/src/bind9/lib/dns/zonefetch.c
Line | Count | Source |
1 | | /* |
2 | | * Copyright (C) Internet Systems Consortium, Inc. ("ISC") |
3 | | * |
4 | | * SPDX-License-Identifier: MPL-2.0 |
5 | | * |
6 | | * This Source Code Form is subject to the terms of the Mozilla Public |
7 | | * License, v. 2.0. If a copy of the MPL was not distributed with this |
8 | | * file, you can obtain one at https://mozilla.org/MPL/2.0/. |
9 | | * |
10 | | * See the COPYRIGHT file distributed with this work for additional |
11 | | * information regarding copyright ownership. |
12 | | */ |
13 | | |
14 | | /*! \file */ |
15 | | |
16 | | #include <isc/async.h> |
17 | | #include <isc/loop.h> |
18 | | |
19 | | #include <dns/resolver.h> |
20 | | #include <dns/view.h> |
21 | | #include <dns/zone.h> |
22 | | #include <dns/zonefetch.h> |
23 | | |
24 | | #include "zone_p.h" |
25 | | |
26 | | void |
27 | 0 | dns_zonefetch_run(void *arg) { |
28 | 0 | dns_zonefetch_t *fetch = (dns_zonefetch_t *)arg; |
29 | 0 | dns_zone_t *zone; |
30 | 0 | dns_view_t *view; |
31 | 0 | isc_loop_t *loop; |
32 | 0 | isc_result_t result; |
33 | 0 | dns_resolver_t *resolver = NULL; |
34 | |
|
35 | 0 | zone = fetch->zone; |
36 | 0 | if (dns__zone_exiting(zone)) { |
37 | 0 | result = ISC_R_SHUTTINGDOWN; |
38 | 0 | goto cancel; |
39 | 0 | } |
40 | 0 | view = dns_zone_getview(zone); |
41 | 0 | loop = dns_zone_getloop(zone); |
42 | |
|
43 | 0 | INSIST(view != NULL); |
44 | 0 | INSIST(loop != NULL); |
45 | |
|
46 | 0 | result = fetch->fetchmethods.start_fetch(fetch); |
47 | 0 | if (result != ISC_R_SUCCESS) { |
48 | 0 | goto cancel; |
49 | 0 | } |
50 | | |
51 | 0 | result = dns_view_getresolver(view, &resolver); |
52 | 0 | if (result != ISC_R_SUCCESS) { |
53 | 0 | goto cancel; |
54 | 0 | } |
55 | | |
56 | 0 | if (isc_log_wouldlog(ISC_LOG_DEBUG(3))) { |
57 | 0 | char namebuf[DNS_NAME_FORMATSIZE]; |
58 | 0 | char typebuf[DNS_RDATATYPE_FORMATSIZE]; |
59 | 0 | dns_name_format(fetch->qname, namebuf, sizeof(namebuf)); |
60 | 0 | dns_rdatatype_format(fetch->qtype, typebuf, sizeof(typebuf)); |
61 | 0 | dns_zone_logc(zone, DNS_LOGCATEGORY_DNSSEC, ISC_LOG_DEBUG(3), |
62 | 0 | "Do fetch for %s/%s request", namebuf, typebuf); |
63 | 0 | } |
64 | | |
65 | | /* |
66 | | * Use of DNS_FETCHOPT_NOCACHED is essential here. If it is not |
67 | | * set and the cache still holds a non-expired, validated version |
68 | | * of the RRset being queried for by the time the response is |
69 | | * received, the cached RRset will be passed to dns_zonefetch_done() |
70 | | * instead of the one received in the response as the latter will |
71 | | * have a lower trust level due to not being validated until |
72 | | * dns_zonefetch_done() is called. |
73 | | */ |
74 | 0 | INSIST((fetch->options & DNS_FETCHOPT_NOCACHED) != 0); |
75 | |
|
76 | 0 | result = dns_resolver_createfetch( |
77 | 0 | resolver, fetch->qname, fetch->qtype, NULL, NULL, NULL, NULL, 0, |
78 | 0 | fetch->options, 0, NULL, NULL, NULL, loop, dns_zonefetch_done, |
79 | 0 | fetch, NULL, &fetch->rrset, &fetch->sigset, &fetch->fetch); |
80 | |
|
81 | 0 | dns_resolver_detach(&resolver); |
82 | |
|
83 | 0 | cancel: |
84 | 0 | if (result == ISC_R_SUCCESS) { |
85 | 0 | return; |
86 | 0 | } else if (result != ISC_R_SHUTTINGDOWN) { |
87 | 0 | char namebuf[DNS_NAME_FORMATSIZE]; |
88 | 0 | char typebuf[DNS_RDATATYPE_FORMATSIZE]; |
89 | 0 | dns_name_format(fetch->qname, namebuf, sizeof(namebuf)); |
90 | 0 | dns_rdatatype_format(fetch->qtype, typebuf, sizeof(typebuf)); |
91 | 0 | dns_zone_log(zone, ISC_LOG_WARNING, |
92 | 0 | "Failed fetch for %s/%s request", namebuf, |
93 | 0 | typebuf); |
94 | 0 | } |
95 | | |
96 | | /* |
97 | | * Fetch failed, cancel. |
98 | | */ |
99 | 0 | dns__zone_lock(zone); |
100 | |
|
101 | 0 | dns_name_t *zname = dns_fixedname_name(&fetch->name); |
102 | 0 | isc_mem_t *mctx = dns_zone_getmctx(zone); |
103 | 0 | bool free_needed; |
104 | |
|
105 | 0 | isc_refcount_decrement(dns__zone_irefs(zone)); |
106 | 0 | dns_name_free(zname, mctx); |
107 | |
|
108 | 0 | fetch->fetchmethods.cancel_fetch(fetch); |
109 | |
|
110 | 0 | isc_mem_putanddetach(&fetch->mctx, fetch, sizeof(*fetch)); |
111 | 0 | free_needed = dns__zone_free_check(zone); |
112 | |
|
113 | 0 | dns__zone_unlock(zone); |
114 | |
|
115 | 0 | if (free_needed) { |
116 | 0 | dns__zone_free(zone); |
117 | 0 | } |
118 | 0 | } |
119 | | |
120 | | void |
121 | 0 | dns_zonefetch_done(void *arg) { |
122 | 0 | dns_fetchresponse_t *resp = (dns_fetchresponse_t *)arg; |
123 | 0 | isc_result_t result = ISC_R_NOMORE; |
124 | 0 | isc_result_t eresult; |
125 | 0 | dns_zonefetch_t *fetch = NULL; |
126 | 0 | dns_zone_t *zone = NULL; |
127 | 0 | dns_view_t *view = NULL; |
128 | 0 | isc_mem_t *mctx = NULL; |
129 | 0 | dns_name_t *zname = NULL; |
130 | 0 | dns_rdataset_t *rrset = NULL; |
131 | 0 | dns_rdataset_t *sigset = NULL; |
132 | |
|
133 | 0 | INSIST(resp != NULL); |
134 | |
|
135 | 0 | fetch = resp->arg; |
136 | |
|
137 | 0 | INSIST(fetch != NULL); |
138 | |
|
139 | 0 | mctx = fetch->mctx; |
140 | 0 | zone = fetch->zone; |
141 | 0 | zname = dns_fixedname_name(&fetch->name); |
142 | 0 | rrset = &fetch->rrset; |
143 | 0 | sigset = &fetch->sigset; |
144 | 0 | view = dns_zone_getview(zone); |
145 | 0 | eresult = resp->result; |
146 | | |
147 | | /* Free resources which are not of interest */ |
148 | 0 | if (resp->node != NULL) { |
149 | 0 | dns_db_detachnode(&resp->node); |
150 | 0 | } |
151 | 0 | if (resp->db != NULL) { |
152 | 0 | dns_db_detach(&resp->db); |
153 | 0 | } |
154 | 0 | dns_resolver_destroyfetch(&fetch->fetch); |
155 | |
|
156 | 0 | dns__zone_lock(zone); |
157 | 0 | if (dns__zone_exiting(zone) || view == NULL) { |
158 | 0 | goto cleanup; |
159 | 0 | } |
160 | | |
161 | 0 | result = fetch->fetchmethods.done_fetch(fetch, eresult); |
162 | |
|
163 | 0 | cleanup: |
164 | 0 | isc_refcount_decrement(dns__zone_irefs(zone)); |
165 | |
|
166 | 0 | dns_rdataset_cleanup(rrset); |
167 | 0 | dns_rdataset_cleanup(sigset); |
168 | |
|
169 | 0 | fetch->fetchmethods.cleanup_fetch(fetch); |
170 | |
|
171 | 0 | dns_resolver_freefresp(&resp); |
172 | |
|
173 | 0 | if (result == DNS_R_CONTINUE) { |
174 | 0 | dns__zone_unlock(zone); |
175 | 0 | fetch->fetchmethods.continue_fetch(fetch); |
176 | 0 | } else { |
177 | 0 | bool free_needed = false; |
178 | 0 | dns_name_free(zname, mctx); |
179 | 0 | isc_mem_putanddetach(&fetch->mctx, fetch, |
180 | 0 | sizeof(dns_zonefetch_t)); |
181 | 0 | free_needed = dns__zone_free_check(zone); |
182 | |
|
183 | 0 | dns__zone_unlock(zone); |
184 | |
|
185 | 0 | if (free_needed) { |
186 | 0 | dns__zone_free(zone); |
187 | 0 | } |
188 | 0 | } |
189 | 0 | } |
190 | | |
191 | | static void |
192 | 0 | zonefetch_schedule(dns_zonefetch_t *fetch, dns_name_t *name) { |
193 | 0 | dns_zone_t *zone = fetch->zone; |
194 | |
|
195 | 0 | isc_refcount_increment0(dns__zone_irefs(zone)); |
196 | |
|
197 | 0 | if (name != NULL) { |
198 | 0 | dns_name_t *fname = dns_fixedname_initname(&fetch->name); |
199 | 0 | dns_name_dup(name, fetch->mctx, fname); |
200 | 0 | } |
201 | |
|
202 | 0 | dns_rdataset_init(&fetch->rrset); |
203 | 0 | dns_rdataset_init(&fetch->sigset); |
204 | |
|
205 | 0 | isc_async_run(dns_zone_getloop(zone), dns_zonefetch_run, fetch); |
206 | 0 | } |
207 | | |
208 | | void |
209 | 0 | dns_zonefetch_schedule(dns_zonefetch_t *fetch, dns_name_t *name) { |
210 | 0 | REQUIRE(fetch != NULL); |
211 | 0 | REQUIRE(name != NULL); |
212 | |
|
213 | 0 | zonefetch_schedule(fetch, name); |
214 | 0 | } |
215 | | |
216 | | void |
217 | 0 | dns_zonefetch_reschedule(dns_zonefetch_t *fetch) { |
218 | 0 | REQUIRE(fetch != NULL); |
219 | |
|
220 | 0 | zonefetch_schedule(fetch, NULL); |
221 | 0 | } |
222 | | |
223 | | isc_result_t |
224 | | dns_zonefetch_verify(dns_zonefetch_t *fetch, isc_result_t eresult, |
225 | 0 | dns_trust_t trust) { |
226 | 0 | char namebuf[DNS_NAME_FORMATSIZE]; |
227 | 0 | char typebuf[DNS_RDATATYPE_FORMATSIZE]; |
228 | 0 | dns_rdataset_t *rrset = NULL; |
229 | 0 | dns_rdataset_t *sigset = NULL; |
230 | |
|
231 | 0 | REQUIRE(fetch != NULL); |
232 | |
|
233 | 0 | rrset = &fetch->rrset; |
234 | 0 | sigset = &fetch->sigset; |
235 | 0 | dns_name_format(fetch->qname, namebuf, sizeof(namebuf)); |
236 | 0 | dns_rdatatype_format(fetch->qtype, typebuf, sizeof(typebuf)); |
237 | |
|
238 | 0 | if (eresult != ISC_R_SUCCESS) { |
239 | 0 | dns_zone_logc(fetch->zone, DNS_LOGCATEGORY_DNSSEC, |
240 | 0 | ISC_LOG_WARNING, "Unable to fetch %s/%s: %s", |
241 | 0 | namebuf, typebuf, isc_result_totext(eresult)); |
242 | 0 | return eresult; |
243 | 0 | } |
244 | | |
245 | | /* No records found */ |
246 | 0 | if (!dns_rdataset_isassociated(rrset)) { |
247 | 0 | dns_zone_logc(fetch->zone, DNS_LOGCATEGORY_DNSSEC, |
248 | 0 | ISC_LOG_WARNING, "No %s records found for '%s'", |
249 | 0 | typebuf, namebuf); |
250 | 0 | return ISC_R_NOTFOUND; |
251 | 0 | } |
252 | | |
253 | | /* No RRSIGs found */ |
254 | 0 | if (!dns_rdataset_isassociated(sigset)) { |
255 | 0 | dns_zone_logc(fetch->zone, DNS_LOGCATEGORY_DNSSEC, |
256 | 0 | ISC_LOG_WARNING, "No %s RRSIGs found for '%s'", |
257 | 0 | typebuf, namebuf); |
258 | 0 | return DNS_R_NOVALIDSIG; |
259 | 0 | } |
260 | | |
261 | | /* Check trust level */ |
262 | 0 | if (rrset->trust < trust) { |
263 | 0 | dns_zone_logc(fetch->zone, DNS_LOGCATEGORY_DNSSEC, |
264 | 0 | ISC_LOG_WARNING, |
265 | 0 | "Invalid %s RRset for '%s' trust level %u", |
266 | 0 | typebuf, namebuf, rrset->trust); |
267 | 0 | return DNS_R_NOVALIDSIG; |
268 | 0 | } |
269 | | |
270 | 0 | return ISC_R_SUCCESS; |
271 | 0 | } |