Software or modifications thereof, without specific, written prior * permission. * * To the extent it has a right to do so, IBM grants an immunity from suit * under its patents, if any, for the use, sale or manufacture of products to * the extent that such products are used for performing Domain Name System * dynamic updates in TCP/IP networks by means of the Software. No immunity is * granted for any product per se or for any other function of any product. * * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. */ /* * Portions Copyright (c) 1996, 1997 by Internet Software Consortium. * * Permission to use, copy, modify, and distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS * SOFTWARE. */ /* * Load zone from ASCII file on local host. Format similar to RFC 883. */ /* Import. */ #include "port_before.h" #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include #include "port_after.h" #include "named.h" /* Forward. */ static int gettoken(FILE *, const char *); static int getttl(FILE *, const char *, int, u_int32_t *, int *); static int getcharstring(char *, char *, int, int, int, FILE *, const char *); static int makename_ok(char *name, const char *origin, int class, struct zoneinfo *zp, enum transport transport, enum context context, const char *owner, const char *filename, int lineno, int size); static int getmlword(char *, size_t, FILE *, int); static int getallwords(char *, size_t, FILE *, int); static u_int32_t wordtouint32(char *); static int datepart(const char *, int, int, int, int *); static u_int32_t datetosecs(const char *, int *); static int get_nxt_types(u_char *, FILE *, const char *); static void fixup_soa(const char *fn, struct zoneinfo *zp); #ifdef BIND_NOTIFY static void notify_after_delay(evContext ctx, void *uap, struct timespec due, struct timespec inter); #endif static int wordtouint32_error = 0; static int empty_token = 0; static int getmlword_nesting = 0; /* Global. */ static int clev; /* a zone deeper in a hierarchy has more credibility */ #ifdef BIND_NOTIFY static notify_info_list pending_notifies; #endif /* * Parser token values */ #define CURRENT 1 #define DOT 2 #define AT 3 #define DNAME 4 #define INCLUDE 5 #define ORIGIN 6 #define ERROR 7 #define MAKENAME_OK(N) \ do { \ if (!makename_ok(N, origin, class, zp, \ transport, context, \ domain, filename, lineno, \ sizeof(data) - ((u_char*)N - data))) { \ errs++; \ sprintf(buf, "bad name \"%s\"", N); \ goto err; \ } \ } while (0) /* Public. */ /* int * db_load(filename, in_origin, zp, def_domain) * load a database from `filename' into zone `zp'. append `in_origin' * to all nonterminal domain names in the file. `def_domain' is the * default domain for include files or NULL for zone base files. * returns: * -1 = can't open file * 0 = success * >0 = number of errors encountered */ int db_load(const char *filename, const char *in_origin, struct zoneinfo *zp, const char *def_domain) { static int read_soa, read_ns, rrcount; const char *errtype = "Database"; char *cp; char domain[MAXDNAME], origin[MAXDNAME], tmporigin[MAXDNAME]; char buf[MAXDATA]; u_char data[MAXDATA]; const char *op; int c, someclass, class, type, dbflags, dataflags, multiline; int slineno, i, errs, didinclude, escape, success, dateerror; u_int32_t ttl, n, serial; u_long tmplong; struct databuf *dp; FILE *fp; struct stat sb; struct in_addr ina; enum transport transport; enum context context; u_int32_t sig_type; u_int32_t keyflags; struct sockaddr_in empty_from; empty_from.sin_family = AF_INET; empty_from.sin_addr.s_addr = htonl(INADDR_ANY); empty_from.sin_port = htons(0); /* * We use an 'if' inside of the 'do' below because otherwise the Solaris * compiler detects that the 'while' is never executed because of the 'goto' * and complains. */ #define ERRTO(msg) do { if (1) { errtype = msg; goto err; } } while (0) switch (zp->z_type) { case Z_PRIMARY: case Z_CACHE: transport = primary_trans; break; case Z_SECONDARY: case Z_STUB: transport = secondary_trans; break; default: transport = response_trans; /*guessing*/ break; } errs = 0; didinclude = 0; if (!def_domain) { /* This is not the result of a $INCLUDE. */ rrcount = 0; read_soa = 0; read_ns = 0; clev = nlabels(in_origin); } ns_debug(ns_log_load, 1, "db_load(%s, %s, %d, %s)", filename, in_origin, zp - zones, def_domain ? def_domain : "Nil"); strcpy(origin, in_origin); if ((fp = fopen(filename, "r")) == NULL) { ns_warning(ns_log_load, "%s: %s", filename, strerror(errno)); return (-1); } if (zp->z_type == Z_CACHE) { dbflags = DB_NODATA | DB_NOHINTS; dataflags = DB_F_HINT; #ifdef STUBS } else if (zp->z_type == Z_STUB && clev == 0) { dbflags = DB_NODATA | DB_NOHINTS; dataflags = DB_F_HINT; #endif } else { dbflags = DB_NODATA; dataflags = 0; } gettime(&tt); if (fstat(fileno(fp), &sb) < 0) { ns_warning(ns_log_load, "%s: %s", filename, strerror(errno)); sb.st_mtime = (int)tt.tv_sec; } slineno = lineno; lineno = 1; if (def_domain) strcpy(domain, def_domain); else domain[0] = '\0'; class = zp->z_class; zp->z_flags &= ~(Z_INCLUDE|Z_DB_BAD); while ((c = gettoken(fp, filename)) != EOF) { switch (c) { case INCLUDE: if (!getword(buf, sizeof buf, fp, 0)) /* file name*/ break; if (!getword(tmporigin, sizeof(tmporigin), fp, 1)) strcpy(tmporigin, origin); else { if (makename(tmporigin, origin, sizeof(tmporigin)) == -1) ERRTO("$INCLUDE makename failed"); endline(fp); } didinclude = 1; errs += db_load(buf, tmporigin, zp, domain); continue; case ORIGIN: (void) strcpy(buf, origin); if (!getword(origin, sizeof(origin), fp, 1)) break; ns_debug(ns_log_load, 3, "db_load: origin %s, buf %s", origin, buf); if (makename(origin, buf, sizeof(origin)) == -1) ERRTO("$ORIGIN makename failed"); ns_debug(ns_log_load, 3, "db_load: origin now %s", origin); continue; case DNAME: if (!getword(domain, sizeof(domain), fp, 1)) break; if (makename(domain, origin, sizeof(domain)) == -1) ERRTO("ownername makename failed"); goto gotdomain; case AT: (void) strcpy(domain, origin); goto gotdomain; case DOT: domain[0] = '\0'; /* FALLTHROUGH */ case CURRENT: gotdomain: if (!getword(buf, sizeof buf, fp, 0)) { if (c == CURRENT) continue; break; } if (ns_parse_ttl(buf, &tmplong) < 0) ttl = USE_MINIMUM; else { ttl = (u_int32_t)tmplong; if (ttl > MAXIMUM_TTL) { ns_info(ns_log_load, "%s: Line %d: TTL > %u; converted to 0", filename, lineno, MAXIMUM_TTL); ttl = 0; } if (zp->z_type == Z_CACHE) { /* * This allows the cache entry to age * while sitting on disk (powered off). */ if (ttl > max_cache_ttl) ttl = max_cache_ttl; ttl += sb.st_mtime; } if (!getword(buf, sizeof buf, fp, 0)) break; } /* Parse class (IN, etc) */ someclass = sym_ston(__p_class_syms, buf, &success); if (success && someclass != C_ANY) { class = someclass; (void) getword(buf, sizeof buf, fp, 0); } /* Parse RR type (A, MX, etc) */ type = sym_ston(__p_type_syms, buf, &success); if (success == 0 || type == ns_t_any) { ns_info(ns_log_load, "%s: Line %d: Unknown type: %s.", filename, lineno, buf); errs++; break; } context = ns_ownercontext(type, transport); if (!ns_nameok(domain, class, zp, transport, context, domain, inaddr_any)) { errs++; ns_notice(ns_log_load, "%s:%d: owner name error", filename, lineno); break; } context = domain_ctx; switch (type) { case ns_t_key: case ns_t_sig: case ns_t_nxt: /* * Don't do anything here for these types -- * they read their own input separately later. */ goto dont_get_word; case ns_t_soa: case ns_t_minfo: case ns_t_rp: case ns_t_ns: case ns_t_cname: case ns_t_mb: case ns_t_mg: case ns_t_mr: case ns_t_ptr: escape = 1; break; default: escape = 0; } if (!getword(buf, sizeof buf, fp, escape)) break; ns_debug(ns_log_load, 3, "d='%s', c=%d, t=%d, ttl=%u, data='%s'", domain, class, type, ttl, buf); /* * Convert the ascii data 'buf' to the proper format * based on the type and pack into 'data'. */ dont_get_word: switch (type) { case ns_t_a: if (!inet_aton(buf, &ina)) ERRTO("IP Address"); (void) ina_put(ina, data); n = NS_INT32SZ; break; case ns_t_soa: context = hostname_ctx; goto soa_rp_minfo; case ns_t_rp: case ns_t_minfo: context = mailname_ctx; /* FALLTHROUGH */ soa_rp_minfo: (void) strcpy((char *)data, buf); MAKENAME_OK((char *)data); cp = (char *)(data + strlen((char *)data) + 1); if (!getword(cp, (sizeof data) - (cp - (char*)data), fp, 1)) ERRTO("Domain Name"); if (type == ns_t_rp) context = domain_ctx; else context = mailname_ctx; MAKENAME_OK(cp); cp += strlen((char *)cp) + 1; if (type != ns_t_soa) { n = cp - (char *)data; break; } if (class != zp->z_class) { errs++; ns_info(ns_log_load, "%s:%d: %s", filename, lineno, "SOA class not same as zone's"); } if (strcasecmp(zp->z_origin, domain) != 0) { errs++; ns_error(ns_log_load, "%s:%d: SOA for \"%s\" not at zone top \"%s\"", filename, lineno, domain, zp->z_origin); } c = getnonblank(fp, filename); if (c == '(') { multiline = 1; } else { multiline = 0; ungetc(c, fp); } serial = zp->z_serial; zp->z_serial = getnum(fp, filename, GETNUM_SERIAL); if (getnum_error) errs++; n = (u_int32_t) zp->z_serial; PUTLONG(n, cp); if (serial != 0 && SEQ_GT(serial, zp->z_serial)) { ns_notice(ns_log_load, "%s:%d: WARNING: new serial number < old (%lu < %lu)", filename , lineno, zp->z_serial, serial); } if (getttl(fp, filename, lineno, &n, &multiline) <= 0) { errs++; n = INIT_REFRESH; } PUTLONG(n, cp); zp->z_refresh = MAX(n, MIN_REFRESH); if (zp->z_type == Z_SECONDARY #if defined(STUBS) || zp->z_type == Z_STUB #endif ) { ns_refreshtime(zp, MIN(sb.st_mtime, tt.tv_sec)); sched_zone_maint(zp); } #ifdef BIND_UPDATE if ((zp->z_type == Z_PRIMARY) && (zp->z_flags & Z_DYNAMIC)) if ((u_int32_t)zp->z_soaincrintvl > zp->z_refresh/3) { ns_info(ns_log_load, "zone soa update time truncated to 1/3rd of refresh time"); zp->z_soaincrintvl = zp->z_refresh / 3; } #endif if (getttl(fp, filename, lineno, &n, &multiline) <= 0) { errs++; n = INIT_REFRESH; } PUTLONG(n, cp); zp->z_retry = MAX(n, MIN_RETRY); if (getttl(fp, filename, lineno, &zp->z_expire, &multiline) <= 0) { errs++; zp->z_expire = INIT_REFRESH; } n = zp->z_expire; PUTLONG(n, cp); if (getttl(fp, filename, lineno, &n, &multiline) <= 0) { errs++; n = 120; } PUTLONG(n, cp); if (n > MAXIMUM_TTL) { ns_info(ns_log_load, "%s: Line %d: SOA minimum TTL > %u; converted to 0", filename, lineno, MAXIMUM_TTL); zp->z_minimum = 0; } else zp->z_minimum = n; n = cp - (char *)data; if (multiline) { buf[0] = getnonblank(fp, filename); buf[1] = '\0'; if (buf[0] != ')') ERRTO("SOA \")\""); endline(fp); } read_soa++; if (zp->z_type == Z_PRIMARY) fixup_soa(filename, zp); break; case ns_t_wks: /* Address */ if (!inet_aton(buf, &ina)) ERRTO("WKS IP Address"); (void) ina_put(ina, data); /* Protocol */ data[INADDRSZ] = getprotocol(fp, filename); /* Services */ n = getservices(NS_INT32SZ + sizeof(char), (char *)data, fp, filename); break; case ns_t_ns: if (strcasecmp(zp->z_origin, domain) == 0) read_ns++; context = hostname_ctx; goto cname_etc; case ns_t_cname: case ns_t_mb: case ns_t_mg: case ns_t_mr: context = domain_ctx; goto cname_etc; case ns_t_ptr: context = ns_ptrcontext(domain); cname_etc: (void) strcpy((char *)data, buf); MAKENAME_OK((char *)data); n = strlen((char *)data) + 1; break; case ns_t_naptr: /* Order Preference Flags Service Replacement Regexp */ n = 0; cp = buf; /* Order */ while (isdigit(*cp)) n = n * 10 + (*cp++ - '0'); /* catch bad values */ if (cp == buf || n > 65535) ERRTO("NAPTR Order"); cp = (char *)data; PUTSHORT((u_int16_t)n, cp); /* Preference */ n = getnum(fp, filename, GETNUM_NONE); if (getnum_error || n > 65536) ERRTO("NAPTR Preference"); PUTSHORT((u_int16_t)n, cp); /* Flags */ if (!getword(buf, sizeof buf, fp, 0)) ERRTO("NAPTR Flags"); n = strlen(buf); *cp++ = n; memcpy(cp, buf, (int)n); cp += n; /* Service Classes */ if (!getword(buf, sizeof buf, fp, 0)) ERRTO("NAPTR Service Classes"); n = strlen(buf); *cp++ = n; memcpy(cp, buf, (int)n); cp += n; /* Pattern */ if (!getword(buf, sizeof buf, fp, 0)) ERRTO("NAPTR Pattern"); n = strlen(buf); *cp++ = n; memcpy(cp, buf, (int)n); cp += n; /* Replacement */ if (!getword(buf, sizeof buf, fp, 1)) ERRTO("NAPTR Replacement"); (void) strcpy((char *)cp, buf); context = domain_ctx; MAKENAME_OK(cp); /* advance pointer to end of data */ cp += strlen((char *)cp) +1; /* now save length */ n = (cp - (char *)data); break; case ns_t_mx: case ns_t_afsdb: case ns_t_rt: case ns_t_srv: n = 0; cp = buf; while (isdigit(*cp)) n = n * 10 + (*cp++ - '0'); /* catch bad values */ if ((cp == buf) || (n > 65535)) ERRTO("Priority"); cp = (char *)data; PUTSHORT((u_int16_t)n, cp); if (type == ns_t_srv) { n = getnum(fp, filename, GETNUM_NONE); if (getnum_error || n > 65536) ERRTO("SRV RR"); PUTSHORT((u_int16_t)n, cp); n = getnum(fp, filename, GETNUM_NONE); if (getnum_error || n > 65536) ERRTO("SRV RR"); PUTSHORT((u_int16_t)n, cp); } if (!getword(buf, sizeof buf, fp, 1)) ERRTO("Domain Name"); (void) strcpy((char *)cp, buf); context = hostname_ctx; MAKENAME_OK(cp); /* advance pointer to end of data */ cp += strlen((char *)cp) +1; /* now save length */ n = (cp - (char *)data); break; case ns_t_px: context = domain_ctx; n = 0; data[0] = '\0'; cp = buf; while (isdigit(*cp)) n = n * 10 + (*cp++ - '0'); /* catch bad values */ if ((cp == buf) || (n > 65535)) ERRTO("PX Priority"); cp = (char *)data; PUTSHORT((u_int16_t)n, cp); if (!getword(buf, sizeof buf, fp, 0)) ERRTO("PX Domain1"); (void) strcpy((char *)cp, buf); MAKENAME_OK(cp); /* advance pointer to next field */ cp += strlen((char *)cp) + 1; if (!getword(buf, sizeof buf, fp, 0)) ERRTO("PX Domain2"); (void) strcpy((char *)cp, buf); MAKENAME_OK(cp); /* advance pointer to end of data */ cp += strlen((char *)cp) + 1; /* now save length */ n = (cp - (char *)data); break; case ns_t_hinfo: n = getcharstring(buf, (char *)data, type, 2, 2, fp, filename); if (n == 0) ERRTO("HINFO RR"); break; case ns_t_isdn: n = getcharstring(buf, (char *)data, type, 1, 2, fp, filename); if (n == 0) ERRTO("ISDN RR"); break; case ns_t_txt: n = getcharstring(buf, (char *)data, type, 1, 0, fp, filename); if (n == 0) ERRTO("TXT RR"); break; case ns_t_x25: n = getcharstring(buf, (char *)data, type, 1, 1, fp, filename); if (n == 0) ERRTO("X25 RR"); break; case ns_t_nsap: n = inet_nsap_addr(buf, (u_char *)data, sizeof data); if (n == 0) ERRTO("NSAP RR"); endline(fp); break; case ns_t_aaaa: if (inet_pton(AF_INET6, buf, data) <= 0) ERRTO("IPv4 Address"); n = NS_IN6ADDRSZ; endline(fp); break; case ns_t_key: { /* The KEY record looks like this in the db file: * Name Cl KEY Flags Proto Algid PublicKeyData * where: * Name,Cl per usual * KEY RR type * Flags 4 digit hex value (unsigned_16) * Proto 8 bit u_int * Algid 8 bit u_int * PublicKeyData * a string of base64 digits, * skipping any embedded whitespace. */ u_int32_t al, pr; int nk, klen; char *expstart; u_int expbytes, modbytes; i = 0; data[i] = '\0'; cp = (char *)data; getmlword_nesting = 0; /* KLUDGE err recov. */ /*>>> Flags (unsigned_16) */ if (!getmlword((char*)buf, sizeof buf, fp, 0)) ERRTO("KEY Flags Field"); keyflags = wordtouint32(buf); if (wordtouint32_error || 0xFFFF < keyflags) goto err; if (keyflags & NS_KEY_RESERVED_BITMASK) ERRTO("KEY Reserved Flag Bit"); PUTSHORT(keyflags, cp); /*>>> Protocol (8-bit decimal) */ if (!getmlword((char*)buf, sizeof buf, fp, 0)) ERRTO("KEY Protocol Field"); pr = wordtouint32(buf); if (wordtouint32_error || 255 < pr) ERRTO("KEY Protocol Field"); *cp++ = (u_char) pr; /*>>> Algorithm id (8-bit decimal) */ if (!getmlword((char*)buf, sizeof buf, fp, 0)) ERRTO("KEY Algorithm ID"); al = wordtouint32(buf); if (wordtouint32_error || 0 == al || 255 == al || 255 < al) ERRTO("KEY Algorithm ID"); *cp++ = (u_char) al; /*>>> Public Key data is in BASE64. * We don't care what algorithm it uses or what * the internal structure of the BASE64 data is. */ if (!getallwords(buf, MAXDATA, fp, 0)) klen = 0; else { /* Convert from BASE64 to binary. */ klen = b64_pton(buf, (u_char*)cp, sizeof data - (cp - (char *)data)); if (klen < 0) ERRTO("KEY Public Key"); } /* set total length */ n = cp + klen - (char *)data; /* * Now check for valid key flags & algs & etc, * from the RFC. */ if (keyflags & (NS_KEY_ZONEKEY | NS_KEY_IPSEC | NS_KEY_EMAIL)) pr |= 1; /* A nonzero proto. */ if (NS_KEY_TYPE_NO_KEY == (keyflags & NS_KEY_TYPEMASK)) nk = 1; /* No-key */ else nk = 0; /* have a key */ if ((keyflags & NS_KEY_ZONEKEY) && (NS_KEY_TYPE_CONF_ONLY == (keyflags & NS_KEY_TYPEMASK))) /* Zone key must have Auth bit set. */ ERRTO("KEY Zone Key Auth. bit"); if (al == 0 && nk == 0) ERRTO("KEY Algorithm"); if (al != 0 && pr == 0) ERRTO("KEY Protocols"); if (nk == 1 && klen != 0) ERRTO("KEY No-Key Flags Set"); if (nk == 0 && klen == 0) ERRTO("KEY Type Spec'd"); /* Check algorithm-ID and key structure, for the algorithm-ID's that we know about. */ switch (al) { case NS_ALG_MD5RSA: if (klen == 0) break; expstart = cp; expbytes = *expstart++; if (expbytes == 0) GETSHORT(expbytes, expstart); if (expbytes < 1) ERRTO("Exponent too short"); if (expbytes > (NS_MD5RSA_MAX_BITS + 7) / 8 ) ERRTO("Exponent too long"); if (*expstart == 0) ERRTO("Exponent w/ 0"); modbytes = klen - (expbytes + (expstart - cp)); if (modbytes < (NS_MD5RSA_MIN_BITS + 7) / 8 ) ERRTO("Modulus too short"); if (modbytes > (NS_MD5RSA_MAX_BITS + 7) / 8 ) ERRTO("Modulus too long"); if (*(expstart+expbytes) == 0) ERRTO("Modulus starts w/ 0"); break; case NS_ALG_EXPIRE_ONLY: if (klen != 0) ERRTO( "Key provided for expire-only algorithm" ); break; case NS_ALG_PRIVATE_OID: if (klen == 0) ERRTO("No ObjectID in key"); break; } endline(fp); /* flush the rest of the line */ break; } /*T_KEY*/ case ns_t_sig: { /* The SIG record looks like this in the db file: Name Cl SIG RRtype Algid [OTTL] Texp Tsig Kfoot Signer Sig where: Name and Cl are as usual SIG is a keyword RRtype is a char string ALGid is 8 bit u_int OTTL is 32 bit u_int (optionally present) Texp is YYYYMMDDHHMMSS Tsig is YYYYMMDDHHMMSS Kfoot is 16-bit unsigned decimal integer Signer is a char string Sig is 64 to 319 base-64 digits A missing OTTL is detected by the magnitude of the Texp value that follows it, which is larger than any u_int. The Labels field in the binary RR does not appear in the text RR. It's too crazy to run these pages of SIG code at the right margin. I'm exdenting them for readability. */ int siglen; u_int32_t al; u_int32_t signtime, exptime, timetilexp; u_int32_t origTTL; time_t now; /* The TTL gets checked against the Original TTL, and bounded by the signature expiration time, which are both under the signature. We can't let TTL drift based on the SOA record. If defaulted, fix it now. (It's not clear to me why USE_MINIMUM isn't eliminated before putting ALL RR's into the database. -gnu@toad.com) */ if (ttl == USE_MINIMUM) ttl = zp->z_minimum; i = 0; data[i] = '\0'; getmlword_nesting = 0; /* KLUDGE err recovery */ /* RRtype (char *) */ if (!getmlword((char*)buf, sizeof buf, fp, 0)) ERRTO("SIG record doesn't specify type"); sig_type = sym_ston(__p_type_syms, buf, &success); if (!success || sig_type == ns_t_any) { /* * We'll also accept a numeric RR type, * for signing RR types that this version * of named doesn't yet understand. * In the ns_t_any case, we rely on wordtouint32 * to fail when scanning the string "ANY". */ sig_type = wordtouint32 (buf); if (wordtouint32_error || sig_type > 0xFFFF) ERRTO("Unknown RR type in SIG record"); } cp = (char *)&data[i]; PUTSHORT((u_int16_t)sig_type, cp); i += 2; /* Algorithm id (8-bit decimal) */ if (!getmlword(buf, sizeof buf, fp, 0)) ERRTO("Missing algorithm ID"); al = wordtouint32(buf); if (0 == al || wordtouint32_error || 255 <= al) goto err; data[i] = (u_char) al; i++; /* * Labels (8-bit decimal) * Not given in the file. Must compute. */ n = dn_count_labels(domain); if (0 >= n || 255 < n) ERRTO("SIG label count invalid"); data[i] = (u_char) n; i++; /* * OTTL (optional u_int32_t) and * Texp (u_int32_t date) */ if (!getmlword(buf, sizeof buf, fp, 0)) ERRTO("OTTL and expiration time missing"); /* * See if OTTL is missing and this is a date. * This relies on good, silent error checking * in datetosecs. */ exptime = datetosecs(buf, &dateerror); if (!dateerror) { /* Output TTL as OTTL */ origTTL = ttl; cp = (char *)&data[i]; PUTLONG (origTTL, cp); i += 4; } else { /* Parse and output OTTL; scan TEXP */ origTTL = wordtouint32(buf); if (0 >= origTTL || wordtouint32_error || (origTTL > 0x7fffffff)) goto err; cp = (char *)&data[i]; PUTLONG(origTTL, cp); i += 4; if (!getmlword(buf, sizeof buf, fp, 0)) ERRTO("Expiration time missing"); exptime = datetosecs(buf, &dateerror); } if (dateerror || exptime > 0x7fffffff || exptime <= 0) ERRTO("Invalid expiration time"); cp = (char *)&data[i]; PUTLONG(exptime, cp); i += 4; /* Tsig (u_int32_t) */ if (!getmlword(buf, sizeof buf, fp, 0)) ERRTO("Missing signature time"); signtime = datetosecs(buf, &dateerror); if (0 == signtime || dateerror) ERRTO("Invalid signature time"); cp = (char *)&data[i]; PUTLONG(signtime, cp); i += 4; /* Kfootprint (unsigned_16) */ if (!getmlword(buf, sizeof buf, fp, 0)) ERRTO("Missing key footprint"); n = wordtouint32(buf); if (wordtouint32_error || n >= 0x0ffff) ERRTO("Invalid key footprint"); cp = (char *)&data[i]; PUTSHORT((u_int16_t)n, cp); i += 2; /* Signer's Name */ if (!getmlword((char*)buf, sizeof buf, fp, 0)) ERRTO("Missing signer's name"); cp = (char *)&data[i]; strcpy(cp,buf); context = domain_ctx; MAKENAME_OK(cp); i += strlen(cp) + 1; /* * Signature (base64 of any length) * We don't care what algorithm it uses or what * the internal structure of the BASE64 data is. */ if (!getallwords(buf, sizeof buf, fp, 0)) { siglen = 0; } else { cp = (char *)&data[i]; siglen = b64_pton(buf, (u_char*)cp, sizeof data - i); if (siglen < 0) goto err; } /* set total length and we're done! */ n = i + siglen; /* * Check signature time, expiration, and adjust TTL. Note * that all time values are in GMT (UTC), *not* local time. */ now = time (0); /* Don't let bogus name servers increase the signed TTL */ if (ttl > origTTL) ERRTO("TTL is greater than signed original TTL"); /* Don't let bogus signers "sign" in the future. */ if (signtime > (u_int32_t)now) ERRTO("signature time is in the future"); /* Ignore received SIG RR's that are already expired. */ if (exptime <= (u_int32_t)now) ERRTO("expiration time is in the past"); /* Lop off the TTL at the expiration time. */ timetilexp = exptime - now; if (timetilexp < ttl) { ns_debug(ns_log_load, 1, "shrinking expiring %s SIG TTL from %d to %d", p_secstodate(exptime), ttl, timetilexp); ttl = timetilexp; } /* * Check algorithm-ID and key structure, for * the algorithm-ID's that we know about. */ switch (al) { case NS_ALG_MD5RSA: if (siglen == 0) ERRTO("No key for RSA algorithm"); if (siglen < 1) ERRTO("Signature too short"); if (siglen > (NS_MD5RSA_MAX_BITS + 7) / 8) ERRTO("Signature too long"); /* We rely on cp from parse */ if (*cp == 0) ERRTO("Signature starts with zeroes"); break; case NS_ALG_EXPIRE_ONLY: if (siglen != 0) ERRTO( "Signature supplied to expire-only algorithm"); break; case NS_ALG_PRIVATE_OID: if (siglen == 0) ERRTO("No ObjectID in key"); break; } /* Should we complain about algorithm-ID's that we don't understand? It may help debug some obscure cases, but in general we should accept any RR whether we could cryptographically process it or not; it may be being published for some newer DNS clients to validate themselves. */ endline(fp); /* flush the rest of the line */ break; /* Accept this RR. */ } case ns_t_nxt: /* The NXT record looks like: Name Cl NXT nextname RRT1 RRT2 MX A SOA ... where: Name and Cl are as usual NXT is a keyword nextname is the next valid name in the zone after "Name". All names between the two are known to be nonexistent. RRT's... are a series of RR type names, which indicate that RR's of these types are published for "Name", and that no RR's of any other types are published for "Name". When a NXT record is cryptographically signed, it proves the nonexistence of an RR (actually a whole set of RR's). */ getmlword_nesting = 0; /* KLUDGE err recov. */ if (!getmlword(buf, sizeof buf, fp, 1)) goto err; (void) strcpy((char *)data, buf); MAKENAME_OK((char *)data); n = strlen((char *)data) + 1; cp = n + (char *)data; n += get_nxt_types((u_char *)cp, fp, filename); break; case ns_t_loc: cp = buf + (n = strlen(buf)); *cp = ' '; cp++; while ((i = getc(fp), *cp = i, i != EOF) && *cp != '\n' && (n < MAXDATA)) { cp++; n++; } if (*cp == '\n') /* leave \n for getword */ ungetc(*cp, fp); *cp = '\0'; /* now process the whole line */ n = loc_aton(buf, (u_char *)data); if (n == 0) goto err; endline(fp); break; default: goto err; } /* * Ignore data outside the zone. */ if (zp->z_type != Z_CACHE && !samedomain(domain, zp->z_origin)) { ns_info(ns_log_load, "%s:%d: data \"%s\" outside zone \"%s\" (ignored)", filename, lineno, domain, zp->z_origin); continue; } dp = savedata(class, type, (u_int32_t)ttl, (u_char *)data, (int)n); dp->d_zone = zp - zones; dp->d_flags = dataflags; dp->d_cred = DB_C_ZONE; dp->d_clev = clev; if ((c = db_update(domain, dp, dp, NULL, dbflags, (dataflags & DB_F_HINT) ? fcachetab : hashtab, empty_from)) != OK) { if (c != DATAEXISTS) ns_debug(ns_log_load, 1, "update failed %s %d", domain, type); db_freedata(dp); } else { rrcount++; } continue; case ERROR: break; } err: errs++; ns_notice(ns_log_load, "%s:%d: %s error (%s)", filename, empty_token ? (lineno - 1) : lineno, errtype, buf); if (!empty_token) endline(fp); } (void) my_fclose(fp); lineno = slineno; if (!def_domain) { if (didinclude) { zp->z_flags |= Z_INCLUDE; zp->z_ftime = 0; } else zp->z_ftime = sb.st_mtime; zp->z_lastupdate = sb.st_mtime; if (zp->z_type != Z_CACHE) { const char *msg = NULL; if (read_soa == 0) msg = "no SOA RR found"; else if (read_soa != 1) msg = "multiple SOA RRs found"; else if (read_ns == 0) msg = "no NS RRs found at zone top"; else if (!rrcount) msg = "no relevant RRs found"; if (msg != NULL) { errs++; ns_warning(ns_log_load, "Zone \"%s\" (file %s): %s", zp->z_origin, filename, msg); } } } if (!def_domain) { if (errs) ns_warning(ns_log_load, "%s zone \"%s\" (%s) rejected due to errors (serial %u)", zoneTypeString(zp), zp->z_origin, p_class(zp->z_class), zp->z_serial); else ns_info(ns_log_load, "%s zone \"%s\" (%s) loaded (serial %u)", zoneTypeString(zp), zp->z_origin, p_class(zp->z_class), zp->z_serial); } if (errs) { zp->z_flags |= Z_DB_BAD; zp->z_ftime = 0; } #ifdef BIND_NOTIFY if (!errs && !def_domain && (zp->z_type == z_master || zp->z_type == z_slave)) { static const char no_room[] = "%s failed, cannot notify for zone %s"; notify_info ni; ni = memget(sizeof *ni); if (ni == NULL) ns_info(ns_log_load, no_room, "memget", zp->z_origin); else { ni->name = savestr(zp->z_origin, 0); if (ni->name == NULL) { memput(ni, sizeof *ni); ns_info(ns_log_load, no_room, "memget", zp->z_origin); } else { ni->class = zp->z_class; ni->state = notify_info_waitfor; if (evWaitFor(ev, (const void *)notify_after_load, notify_after_load, ni, &ni->wait_id) < 0) { ns_error(ns_log_load, "evWaitFor() failed: %s", strerror(errno)); freestr(ni->name); memput(ni, sizeof *ni); } else { APPEND(pending_notifies, ni, link); ns_need(MAIN_NEED_NOTIFY); } } } } #endif return (errs); } static int gettoken(FILE *fp, const char *src) { int c; char op[32]; for (;;) { c = getc(fp); top: switch (c) { case EOF: return (EOF); case '$': if (getword(op, sizeof op, fp, 0)) { if (!strcasecmp("include", op)) return (INCLUDE); if (!strcasecmp("origin", op)) return (ORIGIN); } ns_notice(ns_log_db, "%s:%d: Unknown $ option: $%s", src, lineno, op); return (ERROR); case ';': while ((c = getc(fp)) != EOF && c != '\n') ; goto top; case ' ': case '\t': return (CURRENT); case '.': return (DOT); case '@': return (AT); case '\n': lineno++; continue; default: (void) ungetc(c, fp); return (DNAME); } } } /* int * getword(buf, size, fp, preserve) * get next word, skipping blanks & comments. * '\' '\n' outside of "quotes" is considered a blank. * parameters: * buf - destination * size - of destination * fp - file to read from * preserve - should we preserve \ before \\ and \.? * return value: * 0 = no word; perhaps EOL or EOF; lineno was incremented. * 1 = word was read */ int getword(char *buf, size_t size, FILE *fp, int preserve) { char *cp = buf; int c, spaceok; empty_token = 0; /* XXX global side effect. */ while ((c = getc(fp)) != EOF) { if (c == ';') { /* Comment. Skip to end of line. */ while ((c = getc(fp)) != EOF && c != '\n') (void)NULL; c = '\n'; } if (c == '\n') { /* * Unescaped newline. It's a terminator unless we're * already midway into a token. */ if (cp != buf) ungetc(c, fp); else lineno++; break; } if (c == '"') { /* "Quoted string." Gather the whole string here. */ while ((c = getc(fp)) != EOF && c!='"' && c!='\n') { if (c == '\\') { if ((c = getc(fp)) == EOF) c = '\\'; if (preserve) switch (c) { case '\\': case '.': case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (cp >= buf+size-1) break; *cp++ = '\\'; } if (c == '\n') lineno++; } if (cp >= buf+size-1) break; *cp++ = c; } /* * Newline string terminators are * not token terminators. */ if (c == '\n') { lineno++; break; } /* Sample following character, check for terminator. */ if ((c = getc(fp)) != EOF) ungetc(c, fp); if (c == EOF || isspace(c)) { *cp = '\0'; return (1); } continue; } spaceok = 0; if (c == '\\') { /* Do escape processing. */ if ((c = getc(fp)) == EOF) c = '\\'; if (preserve) switch (c) { case '\\': case '.': case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': if (cp >= buf+size-1) break; *cp++ = '\\'; } if (c == ' ' || c == '\t') spaceok++; } if (isspace(c) && !spaceok) { /* Blank of some kind. Skip run. */ while (isspace(c = getc(fp)) && c != '\n') (void)NULL; ungetc(c, fp); /* Blank means terminator if the token is nonempty. */ if (cp != buf) /* Trailing whitespace */ break; continue; /* Leading whitespace */ } if (cp >= buf + size - 1) break; *cp++ = (char)c; } *cp = '\0'; if (cp == buf) empty_token = 1; return (cp != buf); } /* * int * getttl(fp, fn, ln, ttl, multiline) * read a word from the file and parse it as a TTL. * return: * 1 ttl found * 0 word not read (EOF or EOL?) * -1 word read but it wasn't a ttl * side effects: * *ttl is written if the return value is to be 1. */ static int getttl(FILE *fp, const char *fn, int lineno, u_int32_t *ttl, int *multiline) { char buf[MAXDATA]; u_long tmp; int ch; int len; while (!feof(fp) && !getword(buf, sizeof buf, fp, 0) && *multiline) (void)NULL; len = strlen(buf); if (*multiline && len && buf[len-1] == ')') { buf[len-1] = '\0'; *multiline = 0; } if (ns_parse_ttl(buf, &tmp) < 0) { ns_notice(ns_log_db, "%s:%d: expected a TTL, got \"%s\"", fn, lineno, buf); return (-1); } if (*multiline) { ch = getnonblank(fp, fn); if (ch == EOF) return (-1); if (ch == ';') endline(fp); else ungetc(ch, fp); } *ttl = (u_int32_t)tmp; return (1); } /* Get multiline words. Same parameters as getword. Handles any number of leading ('s or )'s in the words it sees. FIXME: We kludge recognition of ( and ) for multiline input. Each paren must appear at the start of a (blank-separated) word, which is particularly counter-intuitive for ). Good enough for now, until Paul rewrites the parser. (gnu@toad.com, oct96) */ static int getmlword(char *buf, size_t size, FILE *fp, int preserve) { char *p; do { while (!getword (buf, size, fp, preserve)) { /* No more words on this line. See if doing the multiline thing. */ if (!getmlword_nesting) { /* Nope... */ ungetc('\n', fp); /* Push back newline */ lineno--; /* Unbump the lineno */ empty_token = 0; /* Undo this botch */ return 0; } if (feof(fp) || ferror(fp)) return 0; /* Error, no terminating ')' */ /* Continue reading til we get a word... */ } while ('(' == *buf) { /* Word starts with paren. Multiline mode. Move the rest of the word down over the paren. */ getmlword_nesting++; p = buf; while (0 != (p[0]=p[1])) p++; } while (')' == *buf) { getmlword_nesting--; p = buf; while (0 != (p[0]=p[1])) p++; } } while (buf[0] == 0); /* loop til we get a non-( non-) word */ return 1; /* Got a word... */ } /* Get all the remaining words on a line, concatenated into one big long (not too long!) string, with the whitespace squeezed out. This routine, like getword(), does not swallow the newline if words seen. This routine, unlike getword(), never swallows the newline if no words. Parameters are the same as getword(). Result is: 0 got no words at all 1 got one or more words -1 got too many words, they don't all fit; or missing close paren */ static int getallwords(char *buf, size_t size, FILE *fp, int preserve) { char *runningbuf = buf; int runningsize = size; int len; while (runningsize > 0) { if (!getmlword (runningbuf, runningsize, fp, preserve)) { return runningbuf!=buf; /* 1 or 0 */ } len = strlen(runningbuf); runningbuf += len; runningsize -= len; } return -1; /* Error, String too long */ } int getnum(FILE *fp, const char *src, int opt) { int c, n; int seendigit = 0; int seendecimal = 0; int m = 0; int allow_dots = 0; getnum_error = 0; #ifdef DOTTED_SERIAL if (opt & GETNUM_SERIAL) allow_dots++; #endif for (n = 0; (c = getc(fp)) != EOF; ) { if (isspace(c)) { if (c == '\n') lineno++; if (seendigit) break; continue; } if (c == ';') { while ((c = getc(fp)) != EOF && c != '\n') ; if (c == '\n') lineno++; if (seendigit) break; continue; } if (getnum_error) continue; if (!isdigit(c)) { if (c == ')' && seendigit) { (void) ungetc(c, fp); break; } if (seendigit && (opt & GETNUM_SCALED) && strchr("KkMmGg", c) != NULL) { switch (c) { case 'K': case 'k': n *= 1024; break; case 'M': case 'm': n *= (1024 * 1024); break; case 'G': case 'g': n *= (1024 * 1024 * 1024); break; } break; } if (seendecimal || c != '.' || !allow_dots) { ns_notice(ns_log_db, "%s:%d: expected a number", src, lineno); getnum_error = 1; } else { if (!seendigit) n = 1; #ifdef SENSIBLE_DOTS n *= 10000; #else n *= 1000; #endif seendigit = 1; seendecimal = 1; } continue; } #ifdef SENSIBLE_DOTS if (seendecimal) m = m * 10 + (c - '0'); else n = n * 10 + (c - '0'); #else n = n * 10 + (c - '0'); #endif seendigit = 1; } if (getnum_error) return (0); if (m > 9999) { ns_info(ns_log_db, "%s:%d: number after the decimal point exceeds 9999", src, lineno); getnum_error = 1; return (0); } if (seendecimal) { ns_info(ns_log_db, "%s:%d: decimal serial number interpreted as %d", src, lineno, n+m); } return (n + m); } #ifndef BIND_UPDATE static #endif int getnonblank(FILE *fp, const char *src) { int c; while ((c = getc(fp)) != EOF) { if (isspace(c)) { if (c == '\n') lineno++; continue; } if (c == ';') { while ((c = getc(fp)) != EOF && c != '\n') ; if (c == '\n') lineno++; continue; } return (c); } ns_info(ns_log_db, "%s:%d: unexpected EOF", src, lineno); return (EOF); } /* * Take name and fix it according to following rules: * "." means root. * "@" means current origin. * "name." means no changes. * "name" means append origin. */ int makename(char *name, const char *origin, int size) { int n; u_char domain[MAXCDNAME]; switch (ns_name_pton(name, domain, sizeof(domain))) { case -1: return (-1); case 1: /* FULLY QUALIFIED */ break; case 0: /* UNQUALIFIED */ if (strcmp(name, "@") == 0) /* must test raw name */ domain[0] = 0; if ((n = dn_skipname(domain, domain+sizeof(domain))) == -1) return (-1); /* step back over root, append origin */ switch (ns_name_pton(origin, domain+n-1, sizeof(domain)-n+1)) { case -1: return (-1); case 0: case 1: break; } break; } if (ns_name_ntop(domain, name, size) == -1) return (-1); if (name[0] == '.') /* root */ name[0] = '\0'; return (0); } static int makename_ok(char *name, const char *origin, int class, struct zoneinfo *zp, enum transport transport, enum context context, const char *owner, const char *filename, int lineno, int size) { int ret = 1; if (makename(name, origin, size) == -1) { ns_info(ns_log_db, "%s:%d: makename failed", filename, lineno); return (0); } if (!ns_nameok(name, class, zp, transport, context, owner, inaddr_any)) { ns_info(ns_log_db, "%s:%d: database naming error", filename, lineno); ret = 0; } return (ret); } void endline(FILE *fp) { int c; while ((c = getc(fp)) != '\0') { if (c == '\n') { (void) ungetc(c,fp); break; } else if (c == EOF) { break; } } } #define MAXPORT 1024 #define MAXLEN 24 #ifndef BIND_UPDATE static #endif char getprotocol(FILE *fp, const char *src) { int k; char b[MAXLEN]; (void) getword(b, sizeof(b), fp, 0); k = protocolnumber(b); if (k == -1) ns_info(ns_log_db, "%s:%d: unknown protocol: %s.", src, lineno, b); return ((char) k); } #ifndef BIND_UPDATE static #endif int getservices(int offset, char *data, FILE *fp, const char *src) { int j, ch, k, maxl, bracket; char bm[MAXPORT/8]; char b[MAXLEN]; for (j = 0; j < MAXPORT/8; j++) bm[j] = 0; maxl = 0; bracket = 0; while (getword(b, sizeof(b), fp, 0) || bracket) { if (feof(fp) || ferror(fp)) break; if (strlen(b) == 0) continue; if (b[0] == '(') { bracket++; continue; } if (b[0] == ')') { bracket = 0; while ((ch = getc(fp)) != EOF && ch != '\n') (void)NULL; if (ch == '\n') lineno++; break; } k = servicenumber(b); if (k == -1) { ns_info(ns_log_db, "%s:%d: Unknown service '%s'", src, lineno, b); continue; } if ((k < MAXPORT) && (k)) { bm[k/8] |= (0x80>>(k%8)); if (k > maxl) maxl = k; } else { ns_info(ns_log_db, "%s:%d: port no. (%d) too big", src, lineno, k); } } if (bracket) ns_info(ns_log_db, "%s:%d: missing close paren", src, lineno); maxl = maxl/8+1; memcpy(data+offset, bm, maxl); return (maxl+offset); } /* * Converts a word to a u_int32_t. Error if any non-numeric * characters in the word, except leading or trailing white space. */ static u_int32_t wordtouint32(buf) char *buf; { u_long result; u_int32_t res2; char *bufend; wordtouint32_error = 0; result = strtoul(buf, &bufend, 0); if (bufend == buf) wordtouint32_error = 1; else while ('\0' != *bufend) { if (isspace(*bufend)) bufend++; else { wordtouint32_error = 1; break; } } /* Check for truncation between u_long and u_int32_t */ res2 = result; if (res2 != result) wordtouint32_error = 1; return (res2); } /* * Parse part of a date. Set error flag if any error. * Don't reset the flag if there is no error. */ static int datepart(const char *buf, int size, int min, int max, int *errp) { int result = 0; int i; for (i = 0; i < size; i++) { if (!isdigit(buf[i])) *errp = 1; result = (result * 10) + buf[i] - '0'; } if (result < min) *errp = 1; if (result > max) *errp = 1; return (result); } /* Convert a date in ASCII into the number of seconds since 1 January 1970 (GMT assumed). Format is yyyymmddhhmmss, all digits required, no spaces allowed. */ static u_int32_t datetosecs(const char *cp, int *errp) { struct tm time; u_int32_t result; int mdays, i; static const int days_per_month[12] = {31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31}; if (strlen(cp) != 14) { *errp = 1; return 0; } *errp = 0; memset(&time, 0, sizeof time); time.tm_year = datepart(cp + 0, 4, 1990, 9999, errp) - 1900; time.tm_mon = datepart(cp + 4, 2, 01, 12, errp) - 1; time.tm_mday = datepart(cp + 6, 2, 01, 31, errp); time.tm_hour = datepart(cp + 8, 2, 00, 23, errp); time.tm_min = datepart(cp + 10, 2, 00, 59, errp); time.tm_sec = datepart(cp + 12, 2, 00, 59, errp); if (*errp) /* Any parse errors? */ return (0); /* * OK, now because timegm() is not available in all environments, * we will do it by hand. Roll up sleeves, curse the gods, begin! */ #define SECS_PER_DAY ((u_int32_t)24*60*60) #define isleap(y) ((((y) % 4) == 0 && ((y) % 100) != 0) || ((y) % 400) == 0) result = time.tm_sec; /* Seconds */ result += time.tm_min * 60; /* Minutes */ result += time.tm_hour * (60*60); /* Hours */ result += (time.tm_mday - 1) * SECS_PER_DAY; /* Days */ /* Months are trickier. Look without leaping, then leap */ mdays = 0; for (i = 0; i < time.tm_mon; i++) mdays += days_per_month[i]; result += mdays * SECS_PER_DAY; /* Months */ if (time.tm_mon > 1 && isleap (1900+time.tm_year)) result += SECS_PER_DAY; /* Add leapday for this year */ /* First figure years without leapdays, then add them in. */ /* The loop is slow, FIXME, but simple and accurate. */ result += (time.tm_year - 70) * (SECS_PER_DAY*365); /* Years */ for (i = 70; i < time.tm_year; i++) if (isleap (1900+i)) result += SECS_PER_DAY; /* Add leapday for prev year */ return (result); } #define MAXCHARSTRING 255 static int getcharstring(char *buf, char *data, int type, int minfields, int maxfields, FILE *fp, const char *src) { int nfield = 0, done = 0, n = 0, i; char *b = buf; do { nfield++; i = strlen(buf); #ifdef ALLOW_LONG_TXT_RDATA b = buf; if (type == ns_t_txt || type == ns_t_x25) { while (i > MAXCHARSTRING && n + MAXCHARSTRING + 1 < MAXDATA) { data[n] = MAXCHARSTRING; memmove(data + n + 1, b, MAXCHARSTRING); n += MAXCHARSTRING + 1; b += MAXCHARSTRING; i -= MAXCHARSTRING; } } #endif /* ALLOW_LONG_TXT_RDATA */ if (i > MAXCHARSTRING) { ns_info(ns_log_db, "%s:%d: RDATA field %d too long", src, lineno, nfield); return (0); } if (n + i + 1 > MAXDATA) { ns_info(ns_log_db, "%s:%d: total RDATA too long", src, lineno); return (0); } data[n] = i; memmove(data + n + 1, b, (int)i); n += i + 1; done = (maxfields && nfield >= maxfields); } while (!done && getword(buf, MAXDATA, fp, 0)); if (nfield < minfields) { ns_info(ns_log_db, "%s:%d: expected %d RDATA fields, only saw %d", src, lineno, minfields, nfield); return (0); } if (done) endline(fp); return (n); } /* * get_nxt_types(): Read the list of types in the NXT record. * * Data is the array where the bit flags are stored; it must * contain at least ns_t_any/NS_NXT_BITS bytes. * FP is the input FILE *. * Filename is the sourcefile * * The result is how many bytes are significant in the result. * ogud@tis.com 1995 */ static int get_nxt_types(u_char *data, FILE *fp, const char *filename) { char b[MAXLABEL]; /* Not quite the right size, but good enough */ int maxtype=0; int success; int type; int errs = 0; memset(data, 0, ns_t_any/NS_NXT_BITS+1); while (getmlword(b, sizeof(b), fp, 0)) { if (feof(fp) || ferror(fp)) break; if (strlen(b) == 0 || b[0] == '\n') continue; /* Parse RR type (A, MX, etc) */ type = sym_ston(__p_type_syms, (char *)b, &success); if ((!success) || type == ns_t_any) { errs++; ns_info(ns_log_db, "%s: Line %d: Unknown type: %s in NXT record.", filename, lineno, b); continue; } NS_NXT_BIT_SET(type, data); if (type > maxtype) maxtype = type; } if (errs) return (0); else return (maxtype/NS_NXT_BITS+1); } /* sanity checks PRIMARY ONLY */ static void fixup_soa(const char *fn, struct zoneinfo *zp) { /* Sanity: give enough time for the zone to transfer (retry). */ if (zp->z_expire < (zp->z_refresh + zp->z_retry)) ns_notice(ns_log_db, "%s: WARNING SOA expire value is less than SOA refresh+retry (%u < %u+%u)", fn, zp->z_expire, zp->z_refresh, zp->z_retry); /* Sanity. */ if (zp->z_expire < (zp->z_refresh + 10 * zp->z_retry)) ns_warning(ns_log_db, "%s: WARNING SOA expire value is less than refresh + 10 * retry \ (%u < (%u + 10 * %u))", fn, zp->z_expire, zp->z_refresh, zp->z_retry); /* * Sanity: most hardware/telco faults are detected and fixed within * a week, secondaries should continue to operate for this time. * (minimum of 4 days for long weekends) */ if (zp->z_expire < (7 * 24 * 3600)) ns_warning(ns_log_db, "%s: WARNING SOA expire value is less than 7 days (%u)", fn, zp->z_expire); /* * Sanity: maximum down time if we havn't talked for six months * war must have broken out. */ if (zp->z_expire > ( 183 * 24 * 3600)) ns_warning(ns_log_db, "%s: WARNING SOA expire value is greater than 6 months (%u)", fn, zp->z_expire); /* Sanity. */ if (zp->z_refresh < (zp->z_retry * 2)) ns_warning(ns_log_db, "%s: WARNING SOA refresh value is less than 2 * retry (%u < %u * 2)", fn, zp->z_refresh, zp->z_retry); } #ifdef BIND_NOTIFY static void free_notify_info(notify_info ni) { if (ni->state == notify_info_waitfor) evUnwait(ev, ni->wait_id); else if (ni->state == notify_info_delay) evClearTimer(ev, ni->timer_id); freestr(ni->name); memput(ni, sizeof *ni); } void notify_after_load(evContext ctx, void *uap, const void *tag) { int delay, max_delay; notify_info ni = uap; INSIST(tag == (const void *)notify_after_load); /* delay notification for from five seconds up to fifteen minutes */ max_delay = MIN(nzones/5, 895); max_delay = MAX(max_delay, 25); delay = 5 + (rand() % max_delay); ns_debug(ns_log_notify, 3, "notify_after_load: uap %p tag %p delay %d", uap, tag, delay); if (evSetTimer(ctx, notify_after_delay, ni, evAddTime(evNowTime(), evConsTime(delay, 0)), evConsTime(0, 0), &ni->timer_id) < 0) { ns_error(ns_log_notify, "evSetTimer() failed: %s", strerror(errno)); UNLINK(pending_notifies, ni, link); ni->state = notify_info_error; free_notify_info(ni); } ni->state = notify_info_delay; } static void notify_after_delay(evContext ctx, void *uap, struct timespec due, struct timespec inter) { notify_info ni = uap; UNLINK(pending_notifies, ni, link); ni->state = notify_info_done; sysnotify(ni->name, ni->class, ns_t_soa); free_notify_info(ni); } void db_cancel_pending_notifies(void) { notify_info ni, ni_next; for (ni = HEAD(pending_notifies); ni != NULL; ni = ni_next) { ni_next = NEXT(ni, link); free_notify_info(ni); } INIT_LIST(pending_notifies); } #endif