2001-04-10 21:52:17 +00:00
|
|
|
/*
|
2018-02-23 09:53:12 +01:00
|
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
2001-04-10 21:52:17 +00:00
|
|
|
*
|
2016-06-27 14:56:38 +10:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
2020-09-14 16:20:40 -07:00
|
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
2018-02-23 09:53:12 +01:00
|
|
|
*
|
|
|
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
* information regarding copyright ownership.
|
2001-04-10 21:52:17 +00:00
|
|
|
*/
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*! \file */
|
2001-04-10 21:52:17 +00:00
|
|
|
|
2018-03-28 14:19:37 +02:00
|
|
|
#include <inttypes.h>
|
2018-04-17 08:29:14 -07:00
|
|
|
#include <stdbool.h>
|
2018-03-28 14:19:37 +02:00
|
|
|
|
2020-10-22 12:32:18 +02:00
|
|
|
#include <isc/app.h>
|
2001-03-27 00:45:13 +00:00
|
|
|
#include <isc/base64.h>
|
|
|
|
|
#include <isc/buffer.h>
|
|
|
|
|
#include <isc/event.h>
|
2014-02-27 17:55:04 -08:00
|
|
|
#include <isc/file.h>
|
2001-03-27 00:45:13 +00:00
|
|
|
#include <isc/mem.h>
|
2020-09-08 12:11:06 +10:00
|
|
|
#include <isc/mutex.h>
|
2001-10-31 19:35:19 +00:00
|
|
|
#include <isc/net.h>
|
2001-05-31 10:36:05 +00:00
|
|
|
#include <isc/netaddr.h>
|
2020-04-16 13:06:42 -07:00
|
|
|
#include <isc/netmgr.h>
|
2018-05-28 15:22:23 +02:00
|
|
|
#include <isc/nonce.h>
|
2003-07-17 06:24:44 +00:00
|
|
|
#include <isc/random.h>
|
2001-03-27 00:45:13 +00:00
|
|
|
#include <isc/result.h>
|
|
|
|
|
#include <isc/stdtime.h>
|
|
|
|
|
#include <isc/string.h>
|
2020-05-14 14:03:37 -07:00
|
|
|
#include <isc/task.h>
|
2001-03-27 00:45:13 +00:00
|
|
|
#include <isc/util.h>
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
#include <dns/result.h>
|
|
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
#include <isccc/alist.h>
|
|
|
|
|
#include <isccc/cc.h>
|
|
|
|
|
#include <isccc/ccmsg.h>
|
|
|
|
|
#include <isccc/events.h>
|
|
|
|
|
#include <isccc/result.h>
|
|
|
|
|
#include <isccc/sexpr.h>
|
2003-07-17 06:24:44 +00:00
|
|
|
#include <isccc/symtab.h>
|
2001-03-27 00:45:13 +00:00
|
|
|
#include <isccc/util.h>
|
2020-03-09 16:17:26 +01:00
|
|
|
|
|
|
|
|
#include <isccfg/namedconf.h>
|
|
|
|
|
|
|
|
|
|
#include <bind9/check.h>
|
|
|
|
|
|
2001-08-03 18:12:08 +00:00
|
|
|
#include <named/config.h>
|
2001-03-27 00:45:13 +00:00
|
|
|
#include <named/control.h>
|
|
|
|
|
#include <named/log.h>
|
|
|
|
|
#include <named/server.h>
|
|
|
|
|
|
|
|
|
|
typedef struct controlkey controlkey_t;
|
|
|
|
|
typedef ISC_LIST(controlkey_t) controlkeylist_t;
|
|
|
|
|
|
|
|
|
|
typedef struct controlconnection controlconnection_t;
|
|
|
|
|
typedef ISC_LIST(controlconnection_t) controlconnectionlist_t;
|
|
|
|
|
|
|
|
|
|
typedef struct controllistener controllistener_t;
|
|
|
|
|
typedef ISC_LIST(controllistener_t) controllistenerlist_t;
|
|
|
|
|
|
|
|
|
|
struct controlkey {
|
2020-02-13 14:44:37 -08:00
|
|
|
char *keyname;
|
|
|
|
|
uint32_t algorithm;
|
2020-02-12 13:59:18 +01:00
|
|
|
isc_region_t secret;
|
|
|
|
|
ISC_LINK(controlkey_t) link;
|
2001-03-27 00:45:13 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct controlconnection {
|
2020-09-03 13:31:27 -07:00
|
|
|
isc_nmhandle_t *readhandle;
|
|
|
|
|
isc_nmhandle_t *sendhandle;
|
|
|
|
|
isc_nmhandle_t *cmdhandle;
|
2020-02-13 14:44:37 -08:00
|
|
|
isccc_ccmsg_t ccmsg;
|
2020-09-03 13:31:27 -07:00
|
|
|
bool reading;
|
2020-02-13 14:44:37 -08:00
|
|
|
bool sending;
|
2020-02-12 13:59:18 +01:00
|
|
|
controllistener_t *listener;
|
2020-05-14 14:03:37 -07:00
|
|
|
isccc_sexpr_t *ctrl;
|
|
|
|
|
isc_buffer_t *buffer;
|
|
|
|
|
isc_buffer_t *text;
|
|
|
|
|
isccc_sexpr_t *request;
|
|
|
|
|
isccc_sexpr_t *response;
|
|
|
|
|
uint32_t alg;
|
|
|
|
|
isccc_region_t secret;
|
2020-02-13 14:44:37 -08:00
|
|
|
uint32_t nonce;
|
2020-05-14 14:03:37 -07:00
|
|
|
isc_stdtime_t now;
|
|
|
|
|
isc_result_t result;
|
2020-02-12 13:59:18 +01:00
|
|
|
ISC_LINK(controlconnection_t) link;
|
2001-03-27 00:45:13 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
|
|
struct controllistener {
|
2020-02-13 14:44:37 -08:00
|
|
|
named_controls_t *controls;
|
|
|
|
|
isc_mem_t *mctx;
|
|
|
|
|
isc_sockaddr_t address;
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_nmsocket_t *sock;
|
2020-02-13 14:44:37 -08:00
|
|
|
dns_acl_t *acl;
|
|
|
|
|
bool exiting;
|
2020-10-02 16:17:51 +10:00
|
|
|
isc_refcount_t refs;
|
2020-02-13 14:44:37 -08:00
|
|
|
controlkeylist_t keys;
|
2020-10-01 15:11:32 +10:00
|
|
|
isc_mutex_t connections_lock;
|
2020-02-12 13:59:18 +01:00
|
|
|
controlconnectionlist_t connections;
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_socktype_t type;
|
2020-02-13 14:44:37 -08:00
|
|
|
uint32_t perm;
|
|
|
|
|
uint32_t owner;
|
|
|
|
|
uint32_t group;
|
|
|
|
|
bool readonly;
|
2020-02-12 13:59:18 +01:00
|
|
|
ISC_LINK(controllistener_t) link;
|
2001-03-27 00:45:13 +00:00
|
|
|
};
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
struct named_controls {
|
2020-02-13 14:44:37 -08:00
|
|
|
named_server_t *server;
|
2020-02-12 13:59:18 +01:00
|
|
|
controllistenerlist_t listeners;
|
2020-09-21 12:48:10 +10:00
|
|
|
atomic_bool shuttingdown;
|
2020-09-08 12:11:06 +10:00
|
|
|
isc_mutex_t symtab_lock;
|
2020-02-13 14:44:37 -08:00
|
|
|
isccc_symtab_t *symtab;
|
2001-05-08 03:42:34 +00:00
|
|
|
};
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
static isc_result_t
|
|
|
|
|
control_newconn(isc_nmhandle_t *handle, isc_result_t result, void *arg);
|
2020-02-14 08:14:03 +01:00
|
|
|
static void
|
2020-04-16 13:06:42 -07:00
|
|
|
control_recvmessage(isc_nmhandle_t *handle, isc_result_t result, void *arg);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2003-07-17 06:24:44 +00:00
|
|
|
#define CLOCKSKEW 300
|
|
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
static void
|
2020-02-13 14:44:37 -08:00
|
|
|
free_controlkey(controlkey_t *key, isc_mem_t *mctx) {
|
2020-02-13 21:48:23 +01:00
|
|
|
if (key->keyname != NULL) {
|
2001-03-27 00:45:13 +00:00
|
|
|
isc_mem_free(mctx, key->keyname);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (key->secret.base != NULL) {
|
2001-03-27 00:45:13 +00:00
|
|
|
isc_mem_put(mctx, key->secret.base, key->secret.length);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
isc_mem_put(mctx, key, sizeof(*key));
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2020-02-13 14:44:37 -08:00
|
|
|
free_controlkeylist(controlkeylist_t *keylist, isc_mem_t *mctx) {
|
2001-03-27 00:45:13 +00:00
|
|
|
while (!ISC_LIST_EMPTY(*keylist)) {
|
|
|
|
|
controlkey_t *key = ISC_LIST_HEAD(*keylist);
|
|
|
|
|
ISC_LIST_UNLINK(*keylist, key, link);
|
|
|
|
|
free_controlkey(key, mctx);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2020-02-13 14:44:37 -08:00
|
|
|
free_listener(controllistener_t *listener) {
|
2001-03-27 00:45:13 +00:00
|
|
|
INSIST(listener->exiting);
|
|
|
|
|
INSIST(ISC_LIST_EMPTY(listener->connections));
|
|
|
|
|
|
2020-10-02 16:17:51 +10:00
|
|
|
isc_refcount_destroy(&listener->refs);
|
|
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (listener->sock != NULL) {
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_nmsocket_close(&listener->sock);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
free_controlkeylist(&listener->keys, listener->mctx);
|
|
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (listener->acl != NULL) {
|
2001-03-27 00:45:13 +00:00
|
|
|
dns_acl_detach(&listener->acl);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-10-01 15:11:32 +10:00
|
|
|
isc_mutex_destroy(&listener->connections_lock);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2013-03-08 14:38:03 +11:00
|
|
|
isc_mem_putanddetach(&listener->mctx, listener, sizeof(*listener));
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2020-02-13 14:44:37 -08:00
|
|
|
maybe_free_listener(controllistener_t *listener) {
|
2020-10-02 16:17:51 +10:00
|
|
|
if (isc_refcount_decrement(&listener->refs) == 1) {
|
2001-03-27 00:45:13 +00:00
|
|
|
free_listener(listener);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2020-02-13 14:44:37 -08:00
|
|
|
shutdown_listener(controllistener_t *listener) {
|
2001-07-05 18:39:14 +00:00
|
|
|
if (!listener->exiting) {
|
|
|
|
|
char socktext[ISC_SOCKADDR_FORMATSIZE];
|
|
|
|
|
|
2001-10-19 21:00:12 +00:00
|
|
|
ISC_LIST_UNLINK(listener->controls->listeners, listener, link);
|
|
|
|
|
|
2001-07-05 18:39:14 +00:00
|
|
|
isc_sockaddr_format(&listener->address, socktext,
|
|
|
|
|
sizeof(socktext));
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
|
2001-07-05 18:39:14 +00:00
|
|
|
"stopping command channel on %s", socktext);
|
2020-04-16 13:06:42 -07:00
|
|
|
#if 0
|
|
|
|
|
/* XXX: no unix domain socket support */
|
|
|
|
|
if (listener->type == isc_socktype_unix) {
|
2018-04-17 08:29:14 -07:00
|
|
|
isc_socket_cleanunix(&listener->address, true);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-04-16 13:06:42 -07:00
|
|
|
#endif
|
2018-04-17 08:29:14 -07:00
|
|
|
listener->exiting = true;
|
2001-07-05 18:39:14 +00:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_nm_stoplistening(listener->sock);
|
2001-10-19 21:00:12 +00:00
|
|
|
maybe_free_listener(listener);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
static bool
|
2020-04-16 13:06:42 -07:00
|
|
|
address_ok(isc_sockaddr_t *sockaddr, controllistener_t *listener) {
|
2017-09-08 13:39:09 -07:00
|
|
|
dns_aclenv_t *env =
|
|
|
|
|
ns_interfacemgr_getaclenv(named_g_server->interfacemgr);
|
2001-03-27 00:45:13 +00:00
|
|
|
isc_netaddr_t netaddr;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_result_t result;
|
|
|
|
|
int match;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
/* ACL doesn't apply to unix domain sockets */
|
|
|
|
|
if (listener->type != isc_socktype_tcp) {
|
|
|
|
|
return (true);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_netaddr_fromsockaddr(&netaddr, sockaddr);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
result = dns_acl_match(&netaddr, NULL, listener->acl, env, &match,
|
|
|
|
|
NULL);
|
|
|
|
|
return (result == ISC_R_SUCCESS && match > 0);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2020-04-16 13:06:42 -07:00
|
|
|
control_senddone(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
|
|
|
|
|
controlconnection_t *conn = (controlconnection_t *)arg;
|
2020-02-13 14:44:37 -08:00
|
|
|
controllistener_t *listener = conn->listener;
|
2020-05-14 14:03:37 -07:00
|
|
|
isc_sockaddr_t peeraddr = isc_nmhandle_peeraddr(handle);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
REQUIRE(conn->sending);
|
|
|
|
|
|
2018-04-17 08:29:14 -07:00
|
|
|
conn->sending = false;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-10-22 12:32:18 +02:00
|
|
|
if (conn->result == ISC_R_SHUTTINGDOWN) {
|
|
|
|
|
isc_app_shutdown();
|
|
|
|
|
goto cleanup_sendhandle;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-21 12:48:10 +10:00
|
|
|
if (atomic_load_acquire(&listener->controls->shuttingdown) ||
|
|
|
|
|
result == ISC_R_CANCELED)
|
|
|
|
|
{
|
2020-09-03 13:31:27 -07:00
|
|
|
goto cleanup_sendhandle;
|
2020-04-16 13:06:42 -07:00
|
|
|
} else if (result != ISC_R_SUCCESS) {
|
2020-02-13 14:44:37 -08:00
|
|
|
char socktext[ISC_SOCKADDR_FORMATSIZE];
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
|
2001-03-27 00:45:13 +00:00
|
|
|
"error sending command response to %s: %s",
|
2020-04-16 13:06:42 -07:00
|
|
|
socktext, isc_result_totext(result));
|
2020-09-03 13:31:27 -07:00
|
|
|
goto cleanup_sendhandle;
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
2001-03-31 01:24:25 +00:00
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
isc_nmhandle_attach(handle, &conn->readhandle);
|
|
|
|
|
conn->reading = true;
|
|
|
|
|
|
|
|
|
|
isc_nmhandle_detach(&conn->sendhandle);
|
|
|
|
|
|
2020-10-21 12:52:09 +02:00
|
|
|
isccc_ccmsg_readmessage(&conn->ccmsg, control_recvmessage, conn);
|
2020-09-03 13:31:27 -07:00
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
cleanup_sendhandle:
|
|
|
|
|
isc_nmhandle_detach(&conn->sendhandle);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static inline void
|
2020-02-13 14:44:37 -08:00
|
|
|
log_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
|
|
|
|
|
char socktext[ISC_SOCKADDR_FORMATSIZE];
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_sockaddr_t peeraddr = isc_nmhandle_peeraddr(ccmsg->handle);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_ERROR,
|
2020-02-12 13:59:18 +01:00
|
|
|
"invalid command from %s: %s", socktext,
|
|
|
|
|
isc_result_totext(result));
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
static void
|
|
|
|
|
conn_cleanup(controlconnection_t *conn) {
|
|
|
|
|
controllistener_t *listener = conn->listener;
|
|
|
|
|
|
|
|
|
|
if (conn->response != NULL) {
|
|
|
|
|
isccc_sexpr_free(&conn->response);
|
|
|
|
|
}
|
|
|
|
|
if (conn->request != NULL) {
|
|
|
|
|
isccc_sexpr_free(&conn->request);
|
|
|
|
|
}
|
|
|
|
|
if (conn->secret.rstart != NULL) {
|
|
|
|
|
isc_mem_put(listener->mctx, conn->secret.rstart,
|
|
|
|
|
REGION_SIZE(conn->secret));
|
|
|
|
|
}
|
|
|
|
|
if (conn->text != NULL) {
|
|
|
|
|
isc_buffer_free(&conn->text);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
static void
|
2020-10-22 12:32:18 +02:00
|
|
|
control_respond(isc_nmhandle_t *handle, controlconnection_t *conn) {
|
2020-05-14 14:03:37 -07:00
|
|
|
controllistener_t *listener = conn->listener;
|
|
|
|
|
isccc_sexpr_t *data = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_buffer_t b;
|
|
|
|
|
isc_region_t r;
|
2020-10-22 12:32:18 +02:00
|
|
|
isc_result_t result;
|
2020-05-14 14:03:37 -07:00
|
|
|
|
|
|
|
|
result = isccc_cc_createresponse(conn->request, conn->now,
|
|
|
|
|
conn->now + 60, &conn->response);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-22 12:32:18 +02:00
|
|
|
if (conn->result == ISC_R_SHUTTINGDOWN) {
|
|
|
|
|
result = ISC_R_SUCCESS;
|
|
|
|
|
} else {
|
|
|
|
|
result = conn->result;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
data = isccc_alist_lookup(conn->response, "_data");
|
|
|
|
|
if (data != NULL) {
|
2020-10-22 12:32:18 +02:00
|
|
|
if (isccc_cc_defineuint32(data, "result", result) == NULL) {
|
2020-05-14 14:03:37 -07:00
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-22 12:32:18 +02:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2020-05-14 14:03:37 -07:00
|
|
|
if (data != NULL) {
|
2020-10-22 12:32:18 +02:00
|
|
|
const char *estr = isc_result_totext(result);
|
2020-05-14 14:03:37 -07:00
|
|
|
if (isccc_cc_definestring(data, "err", estr) == NULL) {
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (isc_buffer_usedlength(conn->text) > 0) {
|
|
|
|
|
if (data != NULL) {
|
|
|
|
|
char *str = (char *)isc_buffer_base(conn->text);
|
|
|
|
|
if (isccc_cc_definestring(data, "text", str) == NULL) {
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
conn->ctrl = isccc_alist_lookup(conn->response, "_ctrl");
|
|
|
|
|
if (conn->ctrl == NULL ||
|
|
|
|
|
isccc_cc_defineuint32(conn->ctrl, "_nonce", conn->nonce) == NULL)
|
|
|
|
|
{
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (conn->buffer == NULL) {
|
|
|
|
|
isc_buffer_allocate(listener->mctx, &conn->buffer, 2 * 2048);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_buffer_clear(conn->buffer);
|
|
|
|
|
/* Skip the length field (4 bytes) */
|
|
|
|
|
isc_buffer_add(conn->buffer, 4);
|
|
|
|
|
|
|
|
|
|
result = isccc_cc_towire(conn->response, &conn->buffer, conn->alg,
|
|
|
|
|
&conn->secret);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_buffer_init(&b, conn->buffer->base, 4);
|
|
|
|
|
isc_buffer_putuint32(&b, conn->buffer->used - 4);
|
|
|
|
|
|
|
|
|
|
r.base = conn->buffer->base;
|
|
|
|
|
r.length = conn->buffer->used;
|
|
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
isc_nmhandle_attach(handle, &conn->sendhandle);
|
2020-05-14 14:03:37 -07:00
|
|
|
conn->sending = true;
|
2020-09-03 13:31:27 -07:00
|
|
|
conn_cleanup(conn);
|
|
|
|
|
|
|
|
|
|
isc_nmhandle_detach(&conn->cmdhandle);
|
|
|
|
|
|
2020-10-21 12:52:09 +02:00
|
|
|
isc_nm_send(conn->sendhandle, &r, control_senddone, conn);
|
2020-05-14 14:03:37 -07:00
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
return;
|
2020-09-17 15:52:19 +10:00
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
cleanup:
|
2020-09-03 13:31:27 -07:00
|
|
|
conn_cleanup(conn);
|
2020-09-17 15:52:19 +10:00
|
|
|
isc_nmhandle_detach(&conn->cmdhandle);
|
2020-05-14 14:03:37 -07:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
control_command(isc_task_t *task, isc_event_t *event) {
|
|
|
|
|
controlconnection_t *conn = event->ev_arg;
|
|
|
|
|
controllistener_t *listener = conn->listener;
|
|
|
|
|
|
|
|
|
|
UNUSED(task);
|
|
|
|
|
|
2020-09-21 12:48:10 +10:00
|
|
|
if (atomic_load_acquire(&listener->controls->shuttingdown)) {
|
2020-09-03 13:31:27 -07:00
|
|
|
conn_cleanup(conn);
|
2020-09-17 15:18:27 +10:00
|
|
|
isc_nmhandle_detach(&conn->cmdhandle);
|
2020-09-03 13:31:27 -07:00
|
|
|
goto done;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
conn->result = named_control_docommand(conn->request,
|
|
|
|
|
listener->readonly, &conn->text);
|
2020-10-22 12:32:18 +02:00
|
|
|
control_respond(conn->cmdhandle, conn);
|
2020-09-03 13:31:27 -07:00
|
|
|
|
|
|
|
|
done:
|
2020-05-14 14:03:37 -07:00
|
|
|
isc_event_free(&event);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
control_recvmessage(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
|
|
|
|
|
controlconnection_t *conn = (controlconnection_t *)arg;
|
|
|
|
|
controllistener_t *listener = conn->listener;
|
|
|
|
|
controlkey_t *key = NULL;
|
|
|
|
|
isc_event_t *event = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
isccc_time_t sent;
|
|
|
|
|
isccc_time_t exp;
|
|
|
|
|
uint32_t nonce;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
conn->reading = false;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2008-01-18 23:46:58 +00:00
|
|
|
/* Is the server shutting down? */
|
2020-09-21 12:48:10 +10:00
|
|
|
if (atomic_load_acquire(&listener->controls->shuttingdown)) {
|
2020-09-03 13:31:27 -07:00
|
|
|
goto cleanup_readhandle;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-09-20 18:37:00 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2020-07-03 15:34:51 -07:00
|
|
|
if (result == ISC_R_CANCELED) {
|
2020-09-21 12:48:10 +10:00
|
|
|
atomic_store_release(&listener->controls->shuttingdown,
|
|
|
|
|
true);
|
2020-07-03 15:34:51 -07:00
|
|
|
} else if (result != ISC_R_EOF) {
|
2020-04-16 13:06:42 -07:00
|
|
|
log_invalid(&conn->ccmsg, result);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-04-16 13:06:42 -07:00
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
goto cleanup_readhandle;
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
for (key = ISC_LIST_HEAD(listener->keys); key != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
key = ISC_LIST_NEXT(key, link))
|
|
|
|
|
{
|
2014-11-14 15:58:54 -08:00
|
|
|
isccc_region_t ccregion;
|
|
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
ccregion.rstart = isc_buffer_base(conn->ccmsg.buffer);
|
|
|
|
|
ccregion.rend = isc_buffer_used(conn->ccmsg.buffer);
|
2020-05-14 14:03:37 -07:00
|
|
|
conn->secret.rstart = isc_mem_get(listener->mctx,
|
|
|
|
|
key->secret.length);
|
|
|
|
|
memmove(conn->secret.rstart, key->secret.base,
|
|
|
|
|
key->secret.length);
|
|
|
|
|
conn->secret.rend = conn->secret.rstart + key->secret.length;
|
|
|
|
|
conn->alg = key->algorithm;
|
|
|
|
|
result = isccc_cc_fromwire(&ccregion, &conn->request, conn->alg,
|
|
|
|
|
&conn->secret);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result == ISC_R_SUCCESS) {
|
2001-07-04 03:54:55 +00:00
|
|
|
break;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-05-14 14:03:37 -07:00
|
|
|
isc_mem_put(listener->mctx, conn->secret.rstart,
|
|
|
|
|
REGION_SIZE(conn->secret));
|
2012-06-13 16:25:42 +10:00
|
|
|
if (result != ISCCC_R_BADAUTH) {
|
|
|
|
|
log_invalid(&conn->ccmsg, result);
|
2020-09-03 13:31:27 -07:00
|
|
|
goto cleanup;
|
2012-06-13 16:25:42 +10:00
|
|
|
}
|
2001-07-04 03:54:55 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (key == NULL) {
|
|
|
|
|
log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
|
2001-03-27 00:45:13 +00:00
|
|
|
goto cleanup;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* We shouldn't be getting a reply. */
|
2020-05-14 14:03:37 -07:00
|
|
|
if (isccc_cc_isreply(conn->request)) {
|
2001-03-27 00:45:13 +00:00
|
|
|
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
|
2020-05-14 14:03:37 -07:00
|
|
|
goto cleanup;
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
isc_stdtime_get(&conn->now);
|
2003-07-17 06:24:44 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Limit exposure to replay attacks.
|
|
|
|
|
*/
|
2020-05-14 14:03:37 -07:00
|
|
|
conn->ctrl = isccc_alist_lookup(conn->request, "_ctrl");
|
|
|
|
|
if (!isccc_alist_alistp(conn->ctrl)) {
|
2003-07-17 06:24:44 +00:00
|
|
|
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
|
2020-05-14 14:03:37 -07:00
|
|
|
goto cleanup;
|
2003-07-17 06:24:44 +00:00
|
|
|
}
|
|
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
if (isccc_cc_lookupuint32(conn->ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
|
|
|
|
|
if ((sent + CLOCKSKEW) < conn->now ||
|
|
|
|
|
(sent - CLOCKSKEW) > conn->now) {
|
2003-07-17 06:24:44 +00:00
|
|
|
log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW);
|
2020-05-14 14:03:37 -07:00
|
|
|
goto cleanup;
|
2003-07-17 06:24:44 +00:00
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
log_invalid(&conn->ccmsg, ISC_R_FAILURE);
|
2020-05-14 14:03:37 -07:00
|
|
|
goto cleanup;
|
2003-07-17 06:24:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Expire messages that are too old.
|
|
|
|
|
*/
|
2020-05-14 14:03:37 -07:00
|
|
|
if (isccc_cc_lookupuint32(conn->ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
|
|
|
|
|
conn->now > exp)
|
|
|
|
|
{
|
2003-07-17 06:24:44 +00:00
|
|
|
log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED);
|
2020-05-14 14:03:37 -07:00
|
|
|
goto cleanup;
|
2003-07-17 06:24:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Duplicate suppression (required for UDP).
|
|
|
|
|
*/
|
2020-09-08 12:11:06 +10:00
|
|
|
LOCK(&listener->controls->symtab_lock);
|
2020-05-14 14:03:37 -07:00
|
|
|
isccc_cc_cleansymtab(listener->controls->symtab, conn->now);
|
|
|
|
|
result = isccc_cc_checkdup(listener->controls->symtab, conn->request,
|
|
|
|
|
conn->now);
|
2020-09-08 12:11:06 +10:00
|
|
|
UNLOCK(&listener->controls->symtab_lock);
|
2003-07-17 06:24:44 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result == ISC_R_EXISTS) {
|
2008-01-18 23:46:58 +00:00
|
|
|
result = ISCCC_R_DUPLICATE;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2003-07-17 06:24:44 +00:00
|
|
|
log_invalid(&conn->ccmsg, result);
|
2020-05-14 14:03:37 -07:00
|
|
|
goto cleanup;
|
2003-07-17 06:24:44 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (conn->nonce != 0 &&
|
2020-05-14 14:03:37 -07:00
|
|
|
(isccc_cc_lookupuint32(conn->ctrl, "_nonce", &nonce) !=
|
|
|
|
|
ISC_R_SUCCESS ||
|
2020-02-13 14:44:37 -08:00
|
|
|
conn->nonce != nonce))
|
|
|
|
|
{
|
2003-07-17 06:24:44 +00:00
|
|
|
log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
|
2020-05-14 14:03:37 -07:00
|
|
|
goto cleanup;
|
2003-07-17 06:24:44 +00:00
|
|
|
}
|
|
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
isc_buffer_allocate(listener->mctx, &conn->text, 2 * 2048);
|
|
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
isc_nmhandle_attach(handle, &conn->cmdhandle);
|
|
|
|
|
isc_nmhandle_detach(&conn->readhandle);
|
2013-03-07 15:14:07 -08:00
|
|
|
|
|
|
|
|
if (conn->nonce == 0) {
|
2020-05-14 14:03:37 -07:00
|
|
|
/*
|
|
|
|
|
* Establish nonce.
|
|
|
|
|
*/
|
2017-09-28 10:09:22 -07:00
|
|
|
while (conn->nonce == 0) {
|
2018-05-28 15:22:23 +02:00
|
|
|
isc_nonce_buf(&conn->nonce, sizeof(conn->nonce));
|
2017-09-28 10:09:22 -07:00
|
|
|
}
|
2020-05-14 14:03:37 -07:00
|
|
|
conn->result = ISC_R_SUCCESS;
|
2020-10-22 12:32:18 +02:00
|
|
|
control_respond(handle, conn);
|
2020-05-14 14:03:37 -07:00
|
|
|
return;
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
/*
|
|
|
|
|
* Trigger the command.
|
|
|
|
|
*/
|
2020-09-03 13:31:27 -07:00
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
event = isc_event_allocate(listener->mctx, conn, NAMED_EVENT_COMMAND,
|
|
|
|
|
control_command, conn, sizeof(isc_event_t));
|
|
|
|
|
isc_task_send(named_g_server->task, &event);
|
2020-09-03 13:31:27 -07:00
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
return;
|
2001-05-08 04:09:41 +00:00
|
|
|
|
2020-05-14 14:03:37 -07:00
|
|
|
cleanup:
|
2020-09-03 13:31:27 -07:00
|
|
|
conn_cleanup(conn);
|
2014-11-14 15:58:54 -08:00
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
cleanup_readhandle:
|
|
|
|
|
/*
|
|
|
|
|
* readhandle could be NULL if we're shutting down,
|
|
|
|
|
* but if not we need to detach it.
|
|
|
|
|
*/
|
|
|
|
|
if (conn->readhandle != NULL) {
|
|
|
|
|
isc_nmhandle_detach(&conn->readhandle);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2020-04-16 13:06:42 -07:00
|
|
|
conn_reset(void *arg) {
|
|
|
|
|
controlconnection_t *conn = (controlconnection_t *)arg;
|
|
|
|
|
controllistener_t *listener = conn->listener;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
if (conn->buffer != NULL) {
|
|
|
|
|
isc_buffer_free(&conn->buffer);
|
|
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
if (conn->reading) {
|
2020-04-16 13:06:42 -07:00
|
|
|
isccc_ccmsg_cancelread(&conn->ccmsg);
|
|
|
|
|
return;
|
|
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-10-01 15:11:32 +10:00
|
|
|
LOCK(&listener->connections_lock);
|
2020-04-16 13:06:42 -07:00
|
|
|
ISC_LIST_UNLINK(listener->connections, conn, link);
|
2020-10-01 15:11:32 +10:00
|
|
|
UNLOCK(&listener->connections_lock);
|
2020-04-16 13:06:42 -07:00
|
|
|
#ifdef ENABLE_AFL
|
|
|
|
|
if (named_g_fuzz_type == isc_fuzz_rndc) {
|
|
|
|
|
named_fuzz_notify();
|
|
|
|
|
}
|
|
|
|
|
#endif /* ifdef ENABLE_AFL */
|
|
|
|
|
|
|
|
|
|
isccc_ccmsg_invalidate(&conn->ccmsg);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
|
|
|
|
conn_put(void *arg) {
|
|
|
|
|
controlconnection_t *conn = (controlconnection_t *)arg;
|
|
|
|
|
controllistener_t *listener = conn->listener;
|
|
|
|
|
|
|
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_DEBUG(3),
|
|
|
|
|
"freeing control connection");
|
|
|
|
|
maybe_free_listener(listener);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-10-21 12:52:09 +02:00
|
|
|
static void
|
2020-04-16 13:06:42 -07:00
|
|
|
newconnection(controllistener_t *listener, isc_nmhandle_t *handle) {
|
2019-12-15 16:45:17 -08:00
|
|
|
controlconnection_t *conn = NULL;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
conn = isc_nmhandle_getdata(handle);
|
|
|
|
|
if (conn == NULL) {
|
|
|
|
|
conn = isc_nmhandle_getextra(handle);
|
|
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_DEBUG(3),
|
|
|
|
|
"allocate new control connection");
|
|
|
|
|
isc_nmhandle_setdata(handle, conn, conn_reset, conn_put);
|
2020-10-02 16:17:51 +10:00
|
|
|
isc_refcount_increment(&listener->refs);
|
2020-04-16 13:06:42 -07:00
|
|
|
}
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
*conn = (controlconnection_t){ .listener = listener,
|
|
|
|
|
.reading = false,
|
2020-05-14 14:03:37 -07:00
|
|
|
.alg = DST_ALG_UNKNOWN };
|
2020-04-16 13:06:42 -07:00
|
|
|
|
|
|
|
|
isccc_ccmsg_init(listener->mctx, handle, &conn->ccmsg);
|
2015-11-11 09:55:25 +05:30
|
|
|
|
|
|
|
|
/* Set a 32 KiB upper limit on incoming message. */
|
|
|
|
|
isccc_ccmsg_setmaxsize(&conn->ccmsg, 32768);
|
|
|
|
|
|
2020-10-02 16:17:51 +10:00
|
|
|
LOCK(&listener->connections_lock);
|
|
|
|
|
ISC_LIST_INITANDAPPEND(listener->connections, conn, link);
|
|
|
|
|
UNLOCK(&listener->connections_lock);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-09-03 13:31:27 -07:00
|
|
|
isc_nmhandle_attach(handle, &conn->readhandle);
|
|
|
|
|
conn->reading = true;
|
|
|
|
|
|
2020-10-21 12:52:09 +02:00
|
|
|
isccc_ccmsg_readmessage(&conn->ccmsg, control_recvmessage, conn);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
static isc_result_t
|
|
|
|
|
control_newconn(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
|
|
|
|
|
controllistener_t *listener = arg;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_sockaddr_t peeraddr;
|
2020-06-23 13:02:21 +02:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
|
|
|
|
if (result == ISC_R_CANCELED) {
|
2001-03-27 00:45:13 +00:00
|
|
|
shutdown_listener(listener);
|
|
|
|
|
}
|
2020-04-16 13:06:42 -07:00
|
|
|
return (result);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
peeraddr = isc_nmhandle_peeraddr(handle);
|
|
|
|
|
if (!address_ok(&peeraddr, listener)) {
|
2001-03-27 00:45:13 +00:00
|
|
|
char socktext[ISC_SOCKADDR_FORMATSIZE];
|
|
|
|
|
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
|
2001-03-27 00:45:13 +00:00
|
|
|
"rejected command channel message from %s",
|
|
|
|
|
socktext);
|
2020-04-16 13:06:42 -07:00
|
|
|
return (ISC_R_FAILURE);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-10-21 12:52:09 +02:00
|
|
|
newconnection(listener, handle);
|
2020-04-16 13:06:42 -07:00
|
|
|
return (ISC_R_SUCCESS);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2001-09-21 03:04:14 +00:00
|
|
|
static void
|
2020-02-13 14:44:37 -08:00
|
|
|
controls_shutdown(named_controls_t *controls) {
|
2019-12-15 16:45:17 -08:00
|
|
|
controllistener_t *listener = NULL;
|
|
|
|
|
controllistener_t *next = NULL;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
for (listener = ISC_LIST_HEAD(controls->listeners); listener != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
listener = next)
|
|
|
|
|
{
|
2001-03-27 00:45:13 +00:00
|
|
|
/*
|
|
|
|
|
* This is asynchronous. As listeners shut down, they will
|
|
|
|
|
* call their callbacks.
|
|
|
|
|
*/
|
|
|
|
|
next = ISC_LIST_NEXT(listener, link);
|
|
|
|
|
shutdown_listener(listener);
|
|
|
|
|
}
|
2001-09-21 03:04:14 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
2020-02-13 14:44:37 -08:00
|
|
|
named_controls_shutdown(named_controls_t *controls) {
|
2001-09-21 03:04:14 +00:00
|
|
|
controls_shutdown(controls);
|
2020-09-21 12:48:10 +10:00
|
|
|
atomic_store_release(&controls->shuttingdown, true);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static isc_result_t
|
2006-02-28 02:39:52 +00:00
|
|
|
cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t **objp) {
|
2019-12-15 16:45:17 -08:00
|
|
|
const cfg_listelt_t *element = NULL;
|
|
|
|
|
const char *str = NULL;
|
|
|
|
|
const cfg_obj_t *obj = NULL;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
for (element = cfg_list_first(keylist); element != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
element = cfg_list_next(element))
|
|
|
|
|
{
|
2001-03-27 00:45:13 +00:00
|
|
|
obj = cfg_listelt_value(element);
|
|
|
|
|
str = cfg_obj_asstring(cfg_map_getname(obj));
|
2020-02-13 21:48:23 +01:00
|
|
|
if (strcasecmp(str, keyname) == 0) {
|
2001-03-27 00:45:13 +00:00
|
|
|
break;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
2020-02-13 21:48:23 +01:00
|
|
|
if (element == NULL) {
|
2001-03-27 00:45:13 +00:00
|
|
|
return (ISC_R_NOTFOUND);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
obj = cfg_listelt_value(element);
|
|
|
|
|
*objp = obj;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
|
|
|
|
|
2019-07-23 14:56:24 -04:00
|
|
|
static void
|
2006-02-28 02:39:52 +00:00
|
|
|
controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
|
2020-02-13 14:44:37 -08:00
|
|
|
controlkeylist_t *keyids) {
|
2019-12-15 16:45:17 -08:00
|
|
|
const cfg_listelt_t *element = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
char *newstr = NULL;
|
2019-12-15 16:45:17 -08:00
|
|
|
const char *str = NULL;
|
|
|
|
|
const cfg_obj_t *obj = NULL;
|
|
|
|
|
controlkey_t *key = NULL;
|
2020-02-12 13:59:18 +01:00
|
|
|
|
|
|
|
|
for (element = cfg_list_first(keylist); element != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
element = cfg_list_next(element))
|
|
|
|
|
{
|
2001-03-27 00:45:13 +00:00
|
|
|
obj = cfg_listelt_value(element);
|
|
|
|
|
str = cfg_obj_asstring(obj);
|
|
|
|
|
newstr = isc_mem_strdup(mctx, str);
|
|
|
|
|
key = isc_mem_get(mctx, sizeof(*key));
|
|
|
|
|
key->keyname = newstr;
|
2013-03-13 17:53:11 -07:00
|
|
|
key->algorithm = DST_ALG_UNKNOWN;
|
2001-03-27 00:45:13 +00:00
|
|
|
key->secret.base = NULL;
|
|
|
|
|
key->secret.length = 0;
|
|
|
|
|
ISC_LINK_INIT(key, link);
|
|
|
|
|
ISC_LIST_APPEND(*keyids, key, link);
|
|
|
|
|
newstr = NULL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2006-02-28 02:39:52 +00:00
|
|
|
register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
|
2020-02-13 14:44:37 -08:00
|
|
|
controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext) {
|
2019-12-15 16:45:17 -08:00
|
|
|
controlkey_t *keyid = NULL, *next = NULL;
|
|
|
|
|
const cfg_obj_t *keydef = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
char secret[1024];
|
|
|
|
|
isc_buffer_t b;
|
|
|
|
|
isc_result_t result;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Find the keys corresponding to the keyids used by this listener.
|
|
|
|
|
*/
|
|
|
|
|
for (keyid = ISC_LIST_HEAD(*keyids); keyid != NULL; keyid = next) {
|
|
|
|
|
next = ISC_LIST_NEXT(keyid, link);
|
|
|
|
|
|
|
|
|
|
result = cfgkeylist_find(keylist, keyid->keyname, &keydef);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
|
2001-05-07 21:57:25 +00:00
|
|
|
"couldn't find key '%s' for use with "
|
2001-03-27 00:45:13 +00:00
|
|
|
"command channel %s",
|
|
|
|
|
keyid->keyname, socktext);
|
|
|
|
|
ISC_LIST_UNLINK(*keyids, keyid, link);
|
|
|
|
|
free_controlkey(keyid, mctx);
|
|
|
|
|
} else {
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *algobj = NULL;
|
|
|
|
|
const cfg_obj_t *secretobj = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
const char *algstr = NULL;
|
|
|
|
|
const char *secretstr = NULL;
|
|
|
|
|
unsigned int algtype;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
(void)cfg_map_get(keydef, "algorithm", &algobj);
|
|
|
|
|
(void)cfg_map_get(keydef, "secret", &secretobj);
|
|
|
|
|
INSIST(algobj != NULL && secretobj != NULL);
|
|
|
|
|
|
|
|
|
|
algstr = cfg_obj_asstring(algobj);
|
|
|
|
|
secretstr = cfg_obj_asstring(secretobj);
|
|
|
|
|
|
2019-12-15 16:45:17 -08:00
|
|
|
result = named_config_getkeyalgorithm2(algstr, NULL,
|
|
|
|
|
&algtype, NULL);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(control, named_g_lctx,
|
2001-03-27 00:45:13 +00:00
|
|
|
ISC_LOG_WARNING,
|
|
|
|
|
"unsupported algorithm '%s' in "
|
|
|
|
|
"key '%s' for use with command "
|
|
|
|
|
"channel %s",
|
|
|
|
|
algstr, keyid->keyname, socktext);
|
|
|
|
|
ISC_LIST_UNLINK(*keyids, keyid, link);
|
|
|
|
|
free_controlkey(keyid, mctx);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2013-03-13 17:53:11 -07:00
|
|
|
keyid->algorithm = algtype;
|
2001-03-27 00:45:13 +00:00
|
|
|
isc_buffer_init(&b, secret, sizeof(secret));
|
|
|
|
|
result = isc_base64_decodestring(secretstr, &b);
|
|
|
|
|
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(keydef, named_g_lctx,
|
|
|
|
|
ISC_LOG_WARNING,
|
2001-03-27 00:45:13 +00:00
|
|
|
"secret for key '%s' on "
|
|
|
|
|
"command channel %s: %s",
|
|
|
|
|
keyid->keyname, socktext,
|
|
|
|
|
isc_result_totext(result));
|
|
|
|
|
ISC_LIST_UNLINK(*keyids, keyid, link);
|
|
|
|
|
free_controlkey(keyid, mctx);
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
keyid->secret.length = isc_buffer_usedlength(&b);
|
2020-02-13 14:44:37 -08:00
|
|
|
keyid->secret.base = isc_mem_get(mctx,
|
|
|
|
|
keyid->secret.length);
|
2014-01-08 16:27:10 -08:00
|
|
|
memmove(keyid->secret.base, isc_buffer_base(&b),
|
|
|
|
|
keyid->secret.length);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2019-12-15 16:45:17 -08:00
|
|
|
#define CHECK(x) \
|
|
|
|
|
do { \
|
|
|
|
|
result = (x); \
|
|
|
|
|
if (result != ISC_R_SUCCESS) { \
|
|
|
|
|
goto cleanup; \
|
|
|
|
|
} \
|
2001-08-03 05:56:22 +00:00
|
|
|
} while (0)
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2001-05-31 10:36:05 +00:00
|
|
|
static isc_result_t
|
2020-02-13 14:44:37 -08:00
|
|
|
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
|
|
|
|
|
isc_result_t result;
|
|
|
|
|
cfg_parser_t *pctx = NULL;
|
|
|
|
|
cfg_obj_t *config = NULL;
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *key = NULL;
|
|
|
|
|
const cfg_obj_t *algobj = NULL;
|
|
|
|
|
const cfg_obj_t *secretobj = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
const char *algstr = NULL;
|
|
|
|
|
const char *secretstr = NULL;
|
|
|
|
|
controlkey_t *keyid = NULL;
|
|
|
|
|
char secret[1024];
|
|
|
|
|
unsigned int algtype;
|
|
|
|
|
isc_buffer_t b;
|
2001-05-31 10:36:05 +00:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_INFO,
|
2020-02-12 13:59:18 +01:00
|
|
|
"configuring command channel from '%s'", named_g_keyfile);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (!isc_file_exists(named_g_keyfile)) {
|
2014-02-27 17:55:04 -08:00
|
|
|
return (ISC_R_FILENOTFOUND);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2014-02-27 17:55:04 -08:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
CHECK(cfg_parser_create(mctx, named_g_lctx, &pctx));
|
2020-02-12 13:59:18 +01:00
|
|
|
CHECK(cfg_parse_file(pctx, named_g_keyfile, &cfg_type_rndckey,
|
|
|
|
|
&config));
|
2001-08-03 05:56:22 +00:00
|
|
|
CHECK(cfg_map_get(config, "key", &key));
|
|
|
|
|
|
|
|
|
|
keyid = isc_mem_get(mctx, sizeof(*keyid));
|
2020-02-13 14:44:37 -08:00
|
|
|
keyid->keyname = isc_mem_strdup(mctx,
|
|
|
|
|
cfg_obj_asstring(cfg_map_getname(key)));
|
2001-08-03 05:56:22 +00:00
|
|
|
keyid->secret.base = NULL;
|
|
|
|
|
keyid->secret.length = 0;
|
2013-03-13 17:53:11 -07:00
|
|
|
keyid->algorithm = DST_ALG_UNKNOWN;
|
2001-08-03 05:56:22 +00:00
|
|
|
ISC_LINK_INIT(keyid, link);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (keyid->keyname == NULL) {
|
2001-08-03 05:56:22 +00:00
|
|
|
CHECK(ISC_R_NOMEMORY);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-08-03 05:56:22 +00:00
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
CHECK(bind9_check_key(key, named_g_lctx));
|
2001-08-03 17:24:11 +00:00
|
|
|
|
2001-08-03 05:56:22 +00:00
|
|
|
(void)cfg_map_get(key, "algorithm", &algobj);
|
|
|
|
|
(void)cfg_map_get(key, "secret", &secretobj);
|
|
|
|
|
INSIST(algobj != NULL && secretobj != NULL);
|
|
|
|
|
|
|
|
|
|
algstr = cfg_obj_asstring(algobj);
|
|
|
|
|
secretstr = cfg_obj_asstring(secretobj);
|
|
|
|
|
|
2019-12-15 16:45:17 -08:00
|
|
|
result = named_config_getkeyalgorithm2(algstr, NULL, &algtype, NULL);
|
|
|
|
|
if (result != ISC_R_SUCCESS) {
|
2020-02-12 13:59:18 +01:00
|
|
|
cfg_obj_log(key, named_g_lctx, ISC_LOG_WARNING,
|
2001-08-03 05:56:22 +00:00
|
|
|
"unsupported algorithm '%s' in "
|
|
|
|
|
"key '%s' for use with command "
|
|
|
|
|
"channel",
|
|
|
|
|
algstr, keyid->keyname);
|
|
|
|
|
goto cleanup;
|
2001-05-31 10:36:05 +00:00
|
|
|
}
|
|
|
|
|
|
2013-03-13 17:53:11 -07:00
|
|
|
keyid->algorithm = algtype;
|
2001-08-03 05:56:22 +00:00
|
|
|
isc_buffer_init(&b, secret, sizeof(secret));
|
|
|
|
|
result = isc_base64_decodestring(secretstr, &b);
|
2001-05-31 10:36:05 +00:00
|
|
|
|
2001-08-03 05:56:22 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(key, named_g_lctx, ISC_LOG_WARNING,
|
2001-08-03 05:56:22 +00:00
|
|
|
"secret for key '%s' on command channel: %s",
|
|
|
|
|
keyid->keyname, isc_result_totext(result));
|
2011-03-11 06:11:27 +00:00
|
|
|
goto cleanup;
|
2001-05-31 10:36:05 +00:00
|
|
|
}
|
|
|
|
|
|
2001-08-03 05:56:22 +00:00
|
|
|
keyid->secret.length = isc_buffer_usedlength(&b);
|
2019-07-16 15:52:14 +02:00
|
|
|
keyid->secret.base = isc_mem_get(mctx, keyid->secret.length);
|
2020-02-12 13:59:18 +01:00
|
|
|
memmove(keyid->secret.base, isc_buffer_base(&b), keyid->secret.length);
|
2001-08-03 05:56:22 +00:00
|
|
|
ISC_LIST_APPEND(*keyids, keyid, link);
|
|
|
|
|
keyid = NULL;
|
|
|
|
|
result = ISC_R_SUCCESS;
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
cleanup:
|
2020-02-13 21:48:23 +01:00
|
|
|
if (keyid != NULL) {
|
2001-08-03 05:56:22 +00:00
|
|
|
free_controlkey(keyid, mctx);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (config != NULL) {
|
2001-08-03 05:56:22 +00:00
|
|
|
cfg_obj_destroy(pctx, &config);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (pctx != NULL) {
|
2001-08-03 05:56:22 +00:00
|
|
|
cfg_parser_destroy(&pctx);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-05-31 10:36:05 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2001-08-04 07:38:06 +00:00
|
|
|
/*
|
|
|
|
|
* Ensures that both '*global_keylistp' and '*control_keylistp' are
|
|
|
|
|
* valid or both are NULL.
|
|
|
|
|
*/
|
2001-05-31 10:36:05 +00:00
|
|
|
static void
|
2006-02-28 02:39:52 +00:00
|
|
|
get_key_info(const cfg_obj_t *config, const cfg_obj_t *control,
|
|
|
|
|
const cfg_obj_t **global_keylistp,
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t **control_keylistp) {
|
|
|
|
|
isc_result_t result;
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *control_keylist = NULL;
|
|
|
|
|
const cfg_obj_t *global_keylist = NULL;
|
2001-05-31 10:36:05 +00:00
|
|
|
|
|
|
|
|
REQUIRE(global_keylistp != NULL && *global_keylistp == NULL);
|
|
|
|
|
REQUIRE(control_keylistp != NULL && *control_keylistp == NULL);
|
|
|
|
|
|
|
|
|
|
control_keylist = cfg_tuple_get(control, "keys");
|
|
|
|
|
|
2001-08-03 05:56:22 +00:00
|
|
|
if (!cfg_obj_isvoid(control_keylist) &&
|
2001-08-04 07:38:06 +00:00
|
|
|
cfg_list_first(control_keylist) != NULL) {
|
|
|
|
|
result = cfg_map_get(config, "key", &global_keylist);
|
2001-05-31 10:36:05 +00:00
|
|
|
|
2001-08-04 07:38:06 +00:00
|
|
|
if (result == ISC_R_SUCCESS) {
|
|
|
|
|
*global_keylistp = global_keylist;
|
|
|
|
|
*control_keylistp = control_keylist;
|
|
|
|
|
}
|
|
|
|
|
}
|
2001-05-31 10:36:05 +00:00
|
|
|
}
|
|
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
static void
|
2017-09-08 13:39:09 -07:00
|
|
|
update_listener(named_controls_t *cp, controllistener_t **listenerp,
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *control, const cfg_obj_t *config,
|
|
|
|
|
isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
|
2020-04-16 13:06:42 -07:00
|
|
|
const char *socktext, isc_socktype_t type) {
|
2019-12-15 16:45:17 -08:00
|
|
|
controllistener_t *listener = NULL;
|
|
|
|
|
const cfg_obj_t *allow = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t *global_keylist = NULL;
|
|
|
|
|
const cfg_obj_t *control_keylist = NULL;
|
|
|
|
|
dns_acl_t *new_acl = NULL;
|
|
|
|
|
controlkeylist_t keys;
|
|
|
|
|
isc_result_t result = ISC_R_SUCCESS;
|
2020-02-12 13:59:18 +01:00
|
|
|
|
|
|
|
|
for (listener = ISC_LIST_HEAD(cp->listeners); listener != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
listener = ISC_LIST_NEXT(listener, link))
|
|
|
|
|
{
|
2020-02-13 18:16:57 +01:00
|
|
|
if (isc_sockaddr_equal(addr, &listener->address)) {
|
2001-03-27 00:45:13 +00:00
|
|
|
break;
|
2020-02-13 18:16:57 +01:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
if (listener == NULL) {
|
|
|
|
|
*listenerp = NULL;
|
|
|
|
|
return;
|
|
|
|
|
}
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
/*
|
|
|
|
|
* There is already a listener for this sockaddr.
|
|
|
|
|
* Update the access list and key information.
|
|
|
|
|
*
|
2001-05-31 10:36:05 +00:00
|
|
|
* First try to deal with the key situation. There are a few
|
|
|
|
|
* possibilities:
|
|
|
|
|
* (a) It had an explicit keylist and still has an explicit keylist.
|
|
|
|
|
* (b) It had an automagic key and now has an explicit keylist.
|
|
|
|
|
* (c) It had an explicit keylist and now needs an automagic key.
|
|
|
|
|
* (d) It has an automagic key and still needs the automagic key.
|
|
|
|
|
*
|
|
|
|
|
* (c) and (d) are the annoying ones. The caller needs to know
|
|
|
|
|
* that it should use the automagic configuration for key information
|
|
|
|
|
* in place of the named.conf configuration.
|
|
|
|
|
*
|
|
|
|
|
* XXXDCL There is one other hazard that has not been dealt with,
|
|
|
|
|
* the problem that if a key change is being caused by a control
|
|
|
|
|
* channel reload, then the response will be with the new key
|
2001-08-03 18:03:02 +00:00
|
|
|
* and not able to be decrypted by the client.
|
2001-05-31 10:36:05 +00:00
|
|
|
*/
|
2020-02-13 21:48:23 +01:00
|
|
|
if (control != NULL) {
|
2001-08-04 07:49:38 +00:00
|
|
|
get_key_info(config, control, &global_keylist,
|
|
|
|
|
&control_keylist);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-05-31 10:36:05 +00:00
|
|
|
|
|
|
|
|
if (control_keylist != NULL) {
|
|
|
|
|
INSIST(global_keylist != NULL);
|
|
|
|
|
|
|
|
|
|
ISC_LIST_INIT(keys);
|
2019-07-23 14:56:24 -04:00
|
|
|
controlkeylist_fromcfg(control_keylist, listener->mctx, &keys);
|
|
|
|
|
free_controlkeylist(&listener->keys, listener->mctx);
|
|
|
|
|
listener->keys = keys;
|
|
|
|
|
register_keys(control, global_keylist, &listener->keys,
|
|
|
|
|
listener->mctx, socktext);
|
2001-08-03 05:56:22 +00:00
|
|
|
} else {
|
2001-05-31 10:36:05 +00:00
|
|
|
free_controlkeylist(&listener->keys, listener->mctx);
|
2001-08-03 05:56:22 +00:00
|
|
|
result = get_rndckey(listener->mctx, &listener->keys);
|
|
|
|
|
}
|
2001-05-31 10:36:05 +00:00
|
|
|
|
2005-11-30 03:36:45 +00:00
|
|
|
if (result != ISC_R_SUCCESS && global_keylist != NULL) {
|
2001-05-31 10:36:05 +00:00
|
|
|
/*
|
|
|
|
|
* This message might be a little misleading since the
|
|
|
|
|
* "new keys" might in fact be identical to the old ones,
|
|
|
|
|
* but tracking whether they are identical just for the
|
|
|
|
|
* sake of avoiding this message would be too much trouble.
|
|
|
|
|
*/
|
2020-02-13 21:48:23 +01:00
|
|
|
if (control != NULL) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
|
2005-11-30 03:33:49 +00:00
|
|
|
"couldn't install new keys for "
|
|
|
|
|
"command channel %s: %s",
|
|
|
|
|
socktext, isc_result_totext(result));
|
2020-02-13 21:48:23 +01:00
|
|
|
} else {
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
|
2005-11-30 03:33:49 +00:00
|
|
|
"couldn't install new keys for "
|
|
|
|
|
"command channel %s: %s",
|
|
|
|
|
socktext, isc_result_totext(result));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2005-11-30 03:36:45 +00:00
|
|
|
}
|
2001-05-31 10:36:05 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Now, keep the old access list unless a new one can be made.
|
2001-03-27 00:45:13 +00:00
|
|
|
*/
|
2020-04-16 13:06:42 -07:00
|
|
|
if (control != NULL && type == isc_socktype_tcp) {
|
2001-08-03 05:56:22 +00:00
|
|
|
allow = cfg_tuple_get(control, "allow");
|
2017-09-08 13:39:09 -07:00
|
|
|
result = cfg_acl_fromconfig(allow, config, named_g_lctx,
|
2007-09-12 01:09:08 +00:00
|
|
|
aclconfctx, listener->mctx, 0,
|
2005-01-11 03:46:11 +00:00
|
|
|
&new_acl);
|
2001-08-03 05:56:22 +00:00
|
|
|
} else {
|
2001-08-03 18:28:48 +00:00
|
|
|
result = dns_acl_any(listener->mctx, &new_acl);
|
2001-08-03 05:56:22 +00:00
|
|
|
}
|
|
|
|
|
|
2015-11-11 13:29:38 +05:30
|
|
|
if (control != NULL) {
|
2019-12-15 16:45:17 -08:00
|
|
|
const cfg_obj_t *readonly = NULL;
|
2015-11-11 13:29:38 +05:30
|
|
|
|
|
|
|
|
readonly = cfg_tuple_get(control, "read-only");
|
2020-02-13 21:48:23 +01:00
|
|
|
if (!cfg_obj_isvoid(readonly)) {
|
2015-11-11 13:29:38 +05:30
|
|
|
listener->readonly = cfg_obj_asboolean(readonly);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2015-11-11 13:29:38 +05:30
|
|
|
}
|
|
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
if (result == ISC_R_SUCCESS) {
|
|
|
|
|
dns_acl_detach(&listener->acl);
|
|
|
|
|
dns_acl_attach(new_acl, &listener->acl);
|
|
|
|
|
dns_acl_detach(&new_acl);
|
|
|
|
|
/* XXXDCL say the old acl is still used? */
|
2020-02-13 21:48:23 +01:00
|
|
|
} else if (control != NULL) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
|
2001-03-27 00:45:13 +00:00
|
|
|
"couldn't install new acl for "
|
|
|
|
|
"command channel %s: %s",
|
|
|
|
|
socktext, isc_result_totext(result));
|
2020-02-13 21:48:23 +01:00
|
|
|
} else {
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_WARNING,
|
2005-11-30 03:33:49 +00:00
|
|
|
"couldn't install new acl for "
|
|
|
|
|
"command channel %s: %s",
|
|
|
|
|
socktext, isc_result_totext(result));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
if (result == ISC_R_SUCCESS && type == isc_socktype_unix) {
|
2018-03-28 14:19:37 +02:00
|
|
|
uint32_t perm, owner, group;
|
2020-02-12 13:59:18 +01:00
|
|
|
perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
|
2005-02-23 01:09:23 +00:00
|
|
|
owner = cfg_obj_asuint32(cfg_tuple_get(control, "owner"));
|
|
|
|
|
group = cfg_obj_asuint32(cfg_tuple_get(control, "group"));
|
|
|
|
|
result = ISC_R_SUCCESS;
|
|
|
|
|
if (listener->perm != perm || listener->owner != owner ||
|
2020-02-13 14:44:37 -08:00
|
|
|
listener->group != group)
|
|
|
|
|
{
|
2005-02-23 01:09:23 +00:00
|
|
|
result = isc_socket_permunix(&listener->address, perm,
|
|
|
|
|
owner, group);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2005-02-23 01:09:23 +00:00
|
|
|
if (result == ISC_R_SUCCESS) {
|
|
|
|
|
listener->perm = perm;
|
|
|
|
|
listener->owner = owner;
|
|
|
|
|
listener->group = group;
|
2020-02-13 21:48:23 +01:00
|
|
|
} else if (control != NULL) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
|
2005-02-23 01:09:23 +00:00
|
|
|
"couldn't update ownership/permission for "
|
2020-02-12 13:59:18 +01:00
|
|
|
"command channel %s",
|
|
|
|
|
socktext);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2005-02-23 01:09:23 +00:00
|
|
|
}
|
|
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
*listenerp = listener;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static void
|
2017-09-08 13:39:09 -07:00
|
|
|
add_listener(named_controls_t *cp, controllistener_t **listenerp,
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *control, const cfg_obj_t *config,
|
|
|
|
|
isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
|
2020-04-16 13:06:42 -07:00
|
|
|
const char *socktext, isc_socktype_t type) {
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_mem_t *mctx = cp->server->mctx;
|
2019-12-15 16:45:17 -08:00
|
|
|
controllistener_t *listener = NULL;
|
|
|
|
|
const cfg_obj_t *allow = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t *global_keylist = NULL;
|
|
|
|
|
const cfg_obj_t *control_keylist = NULL;
|
|
|
|
|
dns_acl_t *new_acl = NULL;
|
|
|
|
|
isc_result_t result = ISC_R_SUCCESS;
|
2020-04-16 13:06:42 -07:00
|
|
|
int pf;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
listener = isc_mem_get(mctx, sizeof(*listener));
|
2019-12-15 16:45:17 -08:00
|
|
|
*listener = (controllistener_t){ .controls = cp,
|
|
|
|
|
.address = *addr,
|
|
|
|
|
.type = type };
|
2020-06-23 13:02:21 +02:00
|
|
|
isc_mem_attach(mctx, &listener->mctx);
|
2020-10-01 15:11:32 +10:00
|
|
|
isc_mutex_init(&listener->connections_lock);
|
2020-06-23 13:02:21 +02:00
|
|
|
ISC_LINK_INIT(listener, link);
|
|
|
|
|
ISC_LIST_INIT(listener->keys);
|
|
|
|
|
ISC_LIST_INIT(listener->connections);
|
2020-10-02 16:17:51 +10:00
|
|
|
isc_refcount_init(&listener->refs, 1);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-06-23 13:02:21 +02:00
|
|
|
/*
|
2019-12-15 16:45:17 -08:00
|
|
|
* Make the ACL.
|
2020-06-23 13:02:21 +02:00
|
|
|
*/
|
2020-04-16 13:06:42 -07:00
|
|
|
if (control != NULL && type == isc_socktype_tcp) {
|
2019-12-15 16:45:17 -08:00
|
|
|
const cfg_obj_t *readonly = NULL;
|
2015-11-11 13:29:38 +05:30
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
allow = cfg_tuple_get(control, "allow");
|
|
|
|
|
CHECK(cfg_acl_fromconfig(allow, config, named_g_lctx,
|
|
|
|
|
aclconfctx, mctx, 0, &new_acl));
|
|
|
|
|
|
2015-11-11 13:29:38 +05:30
|
|
|
readonly = cfg_tuple_get(control, "read-only");
|
2020-02-13 21:48:23 +01:00
|
|
|
if (!cfg_obj_isvoid(readonly)) {
|
2015-11-11 13:29:38 +05:30
|
|
|
listener->readonly = cfg_obj_asboolean(readonly);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-04-16 13:06:42 -07:00
|
|
|
} else {
|
|
|
|
|
CHECK(dns_acl_any(mctx, &new_acl));
|
2015-11-11 13:29:38 +05:30
|
|
|
}
|
|
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
dns_acl_attach(new_acl, &listener->acl);
|
|
|
|
|
dns_acl_detach(&new_acl);
|
2001-05-31 10:36:05 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
if (config != NULL) {
|
|
|
|
|
get_key_info(config, control, &global_keylist,
|
|
|
|
|
&control_keylist);
|
|
|
|
|
}
|
2001-08-03 05:56:22 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
if (control_keylist != NULL) {
|
|
|
|
|
controlkeylist_fromcfg(control_keylist, listener->mctx,
|
|
|
|
|
&listener->keys);
|
|
|
|
|
register_keys(control, global_keylist, &listener->keys,
|
|
|
|
|
listener->mctx, socktext);
|
|
|
|
|
} else {
|
|
|
|
|
result = get_rndckey(mctx, &listener->keys);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS && control != NULL) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
|
2001-05-31 10:36:05 +00:00
|
|
|
"couldn't install keys for "
|
2001-03-27 00:45:13 +00:00
|
|
|
"command channel %s: %s",
|
|
|
|
|
socktext, isc_result_totext(result));
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
pf = isc_sockaddr_pf(&listener->address);
|
|
|
|
|
if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
|
2018-08-07 16:46:53 +02:00
|
|
|
#ifndef _WIN32
|
2020-04-16 13:06:42 -07:00
|
|
|
(pf == AF_UNIX && isc_net_probeunix() != ISC_R_SUCCESS) ||
|
|
|
|
|
#endif /* ifdef _WIN32 */
|
|
|
|
|
(pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
|
|
|
|
|
{
|
|
|
|
|
CHECK(ISC_R_FAMILYNOSUPPORT);
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
#if 0
|
|
|
|
|
/* XXX: no unix socket support yet */
|
|
|
|
|
if (type == isc_socktype_unix) {
|
2018-04-17 08:29:14 -07:00
|
|
|
isc_socket_cleanunix(&listener->address, false);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-04-16 13:06:42 -07:00
|
|
|
#endif
|
2005-02-23 01:09:23 +00:00
|
|
|
|
2021-04-27 00:07:43 +02:00
|
|
|
CHECK(isc_nm_listentcp(
|
2021-05-26 08:15:34 +02:00
|
|
|
named_g_netmgr, &listener->address, control_newconn, listener,
|
|
|
|
|
sizeof(controlconnection_t), 5, NULL, &listener->sock));
|
2020-04-16 13:06:42 -07:00
|
|
|
#if 0
|
|
|
|
|
/* XXX: no unix socket support yet */
|
|
|
|
|
if (type == isc_socktype_unix) {
|
2020-02-17 12:05:39 -08:00
|
|
|
listener->perm =
|
|
|
|
|
cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
|
|
|
|
|
listener->owner =
|
|
|
|
|
cfg_obj_asuint32(cfg_tuple_get(control, "owner"));
|
|
|
|
|
listener->group =
|
|
|
|
|
cfg_obj_asuint32(cfg_tuple_get(control, "group"));
|
2005-02-23 01:09:23 +00:00
|
|
|
result = isc_socket_permunix(&listener->address, listener->perm,
|
|
|
|
|
listener->owner, listener->group);
|
|
|
|
|
}
|
2020-04-16 13:06:42 -07:00
|
|
|
#endif
|
2019-12-15 16:45:17 -08:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
|
|
|
|
|
"command channel listening on %s", socktext);
|
|
|
|
|
*listenerp = listener;
|
|
|
|
|
return;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
cleanup:
|
2021-02-16 16:05:56 +11:00
|
|
|
isc_refcount_decrement(&listener->refs);
|
|
|
|
|
listener->exiting = true;
|
|
|
|
|
free_listener(listener);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
if (control != NULL) {
|
|
|
|
|
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
|
|
|
|
|
"couldn't add command channel %s: %s", socktext,
|
|
|
|
|
isc_result_totext(result));
|
|
|
|
|
} else {
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
|
2020-04-16 13:06:42 -07:00
|
|
|
"couldn't add command channel %s: %s", socktext,
|
|
|
|
|
isc_result_totext(result));
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
*listenerp = NULL;
|
|
|
|
|
|
2001-03-27 00:45:13 +00:00
|
|
|
/* XXXDCL return error results? fail hard? */
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
2017-09-08 13:39:09 -07:00
|
|
|
named_controls_configure(named_controls_t *cp, const cfg_obj_t *config,
|
2020-02-13 14:44:37 -08:00
|
|
|
cfg_aclconfctx_t *aclconfctx) {
|
2019-12-15 16:45:17 -08:00
|
|
|
controllistener_t *listener = NULL;
|
2001-03-27 00:45:13 +00:00
|
|
|
controllistenerlist_t new_listeners;
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t *controlslist = NULL;
|
|
|
|
|
const cfg_listelt_t *element, *element2;
|
|
|
|
|
char socktext[ISC_SOCKADDR_FORMATSIZE];
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
ISC_LIST_INIT(new_listeners);
|
|
|
|
|
|
|
|
|
|
/*
|
2001-05-07 21:57:25 +00:00
|
|
|
* Get the list of named.conf 'controls' statements.
|
2001-03-27 00:45:13 +00:00
|
|
|
*/
|
|
|
|
|
(void)cfg_map_get(config, "controls", &controlslist);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Run through the new control channel list, noting sockets that
|
|
|
|
|
* are already being listened on and moving them to the new list.
|
|
|
|
|
*
|
2001-05-07 21:57:25 +00:00
|
|
|
* Identifying duplicate addr/port combinations is left to either
|
2001-03-27 00:45:13 +00:00
|
|
|
* the underlying config code, or to the bind attempt getting an
|
|
|
|
|
* address-in-use error.
|
|
|
|
|
*/
|
|
|
|
|
if (controlslist != NULL) {
|
2020-02-12 13:59:18 +01:00
|
|
|
for (element = cfg_list_first(controlslist); element != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
element = cfg_list_next(element))
|
|
|
|
|
{
|
2019-12-15 16:45:17 -08:00
|
|
|
const cfg_obj_t *controls = NULL;
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *inetcontrols = NULL;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
controls = cfg_listelt_value(element);
|
|
|
|
|
(void)cfg_map_get(controls, "inet", &inetcontrols);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (inetcontrols == NULL) {
|
2001-03-27 00:45:13 +00:00
|
|
|
continue;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
for (element2 = cfg_list_first(inetcontrols);
|
|
|
|
|
element2 != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
element2 = cfg_list_next(element2))
|
|
|
|
|
{
|
2019-12-15 16:45:17 -08:00
|
|
|
const cfg_obj_t *control = NULL;
|
|
|
|
|
const cfg_obj_t *obj = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_sockaddr_t addr;
|
2001-03-27 00:45:13 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The parser handles BIND 8 configuration file
|
|
|
|
|
* syntax, so it allows unix phrases as well
|
|
|
|
|
* inet phrases with no keys{} clause.
|
|
|
|
|
*/
|
|
|
|
|
control = cfg_listelt_value(element2);
|
|
|
|
|
|
|
|
|
|
obj = cfg_tuple_get(control, "address");
|
2006-02-28 02:39:52 +00:00
|
|
|
addr = *cfg_obj_assockaddr(obj);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (isc_sockaddr_getport(&addr) == 0) {
|
2020-02-12 13:59:18 +01:00
|
|
|
isc_sockaddr_setport(
|
|
|
|
|
&addr, NAMED_CONTROL_PORT);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2006-02-28 02:39:52 +00:00
|
|
|
isc_sockaddr_format(&addr, socktext,
|
2001-03-27 00:45:13 +00:00
|
|
|
sizeof(socktext));
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx,
|
|
|
|
|
NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL,
|
2001-03-27 00:45:13 +00:00
|
|
|
ISC_LOG_DEBUG(9),
|
|
|
|
|
"processing control channel %s",
|
|
|
|
|
socktext);
|
|
|
|
|
|
2001-05-08 03:42:34 +00:00
|
|
|
update_listener(cp, &listener, control, config,
|
2006-02-28 02:39:52 +00:00
|
|
|
&addr, aclconfctx, socktext,
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_socktype_tcp);
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (listener != NULL) {
|
2001-03-27 00:45:13 +00:00
|
|
|
/*
|
|
|
|
|
* Remove the listener from the old
|
|
|
|
|
* list, so it won't be shut down.
|
|
|
|
|
*/
|
2020-02-12 13:59:18 +01:00
|
|
|
ISC_LIST_UNLINK(cp->listeners, listener,
|
|
|
|
|
link);
|
2020-02-13 21:48:23 +01:00
|
|
|
} else {
|
2001-03-27 00:45:13 +00:00
|
|
|
/*
|
|
|
|
|
* This is a new listener.
|
|
|
|
|
*/
|
2001-05-31 10:36:05 +00:00
|
|
|
add_listener(cp, &listener, control,
|
2006-02-28 02:39:52 +00:00
|
|
|
config, &addr, aclconfctx,
|
2005-02-23 01:09:23 +00:00
|
|
|
socktext,
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_socktype_tcp);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2005-02-23 01:09:23 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (listener != NULL) {
|
2020-02-12 13:59:18 +01:00
|
|
|
ISC_LIST_APPEND(new_listeners, listener,
|
|
|
|
|
link);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2005-02-23 01:09:23 +00:00
|
|
|
}
|
|
|
|
|
}
|
2020-02-12 13:59:18 +01:00
|
|
|
for (element = cfg_list_first(controlslist); element != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
element = cfg_list_next(element))
|
|
|
|
|
{
|
2019-12-15 16:45:17 -08:00
|
|
|
const cfg_obj_t *controls = NULL;
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_obj_t *unixcontrols = NULL;
|
2005-02-23 01:09:23 +00:00
|
|
|
|
|
|
|
|
controls = cfg_listelt_value(element);
|
|
|
|
|
(void)cfg_map_get(controls, "unix", &unixcontrols);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (unixcontrols == NULL) {
|
2005-02-23 01:09:23 +00:00
|
|
|
continue;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2005-02-23 01:09:23 +00:00
|
|
|
|
2020-04-16 13:06:42 -07:00
|
|
|
cfg_obj_log(controls, named_g_lctx, ISC_LOG_ERROR,
|
|
|
|
|
"UNIX domain sockets not yet supported");
|
|
|
|
|
return (ISC_R_FAILURE);
|
|
|
|
|
|
|
|
|
|
#if 0
|
|
|
|
|
/* XXX: no unix domain socket support in netmgr */
|
2005-02-23 01:09:23 +00:00
|
|
|
for (element2 = cfg_list_first(unixcontrols);
|
|
|
|
|
element2 != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
element2 = cfg_list_next(element2))
|
|
|
|
|
{
|
2019-12-15 16:45:17 -08:00
|
|
|
const cfg_obj_t *control = NULL;
|
|
|
|
|
const cfg_obj_t *path = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_sockaddr_t addr;
|
|
|
|
|
isc_result_t result;
|
2005-02-23 01:09:23 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* The parser handles BIND 8 configuration file
|
|
|
|
|
* syntax, so it allows unix phrases as well
|
|
|
|
|
* inet phrases with no keys{} clause.
|
|
|
|
|
*/
|
|
|
|
|
control = cfg_listelt_value(element2);
|
|
|
|
|
|
|
|
|
|
path = cfg_tuple_get(control, "path");
|
2020-02-12 13:59:18 +01:00
|
|
|
result = isc_sockaddr_frompath(
|
|
|
|
|
&addr, cfg_obj_asstring(path));
|
2005-02-23 01:09:23 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2020-02-12 13:59:18 +01:00
|
|
|
isc_log_write(
|
|
|
|
|
named_g_lctx,
|
|
|
|
|
NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL,
|
|
|
|
|
ISC_LOG_DEBUG(9),
|
|
|
|
|
"control channel '%s': %s",
|
|
|
|
|
cfg_obj_asstring(path),
|
|
|
|
|
isc_result_totext(result));
|
2005-02-23 01:09:23 +00:00
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_log_write(named_g_lctx,
|
|
|
|
|
NAMED_LOGCATEGORY_GENERAL,
|
|
|
|
|
NAMED_LOGMODULE_CONTROL,
|
2005-02-23 01:09:23 +00:00
|
|
|
ISC_LOG_DEBUG(9),
|
|
|
|
|
"processing control channel '%s'",
|
|
|
|
|
cfg_obj_asstring(path));
|
|
|
|
|
|
|
|
|
|
update_listener(cp, &listener, control, config,
|
|
|
|
|
&addr, aclconfctx,
|
2008-01-18 23:46:58 +00:00
|
|
|
cfg_obj_asstring(path),
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_socktype_unix);
|
2005-02-23 01:09:23 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (listener != NULL) {
|
2005-02-23 01:09:23 +00:00
|
|
|
/*
|
|
|
|
|
* Remove the listener from the old
|
|
|
|
|
* list, so it won't be shut down.
|
|
|
|
|
*/
|
2020-02-12 13:59:18 +01:00
|
|
|
ISC_LIST_UNLINK(cp->listeners, listener,
|
|
|
|
|
link);
|
2020-02-13 21:48:23 +01:00
|
|
|
} else {
|
2005-02-23 01:09:23 +00:00
|
|
|
/*
|
|
|
|
|
* This is a new listener.
|
|
|
|
|
*/
|
|
|
|
|
add_listener(cp, &listener, control,
|
|
|
|
|
config, &addr, aclconfctx,
|
|
|
|
|
cfg_obj_asstring(path),
|
2020-04-16 13:06:42 -07:00
|
|
|
isc_socktype_unix);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (listener != NULL) {
|
2020-02-12 13:59:18 +01:00
|
|
|
ISC_LIST_APPEND(new_listeners, listener,
|
|
|
|
|
link);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
2020-04-16 13:06:42 -07:00
|
|
|
#endif
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
2001-05-31 10:36:05 +00:00
|
|
|
} else {
|
2001-08-03 05:56:22 +00:00
|
|
|
int i;
|
|
|
|
|
|
2001-08-06 11:28:21 +00:00
|
|
|
for (i = 0; i < 2; i++) {
|
2001-08-03 05:56:22 +00:00
|
|
|
isc_sockaddr_t addr;
|
|
|
|
|
|
2001-08-06 01:03:53 +00:00
|
|
|
if (i == 0) {
|
2001-10-31 19:35:19 +00:00
|
|
|
struct in_addr localhost;
|
|
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (isc_net_probeipv4() != ISC_R_SUCCESS) {
|
2001-08-03 05:56:22 +00:00
|
|
|
continue;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-10-31 19:35:19 +00:00
|
|
|
localhost.s_addr = htonl(INADDR_LOOPBACK);
|
|
|
|
|
isc_sockaddr_fromin(&addr, &localhost, 0);
|
2001-08-03 05:56:22 +00:00
|
|
|
} else {
|
2020-02-13 21:48:23 +01:00
|
|
|
if (isc_net_probeipv6() != ISC_R_SUCCESS) {
|
2001-08-03 05:56:22 +00:00
|
|
|
continue;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2020-02-12 13:59:18 +01:00
|
|
|
isc_sockaddr_fromin6(&addr, &in6addr_loopback,
|
|
|
|
|
0);
|
2001-08-03 05:56:22 +00:00
|
|
|
}
|
2017-09-08 13:39:09 -07:00
|
|
|
isc_sockaddr_setport(&addr, NAMED_CONTROL_PORT);
|
2001-05-31 10:36:05 +00:00
|
|
|
|
2001-08-03 05:56:22 +00:00
|
|
|
isc_sockaddr_format(&addr, socktext, sizeof(socktext));
|
2008-01-18 23:46:58 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
update_listener(cp, &listener, NULL, NULL, &addr, NULL,
|
2020-04-16 13:06:42 -07:00
|
|
|
socktext, isc_socktype_tcp);
|
2001-05-31 10:36:05 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (listener != NULL) {
|
2001-08-03 05:56:22 +00:00
|
|
|
/*
|
|
|
|
|
* Remove the listener from the old
|
|
|
|
|
* list, so it won't be shut down.
|
|
|
|
|
*/
|
2020-02-12 13:59:18 +01:00
|
|
|
ISC_LIST_UNLINK(cp->listeners, listener, link);
|
2020-02-13 21:48:23 +01:00
|
|
|
} else {
|
2001-08-03 05:56:22 +00:00
|
|
|
/*
|
|
|
|
|
* This is a new listener.
|
|
|
|
|
*/
|
2020-02-12 13:59:18 +01:00
|
|
|
add_listener(cp, &listener, NULL, NULL, &addr,
|
2020-04-16 13:06:42 -07:00
|
|
|
NULL, socktext, isc_socktype_tcp);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-08-03 05:56:22 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (listener != NULL) {
|
2020-02-12 13:59:18 +01:00
|
|
|
ISC_LIST_APPEND(new_listeners, listener, link);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-08-03 05:56:22 +00:00
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
}
|
|
|
|
|
|
2001-08-03 05:56:22 +00:00
|
|
|
/*
|
2017-09-08 13:39:09 -07:00
|
|
|
* named_control_shutdown() will stop whatever is on the global
|
2001-08-03 05:56:22 +00:00
|
|
|
* listeners list, which currently only has whatever sockaddrs
|
|
|
|
|
* were in the previous configuration (if any) that do not
|
|
|
|
|
* remain in the current configuration.
|
|
|
|
|
*/
|
2001-09-21 03:04:14 +00:00
|
|
|
controls_shutdown(cp);
|
2001-08-03 05:56:22 +00:00
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
* Put all of the valid listeners on the listeners list.
|
|
|
|
|
* Anything already on listeners in the process of shutting
|
|
|
|
|
* down will be taken care of by listen_done().
|
|
|
|
|
*/
|
|
|
|
|
ISC_LIST_APPENDLIST(cp->listeners, new_listeners, link);
|
2001-05-08 03:42:34 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2001-03-27 00:45:13 +00:00
|
|
|
|
2001-05-08 03:42:34 +00:00
|
|
|
isc_result_t
|
2020-02-13 14:44:37 -08:00
|
|
|
named_controls_create(named_server_t *server, named_controls_t **ctrlsp) {
|
|
|
|
|
isc_mem_t *mctx = server->mctx;
|
|
|
|
|
isc_result_t result;
|
2017-09-08 13:39:09 -07:00
|
|
|
named_controls_t *controls = isc_mem_get(mctx, sizeof(*controls));
|
2003-07-17 06:24:44 +00:00
|
|
|
|
2020-09-08 12:11:06 +10:00
|
|
|
*controls = (named_controls_t){
|
|
|
|
|
.server = server,
|
|
|
|
|
};
|
|
|
|
|
|
2001-05-08 03:42:34 +00:00
|
|
|
ISC_LIST_INIT(controls->listeners);
|
2020-09-08 12:11:06 +10:00
|
|
|
|
|
|
|
|
isc_mutex_init(&controls->symtab_lock);
|
|
|
|
|
LOCK(&controls->symtab_lock);
|
2003-07-17 06:24:44 +00:00
|
|
|
result = isccc_cc_createsymtab(&controls->symtab);
|
2020-09-08 12:11:06 +10:00
|
|
|
UNLOCK(&controls->symtab_lock);
|
|
|
|
|
|
2003-07-17 06:24:44 +00:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2020-09-08 12:11:06 +10:00
|
|
|
isc_mutex_destroy(&controls->symtab_lock);
|
2003-07-17 06:24:44 +00:00
|
|
|
isc_mem_put(server->mctx, controls, sizeof(*controls));
|
|
|
|
|
return (result);
|
|
|
|
|
}
|
2001-05-08 03:42:34 +00:00
|
|
|
*ctrlsp = controls;
|
2001-03-27 00:45:13 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
}
|
2001-05-08 03:42:34 +00:00
|
|
|
|
|
|
|
|
void
|
2020-02-13 14:44:37 -08:00
|
|
|
named_controls_destroy(named_controls_t **ctrlsp) {
|
2017-09-08 13:39:09 -07:00
|
|
|
named_controls_t *controls = *ctrlsp;
|
2020-02-08 04:37:54 -08:00
|
|
|
*ctrlsp = NULL;
|
2001-05-08 03:42:34 +00:00
|
|
|
|
|
|
|
|
REQUIRE(ISC_LIST_EMPTY(controls->listeners));
|
|
|
|
|
|
2020-09-08 12:11:06 +10:00
|
|
|
LOCK(&controls->symtab_lock);
|
2003-07-17 06:24:44 +00:00
|
|
|
isccc_symtab_destroy(&controls->symtab);
|
2020-09-08 12:11:06 +10:00
|
|
|
UNLOCK(&controls->symtab_lock);
|
|
|
|
|
isc_mutex_destroy(&controls->symtab_lock);
|
2001-05-08 03:42:34 +00:00
|
|
|
isc_mem_put(controls->server->mctx, controls, sizeof(*controls));
|
|
|
|
|
}
|
