Coverage Report

Created: 2025-08-26 06:59

/src/bind9/lib/dns/view.c
Line
Count
Source (jump to first uncovered line)
1
/*
2
 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3
 *
4
 * SPDX-License-Identifier: MPL-2.0
5
 *
6
 * This Source Code Form is subject to the terms of the Mozilla Public
7
 * License, v. 2.0. If a copy of the MPL was not distributed with this
8
 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
9
 *
10
 * See the COPYRIGHT file distributed with this work for additional
11
 * information regarding copyright ownership.
12
 */
13
14
/*! \file */
15
16
#include <inttypes.h>
17
#include <limits.h>
18
#include <stdbool.h>
19
20
#ifdef HAVE_LMDB
21
#include <lmdb.h>
22
#endif /* ifdef HAVE_LMDB */
23
24
#include <isc/async.h>
25
#include <isc/atomic.h>
26
#include <isc/dir.h>
27
#include <isc/file.h>
28
#include <isc/hash.h>
29
#include <isc/lex.h>
30
#include <isc/md.h>
31
#include <isc/result.h>
32
#include <isc/stats.h>
33
#include <isc/string.h>
34
#include <isc/urcu.h>
35
#include <isc/util.h>
36
37
#include <dns/acl.h>
38
#include <dns/adb.h>
39
#include <dns/badcache.h>
40
#include <dns/cache.h>
41
#include <dns/db.h>
42
#include <dns/dispatch.h>
43
#include <dns/dlz.h>
44
#include <dns/dns64.h>
45
#include <dns/dnssec.h>
46
#include <dns/forward.h>
47
#include <dns/keytable.h>
48
#include <dns/keyvalues.h>
49
#include <dns/master.h>
50
#include <dns/masterdump.h>
51
#include <dns/nametree.h>
52
#include <dns/nta.h>
53
#include <dns/order.h>
54
#include <dns/peer.h>
55
#include <dns/rdataset.h>
56
#include <dns/request.h>
57
#include <dns/resolver.h>
58
#include <dns/rpz.h>
59
#include <dns/rrl.h>
60
#include <dns/stats.h>
61
#include <dns/time.h>
62
#include <dns/transport.h>
63
#include <dns/tsig.h>
64
#include <dns/unreachcache.h>
65
#include <dns/view.h>
66
#include <dns/zone.h>
67
#include <dns/zt.h>
68
69
#define CHECK(op)                            \
70
0
  do {                                 \
71
0
    result = (op);               \
72
0
    if (result != ISC_R_SUCCESS) \
73
0
      goto cleanup;        \
74
0
  } while (0)
75
76
#define DNS_VIEW_DELONLYHASH 111
77
78
/*%
79
 * Default maximum number of chained queries before we give up
80
 * to prevent CNAME loops.
81
 */
82
2
#define DEFAULT_MAX_RESTARTS 11
83
84
/*%
85
 * Default EDNS0 buffer size
86
 */
87
2
#define DEFAULT_EDNS_BUFSIZE 1232
88
89
/* Exponental backoff from 10 seconds to 640 seconds */
90
4
#define UNREACH_HOLD_TIME_INITIAL_SEC ((uint16_t)10)
91
2
#define UNREACH_HOLD_TIME_MAX_SEC     (UNREACH_HOLD_TIME_INITIAL_SEC << 6)
92
2
#define UNREACH_BACKOFF_ELIGIBLE_SEC  ((uint16_t)120)
93
94
void
95
dns_view_create(isc_mem_t *mctx, dns_dispatchmgr_t *dispatchmgr,
96
    dns_rdataclass_t rdclass, const char *name,
97
2
    dns_view_t **viewp) {
98
2
  dns_view_t *view = NULL;
99
2
  isc_result_t result;
100
2
  char buffer[1024];
101
102
2
  REQUIRE(name != NULL);
103
2
  REQUIRE(viewp != NULL && *viewp == NULL);
104
105
2
  result = isc_file_sanitize(NULL, name, "nta", buffer, sizeof(buffer));
106
2
  RUNTIME_CHECK(result == ISC_R_SUCCESS);
107
108
2
  view = isc_mem_get(mctx, sizeof(*view));
109
2
  *view = (dns_view_t){
110
2
    .rdclass = rdclass,
111
2
    .name = isc_mem_strdup(mctx, name),
112
2
    .nta_file = isc_mem_strdup(mctx, buffer),
113
2
    .recursion = true,
114
2
    .enablevalidation = true,
115
2
    .minimalresponses = dns_minimal_no,
116
2
    .transfer_format = dns_one_answer,
117
2
    .msgcompression = true,
118
2
    .provideixfr = true,
119
2
    .maxcachettl = 7 * 24 * 3600,
120
2
    .maxncachettl = 3 * 3600,
121
2
    .dstport = 53,
122
2
    .staleanswerttl = 1,
123
2
    .staleanswersok = dns_stale_answer_conf,
124
2
    .sendcookie = true,
125
2
    .synthfromdnssec = true,
126
2
    .trust_anchor_telemetry = true,
127
2
    .root_key_sentinel = true,
128
2
    .udpsize = DEFAULT_EDNS_BUFSIZE,
129
2
    .max_restarts = DEFAULT_MAX_RESTARTS,
130
2
  };
131
132
2
  isc_refcount_init(&view->references, 1);
133
2
  isc_refcount_init(&view->weakrefs, 1);
134
135
2
  dns_fixedname_init(&view->redirectfixed);
136
137
2
  ISC_LIST_INIT(view->dlz_searched);
138
2
  ISC_LIST_INIT(view->dlz_unsearched);
139
2
  ISC_LIST_INIT(view->dns64);
140
141
2
  ISC_LINK_INIT(view, link);
142
143
2
  isc_mem_attach(mctx, &view->mctx);
144
145
2
  if (dispatchmgr != NULL) {
146
0
    dns_dispatchmgr_attach(dispatchmgr, &view->dispatchmgr);
147
0
  }
148
149
2
  isc_mutex_init(&view->lock);
150
151
2
  dns_zt_create(mctx, view, &view->zonetable);
152
153
2
  dns_fwdtable_create(mctx, view, &view->fwdtable);
154
155
2
  dns_tsigkeyring_create(view->mctx, &view->dynamickeys);
156
157
2
  view->failcache = dns_badcache_new(view->mctx);
158
159
2
  view->unreachcache = dns_unreachcache_new(
160
2
    view->mctx, UNREACH_HOLD_TIME_INITIAL_SEC,
161
2
    UNREACH_HOLD_TIME_MAX_SEC, UNREACH_BACKOFF_ELIGIBLE_SEC);
162
163
2
  isc_mutex_init(&view->new_zone_lock);
164
165
2
  dns_order_create(view->mctx, &view->order);
166
167
2
  dns_peerlist_new(view->mctx, &view->peers);
168
169
2
  dns_aclenv_create(view->mctx, &view->aclenv);
170
171
2
  dns_nametree_create(view->mctx, DNS_NAMETREE_COUNT, "sfd", &view->sfd);
172
173
2
  view->magic = DNS_VIEW_MAGIC;
174
2
  *viewp = view;
175
2
}
176
177
static void
178
0
destroy(dns_view_t *view) {
179
0
  dns_dns64_t *dns64 = NULL;
180
181
0
  REQUIRE(!ISC_LINK_LINKED(view, link));
182
183
0
  isc_refcount_destroy(&view->references);
184
0
  isc_refcount_destroy(&view->weakrefs);
185
186
0
  if (view->order != NULL) {
187
0
    dns_order_detach(&view->order);
188
0
  }
189
0
  if (view->peers != NULL) {
190
0
    dns_peerlist_detach(&view->peers);
191
0
  }
192
193
0
  if (view->dynamickeys != NULL) {
194
0
    isc_result_t result;
195
0
    char template[PATH_MAX];
196
0
    char keyfile[PATH_MAX];
197
0
    FILE *fp = NULL;
198
199
0
    result = isc_file_mktemplate(NULL, template, sizeof(template));
200
0
    if (result == ISC_R_SUCCESS) {
201
0
      (void)isc_file_openuniqueprivate(template, &fp);
202
0
    }
203
0
    if (fp != NULL) {
204
0
      result = dns_tsigkeyring_dump(view->dynamickeys, fp);
205
0
      if (result == ISC_R_SUCCESS) {
206
0
        if (fclose(fp) == 0) {
207
0
          result = isc_file_sanitize(
208
0
            NULL, view->name, "tsigkeys",
209
0
            keyfile, sizeof(keyfile));
210
0
          if (result == ISC_R_SUCCESS) {
211
0
            result = isc_file_rename(
212
0
              template, keyfile);
213
0
          }
214
0
        }
215
0
        if (result != ISC_R_SUCCESS) {
216
0
          (void)remove(template);
217
0
        }
218
0
      } else {
219
0
        (void)fclose(fp);
220
0
        (void)remove(template);
221
0
      }
222
0
    }
223
0
    dns_tsigkeyring_detach(&view->dynamickeys);
224
0
  }
225
0
  if (view->transports != NULL) {
226
0
    dns_transport_list_detach(&view->transports);
227
0
  }
228
0
  if (view->statickeys != NULL) {
229
0
    dns_tsigkeyring_detach(&view->statickeys);
230
0
  }
231
232
  /* These must have been detached in dns_view_detach() */
233
0
  INSIST(view->adb == NULL);
234
0
  INSIST(view->resolver == NULL);
235
0
  INSIST(view->requestmgr == NULL);
236
237
0
  dns_rrl_view_destroy(view);
238
0
  if (view->rpzs != NULL) {
239
0
    dns_rpz_zones_shutdown(view->rpzs);
240
0
    dns_rpz_zones_detach(&view->rpzs);
241
0
  }
242
0
  if (view->catzs != NULL) {
243
0
    dns_catz_zones_shutdown(view->catzs);
244
0
    dns_catz_zones_detach(&view->catzs);
245
0
  }
246
0
  ISC_LIST_FOREACH(view->dlz_searched, dlzdb, link) {
247
0
    ISC_LIST_UNLINK(view->dlz_searched, dlzdb, link);
248
0
    dns_dlzdestroy(&dlzdb);
249
0
  }
250
0
  ISC_LIST_FOREACH(view->dlz_unsearched, dlzdb, link) {
251
0
    ISC_LIST_UNLINK(view->dlz_unsearched, dlzdb, link);
252
0
    dns_dlzdestroy(&dlzdb);
253
0
  }
254
0
  if (view->hints != NULL) {
255
0
    dns_db_detach(&view->hints);
256
0
  }
257
0
  if (view->cachedb != NULL) {
258
0
    dns_db_detach(&view->cachedb);
259
0
  }
260
0
  if (view->cache != NULL) {
261
0
    dns_cache_detach(&view->cache);
262
0
  }
263
0
  if (view->nocasecompress != NULL) {
264
0
    dns_acl_detach(&view->nocasecompress);
265
0
  }
266
0
  if (view->matchclients != NULL) {
267
0
    dns_acl_detach(&view->matchclients);
268
0
  }
269
0
  if (view->matchdestinations != NULL) {
270
0
    dns_acl_detach(&view->matchdestinations);
271
0
  }
272
0
  if (view->cacheacl != NULL) {
273
0
    dns_acl_detach(&view->cacheacl);
274
0
  }
275
0
  if (view->cacheonacl != NULL) {
276
0
    dns_acl_detach(&view->cacheonacl);
277
0
  }
278
0
  if (view->queryacl != NULL) {
279
0
    dns_acl_detach(&view->queryacl);
280
0
  }
281
0
  if (view->queryonacl != NULL) {
282
0
    dns_acl_detach(&view->queryonacl);
283
0
  }
284
0
  if (view->recursionacl != NULL) {
285
0
    dns_acl_detach(&view->recursionacl);
286
0
  }
287
0
  if (view->recursiononacl != NULL) {
288
0
    dns_acl_detach(&view->recursiononacl);
289
0
  }
290
0
  if (view->transferacl != NULL) {
291
0
    dns_acl_detach(&view->transferacl);
292
0
  }
293
0
  if (view->notifyacl != NULL) {
294
0
    dns_acl_detach(&view->notifyacl);
295
0
  }
296
0
  if (view->updateacl != NULL) {
297
0
    dns_acl_detach(&view->updateacl);
298
0
  }
299
0
  if (view->upfwdacl != NULL) {
300
0
    dns_acl_detach(&view->upfwdacl);
301
0
  }
302
0
  if (view->denyansweracl != NULL) {
303
0
    dns_acl_detach(&view->denyansweracl);
304
0
  }
305
0
  if (view->pad_acl != NULL) {
306
0
    dns_acl_detach(&view->pad_acl);
307
0
  }
308
0
  if (view->proxyacl != NULL) {
309
0
    dns_acl_detach(&view->proxyacl);
310
0
  }
311
0
  if (view->proxyonacl != NULL) {
312
0
    dns_acl_detach(&view->proxyonacl);
313
0
  }
314
0
  if (view->answeracl_exclude != NULL) {
315
0
    dns_nametree_detach(&view->answeracl_exclude);
316
0
  }
317
0
  if (view->denyanswernames != NULL) {
318
0
    dns_nametree_detach(&view->denyanswernames);
319
0
  }
320
0
  if (view->answernames_exclude != NULL) {
321
0
    dns_nametree_detach(&view->answernames_exclude);
322
0
  }
323
0
  if (view->sfd != NULL) {
324
0
    dns_nametree_detach(&view->sfd);
325
0
  }
326
0
  if (view->secroots_priv != NULL) {
327
0
    dns_keytable_detach(&view->secroots_priv);
328
0
  }
329
0
  if (view->ntatable_priv != NULL) {
330
0
    dns_ntatable_detach(&view->ntatable_priv);
331
0
  }
332
0
  for (dns64 = ISC_LIST_HEAD(view->dns64); dns64 != NULL;
333
0
       dns64 = ISC_LIST_HEAD(view->dns64))
334
0
  {
335
0
    dns_dns64_destroy(&view->dns64, &dns64);
336
0
  }
337
0
  if (view->managed_keys != NULL) {
338
0
    dns_zone_detach(&view->managed_keys);
339
0
  }
340
0
  if (view->redirect != NULL) {
341
0
    dns_zone_detach(&view->redirect);
342
0
  }
343
#ifdef HAVE_DNSTAP
344
  if (view->dtenv != NULL) {
345
    dns_dt_detach(&view->dtenv);
346
  }
347
#endif /* HAVE_DNSTAP */
348
0
  dns_view_setnewzones(view, false, NULL, NULL, 0ULL);
349
0
  if (view->new_zone_file != NULL) {
350
0
    isc_mem_free(view->mctx, view->new_zone_file);
351
0
  }
352
0
  if (view->new_zone_dir != NULL) {
353
0
    isc_mem_free(view->mctx, view->new_zone_dir);
354
0
  }
355
#ifdef HAVE_LMDB
356
  if (view->new_zone_dbenv != NULL) {
357
    mdb_env_close((MDB_env *)view->new_zone_dbenv);
358
    view->new_zone_dbenv = NULL;
359
  }
360
  if (view->new_zone_db != NULL) {
361
    isc_mem_free(view->mctx, view->new_zone_db);
362
  }
363
#endif /* HAVE_LMDB */
364
0
  dns_fwdtable_destroy(&view->fwdtable);
365
0
  dns_aclenv_detach(&view->aclenv);
366
0
  if (view->failcache != NULL) {
367
0
    dns_badcache_destroy(&view->failcache);
368
0
  }
369
0
  if (view->unreachcache != NULL) {
370
0
    dns_unreachcache_destroy(&view->unreachcache);
371
0
  }
372
0
  isc_mutex_destroy(&view->new_zone_lock);
373
0
  isc_mutex_destroy(&view->lock);
374
0
  isc_refcount_destroy(&view->references);
375
0
  isc_refcount_destroy(&view->weakrefs);
376
0
  isc_mem_free(view->mctx, view->nta_file);
377
0
  isc_mem_free(view->mctx, view->name);
378
0
  if (view->hooktable != NULL && view->hooktable_free != NULL) {
379
0
    view->hooktable_free(view->mctx, &view->hooktable);
380
0
  }
381
0
  if (view->plugins != NULL && view->plugins_free != NULL) {
382
0
    view->plugins_free(view->mctx, &view->plugins);
383
0
  }
384
0
  isc_mem_putanddetach(&view->mctx, view, sizeof(*view));
385
0
}
386
387
void
388
0
dns_view_attach(dns_view_t *source, dns_view_t **targetp) {
389
0
  REQUIRE(DNS_VIEW_VALID(source));
390
0
  REQUIRE(targetp != NULL && *targetp == NULL);
391
392
0
  isc_refcount_increment(&source->references);
393
394
0
  *targetp = source;
395
0
}
396
397
static void
398
0
shutdown_view(dns_view_t *view) {
399
0
  dns_zone_t *mkzone = NULL, *rdzone = NULL;
400
0
  dns_zt_t *zonetable = NULL;
401
0
  dns_resolver_t *resolver = NULL;
402
0
  dns_adb_t *adb = NULL;
403
0
  dns_requestmgr_t *requestmgr = NULL;
404
0
  dns_dispatchmgr_t *dispatchmgr = NULL;
405
406
0
  isc_refcount_destroy(&view->references);
407
408
  /* Shutdown the attached objects first */
409
0
  if (view->resolver != NULL) {
410
0
    dns_resolver_shutdown(view->resolver);
411
0
  }
412
413
0
  rcu_read_lock();
414
0
  adb = rcu_dereference(view->adb);
415
0
  if (adb != NULL) {
416
0
    dns_adb_shutdown(adb);
417
0
  }
418
0
  rcu_read_unlock();
419
420
0
  if (view->requestmgr != NULL) {
421
0
    dns_requestmgr_shutdown(view->requestmgr);
422
0
  }
423
424
  /* Swap the pointers under the lock */
425
0
  LOCK(&view->lock);
426
427
0
  if (view->resolver != NULL) {
428
0
    resolver = view->resolver;
429
0
    view->resolver = NULL;
430
0
  }
431
432
0
  rcu_read_lock();
433
0
  zonetable = rcu_xchg_pointer(&view->zonetable, NULL);
434
0
  if (zonetable != NULL) {
435
0
    if (view->flush) {
436
0
      dns_zt_flush(zonetable);
437
0
    }
438
0
  }
439
0
  adb = rcu_xchg_pointer(&view->adb, NULL);
440
0
  dispatchmgr = rcu_xchg_pointer(&view->dispatchmgr, NULL);
441
0
  rcu_read_unlock();
442
443
0
  if (view->requestmgr != NULL) {
444
0
    requestmgr = view->requestmgr;
445
0
    view->requestmgr = NULL;
446
0
  }
447
0
  if (view->managed_keys != NULL) {
448
0
    mkzone = view->managed_keys;
449
0
    view->managed_keys = NULL;
450
0
    if (view->flush) {
451
0
      dns_zone_flush(mkzone);
452
0
    }
453
0
  }
454
0
  if (view->redirect != NULL) {
455
0
    rdzone = view->redirect;
456
0
    view->redirect = NULL;
457
0
    if (view->flush) {
458
0
      dns_zone_flush(rdzone);
459
0
    }
460
0
  }
461
0
  if (view->catzs != NULL) {
462
0
    dns_catz_zones_shutdown(view->catzs);
463
0
    dns_catz_zones_detach(&view->catzs);
464
0
  }
465
0
  if (view->ntatable_priv != NULL) {
466
0
    dns_ntatable_shutdown(view->ntatable_priv);
467
0
  }
468
0
  UNLOCK(&view->lock);
469
470
  /* Detach outside view lock */
471
0
  if (resolver != NULL) {
472
0
    dns_resolver_detach(&resolver);
473
0
  }
474
475
0
  synchronize_rcu();
476
0
  if (dispatchmgr != NULL) {
477
0
    dns_dispatchmgr_detach(&dispatchmgr);
478
0
  }
479
0
  if (adb != NULL) {
480
0
    dns_adb_detach(&adb);
481
0
  }
482
0
  if (zonetable != NULL) {
483
0
    dns_zt_detach(&zonetable);
484
0
  }
485
0
  if (requestmgr != NULL) {
486
0
    dns_requestmgr_detach(&requestmgr);
487
0
  }
488
0
  if (mkzone != NULL) {
489
0
    dns_zone_detach(&mkzone);
490
0
  }
491
0
  if (rdzone != NULL) {
492
0
    dns_zone_detach(&rdzone);
493
0
  }
494
495
0
  dns_view_weakdetach(&view);
496
0
}
497
498
void
499
0
dns_view_detach(dns_view_t **viewp) {
500
0
  dns_view_t *view = NULL;
501
502
0
  REQUIRE(viewp != NULL && DNS_VIEW_VALID(*viewp));
503
504
0
  view = *viewp;
505
0
  *viewp = NULL;
506
507
0
  if (isc_refcount_decrement(&view->references) == 1) {
508
0
    shutdown_view(view);
509
0
  }
510
0
}
511
512
void
513
2
dns_view_weakattach(dns_view_t *source, dns_view_t **targetp) {
514
2
  REQUIRE(DNS_VIEW_VALID(source));
515
2
  REQUIRE(targetp != NULL && *targetp == NULL);
516
517
2
  isc_refcount_increment(&source->weakrefs);
518
519
2
  *targetp = source;
520
2
}
521
522
void
523
0
dns_view_weakdetach(dns_view_t **viewp) {
524
0
  dns_view_t *view = NULL;
525
526
0
  REQUIRE(viewp != NULL);
527
528
0
  view = *viewp;
529
0
  *viewp = NULL;
530
531
0
  REQUIRE(DNS_VIEW_VALID(view));
532
533
0
  if (isc_refcount_decrement(&view->weakrefs) == 1) {
534
0
    destroy(view);
535
0
  }
536
0
}
537
538
isc_result_t
539
dns_view_createresolver(dns_view_t *view, unsigned int options,
540
      isc_tlsctx_cache_t *tlsctx_cache,
541
      dns_dispatch_t *dispatchv4,
542
0
      dns_dispatch_t *dispatchv6) {
543
0
  isc_result_t result;
544
0
  isc_mem_t *mctx = NULL;
545
546
0
  REQUIRE(DNS_VIEW_VALID(view));
547
0
  REQUIRE(!view->frozen);
548
0
  REQUIRE(view->resolver == NULL);
549
0
  REQUIRE(view->dispatchmgr != NULL);
550
551
0
  result = dns_resolver_create(view, options, tlsctx_cache, dispatchv4,
552
0
             dispatchv6, &view->resolver);
553
0
  if (result != ISC_R_SUCCESS) {
554
0
    return result;
555
0
  }
556
557
0
  isc_mem_create("ADB", &mctx);
558
0
  dns_adb_create(mctx, view, &view->adb);
559
0
  isc_mem_detach(&mctx);
560
561
0
  result = dns_requestmgr_create(view->mctx, view->dispatchmgr,
562
0
               dispatchv4, dispatchv6,
563
0
               &view->requestmgr);
564
0
  if (result != ISC_R_SUCCESS) {
565
0
    goto cleanup_adb;
566
0
  }
567
568
0
  return ISC_R_SUCCESS;
569
570
0
cleanup_adb:
571
0
  dns_adb_shutdown(view->adb);
572
0
  dns_adb_detach(&view->adb);
573
574
0
  dns_resolver_shutdown(view->resolver);
575
0
  dns_resolver_detach(&view->resolver);
576
577
0
  return result;
578
0
}
579
580
void
581
0
dns_view_setcache(dns_view_t *view, dns_cache_t *cache, bool shared) {
582
0
  REQUIRE(DNS_VIEW_VALID(view));
583
0
  REQUIRE(!view->frozen);
584
585
0
  view->cacheshared = shared;
586
0
  if (view->cache != NULL) {
587
0
    dns_db_detach(&view->cachedb);
588
0
    dns_cache_detach(&view->cache);
589
0
  }
590
0
  dns_cache_attach(cache, &view->cache);
591
0
  dns_cache_attachdb(cache, &view->cachedb);
592
0
  INSIST(DNS_DB_VALID(view->cachedb));
593
594
0
  dns_cache_setmaxrrperset(view->cache, view->maxrrperset);
595
0
  dns_cache_setmaxtypepername(view->cache, view->maxtypepername);
596
0
}
597
598
bool
599
0
dns_view_iscacheshared(dns_view_t *view) {
600
0
  REQUIRE(DNS_VIEW_VALID(view));
601
602
0
  return view->cacheshared;
603
0
}
604
605
void
606
0
dns_view_sethints(dns_view_t *view, dns_db_t *hints) {
607
0
  REQUIRE(DNS_VIEW_VALID(view));
608
0
  REQUIRE(!view->frozen);
609
0
  REQUIRE(view->hints == NULL);
610
0
  REQUIRE(dns_db_iszone(hints));
611
612
0
  dns_db_attach(hints, &view->hints);
613
0
}
614
615
void
616
0
dns_view_settransports(dns_view_t *view, dns_transport_list_t *list) {
617
0
  REQUIRE(DNS_VIEW_VALID(view));
618
0
  REQUIRE(list != NULL);
619
0
  if (view->transports != NULL) {
620
0
    dns_transport_list_detach(&view->transports);
621
0
  }
622
0
  dns_transport_list_attach(list, &view->transports);
623
0
}
624
625
void
626
1.06k
dns_view_setkeyring(dns_view_t *view, dns_tsigkeyring_t *ring) {
627
1.06k
  REQUIRE(DNS_VIEW_VALID(view));
628
1.06k
  REQUIRE(ring != NULL);
629
1.06k
  if (view->statickeys != NULL) {
630
1.06k
    dns_tsigkeyring_detach(&view->statickeys);
631
1.06k
  }
632
1.06k
  dns_tsigkeyring_attach(ring, &view->statickeys);
633
1.06k
}
634
635
void
636
0
dns_view_setdynamickeyring(dns_view_t *view, dns_tsigkeyring_t *ring) {
637
0
  REQUIRE(DNS_VIEW_VALID(view));
638
0
  REQUIRE(ring != NULL);
639
0
  if (view->dynamickeys != NULL) {
640
0
    dns_tsigkeyring_detach(&view->dynamickeys);
641
0
  }
642
0
  dns_tsigkeyring_attach(ring, &view->dynamickeys);
643
0
}
644
645
void
646
0
dns_view_getdynamickeyring(dns_view_t *view, dns_tsigkeyring_t **ringp) {
647
0
  REQUIRE(DNS_VIEW_VALID(view));
648
0
  REQUIRE(ringp != NULL && *ringp == NULL);
649
0
  if (view->dynamickeys != NULL) {
650
0
    dns_tsigkeyring_attach(view->dynamickeys, ringp);
651
0
  }
652
0
}
653
654
void
655
0
dns_view_restorekeyring(dns_view_t *view) {
656
0
  FILE *fp;
657
0
  char keyfile[PATH_MAX];
658
0
  isc_result_t result;
659
660
0
  REQUIRE(DNS_VIEW_VALID(view));
661
662
0
  if (view->dynamickeys != NULL) {
663
0
    result = isc_file_sanitize(NULL, view->name, "tsigkeys",
664
0
             keyfile, sizeof(keyfile));
665
0
    if (result == ISC_R_SUCCESS) {
666
0
      fp = fopen(keyfile, "r");
667
0
      if (fp != NULL) {
668
0
        dns_tsigkeyring_restore(view->dynamickeys, fp);
669
0
        (void)fclose(fp);
670
0
      }
671
0
    }
672
0
  }
673
0
}
674
675
void
676
0
dns_view_setdstport(dns_view_t *view, in_port_t dstport) {
677
0
  REQUIRE(DNS_VIEW_VALID(view));
678
0
  view->dstport = dstport;
679
0
}
680
681
void
682
2
dns_view_freeze(dns_view_t *view) {
683
2
  REQUIRE(DNS_VIEW_VALID(view));
684
2
  REQUIRE(!view->frozen);
685
686
2
  if (view->resolver != NULL) {
687
0
    INSIST(view->cachedb != NULL);
688
0
    dns_resolver_freeze(view->resolver);
689
0
  }
690
2
  view->frozen = true;
691
2
}
692
693
void
694
0
dns_view_thaw(dns_view_t *view) {
695
0
  REQUIRE(DNS_VIEW_VALID(view));
696
0
  REQUIRE(view->frozen);
697
698
0
  view->frozen = false;
699
0
}
700
701
isc_result_t
702
2
dns_view_addzone(dns_view_t *view, dns_zone_t *zone) {
703
2
  isc_result_t result;
704
2
  dns_zt_t *zonetable = NULL;
705
706
2
  REQUIRE(DNS_VIEW_VALID(view));
707
2
  REQUIRE(!view->frozen);
708
709
2
  rcu_read_lock();
710
2
  zonetable = rcu_dereference(view->zonetable);
711
2
  if (zonetable != NULL) {
712
2
    result = dns_zt_mount(zonetable, zone);
713
2
  } else {
714
0
    result = ISC_R_SHUTTINGDOWN;
715
0
  }
716
2
  rcu_read_unlock();
717
718
2
  return result;
719
2
}
720
721
isc_result_t
722
0
dns_view_delzone(dns_view_t *view, dns_zone_t *zone) {
723
0
  isc_result_t result;
724
0
  dns_zt_t *zonetable = NULL;
725
726
0
  REQUIRE(DNS_VIEW_VALID(view));
727
728
0
  dns_zone_prepare_shutdown(zone);
729
730
0
  rcu_read_lock();
731
0
  zonetable = rcu_dereference(view->zonetable);
732
0
  if (zonetable != NULL) {
733
0
    result = dns_zt_unmount(zonetable, zone);
734
0
  } else {
735
0
    result = ISC_R_SUCCESS;
736
0
  }
737
0
  rcu_read_unlock();
738
739
0
  return result;
740
0
}
741
742
isc_result_t
743
dns_view_findzone(dns_view_t *view, const dns_name_t *name,
744
0
      unsigned int options, dns_zone_t **zonep) {
745
0
  isc_result_t result;
746
0
  dns_zt_t *zonetable = NULL;
747
748
0
  REQUIRE(DNS_VIEW_VALID(view));
749
750
0
  rcu_read_lock();
751
0
  zonetable = rcu_dereference(view->zonetable);
752
0
  if (zonetable != NULL) {
753
0
    result = dns_zt_find(zonetable, name, options, zonep);
754
0
  } else {
755
0
    result = ISC_R_NOTFOUND;
756
0
  }
757
0
  rcu_read_unlock();
758
759
0
  return result;
760
0
}
761
762
isc_result_t
763
dns_view_find(dns_view_t *view, const dns_name_t *name, dns_rdatatype_t type,
764
        isc_stdtime_t now, unsigned int options, bool use_hints,
765
        bool use_static_stub, dns_db_t **dbp, dns_dbnode_t **nodep,
766
        dns_name_t *foundname, dns_rdataset_t *rdataset,
767
323
        dns_rdataset_t *sigrdataset) {
768
323
  isc_result_t result;
769
323
  dns_db_t *db = NULL, *zdb = NULL;
770
323
  dns_dbnode_t *node = NULL, *znode = NULL;
771
323
  bool is_cache, is_staticstub_zone;
772
323
  dns_rdataset_t zrdataset, zsigrdataset;
773
323
  dns_zone_t *zone = NULL;
774
323
  dns_zt_t *zonetable = NULL;
775
776
  /*
777
   * Find an rdataset whose owner name is 'name', and whose type is
778
   * 'type'.
779
   */
780
781
323
  REQUIRE(DNS_VIEW_VALID(view));
782
323
  REQUIRE(view->frozen);
783
323
  REQUIRE(type != dns_rdatatype_rrsig);
784
323
  REQUIRE(rdataset != NULL); /* XXXBEW - remove this */
785
323
  REQUIRE(nodep == NULL || *nodep == NULL);
786
787
  /*
788
   * Initialize.
789
   */
790
323
  dns_rdataset_init(&zrdataset);
791
323
  dns_rdataset_init(&zsigrdataset);
792
793
  /*
794
   * Find a database to answer the query.
795
   */
796
323
  is_staticstub_zone = false;
797
323
  rcu_read_lock();
798
323
  zonetable = rcu_dereference(view->zonetable);
799
323
  if (zonetable != NULL) {
800
323
    result = dns_zt_find(zonetable, name, DNS_ZTFIND_MIRROR, &zone);
801
323
  } else {
802
0
    result = ISC_R_SHUTTINGDOWN;
803
0
  }
804
323
  rcu_read_unlock();
805
323
  if (zone != NULL && dns_zone_gettype(zone) == dns_zone_staticstub &&
806
323
      !use_static_stub)
807
0
  {
808
0
    result = ISC_R_NOTFOUND;
809
0
  }
810
323
  if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
811
172
    result = dns_zone_getdb(zone, &db);
812
172
    if (result != ISC_R_SUCCESS && view->cachedb != NULL) {
813
0
      dns_db_attach(view->cachedb, &db);
814
172
    } else if (result != ISC_R_SUCCESS) {
815
0
      goto cleanup;
816
0
    }
817
172
    if (dns_zone_gettype(zone) == dns_zone_staticstub &&
818
172
        dns_name_equal(name, dns_zone_getorigin(zone)))
819
0
    {
820
0
      is_staticstub_zone = true;
821
0
    }
822
172
  } else if (result == ISC_R_NOTFOUND && view->cachedb != NULL) {
823
0
    dns_db_attach(view->cachedb, &db);
824
151
  } else {
825
151
    goto cleanup;
826
151
  }
827
828
172
  is_cache = dns_db_iscache(db);
829
830
172
db_find:
831
  /*
832
   * Now look for an answer in the database.
833
   */
834
172
  result = dns_db_find(db, name, NULL, type, options, now, &node,
835
172
           foundname, rdataset, sigrdataset);
836
837
172
  if (result == DNS_R_DELEGATION || result == ISC_R_NOTFOUND) {
838
0
    if (dns_rdataset_isassociated(rdataset)) {
839
0
      dns_rdataset_disassociate(rdataset);
840
0
    }
841
0
    if (sigrdataset != NULL &&
842
0
        dns_rdataset_isassociated(sigrdataset))
843
0
    {
844
0
      dns_rdataset_disassociate(sigrdataset);
845
0
    }
846
0
    if (node != NULL) {
847
0
      dns_db_detachnode(&node);
848
0
    }
849
0
    if (!is_cache) {
850
0
      dns_db_detach(&db);
851
0
      if (view->cachedb != NULL && !is_staticstub_zone) {
852
        /*
853
         * Either the answer is in the cache, or we
854
         * don't know it.
855
         * Note that if the result comes from a
856
         * static-stub zone we stop the search here
857
         * (see the function description in view.h).
858
         */
859
0
        is_cache = true;
860
0
        dns_db_attach(view->cachedb, &db);
861
0
        goto db_find;
862
0
      }
863
0
    } else {
864
      /*
865
       * We don't have the data in the cache.  If we've got
866
       * glue from the zone, use it.
867
       */
868
0
      if (dns_rdataset_isassociated(&zrdataset)) {
869
0
        dns_rdataset_clone(&zrdataset, rdataset);
870
0
        if (sigrdataset != NULL &&
871
0
            dns_rdataset_isassociated(&zsigrdataset))
872
0
        {
873
0
          dns_rdataset_clone(&zsigrdataset,
874
0
                 sigrdataset);
875
0
        }
876
0
        result = DNS_R_GLUE;
877
0
        if (db != NULL) {
878
0
          dns_db_detach(&db);
879
0
        }
880
0
        dns_db_attach(zdb, &db);
881
0
        dns_db_attachnode(znode, &node);
882
0
        goto cleanup;
883
0
      }
884
0
    }
885
    /*
886
     * We don't know the answer.
887
     */
888
0
    result = ISC_R_NOTFOUND;
889
172
  } else if (result == DNS_R_GLUE) {
890
    /*
891
     * Glue is the answer wanted.
892
     */
893
0
    result = ISC_R_SUCCESS;
894
0
  }
895
896
172
  if (result == ISC_R_NOTFOUND && !is_staticstub_zone && use_hints &&
897
172
      view->hints != NULL)
898
0
  {
899
0
    if (dns_rdataset_isassociated(rdataset)) {
900
0
      dns_rdataset_disassociate(rdataset);
901
0
    }
902
0
    if (sigrdataset != NULL &&
903
0
        dns_rdataset_isassociated(sigrdataset))
904
0
    {
905
0
      dns_rdataset_disassociate(sigrdataset);
906
0
    }
907
0
    if (db != NULL) {
908
0
      if (node != NULL) {
909
0
        dns_db_detachnode(&node);
910
0
      }
911
0
      dns_db_detach(&db);
912
0
    }
913
0
    result = dns_db_find(view->hints, name, NULL, type, options,
914
0
             now, &node, foundname, rdataset,
915
0
             sigrdataset);
916
0
    if (result == ISC_R_SUCCESS || result == DNS_R_GLUE) {
917
      /*
918
       * We just used a hint.  Let the resolver know it
919
       * should consider priming.
920
       */
921
0
      dns_resolver_t *res = NULL;
922
0
      result = dns_view_getresolver(view, &res);
923
0
      if (result == ISC_R_SUCCESS) {
924
0
        dns_resolver_prime(res);
925
0
        dns_db_attach(view->hints, &db);
926
0
        dns_resolver_detach(&res);
927
0
        result = DNS_R_HINT;
928
0
      }
929
0
    } else if (result == DNS_R_NXRRSET) {
930
0
      dns_db_attach(view->hints, &db);
931
0
      result = DNS_R_HINTNXRRSET;
932
0
    } else if (result == DNS_R_NXDOMAIN) {
933
0
      result = ISC_R_NOTFOUND;
934
0
    }
935
936
    /*
937
     * Cleanup if non-standard hints are used.
938
     */
939
0
    if (db == NULL && node != NULL) {
940
0
      dns_db_detachnode(&node);
941
0
    }
942
0
  }
943
944
323
cleanup:
945
323
  if (dns_rdataset_isassociated(&zrdataset)) {
946
0
    dns_rdataset_disassociate(&zrdataset);
947
0
    if (dns_rdataset_isassociated(&zsigrdataset)) {
948
0
      dns_rdataset_disassociate(&zsigrdataset);
949
0
    }
950
0
  }
951
952
323
  if (zdb != NULL) {
953
0
    if (znode != NULL) {
954
0
      dns_db_detachnode(&znode);
955
0
    }
956
0
    dns_db_detach(&zdb);
957
0
  }
958
959
323
  if (db != NULL) {
960
172
    if (node != NULL) {
961
121
      if (nodep != NULL) {
962
0
        *nodep = node;
963
121
      } else {
964
121
        dns_db_detachnode(&node);
965
121
      }
966
121
    }
967
172
    if (dbp != NULL) {
968
0
      *dbp = db;
969
172
    } else {
970
172
      dns_db_detach(&db);
971
172
    }
972
172
  } else {
973
151
    INSIST(node == NULL);
974
151
  }
975
976
323
  if (zone != NULL) {
977
172
    dns_zone_detach(&zone);
978
172
  }
979
980
323
  return result;
981
172
}
982
983
isc_result_t
984
dns_view_simplefind(dns_view_t *view, const dns_name_t *name,
985
        dns_rdatatype_t type, isc_stdtime_t now,
986
        unsigned int options, bool use_hints,
987
323
        dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) {
988
323
  isc_result_t result;
989
323
  dns_fixedname_t foundname;
990
991
323
  dns_fixedname_init(&foundname);
992
323
  result = dns_view_find(view, name, type, now, options, use_hints, false,
993
323
             NULL, NULL, dns_fixedname_name(&foundname),
994
323
             rdataset, sigrdataset);
995
323
  if (result == DNS_R_NXDOMAIN) {
996
    /*
997
     * The rdataset and sigrdataset of the relevant NSEC record
998
     * may be returned, but the caller cannot use them because
999
     * foundname is not returned by this simplified API.  We
1000
     * disassociate them here to prevent any misuse by the caller.
1001
     */
1002
51
    if (dns_rdataset_isassociated(rdataset)) {
1003
0
      dns_rdataset_disassociate(rdataset);
1004
0
    }
1005
51
    if (sigrdataset != NULL &&
1006
51
        dns_rdataset_isassociated(sigrdataset))
1007
0
    {
1008
0
      dns_rdataset_disassociate(sigrdataset);
1009
0
    }
1010
272
  } else if (result != ISC_R_SUCCESS && result != DNS_R_GLUE &&
1011
272
       result != DNS_R_HINT && result != DNS_R_NCACHENXDOMAIN &&
1012
272
       result != DNS_R_NCACHENXRRSET && result != DNS_R_NXRRSET &&
1013
272
       result != DNS_R_HINTNXRRSET && result != ISC_R_NOTFOUND)
1014
0
  {
1015
0
    if (dns_rdataset_isassociated(rdataset)) {
1016
0
      dns_rdataset_disassociate(rdataset);
1017
0
    }
1018
0
    if (sigrdataset != NULL &&
1019
0
        dns_rdataset_isassociated(sigrdataset))
1020
0
    {
1021
0
      dns_rdataset_disassociate(sigrdataset);
1022
0
    }
1023
0
    result = ISC_R_NOTFOUND;
1024
0
  }
1025
1026
323
  return result;
1027
323
}
1028
1029
isc_result_t
1030
dns_view_findzonecut(dns_view_t *view, const dns_name_t *name,
1031
         dns_name_t *fname, dns_name_t *dcname, isc_stdtime_t now,
1032
         unsigned int options, bool use_hints, bool use_cache,
1033
0
         dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) {
1034
0
  isc_result_t result;
1035
0
  dns_db_t *db = NULL;
1036
0
  bool is_cache, use_zone = false, try_hints = false;
1037
0
  dns_zone_t *zone = NULL;
1038
0
  dns_name_t *zfname = NULL;
1039
0
  dns_zt_t *zonetable = NULL;
1040
0
  dns_rdataset_t zrdataset, zsigrdataset;
1041
0
  dns_fixedname_t zfixedname;
1042
0
  unsigned int ztoptions = DNS_ZTFIND_MIRROR;
1043
1044
0
  REQUIRE(DNS_VIEW_VALID(view));
1045
0
  REQUIRE(view->frozen);
1046
1047
  /*
1048
   * Initialize.
1049
   */
1050
0
  dns_fixedname_init(&zfixedname);
1051
0
  dns_rdataset_init(&zrdataset);
1052
0
  dns_rdataset_init(&zsigrdataset);
1053
1054
  /*
1055
   * Find the right database.
1056
   */
1057
0
  if ((options & DNS_DBFIND_NOEXACT) != 0) {
1058
0
    ztoptions |= DNS_ZTFIND_NOEXACT;
1059
0
  }
1060
0
  rcu_read_lock();
1061
0
  zonetable = rcu_dereference(view->zonetable);
1062
0
  if (zonetable != NULL) {
1063
0
    result = dns_zt_find(zonetable, name, ztoptions, &zone);
1064
0
  } else {
1065
0
    result = ISC_R_SHUTTINGDOWN;
1066
0
  }
1067
0
  rcu_read_unlock();
1068
0
  if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
1069
0
    result = dns_zone_getdb(zone, &db);
1070
0
  }
1071
0
  if (result == ISC_R_NOTFOUND) {
1072
    /*
1073
     * We're not directly authoritative for this query name, nor
1074
     * is it a subdomain of any zone for which we're
1075
     * authoritative.
1076
     */
1077
0
    if (use_cache && view->cachedb != NULL) {
1078
      /*
1079
       * We have a cache; try it.
1080
       */
1081
0
      dns_db_attach(view->cachedb, &db);
1082
0
    } else if (use_hints && view->hints != NULL) {
1083
      /*
1084
       * Maybe we have hints...
1085
       */
1086
0
      try_hints = true;
1087
0
      goto finish;
1088
0
    } else {
1089
0
      result = DNS_R_NXDOMAIN;
1090
0
      goto cleanup;
1091
0
    }
1092
0
  } else if (result != ISC_R_SUCCESS) {
1093
    /*
1094
     * Something is broken.
1095
     */
1096
0
    goto cleanup;
1097
0
  }
1098
0
  is_cache = dns_db_iscache(db);
1099
1100
0
db_find:
1101
  /*
1102
   * Look for the zonecut.
1103
   */
1104
0
  if (!is_cache) {
1105
0
    result = dns_db_find(db, name, NULL, dns_rdatatype_ns, options,
1106
0
             now, NULL, fname, rdataset, sigrdataset);
1107
0
    if (result == DNS_R_DELEGATION) {
1108
0
      result = ISC_R_SUCCESS;
1109
0
    } else if (result != ISC_R_SUCCESS) {
1110
0
      goto cleanup;
1111
0
    }
1112
1113
    /*
1114
     * Tag static stub NS RRset so that when we look for
1115
     * addresses we use the configured server addresses.
1116
     */
1117
0
    if (dns_zone_gettype(zone) == dns_zone_staticstub) {
1118
0
      rdataset->attributes.staticstub = true;
1119
0
    }
1120
1121
0
    if (use_cache && view->cachedb != NULL && db != view->hints) {
1122
      /*
1123
       * We found an answer, but the cache may be better.
1124
       */
1125
0
      zfname = dns_fixedname_name(&zfixedname);
1126
0
      dns_name_copy(fname, zfname);
1127
0
      dns_rdataset_clone(rdataset, &zrdataset);
1128
0
      dns_rdataset_disassociate(rdataset);
1129
0
      if (sigrdataset != NULL &&
1130
0
          dns_rdataset_isassociated(sigrdataset))
1131
0
      {
1132
0
        dns_rdataset_clone(sigrdataset, &zsigrdataset);
1133
0
        dns_rdataset_disassociate(sigrdataset);
1134
0
      }
1135
0
      dns_db_detach(&db);
1136
0
      dns_db_attach(view->cachedb, &db);
1137
0
      is_cache = true;
1138
0
      goto db_find;
1139
0
    }
1140
0
  } else {
1141
0
    result = dns_db_findzonecut(db, name, options, now, NULL, fname,
1142
0
              dcname, rdataset, sigrdataset);
1143
0
    if (result == ISC_R_SUCCESS) {
1144
0
      if (zfname != NULL &&
1145
0
          (!dns_name_issubdomain(fname, zfname) ||
1146
0
           (dns_zone_gettype(zone) == dns_zone_staticstub &&
1147
0
            dns_name_equal(fname, zfname))))
1148
0
      {
1149
        /*
1150
         * We found a zonecut in the cache, but our
1151
         * zone delegation is better.
1152
         */
1153
0
        use_zone = true;
1154
0
      }
1155
0
    } else if (result == ISC_R_NOTFOUND) {
1156
0
      if (zfname != NULL) {
1157
        /*
1158
         * We didn't find anything in the cache, but we
1159
         * have a zone delegation, so use it.
1160
         */
1161
0
        use_zone = true;
1162
0
        result = ISC_R_SUCCESS;
1163
0
      } else if (use_hints && view->hints != NULL) {
1164
        /*
1165
         * Maybe we have hints...
1166
         */
1167
0
        try_hints = true;
1168
0
        result = ISC_R_SUCCESS;
1169
0
      } else {
1170
0
        result = DNS_R_NXDOMAIN;
1171
0
      }
1172
0
    } else {
1173
      /*
1174
       * Something bad happened.
1175
       */
1176
0
      goto cleanup;
1177
0
    }
1178
0
  }
1179
1180
0
finish:
1181
0
  if (use_zone) {
1182
0
    if (dns_rdataset_isassociated(rdataset)) {
1183
0
      dns_rdataset_disassociate(rdataset);
1184
0
      if (sigrdataset != NULL &&
1185
0
          dns_rdataset_isassociated(sigrdataset))
1186
0
      {
1187
0
        dns_rdataset_disassociate(sigrdataset);
1188
0
      }
1189
0
    }
1190
0
    dns_name_copy(zfname, fname);
1191
0
    if (dcname != NULL) {
1192
0
      dns_name_copy(zfname, dcname);
1193
0
    }
1194
0
    dns_rdataset_clone(&zrdataset, rdataset);
1195
0
    if (sigrdataset != NULL &&
1196
0
        dns_rdataset_isassociated(&zrdataset))
1197
0
    {
1198
0
      dns_rdataset_clone(&zsigrdataset, sigrdataset);
1199
0
    }
1200
0
  } else if (try_hints) {
1201
    /*
1202
     * We've found nothing so far, but we have hints.
1203
     */
1204
0
    result = dns_db_find(view->hints, dns_rootname, NULL,
1205
0
             dns_rdatatype_ns, 0, now, NULL, fname,
1206
0
             rdataset, NULL);
1207
0
    if (result != ISC_R_SUCCESS) {
1208
      /*
1209
       * We can't even find the hints for the root
1210
       * nameservers!
1211
       */
1212
0
      if (dns_rdataset_isassociated(rdataset)) {
1213
0
        dns_rdataset_disassociate(rdataset);
1214
0
      }
1215
0
      result = ISC_R_NOTFOUND;
1216
0
    } else if (dcname != NULL) {
1217
0
      dns_name_copy(fname, dcname);
1218
0
    }
1219
0
  }
1220
1221
0
cleanup:
1222
0
  if (dns_rdataset_isassociated(&zrdataset)) {
1223
0
    dns_rdataset_disassociate(&zrdataset);
1224
0
    if (dns_rdataset_isassociated(&zsigrdataset)) {
1225
0
      dns_rdataset_disassociate(&zsigrdataset);
1226
0
    }
1227
0
  }
1228
0
  if (db != NULL) {
1229
0
    dns_db_detach(&db);
1230
0
  }
1231
0
  if (zone != NULL) {
1232
0
    dns_zone_detach(&zone);
1233
0
  }
1234
1235
0
  return result;
1236
0
}
1237
1238
isc_result_t
1239
dns_viewlist_find(dns_viewlist_t *list, const char *name,
1240
0
      dns_rdataclass_t rdclass, dns_view_t **viewp) {
1241
0
  REQUIRE(list != NULL);
1242
1243
0
  ISC_LIST_FOREACH(*list, view, link) {
1244
0
    if (strcmp(view->name, name) == 0 && view->rdclass == rdclass) {
1245
0
      dns_view_attach(view, viewp);
1246
0
      return ISC_R_SUCCESS;
1247
0
    }
1248
0
  }
1249
1250
0
  return ISC_R_NOTFOUND;
1251
0
}
1252
1253
isc_result_t
1254
dns_viewlist_findzone(dns_viewlist_t *list, const dns_name_t *name,
1255
          bool allclasses, dns_rdataclass_t rdclass,
1256
0
          dns_zone_t **zonep) {
1257
0
  isc_result_t result;
1258
0
  dns_zone_t *zone1 = NULL, *zone2 = NULL;
1259
1260
0
  REQUIRE(list != NULL);
1261
0
  REQUIRE(zonep != NULL && *zonep == NULL);
1262
1263
0
  ISC_LIST_FOREACH(*list, view, link) {
1264
0
    dns_zt_t *zonetable = NULL;
1265
0
    if (!allclasses && view->rdclass != rdclass) {
1266
0
      continue;
1267
0
    }
1268
0
    rcu_read_lock();
1269
0
    zonetable = rcu_dereference(view->zonetable);
1270
0
    if (zonetable != NULL) {
1271
0
      result = dns_zt_find(zonetable, name, DNS_ZTFIND_EXACT,
1272
0
               (zone1 == NULL) ? &zone1 : &zone2);
1273
0
    } else {
1274
0
      result = ISC_R_NOTFOUND;
1275
0
    }
1276
0
    rcu_read_unlock();
1277
0
    INSIST(result == ISC_R_SUCCESS || result == ISC_R_NOTFOUND);
1278
0
    if (zone2 != NULL) {
1279
0
      dns_zone_detach(&zone1);
1280
0
      dns_zone_detach(&zone2);
1281
0
      return ISC_R_MULTIPLE;
1282
0
    }
1283
0
  }
1284
1285
0
  if (zone1 != NULL) {
1286
0
    dns_zone_attach(zone1, zonep);
1287
0
    dns_zone_detach(&zone1);
1288
0
    return ISC_R_SUCCESS;
1289
0
  }
1290
1291
0
  return ISC_R_NOTFOUND;
1292
0
}
1293
1294
isc_result_t
1295
0
dns_view_load(dns_view_t *view, bool stop, bool newonly) {
1296
0
  isc_result_t result;
1297
0
  dns_zt_t *zonetable = NULL;
1298
1299
0
  REQUIRE(DNS_VIEW_VALID(view));
1300
1301
0
  rcu_read_lock();
1302
0
  zonetable = rcu_dereference(view->zonetable);
1303
0
  if (zonetable != NULL) {
1304
0
    result = dns_zt_load(zonetable, stop, newonly);
1305
0
  } else {
1306
0
    result = ISC_R_SUCCESS;
1307
0
  }
1308
0
  rcu_read_unlock();
1309
0
  return result;
1310
0
}
1311
1312
isc_result_t
1313
dns_view_asyncload(dns_view_t *view, bool newonly, dns_zt_callback_t *callback,
1314
0
       void *arg) {
1315
0
  isc_result_t result;
1316
0
  dns_zt_t *zonetable = NULL;
1317
1318
0
  REQUIRE(DNS_VIEW_VALID(view));
1319
1320
0
  rcu_read_lock();
1321
0
  zonetable = rcu_dereference(view->zonetable);
1322
0
  if (zonetable != NULL) {
1323
0
    result = dns_zt_asyncload(zonetable, newonly, callback, arg);
1324
0
  } else {
1325
0
    result = ISC_R_SUCCESS;
1326
0
  }
1327
0
  rcu_read_unlock();
1328
0
  return result;
1329
0
}
1330
1331
isc_result_t
1332
dns_view_gettsig(dns_view_t *view, const dns_name_t *keyname,
1333
0
     dns_tsigkey_t **keyp) {
1334
0
  isc_result_t result;
1335
0
  REQUIRE(keyp != NULL && *keyp == NULL);
1336
1337
0
  result = dns_tsigkey_find(keyp, keyname, NULL, view->statickeys);
1338
0
  if (result == ISC_R_NOTFOUND) {
1339
0
    result = dns_tsigkey_find(keyp, keyname, NULL,
1340
0
            view->dynamickeys);
1341
0
  }
1342
0
  return result;
1343
0
}
1344
1345
isc_result_t
1346
dns_view_gettransport(dns_view_t *view, const dns_transport_type_t type,
1347
0
          const dns_name_t *name, dns_transport_t **transportp) {
1348
0
  REQUIRE(DNS_VIEW_VALID(view));
1349
0
  REQUIRE(transportp != NULL && *transportp == NULL);
1350
1351
0
  dns_transport_t *transport = dns_transport_find(type, name,
1352
0
              view->transports);
1353
0
  if (transport == NULL) {
1354
0
    return ISC_R_NOTFOUND;
1355
0
  }
1356
1357
0
  *transportp = transport;
1358
0
  return ISC_R_SUCCESS;
1359
0
}
1360
1361
isc_result_t
1362
dns_view_getpeertsig(dns_view_t *view, const isc_netaddr_t *peeraddr,
1363
0
         dns_tsigkey_t **keyp) {
1364
0
  isc_result_t result;
1365
0
  dns_name_t *keyname = NULL;
1366
0
  dns_peer_t *peer = NULL;
1367
1368
0
  result = dns_peerlist_peerbyaddr(view->peers, peeraddr, &peer);
1369
0
  if (result != ISC_R_SUCCESS) {
1370
0
    return result;
1371
0
  }
1372
1373
0
  result = dns_peer_getkey(peer, &keyname);
1374
0
  if (result != ISC_R_SUCCESS) {
1375
0
    return result;
1376
0
  }
1377
1378
0
  result = dns_view_gettsig(view, keyname, keyp);
1379
0
  return (result == ISC_R_NOTFOUND) ? ISC_R_FAILURE : result;
1380
0
}
1381
1382
isc_result_t
1383
364
dns_view_checksig(dns_view_t *view, isc_buffer_t *source, dns_message_t *msg) {
1384
364
  REQUIRE(DNS_VIEW_VALID(view));
1385
364
  REQUIRE(source != NULL);
1386
1387
364
  return dns_tsig_verify(source, msg, view->statickeys,
1388
364
             view->dynamickeys);
1389
364
}
1390
1391
isc_result_t
1392
0
dns_view_flushcache(dns_view_t *view, bool fixuponly) {
1393
0
  isc_result_t result;
1394
0
  dns_adb_t *adb = NULL;
1395
1396
0
  REQUIRE(DNS_VIEW_VALID(view));
1397
1398
0
  if (view->cachedb == NULL) {
1399
0
    return ISC_R_SUCCESS;
1400
0
  }
1401
0
  if (!fixuponly) {
1402
0
    result = dns_cache_flush(view->cache);
1403
0
    if (result != ISC_R_SUCCESS) {
1404
0
      return result;
1405
0
    }
1406
0
  }
1407
0
  dns_db_detach(&view->cachedb);
1408
0
  dns_cache_attachdb(view->cache, &view->cachedb);
1409
0
  if (view->failcache != NULL) {
1410
0
    dns_badcache_flush(view->failcache);
1411
0
  }
1412
0
  if (view->unreachcache != NULL) {
1413
0
    dns_unreachcache_flush(view->unreachcache);
1414
0
  }
1415
1416
0
  rcu_read_lock();
1417
0
  adb = rcu_dereference(view->adb);
1418
0
  if (adb != NULL) {
1419
0
    dns_adb_flush(adb);
1420
0
  }
1421
0
  rcu_read_unlock();
1422
1423
0
  return ISC_R_SUCCESS;
1424
0
}
1425
1426
isc_result_t
1427
0
dns_view_flushname(dns_view_t *view, const dns_name_t *name) {
1428
0
  return dns_view_flushnode(view, name, false);
1429
0
}
1430
1431
isc_result_t
1432
0
dns_view_flushnode(dns_view_t *view, const dns_name_t *name, bool tree) {
1433
0
  isc_result_t result = ISC_R_SUCCESS;
1434
0
  dns_adb_t *adb = NULL;
1435
1436
0
  REQUIRE(DNS_VIEW_VALID(view));
1437
1438
0
  if (tree) {
1439
0
    rcu_read_lock();
1440
0
    adb = rcu_dereference(view->adb);
1441
0
    if (adb != NULL) {
1442
0
      dns_adb_flushnames(adb, name);
1443
0
    }
1444
0
    rcu_read_unlock();
1445
0
    if (view->failcache != NULL) {
1446
0
      dns_badcache_flushtree(view->failcache, name);
1447
0
    }
1448
0
  } else {
1449
0
    rcu_read_lock();
1450
0
    adb = rcu_dereference(view->adb);
1451
0
    if (adb != NULL) {
1452
0
      dns_adb_flushname(adb, name);
1453
0
    }
1454
0
    rcu_read_unlock();
1455
0
    if (view->failcache != NULL) {
1456
0
      dns_badcache_flushname(view->failcache, name);
1457
0
    }
1458
0
  }
1459
1460
0
  if (view->cache != NULL) {
1461
0
    result = dns_cache_flushnode(view->cache, name, tree);
1462
0
  }
1463
1464
0
  return result;
1465
0
}
1466
1467
isc_result_t
1468
0
dns_view_freezezones(dns_view_t *view, bool value) {
1469
0
  isc_result_t result;
1470
0
  dns_zt_t *zonetable = NULL;
1471
1472
0
  REQUIRE(DNS_VIEW_VALID(view));
1473
1474
0
  rcu_read_lock();
1475
0
  zonetable = rcu_dereference(view->zonetable);
1476
0
  if (zonetable != NULL) {
1477
0
    result = dns_zt_freezezones(zonetable, view, value);
1478
0
  } else {
1479
0
    result = ISC_R_SUCCESS;
1480
0
  }
1481
0
  rcu_read_unlock();
1482
1483
0
  return result;
1484
0
}
1485
1486
void
1487
0
dns_view_initntatable(dns_view_t *view) {
1488
0
  REQUIRE(DNS_VIEW_VALID(view));
1489
0
  if (view->ntatable_priv != NULL) {
1490
0
    dns_ntatable_detach(&view->ntatable_priv);
1491
0
  }
1492
0
  dns_ntatable_create(view, &view->ntatable_priv);
1493
0
}
1494
1495
isc_result_t
1496
0
dns_view_getntatable(dns_view_t *view, dns_ntatable_t **ntp) {
1497
0
  REQUIRE(DNS_VIEW_VALID(view));
1498
0
  REQUIRE(ntp != NULL && *ntp == NULL);
1499
0
  if (view->ntatable_priv == NULL) {
1500
0
    return ISC_R_NOTFOUND;
1501
0
  }
1502
0
  dns_ntatable_attach(view->ntatable_priv, ntp);
1503
0
  return ISC_R_SUCCESS;
1504
0
}
1505
1506
void
1507
0
dns_view_initsecroots(dns_view_t *view) {
1508
0
  REQUIRE(DNS_VIEW_VALID(view));
1509
0
  if (view->secroots_priv != NULL) {
1510
0
    dns_keytable_detach(&view->secroots_priv);
1511
0
  }
1512
0
  dns_keytable_create(view, &view->secroots_priv);
1513
0
}
1514
1515
isc_result_t
1516
0
dns_view_getsecroots(dns_view_t *view, dns_keytable_t **ktp) {
1517
0
  REQUIRE(DNS_VIEW_VALID(view));
1518
0
  REQUIRE(ktp != NULL && *ktp == NULL);
1519
0
  if (view->secroots_priv == NULL) {
1520
0
    return ISC_R_NOTFOUND;
1521
0
  }
1522
0
  dns_keytable_attach(view->secroots_priv, ktp);
1523
0
  return ISC_R_SUCCESS;
1524
0
}
1525
1526
bool
1527
dns_view_ntacovers(dns_view_t *view, isc_stdtime_t now, const dns_name_t *name,
1528
0
       const dns_name_t *anchor) {
1529
0
  REQUIRE(DNS_VIEW_VALID(view));
1530
1531
0
  if (view->ntatable_priv == NULL) {
1532
0
    return false;
1533
0
  }
1534
1535
0
  return dns_ntatable_covered(view->ntatable_priv, now, name, anchor);
1536
0
}
1537
1538
bool
1539
dns_view_issecuredomain(dns_view_t *view, const dns_name_t *name,
1540
0
      isc_stdtime_t now, bool checknta, bool *ntap) {
1541
0
  bool secure = false;
1542
0
  dns_fixedname_t fn;
1543
0
  dns_name_t *anchor;
1544
1545
0
  REQUIRE(DNS_VIEW_VALID(view));
1546
1547
0
  if (!view->enablevalidation || view->secroots_priv == NULL) {
1548
0
    return false;
1549
0
  }
1550
1551
0
  anchor = dns_fixedname_initname(&fn);
1552
0
  secure = dns_keytable_issecuredomain(view->secroots_priv, name, anchor);
1553
1554
0
  SET_IF_NOT_NULL(ntap, false);
1555
0
  if (checknta && secure && view->ntatable_priv != NULL &&
1556
0
      dns_ntatable_covered(view->ntatable_priv, now, name, anchor))
1557
0
  {
1558
0
    SET_IF_NOT_NULL(ntap, true);
1559
0
    secure = false;
1560
0
  }
1561
1562
0
  return secure;
1563
0
}
1564
1565
void
1566
dns_view_untrust(dns_view_t *view, const dns_name_t *keyname,
1567
0
     const dns_rdata_dnskey_t *dnskey) {
1568
0
  isc_result_t result;
1569
0
  dns_keytable_t *sr = NULL;
1570
0
  dns_rdata_dnskey_t tmpkey;
1571
1572
0
  REQUIRE(DNS_VIEW_VALID(view));
1573
0
  REQUIRE(keyname != NULL);
1574
0
  REQUIRE(dnskey != NULL);
1575
1576
0
  result = dns_view_getsecroots(view, &sr);
1577
0
  if (result != ISC_R_SUCCESS) {
1578
0
    return;
1579
0
  }
1580
1581
  /*
1582
   * Clear the revoke bit, if set, so that the key will match what's
1583
   * in secroots now.
1584
   */
1585
0
  tmpkey = *dnskey;
1586
0
  tmpkey.flags &= ~DNS_KEYFLAG_REVOKE;
1587
1588
0
  result = dns_keytable_deletekey(sr, keyname, &tmpkey);
1589
0
  if (result == ISC_R_SUCCESS) {
1590
    /*
1591
     * If key was found in secroots, then it was a
1592
     * configured trust anchor, and we want to fail
1593
     * secure. If there are no other configured keys,
1594
     * then leave a null key so that we can't validate
1595
     * anymore.
1596
     */
1597
0
    dns_keytable_marksecure(sr, keyname);
1598
0
  }
1599
1600
0
  dns_keytable_detach(&sr);
1601
0
}
1602
1603
bool
1604
dns_view_istrusted(dns_view_t *view, const dns_name_t *keyname,
1605
0
       const dns_rdata_dnskey_t *dnskey) {
1606
0
  isc_result_t result;
1607
0
  dns_keytable_t *sr = NULL;
1608
0
  dns_keynode_t *knode = NULL;
1609
0
  bool answer = false;
1610
0
  dns_rdataset_t dsset;
1611
1612
0
  REQUIRE(DNS_VIEW_VALID(view));
1613
0
  REQUIRE(keyname != NULL);
1614
0
  REQUIRE(dnskey != NULL);
1615
1616
0
  result = dns_view_getsecroots(view, &sr);
1617
0
  if (result != ISC_R_SUCCESS) {
1618
0
    return false;
1619
0
  }
1620
1621
0
  dns_rdataset_init(&dsset);
1622
0
  result = dns_keytable_find(sr, keyname, &knode);
1623
0
  if (result == ISC_R_SUCCESS) {
1624
0
    if (dns_keynode_dsset(knode, &dsset)) {
1625
0
      dns_rdata_t rdata = DNS_RDATA_INIT;
1626
0
      unsigned char data[4096], digest[DNS_DS_BUFFERSIZE];
1627
0
      dns_rdata_dnskey_t tmpkey = *dnskey;
1628
0
      dns_rdata_ds_t ds;
1629
0
      isc_buffer_t b;
1630
0
      dns_rdataclass_t rdclass = tmpkey.common.rdclass;
1631
1632
      /*
1633
       * Clear the revoke bit, if set, so that the key
1634
       * will match what's in secroots now.
1635
       */
1636
0
      tmpkey.flags &= ~DNS_KEYFLAG_REVOKE;
1637
1638
0
      isc_buffer_init(&b, data, sizeof(data));
1639
0
      result = dns_rdata_fromstruct(&rdata, rdclass,
1640
0
                  dns_rdatatype_dnskey,
1641
0
                  &tmpkey, &b);
1642
0
      if (result != ISC_R_SUCCESS) {
1643
0
        goto finish;
1644
0
      }
1645
1646
0
      result = dns_ds_fromkeyrdata(
1647
0
        keyname, &rdata, DNS_DSDIGEST_SHA256, digest,
1648
0
        sizeof(digest), &ds);
1649
0
      if (result != ISC_R_SUCCESS) {
1650
0
        goto finish;
1651
0
      }
1652
1653
0
      dns_rdata_reset(&rdata);
1654
0
      isc_buffer_init(&b, data, sizeof(data));
1655
0
      result = dns_rdata_fromstruct(
1656
0
        &rdata, rdclass, dns_rdatatype_ds, &ds, &b);
1657
0
      if (result != ISC_R_SUCCESS) {
1658
0
        goto finish;
1659
0
      }
1660
1661
0
      DNS_RDATASET_FOREACH(&dsset) {
1662
0
        dns_rdata_t this = DNS_RDATA_INIT;
1663
0
        dns_rdataset_current(&dsset, &this);
1664
0
        if (dns_rdata_compare(&rdata, &this) == 0) {
1665
0
          answer = true;
1666
0
          break;
1667
0
        }
1668
0
      }
1669
0
    }
1670
0
  }
1671
1672
0
finish:
1673
0
  if (dns_rdataset_isassociated(&dsset)) {
1674
0
    dns_rdataset_disassociate(&dsset);
1675
0
  }
1676
0
  if (knode != NULL) {
1677
0
    dns_keynode_detach(&knode);
1678
0
  }
1679
0
  dns_keytable_detach(&sr);
1680
0
  return answer;
1681
0
}
1682
1683
/*
1684
 * Create path to a directory and a filename constructed from viewname.
1685
 * This is a front-end to isc_file_sanitize(), allowing backward
1686
 * compatibility to older versions when a file couldn't be expected
1687
 * to be in the specified directory but might be in the current working
1688
 * directory instead.
1689
 *
1690
 * It first tests for the existence of a file <viewname>.<suffix> in
1691
 * 'directory'. If the file does not exist, it checks again in the
1692
 * current working directory. If it does not exist there either,
1693
 * return the path inside the directory.
1694
 *
1695
 * Returns ISC_R_SUCCESS if a path to an existing file is found or
1696
 * a new path is created; returns ISC_R_NOSPACE if the path won't
1697
 * fit in 'buflen'.
1698
 */
1699
1700
static isc_result_t
1701
nz_legacy(const char *directory, const char *viewname, const char *suffix,
1702
0
    char *buffer, size_t buflen) {
1703
0
  isc_result_t result;
1704
0
  char newbuf[PATH_MAX];
1705
1706
0
  result = isc_file_sanitize(directory, viewname, suffix, buffer, buflen);
1707
0
  if (result != ISC_R_SUCCESS) {
1708
0
    return result;
1709
0
  } else if (directory == NULL || isc_file_exists(buffer)) {
1710
0
    return ISC_R_SUCCESS;
1711
0
  } else {
1712
    /* Save buffer */
1713
0
    strlcpy(newbuf, buffer, sizeof(newbuf));
1714
0
  }
1715
1716
  /*
1717
   * It isn't in the specified directory; check CWD.
1718
   */
1719
0
  result = isc_file_sanitize(NULL, viewname, suffix, buffer, buflen);
1720
0
  if (result != ISC_R_SUCCESS || isc_file_exists(buffer)) {
1721
0
    return result;
1722
0
  }
1723
1724
  /*
1725
   * File does not exist in either 'directory' or CWD,
1726
   * so use the path in 'directory'.
1727
   */
1728
0
  strlcpy(buffer, newbuf, buflen);
1729
0
  return ISC_R_SUCCESS;
1730
0
}
1731
1732
isc_result_t
1733
dns_view_setnewzones(dns_view_t *view, bool allow, void *cfgctx,
1734
0
         void (*cfg_destroy)(void **), uint64_t mapsize) {
1735
0
  isc_result_t result = ISC_R_SUCCESS;
1736
0
  char buffer[1024];
1737
#ifdef HAVE_LMDB
1738
  MDB_env *env = NULL;
1739
  int status;
1740
#endif /* ifdef HAVE_LMDB */
1741
1742
0
#ifndef HAVE_LMDB
1743
0
  UNUSED(mapsize);
1744
0
#endif /* ifndef HAVE_LMDB */
1745
1746
0
  REQUIRE(DNS_VIEW_VALID(view));
1747
0
  REQUIRE((cfgctx != NULL && cfg_destroy != NULL) || !allow);
1748
1749
0
  if (view->new_zone_file != NULL) {
1750
0
    isc_mem_free(view->mctx, view->new_zone_file);
1751
0
  }
1752
1753
#ifdef HAVE_LMDB
1754
  if (view->new_zone_dbenv != NULL) {
1755
    mdb_env_close((MDB_env *)view->new_zone_dbenv);
1756
    view->new_zone_dbenv = NULL;
1757
  }
1758
1759
  if (view->new_zone_db != NULL) {
1760
    isc_mem_free(view->mctx, view->new_zone_db);
1761
  }
1762
#endif /* HAVE_LMDB */
1763
1764
0
  if (view->new_zone_config != NULL) {
1765
0
    view->cfg_destroy(&view->new_zone_config);
1766
0
    view->cfg_destroy = NULL;
1767
0
  }
1768
1769
0
  if (!allow) {
1770
0
    return ISC_R_SUCCESS;
1771
0
  }
1772
1773
0
  CHECK(nz_legacy(view->new_zone_dir, view->name, "nzf", buffer,
1774
0
      sizeof(buffer)));
1775
1776
0
  view->new_zone_file = isc_mem_strdup(view->mctx, buffer);
1777
1778
#ifdef HAVE_LMDB
1779
  CHECK(nz_legacy(view->new_zone_dir, view->name, "nzd", buffer,
1780
      sizeof(buffer)));
1781
1782
  view->new_zone_db = isc_mem_strdup(view->mctx, buffer);
1783
1784
  status = mdb_env_create(&env);
1785
  if (status != MDB_SUCCESS) {
1786
    isc_log_write(DNS_LOGCATEGORY_GENERAL, ISC_LOGMODULE_OTHER,
1787
            ISC_LOG_ERROR, "mdb_env_create failed: %s",
1788
            mdb_strerror(status));
1789
    CHECK(ISC_R_FAILURE);
1790
  }
1791
1792
  if (mapsize != 0ULL) {
1793
    status = mdb_env_set_mapsize(env, mapsize);
1794
    if (status != MDB_SUCCESS) {
1795
      isc_log_write(DNS_LOGCATEGORY_GENERAL,
1796
              ISC_LOGMODULE_OTHER, ISC_LOG_ERROR,
1797
              "mdb_env_set_mapsize failed: %s",
1798
              mdb_strerror(status));
1799
      CHECK(ISC_R_FAILURE);
1800
    }
1801
    view->new_zone_mapsize = mapsize;
1802
  }
1803
1804
  status = mdb_env_open(env, view->new_zone_db, DNS_LMDB_FLAGS, 0600);
1805
  if (status != MDB_SUCCESS) {
1806
    isc_log_write(DNS_LOGCATEGORY_GENERAL, ISC_LOGMODULE_OTHER,
1807
            ISC_LOG_ERROR, "mdb_env_open of '%s' failed: %s",
1808
            view->new_zone_db, mdb_strerror(status));
1809
    CHECK(ISC_R_FAILURE);
1810
  }
1811
1812
  view->new_zone_dbenv = env;
1813
  env = NULL;
1814
#endif /* HAVE_LMDB */
1815
1816
0
  view->new_zone_config = cfgctx;
1817
0
  view->cfg_destroy = cfg_destroy;
1818
1819
0
cleanup:
1820
0
  if (result != ISC_R_SUCCESS) {
1821
0
    if (view->new_zone_file != NULL) {
1822
0
      isc_mem_free(view->mctx, view->new_zone_file);
1823
0
    }
1824
1825
#ifdef HAVE_LMDB
1826
    if (view->new_zone_db != NULL) {
1827
      isc_mem_free(view->mctx, view->new_zone_db);
1828
    }
1829
    if (env != NULL) {
1830
      mdb_env_close(env);
1831
    }
1832
#endif /* HAVE_LMDB */
1833
0
    view->new_zone_config = NULL;
1834
0
    view->cfg_destroy = NULL;
1835
0
  }
1836
1837
0
  return result;
1838
0
}
1839
1840
void
1841
0
dns_view_setnewzonedir(dns_view_t *view, const char *dir) {
1842
0
  REQUIRE(DNS_VIEW_VALID(view));
1843
1844
0
  if (view->new_zone_dir != NULL) {
1845
0
    isc_mem_free(view->mctx, view->new_zone_dir);
1846
0
  }
1847
1848
0
  if (dir == NULL) {
1849
0
    return;
1850
0
  }
1851
1852
0
  view->new_zone_dir = isc_mem_strdup(view->mctx, dir);
1853
0
}
1854
1855
const char *
1856
0
dns_view_getnewzonedir(dns_view_t *view) {
1857
0
  REQUIRE(DNS_VIEW_VALID(view));
1858
1859
0
  return view->new_zone_dir;
1860
0
}
1861
1862
isc_result_t
1863
dns_view_searchdlz(dns_view_t *view, const dns_name_t *name,
1864
       unsigned int minlabels, dns_clientinfomethods_t *methods,
1865
0
       dns_clientinfo_t *clientinfo, dns_db_t **dbp) {
1866
0
  dns_fixedname_t fname;
1867
0
  dns_name_t *zonename;
1868
0
  unsigned int namelabels;
1869
0
  unsigned int i;
1870
0
  isc_result_t result;
1871
0
  dns_dlzfindzone_t findzone;
1872
0
  dns_db_t *db, *best = NULL;
1873
1874
  /*
1875
   * Performs checks to make sure data is as we expect it to be.
1876
   */
1877
0
  REQUIRE(DNS_VIEW_VALID(view));
1878
0
  REQUIRE(name != NULL);
1879
0
  REQUIRE(dbp != NULL && *dbp == NULL);
1880
1881
  /* setup a "fixed" dns name */
1882
0
  zonename = dns_fixedname_initname(&fname);
1883
1884
  /* count the number of labels in the name */
1885
0
  namelabels = dns_name_countlabels(name);
1886
1887
0
  ISC_LIST_FOREACH(view->dlz_searched, dlzdb, link) {
1888
0
    REQUIRE(DNS_DLZ_VALID(dlzdb));
1889
1890
    /*
1891
     * loop through starting with the longest domain name and
1892
     * trying shorter names portions of the name until we find a
1893
     * match, have an error, or are below the 'minlabels'
1894
     * threshold.  minlabels is 0, if neither the standard
1895
     * database nor any previous DLZ database had a zone name
1896
     * match. Otherwise minlabels is the number of labels
1897
     * in that name.  We need to beat that for a "better"
1898
     * match for this DLZ database to be authoritative.
1899
     */
1900
0
    for (i = namelabels; i > minlabels && i > 1; i--) {
1901
0
      if (i == namelabels) {
1902
0
        dns_name_copy(name, zonename);
1903
0
      } else {
1904
0
        dns_name_split(name, i, NULL, zonename);
1905
0
      }
1906
1907
      /* ask SDLZ driver if the zone is supported */
1908
0
      db = NULL;
1909
0
      findzone = dlzdb->implementation->methods->findzone;
1910
0
      result = (*findzone)(dlzdb->implementation->driverarg,
1911
0
               dlzdb->dbdata, dlzdb->mctx,
1912
0
               view->rdclass, zonename, methods,
1913
0
               clientinfo, &db);
1914
1915
0
      if (result != ISC_R_NOTFOUND) {
1916
0
        if (best != NULL) {
1917
0
          dns_db_detach(&best);
1918
0
        }
1919
0
        if (result == ISC_R_SUCCESS) {
1920
0
          INSIST(db != NULL);
1921
0
          dns_db_attach(db, &best);
1922
0
          dns_db_detach(&db);
1923
0
          minlabels = i;
1924
0
        } else {
1925
0
          if (db != NULL) {
1926
0
            dns_db_detach(&db);
1927
0
          }
1928
0
          break;
1929
0
        }
1930
0
      } else if (db != NULL) {
1931
0
        dns_db_detach(&db);
1932
0
      }
1933
0
    }
1934
0
  }
1935
1936
0
  if (best != NULL) {
1937
0
    dns_db_attach(best, dbp);
1938
0
    dns_db_detach(&best);
1939
0
    return ISC_R_SUCCESS;
1940
0
  }
1941
1942
0
  return ISC_R_NOTFOUND;
1943
0
}
1944
1945
uint32_t
1946
0
dns_view_getfailttl(dns_view_t *view) {
1947
0
  REQUIRE(DNS_VIEW_VALID(view));
1948
0
  return view->fail_ttl;
1949
0
}
1950
1951
void
1952
0
dns_view_setfailttl(dns_view_t *view, uint32_t fail_ttl) {
1953
0
  REQUIRE(DNS_VIEW_VALID(view));
1954
0
  view->fail_ttl = fail_ttl;
1955
0
}
1956
1957
isc_result_t
1958
0
dns_view_saventa(dns_view_t *view) {
1959
0
  isc_result_t result;
1960
0
  bool removefile = false;
1961
0
  dns_ntatable_t *ntatable = NULL;
1962
0
  FILE *fp = NULL;
1963
1964
0
  REQUIRE(DNS_VIEW_VALID(view));
1965
1966
0
  if (view->nta_lifetime == 0) {
1967
0
    return ISC_R_SUCCESS;
1968
0
  }
1969
1970
  /* Open NTA save file for overwrite. */
1971
0
  CHECK(isc_stdio_open(view->nta_file, "w", &fp));
1972
1973
0
  result = dns_view_getntatable(view, &ntatable);
1974
0
  if (result == ISC_R_NOTFOUND) {
1975
0
    removefile = true;
1976
0
    result = ISC_R_SUCCESS;
1977
0
    goto cleanup;
1978
0
  } else {
1979
0
    CHECK(result);
1980
0
  }
1981
1982
0
  result = dns_ntatable_save(ntatable, fp);
1983
0
  if (result == ISC_R_NOTFOUND) {
1984
0
    removefile = true;
1985
0
    result = ISC_R_SUCCESS;
1986
0
  } else if (result == ISC_R_SUCCESS) {
1987
0
    result = isc_stdio_close(fp);
1988
0
    fp = NULL;
1989
0
  }
1990
1991
0
cleanup:
1992
0
  if (ntatable != NULL) {
1993
0
    dns_ntatable_detach(&ntatable);
1994
0
  }
1995
1996
0
  if (fp != NULL) {
1997
0
    (void)isc_stdio_close(fp);
1998
0
  }
1999
2000
  /* Don't leave half-baked NTA save files lying around. */
2001
0
  if (result != ISC_R_SUCCESS || removefile) {
2002
0
    (void)isc_file_remove(view->nta_file);
2003
0
  }
2004
2005
0
  return result;
2006
0
}
2007
2008
0
#define TSTR(t) ((t).value.as_textregion.base)
2009
0
#define TLEN(t) ((t).value.as_textregion.length)
2010
2011
isc_result_t
2012
0
dns_view_loadnta(dns_view_t *view) {
2013
0
  isc_result_t result;
2014
0
  dns_ntatable_t *ntatable = NULL;
2015
0
  isc_lex_t *lex = NULL;
2016
0
  isc_token_t token;
2017
0
  isc_stdtime_t now = isc_stdtime_now();
2018
2019
0
  REQUIRE(DNS_VIEW_VALID(view));
2020
2021
0
  if (view->nta_lifetime == 0) {
2022
0
    return ISC_R_SUCCESS;
2023
0
  }
2024
2025
0
  isc_lex_create(view->mctx, 1025, &lex);
2026
0
  CHECK(isc_lex_openfile(lex, view->nta_file));
2027
0
  CHECK(dns_view_getntatable(view, &ntatable));
2028
2029
0
  for (;;) {
2030
0
    int options = (ISC_LEXOPT_EOL | ISC_LEXOPT_EOF);
2031
0
    char *name, *type, *timestamp;
2032
0
    size_t len;
2033
0
    dns_fixedname_t fn;
2034
0
    const dns_name_t *ntaname;
2035
0
    isc_buffer_t b;
2036
0
    isc_stdtime_t t;
2037
0
    bool forced;
2038
2039
0
    CHECK(isc_lex_gettoken(lex, options, &token));
2040
0
    if (token.type == isc_tokentype_eof) {
2041
0
      break;
2042
0
    } else if (token.type != isc_tokentype_string) {
2043
0
      CHECK(ISC_R_UNEXPECTEDTOKEN);
2044
0
    }
2045
0
    name = TSTR(token);
2046
0
    len = TLEN(token);
2047
2048
0
    if (strcmp(name, ".") == 0) {
2049
0
      ntaname = dns_rootname;
2050
0
    } else {
2051
0
      dns_name_t *fname;
2052
0
      fname = dns_fixedname_initname(&fn);
2053
2054
0
      isc_buffer_init(&b, name, (unsigned int)len);
2055
0
      isc_buffer_add(&b, (unsigned int)len);
2056
0
      CHECK(dns_name_fromtext(fname, &b, dns_rootname, 0));
2057
0
      ntaname = fname;
2058
0
    }
2059
2060
0
    CHECK(isc_lex_gettoken(lex, options, &token));
2061
0
    if (token.type != isc_tokentype_string) {
2062
0
      CHECK(ISC_R_UNEXPECTEDTOKEN);
2063
0
    }
2064
0
    type = TSTR(token);
2065
2066
0
    if (strcmp(type, "regular") == 0) {
2067
0
      forced = false;
2068
0
    } else if (strcmp(type, "forced") == 0) {
2069
0
      forced = true;
2070
0
    } else {
2071
0
      CHECK(ISC_R_UNEXPECTEDTOKEN);
2072
0
    }
2073
2074
0
    CHECK(isc_lex_gettoken(lex, options, &token));
2075
0
    if (token.type != isc_tokentype_string) {
2076
0
      CHECK(ISC_R_UNEXPECTEDTOKEN);
2077
0
    }
2078
0
    timestamp = TSTR(token);
2079
0
    CHECK(dns_time32_fromtext(timestamp, &t));
2080
2081
0
    CHECK(isc_lex_gettoken(lex, options, &token));
2082
0
    if (token.type != isc_tokentype_eol &&
2083
0
        token.type != isc_tokentype_eof)
2084
0
    {
2085
0
      CHECK(ISC_R_UNEXPECTEDTOKEN);
2086
0
    }
2087
2088
0
    if (now <= t) {
2089
0
      if (t > (now + 604800)) {
2090
0
        t = now + 604800;
2091
0
      }
2092
2093
0
      (void)dns_ntatable_add(ntatable, ntaname, forced, 0, t);
2094
0
    } else {
2095
0
      char nb[DNS_NAME_FORMATSIZE];
2096
0
      dns_name_format(ntaname, nb, sizeof(nb));
2097
0
      isc_log_write(DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_NTA,
2098
0
              ISC_LOG_INFO,
2099
0
              "ignoring expired NTA at %s", nb);
2100
0
    }
2101
0
  }
2102
2103
0
cleanup:
2104
0
  if (ntatable != NULL) {
2105
0
    dns_ntatable_detach(&ntatable);
2106
0
  }
2107
2108
0
  if (lex != NULL) {
2109
0
    isc_lex_close(lex);
2110
0
    isc_lex_destroy(&lex);
2111
0
  }
2112
2113
0
  return result;
2114
0
}
2115
2116
void
2117
0
dns_view_setviewcommit(dns_view_t *view) {
2118
0
  dns_zone_t *redirect = NULL, *managed_keys = NULL;
2119
0
  dns_zt_t *zonetable = NULL;
2120
2121
0
  REQUIRE(DNS_VIEW_VALID(view));
2122
2123
0
  LOCK(&view->lock);
2124
2125
0
  if (view->redirect != NULL) {
2126
0
    dns_zone_attach(view->redirect, &redirect);
2127
0
  }
2128
0
  if (view->managed_keys != NULL) {
2129
0
    dns_zone_attach(view->managed_keys, &managed_keys);
2130
0
  }
2131
2132
0
  UNLOCK(&view->lock);
2133
2134
0
  rcu_read_lock();
2135
0
  zonetable = rcu_dereference(view->zonetable);
2136
0
  if (zonetable != NULL) {
2137
0
    dns_zt_setviewcommit(zonetable);
2138
0
  }
2139
0
  rcu_read_unlock();
2140
2141
0
  if (redirect != NULL) {
2142
0
    dns_zone_setviewcommit(redirect);
2143
0
    dns_zone_detach(&redirect);
2144
0
  }
2145
0
  if (managed_keys != NULL) {
2146
0
    dns_zone_setviewcommit(managed_keys);
2147
0
    dns_zone_detach(&managed_keys);
2148
0
  }
2149
0
}
2150
2151
void
2152
0
dns_view_setviewrevert(dns_view_t *view) {
2153
0
  dns_zone_t *redirect = NULL, *managed_keys = NULL;
2154
0
  dns_zt_t *zonetable = NULL;
2155
2156
0
  REQUIRE(DNS_VIEW_VALID(view));
2157
2158
  /*
2159
   * dns_zt_setviewrevert() attempts to lock this view, so we must
2160
   * release the lock.
2161
   */
2162
0
  LOCK(&view->lock);
2163
0
  if (view->redirect != NULL) {
2164
0
    dns_zone_attach(view->redirect, &redirect);
2165
0
  }
2166
0
  if (view->managed_keys != NULL) {
2167
0
    dns_zone_attach(view->managed_keys, &managed_keys);
2168
0
  }
2169
0
  UNLOCK(&view->lock);
2170
2171
0
  if (redirect != NULL) {
2172
0
    dns_zone_setviewrevert(redirect);
2173
0
    dns_zone_detach(&redirect);
2174
0
  }
2175
0
  if (managed_keys != NULL) {
2176
0
    dns_zone_setviewrevert(managed_keys);
2177
0
    dns_zone_detach(&managed_keys);
2178
0
  }
2179
0
  rcu_read_lock();
2180
0
  zonetable = rcu_dereference(view->zonetable);
2181
0
  if (zonetable != NULL) {
2182
0
    dns_zt_setviewrevert(zonetable);
2183
0
  }
2184
0
  rcu_read_unlock();
2185
0
}
2186
2187
bool
2188
0
dns_view_staleanswerenabled(dns_view_t *view) {
2189
0
  uint32_t stale_ttl = 0;
2190
0
  bool result = false;
2191
2192
0
  REQUIRE(DNS_VIEW_VALID(view));
2193
2194
0
  if (dns_db_getservestalettl(view->cachedb, &stale_ttl) != ISC_R_SUCCESS)
2195
0
  {
2196
0
    return false;
2197
0
  }
2198
0
  if (stale_ttl > 0) {
2199
0
    if (view->staleanswersok == dns_stale_answer_yes) {
2200
0
      result = true;
2201
0
    } else if (view->staleanswersok == dns_stale_answer_conf) {
2202
0
      result = view->staleanswersenable;
2203
0
    }
2204
0
  }
2205
2206
0
  return result;
2207
0
}
2208
2209
void
2210
0
dns_view_flushonshutdown(dns_view_t *view, bool flush) {
2211
0
  REQUIRE(DNS_VIEW_VALID(view));
2212
2213
0
  view->flush = flush;
2214
0
}
2215
2216
void
2217
2
dns_view_sfd_add(dns_view_t *view, const dns_name_t *name) {
2218
2
  isc_result_t result;
2219
2220
2
  REQUIRE(DNS_VIEW_VALID(view));
2221
2222
2
  result = dns_nametree_add(view->sfd, name, 0);
2223
2
  RUNTIME_CHECK(result == ISC_R_SUCCESS);
2224
2
}
2225
2226
void
2227
0
dns_view_sfd_del(dns_view_t *view, const dns_name_t *name) {
2228
0
  REQUIRE(DNS_VIEW_VALID(view));
2229
2230
0
  dns_nametree_delete(view->sfd, name);
2231
0
}
2232
2233
void
2234
dns_view_sfd_find(dns_view_t *view, const dns_name_t *name,
2235
0
      dns_name_t *foundname) {
2236
0
  REQUIRE(DNS_VIEW_VALID(view));
2237
2238
0
  if (!dns_nametree_covered(view->sfd, name, foundname, 0)) {
2239
0
    dns_name_copy(dns_rootname, foundname);
2240
0
  }
2241
0
}
2242
2243
isc_result_t
2244
0
dns_view_getresolver(dns_view_t *view, dns_resolver_t **resolverp) {
2245
0
  isc_result_t result;
2246
0
  REQUIRE(DNS_VIEW_VALID(view));
2247
0
  REQUIRE(resolverp != NULL && *resolverp == NULL);
2248
0
  LOCK(&view->lock);
2249
0
  if (view->resolver != NULL) {
2250
0
    dns_resolver_attach(view->resolver, resolverp);
2251
0
    result = ISC_R_SUCCESS;
2252
0
  } else {
2253
0
    result = ISC_R_SHUTTINGDOWN;
2254
0
  }
2255
0
  UNLOCK(&view->lock);
2256
0
  return result;
2257
0
}
2258
2259
void
2260
0
dns_view_setmaxrrperset(dns_view_t *view, uint32_t value) {
2261
0
  REQUIRE(DNS_VIEW_VALID(view));
2262
0
  view->maxrrperset = value;
2263
0
  if (view->cache != NULL) {
2264
0
    dns_cache_setmaxrrperset(view->cache, value);
2265
0
  }
2266
0
}
2267
2268
void
2269
0
dns_view_setmaxtypepername(dns_view_t *view, uint32_t value) {
2270
0
  REQUIRE(DNS_VIEW_VALID(view));
2271
0
  view->maxtypepername = value;
2272
0
  if (view->cache != NULL) {
2273
0
    dns_cache_setmaxtypepername(view->cache, value);
2274
0
  }
2275
0
}
2276
2277
void
2278
0
dns_view_setudpsize(dns_view_t *view, uint16_t udpsize) {
2279
0
  REQUIRE(DNS_VIEW_VALID(view));
2280
0
  view->udpsize = udpsize;
2281
0
}
2282
2283
uint16_t
2284
0
dns_view_getudpsize(dns_view_t *view) {
2285
0
  REQUIRE(DNS_VIEW_VALID(view));
2286
0
  return view->udpsize;
2287
0
}
2288
2289
dns_dispatchmgr_t *
2290
0
dns_view_getdispatchmgr(dns_view_t *view) {
2291
0
  REQUIRE(DNS_VIEW_VALID(view));
2292
2293
0
  rcu_read_lock();
2294
0
  dns_dispatchmgr_t *dispatchmgr = rcu_dereference(view->dispatchmgr);
2295
0
  if (dispatchmgr != NULL) {
2296
0
    dns_dispatchmgr_ref(dispatchmgr);
2297
0
  }
2298
0
  rcu_read_unlock();
2299
2300
0
  return dispatchmgr;
2301
0
}
2302
2303
isc_result_t
2304
dns_view_addtrustedkey(dns_view_t *view, dns_rdatatype_t rdtype,
2305
0
           const dns_name_t *keyname, isc_buffer_t *databuf) {
2306
0
  isc_result_t result;
2307
0
  dns_name_t *name = UNCONST(keyname);
2308
0
  char rdatabuf[DST_KEY_MAXSIZE];
2309
0
  unsigned char digest[DNS_DS_BUFFERSIZE];
2310
0
  dns_rdata_ds_t ds;
2311
0
  dns_rdata_t rdata;
2312
0
  isc_buffer_t b;
2313
2314
0
  REQUIRE(DNS_VIEW_VALID(view));
2315
0
  REQUIRE(view->rdclass == dns_rdataclass_in);
2316
2317
0
  if (rdtype != dns_rdatatype_dnskey && rdtype != dns_rdatatype_ds) {
2318
0
    result = ISC_R_NOTIMPLEMENTED;
2319
0
    goto cleanup;
2320
0
  }
2321
2322
0
  isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
2323
0
  dns_rdata_init(&rdata);
2324
0
  isc_buffer_setactive(databuf, isc_buffer_usedlength(databuf));
2325
0
  CHECK(dns_rdata_fromwire(&rdata, view->rdclass, rdtype, databuf,
2326
0
         DNS_DECOMPRESS_NEVER, &b));
2327
2328
0
  if (rdtype == dns_rdatatype_ds) {
2329
0
    CHECK(dns_rdata_tostruct(&rdata, &ds, NULL));
2330
0
  } else {
2331
0
    CHECK(dns_ds_fromkeyrdata(name, &rdata, DNS_DSDIGEST_SHA256,
2332
0
            digest, sizeof(digest), &ds));
2333
0
  }
2334
2335
0
  CHECK(dns_keytable_add(view->secroots_priv, false, false, name, &ds,
2336
0
             NULL, NULL));
2337
2338
0
cleanup:
2339
0
  return result;
2340
0
}
2341
2342
isc_result_t
2343
dns_view_apply(dns_view_t *view, bool stop, isc_result_t *sub,
2344
0
         isc_result_t (*action)(dns_zone_t *, void *), void *uap) {
2345
0
  isc_result_t result;
2346
0
  dns_zt_t *zonetable = NULL;
2347
2348
0
  REQUIRE(DNS_VIEW_VALID(view));
2349
2350
0
  rcu_read_lock();
2351
0
  zonetable = rcu_dereference(view->zonetable);
2352
0
  if (zonetable != NULL) {
2353
0
    result = dns_zt_apply(zonetable, stop, sub, action, uap);
2354
0
  } else {
2355
0
    result = ISC_R_SHUTTINGDOWN;
2356
0
  }
2357
0
  rcu_read_unlock();
2358
0
  return result;
2359
0
}
2360
2361
void
2362
0
dns_view_getadb(dns_view_t *view, dns_adb_t **adbp) {
2363
0
  dns_adb_t *adb = NULL;
2364
2365
0
  REQUIRE(DNS_VIEW_VALID(view));
2366
0
  REQUIRE(adbp != NULL && *adbp == NULL);
2367
2368
0
  rcu_read_lock();
2369
0
  adb = rcu_dereference(view->adb);
2370
0
  if (adb != NULL) {
2371
0
    dns_adb_attach(adb, adbp);
2372
0
  }
2373
0
  rcu_read_unlock();
2374
0
}
2375
2376
void
2377
0
dns_view_setmaxrestarts(dns_view_t *view, uint8_t max_restarts) {
2378
0
  REQUIRE(DNS_VIEW_VALID(view));
2379
0
  REQUIRE(max_restarts > 0);
2380
2381
0
  view->max_restarts = max_restarts;
2382
0
}
2383
2384
void
2385
0
dns_view_setmaxqueries(dns_view_t *view, uint16_t max_queries) {
2386
0
  REQUIRE(DNS_VIEW_VALID(view));
2387
0
  REQUIRE(max_queries > 0);
2388
2389
0
  view->max_queries = max_queries;
2390
0
}