/contrib/bind9/bin/named/update.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 4501 lines · 3106 code · 477 blank · 918 comment · 893 complexity · 9efd4520648bfa750d627d72b8b713d9 MD5 · raw file

Large files are truncated click here to view the full file

  1. /*
  2. * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
  3. * Copyright (C) 1999-2003 Internet Software Consortium.
  4. *
  5. * Permission to use, copy, modify, and/or distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10. * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11. * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12. * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13. * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14. * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15. * PERFORMANCE OF THIS SOFTWARE.
  16. */
  17. /* $Id: update.c,v 1.186.16.7 2011/11/03 02:55:34 each Exp $ */
  18. #include <config.h>
  19. #include <isc/netaddr.h>
  20. #include <isc/print.h>
  21. #include <isc/serial.h>
  22. #include <isc/stats.h>
  23. #include <isc/string.h>
  24. #include <isc/taskpool.h>
  25. #include <isc/util.h>
  26. #include <dns/db.h>
  27. #include <dns/dbiterator.h>
  28. #include <dns/diff.h>
  29. #include <dns/dnssec.h>
  30. #include <dns/events.h>
  31. #include <dns/fixedname.h>
  32. #include <dns/journal.h>
  33. #include <dns/keyvalues.h>
  34. #include <dns/message.h>
  35. #include <dns/nsec.h>
  36. #include <dns/nsec3.h>
  37. #include <dns/private.h>
  38. #include <dns/rdataclass.h>
  39. #include <dns/rdataset.h>
  40. #include <dns/rdatasetiter.h>
  41. #include <dns/rdatastruct.h>
  42. #include <dns/rdatatype.h>
  43. #include <dns/soa.h>
  44. #include <dns/ssu.h>
  45. #include <dns/tsig.h>
  46. #include <dns/view.h>
  47. #include <dns/zone.h>
  48. #include <dns/zt.h>
  49. #include <named/client.h>
  50. #include <named/log.h>
  51. #include <named/server.h>
  52. #include <named/update.h>
  53. /*! \file
  54. * \brief
  55. * This module implements dynamic update as in RFC2136.
  56. */
  57. /*
  58. * XXX TODO:
  59. * - document strict minimality
  60. */
  61. /**************************************************************************/
  62. /*%
  63. * Log level for tracing dynamic update protocol requests.
  64. */
  65. #define LOGLEVEL_PROTOCOL ISC_LOG_INFO
  66. /*%
  67. * Log level for low-level debug tracing.
  68. */
  69. #define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8)
  70. /*%
  71. * Check an operation for failure. These macros all assume that
  72. * the function using them has a 'result' variable and a 'failure'
  73. * label.
  74. */
  75. #define CHECK(op) \
  76. do { result = (op); \
  77. if (result != ISC_R_SUCCESS) goto failure; \
  78. } while (0)
  79. /*%
  80. * Fail unconditionally with result 'code', which must not
  81. * be ISC_R_SUCCESS. The reason for failure presumably has
  82. * been logged already.
  83. *
  84. * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
  85. * from complaining about "end-of-loop code not reached".
  86. */
  87. #define FAIL(code) \
  88. do { \
  89. result = (code); \
  90. if (result != ISC_R_SUCCESS) goto failure; \
  91. } while (0)
  92. /*%
  93. * Fail unconditionally and log as a client error.
  94. * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
  95. * from complaining about "end-of-loop code not reached".
  96. */
  97. #define FAILC(code, msg) \
  98. do { \
  99. const char *_what = "failed"; \
  100. result = (code); \
  101. switch (result) { \
  102. case DNS_R_NXDOMAIN: \
  103. case DNS_R_YXDOMAIN: \
  104. case DNS_R_YXRRSET: \
  105. case DNS_R_NXRRSET: \
  106. _what = "unsuccessful"; \
  107. } \
  108. update_log(client, zone, LOGLEVEL_PROTOCOL, \
  109. "update %s: %s (%s)", _what, \
  110. msg, isc_result_totext(result)); \
  111. if (result != ISC_R_SUCCESS) goto failure; \
  112. } while (0)
  113. #define PREREQFAILC(code, msg) \
  114. do { \
  115. inc_stats(zone, dns_nsstatscounter_updatebadprereq); \
  116. FAILC(code, msg); \
  117. } while (0)
  118. #define FAILN(code, name, msg) \
  119. do { \
  120. const char *_what = "failed"; \
  121. result = (code); \
  122. switch (result) { \
  123. case DNS_R_NXDOMAIN: \
  124. case DNS_R_YXDOMAIN: \
  125. case DNS_R_YXRRSET: \
  126. case DNS_R_NXRRSET: \
  127. _what = "unsuccessful"; \
  128. } \
  129. if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { \
  130. char _nbuf[DNS_NAME_FORMATSIZE]; \
  131. dns_name_format(name, _nbuf, sizeof(_nbuf)); \
  132. update_log(client, zone, LOGLEVEL_PROTOCOL, \
  133. "update %s: %s: %s (%s)", _what, _nbuf, \
  134. msg, isc_result_totext(result)); \
  135. } \
  136. if (result != ISC_R_SUCCESS) goto failure; \
  137. } while (0)
  138. #define PREREQFAILN(code, name, msg) \
  139. do { \
  140. inc_stats(zone, dns_nsstatscounter_updatebadprereq); \
  141. FAILN(code, name, msg); \
  142. } while (0)
  143. #define FAILNT(code, name, type, msg) \
  144. do { \
  145. const char *_what = "failed"; \
  146. result = (code); \
  147. switch (result) { \
  148. case DNS_R_NXDOMAIN: \
  149. case DNS_R_YXDOMAIN: \
  150. case DNS_R_YXRRSET: \
  151. case DNS_R_NXRRSET: \
  152. _what = "unsuccessful"; \
  153. } \
  154. if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) { \
  155. char _nbuf[DNS_NAME_FORMATSIZE]; \
  156. char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \
  157. dns_name_format(name, _nbuf, sizeof(_nbuf)); \
  158. dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \
  159. update_log(client, zone, LOGLEVEL_PROTOCOL, \
  160. "update %s: %s/%s: %s (%s)", \
  161. _what, _nbuf, _tbuf, msg, \
  162. isc_result_totext(result)); \
  163. } \
  164. if (result != ISC_R_SUCCESS) goto failure; \
  165. } while (0)
  166. #define PREREQFAILNT(code, name, type, msg) \
  167. do { \
  168. inc_stats(zone, dns_nsstatscounter_updatebadprereq); \
  169. FAILNT(code, name, type, msg); \
  170. } while (0)
  171. /*%
  172. * Fail unconditionally and log as a server error.
  173. * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
  174. * from complaining about "end-of-loop code not reached".
  175. */
  176. #define FAILS(code, msg) \
  177. do { \
  178. result = (code); \
  179. update_log(client, zone, LOGLEVEL_PROTOCOL, \
  180. "error: %s: %s", \
  181. msg, isc_result_totext(result)); \
  182. if (result != ISC_R_SUCCESS) goto failure; \
  183. } while (0)
  184. /*
  185. * Return TRUE if NS_CLIENTATTR_TCP is set in the attributes other FALSE.
  186. */
  187. #define TCPCLIENT(client) (((client)->attributes & NS_CLIENTATTR_TCP) != 0)
  188. /**************************************************************************/
  189. typedef struct rr rr_t;
  190. struct rr {
  191. /* dns_name_t name; */
  192. isc_uint32_t ttl;
  193. dns_rdata_t rdata;
  194. };
  195. typedef struct update_event update_event_t;
  196. struct update_event {
  197. ISC_EVENT_COMMON(update_event_t);
  198. dns_zone_t *zone;
  199. isc_result_t result;
  200. dns_message_t *answer;
  201. };
  202. /**************************************************************************/
  203. /*
  204. * Forward declarations.
  205. */
  206. static void update_action(isc_task_t *task, isc_event_t *event);
  207. static void updatedone_action(isc_task_t *task, isc_event_t *event);
  208. static isc_result_t send_forward_event(ns_client_t *client, dns_zone_t *zone);
  209. static void forward_done(isc_task_t *task, isc_event_t *event);
  210. /**************************************************************************/
  211. static void
  212. update_log(ns_client_t *client, dns_zone_t *zone,
  213. int level, const char *fmt, ...) ISC_FORMAT_PRINTF(4, 5);
  214. static void
  215. update_log(ns_client_t *client, dns_zone_t *zone,
  216. int level, const char *fmt, ...)
  217. {
  218. va_list ap;
  219. char message[4096];
  220. char namebuf[DNS_NAME_FORMATSIZE];
  221. char classbuf[DNS_RDATACLASS_FORMATSIZE];
  222. if (client == NULL || zone == NULL)
  223. return;
  224. if (isc_log_wouldlog(ns_g_lctx, level) == ISC_FALSE)
  225. return;
  226. dns_name_format(dns_zone_getorigin(zone), namebuf,
  227. sizeof(namebuf));
  228. dns_rdataclass_format(dns_zone_getclass(zone), classbuf,
  229. sizeof(classbuf));
  230. va_start(ap, fmt);
  231. vsnprintf(message, sizeof(message), fmt, ap);
  232. va_end(ap);
  233. ns_client_log(client, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE,
  234. level, "updating zone '%s/%s': %s",
  235. namebuf, classbuf, message);
  236. }
  237. /*%
  238. * Increment updated-related statistics counters.
  239. */
  240. static inline void
  241. inc_stats(dns_zone_t *zone, isc_statscounter_t counter) {
  242. isc_stats_increment(ns_g_server->nsstats, counter);
  243. if (zone != NULL) {
  244. isc_stats_t *zonestats = dns_zone_getrequeststats(zone);
  245. if (zonestats != NULL)
  246. isc_stats_increment(zonestats, counter);
  247. }
  248. }
  249. /*%
  250. * Check if we could have queried for the contents of this zone or
  251. * if the zone is potentially updateable.
  252. * If the zone can potentially be updated and the check failed then
  253. * log a error otherwise we log a informational message.
  254. */
  255. static isc_result_t
  256. checkqueryacl(ns_client_t *client, dns_acl_t *queryacl, dns_name_t *zonename,
  257. dns_acl_t *updateacl, dns_ssutable_t *ssutable)
  258. {
  259. char namebuf[DNS_NAME_FORMATSIZE];
  260. char classbuf[DNS_RDATACLASS_FORMATSIZE];
  261. int level;
  262. isc_result_t result;
  263. result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
  264. if (result != ISC_R_SUCCESS) {
  265. dns_name_format(zonename, namebuf, sizeof(namebuf));
  266. dns_rdataclass_format(client->view->rdclass, classbuf,
  267. sizeof(classbuf));
  268. level = (updateacl == NULL && ssutable == NULL) ?
  269. ISC_LOG_INFO : ISC_LOG_ERROR;
  270. ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
  271. NS_LOGMODULE_UPDATE, level,
  272. "update '%s/%s' denied due to allow-query",
  273. namebuf, classbuf);
  274. } else if (updateacl == NULL && ssutable == NULL) {
  275. dns_name_format(zonename, namebuf, sizeof(namebuf));
  276. dns_rdataclass_format(client->view->rdclass, classbuf,
  277. sizeof(classbuf));
  278. result = DNS_R_REFUSED;
  279. ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
  280. NS_LOGMODULE_UPDATE, ISC_LOG_INFO,
  281. "update '%s/%s' denied", namebuf, classbuf);
  282. }
  283. return (result);
  284. }
  285. /*%
  286. * Override the default acl logging when checking whether a client
  287. * can update the zone or whether we can forward the request to the
  288. * master based on IP address.
  289. *
  290. * 'message' contains the type of operation that is being attempted.
  291. * 'slave' indicates if this is a slave zone. If 'acl' is NULL then
  292. * log at debug=3.
  293. * If the zone has no access controls configured ('acl' == NULL &&
  294. * 'has_ssutable == ISC_FALS) log the attempt at info, otherwise
  295. * at error.
  296. *
  297. * If the request was signed log that we received it.
  298. */
  299. static isc_result_t
  300. checkupdateacl(ns_client_t *client, dns_acl_t *acl, const char *message,
  301. dns_name_t *zonename, isc_boolean_t slave,
  302. isc_boolean_t has_ssutable)
  303. {
  304. char namebuf[DNS_NAME_FORMATSIZE];
  305. char classbuf[DNS_RDATACLASS_FORMATSIZE];
  306. int level = ISC_LOG_ERROR;
  307. const char *msg = "denied";
  308. isc_result_t result;
  309. if (slave && acl == NULL) {
  310. result = DNS_R_NOTIMP;
  311. level = ISC_LOG_DEBUG(3);
  312. msg = "disabled";
  313. } else {
  314. result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE);
  315. if (result == ISC_R_SUCCESS) {
  316. level = ISC_LOG_DEBUG(3);
  317. msg = "approved";
  318. } else if (acl == NULL && !has_ssutable) {
  319. level = ISC_LOG_INFO;
  320. }
  321. }
  322. if (client->signer != NULL) {
  323. dns_name_format(client->signer, namebuf, sizeof(namebuf));
  324. ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
  325. NS_LOGMODULE_UPDATE, ISC_LOG_INFO,
  326. "signer \"%s\" %s", namebuf, msg);
  327. }
  328. dns_name_format(zonename, namebuf, sizeof(namebuf));
  329. dns_rdataclass_format(client->view->rdclass, classbuf,
  330. sizeof(classbuf));
  331. ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
  332. NS_LOGMODULE_UPDATE, level, "%s '%s/%s' %s",
  333. message, namebuf, classbuf, msg);
  334. return (result);
  335. }
  336. /*%
  337. * Update a single RR in version 'ver' of 'db' and log the
  338. * update in 'diff'.
  339. *
  340. * Ensures:
  341. * \li '*tuple' == NULL. Either the tuple is freed, or its
  342. * ownership has been transferred to the diff.
  343. */
  344. static isc_result_t
  345. do_one_tuple(dns_difftuple_t **tuple, dns_db_t *db, dns_dbversion_t *ver,
  346. dns_diff_t *diff)
  347. {
  348. dns_diff_t temp_diff;
  349. isc_result_t result;
  350. /*
  351. * Create a singleton diff.
  352. */
  353. dns_diff_init(diff->mctx, &temp_diff);
  354. temp_diff.resign = diff->resign;
  355. ISC_LIST_APPEND(temp_diff.tuples, *tuple, link);
  356. /*
  357. * Apply it to the database.
  358. */
  359. result = dns_diff_apply(&temp_diff, db, ver);
  360. ISC_LIST_UNLINK(temp_diff.tuples, *tuple, link);
  361. if (result != ISC_R_SUCCESS) {
  362. dns_difftuple_free(tuple);
  363. return (result);
  364. }
  365. /*
  366. * Merge it into the current pending journal entry.
  367. */
  368. dns_diff_appendminimal(diff, tuple);
  369. /*
  370. * Do not clear temp_diff.
  371. */
  372. return (ISC_R_SUCCESS);
  373. }
  374. /*%
  375. * Perform the updates in 'updates' in version 'ver' of 'db' and log the
  376. * update in 'diff'.
  377. *
  378. * Ensures:
  379. * \li 'updates' is empty.
  380. */
  381. static isc_result_t
  382. do_diff(dns_diff_t *updates, dns_db_t *db, dns_dbversion_t *ver,
  383. dns_diff_t *diff)
  384. {
  385. isc_result_t result;
  386. while (! ISC_LIST_EMPTY(updates->tuples)) {
  387. dns_difftuple_t *t = ISC_LIST_HEAD(updates->tuples);
  388. ISC_LIST_UNLINK(updates->tuples, t, link);
  389. CHECK(do_one_tuple(&t, db, ver, diff));
  390. }
  391. return (ISC_R_SUCCESS);
  392. failure:
  393. dns_diff_clear(diff);
  394. return (result);
  395. }
  396. static isc_result_t
  397. update_one_rr(dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff,
  398. dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl,
  399. dns_rdata_t *rdata)
  400. {
  401. dns_difftuple_t *tuple = NULL;
  402. isc_result_t result;
  403. result = dns_difftuple_create(diff->mctx, op,
  404. name, ttl, rdata, &tuple);
  405. if (result != ISC_R_SUCCESS)
  406. return (result);
  407. return (do_one_tuple(&tuple, db, ver, diff));
  408. }
  409. /**************************************************************************/
  410. /*
  411. * Callback-style iteration over rdatasets and rdatas.
  412. *
  413. * foreach_rrset() can be used to iterate over the RRsets
  414. * of a name and call a callback function with each
  415. * one. Similarly, foreach_rr() can be used to iterate
  416. * over the individual RRs at name, optionally restricted
  417. * to RRs of a given type.
  418. *
  419. * The callback functions are called "actions" and take
  420. * two arguments: a void pointer for passing arbitrary
  421. * context information, and a pointer to the current RRset
  422. * or RR. By convention, their names end in "_action".
  423. */
  424. /*
  425. * XXXRTH We might want to make this public somewhere in libdns.
  426. */
  427. /*%
  428. * Function type for foreach_rrset() iterator actions.
  429. */
  430. typedef isc_result_t rrset_func(void *data, dns_rdataset_t *rrset);
  431. /*%
  432. * Function type for foreach_rr() iterator actions.
  433. */
  434. typedef isc_result_t rr_func(void *data, rr_t *rr);
  435. /*%
  436. * Internal context struct for foreach_node_rr().
  437. */
  438. typedef struct {
  439. rr_func * rr_action;
  440. void * rr_action_data;
  441. } foreach_node_rr_ctx_t;
  442. /*%
  443. * Internal helper function for foreach_node_rr().
  444. */
  445. static isc_result_t
  446. foreach_node_rr_action(void *data, dns_rdataset_t *rdataset) {
  447. isc_result_t result;
  448. foreach_node_rr_ctx_t *ctx = data;
  449. for (result = dns_rdataset_first(rdataset);
  450. result == ISC_R_SUCCESS;
  451. result = dns_rdataset_next(rdataset))
  452. {
  453. rr_t rr = { 0, DNS_RDATA_INIT };
  454. dns_rdataset_current(rdataset, &rr.rdata);
  455. rr.ttl = rdataset->ttl;
  456. result = (*ctx->rr_action)(ctx->rr_action_data, &rr);
  457. if (result != ISC_R_SUCCESS)
  458. return (result);
  459. }
  460. if (result != ISC_R_NOMORE)
  461. return (result);
  462. return (ISC_R_SUCCESS);
  463. }
  464. /*%
  465. * For each rdataset of 'name' in 'ver' of 'db', call 'action'
  466. * with the rdataset and 'action_data' as arguments. If the name
  467. * does not exist, do nothing.
  468. *
  469. * If 'action' returns an error, abort iteration and return the error.
  470. */
  471. static isc_result_t
  472. foreach_rrset(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  473. rrset_func *action, void *action_data)
  474. {
  475. isc_result_t result;
  476. dns_dbnode_t *node;
  477. dns_rdatasetiter_t *iter;
  478. node = NULL;
  479. result = dns_db_findnode(db, name, ISC_FALSE, &node);
  480. if (result == ISC_R_NOTFOUND)
  481. return (ISC_R_SUCCESS);
  482. if (result != ISC_R_SUCCESS)
  483. return (result);
  484. iter = NULL;
  485. result = dns_db_allrdatasets(db, node, ver,
  486. (isc_stdtime_t) 0, &iter);
  487. if (result != ISC_R_SUCCESS)
  488. goto cleanup_node;
  489. for (result = dns_rdatasetiter_first(iter);
  490. result == ISC_R_SUCCESS;
  491. result = dns_rdatasetiter_next(iter))
  492. {
  493. dns_rdataset_t rdataset;
  494. dns_rdataset_init(&rdataset);
  495. dns_rdatasetiter_current(iter, &rdataset);
  496. result = (*action)(action_data, &rdataset);
  497. dns_rdataset_disassociate(&rdataset);
  498. if (result != ISC_R_SUCCESS)
  499. goto cleanup_iterator;
  500. }
  501. if (result == ISC_R_NOMORE)
  502. result = ISC_R_SUCCESS;
  503. cleanup_iterator:
  504. dns_rdatasetiter_destroy(&iter);
  505. cleanup_node:
  506. dns_db_detachnode(db, &node);
  507. return (result);
  508. }
  509. /*%
  510. * For each RR of 'name' in 'ver' of 'db', call 'action'
  511. * with the RR and 'action_data' as arguments. If the name
  512. * does not exist, do nothing.
  513. *
  514. * If 'action' returns an error, abort iteration
  515. * and return the error.
  516. */
  517. static isc_result_t
  518. foreach_node_rr(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  519. rr_func *rr_action, void *rr_action_data)
  520. {
  521. foreach_node_rr_ctx_t ctx;
  522. ctx.rr_action = rr_action;
  523. ctx.rr_action_data = rr_action_data;
  524. return (foreach_rrset(db, ver, name,
  525. foreach_node_rr_action, &ctx));
  526. }
  527. /*%
  528. * For each of the RRs specified by 'db', 'ver', 'name', 'type',
  529. * (which can be dns_rdatatype_any to match any type), and 'covers', call
  530. * 'action' with the RR and 'action_data' as arguments. If the name
  531. * does not exist, or if no RRset of the given type exists at the name,
  532. * do nothing.
  533. *
  534. * If 'action' returns an error, abort iteration and return the error.
  535. */
  536. static isc_result_t
  537. foreach_rr(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  538. dns_rdatatype_t type, dns_rdatatype_t covers, rr_func *rr_action,
  539. void *rr_action_data)
  540. {
  541. isc_result_t result;
  542. dns_dbnode_t *node;
  543. dns_rdataset_t rdataset;
  544. if (type == dns_rdatatype_any)
  545. return (foreach_node_rr(db, ver, name,
  546. rr_action, rr_action_data));
  547. node = NULL;
  548. if (type == dns_rdatatype_nsec3 ||
  549. (type == dns_rdatatype_rrsig && covers == dns_rdatatype_nsec3))
  550. result = dns_db_findnsec3node(db, name, ISC_FALSE, &node);
  551. else
  552. result = dns_db_findnode(db, name, ISC_FALSE, &node);
  553. if (result == ISC_R_NOTFOUND)
  554. return (ISC_R_SUCCESS);
  555. if (result != ISC_R_SUCCESS)
  556. return (result);
  557. dns_rdataset_init(&rdataset);
  558. result = dns_db_findrdataset(db, node, ver, type, covers,
  559. (isc_stdtime_t) 0, &rdataset, NULL);
  560. if (result == ISC_R_NOTFOUND) {
  561. result = ISC_R_SUCCESS;
  562. goto cleanup_node;
  563. }
  564. if (result != ISC_R_SUCCESS)
  565. goto cleanup_node;
  566. for (result = dns_rdataset_first(&rdataset);
  567. result == ISC_R_SUCCESS;
  568. result = dns_rdataset_next(&rdataset))
  569. {
  570. rr_t rr = { 0, DNS_RDATA_INIT };
  571. dns_rdataset_current(&rdataset, &rr.rdata);
  572. rr.ttl = rdataset.ttl;
  573. result = (*rr_action)(rr_action_data, &rr);
  574. if (result != ISC_R_SUCCESS)
  575. goto cleanup_rdataset;
  576. }
  577. if (result != ISC_R_NOMORE)
  578. goto cleanup_rdataset;
  579. result = ISC_R_SUCCESS;
  580. cleanup_rdataset:
  581. dns_rdataset_disassociate(&rdataset);
  582. cleanup_node:
  583. dns_db_detachnode(db, &node);
  584. return (result);
  585. }
  586. /**************************************************************************/
  587. /*
  588. * Various tests on the database contents (for prerequisites, etc).
  589. */
  590. /*%
  591. * Function type for predicate functions that compare a database RR 'db_rr'
  592. * against an update RR 'update_rr'.
  593. */
  594. typedef isc_boolean_t rr_predicate(dns_rdata_t *update_rr, dns_rdata_t *db_rr);
  595. /*%
  596. * Helper function for rrset_exists().
  597. */
  598. static isc_result_t
  599. rrset_exists_action(void *data, rr_t *rr) {
  600. UNUSED(data);
  601. UNUSED(rr);
  602. return (ISC_R_EXISTS);
  603. }
  604. /*%
  605. * Utility macro for RR existence checking functions.
  606. *
  607. * If the variable 'result' has the value ISC_R_EXISTS or
  608. * ISC_R_SUCCESS, set *exists to ISC_TRUE or ISC_FALSE,
  609. * respectively, and return success.
  610. *
  611. * If 'result' has any other value, there was a failure.
  612. * Return the failure result code and do not set *exists.
  613. *
  614. * This would be more readable as "do { if ... } while(0)",
  615. * but that form generates tons of warnings on Solaris 2.6.
  616. */
  617. #define RETURN_EXISTENCE_FLAG \
  618. return ((result == ISC_R_EXISTS) ? \
  619. (*exists = ISC_TRUE, ISC_R_SUCCESS) : \
  620. ((result == ISC_R_SUCCESS) ? \
  621. (*exists = ISC_FALSE, ISC_R_SUCCESS) : \
  622. result))
  623. /*%
  624. * Set '*exists' to true iff an rrset of the given type exists,
  625. * to false otherwise.
  626. */
  627. static isc_result_t
  628. rrset_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  629. dns_rdatatype_t type, dns_rdatatype_t covers,
  630. isc_boolean_t *exists)
  631. {
  632. isc_result_t result;
  633. result = foreach_rr(db, ver, name, type, covers,
  634. rrset_exists_action, NULL);
  635. RETURN_EXISTENCE_FLAG;
  636. }
  637. /*%
  638. * Set '*visible' to true if the RRset exists and is part of the
  639. * visible zone. Otherwise '*visible' is set to false unless a
  640. * error occurs.
  641. */
  642. static isc_result_t
  643. rrset_visible(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  644. dns_rdatatype_t type, isc_boolean_t *visible)
  645. {
  646. isc_result_t result;
  647. dns_fixedname_t fixed;
  648. dns_fixedname_init(&fixed);
  649. result = dns_db_find(db, name, ver, type, DNS_DBFIND_NOWILD,
  650. (isc_stdtime_t) 0, NULL,
  651. dns_fixedname_name(&fixed), NULL, NULL);
  652. switch (result) {
  653. case ISC_R_SUCCESS:
  654. *visible = ISC_TRUE;
  655. break;
  656. /*
  657. * Glue, obscured, deleted or replaced records.
  658. */
  659. case DNS_R_DELEGATION:
  660. case DNS_R_DNAME:
  661. case DNS_R_CNAME:
  662. case DNS_R_NXDOMAIN:
  663. case DNS_R_NXRRSET:
  664. case DNS_R_EMPTYNAME:
  665. case DNS_R_COVERINGNSEC:
  666. *visible = ISC_FALSE;
  667. result = ISC_R_SUCCESS;
  668. break;
  669. default:
  670. break;
  671. }
  672. return (result);
  673. }
  674. /*%
  675. * Helper function for cname_incompatible_rrset_exists.
  676. */
  677. static isc_result_t
  678. cname_compatibility_action(void *data, dns_rdataset_t *rrset) {
  679. UNUSED(data);
  680. if (rrset->type != dns_rdatatype_cname &&
  681. ! dns_rdatatype_isdnssec(rrset->type))
  682. return (ISC_R_EXISTS);
  683. return (ISC_R_SUCCESS);
  684. }
  685. /*%
  686. * Check whether there is an rrset incompatible with adding a CNAME RR,
  687. * i.e., anything but another CNAME (which can be replaced) or a
  688. * DNSSEC RR (which can coexist).
  689. *
  690. * If such an incompatible rrset exists, set '*exists' to ISC_TRUE.
  691. * Otherwise, set it to ISC_FALSE.
  692. */
  693. static isc_result_t
  694. cname_incompatible_rrset_exists(dns_db_t *db, dns_dbversion_t *ver,
  695. dns_name_t *name, isc_boolean_t *exists) {
  696. isc_result_t result;
  697. result = foreach_rrset(db, ver, name,
  698. cname_compatibility_action, NULL);
  699. RETURN_EXISTENCE_FLAG;
  700. }
  701. /*%
  702. * Helper function for rr_count().
  703. */
  704. static isc_result_t
  705. count_rr_action(void *data, rr_t *rr) {
  706. int *countp = data;
  707. UNUSED(rr);
  708. (*countp)++;
  709. return (ISC_R_SUCCESS);
  710. }
  711. /*%
  712. * Count the number of RRs of 'type' belonging to 'name' in 'ver' of 'db'.
  713. */
  714. static isc_result_t
  715. rr_count(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  716. dns_rdatatype_t type, dns_rdatatype_t covers, int *countp)
  717. {
  718. *countp = 0;
  719. return (foreach_rr(db, ver, name, type, covers,
  720. count_rr_action, countp));
  721. }
  722. /*%
  723. * Context struct and helper function for name_exists().
  724. */
  725. static isc_result_t
  726. name_exists_action(void *data, dns_rdataset_t *rrset) {
  727. UNUSED(data);
  728. UNUSED(rrset);
  729. return (ISC_R_EXISTS);
  730. }
  731. /*%
  732. * Set '*exists' to true iff the given name exists, to false otherwise.
  733. */
  734. static isc_result_t
  735. name_exists(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  736. isc_boolean_t *exists)
  737. {
  738. isc_result_t result;
  739. result = foreach_rrset(db, ver, name,
  740. name_exists_action, NULL);
  741. RETURN_EXISTENCE_FLAG;
  742. }
  743. /*
  744. * 'ssu_check_t' is used to pass the arguments to
  745. * dns_ssutable_checkrules() to the callback function
  746. * ssu_checkrule().
  747. */
  748. typedef struct {
  749. /* The ownername of the record to be updated. */
  750. dns_name_t *name;
  751. /* The signature's name if the request was signed. */
  752. dns_name_t *signer;
  753. /* The address of the client if the request was received via TCP. */
  754. isc_netaddr_t *tcpaddr;
  755. /* The ssu table to check against. */
  756. dns_ssutable_t *table;
  757. /* the key used for TKEY requests */
  758. dst_key_t *key;
  759. } ssu_check_t;
  760. static isc_result_t
  761. ssu_checkrule(void *data, dns_rdataset_t *rrset) {
  762. ssu_check_t *ssuinfo = data;
  763. isc_boolean_t result;
  764. /*
  765. * If we're deleting all records, it's ok to delete RRSIG and NSEC even
  766. * if we're normally not allowed to.
  767. */
  768. if (rrset->type == dns_rdatatype_rrsig ||
  769. rrset->type == dns_rdatatype_nsec)
  770. return (ISC_R_SUCCESS);
  771. result = dns_ssutable_checkrules(ssuinfo->table, ssuinfo->signer,
  772. ssuinfo->name, ssuinfo->tcpaddr,
  773. rrset->type, ssuinfo->key);
  774. return (result == ISC_TRUE ? ISC_R_SUCCESS : ISC_R_FAILURE);
  775. }
  776. static isc_boolean_t
  777. ssu_checkall(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  778. dns_ssutable_t *ssutable, dns_name_t *signer,
  779. isc_netaddr_t *tcpaddr, dst_key_t *key)
  780. {
  781. isc_result_t result;
  782. ssu_check_t ssuinfo;
  783. ssuinfo.name = name;
  784. ssuinfo.table = ssutable;
  785. ssuinfo.signer = signer;
  786. ssuinfo.tcpaddr = tcpaddr;
  787. ssuinfo.key = key;
  788. result = foreach_rrset(db, ver, name, ssu_checkrule, &ssuinfo);
  789. return (ISC_TF(result == ISC_R_SUCCESS));
  790. }
  791. /**************************************************************************/
  792. /*
  793. * Checking of "RRset exists (value dependent)" prerequisites.
  794. *
  795. * In the RFC2136 section 3.2.5, this is the pseudocode involving
  796. * a variable called "temp", a mapping of <name, type> tuples to rrsets.
  797. *
  798. * Here, we represent the "temp" data structure as (non-minimal) "dns_diff_t"
  799. * where each tuple has op==DNS_DIFFOP_EXISTS.
  800. */
  801. /*%
  802. * Append a tuple asserting the existence of the RR with
  803. * 'name' and 'rdata' to 'diff'.
  804. */
  805. static isc_result_t
  806. temp_append(dns_diff_t *diff, dns_name_t *name, dns_rdata_t *rdata) {
  807. isc_result_t result;
  808. dns_difftuple_t *tuple = NULL;
  809. REQUIRE(DNS_DIFF_VALID(diff));
  810. CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_EXISTS,
  811. name, 0, rdata, &tuple));
  812. ISC_LIST_APPEND(diff->tuples, tuple, link);
  813. failure:
  814. return (result);
  815. }
  816. /*%
  817. * Compare two rdatasets represented as sorted lists of tuples.
  818. * All list elements must have the same owner name and type.
  819. * Return ISC_R_SUCCESS if the rdatasets are equal, rcode(dns_rcode_nxrrset)
  820. * if not.
  821. */
  822. static isc_result_t
  823. temp_check_rrset(dns_difftuple_t *a, dns_difftuple_t *b) {
  824. for (;;) {
  825. if (a == NULL || b == NULL)
  826. break;
  827. INSIST(a->op == DNS_DIFFOP_EXISTS &&
  828. b->op == DNS_DIFFOP_EXISTS);
  829. INSIST(a->rdata.type == b->rdata.type);
  830. INSIST(dns_name_equal(&a->name, &b->name));
  831. if (dns_rdata_casecompare(&a->rdata, &b->rdata) != 0)
  832. return (DNS_R_NXRRSET);
  833. a = ISC_LIST_NEXT(a, link);
  834. b = ISC_LIST_NEXT(b, link);
  835. }
  836. if (a != NULL || b != NULL)
  837. return (DNS_R_NXRRSET);
  838. return (ISC_R_SUCCESS);
  839. }
  840. /*%
  841. * A comparison function defining the sorting order for the entries
  842. * in the "temp" data structure. The major sort key is the owner name,
  843. * followed by the type and rdata.
  844. */
  845. static int
  846. temp_order(const void *av, const void *bv) {
  847. dns_difftuple_t const * const *ap = av;
  848. dns_difftuple_t const * const *bp = bv;
  849. dns_difftuple_t const *a = *ap;
  850. dns_difftuple_t const *b = *bp;
  851. int r;
  852. r = dns_name_compare(&a->name, &b->name);
  853. if (r != 0)
  854. return (r);
  855. r = (b->rdata.type - a->rdata.type);
  856. if (r != 0)
  857. return (r);
  858. r = dns_rdata_casecompare(&a->rdata, &b->rdata);
  859. return (r);
  860. }
  861. /*%
  862. * Check the "RRset exists (value dependent)" prerequisite information
  863. * in 'temp' against the contents of the database 'db'.
  864. *
  865. * Return ISC_R_SUCCESS if the prerequisites are satisfied,
  866. * rcode(dns_rcode_nxrrset) if not.
  867. *
  868. * 'temp' must be pre-sorted.
  869. */
  870. static isc_result_t
  871. temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
  872. dns_dbversion_t *ver, dns_name_t *tmpname, dns_rdatatype_t *typep)
  873. {
  874. isc_result_t result;
  875. dns_name_t *name;
  876. dns_dbnode_t *node;
  877. dns_difftuple_t *t;
  878. dns_diff_t trash;
  879. dns_diff_init(mctx, &trash);
  880. /*
  881. * For each name and type in the prerequisites,
  882. * construct a sorted rdata list of the corresponding
  883. * database contents, and compare the lists.
  884. */
  885. t = ISC_LIST_HEAD(temp->tuples);
  886. while (t != NULL) {
  887. name = &t->name;
  888. (void)dns_name_copy(name, tmpname, NULL);
  889. *typep = t->rdata.type;
  890. /* A new unique name begins here. */
  891. node = NULL;
  892. result = dns_db_findnode(db, name, ISC_FALSE, &node);
  893. if (result == ISC_R_NOTFOUND) {
  894. dns_diff_clear(&trash);
  895. return (DNS_R_NXRRSET);
  896. }
  897. if (result != ISC_R_SUCCESS) {
  898. dns_diff_clear(&trash);
  899. return (result);
  900. }
  901. /* A new unique type begins here. */
  902. while (t != NULL && dns_name_equal(&t->name, name)) {
  903. dns_rdatatype_t type, covers;
  904. dns_rdataset_t rdataset;
  905. dns_diff_t d_rrs; /* Database RRs with
  906. this name and type */
  907. dns_diff_t u_rrs; /* Update RRs with
  908. this name and type */
  909. *typep = type = t->rdata.type;
  910. if (type == dns_rdatatype_rrsig ||
  911. type == dns_rdatatype_sig)
  912. covers = dns_rdata_covers(&t->rdata);
  913. else if (type == dns_rdatatype_any) {
  914. dns_db_detachnode(db, &node);
  915. dns_diff_clear(&trash);
  916. return (DNS_R_NXRRSET);
  917. } else
  918. covers = 0;
  919. /*
  920. * Collect all database RRs for this name and type
  921. * onto d_rrs and sort them.
  922. */
  923. dns_rdataset_init(&rdataset);
  924. result = dns_db_findrdataset(db, node, ver, type,
  925. covers, (isc_stdtime_t) 0,
  926. &rdataset, NULL);
  927. if (result != ISC_R_SUCCESS) {
  928. dns_db_detachnode(db, &node);
  929. dns_diff_clear(&trash);
  930. return (DNS_R_NXRRSET);
  931. }
  932. dns_diff_init(mctx, &d_rrs);
  933. dns_diff_init(mctx, &u_rrs);
  934. for (result = dns_rdataset_first(&rdataset);
  935. result == ISC_R_SUCCESS;
  936. result = dns_rdataset_next(&rdataset))
  937. {
  938. dns_rdata_t rdata = DNS_RDATA_INIT;
  939. dns_rdataset_current(&rdataset, &rdata);
  940. result = temp_append(&d_rrs, name, &rdata);
  941. if (result != ISC_R_SUCCESS)
  942. goto failure;
  943. }
  944. if (result != ISC_R_NOMORE)
  945. goto failure;
  946. result = dns_diff_sort(&d_rrs, temp_order);
  947. if (result != ISC_R_SUCCESS)
  948. goto failure;
  949. /*
  950. * Collect all update RRs for this name and type
  951. * onto u_rrs. No need to sort them here -
  952. * they are already sorted.
  953. */
  954. while (t != NULL &&
  955. dns_name_equal(&t->name, name) &&
  956. t->rdata.type == type)
  957. {
  958. dns_difftuple_t *next =
  959. ISC_LIST_NEXT(t, link);
  960. ISC_LIST_UNLINK(temp->tuples, t, link);
  961. ISC_LIST_APPEND(u_rrs.tuples, t, link);
  962. t = next;
  963. }
  964. /* Compare the two sorted lists. */
  965. result = temp_check_rrset(ISC_LIST_HEAD(u_rrs.tuples),
  966. ISC_LIST_HEAD(d_rrs.tuples));
  967. if (result != ISC_R_SUCCESS)
  968. goto failure;
  969. /*
  970. * We are done with the tuples, but we can't free
  971. * them yet because "name" still points into one
  972. * of them. Move them on a temporary list.
  973. */
  974. ISC_LIST_APPENDLIST(trash.tuples, u_rrs.tuples, link);
  975. ISC_LIST_APPENDLIST(trash.tuples, d_rrs.tuples, link);
  976. dns_rdataset_disassociate(&rdataset);
  977. continue;
  978. failure:
  979. dns_diff_clear(&d_rrs);
  980. dns_diff_clear(&u_rrs);
  981. dns_diff_clear(&trash);
  982. dns_rdataset_disassociate(&rdataset);
  983. dns_db_detachnode(db, &node);
  984. return (result);
  985. }
  986. dns_db_detachnode(db, &node);
  987. }
  988. dns_diff_clear(&trash);
  989. return (ISC_R_SUCCESS);
  990. }
  991. /**************************************************************************/
  992. /*
  993. * Conditional deletion of RRs.
  994. */
  995. /*%
  996. * Context structure for delete_if().
  997. */
  998. typedef struct {
  999. rr_predicate *predicate;
  1000. dns_db_t *db;
  1001. dns_dbversion_t *ver;
  1002. dns_diff_t *diff;
  1003. dns_name_t *name;
  1004. dns_rdata_t *update_rr;
  1005. } conditional_delete_ctx_t;
  1006. /*%
  1007. * Predicate functions for delete_if().
  1008. */
  1009. /*%
  1010. * Return true iff 'db_rr' is neither a SOA nor an NS RR nor
  1011. * an RRSIG nor an NSEC3PARAM nor a NSEC.
  1012. */
  1013. static isc_boolean_t
  1014. type_not_soa_nor_ns_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
  1015. UNUSED(update_rr);
  1016. return ((db_rr->type != dns_rdatatype_soa &&
  1017. db_rr->type != dns_rdatatype_ns &&
  1018. db_rr->type != dns_rdatatype_nsec3param &&
  1019. db_rr->type != dns_rdatatype_rrsig &&
  1020. db_rr->type != dns_rdatatype_nsec) ?
  1021. ISC_TRUE : ISC_FALSE);
  1022. }
  1023. /*%
  1024. * Return true iff 'db_rr' is neither a RRSIG nor a NSEC.
  1025. */
  1026. static isc_boolean_t
  1027. type_not_dnssec(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
  1028. UNUSED(update_rr);
  1029. return ((db_rr->type != dns_rdatatype_rrsig &&
  1030. db_rr->type != dns_rdatatype_nsec) ?
  1031. ISC_TRUE : ISC_FALSE);
  1032. }
  1033. /*%
  1034. * Return true always.
  1035. */
  1036. static isc_boolean_t
  1037. true_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
  1038. UNUSED(update_rr);
  1039. UNUSED(db_rr);
  1040. return (ISC_TRUE);
  1041. }
  1042. /*%
  1043. * Return true if the record is a RRSIG.
  1044. */
  1045. static isc_boolean_t
  1046. rrsig_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
  1047. UNUSED(update_rr);
  1048. return ((db_rr->type == dns_rdatatype_rrsig) ?
  1049. ISC_TRUE : ISC_FALSE);
  1050. }
  1051. /*%
  1052. * Return true iff the two RRs have identical rdata.
  1053. */
  1054. static isc_boolean_t
  1055. rr_equal_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
  1056. /*
  1057. * XXXRTH This is not a problem, but we should consider creating
  1058. * dns_rdata_equal() (that used dns_name_equal()), since it
  1059. * would be faster. Not a priority.
  1060. */
  1061. return (dns_rdata_casecompare(update_rr, db_rr) == 0 ?
  1062. ISC_TRUE : ISC_FALSE);
  1063. }
  1064. /*%
  1065. * Return true iff 'update_rr' should replace 'db_rr' according
  1066. * to the special RFC2136 rules for CNAME, SOA, and WKS records.
  1067. *
  1068. * RFC2136 does not mention NSEC or DNAME, but multiple NSECs or DNAMEs
  1069. * make little sense, so we replace those, too.
  1070. *
  1071. * Additionally replace RRSIG that have been generated by the same key
  1072. * for the same type. This simplifies refreshing a offline KSK by not
  1073. * requiring that the old RRSIG be deleted. It also simplifies key
  1074. * rollover by only requiring that the new RRSIG be added.
  1075. */
  1076. static isc_boolean_t
  1077. replaces_p(dns_rdata_t *update_rr, dns_rdata_t *db_rr) {
  1078. dns_rdata_rrsig_t updatesig, dbsig;
  1079. isc_result_t result;
  1080. if (db_rr->type != update_rr->type)
  1081. return (ISC_FALSE);
  1082. if (db_rr->type == dns_rdatatype_cname)
  1083. return (ISC_TRUE);
  1084. if (db_rr->type == dns_rdatatype_dname)
  1085. return (ISC_TRUE);
  1086. if (db_rr->type == dns_rdatatype_soa)
  1087. return (ISC_TRUE);
  1088. if (db_rr->type == dns_rdatatype_nsec)
  1089. return (ISC_TRUE);
  1090. if (db_rr->type == dns_rdatatype_rrsig) {
  1091. /*
  1092. * Replace existing RRSIG with the same keyid,
  1093. * covered and algorithm.
  1094. */
  1095. result = dns_rdata_tostruct(db_rr, &dbsig, NULL);
  1096. RUNTIME_CHECK(result == ISC_R_SUCCESS);
  1097. result = dns_rdata_tostruct(update_rr, &updatesig, NULL);
  1098. RUNTIME_CHECK(result == ISC_R_SUCCESS);
  1099. if (dbsig.keyid == updatesig.keyid &&
  1100. dbsig.covered == updatesig.covered &&
  1101. dbsig.algorithm == updatesig.algorithm)
  1102. return (ISC_TRUE);
  1103. }
  1104. if (db_rr->type == dns_rdatatype_wks) {
  1105. /*
  1106. * Compare the address and protocol fields only. These
  1107. * form the first five bytes of the RR data. Do a
  1108. * raw binary comparison; unpacking the WKS RRs using
  1109. * dns_rdata_tostruct() might be cleaner in some ways.
  1110. */
  1111. INSIST(db_rr->length >= 5 && update_rr->length >= 5);
  1112. return (memcmp(db_rr->data, update_rr->data, 5) == 0 ?
  1113. ISC_TRUE : ISC_FALSE);
  1114. }
  1115. if (db_rr->type == dns_rdatatype_nsec3param) {
  1116. if (db_rr->length != update_rr->length)
  1117. return (ISC_FALSE);
  1118. INSIST(db_rr->length >= 4 && update_rr->length >= 4);
  1119. /*
  1120. * Replace NSEC3PARAM records that only differ by the
  1121. * flags field.
  1122. */
  1123. if (db_rr->data[0] == update_rr->data[0] &&
  1124. memcmp(db_rr->data+2, update_rr->data+2,
  1125. update_rr->length - 2) == 0)
  1126. return (ISC_TRUE);
  1127. }
  1128. return (ISC_FALSE);
  1129. }
  1130. /*%
  1131. * Internal helper function for delete_if().
  1132. */
  1133. static isc_result_t
  1134. delete_if_action(void *data, rr_t *rr) {
  1135. conditional_delete_ctx_t *ctx = data;
  1136. if ((*ctx->predicate)(ctx->update_rr, &rr->rdata)) {
  1137. isc_result_t result;
  1138. result = update_one_rr(ctx->db, ctx->ver, ctx->diff,
  1139. DNS_DIFFOP_DEL, ctx->name,
  1140. rr->ttl, &rr->rdata);
  1141. return (result);
  1142. } else {
  1143. return (ISC_R_SUCCESS);
  1144. }
  1145. }
  1146. /*%
  1147. * Conditionally delete RRs. Apply 'predicate' to the RRs
  1148. * specified by 'db', 'ver', 'name', and 'type' (which can
  1149. * be dns_rdatatype_any to match any type). Delete those
  1150. * RRs for which the predicate returns true, and log the
  1151. * deletions in 'diff'.
  1152. */
  1153. static isc_result_t
  1154. delete_if(rr_predicate *predicate, dns_db_t *db, dns_dbversion_t *ver,
  1155. dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers,
  1156. dns_rdata_t *update_rr, dns_diff_t *diff)
  1157. {
  1158. conditional_delete_ctx_t ctx;
  1159. ctx.predicate = predicate;
  1160. ctx.db = db;
  1161. ctx.ver = ver;
  1162. ctx.diff = diff;
  1163. ctx.name = name;
  1164. ctx.update_rr = update_rr;
  1165. return (foreach_rr(db, ver, name, type, covers,
  1166. delete_if_action, &ctx));
  1167. }
  1168. /**************************************************************************/
  1169. /*%
  1170. * Prepare an RR for the addition of the new RR 'ctx->update_rr',
  1171. * with TTL 'ctx->update_rr_ttl', to its rdataset, by deleting
  1172. * the RRs if it is replaced by the new RR or has a conflicting TTL.
  1173. * The necessary changes are appended to ctx->del_diff and ctx->add_diff;
  1174. * we need to do all deletions before any additions so that we don't run
  1175. * into transient states with conflicting TTLs.
  1176. */
  1177. typedef struct {
  1178. dns_db_t *db;
  1179. dns_dbversion_t *ver;
  1180. dns_diff_t *diff;
  1181. dns_name_t *name;
  1182. dns_rdata_t *update_rr;
  1183. dns_ttl_t update_rr_ttl;
  1184. isc_boolean_t ignore_add;
  1185. dns_diff_t del_diff;
  1186. dns_diff_t add_diff;
  1187. } add_rr_prepare_ctx_t;
  1188. static isc_result_t
  1189. add_rr_prepare_action(void *data, rr_t *rr) {
  1190. isc_result_t result = ISC_R_SUCCESS;
  1191. add_rr_prepare_ctx_t *ctx = data;
  1192. dns_difftuple_t *tuple = NULL;
  1193. isc_boolean_t equal;
  1194. /*
  1195. * If the update RR is a "duplicate" of the update RR,
  1196. * the update should be silently ignored.
  1197. */
  1198. equal = ISC_TF(dns_rdata_casecompare(&rr->rdata, ctx->update_rr) == 0);
  1199. if (equal && rr->ttl == ctx->update_rr_ttl) {
  1200. ctx->ignore_add = ISC_TRUE;
  1201. return (ISC_R_SUCCESS);
  1202. }
  1203. /*
  1204. * If this RR is "equal" to the update RR, it should
  1205. * be deleted before the update RR is added.
  1206. */
  1207. if (replaces_p(ctx->update_rr, &rr->rdata)) {
  1208. CHECK(dns_difftuple_create(ctx->del_diff.mctx, DNS_DIFFOP_DEL,
  1209. ctx->name, rr->ttl, &rr->rdata,
  1210. &tuple));
  1211. dns_diff_append(&ctx->del_diff, &tuple);
  1212. return (ISC_R_SUCCESS);
  1213. }
  1214. /*
  1215. * If this RR differs in TTL from the update RR,
  1216. * its TTL must be adjusted.
  1217. */
  1218. if (rr->ttl != ctx->update_rr_ttl) {
  1219. CHECK(dns_difftuple_create(ctx->del_diff.mctx, DNS_DIFFOP_DEL,
  1220. ctx->name, rr->ttl, &rr->rdata,
  1221. &tuple));
  1222. dns_diff_append(&ctx->del_diff, &tuple);
  1223. if (!equal) {
  1224. CHECK(dns_difftuple_create(ctx->add_diff.mctx,
  1225. DNS_DIFFOP_ADD, ctx->name,
  1226. ctx->update_rr_ttl,
  1227. &rr->rdata, &tuple));
  1228. dns_diff_append(&ctx->add_diff, &tuple);
  1229. }
  1230. }
  1231. failure:
  1232. return (result);
  1233. }
  1234. /**************************************************************************/
  1235. /*
  1236. * Miscellaneous subroutines.
  1237. */
  1238. /*%
  1239. * Extract a single update RR from 'section' of dynamic update message
  1240. * 'msg', with consistency checking.
  1241. *
  1242. * Stores the owner name, rdata, and TTL of the update RR at 'name',
  1243. * 'rdata', and 'ttl', respectively.
  1244. */
  1245. static void
  1246. get_current_rr(dns_message_t *msg, dns_section_t section,
  1247. dns_rdataclass_t zoneclass, dns_name_t **name,
  1248. dns_rdata_t *rdata, dns_rdatatype_t *covers,
  1249. dns_ttl_t *ttl, dns_rdataclass_t *update_class)
  1250. {
  1251. dns_rdataset_t *rdataset;
  1252. isc_result_t result;
  1253. dns_message_currentname(msg, section, name);
  1254. rdataset = ISC_LIST_HEAD((*name)->list);
  1255. INSIST(rdataset != NULL);
  1256. INSIST(ISC_LIST_NEXT(rdataset, link) == NULL);
  1257. *covers = rdataset->covers;
  1258. *ttl = rdataset->ttl;
  1259. result = dns_rdataset_first(rdataset);
  1260. INSIST(result == ISC_R_SUCCESS);
  1261. dns_rdataset_current(rdataset, rdata);
  1262. INSIST(dns_rdataset_next(rdataset) == ISC_R_NOMORE);
  1263. *update_class = rdata->rdclass;
  1264. rdata->rdclass = zoneclass;
  1265. }
  1266. /*%
  1267. * Increment the SOA serial number of database 'db', version 'ver'.
  1268. * Replace the SOA record in the database, and log the
  1269. * change in 'diff'.
  1270. */
  1271. /*
  1272. * XXXRTH Failures in this routine will be worth logging, when
  1273. * we have a logging system. Failure to find the zonename
  1274. * or the SOA rdataset warrant at least an UNEXPECTED_ERROR().
  1275. */
  1276. static isc_result_t
  1277. increment_soa_serial(dns_db_t *db, dns_dbversion_t *ver,
  1278. dns_diff_t *diff, isc_mem_t *mctx)
  1279. {
  1280. dns_difftuple_t *deltuple = NULL;
  1281. dns_difftuple_t *addtuple = NULL;
  1282. isc_uint32_t serial;
  1283. isc_result_t result;
  1284. CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_DEL, &deltuple));
  1285. CHECK(dns_difftuple_copy(deltuple, &addtuple));
  1286. addtuple->op = DNS_DIFFOP_ADD;
  1287. serial = dns_soa_getserial(&addtuple->rdata);
  1288. /* RFC1982 */
  1289. serial = (serial + 1) & 0xFFFFFFFF;
  1290. if (serial == 0)
  1291. serial = 1;
  1292. dns_soa_setserial(serial, &addtuple->rdata);
  1293. CHECK(do_one_tuple(&deltuple, db, ver, diff));
  1294. CHECK(do_one_tuple(&addtuple, db, ver, diff));
  1295. result = ISC_R_SUCCESS;
  1296. failure:
  1297. if (addtuple != NULL)
  1298. dns_difftuple_free(&addtuple);
  1299. if (deltuple != NULL)
  1300. dns_difftuple_free(&deltuple);
  1301. return (result);
  1302. }
  1303. /*%
  1304. * Check that the new SOA record at 'update_rdata' does not
  1305. * illegally cause the SOA serial number to decrease or stay
  1306. * unchanged relative to the existing SOA in 'db'.
  1307. *
  1308. * Sets '*ok' to ISC_TRUE if the update is legal, ISC_FALSE if not.
  1309. *
  1310. * William King points out that RFC2136 is inconsistent about
  1311. * the case where the serial number stays unchanged:
  1312. *
  1313. * section 3.4.2.2 requires a server to ignore a SOA update request
  1314. * if the serial number on the update SOA is less_than_or_equal to
  1315. * the zone SOA serial.
  1316. *
  1317. * section 3.6 requires a server to ignore a SOA update request if
  1318. * the serial is less_than the zone SOA serial.
  1319. *
  1320. * Paul says 3.4.2.2 is correct.
  1321. *
  1322. */
  1323. static isc_result_t
  1324. check_soa_increment(dns_db_t *db, dns_dbversion_t *ver,
  1325. dns_rdata_t *update_rdata, isc_boolean_t *ok)
  1326. {
  1327. isc_uint32_t db_serial;
  1328. isc_uint32_t update_serial;
  1329. isc_result_t result;
  1330. update_serial = dns_soa_getserial(update_rdata);
  1331. result = dns_db_getsoaserial(db, ver, &db_serial);
  1332. if (result != ISC_R_SUCCESS)
  1333. return (result);
  1334. if (DNS_SERIAL_GE(db_serial, update_serial)) {
  1335. *ok = ISC_FALSE;
  1336. } else {
  1337. *ok = ISC_TRUE;
  1338. }
  1339. return (ISC_R_SUCCESS);
  1340. }
  1341. /**************************************************************************/
  1342. /*
  1343. * Incremental updating of NSECs and RRSIGs.
  1344. */
  1345. /*%
  1346. * We abuse the dns_diff_t type to represent a set of domain names
  1347. * affected by the update.
  1348. */
  1349. static isc_result_t
  1350. namelist_append_name(dns_diff_t *list, dns_name_t *name) {
  1351. isc_result_t result;
  1352. dns_difftuple_t *tuple = NULL;
  1353. static dns_rdata_t dummy_rdata = DNS_RDATA_INIT;
  1354. CHECK(dns_difftuple_create(list->mctx, DNS_DIFFOP_EXISTS, name, 0,
  1355. &dummy_rdata, &tuple));
  1356. dns_diff_append(list, &tuple);
  1357. failure:
  1358. return (result);
  1359. }
  1360. static isc_result_t
  1361. namelist_append_subdomain(dns_db_t *db, dns_name_t *name, dns_diff_t *affected)
  1362. {
  1363. isc_result_t result;
  1364. dns_fixedname_t fixedname;
  1365. dns_name_t *child;
  1366. dns_dbiterator_t *dbit = NULL;
  1367. dns_fixedname_init(&fixedname);
  1368. child = dns_fixedname_name(&fixedname);
  1369. CHECK(dns_db_createiterator(db, DNS_DB_NONSEC3, &dbit));
  1370. for (result = dns_dbiterator_seek(dbit, name);
  1371. result == ISC_R_SUCCESS;
  1372. result = dns_dbiterator_next(dbit))
  1373. {
  1374. dns_dbnode_t *node = NULL;
  1375. CHECK(dns_dbiterator_current(dbit, &node, child));
  1376. dns_db_detachnode(db, &node);
  1377. if (! dns_name_issubdomain(child, name))
  1378. break;
  1379. CHECK(namelist_append_name(affected, child));
  1380. }
  1381. if (result == ISC_R_NOMORE)
  1382. result = ISC_R_SUCCESS;
  1383. failure:
  1384. if (dbit != NULL)
  1385. dns_dbiterator_destroy(&dbit);
  1386. return (result);
  1387. }
  1388. /*%
  1389. * Helper function for non_nsec_rrset_exists().
  1390. */
  1391. static isc_result_t
  1392. is_non_nsec_action(void *data, dns_rdataset_t *rrset) {
  1393. UNUSED(data);
  1394. if (!(rrset->type == dns_rdatatype_nsec ||
  1395. rrset->type == dns_rdatatype_nsec3 ||
  1396. (rrset->type == dns_rdatatype_rrsig &&
  1397. (rrset->covers == dns_rdatatype_nsec ||
  1398. rrset->covers == dns_rdatatype_nsec3))))
  1399. return (ISC_R_EXISTS);
  1400. return (ISC_R_SUCCESS);
  1401. }
  1402. /*%
  1403. * Check whether there is an rrset other than a NSEC or RRSIG NSEC,
  1404. * i.e., anything that justifies the continued existence of a name
  1405. * after a secure update.
  1406. *
  1407. * If such an rrset exists, set '*exists' to ISC_TRUE.
  1408. * Otherwise, set it to ISC_FALSE.
  1409. */
  1410. static isc_result_t
  1411. non_nsec_rrset_exists(dns_db_t *db, dns_dbversion_t *ver,
  1412. dns_name_t *name, isc_boolean_t *exists)
  1413. {
  1414. isc_result_t result;
  1415. result = foreach_rrset(db, ver, name, is_non_nsec_action, NULL);
  1416. RETURN_EXISTENCE_FLAG;
  1417. }
  1418. /*%
  1419. * A comparison function for sorting dns_diff_t:s by name.
  1420. */
  1421. static int
  1422. name_order(const void *av, const void *bv) {
  1423. dns_difftuple_t const * const *ap = av;
  1424. dns_difftuple_t const * const *bp = bv;
  1425. dns_difftuple_t const *a = *ap;
  1426. dns_difftuple_t const *b = *bp;
  1427. return (dns_name_compare(&a->name, &b->name));
  1428. }
  1429. static isc_result_t
  1430. uniqify_name_list(dns_diff_t *list) {
  1431. isc_result_t result;
  1432. dns_difftuple_t *p, *q;
  1433. CHECK(dns_diff_sort(list, name_order));
  1434. p = ISC_LIST_HEAD(list->tuples);
  1435. while (p != NULL) {
  1436. do {
  1437. q = ISC_LIST_NEXT(p, link);
  1438. if (q == NULL || ! dns_name_equal(&p->name, &q->name))
  1439. break;
  1440. ISC_LIST_UNLINK(list->tuples, q, link);
  1441. dns_difftuple_free(&q);
  1442. } while (1);
  1443. p = ISC_LIST_NEXT(p, link);
  1444. }
  1445. failure:
  1446. return (result);
  1447. }
  1448. static isc_result_t
  1449. is_active(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  1450. isc_boolean_t *flag, isc_boolean_t *cut, isc_boolean_t *unsecure)
  1451. {
  1452. isc_result_t result;
  1453. dns_fixedname_t foundname;
  1454. dns_fixedname_init(&foundname);
  1455. result = dns_db_find(db, name, ver, dns_rdatatype_any,
  1456. DNS_DBFIND_GLUEOK | DNS_DBFIND_NOWILD,
  1457. (isc_stdtime_t) 0, NULL,
  1458. dns_fixedname_name(&foundname),
  1459. NULL, NULL);
  1460. if (result == ISC_R_SUCCESS || result == DNS_R_EMPTYNAME) {
  1461. *flag = ISC_TRUE;
  1462. *cut = ISC_FALSE;
  1463. if (unsecure != NULL)
  1464. *unsecure = ISC_FALSE;
  1465. return (ISC_R_SUCCESS);
  1466. } else if (result == DNS_R_ZONECUT) {
  1467. *flag = ISC_TRUE;
  1468. *cut = ISC_TRUE;
  1469. if (unsecure != NULL) {
  1470. /*
  1471. * We are at the zonecut. Check to see if there
  1472. * is a DS RRset.
  1473. */
  1474. if (dns_db_find(db, name, ver, dns_rdatatype_ds, 0,
  1475. (isc_stdtime_t) 0, NULL,
  1476. dns_fixedname_name(&foundname),
  1477. NULL, NULL) == DNS_R_NXRRSET)
  1478. *unsecure = ISC_TRUE;
  1479. else
  1480. *unsecure = ISC_FALSE;
  1481. }
  1482. return (ISC_R_SUCCESS);
  1483. } else if (result == DNS_R_GLUE || result == DNS_R_DNAME ||
  1484. result == DNS_R_DELEGATION || result == DNS_R_NXDOMAIN) {
  1485. *flag = ISC_FALSE;
  1486. *cut = ISC_FALSE;
  1487. if (unsecure != NULL)
  1488. *unsecure = ISC_FALSE;
  1489. return (ISC_R_SUCCESS);
  1490. } else {
  1491. /*
  1492. * Silence compiler.
  1493. */
  1494. *flag = ISC_FALSE;
  1495. *cut = ISC_FALSE;
  1496. if (unsecure != NULL)
  1497. *unsecure = ISC_FALSE;
  1498. return (result);
  1499. }
  1500. }
  1501. /*%
  1502. * Find the next/previous name that has a NSEC record.
  1503. * In other words, skip empty database nodes and names that
  1504. * have had their NSECs removed because they are obscured by
  1505. * a zone cut.
  1506. */
  1507. static isc_result_t
  1508. next_active(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
  1509. dns_dbversion_t *ver, dns_name_t *oldname, dns_name_t *newname,
  1510. isc_boolean_t forward)
  1511. {
  1512. isc_result_t result;
  1513. dns_dbiterator_t *dbit = NULL;
  1514. isc_boolean_t has_nsec = ISC_FALSE;
  1515. unsigned int wraps = 0;
  1516. isc_boolean_t secure = dns_db_issecure(db);
  1517. CHECK(dns_db_createiterator(db, 0, &dbit));
  1518. CHECK(dns_dbiterator_seek(dbit, oldname));
  1519. do {
  1520. dns_dbnode_t *node = NULL;
  1521. if (forward)
  1522. result = dns_dbiterator_next(dbit);
  1523. else
  1524. result = dns_dbiterator_prev(dbit);
  1525. if (result == ISC_R_NOMORE) {
  1526. /*
  1527. * Wrap around.
  1528. */
  1529. if (forward)
  1530. CHECK(dns_dbiterator_first(dbit));
  1531. else
  1532. CHECK(dns_dbiterator_last(dbit));
  1533. wraps++;
  1534. if (wraps == 2) {
  1535. update_log(client, zone, ISC_LOG_ERROR,
  1536. "secure zone with no NSECs");
  1537. result = DNS_R_BADZONE;
  1538. goto failure;
  1539. }
  1540. }
  1541. CHECK(dns_dbiterator_current(dbit, &node, newname));
  1542. dns_db_detachnode(db, &node);
  1543. /*
  1544. * The iterator may hold the tree lock, and
  1545. * rrset_exists() calls dns_db_findnode() which
  1546. * may try to reacquire it. To avoid deadlock
  1547. * we must pause the iterator first.
  1548. */
  1549. CHECK(dns_dbiterator_pause(dbit));
  1550. if (secure) {
  1551. CHECK(rrset_exists(db, ver, newname,
  1552. dns_rdatatype_nsec, 0, &has_nsec));
  1553. } else {
  1554. dns_fixedname_t ffound;
  1555. dns_name_t *found;
  1556. dns_fixedname_init(&ffound);
  1557. found = dns_fixedname_name(&ffound);
  1558. result = dns_db_find(db, newname, ver,
  1559. dns_rdatatype_soa,
  1560. DNS_DBFIND_NOWILD, 0, NULL, found,
  1561. NULL, NULL);
  1562. if (result == ISC_R_SUCCESS ||
  1563. result == DNS_R_EMPTYNAME ||
  1564. result == DNS_R_NXRRSET ||
  1565. result == DNS_R_CNAME ||
  1566. (result == DNS_R_DELEGATION &&
  1567. dns_name_equal(newname, found))) {
  1568. has_nsec = ISC_TRUE;
  1569. result = ISC_R_SUCCESS;
  1570. } else if (result != DNS_R_NXDOMAIN)
  1571. break;
  1572. }
  1573. } while (! has_nsec);
  1574. failure:
  1575. if (dbit != NULL)
  1576. dns_dbiterator_destroy(&dbit);
  1577. return (result);
  1578. }
  1579. /*%
  1580. * Add a NSEC record for "name", recording the change in "diff".
  1581. * The existing NSEC is removed.
  1582. */
  1583. static isc_result_t
  1584. add_nsec(ns_client_t *client, dns_zone_t *zone, dns_db_t *db,
  1585. dns_dbversion_t *ver, dns_name_t *name, dns_ttl_t nsecttl,
  1586. dns_diff_t *diff)
  1587. {
  1588. isc_result_t result;
  1589. dns_dbnode_t *node = NULL;
  1590. unsigned char buffer[DNS_NSEC_BUFFERSIZE];
  1591. dns_rdata_t rdata = DNS_RDATA_INIT;
  1592. dns_difftuple_t *tuple = NULL;
  1593. dns_fixedname_t fixedname;
  1594. dns_name_t *target;
  1595. dns_fixedname_init(&fixedname);
  1596. target = dns_fixedname_name(&fixedname);
  1597. /*
  1598. * Find the successor name, aka NSEC target.
  1599. */
  1600. CHECK(next_active(client, zone, db, ver, name, target, ISC_TRUE));
  1601. /*
  1602. * Create the NSEC RDATA.
  1603. */
  1604. CHECK(dns_db_findnode(db, name, ISC_FALSE, &node));
  1605. dns_rdata_init(&rdata);
  1606. CHECK(dns_nsec_buildrdata(db, ver, node, target, buffer, &rdata));
  1607. dns_db_detachnode(db, &node);
  1608. /*
  1609. * Delete the old NSEC and record the change.
  1610. */
  1611. CHECK(delete_if(true_p, db, ver, name, dns_rdatatype_nsec, 0,
  1612. NULL, diff));
  1613. /*
  1614. * Add the new NSEC and record the change.
  1615. */
  1616. CHECK(dns_difftuple_create(diff->mctx, DNS_DIFFOP_ADD, name,
  1617. nsecttl, &rdata, &tuple));
  1618. CHECK(do_one_tuple(&tuple, db, ver, diff));
  1619. INSIST(tuple == NULL);
  1620. failure:
  1621. if (node != NULL)
  1622. dns_db_detachnode(db, &node);
  1623. return (result);
  1624. }
  1625. /*%
  1626. * Add a placeholder NSEC record for "name", recording the change in "diff".
  1627. */
  1628. static isc_result_t
  1629. add_placeholder_nsec(dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name,
  1630. dns_diff_t *diff)
  1631. {
  1632. isc_result_t result;
  1633. dns_difftuple_t *tuple = NULL;
  1634. isc_region_t r;
  1635. unsigned char data[1] = { 0 }; /* The root domain, no bits. */
  1636. dns_rdata_t rdata = DNS_RDATA_INIT;
  1637. r.base = data;
  1638. r.length = si