PageRenderTime 158ms CodeModel.GetById 94ms app.highlight 58ms RepoModel.GetById 1ms app.codeStats 0ms

/contrib/bind9/bin/named/config.c

https://bitbucket.org/freebsd/freebsd-head/
C | 855 lines | 746 code | 79 blank | 30 comment | 182 complexity | 73bbe39786e9360eee01c72188599234 MD5 | raw file
  1/*
  2 * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
  3 * Copyright (C) 2001-2003  Internet Software Consortium.
  4 *
  5 * Permission to use, copy, modify, and/or distribute this software for any
  6 * purpose with or without fee is hereby granted, provided that the above
  7 * copyright notice and this permission notice appear in all copies.
  8 *
  9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 11 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 15 * PERFORMANCE OF THIS SOFTWARE.
 16 */
 17
 18/* $Id: config.c,v 1.113.16.2 2011/02/28 01:19:58 tbox Exp $ */
 19
 20/*! \file */
 21
 22#include <config.h>
 23
 24#include <stdlib.h>
 25
 26#include <isc/buffer.h>
 27#include <isc/log.h>
 28#include <isc/mem.h>
 29#include <isc/parseint.h>
 30#include <isc/region.h>
 31#include <isc/result.h>
 32#include <isc/sockaddr.h>
 33#include <isc/string.h>
 34#include <isc/util.h>
 35
 36#include <isccfg/namedconf.h>
 37
 38#include <dns/fixedname.h>
 39#include <dns/name.h>
 40#include <dns/rdataclass.h>
 41#include <dns/rdatatype.h>
 42#include <dns/tsig.h>
 43#include <dns/zone.h>
 44
 45#include <dst/dst.h>
 46
 47#include <named/config.h>
 48#include <named/globals.h>
 49
 50#include "bind.keys.h"
 51
 52/*% default configuration */
 53static char defaultconf[] = "\
 54options {\n\
 55#	blackhole {none;};\n"
 56#ifndef WIN32
 57"	coresize default;\n\
 58	datasize default;\n\
 59	files unlimited;\n\
 60	stacksize default;\n"
 61#endif
 62"#	session-keyfile \"" NS_LOCALSTATEDIR "/run/named/session.key\";\n\
 63	session-keyname local-ddns;\n\
 64	session-keyalg hmac-sha256;\n\
 65	deallocate-on-exit true;\n\
 66#	directory <none>\n\
 67	dump-file \"named_dump.db\";\n\
 68	fake-iquery no;\n\
 69	has-old-clients false;\n\
 70	heartbeat-interval 60;\n\
 71	host-statistics no;\n\
 72	interface-interval 60;\n\
 73	listen-on {any;};\n\
 74	listen-on-v6 {none;};\n\
 75	match-mapped-addresses no;\n\
 76	memstatistics-file \"named.memstats\";\n\
 77	multiple-cnames no;\n\
 78#	named-xfer <obsolete>;\n\
 79#	pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\
 80	bindkeys-file \"" NS_SYSCONFDIR "/bind.keys\";\n\
 81	port 53;\n\
 82	recursing-file \"named.recursing\";\n\
 83	secroots-file \"named.secroots\";\n\
 84"
 85#ifdef PATH_RANDOMDEV
 86"\
 87	random-device \"" PATH_RANDOMDEV "\";\n\
 88"
 89#endif
 90"\
 91	recursive-clients 1000;\n\
 92	resolver-query-timeout 30;\n\
 93	rrset-order {type NS order random; order cyclic; };\n\
 94	serial-queries 20;\n\
 95	serial-query-rate 20;\n\
 96	server-id none;\n\
 97	statistics-file \"named.stats\";\n\
 98	statistics-interval 60;\n\
 99	tcp-clients 100;\n\
100	tcp-listen-queue 3;\n\
101#	tkey-dhkey <none>\n\
102#	tkey-gssapi-credential <none>\n\
103#	tkey-domain <none>\n\
104	transfers-per-ns 2;\n\
105	transfers-in 10;\n\
106	transfers-out 10;\n\
107	treat-cr-as-space true;\n\
108	use-id-pool true;\n\
109	use-ixfr true;\n\
110	edns-udp-size 4096;\n\
111	max-udp-size 4096;\n\
112	request-nsid false;\n\
113	reserved-sockets 512;\n\
114\n\
115	/* DLV */\n\
116	dnssec-lookaside . trust-anchor dlv.isc.org;\n\
117\n\
118	/* view */\n\
119	allow-notify {none;};\n\
120	allow-update-forwarding {none;};\n\
121	allow-query-cache { localnets; localhost; };\n\
122	allow-query-cache-on { any; };\n\
123	allow-recursion { localnets; localhost; };\n\
124	allow-recursion-on { any; };\n\
125#	allow-v6-synthesis <obsolete>;\n\
126#	sortlist <none>\n\
127#	topology <none>\n\
128	auth-nxdomain false;\n\
129	minimal-responses false;\n\
130	recursion true;\n\
131	provide-ixfr true;\n\
132	request-ixfr true;\n\
133	fetch-glue no;\n\
134	rfc2308-type1 no;\n\
135	additional-from-auth true;\n\
136	additional-from-cache true;\n\
137	query-source address *;\n\
138	query-source-v6 address *;\n\
139	notify-source *;\n\
140	notify-source-v6 *;\n\
141	cleaning-interval 0;  /* now meaningless */\n\
142	min-roots 2;\n\
143	lame-ttl 600;\n\
144	max-ncache-ttl 10800; /* 3 hours */\n\
145	max-cache-ttl 604800; /* 1 week */\n\
146	transfer-format many-answers;\n\
147	max-cache-size 0;\n\
148	check-names master fail;\n\
149	check-names slave warn;\n\
150	check-names response ignore;\n\
151	check-dup-records warn;\n\
152	check-mx warn;\n\
153	acache-enable no;\n\
154	acache-cleaning-interval 60;\n\
155	max-acache-size 16M;\n\
156	dnssec-enable yes;\n\
157	dnssec-validation yes; \n\
158	dnssec-accept-expired no;\n\
159	clients-per-query 10;\n\
160	max-clients-per-query 100;\n\
161	zero-no-soa-ttl-cache no;\n\
162	nsec3-test-zone no;\n\
163	allow-new-zones no;\n\
164"
165#ifdef ALLOW_FILTER_AAAA_ON_V4
166"	filter-aaaa-on-v4 no;\n\
167	filter-aaaa { any; };\n\
168"
169#endif
170
171"	/* zone */\n\
172	allow-query {any;};\n\
173	allow-query-on {any;};\n\
174	allow-transfer {any;};\n\
175	notify yes;\n\
176#	also-notify <none>\n\
177	notify-delay 5;\n\
178	notify-to-soa no;\n\
179	dialup no;\n\
180#	forward <none>\n\
181#	forwarders <none>\n\
182	maintain-ixfr-base no;\n\
183#	max-ixfr-log-size <obsolete>\n\
184	transfer-source *;\n\
185	transfer-source-v6 *;\n\
186	alt-transfer-source *;\n\
187	alt-transfer-source-v6 *;\n\
188	max-transfer-time-in 120;\n\
189	max-transfer-time-out 120;\n\
190	max-transfer-idle-in 60;\n\
191	max-transfer-idle-out 60;\n\
192	max-retry-time 1209600; /* 2 weeks */\n\
193	min-retry-time 500;\n\
194	max-refresh-time 2419200; /* 4 weeks */\n\
195	min-refresh-time 300;\n\
196	multi-master no;\n\
197	dnssec-secure-to-insecure no;\n\
198	sig-validity-interval 30; /* days */\n\
199	sig-signing-nodes 100;\n\
200	sig-signing-signatures 10;\n\
201	sig-signing-type 65534;\n\
202	zone-statistics false;\n\
203	max-journal-size unlimited;\n\
204	ixfr-from-differences false;\n\
205	check-wildcard yes;\n\
206	check-sibling yes;\n\
207	check-integrity yes;\n\
208	check-mx-cname warn;\n\
209	check-srv-cname warn;\n\
210	zero-no-soa-ttl yes;\n\
211	update-check-ksk yes;\n\
212	dnssec-dnskey-kskonly no;\n\
213	try-tcp-refresh yes; /* BIND 8 compat */\n\
214};\n\
215"
216
217"#\n\
218#  Zones in the \"_bind\" view are NOT counted in the count of zones.\n\
219#\n\
220view \"_bind\" chaos {\n\
221	recursion no;\n\
222	notify no;\n\
223	allow-new-zones no;\n\
224\n\
225	zone \"version.bind\" chaos {\n\
226		type master;\n\
227		database \"_builtin version\";\n\
228	};\n\
229\n\
230	zone \"hostname.bind\" chaos {\n\
231		type master;\n\
232		database \"_builtin hostname\";\n\
233	};\n\
234\n\
235	zone \"authors.bind\" chaos {\n\
236		type master;\n\
237		database \"_builtin authors\";\n\
238	};\n\
239\n\
240	zone \"id.server\" chaos {\n\
241		type master;\n\
242		database \"_builtin id\";\n\
243	};\n\
244};\n\
245"
246"#\n\
247#  Default trusted key(s) for builtin DLV support\n\
248#  (used if \"dnssec-lookaside auto;\" is set and\n\
249#  sysconfdir/bind.keys doesn't exist).\n\
250#\n\
251# BEGIN MANAGED KEYS\n"
252
253/* Imported from bind.keys.h: */
254MANAGED_KEYS
255
256"# END MANAGED KEYS\n\
257";
258
259isc_result_t
260ns_config_parsedefaults(cfg_parser_t *parser, cfg_obj_t **conf) {
261	isc_buffer_t b;
262
263	isc_buffer_init(&b, defaultconf, sizeof(defaultconf) - 1);
264	isc_buffer_add(&b, sizeof(defaultconf) - 1);
265	return (cfg_parse_buffer(parser, &b, &cfg_type_namedconf, conf));
266}
267
268isc_result_t
269ns_config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
270	int i;
271
272	for (i = 0;; i++) {
273		if (maps[i] == NULL)
274			return (ISC_R_NOTFOUND);
275		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
276			return (ISC_R_SUCCESS);
277	}
278}
279
280isc_result_t
281ns_checknames_get(const cfg_obj_t **maps, const char *which,
282		  const cfg_obj_t **obj)
283{
284	const cfg_listelt_t *element;
285	const cfg_obj_t *checknames;
286	const cfg_obj_t *type;
287	const cfg_obj_t *value;
288	int i;
289
290	for (i = 0;; i++) {
291		if (maps[i] == NULL)
292			return (ISC_R_NOTFOUND);
293		checknames = NULL;
294		if (cfg_map_get(maps[i], "check-names", &checknames) == ISC_R_SUCCESS) {
295			/*
296			 * Zone map entry is not a list.
297			 */
298			if (checknames != NULL && !cfg_obj_islist(checknames)) {
299				*obj = checknames;
300				return (ISC_R_SUCCESS);
301			}
302			for (element = cfg_list_first(checknames);
303			     element != NULL;
304			     element = cfg_list_next(element)) {
305				value = cfg_listelt_value(element);
306				type = cfg_tuple_get(value, "type");
307				if (strcasecmp(cfg_obj_asstring(type), which) == 0) {
308					*obj = cfg_tuple_get(value, "mode");
309					return (ISC_R_SUCCESS);
310				}
311			}
312
313		}
314	}
315}
316
317int
318ns_config_listcount(const cfg_obj_t *list) {
319	const cfg_listelt_t *e;
320	int i = 0;
321
322	for (e = cfg_list_first(list); e != NULL; e = cfg_list_next(e))
323		i++;
324
325	return (i);
326}
327
328isc_result_t
329ns_config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
330		   dns_rdataclass_t *classp) {
331	isc_textregion_t r;
332	isc_result_t result;
333
334	if (!cfg_obj_isstring(classobj)) {
335		*classp = defclass;
336		return (ISC_R_SUCCESS);
337	}
338	DE_CONST(cfg_obj_asstring(classobj), r.base);
339	r.length = strlen(r.base);
340	result = dns_rdataclass_fromtext(classp, &r);
341	if (result != ISC_R_SUCCESS)
342		cfg_obj_log(classobj, ns_g_lctx, ISC_LOG_ERROR,
343			    "unknown class '%s'", r.base);
344	return (result);
345}
346
347isc_result_t
348ns_config_gettype(const cfg_obj_t *typeobj, dns_rdatatype_t deftype,
349		   dns_rdatatype_t *typep) {
350	isc_textregion_t r;
351	isc_result_t result;
352
353	if (!cfg_obj_isstring(typeobj)) {
354		*typep = deftype;
355		return (ISC_R_SUCCESS);
356	}
357	DE_CONST(cfg_obj_asstring(typeobj), r.base);
358	r.length = strlen(r.base);
359	result = dns_rdatatype_fromtext(typep, &r);
360	if (result != ISC_R_SUCCESS)
361		cfg_obj_log(typeobj, ns_g_lctx, ISC_LOG_ERROR,
362			    "unknown type '%s'", r.base);
363	return (result);
364}
365
366dns_zonetype_t
367ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
368	dns_zonetype_t ztype = dns_zone_none;
369	const char *str;
370
371	str = cfg_obj_asstring(zonetypeobj);
372	if (strcasecmp(str, "master") == 0)
373		ztype = dns_zone_master;
374	else if (strcasecmp(str, "slave") == 0)
375		ztype = dns_zone_slave;
376	else if (strcasecmp(str, "stub") == 0)
377		ztype = dns_zone_stub;
378	else if (strcasecmp(str, "static-stub") == 0)
379		ztype = dns_zone_staticstub;
380	else
381		INSIST(0);
382	return (ztype);
383}
384
385isc_result_t
386ns_config_getiplist(const cfg_obj_t *config, const cfg_obj_t *list,
387		    in_port_t defport, isc_mem_t *mctx,
388		    isc_sockaddr_t **addrsp, isc_uint32_t *countp)
389{
390	int count, i = 0;
391	const cfg_obj_t *addrlist;
392	const cfg_obj_t *portobj;
393	const cfg_listelt_t *element;
394	isc_sockaddr_t *addrs;
395	in_port_t port;
396	isc_result_t result;
397
398	INSIST(addrsp != NULL && *addrsp == NULL);
399	INSIST(countp != NULL);
400
401	addrlist = cfg_tuple_get(list, "addresses");
402	count = ns_config_listcount(addrlist);
403
404	portobj = cfg_tuple_get(list, "port");
405	if (cfg_obj_isuint32(portobj)) {
406		isc_uint32_t val = cfg_obj_asuint32(portobj);
407		if (val > ISC_UINT16_MAX) {
408			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
409				    "port '%u' out of range", val);
410			return (ISC_R_RANGE);
411		}
412		port = (in_port_t) val;
413	} else if (defport != 0)
414		port = defport;
415	else {
416		result = ns_config_getport(config, &port);
417		if (result != ISC_R_SUCCESS)
418			return (result);
419	}
420
421	addrs = isc_mem_get(mctx, count * sizeof(isc_sockaddr_t));
422	if (addrs == NULL)
423		return (ISC_R_NOMEMORY);
424
425	for (element = cfg_list_first(addrlist);
426	     element != NULL;
427	     element = cfg_list_next(element), i++)
428	{
429		INSIST(i < count);
430		addrs[i] = *cfg_obj_assockaddr(cfg_listelt_value(element));
431		if (isc_sockaddr_getport(&addrs[i]) == 0)
432			isc_sockaddr_setport(&addrs[i], port);
433	}
434	INSIST(i == count);
435
436	*addrsp = addrs;
437	*countp = count;
438
439	return (ISC_R_SUCCESS);
440}
441
442void
443ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
444		    isc_uint32_t count)
445{
446	INSIST(addrsp != NULL && *addrsp != NULL);
447
448	isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
449	*addrsp = NULL;
450}
451
452static isc_result_t
453get_masters_def(const cfg_obj_t *cctx, const char *name,
454		const cfg_obj_t **ret)
455{
456	isc_result_t result;
457	const cfg_obj_t *masters = NULL;
458	const cfg_listelt_t *elt;
459
460	result = cfg_map_get(cctx, "masters", &masters);
461	if (result != ISC_R_SUCCESS)
462		return (result);
463	for (elt = cfg_list_first(masters);
464	     elt != NULL;
465	     elt = cfg_list_next(elt)) {
466		const cfg_obj_t *list;
467		const char *listname;
468
469		list = cfg_listelt_value(elt);
470		listname = cfg_obj_asstring(cfg_tuple_get(list, "name"));
471
472		if (strcasecmp(listname, name) == 0) {
473			*ret = list;
474			return (ISC_R_SUCCESS);
475		}
476	}
477	return (ISC_R_NOTFOUND);
478}
479
480isc_result_t
481ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
482			  isc_mem_t *mctx, isc_sockaddr_t **addrsp,
483			  dns_name_t ***keysp, isc_uint32_t *countp)
484{
485	isc_uint32_t addrcount = 0, keycount = 0, i = 0;
486	isc_uint32_t listcount = 0, l = 0, j;
487	isc_uint32_t stackcount = 0, pushed = 0;
488	isc_result_t result;
489	const cfg_listelt_t *element;
490	const cfg_obj_t *addrlist;
491	const cfg_obj_t *portobj;
492	in_port_t port;
493	dns_fixedname_t fname;
494	isc_sockaddr_t *addrs = NULL;
495	dns_name_t **keys = NULL;
496	struct { const char *name; } *lists = NULL;
497	struct {
498		const cfg_listelt_t *element;
499		in_port_t port;
500	} *stack = NULL;
501
502	REQUIRE(addrsp != NULL && *addrsp == NULL);
503	REQUIRE(keysp != NULL && *keysp == NULL);
504	REQUIRE(countp != NULL);
505
506 newlist:
507	addrlist = cfg_tuple_get(list, "addresses");
508	portobj = cfg_tuple_get(list, "port");
509	if (cfg_obj_isuint32(portobj)) {
510		isc_uint32_t val = cfg_obj_asuint32(portobj);
511		if (val > ISC_UINT16_MAX) {
512			cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
513				    "port '%u' out of range", val);
514			result = ISC_R_RANGE;
515			goto cleanup;
516		}
517		port = (in_port_t) val;
518	} else {
519		result = ns_config_getport(config, &port);
520		if (result != ISC_R_SUCCESS)
521			goto cleanup;
522	}
523
524	result = ISC_R_NOMEMORY;
525
526	element = cfg_list_first(addrlist);
527 resume:
528	for ( ;
529	     element != NULL;
530	     element = cfg_list_next(element))
531	{
532		const cfg_obj_t *addr;
533		const cfg_obj_t *key;
534		const char *keystr;
535		isc_buffer_t b;
536
537		addr = cfg_tuple_get(cfg_listelt_value(element),
538				     "masterselement");
539		key = cfg_tuple_get(cfg_listelt_value(element), "key");
540
541		if (!cfg_obj_issockaddr(addr)) {
542			const char *listname = cfg_obj_asstring(addr);
543			isc_result_t tresult;
544
545			/* Grow lists? */
546			if (listcount == l) {
547				void * new;
548				isc_uint32_t newlen = listcount + 16;
549				size_t newsize, oldsize;
550
551				newsize = newlen * sizeof(*lists);
552				oldsize = listcount * sizeof(*lists);
553				new = isc_mem_get(mctx, newsize);
554				if (new == NULL)
555					goto cleanup;
556				if (listcount != 0) {
557					memcpy(new, lists, oldsize);
558					isc_mem_put(mctx, lists, oldsize);
559				}
560				lists = new;
561				listcount = newlen;
562			}
563			/* Seen? */
564			for (j = 0; j < l; j++)
565				if (strcasecmp(lists[j].name, listname) == 0)
566					break;
567			if (j < l)
568				continue;
569			tresult = get_masters_def(config, listname, &list);
570			if (tresult == ISC_R_NOTFOUND) {
571				cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
572				    "masters \"%s\" not found", listname);
573
574				result = tresult;
575				goto cleanup;
576			}
577			if (tresult != ISC_R_SUCCESS)
578				goto cleanup;
579			lists[l++].name = listname;
580			/* Grow stack? */
581			if (stackcount == pushed) {
582				void * new;
583				isc_uint32_t newlen = stackcount + 16;
584				size_t newsize, oldsize;
585
586				newsize = newlen * sizeof(*stack);
587				oldsize = stackcount * sizeof(*stack);
588				new = isc_mem_get(mctx, newsize);
589				if (new == NULL)
590					goto cleanup;
591				if (stackcount != 0) {
592					memcpy(new, stack, oldsize);
593					isc_mem_put(mctx, stack, oldsize);
594				}
595				stack = new;
596				stackcount = newlen;
597			}
598			/*
599			 * We want to resume processing this list on the
600			 * next element.
601			 */
602			stack[pushed].element = cfg_list_next(element);
603			stack[pushed].port = port;
604			pushed++;
605			goto newlist;
606		}
607
608		if (i == addrcount) {
609			void * new;
610			isc_uint32_t newlen = addrcount + 16;
611			size_t newsize, oldsize;
612
613			newsize = newlen * sizeof(isc_sockaddr_t);
614			oldsize = addrcount * sizeof(isc_sockaddr_t);
615			new = isc_mem_get(mctx, newsize);
616			if (new == NULL)
617				goto cleanup;
618			if (addrcount != 0) {
619				memcpy(new, addrs, oldsize);
620				isc_mem_put(mctx, addrs, oldsize);
621			}
622			addrs = new;
623			addrcount = newlen;
624
625			newsize = newlen * sizeof(dns_name_t *);
626			oldsize = keycount * sizeof(dns_name_t *);
627			new = isc_mem_get(mctx, newsize);
628			if (new == NULL)
629				goto cleanup;
630			if (keycount != 0) {
631				memcpy(new, keys, oldsize);
632				isc_mem_put(mctx, keys, oldsize);
633			}
634			keys = new;
635			keycount = newlen;
636		}
637
638		addrs[i] = *cfg_obj_assockaddr(addr);
639		if (isc_sockaddr_getport(&addrs[i]) == 0)
640			isc_sockaddr_setport(&addrs[i], port);
641		keys[i] = NULL;
642		if (!cfg_obj_isstring(key)) {
643			i++;
644			continue;
645		}
646		keys[i] = isc_mem_get(mctx, sizeof(dns_name_t));
647		if (keys[i] == NULL)
648			goto cleanup;
649		dns_name_init(keys[i], NULL);
650
651		keystr = cfg_obj_asstring(key);
652		isc_buffer_init(&b, keystr, strlen(keystr));
653		isc_buffer_add(&b, strlen(keystr));
654		dns_fixedname_init(&fname);
655		result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
656					   dns_rootname, 0, NULL);
657		if (result != ISC_R_SUCCESS)
658			goto cleanup;
659		result = dns_name_dup(dns_fixedname_name(&fname), mctx,
660				      keys[i]);
661		if (result != ISC_R_SUCCESS)
662			goto cleanup;
663		i++;
664	}
665	if (pushed != 0) {
666		pushed--;
667		element = stack[pushed].element;
668		port = stack[pushed].port;
669		goto resume;
670	}
671	if (i < addrcount) {
672		void * new;
673		size_t newsize, oldsize;
674
675		newsize = i * sizeof(isc_sockaddr_t);
676		oldsize = addrcount * sizeof(isc_sockaddr_t);
677		if (i != 0) {
678			new = isc_mem_get(mctx, newsize);
679			if (new == NULL)
680				goto cleanup;
681			memcpy(new, addrs, newsize);
682		} else
683			new = NULL;
684		isc_mem_put(mctx, addrs, oldsize);
685		addrs = new;
686		addrcount = i;
687
688		newsize = i * sizeof(dns_name_t *);
689		oldsize = keycount * sizeof(dns_name_t *);
690		if (i != 0) {
691			new = isc_mem_get(mctx, newsize);
692			if (new == NULL)
693				goto cleanup;
694			memcpy(new, keys,  newsize);
695		} else
696			new = NULL;
697		isc_mem_put(mctx, keys, oldsize);
698		keys = new;
699		keycount = i;
700	}
701
702	if (lists != NULL)
703		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
704	if (stack != NULL)
705		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
706
707	INSIST(keycount == addrcount);
708
709	*addrsp = addrs;
710	*keysp = keys;
711	*countp = addrcount;
712
713	return (ISC_R_SUCCESS);
714
715 cleanup:
716	if (addrs != NULL)
717		isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
718	if (keys != NULL) {
719		for (j = 0; j <= i; j++) {
720			if (keys[j] == NULL)
721				continue;
722			if (dns_name_dynamic(keys[j]))
723				dns_name_free(keys[j], mctx);
724			isc_mem_put(mctx, keys[j], sizeof(dns_name_t));
725		}
726		isc_mem_put(mctx, keys, keycount * sizeof(dns_name_t *));
727	}
728	if (lists != NULL)
729		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
730	if (stack != NULL)
731		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
732	return (result);
733}
734
735void
736ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
737			  dns_name_t ***keysp, isc_uint32_t count)
738{
739	unsigned int i;
740	dns_name_t **keys = *keysp;
741
742	INSIST(addrsp != NULL && *addrsp != NULL);
743
744	isc_mem_put(mctx, *addrsp, count * sizeof(isc_sockaddr_t));
745	for (i = 0; i < count; i++) {
746		if (keys[i] == NULL)
747			continue;
748		if (dns_name_dynamic(keys[i]))
749			dns_name_free(keys[i], mctx);
750		isc_mem_put(mctx, keys[i], sizeof(dns_name_t));
751	}
752	isc_mem_put(mctx, *keysp, count * sizeof(dns_name_t *));
753	*addrsp = NULL;
754	*keysp = NULL;
755}
756
757isc_result_t
758ns_config_getport(const cfg_obj_t *config, in_port_t *portp) {
759	const cfg_obj_t *maps[3];
760	const cfg_obj_t *options = NULL;
761	const cfg_obj_t *portobj = NULL;
762	isc_result_t result;
763	int i;
764
765	(void)cfg_map_get(config, "options", &options);
766	i = 0;
767	if (options != NULL)
768		maps[i++] = options;
769	maps[i++] = ns_g_defaults;
770	maps[i] = NULL;
771
772	result = ns_config_get(maps, "port", &portobj);
773	INSIST(result == ISC_R_SUCCESS);
774	if (cfg_obj_asuint32(portobj) >= ISC_UINT16_MAX) {
775		cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
776			    "port '%u' out of range",
777			    cfg_obj_asuint32(portobj));
778		return (ISC_R_RANGE);
779	}
780	*portp = (in_port_t)cfg_obj_asuint32(portobj);
781	return (ISC_R_SUCCESS);
782}
783
784struct keyalgorithms {
785	const char *str;
786	enum { hmacnone, hmacmd5, hmacsha1, hmacsha224,
787	       hmacsha256, hmacsha384, hmacsha512 } hmac;
788	unsigned int type;
789	isc_uint16_t size;
790} algorithms[] = {
791	{ "hmac-md5", hmacmd5, DST_ALG_HMACMD5, 128 },
792	{ "hmac-md5.sig-alg.reg.int", hmacmd5, DST_ALG_HMACMD5, 0 },
793	{ "hmac-md5.sig-alg.reg.int.", hmacmd5, DST_ALG_HMACMD5, 0 },
794	{ "hmac-sha1", hmacsha1, DST_ALG_HMACSHA1, 160 },
795	{ "hmac-sha224", hmacsha224, DST_ALG_HMACSHA224, 224 },
796	{ "hmac-sha256", hmacsha256, DST_ALG_HMACSHA256, 256 },
797	{ "hmac-sha384", hmacsha384, DST_ALG_HMACSHA384, 384 },
798	{ "hmac-sha512", hmacsha512, DST_ALG_HMACSHA512, 512 },
799	{  NULL, hmacnone, DST_ALG_UNKNOWN, 0 }
800};
801
802isc_result_t
803ns_config_getkeyalgorithm(const char *str, dns_name_t **name,
804			  isc_uint16_t *digestbits)
805{
806	return (ns_config_getkeyalgorithm2(str, name, NULL, digestbits));
807}
808
809isc_result_t
810ns_config_getkeyalgorithm2(const char *str, dns_name_t **name,
811			   unsigned int *typep, isc_uint16_t *digestbits)
812{
813	int i;
814	size_t len = 0;
815	isc_uint16_t bits;
816	isc_result_t result;
817
818	for (i = 0; algorithms[i].str != NULL; i++) {
819		len = strlen(algorithms[i].str);
820		if (strncasecmp(algorithms[i].str, str, len) == 0 &&
821		    (str[len] == '\0' ||
822		     (algorithms[i].size != 0 && str[len] == '-')))
823			break;
824	}
825	if (algorithms[i].str == NULL)
826		return (ISC_R_NOTFOUND);
827	if (str[len] == '-') {
828		result = isc_parse_uint16(&bits, str + len + 1, 10);
829		if (result != ISC_R_SUCCESS)
830			return (result);
831		if (bits > algorithms[i].size)
832			return (ISC_R_RANGE);
833	} else if (algorithms[i].size == 0)
834		bits = 128;
835	else
836		bits = algorithms[i].size;
837
838	if (name != NULL) {
839		switch (algorithms[i].hmac) {
840		case hmacmd5: *name = dns_tsig_hmacmd5_name; break;
841		case hmacsha1: *name = dns_tsig_hmacsha1_name; break;
842		case hmacsha224: *name = dns_tsig_hmacsha224_name; break;
843		case hmacsha256: *name = dns_tsig_hmacsha256_name; break;
844		case hmacsha384: *name = dns_tsig_hmacsha384_name; break;
845		case hmacsha512: *name = dns_tsig_hmacsha512_name; break;
846		default:
847			INSIST(0);
848		}
849	}
850	if (typep != NULL)
851		*typep = algorithms[i].type;
852	if (digestbits != NULL)
853		*digestbits = bits;
854	return (ISC_R_SUCCESS);
855}