/contrib/bind9/bin/named/xfrout.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 1668 lines · 1169 code · 206 blank · 293 comment · 252 complexity · 54fe200256f147bdf00e8678b3907177 MD5 · raw file

  1. /*
  2. * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
  3. * Copyright (C) 1999-2003 Internet Software Consortium.
  4. *
  5. * Permission to use, copy, modify, and/or distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10. * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11. * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12. * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13. * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14. * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15. * PERFORMANCE OF THIS SOFTWARE.
  16. */
  17. /* $Id: xfrout.c,v 1.139.16.4 2011/12/01 01:00:50 marka Exp $ */
  18. #include <config.h>
  19. #include <isc/formatcheck.h>
  20. #include <isc/mem.h>
  21. #include <isc/timer.h>
  22. #include <isc/print.h>
  23. #include <isc/stats.h>
  24. #include <isc/util.h>
  25. #include <dns/db.h>
  26. #include <dns/dbiterator.h>
  27. #include <dns/dlz.h>
  28. #include <dns/fixedname.h>
  29. #include <dns/journal.h>
  30. #include <dns/message.h>
  31. #include <dns/peer.h>
  32. #include <dns/rdataclass.h>
  33. #include <dns/rdatalist.h>
  34. #include <dns/rdataset.h>
  35. #include <dns/rdatasetiter.h>
  36. #include <dns/result.h>
  37. #include <dns/rriterator.h>
  38. #include <dns/soa.h>
  39. #include <dns/stats.h>
  40. #include <dns/timer.h>
  41. #include <dns/tsig.h>
  42. #include <dns/view.h>
  43. #include <dns/zone.h>
  44. #include <dns/zt.h>
  45. #include <named/client.h>
  46. #include <named/log.h>
  47. #include <named/server.h>
  48. #include <named/xfrout.h>
  49. /*! \file
  50. * \brief
  51. * Outgoing AXFR and IXFR.
  52. */
  53. /*
  54. * TODO:
  55. * - IXFR over UDP
  56. */
  57. #define XFROUT_COMMON_LOGARGS \
  58. ns_g_lctx, DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT
  59. #define XFROUT_PROTOCOL_LOGARGS \
  60. XFROUT_COMMON_LOGARGS, ISC_LOG_INFO
  61. #define XFROUT_DEBUG_LOGARGS(n) \
  62. XFROUT_COMMON_LOGARGS, ISC_LOG_DEBUG(n)
  63. #define XFROUT_RR_LOGARGS \
  64. XFROUT_COMMON_LOGARGS, XFROUT_RR_LOGLEVEL
  65. #define XFROUT_RR_LOGLEVEL ISC_LOG_DEBUG(8)
  66. /*%
  67. * Fail unconditionally and log as a client error.
  68. * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
  69. * from complaining about "end-of-loop code not reached".
  70. */
  71. #define FAILC(code, msg) \
  72. do { \
  73. result = (code); \
  74. ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, \
  75. NS_LOGMODULE_XFER_OUT, ISC_LOG_INFO, \
  76. "bad zone transfer request: %s (%s)", \
  77. msg, isc_result_totext(code)); \
  78. if (result != ISC_R_SUCCESS) goto failure; \
  79. } while (0)
  80. #define FAILQ(code, msg, question, rdclass) \
  81. do { \
  82. char _buf1[DNS_NAME_FORMATSIZE]; \
  83. char _buf2[DNS_RDATACLASS_FORMATSIZE]; \
  84. result = (code); \
  85. dns_name_format(question, _buf1, sizeof(_buf1)); \
  86. dns_rdataclass_format(rdclass, _buf2, sizeof(_buf2)); \
  87. ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, \
  88. NS_LOGMODULE_XFER_OUT, ISC_LOG_INFO, \
  89. "bad zone transfer request: '%s/%s': %s (%s)", \
  90. _buf1, _buf2, msg, isc_result_totext(code)); \
  91. if (result != ISC_R_SUCCESS) goto failure; \
  92. } while (0)
  93. #define CHECK(op) \
  94. do { result = (op); \
  95. if (result != ISC_R_SUCCESS) goto failure; \
  96. } while (0)
  97. /**************************************************************************/
  98. static inline void
  99. inc_stats(dns_zone_t *zone, isc_statscounter_t counter) {
  100. isc_stats_increment(ns_g_server->nsstats, counter);
  101. if (zone != NULL) {
  102. isc_stats_t *zonestats = dns_zone_getrequeststats(zone);
  103. if (zonestats != NULL)
  104. isc_stats_increment(zonestats, counter);
  105. }
  106. }
  107. /**************************************************************************/
  108. /*% Log an RR (for debugging) */
  109. static void
  110. log_rr(dns_name_t *name, dns_rdata_t *rdata, isc_uint32_t ttl) {
  111. isc_result_t result;
  112. isc_buffer_t buf;
  113. char mem[2000];
  114. dns_rdatalist_t rdl;
  115. dns_rdataset_t rds;
  116. dns_rdata_t rd = DNS_RDATA_INIT;
  117. rdl.type = rdata->type;
  118. rdl.rdclass = rdata->rdclass;
  119. rdl.ttl = ttl;
  120. if (rdata->type == dns_rdatatype_sig ||
  121. rdata->type == dns_rdatatype_rrsig)
  122. rdl.covers = dns_rdata_covers(rdata);
  123. else
  124. rdl.covers = dns_rdatatype_none;
  125. ISC_LIST_INIT(rdl.rdata);
  126. ISC_LINK_INIT(&rdl, link);
  127. dns_rdataset_init(&rds);
  128. dns_rdata_init(&rd);
  129. dns_rdata_clone(rdata, &rd);
  130. ISC_LIST_APPEND(rdl.rdata, &rd, link);
  131. RUNTIME_CHECK(dns_rdatalist_tordataset(&rdl, &rds) == ISC_R_SUCCESS);
  132. isc_buffer_init(&buf, mem, sizeof(mem));
  133. result = dns_rdataset_totext(&rds, name,
  134. ISC_FALSE, ISC_FALSE, &buf);
  135. /*
  136. * We could use xfrout_log(), but that would produce
  137. * very long lines with a repetitive prefix.
  138. */
  139. if (result == ISC_R_SUCCESS) {
  140. /*
  141. * Get rid of final newline.
  142. */
  143. INSIST(buf.used >= 1 &&
  144. ((char *) buf.base)[buf.used - 1] == '\n');
  145. buf.used--;
  146. isc_log_write(XFROUT_RR_LOGARGS, "%.*s",
  147. (int)isc_buffer_usedlength(&buf),
  148. (char *)isc_buffer_base(&buf));
  149. } else {
  150. isc_log_write(XFROUT_RR_LOGARGS, "<RR too large to print>");
  151. }
  152. }
  153. /**************************************************************************/
  154. /*
  155. * An 'rrstream_t' is a polymorphic iterator that returns
  156. * a stream of resource records. There are multiple implementations,
  157. * e.g. for generating AXFR and IXFR records streams.
  158. */
  159. typedef struct rrstream_methods rrstream_methods_t;
  160. typedef struct rrstream {
  161. isc_mem_t *mctx;
  162. rrstream_methods_t *methods;
  163. } rrstream_t;
  164. struct rrstream_methods {
  165. isc_result_t (*first)(rrstream_t *);
  166. isc_result_t (*next)(rrstream_t *);
  167. void (*current)(rrstream_t *,
  168. dns_name_t **,
  169. isc_uint32_t *,
  170. dns_rdata_t **);
  171. void (*pause)(rrstream_t *);
  172. void (*destroy)(rrstream_t **);
  173. };
  174. static void
  175. rrstream_noop_pause(rrstream_t *rs) {
  176. UNUSED(rs);
  177. }
  178. /**************************************************************************/
  179. /*
  180. * An 'ixfr_rrstream_t' is an 'rrstream_t' that returns
  181. * an IXFR-like RR stream from a journal file.
  182. *
  183. * The SOA at the beginning of each sequence of additions
  184. * or deletions are included in the stream, but the extra
  185. * SOAs at the beginning and end of the entire transfer are
  186. * not included.
  187. */
  188. typedef struct ixfr_rrstream {
  189. rrstream_t common;
  190. dns_journal_t *journal;
  191. } ixfr_rrstream_t;
  192. /* Forward declarations. */
  193. static void
  194. ixfr_rrstream_destroy(rrstream_t **sp);
  195. static rrstream_methods_t ixfr_rrstream_methods;
  196. /*
  197. * Returns: anything dns_journal_open() or dns_journal_iter_init()
  198. * may return.
  199. */
  200. static isc_result_t
  201. ixfr_rrstream_create(isc_mem_t *mctx,
  202. const char *journal_filename,
  203. isc_uint32_t begin_serial,
  204. isc_uint32_t end_serial,
  205. rrstream_t **sp)
  206. {
  207. ixfr_rrstream_t *s;
  208. isc_result_t result;
  209. INSIST(sp != NULL && *sp == NULL);
  210. s = isc_mem_get(mctx, sizeof(*s));
  211. if (s == NULL)
  212. return (ISC_R_NOMEMORY);
  213. s->common.mctx = mctx;
  214. s->common.methods = &ixfr_rrstream_methods;
  215. s->journal = NULL;
  216. CHECK(dns_journal_open(mctx, journal_filename,
  217. ISC_FALSE, &s->journal));
  218. CHECK(dns_journal_iter_init(s->journal, begin_serial, end_serial));
  219. *sp = (rrstream_t *) s;
  220. return (ISC_R_SUCCESS);
  221. failure:
  222. ixfr_rrstream_destroy((rrstream_t **) (void *)&s);
  223. return (result);
  224. }
  225. static isc_result_t
  226. ixfr_rrstream_first(rrstream_t *rs) {
  227. ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
  228. return (dns_journal_first_rr(s->journal));
  229. }
  230. static isc_result_t
  231. ixfr_rrstream_next(rrstream_t *rs) {
  232. ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
  233. return (dns_journal_next_rr(s->journal));
  234. }
  235. static void
  236. ixfr_rrstream_current(rrstream_t *rs,
  237. dns_name_t **name, isc_uint32_t *ttl,
  238. dns_rdata_t **rdata)
  239. {
  240. ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
  241. dns_journal_current_rr(s->journal, name, ttl, rdata);
  242. }
  243. static void
  244. ixfr_rrstream_destroy(rrstream_t **rsp) {
  245. ixfr_rrstream_t *s = (ixfr_rrstream_t *) *rsp;
  246. if (s->journal != 0)
  247. dns_journal_destroy(&s->journal);
  248. isc_mem_put(s->common.mctx, s, sizeof(*s));
  249. }
  250. static rrstream_methods_t ixfr_rrstream_methods = {
  251. ixfr_rrstream_first,
  252. ixfr_rrstream_next,
  253. ixfr_rrstream_current,
  254. rrstream_noop_pause,
  255. ixfr_rrstream_destroy
  256. };
  257. /**************************************************************************/
  258. /*
  259. * An 'axfr_rrstream_t' is an 'rrstream_t' that returns
  260. * an AXFR-like RR stream from a database.
  261. *
  262. * The SOAs at the beginning and end of the transfer are
  263. * not included in the stream.
  264. */
  265. typedef struct axfr_rrstream {
  266. rrstream_t common;
  267. dns_rriterator_t it;
  268. isc_boolean_t it_valid;
  269. } axfr_rrstream_t;
  270. /*
  271. * Forward declarations.
  272. */
  273. static void
  274. axfr_rrstream_destroy(rrstream_t **rsp);
  275. static rrstream_methods_t axfr_rrstream_methods;
  276. static isc_result_t
  277. axfr_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
  278. rrstream_t **sp)
  279. {
  280. axfr_rrstream_t *s;
  281. isc_result_t result;
  282. INSIST(sp != NULL && *sp == NULL);
  283. s = isc_mem_get(mctx, sizeof(*s));
  284. if (s == NULL)
  285. return (ISC_R_NOMEMORY);
  286. s->common.mctx = mctx;
  287. s->common.methods = &axfr_rrstream_methods;
  288. s->it_valid = ISC_FALSE;
  289. CHECK(dns_rriterator_init(&s->it, db, ver, 0));
  290. s->it_valid = ISC_TRUE;
  291. *sp = (rrstream_t *) s;
  292. return (ISC_R_SUCCESS);
  293. failure:
  294. axfr_rrstream_destroy((rrstream_t **) (void *)&s);
  295. return (result);
  296. }
  297. static isc_result_t
  298. axfr_rrstream_first(rrstream_t *rs) {
  299. axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
  300. isc_result_t result;
  301. result = dns_rriterator_first(&s->it);
  302. if (result != ISC_R_SUCCESS)
  303. return (result);
  304. /* Skip SOA records. */
  305. for (;;) {
  306. dns_name_t *name_dummy = NULL;
  307. isc_uint32_t ttl_dummy;
  308. dns_rdata_t *rdata = NULL;
  309. dns_rriterator_current(&s->it, &name_dummy,
  310. &ttl_dummy, NULL, &rdata);
  311. if (rdata->type != dns_rdatatype_soa)
  312. break;
  313. result = dns_rriterator_next(&s->it);
  314. if (result != ISC_R_SUCCESS)
  315. break;
  316. }
  317. return (result);
  318. }
  319. static isc_result_t
  320. axfr_rrstream_next(rrstream_t *rs) {
  321. axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
  322. isc_result_t result;
  323. /* Skip SOA records. */
  324. for (;;) {
  325. dns_name_t *name_dummy = NULL;
  326. isc_uint32_t ttl_dummy;
  327. dns_rdata_t *rdata = NULL;
  328. result = dns_rriterator_next(&s->it);
  329. if (result != ISC_R_SUCCESS)
  330. break;
  331. dns_rriterator_current(&s->it, &name_dummy,
  332. &ttl_dummy, NULL, &rdata);
  333. if (rdata->type != dns_rdatatype_soa)
  334. break;
  335. }
  336. return (result);
  337. }
  338. static void
  339. axfr_rrstream_current(rrstream_t *rs, dns_name_t **name, isc_uint32_t *ttl,
  340. dns_rdata_t **rdata)
  341. {
  342. axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
  343. dns_rriterator_current(&s->it, name, ttl, NULL, rdata);
  344. }
  345. static void
  346. axfr_rrstream_pause(rrstream_t *rs) {
  347. axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
  348. dns_rriterator_pause(&s->it);
  349. }
  350. static void
  351. axfr_rrstream_destroy(rrstream_t **rsp) {
  352. axfr_rrstream_t *s = (axfr_rrstream_t *) *rsp;
  353. if (s->it_valid)
  354. dns_rriterator_destroy(&s->it);
  355. isc_mem_put(s->common.mctx, s, sizeof(*s));
  356. }
  357. static rrstream_methods_t axfr_rrstream_methods = {
  358. axfr_rrstream_first,
  359. axfr_rrstream_next,
  360. axfr_rrstream_current,
  361. axfr_rrstream_pause,
  362. axfr_rrstream_destroy
  363. };
  364. /**************************************************************************/
  365. /*
  366. * An 'soa_rrstream_t' is a degenerate 'rrstream_t' that returns
  367. * a single SOA record.
  368. */
  369. typedef struct soa_rrstream {
  370. rrstream_t common;
  371. dns_difftuple_t *soa_tuple;
  372. } soa_rrstream_t;
  373. /*
  374. * Forward declarations.
  375. */
  376. static void
  377. soa_rrstream_destroy(rrstream_t **rsp);
  378. static rrstream_methods_t soa_rrstream_methods;
  379. static isc_result_t
  380. soa_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
  381. rrstream_t **sp)
  382. {
  383. soa_rrstream_t *s;
  384. isc_result_t result;
  385. INSIST(sp != NULL && *sp == NULL);
  386. s = isc_mem_get(mctx, sizeof(*s));
  387. if (s == NULL)
  388. return (ISC_R_NOMEMORY);
  389. s->common.mctx = mctx;
  390. s->common.methods = &soa_rrstream_methods;
  391. s->soa_tuple = NULL;
  392. CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
  393. &s->soa_tuple));
  394. *sp = (rrstream_t *) s;
  395. return (ISC_R_SUCCESS);
  396. failure:
  397. soa_rrstream_destroy((rrstream_t **) (void *)&s);
  398. return (result);
  399. }
  400. static isc_result_t
  401. soa_rrstream_first(rrstream_t *rs) {
  402. UNUSED(rs);
  403. return (ISC_R_SUCCESS);
  404. }
  405. static isc_result_t
  406. soa_rrstream_next(rrstream_t *rs) {
  407. UNUSED(rs);
  408. return (ISC_R_NOMORE);
  409. }
  410. static void
  411. soa_rrstream_current(rrstream_t *rs, dns_name_t **name, isc_uint32_t *ttl,
  412. dns_rdata_t **rdata)
  413. {
  414. soa_rrstream_t *s = (soa_rrstream_t *) rs;
  415. *name = &s->soa_tuple->name;
  416. *ttl = s->soa_tuple->ttl;
  417. *rdata = &s->soa_tuple->rdata;
  418. }
  419. static void
  420. soa_rrstream_destroy(rrstream_t **rsp) {
  421. soa_rrstream_t *s = (soa_rrstream_t *) *rsp;
  422. if (s->soa_tuple != NULL)
  423. dns_difftuple_free(&s->soa_tuple);
  424. isc_mem_put(s->common.mctx, s, sizeof(*s));
  425. }
  426. static rrstream_methods_t soa_rrstream_methods = {
  427. soa_rrstream_first,
  428. soa_rrstream_next,
  429. soa_rrstream_current,
  430. rrstream_noop_pause,
  431. soa_rrstream_destroy
  432. };
  433. /**************************************************************************/
  434. /*
  435. * A 'compound_rrstream_t' objects owns a soa_rrstream
  436. * and another rrstream, the "data stream". It returns
  437. * a concatenated stream consisting of the soa_rrstream, then
  438. * the data stream, then the soa_rrstream again.
  439. *
  440. * The component streams are owned by the compound_rrstream_t
  441. * and are destroyed with it.
  442. */
  443. typedef struct compound_rrstream {
  444. rrstream_t common;
  445. rrstream_t *components[3];
  446. int state;
  447. isc_result_t result;
  448. } compound_rrstream_t;
  449. /*
  450. * Forward declarations.
  451. */
  452. static void
  453. compound_rrstream_destroy(rrstream_t **rsp);
  454. static isc_result_t
  455. compound_rrstream_next(rrstream_t *rs);
  456. static rrstream_methods_t compound_rrstream_methods;
  457. /*
  458. * Requires:
  459. * soa_stream != NULL && *soa_stream != NULL
  460. * data_stream != NULL && *data_stream != NULL
  461. * sp != NULL && *sp == NULL
  462. *
  463. * Ensures:
  464. * *soa_stream == NULL
  465. * *data_stream == NULL
  466. * *sp points to a valid compound_rrstream_t
  467. * The soa and data streams will be destroyed
  468. * when the compound_rrstream_t is destroyed.
  469. */
  470. static isc_result_t
  471. compound_rrstream_create(isc_mem_t *mctx, rrstream_t **soa_stream,
  472. rrstream_t **data_stream, rrstream_t **sp)
  473. {
  474. compound_rrstream_t *s;
  475. INSIST(sp != NULL && *sp == NULL);
  476. s = isc_mem_get(mctx, sizeof(*s));
  477. if (s == NULL)
  478. return (ISC_R_NOMEMORY);
  479. s->common.mctx = mctx;
  480. s->common.methods = &compound_rrstream_methods;
  481. s->components[0] = *soa_stream;
  482. s->components[1] = *data_stream;
  483. s->components[2] = *soa_stream;
  484. s->state = -1;
  485. s->result = ISC_R_FAILURE;
  486. *soa_stream = NULL;
  487. *data_stream = NULL;
  488. *sp = (rrstream_t *) s;
  489. return (ISC_R_SUCCESS);
  490. }
  491. static isc_result_t
  492. compound_rrstream_first(rrstream_t *rs) {
  493. compound_rrstream_t *s = (compound_rrstream_t *) rs;
  494. s->state = 0;
  495. do {
  496. rrstream_t *curstream = s->components[s->state];
  497. s->result = curstream->methods->first(curstream);
  498. } while (s->result == ISC_R_NOMORE && s->state < 2);
  499. return (s->result);
  500. }
  501. static isc_result_t
  502. compound_rrstream_next(rrstream_t *rs) {
  503. compound_rrstream_t *s = (compound_rrstream_t *) rs;
  504. rrstream_t *curstream = s->components[s->state];
  505. s->result = curstream->methods->next(curstream);
  506. while (s->result == ISC_R_NOMORE) {
  507. /*
  508. * Make sure locks held by the current stream
  509. * are released before we switch streams.
  510. */
  511. curstream->methods->pause(curstream);
  512. if (s->state == 2)
  513. return (ISC_R_NOMORE);
  514. s->state++;
  515. curstream = s->components[s->state];
  516. s->result = curstream->methods->first(curstream);
  517. }
  518. return (s->result);
  519. }
  520. static void
  521. compound_rrstream_current(rrstream_t *rs, dns_name_t **name, isc_uint32_t *ttl,
  522. dns_rdata_t **rdata)
  523. {
  524. compound_rrstream_t *s = (compound_rrstream_t *) rs;
  525. rrstream_t *curstream;
  526. INSIST(0 <= s->state && s->state < 3);
  527. INSIST(s->result == ISC_R_SUCCESS);
  528. curstream = s->components[s->state];
  529. curstream->methods->current(curstream, name, ttl, rdata);
  530. }
  531. static void
  532. compound_rrstream_pause(rrstream_t *rs)
  533. {
  534. compound_rrstream_t *s = (compound_rrstream_t *) rs;
  535. rrstream_t *curstream;
  536. INSIST(0 <= s->state && s->state < 3);
  537. curstream = s->components[s->state];
  538. curstream->methods->pause(curstream);
  539. }
  540. static void
  541. compound_rrstream_destroy(rrstream_t **rsp) {
  542. compound_rrstream_t *s = (compound_rrstream_t *) *rsp;
  543. s->components[0]->methods->destroy(&s->components[0]);
  544. s->components[1]->methods->destroy(&s->components[1]);
  545. s->components[2] = NULL; /* Copy of components[0]. */
  546. isc_mem_put(s->common.mctx, s, sizeof(*s));
  547. }
  548. static rrstream_methods_t compound_rrstream_methods = {
  549. compound_rrstream_first,
  550. compound_rrstream_next,
  551. compound_rrstream_current,
  552. compound_rrstream_pause,
  553. compound_rrstream_destroy
  554. };
  555. /**************************************************************************/
  556. /*
  557. * An 'xfrout_ctx_t' contains the state of an outgoing AXFR or IXFR
  558. * in progress.
  559. */
  560. typedef struct {
  561. isc_mem_t *mctx;
  562. ns_client_t *client;
  563. unsigned int id; /* ID of request */
  564. dns_name_t *qname; /* Question name of request */
  565. dns_rdatatype_t qtype; /* dns_rdatatype_{a,i}xfr */
  566. dns_rdataclass_t qclass;
  567. dns_zone_t *zone; /* (necessary for stats) */
  568. dns_db_t *db;
  569. dns_dbversion_t *ver;
  570. isc_quota_t *quota;
  571. rrstream_t *stream; /* The XFR RR stream */
  572. isc_boolean_t end_of_stream; /* EOS has been reached */
  573. isc_buffer_t buf; /* Buffer for message owner
  574. names and rdatas */
  575. isc_buffer_t txlenbuf; /* Transmit length buffer */
  576. isc_buffer_t txbuf; /* Transmit message buffer */
  577. void *txmem;
  578. unsigned int txmemlen;
  579. unsigned int nmsg; /* Number of messages sent */
  580. dns_tsigkey_t *tsigkey; /* Key used to create TSIG */
  581. isc_buffer_t *lasttsig; /* the last TSIG */
  582. isc_boolean_t many_answers;
  583. int sends; /* Send in progress */
  584. isc_boolean_t shuttingdown;
  585. const char *mnemonic; /* Style of transfer */
  586. } xfrout_ctx_t;
  587. static isc_result_t
  588. xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client,
  589. unsigned int id, dns_name_t *qname, dns_rdatatype_t qtype,
  590. dns_rdataclass_t qclass, dns_zone_t *zone,
  591. dns_db_t *db, dns_dbversion_t *ver, isc_quota_t *quota,
  592. rrstream_t *stream, dns_tsigkey_t *tsigkey,
  593. isc_buffer_t *lasttsig,
  594. unsigned int maxtime,
  595. unsigned int idletime,
  596. isc_boolean_t many_answers,
  597. xfrout_ctx_t **xfrp);
  598. static void
  599. sendstream(xfrout_ctx_t *xfr);
  600. static void
  601. xfrout_senddone(isc_task_t *task, isc_event_t *event);
  602. static void
  603. xfrout_fail(xfrout_ctx_t *xfr, isc_result_t result, const char *msg);
  604. static void
  605. xfrout_maybe_destroy(xfrout_ctx_t *xfr);
  606. static void
  607. xfrout_ctx_destroy(xfrout_ctx_t **xfrp);
  608. static void
  609. xfrout_client_shutdown(void *arg, isc_result_t result);
  610. static void
  611. xfrout_log1(ns_client_t *client, dns_name_t *zonename,
  612. dns_rdataclass_t rdclass, int level,
  613. const char *fmt, ...) ISC_FORMAT_PRINTF(5, 6);
  614. static void
  615. xfrout_log(xfrout_ctx_t *xfr, int level, const char *fmt, ...)
  616. ISC_FORMAT_PRINTF(3, 4);
  617. /**************************************************************************/
  618. void
  619. ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
  620. isc_result_t result;
  621. dns_name_t *question_name;
  622. dns_rdataset_t *question_rdataset;
  623. dns_zone_t *zone = NULL;
  624. dns_db_t *db = NULL;
  625. dns_dbversion_t *ver = NULL;
  626. dns_rdataclass_t question_class;
  627. rrstream_t *soa_stream = NULL;
  628. rrstream_t *data_stream = NULL;
  629. rrstream_t *stream = NULL;
  630. dns_difftuple_t *current_soa_tuple = NULL;
  631. dns_name_t *soa_name;
  632. dns_rdataset_t *soa_rdataset;
  633. dns_rdata_t soa_rdata = DNS_RDATA_INIT;
  634. isc_boolean_t have_soa = ISC_FALSE;
  635. const char *mnemonic = NULL;
  636. isc_mem_t *mctx = client->mctx;
  637. dns_message_t *request = client->message;
  638. xfrout_ctx_t *xfr = NULL;
  639. isc_quota_t *quota = NULL;
  640. dns_transfer_format_t format = client->view->transfer_format;
  641. isc_netaddr_t na;
  642. dns_peer_t *peer = NULL;
  643. isc_buffer_t *tsigbuf = NULL;
  644. char *journalfile;
  645. char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")];
  646. char keyname[DNS_NAME_FORMATSIZE];
  647. isc_boolean_t is_poll = ISC_FALSE;
  648. isc_boolean_t is_dlz = ISC_FALSE;
  649. switch (reqtype) {
  650. case dns_rdatatype_axfr:
  651. mnemonic = "AXFR";
  652. break;
  653. case dns_rdatatype_ixfr:
  654. mnemonic = "IXFR";
  655. break;
  656. default:
  657. INSIST(0);
  658. break;
  659. }
  660. ns_client_log(client,
  661. DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT,
  662. ISC_LOG_DEBUG(6), "%s request", mnemonic);
  663. /*
  664. * Apply quota.
  665. */
  666. result = isc_quota_attach(&ns_g_server->xfroutquota, &quota);
  667. if (result != ISC_R_SUCCESS) {
  668. isc_log_write(XFROUT_COMMON_LOGARGS, ISC_LOG_WARNING,
  669. "%s request denied: %s", mnemonic,
  670. isc_result_totext(result));
  671. goto failure;
  672. }
  673. /*
  674. * Interpret the question section.
  675. */
  676. result = dns_message_firstname(request, DNS_SECTION_QUESTION);
  677. INSIST(result == ISC_R_SUCCESS);
  678. /*
  679. * The question section must contain exactly one question, and
  680. * it must be for AXFR/IXFR as appropriate.
  681. */
  682. question_name = NULL;
  683. dns_message_currentname(request, DNS_SECTION_QUESTION, &question_name);
  684. question_rdataset = ISC_LIST_HEAD(question_name->list);
  685. question_class = question_rdataset->rdclass;
  686. INSIST(question_rdataset->type == reqtype);
  687. if (ISC_LIST_NEXT(question_rdataset, link) != NULL)
  688. FAILC(DNS_R_FORMERR, "multiple questions");
  689. result = dns_message_nextname(request, DNS_SECTION_QUESTION);
  690. if (result != ISC_R_NOMORE)
  691. FAILC(DNS_R_FORMERR, "multiple questions");
  692. result = dns_zt_find(client->view->zonetable, question_name, 0, NULL,
  693. &zone);
  694. if (result != ISC_R_SUCCESS) {
  695. /*
  696. * Normal zone table does not have a match.
  697. * Try the DLZ database
  698. */
  699. if (client->view->dlzdatabase != NULL) {
  700. result = dns_dlzallowzonexfr(client->view,
  701. question_name,
  702. &client->peeraddr,
  703. &db);
  704. if (result == ISC_R_NOPERM) {
  705. char _buf1[DNS_NAME_FORMATSIZE];
  706. char _buf2[DNS_RDATACLASS_FORMATSIZE];
  707. result = DNS_R_REFUSED;
  708. dns_name_format(question_name, _buf1,
  709. sizeof(_buf1));
  710. dns_rdataclass_format(question_class,
  711. _buf2, sizeof(_buf2));
  712. ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
  713. NS_LOGMODULE_XFER_OUT,
  714. ISC_LOG_ERROR,
  715. "zone transfer '%s/%s' denied",
  716. _buf1, _buf2);
  717. goto failure;
  718. }
  719. if (result != ISC_R_SUCCESS)
  720. FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
  721. question_name, question_class);
  722. is_dlz = ISC_TRUE;
  723. /*
  724. * DLZ only support full zone transfer, not incremental
  725. */
  726. if (reqtype != dns_rdatatype_axfr) {
  727. mnemonic = "AXFR-style IXFR";
  728. reqtype = dns_rdatatype_axfr;
  729. }
  730. } else {
  731. /*
  732. * not DLZ and not in normal zone table, we are
  733. * not authoritative
  734. */
  735. FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
  736. question_name, question_class);
  737. }
  738. } else {
  739. /* zone table has a match */
  740. switch(dns_zone_gettype(zone)) {
  741. case dns_zone_master:
  742. case dns_zone_slave:
  743. case dns_zone_dlz:
  744. break; /* Master and slave zones are OK for transfer. */
  745. default:
  746. FAILQ(DNS_R_NOTAUTH, "non-authoritative zone", question_name, question_class);
  747. }
  748. CHECK(dns_zone_getdb(zone, &db));
  749. dns_db_currentversion(db, &ver);
  750. }
  751. xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
  752. "%s question section OK", mnemonic);
  753. /*
  754. * Check the authority section. Look for a SOA record with
  755. * the same name and class as the question.
  756. */
  757. for (result = dns_message_firstname(request, DNS_SECTION_AUTHORITY);
  758. result == ISC_R_SUCCESS;
  759. result = dns_message_nextname(request, DNS_SECTION_AUTHORITY))
  760. {
  761. soa_name = NULL;
  762. dns_message_currentname(request, DNS_SECTION_AUTHORITY,
  763. &soa_name);
  764. /*
  765. * Ignore data whose owner name is not the zone apex.
  766. */
  767. if (! dns_name_equal(soa_name, question_name))
  768. continue;
  769. for (soa_rdataset = ISC_LIST_HEAD(soa_name->list);
  770. soa_rdataset != NULL;
  771. soa_rdataset = ISC_LIST_NEXT(soa_rdataset, link))
  772. {
  773. /*
  774. * Ignore non-SOA data.
  775. */
  776. if (soa_rdataset->type != dns_rdatatype_soa)
  777. continue;
  778. if (soa_rdataset->rdclass != question_class)
  779. continue;
  780. CHECK(dns_rdataset_first(soa_rdataset));
  781. dns_rdataset_current(soa_rdataset, &soa_rdata);
  782. result = dns_rdataset_next(soa_rdataset);
  783. if (result == ISC_R_SUCCESS)
  784. FAILC(DNS_R_FORMERR,
  785. "IXFR authority section "
  786. "has multiple SOAs");
  787. have_soa = ISC_TRUE;
  788. goto got_soa;
  789. }
  790. }
  791. got_soa:
  792. if (result != ISC_R_NOMORE)
  793. CHECK(result);
  794. xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
  795. "%s authority section OK", mnemonic);
  796. /*
  797. * If not a DLZ zone, decide whether to allow this transfer.
  798. */
  799. if (!is_dlz) {
  800. ns_client_aclmsg("zone transfer", question_name, reqtype,
  801. client->view->rdclass, msg, sizeof(msg));
  802. CHECK(ns_client_checkacl(client, NULL, msg,
  803. dns_zone_getxfracl(zone),
  804. ISC_TRUE, ISC_LOG_ERROR));
  805. }
  806. /*
  807. * AXFR over UDP is not possible.
  808. */
  809. if (reqtype == dns_rdatatype_axfr &&
  810. (client->attributes & NS_CLIENTATTR_TCP) == 0)
  811. FAILC(DNS_R_FORMERR, "attempted AXFR over UDP");
  812. /*
  813. * Look up the requesting server in the peer table.
  814. */
  815. isc_netaddr_fromsockaddr(&na, &client->peeraddr);
  816. (void)dns_peerlist_peerbyaddr(client->view->peers, &na, &peer);
  817. /*
  818. * Decide on the transfer format (one-answer or many-answers).
  819. */
  820. if (peer != NULL)
  821. (void)dns_peer_gettransferformat(peer, &format);
  822. /*
  823. * Get a dynamically allocated copy of the current SOA.
  824. */
  825. if (is_dlz)
  826. dns_db_currentversion(db, &ver);
  827. CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
  828. &current_soa_tuple));
  829. if (reqtype == dns_rdatatype_ixfr) {
  830. isc_uint32_t begin_serial, current_serial;
  831. isc_boolean_t provide_ixfr;
  832. /*
  833. * Outgoing IXFR may have been disabled for this peer
  834. * or globally.
  835. */
  836. provide_ixfr = client->view->provideixfr;
  837. if (peer != NULL)
  838. (void) dns_peer_getprovideixfr(peer, &provide_ixfr);
  839. if (provide_ixfr == ISC_FALSE)
  840. goto axfr_fallback;
  841. if (! have_soa)
  842. FAILC(DNS_R_FORMERR,
  843. "IXFR request missing SOA");
  844. begin_serial = dns_soa_getserial(&soa_rdata);
  845. current_serial = dns_soa_getserial(&current_soa_tuple->rdata);
  846. /*
  847. * RFC1995 says "If an IXFR query with the same or
  848. * newer version number than that of the server
  849. * is received, it is replied to with a single SOA
  850. * record of the server's current version, just as
  851. * in AXFR". The claim about AXFR is incorrect,
  852. * but other than that, we do as the RFC says.
  853. *
  854. * Sending a single SOA record is also how we refuse
  855. * IXFR over UDP (currently, we always do).
  856. */
  857. if (DNS_SERIAL_GE(begin_serial, current_serial) ||
  858. (client->attributes & NS_CLIENTATTR_TCP) == 0)
  859. {
  860. CHECK(soa_rrstream_create(mctx, db, ver, &stream));
  861. is_poll = ISC_TRUE;
  862. goto have_stream;
  863. }
  864. journalfile = dns_zone_getjournal(zone);
  865. if (journalfile != NULL)
  866. result = ixfr_rrstream_create(mctx,
  867. journalfile,
  868. begin_serial,
  869. current_serial,
  870. &data_stream);
  871. else
  872. result = ISC_R_NOTFOUND;
  873. if (result == ISC_R_NOTFOUND ||
  874. result == ISC_R_RANGE) {
  875. xfrout_log1(client, question_name, question_class,
  876. ISC_LOG_DEBUG(4),
  877. "IXFR version not in journal, "
  878. "falling back to AXFR");
  879. mnemonic = "AXFR-style IXFR";
  880. goto axfr_fallback;
  881. }
  882. CHECK(result);
  883. } else {
  884. axfr_fallback:
  885. CHECK(axfr_rrstream_create(mctx, db, ver,
  886. &data_stream));
  887. }
  888. /*
  889. * Bracket the data stream with SOAs.
  890. */
  891. CHECK(soa_rrstream_create(mctx, db, ver, &soa_stream));
  892. CHECK(compound_rrstream_create(mctx, &soa_stream, &data_stream,
  893. &stream));
  894. soa_stream = NULL;
  895. data_stream = NULL;
  896. have_stream:
  897. CHECK(dns_message_getquerytsig(request, mctx, &tsigbuf));
  898. /*
  899. * Create the xfrout context object. This transfers the ownership
  900. * of "stream", "db", "ver", and "quota" to the xfrout context object.
  901. */
  902. if (is_dlz)
  903. CHECK(xfrout_ctx_create(mctx, client, request->id,
  904. question_name, reqtype, question_class,
  905. zone, db, ver, quota, stream,
  906. dns_message_gettsigkey(request),
  907. tsigbuf,
  908. 3600,
  909. 3600,
  910. (format == dns_many_answers) ?
  911. ISC_TRUE : ISC_FALSE,
  912. &xfr));
  913. else
  914. CHECK(xfrout_ctx_create(mctx, client, request->id,
  915. question_name, reqtype, question_class,
  916. zone, db, ver, quota, stream,
  917. dns_message_gettsigkey(request),
  918. tsigbuf,
  919. dns_zone_getmaxxfrout(zone),
  920. dns_zone_getidleout(zone),
  921. (format == dns_many_answers) ?
  922. ISC_TRUE : ISC_FALSE,
  923. &xfr));
  924. xfr->mnemonic = mnemonic;
  925. stream = NULL;
  926. quota = NULL;
  927. CHECK(xfr->stream->methods->first(xfr->stream));
  928. if (xfr->tsigkey != NULL)
  929. dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname));
  930. else
  931. keyname[0] = '\0';
  932. if (is_poll)
  933. xfrout_log1(client, question_name, question_class,
  934. ISC_LOG_DEBUG(1), "IXFR poll up to date%s%s",
  935. (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname);
  936. else
  937. xfrout_log1(client, question_name, question_class,
  938. ISC_LOG_INFO, "%s started%s%s", mnemonic,
  939. (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname);
  940. /*
  941. * Hand the context over to sendstream(). Set xfr to NULL;
  942. * sendstream() is responsible for either passing the
  943. * context on to a later event handler or destroying it.
  944. */
  945. sendstream(xfr);
  946. xfr = NULL;
  947. result = ISC_R_SUCCESS;
  948. failure:
  949. if (result == DNS_R_REFUSED)
  950. inc_stats(zone, dns_nsstatscounter_xfrrej);
  951. if (quota != NULL)
  952. isc_quota_detach(&quota);
  953. if (current_soa_tuple != NULL)
  954. dns_difftuple_free(&current_soa_tuple);
  955. if (stream != NULL)
  956. stream->methods->destroy(&stream);
  957. if (soa_stream != NULL)
  958. soa_stream->methods->destroy(&soa_stream);
  959. if (data_stream != NULL)
  960. data_stream->methods->destroy(&data_stream);
  961. if (ver != NULL)
  962. dns_db_closeversion(db, &ver, ISC_FALSE);
  963. if (db != NULL)
  964. dns_db_detach(&db);
  965. if (zone != NULL)
  966. dns_zone_detach(&zone);
  967. /* XXX kludge */
  968. if (xfr != NULL) {
  969. xfrout_fail(xfr, result, "setting up zone transfer");
  970. } else if (result != ISC_R_SUCCESS) {
  971. ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT,
  972. NS_LOGMODULE_XFER_OUT,
  973. ISC_LOG_DEBUG(3), "zone transfer setup failed");
  974. ns_client_error(client, result);
  975. }
  976. }
  977. static isc_result_t
  978. xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
  979. dns_name_t *qname, dns_rdatatype_t qtype,
  980. dns_rdataclass_t qclass, dns_zone_t *zone,
  981. dns_db_t *db, dns_dbversion_t *ver, isc_quota_t *quota,
  982. rrstream_t *stream, dns_tsigkey_t *tsigkey,
  983. isc_buffer_t *lasttsig, unsigned int maxtime,
  984. unsigned int idletime, isc_boolean_t many_answers,
  985. xfrout_ctx_t **xfrp)
  986. {
  987. xfrout_ctx_t *xfr;
  988. isc_result_t result;
  989. unsigned int len;
  990. void *mem;
  991. INSIST(xfrp != NULL && *xfrp == NULL);
  992. xfr = isc_mem_get(mctx, sizeof(*xfr));
  993. if (xfr == NULL)
  994. return (ISC_R_NOMEMORY);
  995. xfr->mctx = NULL;
  996. isc_mem_attach(mctx, &xfr->mctx);
  997. xfr->client = NULL;
  998. ns_client_attach(client, &xfr->client);
  999. xfr->id = id;
  1000. xfr->qname = qname;
  1001. xfr->qtype = qtype;
  1002. xfr->qclass = qclass;
  1003. xfr->zone = NULL;
  1004. xfr->db = NULL;
  1005. xfr->ver = NULL;
  1006. if (zone != NULL) /* zone will be NULL if it's DLZ */
  1007. dns_zone_attach(zone, &xfr->zone);
  1008. dns_db_attach(db, &xfr->db);
  1009. dns_db_attachversion(db, ver, &xfr->ver);
  1010. xfr->end_of_stream = ISC_FALSE;
  1011. xfr->tsigkey = tsigkey;
  1012. xfr->lasttsig = lasttsig;
  1013. xfr->txmem = NULL;
  1014. xfr->txmemlen = 0;
  1015. xfr->nmsg = 0;
  1016. xfr->many_answers = many_answers,
  1017. xfr->sends = 0;
  1018. xfr->shuttingdown = ISC_FALSE;
  1019. xfr->mnemonic = NULL;
  1020. xfr->buf.base = NULL;
  1021. xfr->buf.length = 0;
  1022. xfr->txmem = NULL;
  1023. xfr->txmemlen = 0;
  1024. xfr->stream = NULL;
  1025. xfr->quota = NULL;
  1026. /*
  1027. * Allocate a temporary buffer for the uncompressed response
  1028. * message data. The size should be no more than 65535 bytes
  1029. * so that the compressed data will fit in a TCP message,
  1030. * and no less than 65535 bytes so that an almost maximum-sized
  1031. * RR will fit. Note that although 65535-byte RRs are allowed
  1032. * in principle, they cannot be zone-transferred (at least not
  1033. * if uncompressible), because the message and RR headers would
  1034. * push the size of the TCP message over the 65536 byte limit.
  1035. */
  1036. len = 65535;
  1037. mem = isc_mem_get(mctx, len);
  1038. if (mem == NULL) {
  1039. result = ISC_R_NOMEMORY;
  1040. goto failure;
  1041. }
  1042. isc_buffer_init(&xfr->buf, mem, len);
  1043. /*
  1044. * Allocate another temporary buffer for the compressed
  1045. * response message and its TCP length prefix.
  1046. */
  1047. len = 2 + 65535;
  1048. mem = isc_mem_get(mctx, len);
  1049. if (mem == NULL) {
  1050. result = ISC_R_NOMEMORY;
  1051. goto failure;
  1052. }
  1053. isc_buffer_init(&xfr->txlenbuf, mem, 2);
  1054. isc_buffer_init(&xfr->txbuf, (char *) mem + 2, len - 2);
  1055. xfr->txmem = mem;
  1056. xfr->txmemlen = len;
  1057. CHECK(dns_timer_setidle(xfr->client->timer,
  1058. maxtime, idletime, ISC_FALSE));
  1059. /*
  1060. * Register a shutdown callback with the client, so that we
  1061. * can stop the transfer immediately when the client task
  1062. * gets a shutdown event.
  1063. */
  1064. xfr->client->shutdown = xfrout_client_shutdown;
  1065. xfr->client->shutdown_arg = xfr;
  1066. /*
  1067. * These MUST be after the last "goto failure;" / CHECK to
  1068. * prevent a double free by the caller.
  1069. */
  1070. xfr->quota = quota;
  1071. xfr->stream = stream;
  1072. *xfrp = xfr;
  1073. return (ISC_R_SUCCESS);
  1074. failure:
  1075. xfrout_ctx_destroy(&xfr);
  1076. return (result);
  1077. }
  1078. /*
  1079. * Arrange to send as much as we can of "stream" without blocking.
  1080. *
  1081. * Requires:
  1082. * The stream iterator is initialized and points at an RR,
  1083. * or possibly at the end of the stream (that is, the
  1084. * _first method of the iterator has been called).
  1085. */
  1086. static void
  1087. sendstream(xfrout_ctx_t *xfr) {
  1088. dns_message_t *tcpmsg = NULL;
  1089. dns_message_t *msg = NULL; /* Client message if UDP, tcpmsg if TCP */
  1090. isc_result_t result;
  1091. isc_region_t used;
  1092. isc_region_t region;
  1093. dns_rdataset_t *qrdataset;
  1094. dns_name_t *msgname = NULL;
  1095. dns_rdata_t *msgrdata = NULL;
  1096. dns_rdatalist_t *msgrdl = NULL;
  1097. dns_rdataset_t *msgrds = NULL;
  1098. dns_compress_t cctx;
  1099. isc_boolean_t cleanup_cctx = ISC_FALSE;
  1100. int n_rrs;
  1101. isc_buffer_clear(&xfr->buf);
  1102. isc_buffer_clear(&xfr->txlenbuf);
  1103. isc_buffer_clear(&xfr->txbuf);
  1104. if ((xfr->client->attributes & NS_CLIENTATTR_TCP) == 0) {
  1105. /*
  1106. * In the UDP case, we put the response data directly into
  1107. * the client message.
  1108. */
  1109. msg = xfr->client->message;
  1110. CHECK(dns_message_reply(msg, ISC_TRUE));
  1111. } else {
  1112. /*
  1113. * TCP. Build a response dns_message_t, temporarily storing
  1114. * the raw, uncompressed owner names and RR data contiguously
  1115. * in xfr->buf. We know that if the uncompressed data fits
  1116. * in xfr->buf, the compressed data will surely fit in a TCP
  1117. * message.
  1118. */
  1119. CHECK(dns_message_create(xfr->mctx,
  1120. DNS_MESSAGE_INTENTRENDER, &tcpmsg));
  1121. msg = tcpmsg;
  1122. msg->id = xfr->id;
  1123. msg->rcode = dns_rcode_noerror;
  1124. msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
  1125. if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0)
  1126. msg->flags |= DNS_MESSAGEFLAG_RA;
  1127. CHECK(dns_message_settsigkey(msg, xfr->tsigkey));
  1128. CHECK(dns_message_setquerytsig(msg, xfr->lasttsig));
  1129. if (xfr->lasttsig != NULL)
  1130. isc_buffer_free(&xfr->lasttsig);
  1131. /*
  1132. * Account for reserved space.
  1133. */
  1134. if (xfr->tsigkey != NULL)
  1135. INSIST(msg->reserved != 0U);
  1136. isc_buffer_add(&xfr->buf, msg->reserved);
  1137. /*
  1138. * Include a question section in the first message only.
  1139. * BIND 8.2.1 will not recognize an IXFR if it does not
  1140. * have a question section.
  1141. */
  1142. if (xfr->nmsg == 0) {
  1143. dns_name_t *qname = NULL;
  1144. isc_region_t r;
  1145. /*
  1146. * Reserve space for the 12-byte message header
  1147. * and 4 bytes of question.
  1148. */
  1149. isc_buffer_add(&xfr->buf, 12 + 4);
  1150. qrdataset = NULL;
  1151. result = dns_message_gettemprdataset(msg, &qrdataset);
  1152. if (result != ISC_R_SUCCESS)
  1153. goto failure;
  1154. dns_rdataset_init(qrdataset);
  1155. dns_rdataset_makequestion(qrdataset,
  1156. xfr->client->message->rdclass,
  1157. xfr->qtype);
  1158. result = dns_message_gettempname(msg, &qname);
  1159. if (result != ISC_R_SUCCESS)
  1160. goto failure;
  1161. dns_name_init(qname, NULL);
  1162. isc_buffer_availableregion(&xfr->buf, &r);
  1163. INSIST(r.length >= xfr->qname->length);
  1164. r.length = xfr->qname->length;
  1165. isc_buffer_putmem(&xfr->buf, xfr->qname->ndata,
  1166. xfr->qname->length);
  1167. dns_name_fromregion(qname, &r);
  1168. ISC_LIST_INIT(qname->list);
  1169. ISC_LIST_APPEND(qname->list, qrdataset, link);
  1170. dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
  1171. } else {
  1172. /*
  1173. * Reserve space for the 12-byte message header
  1174. */
  1175. isc_buffer_add(&xfr->buf, 12);
  1176. msg->tcp_continuation = 1;
  1177. }
  1178. }
  1179. /*
  1180. * Try to fit in as many RRs as possible, unless "one-answer"
  1181. * format has been requested.
  1182. */
  1183. for (n_rrs = 0; ; n_rrs++) {
  1184. dns_name_t *name = NULL;
  1185. isc_uint32_t ttl;
  1186. dns_rdata_t *rdata = NULL;
  1187. unsigned int size;
  1188. isc_region_t r;
  1189. msgname = NULL;
  1190. msgrdata = NULL;
  1191. msgrdl = NULL;
  1192. msgrds = NULL;
  1193. xfr->stream->methods->current(xfr->stream,
  1194. &name, &ttl, &rdata);
  1195. size = name->length + 10 + rdata->length;
  1196. isc_buffer_availableregion(&xfr->buf, &r);
  1197. if (size >= r.length) {
  1198. /*
  1199. * RR would not fit. If there are other RRs in the
  1200. * buffer, send them now and leave this RR to the
  1201. * next message. If this RR overflows the buffer
  1202. * all by itself, fail.
  1203. *
  1204. * In theory some RRs might fit in a TCP message
  1205. * when compressed even if they do not fit when
  1206. * uncompressed, but surely we don't want
  1207. * to send such monstrosities to an unsuspecting
  1208. * slave.
  1209. */
  1210. if (n_rrs == 0) {
  1211. xfrout_log(xfr, ISC_LOG_WARNING,
  1212. "RR too large for zone transfer "
  1213. "(%d bytes)", size);
  1214. /* XXX DNS_R_RRTOOLARGE? */
  1215. result = ISC_R_NOSPACE;
  1216. goto failure;
  1217. }
  1218. break;
  1219. }
  1220. if (isc_log_wouldlog(ns_g_lctx, XFROUT_RR_LOGLEVEL))
  1221. log_rr(name, rdata, ttl); /* XXX */
  1222. result = dns_message_gettempname(msg, &msgname);
  1223. if (result != ISC_R_SUCCESS)
  1224. goto failure;
  1225. dns_name_init(msgname, NULL);
  1226. isc_buffer_availableregion(&xfr->buf, &r);
  1227. INSIST(r.length >= name->length);
  1228. r.length = name->length;
  1229. isc_buffer_putmem(&xfr->buf, name->ndata, name->length);
  1230. dns_name_fromregion(msgname, &r);
  1231. /* Reserve space for RR header. */
  1232. isc_buffer_add(&xfr->buf, 10);
  1233. result = dns_message_gettemprdata(msg, &msgrdata);
  1234. if (result != ISC_R_SUCCESS)
  1235. goto failure;
  1236. isc_buffer_availableregion(&xfr->buf, &r);
  1237. r.length = rdata->length;
  1238. isc_buffer_putmem(&xfr->buf, rdata->data, rdata->length);
  1239. dns_rdata_init(msgrdata);
  1240. dns_rdata_fromregion(msgrdata,
  1241. rdata->rdclass, rdata->type, &r);
  1242. result = dns_message_gettemprdatalist(msg, &msgrdl);
  1243. if (result != ISC_R_SUCCESS)
  1244. goto failure;
  1245. msgrdl->type = rdata->type;
  1246. msgrdl->rdclass = rdata->rdclass;
  1247. msgrdl->ttl = ttl;
  1248. if (rdata->type == dns_rdatatype_sig ||
  1249. rdata->type == dns_rdatatype_rrsig)
  1250. msgrdl->covers = dns_rdata_covers(rdata);
  1251. else
  1252. msgrdl->covers = dns_rdatatype_none;
  1253. ISC_LINK_INIT(msgrdl, link);
  1254. ISC_LIST_INIT(msgrdl->rdata);
  1255. ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link);
  1256. result = dns_message_gettemprdataset(msg, &msgrds);
  1257. if (result != ISC_R_SUCCESS)
  1258. goto failure;
  1259. dns_rdataset_init(msgrds);
  1260. result = dns_rdatalist_tordataset(msgrdl, msgrds);
  1261. INSIST(result == ISC_R_SUCCESS);
  1262. ISC_LIST_APPEND(msgname->list, msgrds, link);
  1263. dns_message_addname(msg, msgname, DNS_SECTION_ANSWER);
  1264. msgname = NULL;
  1265. result = xfr->stream->methods->next(xfr->stream);
  1266. if (result == ISC_R_NOMORE) {
  1267. xfr->end_of_stream = ISC_TRUE;
  1268. break;
  1269. }
  1270. CHECK(result);
  1271. if (! xfr->many_answers)
  1272. break;
  1273. }
  1274. if ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0) {
  1275. CHECK(dns_compress_init(&cctx, -1, xfr->mctx));
  1276. dns_compress_setsensitive(&cctx, ISC_TRUE);
  1277. cleanup_cctx = ISC_TRUE;
  1278. CHECK(dns_message_renderbegin(msg, &cctx, &xfr->txbuf));
  1279. CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0));
  1280. CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0));
  1281. CHECK(dns_message_renderend(msg));
  1282. dns_compress_invalidate(&cctx);
  1283. cleanup_cctx = ISC_FALSE;
  1284. isc_buffer_usedregion(&xfr->txbuf, &used);
  1285. isc_buffer_putuint16(&xfr->txlenbuf,
  1286. (isc_uint16_t)used.length);
  1287. region.base = xfr->txlenbuf.base;
  1288. region.length = 2 + used.length;
  1289. xfrout_log(xfr, ISC_LOG_DEBUG(8),
  1290. "sending TCP message of %d bytes",
  1291. used.length);
  1292. CHECK(isc_socket_send(xfr->client->tcpsocket, /* XXX */
  1293. &region, xfr->client->task,
  1294. xfrout_senddone,
  1295. xfr));
  1296. xfr->sends++;
  1297. } else {
  1298. xfrout_log(xfr, ISC_LOG_DEBUG(8), "sending IXFR UDP response");
  1299. ns_client_send(xfr->client);
  1300. xfr->stream->methods->pause(xfr->stream);
  1301. xfrout_ctx_destroy(&xfr);
  1302. return;
  1303. }
  1304. /* Advance lasttsig to be the last TSIG generated */
  1305. CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
  1306. xfr->nmsg++;
  1307. failure:
  1308. if (msgname != NULL) {
  1309. if (msgrds != NULL) {
  1310. if (dns_rdataset_isassociated(msgrds))
  1311. dns_rdataset_disassociate(msgrds);
  1312. dns_message_puttemprdataset(msg, &msgrds);
  1313. }
  1314. if (msgrdl != NULL) {
  1315. ISC_LIST_UNLINK(msgrdl->rdata, msgrdata, link);
  1316. dns_message_puttemprdatalist(msg, &msgrdl);
  1317. }
  1318. if (msgrdata != NULL)
  1319. dns_message_puttemprdata(msg, &msgrdata);
  1320. dns_message_puttempname(msg, &msgname);
  1321. }
  1322. if (tcpmsg != NULL)
  1323. dns_message_destroy(&tcpmsg);
  1324. if (cleanup_cctx)
  1325. dns_compress_invalidate(&cctx);
  1326. /*
  1327. * Make sure to release any locks held by database
  1328. * iterators before returning from the event handler.
  1329. */
  1330. xfr->stream->methods->pause(xfr->stream);
  1331. if (result == ISC_R_SUCCESS)
  1332. return;
  1333. xfrout_fail(xfr, result, "sending zone data");
  1334. }
  1335. static void
  1336. xfrout_ctx_destroy(xfrout_ctx_t **xfrp) {
  1337. xfrout_ctx_t *xfr = *xfrp;
  1338. ns_client_t *client = NULL;
  1339. INSIST(xfr->sends == 0);
  1340. xfr->client->shutdown = NULL;
  1341. xfr->client->shutdown_arg = NULL;
  1342. if (xfr->stream != NULL)
  1343. xfr->stream->methods->destroy(&xfr->stream);
  1344. if (xfr->buf.base != NULL)
  1345. isc_mem_put(xfr->mctx, xfr->buf.base, xfr->buf.length);
  1346. if (xfr->txmem != NULL)
  1347. isc_mem_put(xfr->mctx, xfr->txmem, xfr->txmemlen);
  1348. if (xfr->lasttsig != NULL)
  1349. isc_buffer_free(&xfr->lasttsig);
  1350. if (xfr->quota != NULL)
  1351. isc_quota_detach(&xfr->quota);
  1352. if (xfr->ver != NULL)
  1353. dns_db_closeversion(xfr->db, &xfr->ver, ISC_FALSE);
  1354. if (xfr->zone != NULL)
  1355. dns_zone_detach(&xfr->zone);
  1356. if (xfr->db != NULL)
  1357. dns_db_detach(&xfr->db);
  1358. /*
  1359. * We want to detch the client after we have released the memory
  1360. * context as ns_client_detach checks the memory reference count.
  1361. */
  1362. ns_client_attach(xfr->client, &client);
  1363. ns_client_detach(&xfr->client);
  1364. isc_mem_putanddetach(&xfr->mctx, xfr, sizeof(*xfr));
  1365. ns_client_detach(&client);
  1366. *xfrp = NULL;
  1367. }
  1368. static void
  1369. xfrout_senddone(isc_task_t *task, isc_event_t *event) {
  1370. isc_socketevent_t *sev = (isc_socketevent_t *)event;
  1371. xfrout_ctx_t *xfr = (xfrout_ctx_t *)event->ev_arg;
  1372. isc_result_t evresult = sev->result;
  1373. UNUSED(task);
  1374. INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE);
  1375. isc_event_free(&event);
  1376. xfr->sends--;
  1377. INSIST(xfr->sends == 0);
  1378. (void)isc_timer_touch(xfr->client->timer);
  1379. if (xfr->shuttingdown == ISC_TRUE) {
  1380. xfrout_maybe_destroy(xfr);
  1381. } else if (evresult != ISC_R_SUCCESS) {
  1382. xfrout_fail(xfr, evresult, "send");
  1383. } else if (xfr->end_of_stream == ISC_FALSE) {
  1384. sendstream(xfr);
  1385. } else {
  1386. /* End of zone transfer stream. */
  1387. inc_stats(xfr->zone, dns_nsstatscounter_xfrdone);
  1388. xfrout_log(xfr, ISC_LOG_INFO, "%s ended", xfr->mnemonic);
  1389. ns_client_next(xfr->client, ISC_R_SUCCESS);
  1390. xfrout_ctx_destroy(&xfr);
  1391. }
  1392. }
  1393. static void
  1394. xfrout_fail(xfrout_ctx_t *xfr, isc_result_t result, const char *msg) {
  1395. xfr->shuttingdown = ISC_TRUE;
  1396. xfrout_log(xfr, ISC_LOG_ERROR, "%s: %s",
  1397. msg, isc_result_totext(result));
  1398. xfrout_maybe_destroy(xfr);
  1399. }
  1400. static void
  1401. xfrout_maybe_destroy(xfrout_ctx_t *xfr) {
  1402. INSIST(xfr->shuttingdown == ISC_TRUE);
  1403. if (xfr->sends > 0) {
  1404. /*
  1405. * If we are currently sending, cancel it and wait for
  1406. * cancel event before destroying the context.
  1407. */
  1408. isc_socket_cancel(xfr->client->tcpsocket, xfr->client->task,
  1409. ISC_SOCKCANCEL_SEND);
  1410. } else {
  1411. ns_client_next(xfr->client, ISC_R_CANCELED);
  1412. xfrout_ctx_destroy(&xfr);
  1413. }
  1414. }
  1415. static void
  1416. xfrout_client_shutdown(void *arg, isc_result_t result) {
  1417. xfrout_ctx_t *xfr = (xfrout_ctx_t *) arg;
  1418. xfrout_fail(xfr, result, "aborted");
  1419. }
  1420. /*
  1421. * Log outgoing zone transfer messages in a format like
  1422. * <client>: transfer of <zone>: <message>
  1423. */
  1424. static void
  1425. xfrout_logv(ns_client_t *client, dns_name_t *zonename,
  1426. dns_rdataclass_t rdclass, int level, const char *fmt, va_list ap)
  1427. ISC_FORMAT_PRINTF(5, 0);
  1428. static void
  1429. xfrout_logv(ns_client_t *client, dns_name_t *zonename,
  1430. dns_rdataclass_t rdclass, int level, const char *fmt, va_list ap)
  1431. {
  1432. char msgbuf[2048];
  1433. char namebuf[DNS_NAME_FORMATSIZE];
  1434. char classbuf[DNS_RDATACLASS_FORMATSIZE];
  1435. dns_name_format(zonename, namebuf, sizeof(namebuf));
  1436. dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
  1437. vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
  1438. ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT,
  1439. NS_LOGMODULE_XFER_OUT, level,
  1440. "transfer of '%s/%s': %s", namebuf, classbuf, msgbuf);
  1441. }
  1442. /*
  1443. * Logging function for use when a xfrout_ctx_t has not yet been created.
  1444. */
  1445. static void
  1446. xfrout_log1(ns_client_t *client, dns_name_t *zonename,
  1447. dns_rdataclass_t rdclass, int level, const char *fmt, ...) {
  1448. va_list ap;
  1449. va_start(ap, fmt);
  1450. xfrout_logv(client, zonename, rdclass, level, fmt, ap);
  1451. va_end(ap);
  1452. }
  1453. /*
  1454. * Logging function for use when there is a xfrout_ctx_t.
  1455. */
  1456. static void
  1457. xfrout_log(xfrout_ctx_t *xfr, int level, const char *fmt, ...) {
  1458. va_list ap;
  1459. va_start(ap, fmt);
  1460. xfrout_logv(xfr->client, xfr->qname, xfr->qclass, level, fmt, ap);
  1461. va_end(ap);
  1462. }