"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "bin/named/controlconf.c" between
bind-9.17.3.tar.xz and bind-9.17.4.tar.xz

About: BIND 9.17 implements the Domain Name System (DNS) protocols for the Internet (see the Release Notes). Source code distribution. Unstable development release.

controlconf.c  (bind-9.17.3.tar.xz):controlconf.c  (bind-9.17.4.tar.xz)
skipping to change at line 24 skipping to change at line 24
#include <inttypes.h> #include <inttypes.h>
#include <stdbool.h> #include <stdbool.h>
#include <isc/base64.h> #include <isc/base64.h>
#include <isc/buffer.h> #include <isc/buffer.h>
#include <isc/event.h> #include <isc/event.h>
#include <isc/file.h> #include <isc/file.h>
#include <isc/mem.h> #include <isc/mem.h>
#include <isc/net.h> #include <isc/net.h>
#include <isc/netaddr.h> #include <isc/netaddr.h>
#include <isc/netmgr.h>
#include <isc/nonce.h> #include <isc/nonce.h>
#include <isc/random.h> #include <isc/random.h>
#include <isc/result.h> #include <isc/result.h>
#include <isc/stdtime.h> #include <isc/stdtime.h>
#include <isc/string.h> #include <isc/string.h>
#include <isc/timer.h> #include <isc/task.h>
#include <isc/util.h> #include <isc/util.h>
#include <dns/result.h> #include <dns/result.h>
#include <isccc/alist.h> #include <isccc/alist.h>
#include <isccc/cc.h> #include <isccc/cc.h>
#include <isccc/ccmsg.h> #include <isccc/ccmsg.h>
#include <isccc/events.h> #include <isccc/events.h>
#include <isccc/result.h> #include <isccc/result.h>
#include <isccc/sexpr.h> #include <isccc/sexpr.h>
skipping to change at line 52 skipping to change at line 53
#include <isccfg/namedconf.h> #include <isccfg/namedconf.h>
#include <bind9/check.h> #include <bind9/check.h>
#include <named/config.h> #include <named/config.h>
#include <named/control.h> #include <named/control.h>
#include <named/log.h> #include <named/log.h>
#include <named/server.h> #include <named/server.h>
/*
* Note: Listeners and connections are not locked. All event handlers are
* executed by the server task, and all callers of exported routines must
* be running under the server task.
*/
typedef struct controlkey controlkey_t; typedef struct controlkey controlkey_t;
typedef ISC_LIST(controlkey_t) controlkeylist_t; typedef ISC_LIST(controlkey_t) controlkeylist_t;
typedef struct controlconnection controlconnection_t; typedef struct controlconnection controlconnection_t;
typedef ISC_LIST(controlconnection_t) controlconnectionlist_t; typedef ISC_LIST(controlconnection_t) controlconnectionlist_t;
typedef struct controllistener controllistener_t; typedef struct controllistener controllistener_t;
typedef ISC_LIST(controllistener_t) controllistenerlist_t; typedef ISC_LIST(controllistener_t) controllistenerlist_t;
struct controlkey { struct controlkey {
char *keyname; char *keyname;
uint32_t algorithm; uint32_t algorithm;
isc_region_t secret; isc_region_t secret;
ISC_LINK(controlkey_t) link; ISC_LINK(controlkey_t) link;
}; };
struct controlconnection { struct controlconnection {
isc_socket_t *sock; isc_nmhandle_t *handle;
isccc_ccmsg_t ccmsg; isccc_ccmsg_t ccmsg;
bool ccmsg_valid; bool ccmsg_valid;
bool sending; bool sending;
isc_timer_t *timer;
isc_buffer_t *buffer;
controllistener_t *listener; controllistener_t *listener;
isccc_sexpr_t *ctrl;
isc_buffer_t *buffer;
isc_buffer_t *text;
isccc_sexpr_t *request;
isccc_sexpr_t *response;
uint32_t alg;
isccc_region_t secret;
uint32_t nonce; uint32_t nonce;
isc_stdtime_t now;
isc_result_t result;
ISC_LINK(controlconnection_t) link; ISC_LINK(controlconnection_t) link;
}; };
struct controllistener { struct controllistener {
named_controls_t *controls; named_controls_t *controls;
isc_mem_t *mctx; isc_mem_t *mctx;
isc_task_t *task;
isc_sockaddr_t address; isc_sockaddr_t address;
isc_socket_t *sock; isc_nmsocket_t *sock;
dns_acl_t *acl; dns_acl_t *acl;
bool listening; bool listening;
bool exiting; bool exiting;
controlkeylist_t keys; controlkeylist_t keys;
controlconnectionlist_t connections; controlconnectionlist_t connections;
isc_sockettype_t type; isc_socktype_t type;
uint32_t perm; uint32_t perm;
uint32_t owner; uint32_t owner;
uint32_t group; uint32_t group;
bool readonly; bool readonly;
ISC_LINK(controllistener_t) link; ISC_LINK(controllistener_t) link;
}; };
struct named_controls { struct named_controls {
named_server_t *server; named_server_t *server;
controllistenerlist_t listeners; controllistenerlist_t listeners;
bool shuttingdown; bool shuttingdown;
isccc_symtab_t *symtab; isccc_symtab_t *symtab;
}; };
static isc_result_t
control_newconn(isc_nmhandle_t *handle, isc_result_t result, void *arg);
static void static void
control_newconn(isc_task_t *task, isc_event_t *event); control_recvmessage(isc_nmhandle_t *handle, isc_result_t result, void *arg);
static void
control_recvmessage(isc_task_t *task, isc_event_t *event);
#define CLOCKSKEW 300 #define CLOCKSKEW 300
static void static void
free_controlkey(controlkey_t *key, isc_mem_t *mctx) { free_controlkey(controlkey_t *key, isc_mem_t *mctx) {
if (key->keyname != NULL) { if (key->keyname != NULL) {
isc_mem_free(mctx, key->keyname); isc_mem_free(mctx, key->keyname);
} }
if (key->secret.base != NULL) { if (key->secret.base != NULL) {
isc_mem_put(mctx, key->secret.base, key->secret.length); isc_mem_put(mctx, key->secret.base, key->secret.length);
skipping to change at line 146 skipping to change at line 147
} }
} }
static void static void
free_listener(controllistener_t *listener) { free_listener(controllistener_t *listener) {
INSIST(listener->exiting); INSIST(listener->exiting);
INSIST(!listener->listening); INSIST(!listener->listening);
INSIST(ISC_LIST_EMPTY(listener->connections)); INSIST(ISC_LIST_EMPTY(listener->connections));
if (listener->sock != NULL) { if (listener->sock != NULL) {
isc_socket_detach(&listener->sock); isc_nmsocket_close(&listener->sock);
} }
free_controlkeylist(&listener->keys, listener->mctx); free_controlkeylist(&listener->keys, listener->mctx);
if (listener->acl != NULL) { if (listener->acl != NULL) {
dns_acl_detach(&listener->acl); dns_acl_detach(&listener->acl);
} }
isc_mem_putanddetach(&listener->mctx, listener, sizeof(*listener)); isc_mem_putanddetach(&listener->mctx, listener, sizeof(*listener));
} }
skipping to change at line 168 skipping to change at line 169
static void static void
maybe_free_listener(controllistener_t *listener) { maybe_free_listener(controllistener_t *listener) {
if (listener->exiting && !listener->listening && if (listener->exiting && !listener->listening &&
ISC_LIST_EMPTY(listener->connections)) ISC_LIST_EMPTY(listener->connections))
{ {
free_listener(listener); free_listener(listener);
} }
} }
static void static void
maybe_free_connection(controlconnection_t *conn) {
controllistener_t *listener = conn->listener;
if (conn->buffer != NULL) {
isc_buffer_free(&conn->buffer);
}
if (conn->timer != NULL) {
isc_timer_detach(&conn->timer);
}
if (conn->ccmsg_valid) {
isccc_ccmsg_cancelread(&conn->ccmsg);
return;
}
if (conn->sending) {
isc_socket_cancel(conn->sock, listener->task,
ISC_SOCKCANCEL_SEND);
return;
}
ISC_LIST_UNLINK(listener->connections, conn, link);
#ifdef ENABLE_AFL
if (named_g_fuzz_type == isc_fuzz_rndc) {
named_fuzz_notify();
}
#endif /* ifdef ENABLE_AFL */
isc_mem_put(listener->mctx, conn, sizeof(*conn));
}
static void
shutdown_listener(controllistener_t *listener) { shutdown_listener(controllistener_t *listener) {
controlconnection_t *conn;
controlconnection_t *next;
if (!listener->exiting) { if (!listener->exiting) {
char socktext[ISC_SOCKADDR_FORMATSIZE]; char socktext[ISC_SOCKADDR_FORMATSIZE];
ISC_LIST_UNLINK(listener->controls->listeners, listener, link); ISC_LIST_UNLINK(listener->controls->listeners, listener, link);
isc_sockaddr_format(&listener->address, socktext, isc_sockaddr_format(&listener->address, socktext,
sizeof(socktext)); sizeof(socktext));
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE, NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
"stopping command channel on %s", socktext); "stopping command channel on %s", socktext);
if (listener->type == isc_sockettype_unix) { #if 0
/* XXX: no unix domain socket support */
if (listener->type == isc_socktype_unix) {
isc_socket_cleanunix(&listener->address, true); isc_socket_cleanunix(&listener->address, true);
} }
#endif
listener->exiting = true; listener->exiting = true;
listener->listening = false;
} }
for (conn = ISC_LIST_HEAD(listener->connections); conn != NULL; isc_nm_stoplistening(listener->sock);
conn = next) {
next = ISC_LIST_NEXT(conn, link);
maybe_free_connection(conn);
}
if (listener->listening) {
isc_socket_cancel(listener->sock, listener->task,
ISC_SOCKCANCEL_ACCEPT);
return;
}
maybe_free_listener(listener); maybe_free_listener(listener);
} }
static bool static bool
address_ok(isc_sockaddr_t *sockaddr, dns_acl_t *acl) { address_ok(isc_sockaddr_t *sockaddr, controllistener_t *listener) {
dns_aclenv_t *env = dns_aclenv_t *env =
ns_interfacemgr_getaclenv(named_g_server->interfacemgr); ns_interfacemgr_getaclenv(named_g_server->interfacemgr);
isc_netaddr_t netaddr; isc_netaddr_t netaddr;
isc_result_t result; isc_result_t result;
int match; int match;
isc_netaddr_fromsockaddr(&netaddr, sockaddr); /* ACL doesn't apply to unix domain sockets */
if (listener->type != isc_socktype_tcp) {
result = dns_acl_match(&netaddr, NULL, acl, env, &match, NULL); return (true);
return (result == ISC_R_SUCCESS && match > 0);
}
static isc_result_t
control_accept(controllistener_t *listener) {
isc_result_t result;
result = isc_socket_accept(listener->sock, listener->task,
control_newconn, listener);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_socket_accept() failed: %s",
isc_result_totext(result));
} else {
listener->listening = true;
} }
return (result);
}
static isc_result_t
control_listen(controllistener_t *listener) {
isc_result_t result;
result = isc_socket_listen(listener->sock, 0); isc_netaddr_fromsockaddr(&netaddr, sockaddr);
if (result != ISC_R_SUCCESS) {
UNEXPECTED_ERROR(__FILE__, __LINE__,
"isc_socket_listen() failed: %s",
isc_result_totext(result));
}
return (result);
}
static void result = dns_acl_match(&netaddr, NULL, listener->acl, env, &match,
control_next(controllistener_t *listener) { NULL);
(void)control_accept(listener); return (result == ISC_R_SUCCESS && match > 0);
} }
static void static void
control_senddone(isc_task_t *task, isc_event_t *event) { control_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
isc_socketevent_t *sevent = (isc_socketevent_t *)event; controlconnection_t *conn = (controlconnection_t *)arg;
controlconnection_t *conn = event->ev_arg;
controllistener_t *listener = conn->listener; controllistener_t *listener = conn->listener;
isc_socket_t *sock = (isc_socket_t *)sevent->ev_sender; isc_sockaddr_t peeraddr = isc_nmhandle_peeraddr(handle);
isc_result_t result;
REQUIRE(conn->sending); REQUIRE(conn->sending);
UNUSED(task);
conn->sending = false; conn->sending = false;
if (sevent->result != ISC_R_SUCCESS && sevent->result != ISC_R_CANCELED) isc_nmhandle_unref(handle);
{
if (result == ISC_R_CANCELED) {
return;
} else if (result != ISC_R_SUCCESS) {
char socktext[ISC_SOCKADDR_FORMATSIZE]; char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t peeraddr;
(void)isc_socket_getpeername(sock, &peeraddr);
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext)); isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING, NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"error sending command response to %s: %s", "error sending command response to %s: %s",
socktext, isc_result_totext(sevent->result)); socktext, isc_result_totext(result));
return;
} }
isc_event_free(&event);
result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task, result = isccc_ccmsg_readmessage(&conn->ccmsg, control_recvmessage,
control_recvmessage, conn); conn);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
isc_socket_detach(&conn->sock);
maybe_free_connection(conn);
maybe_free_listener(listener); maybe_free_listener(listener);
} }
listener->listening = true;
} }
static inline void static inline void
log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) { log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
char socktext[ISC_SOCKADDR_FORMATSIZE]; char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_t peeraddr; isc_sockaddr_t peeraddr = isc_nmhandle_peeraddr(ccmsg->handle);
(void)isc_socket_getpeername(ccmsg->sock, &peeraddr);
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext)); isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_ERROR, NAMED_LOGMODULE_CONTROL, ISC_LOG_ERROR,
"invalid command from %s: %s", socktext, "invalid command from %s: %s", socktext,
isc_result_totext(result)); isc_result_totext(result));
} }
static void static void
control_recvmessage(isc_task_t *task, isc_event_t *event) { control_respond(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
controlconnection_t *conn = NULL; controlconnection_t *conn = (controlconnection_t *)arg;
controllistener_t *listener = NULL; controllistener_t *listener = conn->listener;
controlkey_t *key = NULL; isccc_sexpr_t *data = NULL;
isccc_sexpr_t *request = NULL;
isccc_sexpr_t *response = NULL;
uint32_t algorithm;
isccc_region_t secret;
isc_stdtime_t now;
isc_buffer_t b; isc_buffer_t b;
isc_region_t r; isc_region_t r;
isc_buffer_t *text;
isc_result_t result; result = isccc_cc_createresponse(conn->request, conn->now,
isc_result_t eresult; conn->now + 60, &conn->response);
isccc_sexpr_t *_ctrl = NULL; if (result != ISC_R_SUCCESS) {
goto cleanup;
}
data = isccc_alist_lookup(conn->response, "_data");
if (data != NULL) {
if (isccc_cc_defineuint32(data, "result", conn->result) == NULL)
{
goto cleanup;
}
}
if (conn->result != ISC_R_SUCCESS) {
if (data != NULL) {
const char *estr = isc_result_totext(conn->result);
if (isccc_cc_definestring(data, "err", estr) == NULL) {
goto cleanup;
}
}
}
if (isc_buffer_usedlength(conn->text) > 0) {
if (data != NULL) {
char *str = (char *)isc_buffer_base(conn->text);
if (isccc_cc_definestring(data, "text", str) == NULL) {
goto cleanup;
}
}
}
conn->ctrl = isccc_alist_lookup(conn->response, "_ctrl");
if (conn->ctrl == NULL ||
isccc_cc_defineuint32(conn->ctrl, "_nonce", conn->nonce) == NULL)
{
goto cleanup;
}
if (conn->buffer == NULL) {
isc_buffer_allocate(listener->mctx, &conn->buffer, 2 * 2048);
}
isc_buffer_clear(conn->buffer);
/* Skip the length field (4 bytes) */
isc_buffer_add(conn->buffer, 4);
result = isccc_cc_towire(conn->response, &conn->buffer, conn->alg,
&conn->secret);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
isc_buffer_init(&b, conn->buffer->base, 4);
isc_buffer_putuint32(&b, conn->buffer->used - 4);
r.base = conn->buffer->base;
r.length = conn->buffer->used;
isc_nmhandle_ref(handle);
conn->sending = true;
result = isc_nm_send(handle, &r, control_senddone, conn);
if (result != ISC_R_SUCCESS) {
isc_nmhandle_unref(handle);
conn->sending = false;
}
cleanup:
if (conn->response != NULL) {
isccc_sexpr_free(&conn->response);
}
if (conn->request != NULL) {
isccc_sexpr_free(&conn->request);
}
if (conn->secret.rstart != NULL) {
isc_mem_put(listener->mctx, conn->secret.rstart,
REGION_SIZE(conn->secret));
}
if (conn->text != NULL) {
isc_buffer_free(&conn->text);
}
}
static void
control_command(isc_task_t *task, isc_event_t *event) {
controlconnection_t *conn = event->ev_arg;
controllistener_t *listener = conn->listener;
UNUSED(task);
/*
* An extra ref and two unrefs are needed here to
* ensure the handle isn't cleaned up if we're running
* an "rndc stop" command.
*/
isc_nmhandle_ref(conn->handle);
conn->result = named_control_docommand(conn->request,
listener->readonly, &conn->text);
control_respond(conn->handle, conn->result, conn);
isc_nmhandle_unref(conn->handle);
isc_nmhandle_unref(conn->handle);
isc_event_free(&event);
}
static void
control_recvmessage(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
controlconnection_t *conn = (controlconnection_t *)arg;
controllistener_t *listener = conn->listener;
controlkey_t *key = NULL;
isc_event_t *event = NULL;
isccc_time_t sent; isccc_time_t sent;
isccc_time_t exp; isccc_time_t exp;
uint32_t nonce; uint32_t nonce;
isccc_sexpr_t *data = NULL;
REQUIRE(event->ev_type == ISCCC_EVENT_CCMSG); conn->ccmsg_valid = false;
conn = event->ev_arg;
listener = conn->listener;
algorithm = DST_ALG_UNKNOWN;
secret.rstart = NULL;
text = NULL;
/* Is the server shutting down? */ /* Is the server shutting down? */
if (listener->controls->shuttingdown) { if (listener->controls->shuttingdown) {
goto cleanup; return;
} }
if (conn->ccmsg.result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
if (conn->ccmsg.result != ISC_R_CANCELED && if (result == ISC_R_CANCELED) {
conn->ccmsg.result != ISC_R_EOF) { /*
log_invalid(&conn->ccmsg, conn->ccmsg.result); * Don't bother with any more scheduled command events.
*/
listener->controls->shuttingdown = true;
isc_task_purge(named_g_server->task, NULL,
NAMED_EVENT_COMMAND, NULL);
} else if (result != ISC_R_EOF) {
log_invalid(&conn->ccmsg, result);
} }
goto cleanup;
}
request = NULL; return;
}
for (key = ISC_LIST_HEAD(listener->keys); key != NULL; for (key = ISC_LIST_HEAD(listener->keys); key != NULL;
key = ISC_LIST_NEXT(key, link)) key = ISC_LIST_NEXT(key, link))
{ {
isccc_region_t ccregion; isccc_region_t ccregion;
ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer); ccregion.rstart = isc_buffer_base(conn->ccmsg.buffer);
ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer); ccregion.rend = isc_buffer_used(conn->ccmsg.buffer);
secret.rstart = isc_mem_get(listener->mctx, key->secret.length); conn->secret.rstart = isc_mem_get(listener->mctx,
memmove(secret.rstart, key->secret.base, key->secret.length); key->secret.length);
secret.rend = secret.rstart + key->secret.length; memmove(conn->secret.rstart, key->secret.base,
algorithm = key->algorithm; key->secret.length);
result = isccc_cc_fromwire(&ccregion, &request, algorithm, conn->secret.rend = conn->secret.rstart + key->secret.length;
&secret); conn->alg = key->algorithm;
result = isccc_cc_fromwire(&ccregion, &conn->request, conn->alg,
&conn->secret);
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
break; break;
} }
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); isc_mem_put(listener->mctx, conn->secret.rstart,
REGION_SIZE(conn->secret));
if (result != ISCCC_R_BADAUTH) { if (result != ISCCC_R_BADAUTH) {
log_invalid(&conn->ccmsg, result); log_invalid(&conn->ccmsg, result);
goto cleanup; return;
} }
} }
if (key == NULL) { if (key == NULL) {
log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
goto cleanup; goto cleanup;
} }
/* We shouldn't be getting a reply. */ /* We shouldn't be getting a reply. */
if (isccc_cc_isreply(request)) { if (isccc_cc_isreply(conn->request)) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE); log_invalid(&conn->ccmsg, ISC_R_FAILURE);
goto cleanup_request; goto cleanup;
} }
isc_stdtime_get(&now); isc_stdtime_get(&conn->now);
/* /*
* Limit exposure to replay attacks. * Limit exposure to replay attacks.
*/ */
_ctrl = isccc_alist_lookup(request, "_ctrl"); conn->ctrl = isccc_alist_lookup(conn->request, "_ctrl");
if (!isccc_alist_alistp(_ctrl)) { if (!isccc_alist_alistp(conn->ctrl)) {
log_invalid(&conn->ccmsg, ISC_R_FAILURE); log_invalid(&conn->ccmsg, ISC_R_FAILURE);
goto cleanup_request; goto cleanup;
} }
if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) { if (isccc_cc_lookupuint32(conn->ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) { if ((sent + CLOCKSKEW) < conn->now ||
(sent - CLOCKSKEW) > conn->now) {
log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW); log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW);
goto cleanup_request; goto cleanup;
} }
} else { } else {
log_invalid(&conn->ccmsg, ISC_R_FAILURE); log_invalid(&conn->ccmsg, ISC_R_FAILURE);
goto cleanup_request; goto cleanup;
} }
/* /*
* Expire messages that are too old. * Expire messages that are too old.
*/ */
if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS && if (isccc_cc_lookupuint32(conn->ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
now > exp) { conn->now > exp)
{
log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED); log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED);
goto cleanup_request; goto cleanup;
} }
/* /*
* Duplicate suppression (required for UDP). * Duplicate suppression (required for UDP).
*/ */
isccc_cc_cleansymtab(listener->controls->symtab, now); isccc_cc_cleansymtab(listener->controls->symtab, conn->now);
result = isccc_cc_checkdup(listener->controls->symtab, request, now); result = isccc_cc_checkdup(listener->controls->symtab, conn->request,
conn->now);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
if (result == ISC_R_EXISTS) { if (result == ISC_R_EXISTS) {
result = ISCCC_R_DUPLICATE; result = ISCCC_R_DUPLICATE;
} }
log_invalid(&conn->ccmsg, result); log_invalid(&conn->ccmsg, result);
goto cleanup_request; goto cleanup;
} }
if (conn->nonce != 0 && if (conn->nonce != 0 &&
(isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS || (isccc_cc_lookupuint32(conn->ctrl, "_nonce", &nonce) !=
ISC_R_SUCCESS ||
conn->nonce != nonce)) conn->nonce != nonce))
{ {
log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH); log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
goto cleanup_request; goto cleanup;
} }
isc_buffer_allocate(listener->mctx, &text, 2 * 2048); isc_buffer_allocate(listener->mctx, &conn->text, 2 * 2048);
conn->ccmsg_valid = true;
/*
* Establish nonce.
*/
if (conn->nonce == 0) { if (conn->nonce == 0) {
/*
* Establish nonce.
*/
while (conn->nonce == 0) { while (conn->nonce == 0) {
isc_nonce_buf(&conn->nonce, sizeof(conn->nonce)); isc_nonce_buf(&conn->nonce, sizeof(conn->nonce));
} }
eresult = ISC_R_SUCCESS; conn->result = ISC_R_SUCCESS;
} else { control_respond(handle, result, conn);
eresult = named_control_docommand(request, listener->readonly, return;
&text);
}
result = isccc_cc_createresponse(request, now, now + 60, &response);
if (result != ISC_R_SUCCESS) {
goto cleanup_request;
} }
data = isccc_alist_lookup(response, "_data"); /*
if (data != NULL) { * Trigger the command.
if (isccc_cc_defineuint32(data, "result", eresult) == NULL) { */
goto cleanup_response; isc_nmhandle_ref(handle);
} event = isc_event_allocate(listener->mctx, conn, NAMED_EVENT_COMMAND,
} control_command, conn, sizeof(isc_event_t));
isc_task_send(named_g_server->task, &event);
return;
if (eresult != ISC_R_SUCCESS) { cleanup:
if (data != NULL) { if (conn->response != NULL) {
const char *estr = isc_result_totext(eresult); isccc_sexpr_free(&conn->response);
if (isccc_cc_definestring(data, "err", estr) == NULL) {
goto cleanup_response;
}
}
} }
if (conn->request != NULL) {
if (isc_buffer_usedlength(text) > 0) { isccc_sexpr_free(&conn->request);
if (data != NULL) {
char *str = (char *)isc_buffer_base(text);
if (isccc_cc_definestring(data, "text", str) == NULL) {
goto cleanup_response;
}
}
} }
_ctrl = isccc_alist_lookup(response, "_ctrl"); if (conn->secret.rstart != NULL) {
if (_ctrl == NULL || isc_mem_put(listener->mctx, conn->secret.rstart,
isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL) REGION_SIZE(conn->secret));
{
goto cleanup_response;
} }
if (conn->text != NULL) {
if (conn->buffer == NULL) { isc_buffer_free(&conn->text);
isc_buffer_allocate(listener->mctx, &conn->buffer, 2 * 2048);
} }
}
isc_buffer_clear(conn->buffer); static void
/* Skip the length field (4 bytes) */ conn_reset(void *arg) {
isc_buffer_add(conn->buffer, 4); controlconnection_t *conn = (controlconnection_t *)arg;
controllistener_t *listener = conn->listener;
result = isccc_cc_towire(response, &conn->buffer, algorithm, &secret); if (conn->buffer != NULL) {
if (result != ISC_R_SUCCESS) { isc_buffer_free(&conn->buffer);
goto cleanup_response;
} }
isc_buffer_init(&b, conn->buffer->base, 4); if (conn->ccmsg_valid) {
isc_buffer_putuint32(&b, conn->buffer->used - 4); isccc_ccmsg_cancelread(&conn->ccmsg);
return;
r.base = conn->buffer->base;
r.length = conn->buffer->used;
result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
if (result != ISC_R_SUCCESS) {
goto cleanup_response;
} }
conn->sending = true;
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret)); ISC_LIST_UNLINK(listener->connections, conn, link);
isccc_sexpr_free(&request); #ifdef ENABLE_AFL
isccc_sexpr_free(&response); if (named_g_fuzz_type == isc_fuzz_rndc) {
isc_buffer_free(&text); named_fuzz_notify();
return;
cleanup_response:
isccc_sexpr_free(&response);
cleanup_request:
isccc_sexpr_free(&request);
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
if (text != NULL) {
isc_buffer_free(&text);
} }
#endif /* ifdef ENABLE_AFL */
cleanup:
isc_socket_detach(&conn->sock);
isccc_ccmsg_invalidate(&conn->ccmsg); isccc_ccmsg_invalidate(&conn->ccmsg);
conn->ccmsg_valid = false;
maybe_free_connection(conn);
maybe_free_listener(listener);
} }
static void static void
control_timeout(isc_task_t *task, isc_event_t *event) { conn_put(void *arg) {
controlconnection_t *conn = event->ev_arg; controlconnection_t *conn = (controlconnection_t *)arg;
controllistener_t *listener = conn->listener;
UNUSED(task);
isc_timer_detach(&conn->timer); isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
maybe_free_connection(conn); NAMED_LOGMODULE_CONTROL, ISC_LOG_DEBUG(3),
"freeing control connection");
isc_event_free(&event); maybe_free_listener(listener);
} }
static isc_result_t static isc_result_t
newconnection(controllistener_t *listener, isc_socket_t *sock) { newconnection(controllistener_t *listener, isc_nmhandle_t *handle) {
controlconnection_t *conn; controlconnection_t *conn = NULL;
isc_interval_t interval;
isc_result_t result; isc_result_t result;
conn = isc_mem_get(listener->mctx, sizeof(*conn)); conn = isc_nmhandle_getdata(handle);
if (conn == NULL) {
conn = isc_nmhandle_getextra(handle);
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_DEBUG(3),
"allocate new control connection");
*conn = (controlconnection_t){ .handle = NULL };
}
if (conn->handle == NULL) {
isc_nmhandle_setdata(handle, conn, conn_reset, conn_put);
} else {
INSIST(conn->handle == handle);
}
*conn = (controlconnection_t){ .handle = handle,
.listener = listener,
.ccmsg_valid = true,
.alg = DST_ALG_UNKNOWN };
conn->sock = sock; isccc_ccmsg_init(listener->mctx, handle, &conn->ccmsg);
isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
/* Set a 32 KiB upper limit on incoming message. */ /* Set a 32 KiB upper limit on incoming message. */
isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768); isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768);
conn->ccmsg_valid = true;
conn->sending = false;
conn->buffer = NULL;
conn->timer = NULL;
isc_interval_set(&interval, 60, 0);
result = isc_timer_create(named_g_timermgr, isc_timertype_once, NULL,
&interval, listener->task, control_timeout,
conn, &conn->timer);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
conn->listener = listener;
conn->nonce = 0;
ISC_LINK_INIT(conn, link); ISC_LINK_INIT(conn, link);
result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task, result = isccc_ccmsg_readmessage(&conn->ccmsg, control_recvmessage,
control_recvmessage, conn); conn);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
goto cleanup; goto cleanup;
} }
ISC_LIST_APPEND(listener->connections, conn, link); ISC_LIST_APPEND(listener->connections, conn, link);
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
cleanup: cleanup:
if (conn->buffer != NULL) { if (conn->buffer != NULL) {
isc_buffer_free(&conn->buffer); isc_buffer_free(&conn->buffer);
} }
isccc_ccmsg_invalidate(&conn->ccmsg); isccc_ccmsg_invalidate(&conn->ccmsg);
if (conn->timer != NULL) {
isc_timer_detach(&conn->timer);
}
isc_mem_put(listener->mctx, conn, sizeof(*conn)); isc_mem_put(listener->mctx, conn, sizeof(*conn));
#ifdef ENABLE_AFL #ifdef ENABLE_AFL
if (named_g_fuzz_type == isc_fuzz_rndc) { if (named_g_fuzz_type == isc_fuzz_rndc) {
named_fuzz_notify(); named_fuzz_notify();
} }
#endif /* ifdef ENABLE_AFL */ #endif /* ifdef ENABLE_AFL */
return (result); return (result);
} }
static void static isc_result_t
control_newconn(isc_task_t *task, isc_event_t *event) { control_newconn(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event; controllistener_t *listener = arg;
controllistener_t *listener = event->ev_arg;
isc_socket_t *sock;
isc_sockaddr_t peeraddr; isc_sockaddr_t peeraddr;
isc_result_t result;
UNUSED(task);
REQUIRE(listener->listening);
listener->listening = false; listener->listening = false;
if (nevent->result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
if (nevent->result == ISC_R_CANCELED) { if (result == ISC_R_CANCELED) {
shutdown_listener(listener); shutdown_listener(listener);
goto cleanup;
} }
goto restart; return (result);
} }
sock = nevent->newsocket; peeraddr = isc_nmhandle_peeraddr(handle);
if (!address_ok(&peeraddr, listener)) {
/* Is the server shutting down? */
if (listener->controls->shuttingdown) {
isc_socket_detach(&sock);
shutdown_listener(listener);
goto cleanup;
}
isc_socket_setname(sock, "control", NULL);
(void)isc_socket_getpeername(sock, &peeraddr);
if (listener->type == isc_sockettype_tcp &&
!address_ok(&peeraddr, listener->acl))
{
char socktext[ISC_SOCKADDR_FORMATSIZE]; char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext)); isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING, NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"rejected command channel message from %s", "rejected command channel message from %s",
socktext); socktext);
isc_socket_detach(&sock); return (ISC_R_FAILURE);
goto restart;
} }
result = newconnection(listener, sock); result = newconnection(listener, handle);
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
char socktext[ISC_SOCKADDR_FORMATSIZE]; char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext)); isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING, NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"dropped command channel from %s: %s", socktext, "dropped command channel from %s: %s", socktext,
isc_result_totext(result)); isc_result_totext(result));
isc_socket_detach(&sock); return (result);
goto restart;
} }
restart: return (ISC_R_SUCCESS);
control_next(listener);
cleanup:
isc_event_free(&event);
} }
static void static void
controls_shutdown(named_controls_t *controls) { controls_shutdown(named_controls_t *controls) {
controllistener_t *listener; controllistener_t *listener = NULL;
controllistener_t *next; controllistener_t *next = NULL;
for (listener = ISC_LIST_HEAD(controls->listeners); listener != NULL; for (listener = ISC_LIST_HEAD(controls->listeners); listener != NULL;
listener = next) listener = next)
{ {
/* /*
* This is asynchronous. As listeners shut down, they will * This is asynchronous. As listeners shut down, they will
* call their callbacks. * call their callbacks.
*/ */
next = ISC_LIST_NEXT(listener, link); next = ISC_LIST_NEXT(listener, link);
shutdown_listener(listener); shutdown_listener(listener);
skipping to change at line 720 skipping to change at line 697
void void
named_controls_shutdown(named_controls_t *controls) { named_controls_shutdown(named_controls_t *controls) {
controls_shutdown(controls); controls_shutdown(controls);
controls->shuttingdown = true; controls->shuttingdown = true;
} }
static isc_result_t static isc_result_t
cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname, cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
const cfg_obj_t **objp) { const cfg_obj_t **objp) {
const cfg_listelt_t *element; const cfg_listelt_t *element = NULL;
const char *str; const char *str = NULL;
const cfg_obj_t *obj; const cfg_obj_t *obj = NULL;
for (element = cfg_list_first(keylist); element != NULL; for (element = cfg_list_first(keylist); element != NULL;
element = cfg_list_next(element)) element = cfg_list_next(element))
{ {
obj = cfg_listelt_value(element); obj = cfg_listelt_value(element);
str = cfg_obj_asstring(cfg_map_getname(obj)); str = cfg_obj_asstring(cfg_map_getname(obj));
if (strcasecmp(str, keyname) == 0) { if (strcasecmp(str, keyname) == 0) {
break; break;
} }
} }
skipping to change at line 744 skipping to change at line 721
return (ISC_R_NOTFOUND); return (ISC_R_NOTFOUND);
} }
obj = cfg_listelt_value(element); obj = cfg_listelt_value(element);
*objp = obj; *objp = obj;
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
static void static void
controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx, controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
controlkeylist_t *keyids) { controlkeylist_t *keyids) {
const cfg_listelt_t *element; const cfg_listelt_t *element = NULL;
char *newstr = NULL; char *newstr = NULL;
const char *str; const char *str = NULL;
const cfg_obj_t *obj; const cfg_obj_t *obj = NULL;
controlkey_t *key; controlkey_t *key = NULL;
for (element = cfg_list_first(keylist); element != NULL; for (element = cfg_list_first(keylist); element != NULL;
element = cfg_list_next(element)) element = cfg_list_next(element))
{ {
obj = cfg_listelt_value(element); obj = cfg_listelt_value(element);
str = cfg_obj_asstring(obj); str = cfg_obj_asstring(obj);
newstr = isc_mem_strdup(mctx, str); newstr = isc_mem_strdup(mctx, str);
key = isc_mem_get(mctx, sizeof(*key)); key = isc_mem_get(mctx, sizeof(*key));
key->keyname = newstr; key->keyname = newstr;
key->algorithm = DST_ALG_UNKNOWN; key->algorithm = DST_ALG_UNKNOWN;
skipping to change at line 770 skipping to change at line 747
key->secret.length = 0; key->secret.length = 0;
ISC_LINK_INIT(key, link); ISC_LINK_INIT(key, link);
ISC_LIST_APPEND(*keyids, key, link); ISC_LIST_APPEND(*keyids, key, link);
newstr = NULL; newstr = NULL;
} }
} }
static void static void
register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist, register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext) { controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext) {
controlkey_t *keyid, *next; controlkey_t *keyid = NULL, *next = NULL;
const cfg_obj_t *keydef; const cfg_obj_t *keydef = NULL;
char secret[1024]; char secret[1024];
isc_buffer_t b; isc_buffer_t b;
isc_result_t result; isc_result_t result;
/* /*
* Find the keys corresponding to the keyids used by this listener. * Find the keys corresponding to the keyids used by this listener.
*/ */
for (keyid = ISC_LIST_HEAD(*keyids); keyid != NULL; keyid = next) { for (keyid = ISC_LIST_HEAD(*keyids); keyid != NULL; keyid = next) {
next = ISC_LIST_NEXT(keyid, link); next = ISC_LIST_NEXT(keyid, link);
skipping to change at line 804 skipping to change at line 781
const char *secretstr = NULL; const char *secretstr = NULL;
unsigned int algtype; unsigned int algtype;
(void)cfg_map_get(keydef, "algorithm", &algobj); (void)cfg_map_get(keydef, "algorithm", &algobj);
(void)cfg_map_get(keydef, "secret", &secretobj); (void)cfg_map_get(keydef, "secret", &secretobj);
INSIST(algobj != NULL && secretobj != NULL); INSIST(algobj != NULL && secretobj != NULL);
algstr = cfg_obj_asstring(algobj); algstr = cfg_obj_asstring(algobj);
secretstr = cfg_obj_asstring(secretobj); secretstr = cfg_obj_asstring(secretobj);
if (named_config_getkeyalgorithm2(algstr, NULL, result = named_config_getkeyalgorithm2(algstr, NULL,
&algtype, NULL) != &algtype, NULL);
ISC_R_SUCCESS) if (result != ISC_R_SUCCESS) {
{
cfg_obj_log(control, named_g_lctx, cfg_obj_log(control, named_g_lctx,
ISC_LOG_WARNING, ISC_LOG_WARNING,
"unsupported algorithm '%s' in " "unsupported algorithm '%s' in "
"key '%s' for use with command " "key '%s' for use with command "
"channel %s", "channel %s",
algstr, keyid->keyname, socktext); algstr, keyid->keyname, socktext);
ISC_LIST_UNLINK(*keyids, keyid, link); ISC_LIST_UNLINK(*keyids, keyid, link);
free_controlkey(keyid, mctx); free_controlkey(keyid, mctx);
continue; continue;
} }
skipping to change at line 844 skipping to change at line 820
keyid->secret.length = isc_buffer_usedlength(&b); keyid->secret.length = isc_buffer_usedlength(&b);
keyid->secret.base = isc_mem_get(mctx, keyid->secret.base = isc_mem_get(mctx,
keyid->secret.length); keyid->secret.length);
memmove(keyid->secret.base, isc_buffer_base(&b), memmove(keyid->secret.base, isc_buffer_base(&b),
keyid->secret.length); keyid->secret.length);
} }
} }
} }
#define CHECK(x) \ #define CHECK(x) \
do { \ do { \
result = (x); \ result = (x); \
if (result != ISC_R_SUCCESS) \ if (result != ISC_R_SUCCESS) { \
goto cleanup; \ goto cleanup; \
} \
} while (0) } while (0)
static isc_result_t static isc_result_t
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) { get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
isc_result_t result; isc_result_t result;
cfg_parser_t *pctx = NULL; cfg_parser_t *pctx = NULL;
cfg_obj_t *config = NULL; cfg_obj_t *config = NULL;
const cfg_obj_t *key = NULL; const cfg_obj_t *key = NULL;
const cfg_obj_t *algobj = NULL; const cfg_obj_t *algobj = NULL;
const cfg_obj_t *secretobj = NULL; const cfg_obj_t *secretobj = NULL;
skipping to change at line 898 skipping to change at line 875
CHECK(bind9_check_key(key, named_g_lctx)); CHECK(bind9_check_key(key, named_g_lctx));
(void)cfg_map_get(key, "algorithm", &algobj); (void)cfg_map_get(key, "algorithm", &algobj);
(void)cfg_map_get(key, "secret", &secretobj); (void)cfg_map_get(key, "secret", &secretobj);
INSIST(algobj != NULL && secretobj != NULL); INSIST(algobj != NULL && secretobj != NULL);
algstr = cfg_obj_asstring(algobj); algstr = cfg_obj_asstring(algobj);
secretstr = cfg_obj_asstring(secretobj); secretstr = cfg_obj_asstring(secretobj);
if (named_config_getkeyalgorithm2(algstr, NULL, &algtype, NULL) != result = named_config_getkeyalgorithm2(algstr, NULL, &algtype, NULL);
ISC_R_SUCCESS) if (result != ISC_R_SUCCESS) {
{
cfg_obj_log(key, named_g_lctx, ISC_LOG_WARNING, cfg_obj_log(key, named_g_lctx, ISC_LOG_WARNING,
"unsupported algorithm '%s' in " "unsupported algorithm '%s' in "
"key '%s' for use with command " "key '%s' for use with command "
"channel", "channel",
algstr, keyid->keyname); algstr, keyid->keyname);
goto cleanup; goto cleanup;
} }
keyid->algorithm = algtype; keyid->algorithm = algtype;
isc_buffer_init(&b, secret, sizeof(secret)); isc_buffer_init(&b, secret, sizeof(secret));
skipping to change at line 972 skipping to change at line 948
*global_keylistp = global_keylist; *global_keylistp = global_keylist;
*control_keylistp = control_keylist; *control_keylistp = control_keylist;
} }
} }
} }
static void static void
update_listener(named_controls_t *cp, controllistener_t **listenerp, update_listener(named_controls_t *cp, controllistener_t **listenerp,
const cfg_obj_t *control, const cfg_obj_t *config, const cfg_obj_t *control, const cfg_obj_t *config,
isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx, isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
const char *socktext, isc_sockettype_t type) { const char *socktext, isc_socktype_t type) {
controllistener_t *listener; controllistener_t *listener = NULL;
const cfg_obj_t *allow; const cfg_obj_t *allow = NULL;
const cfg_obj_t *global_keylist = NULL; const cfg_obj_t *global_keylist = NULL;
const cfg_obj_t *control_keylist = NULL; const cfg_obj_t *control_keylist = NULL;
dns_acl_t *new_acl = NULL; dns_acl_t *new_acl = NULL;
controlkeylist_t keys; controlkeylist_t keys;
isc_result_t result = ISC_R_SUCCESS; isc_result_t result = ISC_R_SUCCESS;
for (listener = ISC_LIST_HEAD(cp->listeners); listener != NULL; for (listener = ISC_LIST_HEAD(cp->listeners); listener != NULL;
listener = ISC_LIST_NEXT(listener, link)) listener = ISC_LIST_NEXT(listener, link))
{ {
if (isc_sockaddr_equal(addr, &listener->address)) { if (isc_sockaddr_equal(addr, &listener->address)) {
skipping to change at line 1057 skipping to change at line 1033
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING, NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"couldn't install new keys for " "couldn't install new keys for "
"command channel %s: %s", "command channel %s: %s",
socktext, isc_result_totext(result)); socktext, isc_result_totext(result));
} }
} }
/* /*
* Now, keep the old access list unless a new one can be made. * Now, keep the old access list unless a new one can be made.
*/ */
if (control != NULL && type == isc_sockettype_tcp) { if (control != NULL && type == isc_socktype_tcp) {
allow = cfg_tuple_get(control, "allow"); allow = cfg_tuple_get(control, "allow");
result = cfg_acl_fromconfig(allow, config, named_g_lctx, result = cfg_acl_fromconfig(allow, config, named_g_lctx,
aclconfctx, listener->mctx, 0, aclconfctx, listener->mctx, 0,
&new_acl); &new_acl);
} else { } else {
result = dns_acl_any(listener->mctx, &new_acl); result = dns_acl_any(listener->mctx, &new_acl);
} }
if (control != NULL) { if (control != NULL) {
const cfg_obj_t *readonly; const cfg_obj_t *readonly = NULL;
readonly = cfg_tuple_get(control, "read-only"); readonly = cfg_tuple_get(control, "read-only");
if (!cfg_obj_isvoid(readonly)) { if (!cfg_obj_isvoid(readonly)) {
listener->readonly = cfg_obj_asboolean(readonly); listener->readonly = cfg_obj_asboolean(readonly);
} }
} }
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
dns_acl_detach(&listener->acl); dns_acl_detach(&listener->acl);
dns_acl_attach(new_acl, &listener->acl); dns_acl_attach(new_acl, &listener->acl);
skipping to change at line 1093 skipping to change at line 1069
"command channel %s: %s", "command channel %s: %s",
socktext, isc_result_totext(result)); socktext, isc_result_totext(result));
} else { } else {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING, NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"couldn't install new acl for " "couldn't install new acl for "
"command channel %s: %s", "command channel %s: %s",
socktext, isc_result_totext(result)); socktext, isc_result_totext(result));
} }
if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) { if (result == ISC_R_SUCCESS && type == isc_socktype_unix) {
uint32_t perm, owner, group; uint32_t perm, owner, group;
perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm")); perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
owner = cfg_obj_asuint32(cfg_tuple_get(control, "owner")); owner = cfg_obj_asuint32(cfg_tuple_get(control, "owner"));
group = cfg_obj_asuint32(cfg_tuple_get(control, "group")); group = cfg_obj_asuint32(cfg_tuple_get(control, "group"));
result = ISC_R_SUCCESS; result = ISC_R_SUCCESS;
if (listener->perm != perm || listener->owner != owner || if (listener->perm != perm || listener->owner != owner ||
listener->group != group) listener->group != group)
{ {
result = isc_socket_permunix(&listener->address, perm, result = isc_socket_permunix(&listener->address, perm,
owner, group); owner, group);
skipping to change at line 1124 skipping to change at line 1100
} }
} }
*listenerp = listener; *listenerp = listener;
} }
static void static void
add_listener(named_controls_t *cp, controllistener_t **listenerp, add_listener(named_controls_t *cp, controllistener_t **listenerp,
const cfg_obj_t *control, const cfg_obj_t *config, const cfg_obj_t *control, const cfg_obj_t *config,
isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx, isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
const char *socktext, isc_sockettype_t type) { const char *socktext, isc_socktype_t type) {
isc_mem_t *mctx = cp->server->mctx; isc_mem_t *mctx = cp->server->mctx;
controllistener_t *listener; controllistener_t *listener = NULL;
const cfg_obj_t *allow; const cfg_obj_t *allow = NULL;
const cfg_obj_t *global_keylist = NULL; const cfg_obj_t *global_keylist = NULL;
const cfg_obj_t *control_keylist = NULL; const cfg_obj_t *control_keylist = NULL;
dns_acl_t *new_acl = NULL; dns_acl_t *new_acl = NULL;
isc_result_t result = ISC_R_SUCCESS; isc_result_t result = ISC_R_SUCCESS;
int pf;
listener = isc_mem_get(mctx, sizeof(*listener)); listener = isc_mem_get(mctx, sizeof(*listener));
*listener = (controllistener_t){ .controls = cp,
listener->mctx = NULL; .address = *addr,
.type = type };
isc_mem_attach(mctx, &listener->mctx); isc_mem_attach(mctx, &listener->mctx);
listener->controls = cp;
listener->task = cp->server->task;
listener->address = *addr;
listener->sock = NULL;
listener->listening = false;
listener->exiting = false;
listener->acl = NULL;
listener->type = type;
listener->perm = 0;
listener->owner = 0;
listener->group = 0;
listener->readonly = false;
ISC_LINK_INIT(listener, link); ISC_LINK_INIT(listener, link);
ISC_LIST_INIT(listener->keys); ISC_LIST_INIT(listener->keys);
ISC_LIST_INIT(listener->connections); ISC_LIST_INIT(listener->connections);
/* /*
* Make the acl. * Make the ACL.
*/ */
if (control != NULL && type == isc_sockettype_tcp) { if (control != NULL && type == isc_socktype_tcp) {
allow = cfg_tuple_get(control, "allow"); const cfg_obj_t *readonly = NULL;
result = cfg_acl_fromconfig(allow, config, named_g_lctx,
aclconfctx, mctx, 0, &new_acl);
} else {
result = dns_acl_any(mctx, &new_acl);
}
if ((result == ISC_R_SUCCESS) && (control != NULL)) { allow = cfg_tuple_get(control, "allow");
const cfg_obj_t *readonly; CHECK(cfg_acl_fromconfig(allow, config, named_g_lctx,
aclconfctx, mctx, 0, &new_acl));
readonly = cfg_tuple_get(control, "read-only"); readonly = cfg_tuple_get(control, "read-only");
if (!cfg_obj_isvoid(readonly)) { if (!cfg_obj_isvoid(readonly)) {
listener->readonly = cfg_obj_asboolean(readonly); listener->readonly = cfg_obj_asboolean(readonly);
} }
} else {
CHECK(dns_acl_any(mctx, &new_acl));
} }
if (result == ISC_R_SUCCESS) { dns_acl_attach(new_acl, &listener->acl);
dns_acl_attach(new_acl, &listener->acl); dns_acl_detach(&new_acl);
dns_acl_detach(&new_acl);
if (config != NULL) {
get_key_info(config, control, &global_keylist,
&control_keylist);
}
if (control_keylist != NULL) { if (config != NULL) {
controlkeylist_fromcfg(control_keylist, listener->mctx, get_key_info(config, control, &global_keylist,
&listener->keys); &control_keylist);
register_keys(control, global_keylist, &listener->keys, }
listener->mctx, socktext);
} else {
result = get_rndckey(mctx, &listener->keys);
}
if (control_keylist != NULL) {
controlkeylist_fromcfg(control_keylist, listener->mctx,
&listener->keys);
register_keys(control, global_keylist, &listener->keys,
listener->mctx, socktext);
} else {
result = get_rndckey(mctx, &listener->keys);
if (result != ISC_R_SUCCESS && control != NULL) { if (result != ISC_R_SUCCESS && control != NULL) {
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING, cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
"couldn't install keys for " "couldn't install keys for "
"command channel %s: %s", "command channel %s: %s",
socktext, isc_result_totext(result)); socktext, isc_result_totext(result));
} }
} }
if (result == ISC_R_SUCCESS) { pf = isc_sockaddr_pf(&listener->address);
int pf = isc_sockaddr_pf(&listener->address); if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
#ifndef _WIN32 #ifndef _WIN32
(pf == AF_UNIX && isc_net_probeunix() != ISC_R_SUCCESS) || (pf == AF_UNIX && isc_net_probeunix() != ISC_R_SUCCESS) ||
#endif #endif /* ifdef _WIN32 */
(pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS)) (pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
{ {
result = ISC_R_FAMILYNOSUPPORT; CHECK(ISC_R_FAMILYNOSUPPORT);
}
} }
if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) { #if 0
/* XXX: no unix socket support yet */
if (type == isc_socktype_unix) {
isc_socket_cleanunix(&listener->address, false); isc_socket_cleanunix(&listener->address, false);
} }
#endif
if (result == ISC_R_SUCCESS) { CHECK(isc_nm_listentcp(named_g_nm, (isc_nmiface_t *)&listener->address,
result = isc_socket_create(named_g_socketmgr, control_newconn, listener,
isc_sockaddr_pf(&listener->address), sizeof(controlconnection_t), 5, NULL,
type, &listener->sock); &listener->sock));
} listener->listening = true;
if (result == ISC_R_SUCCESS) { #if 0
isc_socket_setname(listener->sock, "control", NULL); /* XXX: no unix socket support yet */
} if (type == isc_socktype_unix) {
#ifndef ISC_ALLOW_MAPPED
if (result == ISC_R_SUCCESS) {
isc_socket_ipv6only(listener->sock, true);
}
#endif /* ifndef ISC_ALLOW_MAPPED */
if (result == ISC_R_SUCCESS) {
result = isc_socket_bind(listener->sock, &listener->address,
ISC_SOCKET_REUSEADDRESS);
}
if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
listener->perm = listener->perm =
cfg_obj_asuint32(cfg_tuple_get(control, "perm")); cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
listener->owner = listener->owner =
cfg_obj_asuint32(cfg_tuple_get(control, "owner")); cfg_obj_asuint32(cfg_tuple_get(control, "owner"));
listener->group = listener->group =
cfg_obj_asuint32(cfg_tuple_get(control, "group")); cfg_obj_asuint32(cfg_tuple_get(control, "group"));
result = isc_socket_permunix(&listener->address, listener->perm, result = isc_socket_permunix(&listener->address, listener->perm,
listener->owner, listener->group); listener->owner, listener->group);
} }
if (result == ISC_R_SUCCESS) { #endif
result = control_listen(listener);
}
if (result == ISC_R_SUCCESS) { isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
result = control_accept(listener); NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
"command channel listening on %s", socktext);
*listenerp = listener;
return;
cleanup:
if (listener != NULL) {
listener->exiting = true;
free_listener(listener);
} }
if (result == ISC_R_SUCCESS) { if (control != NULL) {
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
"couldn't add command channel %s: %s", socktext,
isc_result_totext(result));
} else {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE, NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
"command channel listening on %s", socktext); "couldn't add command channel %s: %s", socktext,
*listenerp = listener; isc_result_totext(result));
} else {
if (listener != NULL) {
listener->exiting = true;
free_listener(listener);
}
if (control != NULL) {
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
"couldn't add command channel %s: %s",
socktext, isc_result_totext(result));
} else {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
"couldn't add command channel %s: %s",
socktext, isc_result_totext(result));
}
*listenerp = NULL;
} }
*listenerp = NULL;
/* XXXDCL return error results? fail hard? */ /* XXXDCL return error results? fail hard? */
} }
isc_result_t isc_result_t
named_controls_configure(named_controls_t *cp, const cfg_obj_t *config, named_controls_configure(named_controls_t *cp, const cfg_obj_t *config,
cfg_aclconfctx_t *aclconfctx) { cfg_aclconfctx_t *aclconfctx) {
controllistener_t *listener; controllistener_t *listener = NULL;
controllistenerlist_t new_listeners; controllistenerlist_t new_listeners;
const cfg_obj_t *controlslist = NULL; const cfg_obj_t *controlslist = NULL;
const cfg_listelt_t *element, *element2; const cfg_listelt_t *element, *element2;
char socktext[ISC_SOCKADDR_FORMATSIZE]; char socktext[ISC_SOCKADDR_FORMATSIZE];
ISC_LIST_INIT(new_listeners); ISC_LIST_INIT(new_listeners);
/* /*
* Get the list of named.conf 'controls' statements. * Get the list of named.conf 'controls' statements.
*/ */
skipping to change at line 1309 skipping to change at line 1252
* are already being listened on and moving them to the new list. * are already being listened on and moving them to the new list.
* *
* Identifying duplicate addr/port combinations is left to either * Identifying duplicate addr/port combinations is left to either
* the underlying config code, or to the bind attempt getting an * the underlying config code, or to the bind attempt getting an
* address-in-use error. * address-in-use error.
*/ */
if (controlslist != NULL) { if (controlslist != NULL) {
for (element = cfg_list_first(controlslist); element != NULL; for (element = cfg_list_first(controlslist); element != NULL;
element = cfg_list_next(element)) element = cfg_list_next(element))
{ {
const cfg_obj_t *controls; const cfg_obj_t *controls = NULL;
const cfg_obj_t *inetcontrols = NULL; const cfg_obj_t *inetcontrols = NULL;
controls = cfg_listelt_value(element); controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "inet", &inetcontrols); (void)cfg_map_get(controls, "inet", &inetcontrols);
if (inetcontrols == NULL) { if (inetcontrols == NULL) {
continue; continue;
} }
for (element2 = cfg_list_first(inetcontrols); for (element2 = cfg_list_first(inetcontrols);
element2 != NULL; element2 != NULL;
element2 = cfg_list_next(element2)) element2 = cfg_list_next(element2))
{ {
const cfg_obj_t *control; const cfg_obj_t *control = NULL;
const cfg_obj_t *obj; const cfg_obj_t *obj = NULL;
isc_sockaddr_t addr; isc_sockaddr_t addr;
/* /*
* The parser handles BIND 8 configuration file * The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well * syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause. * inet phrases with no keys{} clause.
*/ */
control = cfg_listelt_value(element2); control = cfg_listelt_value(element2);
obj = cfg_tuple_get(control, "address"); obj = cfg_tuple_get(control, "address");
skipping to change at line 1352 skipping to change at line 1295
isc_log_write(named_g_lctx, isc_log_write(named_g_lctx,
NAMED_LOGCATEGORY_GENERAL, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, NAMED_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9), ISC_LOG_DEBUG(9),
"processing control channel %s", "processing control channel %s",
socktext); socktext);
update_listener(cp, &listener, control, config, update_listener(cp, &listener, control, config,
&addr, aclconfctx, socktext, &addr, aclconfctx, socktext,
isc_sockettype_tcp); isc_socktype_tcp);
if (listener != NULL) { if (listener != NULL) {
/* /*
* Remove the listener from the old * Remove the listener from the old
* list, so it won't be shut down. * list, so it won't be shut down.
*/ */
ISC_LIST_UNLINK(cp->listeners, listener, ISC_LIST_UNLINK(cp->listeners, listener,
link); link);
} else { } else {
/* /*
* This is a new listener. * This is a new listener.
*/ */
add_listener(cp, &listener, control, add_listener(cp, &listener, control,
config, &addr, aclconfctx, config, &addr, aclconfctx,
socktext, socktext,
isc_sockettype_tcp); isc_socktype_tcp);
} }
if (listener != NULL) { if (listener != NULL) {
ISC_LIST_APPEND(new_listeners, listener, ISC_LIST_APPEND(new_listeners, listener,
link); link);
} }
} }
} }
for (element = cfg_list_first(controlslist); element != NULL; for (element = cfg_list_first(controlslist); element != NULL;
element = cfg_list_next(element)) element = cfg_list_next(element))
{ {
const cfg_obj_t *controls; const cfg_obj_t *controls = NULL;
const cfg_obj_t *unixcontrols = NULL; const cfg_obj_t *unixcontrols = NULL;
controls = cfg_listelt_value(element); controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "unix", &unixcontrols); (void)cfg_map_get(controls, "unix", &unixcontrols);
if (unixcontrols == NULL) { if (unixcontrols == NULL) {
continue; continue;
} }
cfg_obj_log(controls, named_g_lctx, ISC_LOG_ERROR,
"UNIX domain sockets not yet supported");
return (ISC_R_FAILURE);
#if 0
/* XXX: no unix domain socket support in netmgr */
for (element2 = cfg_list_first(unixcontrols); for (element2 = cfg_list_first(unixcontrols);
element2 != NULL; element2 != NULL;
element2 = cfg_list_next(element2)) element2 = cfg_list_next(element2))
{ {
const cfg_obj_t *control; const cfg_obj_t *control = NULL;
const cfg_obj_t *path; const cfg_obj_t *path = NULL;
isc_sockaddr_t addr; isc_sockaddr_t addr;
isc_result_t result; isc_result_t result;
/* /*
* The parser handles BIND 8 configuration file * The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well * syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause. * inet phrases with no keys{} clause.
*/ */
control = cfg_listelt_value(element2); control = cfg_listelt_value(element2);
skipping to change at line 1430 skipping to change at line 1379
isc_log_write(named_g_lctx, isc_log_write(named_g_lctx,
NAMED_LOGCATEGORY_GENERAL, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, NAMED_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9), ISC_LOG_DEBUG(9),
"processing control channel '%s'", "processing control channel '%s'",
cfg_obj_asstring(path)); cfg_obj_asstring(path));
update_listener(cp, &listener, control, config, update_listener(cp, &listener, control, config,
&addr, aclconfctx, &addr, aclconfctx,
cfg_obj_asstring(path), cfg_obj_asstring(path),
isc_sockettype_unix); isc_socktype_unix);
if (listener != NULL) { if (listener != NULL) {
/* /*
* Remove the listener from the old * Remove the listener from the old
* list, so it won't be shut down. * list, so it won't be shut down.
*/ */
ISC_LIST_UNLINK(cp->listeners, listener, ISC_LIST_UNLINK(cp->listeners, listener,
link); link);
} else { } else {
/* /*
* This is a new listener. * This is a new listener.
*/ */
add_listener(cp, &listener, control, add_listener(cp, &listener, control,
config, &addr, aclconfctx, config, &addr, aclconfctx,
cfg_obj_asstring(path), cfg_obj_asstring(path),
isc_sockettype_unix); isc_socktype_unix);
} }
if (listener != NULL) { if (listener != NULL) {
ISC_LIST_APPEND(new_listeners, listener, ISC_LIST_APPEND(new_listeners, listener,
link); link);
} }
} }
#endif
} }
} else { } else {
int i; int i;
for (i = 0; i < 2; i++) { for (i = 0; i < 2; i++) {
isc_sockaddr_t addr; isc_sockaddr_t addr;
if (i == 0) { if (i == 0) {
struct in_addr localhost; struct in_addr localhost;
skipping to change at line 1481 skipping to change at line 1431
continue; continue;
} }
isc_sockaddr_fromin6(&addr, &in6addr_loopback, isc_sockaddr_fromin6(&addr, &in6addr_loopback,
0); 0);
} }
isc_sockaddr_setport(&addr, NAMED_CONTROL_PORT); isc_sockaddr_setport(&addr, NAMED_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext, sizeof(socktext)); isc_sockaddr_format(&addr, socktext, sizeof(socktext));
update_listener(cp, &listener, NULL, NULL, &addr, NULL, update_listener(cp, &listener, NULL, NULL, &addr, NULL,
socktext, isc_sockettype_tcp); socktext, isc_socktype_tcp);
if (listener != NULL) { if (listener != NULL) {
/* /*
* Remove the listener from the old * Remove the listener from the old
* list, so it won't be shut down. * list, so it won't be shut down.
*/ */
ISC_LIST_UNLINK(cp->listeners, listener, link); ISC_LIST_UNLINK(cp->listeners, listener, link);
} else { } else {
/* /*
* This is a new listener. * This is a new listener.
*/ */
add_listener(cp, &listener, NULL, NULL, &addr, add_listener(cp, &listener, NULL, NULL, &addr,
NULL, socktext, NULL, socktext, isc_socktype_tcp);
isc_sockettype_tcp);
} }
if (listener != NULL) { if (listener != NULL) {
ISC_LIST_APPEND(new_listeners, listener, link); ISC_LIST_APPEND(new_listeners, listener, link);
} }
} }
} }
/* /*
* named_control_shutdown() will stop whatever is on the global * named_control_shutdown() will stop whatever is on the global
 End of changes. 147 change blocks. 
465 lines changed or deleted 414 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)