/contrib/bind9/lib/dns/view.c

https://bitbucket.org/freebsd/freebsd-head/ · C · 1789 lines · 1430 code · 226 blank · 133 comment · 520 complexity · 7607acc3b8973e7dfaa49cd1e377790b MD5 · raw file

  1. /*
  2. * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
  3. * Copyright (C) 1999-2003 Internet Software Consortium.
  4. *
  5. * Permission to use, copy, modify, and/or distribute this software for any
  6. * purpose with or without fee is hereby granted, provided that the above
  7. * copyright notice and this permission notice appear in all copies.
  8. *
  9. * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10. * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11. * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12. * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13. * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14. * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15. * PERFORMANCE OF THIS SOFTWARE.
  16. */
  17. /* $Id$ */
  18. /*! \file */
  19. #include <config.h>
  20. #include <isc/file.h>
  21. #include <isc/hash.h>
  22. #include <isc/print.h>
  23. #include <isc/sha2.h>
  24. #include <isc/stats.h>
  25. #include <isc/string.h> /* Required for HP/UX (and others?) */
  26. #include <isc/task.h>
  27. #include <isc/util.h>
  28. #include <dns/acache.h>
  29. #include <dns/acl.h>
  30. #include <dns/adb.h>
  31. #include <dns/cache.h>
  32. #include <dns/db.h>
  33. #include <dns/dlz.h>
  34. #ifdef BIND9
  35. #include <dns/dns64.h>
  36. #endif
  37. #include <dns/dnssec.h>
  38. #include <dns/events.h>
  39. #include <dns/forward.h>
  40. #include <dns/keytable.h>
  41. #include <dns/keyvalues.h>
  42. #include <dns/master.h>
  43. #include <dns/masterdump.h>
  44. #include <dns/order.h>
  45. #include <dns/peer.h>
  46. #include <dns/rbt.h>
  47. #include <dns/rdataset.h>
  48. #include <dns/request.h>
  49. #include <dns/resolver.h>
  50. #include <dns/result.h>
  51. #include <dns/rpz.h>
  52. #include <dns/stats.h>
  53. #include <dns/tsig.h>
  54. #include <dns/zone.h>
  55. #include <dns/zt.h>
  56. #define RESSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_RESSHUTDOWN) != 0)
  57. #define ADBSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_ADBSHUTDOWN) != 0)
  58. #define REQSHUTDOWN(v) (((v)->attributes & DNS_VIEWATTR_REQSHUTDOWN) != 0)
  59. #define DNS_VIEW_DELONLYHASH 111
  60. static void resolver_shutdown(isc_task_t *task, isc_event_t *event);
  61. static void adb_shutdown(isc_task_t *task, isc_event_t *event);
  62. static void req_shutdown(isc_task_t *task, isc_event_t *event);
  63. isc_result_t
  64. dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
  65. const char *name, dns_view_t **viewp)
  66. {
  67. dns_view_t *view;
  68. isc_result_t result;
  69. /*
  70. * Create a view.
  71. */
  72. REQUIRE(name != NULL);
  73. REQUIRE(viewp != NULL && *viewp == NULL);
  74. view = isc_mem_get(mctx, sizeof(*view));
  75. if (view == NULL)
  76. return (ISC_R_NOMEMORY);
  77. view->name = isc_mem_strdup(mctx, name);
  78. if (view->name == NULL) {
  79. result = ISC_R_NOMEMORY;
  80. goto cleanup_view;
  81. }
  82. result = isc_mutex_init(&view->lock);
  83. if (result != ISC_R_SUCCESS)
  84. goto cleanup_name;
  85. #ifdef BIND9
  86. view->zonetable = NULL;
  87. result = dns_zt_create(mctx, rdclass, &view->zonetable);
  88. if (result != ISC_R_SUCCESS) {
  89. UNEXPECTED_ERROR(__FILE__, __LINE__,
  90. "dns_zt_create() failed: %s",
  91. isc_result_totext(result));
  92. result = ISC_R_UNEXPECTED;
  93. goto cleanup_mutex;
  94. }
  95. #endif
  96. view->secroots_priv = NULL;
  97. view->fwdtable = NULL;
  98. result = dns_fwdtable_create(mctx, &view->fwdtable);
  99. if (result != ISC_R_SUCCESS) {
  100. UNEXPECTED_ERROR(__FILE__, __LINE__,
  101. "dns_fwdtable_create() failed: %s",
  102. isc_result_totext(result));
  103. result = ISC_R_UNEXPECTED;
  104. goto cleanup_zt;
  105. }
  106. view->acache = NULL;
  107. view->cache = NULL;
  108. view->cachedb = NULL;
  109. view->dlzdatabase = NULL;
  110. view->hints = NULL;
  111. view->resolver = NULL;
  112. view->adb = NULL;
  113. view->requestmgr = NULL;
  114. view->mctx = mctx;
  115. view->rdclass = rdclass;
  116. view->frozen = ISC_FALSE;
  117. view->task = NULL;
  118. result = isc_refcount_init(&view->references, 1);
  119. if (result != ISC_R_SUCCESS)
  120. goto cleanup_fwdtable;
  121. view->weakrefs = 0;
  122. view->attributes = (DNS_VIEWATTR_RESSHUTDOWN|DNS_VIEWATTR_ADBSHUTDOWN|
  123. DNS_VIEWATTR_REQSHUTDOWN);
  124. view->statickeys = NULL;
  125. view->dynamickeys = NULL;
  126. view->matchclients = NULL;
  127. view->matchdestinations = NULL;
  128. view->matchrecursiveonly = ISC_FALSE;
  129. result = dns_tsigkeyring_create(view->mctx, &view->dynamickeys);
  130. if (result != ISC_R_SUCCESS)
  131. goto cleanup_references;
  132. view->peers = NULL;
  133. view->order = NULL;
  134. view->delonly = NULL;
  135. view->rootdelonly = ISC_FALSE;
  136. view->rootexclude = NULL;
  137. view->resstats = NULL;
  138. view->resquerystats = NULL;
  139. view->cacheshared = ISC_FALSE;
  140. ISC_LIST_INIT(view->dns64);
  141. view->dns64cnt = 0;
  142. /*
  143. * Initialize configuration data with default values.
  144. */
  145. view->recursion = ISC_TRUE;
  146. view->auth_nxdomain = ISC_FALSE; /* Was true in BIND 8 */
  147. view->additionalfromcache = ISC_TRUE;
  148. view->additionalfromauth = ISC_TRUE;
  149. view->enablednssec = ISC_TRUE;
  150. view->enablevalidation = ISC_TRUE;
  151. view->acceptexpired = ISC_FALSE;
  152. view->minimalresponses = ISC_FALSE;
  153. view->transfer_format = dns_one_answer;
  154. view->cacheacl = NULL;
  155. view->cacheonacl = NULL;
  156. view->queryacl = NULL;
  157. view->queryonacl = NULL;
  158. view->recursionacl = NULL;
  159. view->recursiononacl = NULL;
  160. view->sortlist = NULL;
  161. view->transferacl = NULL;
  162. view->notifyacl = NULL;
  163. view->updateacl = NULL;
  164. view->upfwdacl = NULL;
  165. view->denyansweracl = NULL;
  166. view->answeracl_exclude = NULL;
  167. view->denyanswernames = NULL;
  168. view->answernames_exclude = NULL;
  169. view->requestixfr = ISC_TRUE;
  170. view->provideixfr = ISC_TRUE;
  171. view->maxcachettl = 7 * 24 * 3600;
  172. view->maxncachettl = 3 * 3600;
  173. view->dstport = 53;
  174. view->preferred_glue = 0;
  175. view->flush = ISC_FALSE;
  176. view->dlv = NULL;
  177. view->maxudp = 0;
  178. view->v4_aaaa = dns_v4_aaaa_ok;
  179. view->v4_aaaa_acl = NULL;
  180. ISC_LIST_INIT(view->rpz_zones);
  181. dns_fixedname_init(&view->dlv_fixed);
  182. view->managed_keys = NULL;
  183. #ifdef BIND9
  184. view->new_zone_file = NULL;
  185. view->new_zone_config = NULL;
  186. view->cfg_destroy = NULL;
  187. result = dns_order_create(view->mctx, &view->order);
  188. if (result != ISC_R_SUCCESS)
  189. goto cleanup_dynkeys;
  190. #endif
  191. result = dns_peerlist_new(view->mctx, &view->peers);
  192. if (result != ISC_R_SUCCESS)
  193. goto cleanup_order;
  194. result = dns_aclenv_init(view->mctx, &view->aclenv);
  195. if (result != ISC_R_SUCCESS)
  196. goto cleanup_peerlist;
  197. ISC_LINK_INIT(view, link);
  198. ISC_EVENT_INIT(&view->resevent, sizeof(view->resevent), 0, NULL,
  199. DNS_EVENT_VIEWRESSHUTDOWN, resolver_shutdown,
  200. view, NULL, NULL, NULL);
  201. ISC_EVENT_INIT(&view->adbevent, sizeof(view->adbevent), 0, NULL,
  202. DNS_EVENT_VIEWADBSHUTDOWN, adb_shutdown,
  203. view, NULL, NULL, NULL);
  204. ISC_EVENT_INIT(&view->reqevent, sizeof(view->reqevent), 0, NULL,
  205. DNS_EVENT_VIEWREQSHUTDOWN, req_shutdown,
  206. view, NULL, NULL, NULL);
  207. view->magic = DNS_VIEW_MAGIC;
  208. *viewp = view;
  209. return (ISC_R_SUCCESS);
  210. cleanup_peerlist:
  211. dns_peerlist_detach(&view->peers);
  212. cleanup_order:
  213. #ifdef BIND9
  214. dns_order_detach(&view->order);
  215. cleanup_dynkeys:
  216. #endif
  217. dns_tsigkeyring_detach(&view->dynamickeys);
  218. cleanup_references:
  219. isc_refcount_destroy(&view->references);
  220. cleanup_fwdtable:
  221. dns_fwdtable_destroy(&view->fwdtable);
  222. cleanup_zt:
  223. #ifdef BIND9
  224. dns_zt_detach(&view->zonetable);
  225. cleanup_mutex:
  226. #endif
  227. DESTROYLOCK(&view->lock);
  228. cleanup_name:
  229. isc_mem_free(mctx, view->name);
  230. cleanup_view:
  231. isc_mem_put(mctx, view, sizeof(*view));
  232. return (result);
  233. }
  234. static inline void
  235. destroy(dns_view_t *view) {
  236. #ifdef BIND9
  237. dns_dns64_t *dns64;
  238. #endif
  239. REQUIRE(!ISC_LINK_LINKED(view, link));
  240. REQUIRE(isc_refcount_current(&view->references) == 0);
  241. REQUIRE(view->weakrefs == 0);
  242. REQUIRE(RESSHUTDOWN(view));
  243. REQUIRE(ADBSHUTDOWN(view));
  244. REQUIRE(REQSHUTDOWN(view));
  245. #ifdef BIND9
  246. if (view->order != NULL)
  247. dns_order_detach(&view->order);
  248. #endif
  249. if (view->peers != NULL)
  250. dns_peerlist_detach(&view->peers);
  251. if (view->dynamickeys != NULL) {
  252. isc_result_t result;
  253. char template[20];
  254. char keyfile[20];
  255. FILE *fp = NULL;
  256. int n;
  257. n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys",
  258. view->name);
  259. if (n > 0 && (size_t)n < sizeof(keyfile)) {
  260. result = isc_file_mktemplate(keyfile, template,
  261. sizeof(template));
  262. if (result == ISC_R_SUCCESS)
  263. (void)isc_file_openuniqueprivate(template, &fp);
  264. }
  265. if (fp == NULL)
  266. dns_tsigkeyring_detach(&view->dynamickeys);
  267. else {
  268. result = dns_tsigkeyring_dumpanddetach(
  269. &view->dynamickeys, fp);
  270. if (result == ISC_R_SUCCESS) {
  271. if (fclose(fp) == 0)
  272. result = isc_file_rename(template,
  273. keyfile);
  274. if (result != ISC_R_SUCCESS)
  275. (void)remove(template);
  276. } else {
  277. (void)fclose(fp);
  278. (void)remove(template);
  279. }
  280. }
  281. }
  282. if (view->statickeys != NULL)
  283. dns_tsigkeyring_detach(&view->statickeys);
  284. if (view->adb != NULL)
  285. dns_adb_detach(&view->adb);
  286. if (view->resolver != NULL)
  287. dns_resolver_detach(&view->resolver);
  288. #ifdef BIND9
  289. if (view->acache != NULL) {
  290. if (view->cachedb != NULL)
  291. dns_acache_putdb(view->acache, view->cachedb);
  292. dns_acache_detach(&view->acache);
  293. }
  294. dns_rpz_view_destroy(view);
  295. #else
  296. INSIST(view->acache == NULL);
  297. INSIST(ISC_LIST_EMPTY(view->rpz_zones));
  298. #endif
  299. if (view->requestmgr != NULL)
  300. dns_requestmgr_detach(&view->requestmgr);
  301. if (view->task != NULL)
  302. isc_task_detach(&view->task);
  303. if (view->hints != NULL)
  304. dns_db_detach(&view->hints);
  305. if (view->dlzdatabase != NULL)
  306. dns_dlzdestroy(&view->dlzdatabase);
  307. if (view->cachedb != NULL)
  308. dns_db_detach(&view->cachedb);
  309. if (view->cache != NULL)
  310. dns_cache_detach(&view->cache);
  311. if (view->matchclients != NULL)
  312. dns_acl_detach(&view->matchclients);
  313. if (view->matchdestinations != NULL)
  314. dns_acl_detach(&view->matchdestinations);
  315. if (view->cacheacl != NULL)
  316. dns_acl_detach(&view->cacheacl);
  317. if (view->cacheonacl != NULL)
  318. dns_acl_detach(&view->cacheonacl);
  319. if (view->queryacl != NULL)
  320. dns_acl_detach(&view->queryacl);
  321. if (view->queryonacl != NULL)
  322. dns_acl_detach(&view->queryonacl);
  323. if (view->recursionacl != NULL)
  324. dns_acl_detach(&view->recursionacl);
  325. if (view->recursiononacl != NULL)
  326. dns_acl_detach(&view->recursiononacl);
  327. if (view->sortlist != NULL)
  328. dns_acl_detach(&view->sortlist);
  329. if (view->transferacl != NULL)
  330. dns_acl_detach(&view->transferacl);
  331. if (view->notifyacl != NULL)
  332. dns_acl_detach(&view->notifyacl);
  333. if (view->updateacl != NULL)
  334. dns_acl_detach(&view->updateacl);
  335. if (view->upfwdacl != NULL)
  336. dns_acl_detach(&view->upfwdacl);
  337. if (view->denyansweracl != NULL)
  338. dns_acl_detach(&view->denyansweracl);
  339. if (view->v4_aaaa_acl != NULL)
  340. dns_acl_detach(&view->v4_aaaa_acl);
  341. if (view->answeracl_exclude != NULL)
  342. dns_rbt_destroy(&view->answeracl_exclude);
  343. if (view->denyanswernames != NULL)
  344. dns_rbt_destroy(&view->denyanswernames);
  345. if (view->answernames_exclude != NULL)
  346. dns_rbt_destroy(&view->answernames_exclude);
  347. if (view->delonly != NULL) {
  348. dns_name_t *name;
  349. int i;
  350. for (i = 0; i < DNS_VIEW_DELONLYHASH; i++) {
  351. name = ISC_LIST_HEAD(view->delonly[i]);
  352. while (name != NULL) {
  353. ISC_LIST_UNLINK(view->delonly[i], name, link);
  354. dns_name_free(name, view->mctx);
  355. isc_mem_put(view->mctx, name, sizeof(*name));
  356. name = ISC_LIST_HEAD(view->delonly[i]);
  357. }
  358. }
  359. isc_mem_put(view->mctx, view->delonly, sizeof(dns_namelist_t) *
  360. DNS_VIEW_DELONLYHASH);
  361. view->delonly = NULL;
  362. }
  363. if (view->rootexclude != NULL) {
  364. dns_name_t *name;
  365. int i;
  366. for (i = 0; i < DNS_VIEW_DELONLYHASH; i++) {
  367. name = ISC_LIST_HEAD(view->rootexclude[i]);
  368. while (name != NULL) {
  369. ISC_LIST_UNLINK(view->rootexclude[i],
  370. name, link);
  371. dns_name_free(name, view->mctx);
  372. isc_mem_put(view->mctx, name, sizeof(*name));
  373. name = ISC_LIST_HEAD(view->rootexclude[i]);
  374. }
  375. }
  376. isc_mem_put(view->mctx, view->rootexclude,
  377. sizeof(dns_namelist_t) * DNS_VIEW_DELONLYHASH);
  378. view->rootexclude = NULL;
  379. }
  380. if (view->resstats != NULL)
  381. isc_stats_detach(&view->resstats);
  382. if (view->resquerystats != NULL)
  383. dns_stats_detach(&view->resquerystats);
  384. if (view->secroots_priv != NULL)
  385. dns_keytable_detach(&view->secroots_priv);
  386. #ifdef BIND9
  387. for (dns64 = ISC_LIST_HEAD(view->dns64);
  388. dns64 != NULL;
  389. dns64 = ISC_LIST_HEAD(view->dns64)) {
  390. dns_dns64_unlink(&view->dns64, dns64);
  391. dns_dns64_destroy(&dns64);
  392. }
  393. if (view->managed_keys != NULL)
  394. dns_zone_detach(&view->managed_keys);
  395. dns_view_setnewzones(view, ISC_FALSE, NULL, NULL);
  396. #endif
  397. dns_fwdtable_destroy(&view->fwdtable);
  398. dns_aclenv_destroy(&view->aclenv);
  399. DESTROYLOCK(&view->lock);
  400. isc_refcount_destroy(&view->references);
  401. isc_mem_free(view->mctx, view->name);
  402. isc_mem_put(view->mctx, view, sizeof(*view));
  403. }
  404. /*
  405. * Return true iff 'view' may be freed.
  406. * The caller must be holding the view lock.
  407. */
  408. static isc_boolean_t
  409. all_done(dns_view_t *view) {
  410. if (isc_refcount_current(&view->references) == 0 &&
  411. view->weakrefs == 0 &&
  412. RESSHUTDOWN(view) && ADBSHUTDOWN(view) && REQSHUTDOWN(view))
  413. return (ISC_TRUE);
  414. return (ISC_FALSE);
  415. }
  416. void
  417. dns_view_attach(dns_view_t *source, dns_view_t **targetp) {
  418. REQUIRE(DNS_VIEW_VALID(source));
  419. REQUIRE(targetp != NULL && *targetp == NULL);
  420. isc_refcount_increment(&source->references, NULL);
  421. *targetp = source;
  422. }
  423. static void
  424. view_flushanddetach(dns_view_t **viewp, isc_boolean_t flush) {
  425. dns_view_t *view;
  426. unsigned int refs;
  427. isc_boolean_t done = ISC_FALSE;
  428. REQUIRE(viewp != NULL);
  429. view = *viewp;
  430. REQUIRE(DNS_VIEW_VALID(view));
  431. if (flush)
  432. view->flush = ISC_TRUE;
  433. isc_refcount_decrement(&view->references, &refs);
  434. if (refs == 0) {
  435. LOCK(&view->lock);
  436. if (!RESSHUTDOWN(view))
  437. dns_resolver_shutdown(view->resolver);
  438. if (!ADBSHUTDOWN(view))
  439. dns_adb_shutdown(view->adb);
  440. if (!REQSHUTDOWN(view))
  441. dns_requestmgr_shutdown(view->requestmgr);
  442. #ifdef BIND9
  443. if (view->acache != NULL)
  444. dns_acache_shutdown(view->acache);
  445. if (view->flush)
  446. dns_zt_flushanddetach(&view->zonetable);
  447. else
  448. dns_zt_detach(&view->zonetable);
  449. if (view->managed_keys != NULL) {
  450. if (view->flush)
  451. dns_zone_flush(view->managed_keys);
  452. dns_zone_detach(&view->managed_keys);
  453. }
  454. #endif
  455. done = all_done(view);
  456. UNLOCK(&view->lock);
  457. }
  458. *viewp = NULL;
  459. if (done)
  460. destroy(view);
  461. }
  462. void
  463. dns_view_flushanddetach(dns_view_t **viewp) {
  464. view_flushanddetach(viewp, ISC_TRUE);
  465. }
  466. void
  467. dns_view_detach(dns_view_t **viewp) {
  468. view_flushanddetach(viewp, ISC_FALSE);
  469. }
  470. #ifdef BIND9
  471. static isc_result_t
  472. dialup(dns_zone_t *zone, void *dummy) {
  473. UNUSED(dummy);
  474. dns_zone_dialup(zone);
  475. return (ISC_R_SUCCESS);
  476. }
  477. void
  478. dns_view_dialup(dns_view_t *view) {
  479. REQUIRE(DNS_VIEW_VALID(view));
  480. (void)dns_zt_apply(view->zonetable, ISC_FALSE, dialup, NULL);
  481. }
  482. #endif
  483. void
  484. dns_view_weakattach(dns_view_t *source, dns_view_t **targetp) {
  485. REQUIRE(DNS_VIEW_VALID(source));
  486. REQUIRE(targetp != NULL && *targetp == NULL);
  487. LOCK(&source->lock);
  488. source->weakrefs++;
  489. UNLOCK(&source->lock);
  490. *targetp = source;
  491. }
  492. void
  493. dns_view_weakdetach(dns_view_t **viewp) {
  494. dns_view_t *view;
  495. isc_boolean_t done = ISC_FALSE;
  496. REQUIRE(viewp != NULL);
  497. view = *viewp;
  498. REQUIRE(DNS_VIEW_VALID(view));
  499. LOCK(&view->lock);
  500. INSIST(view->weakrefs > 0);
  501. view->weakrefs--;
  502. done = all_done(view);
  503. UNLOCK(&view->lock);
  504. *viewp = NULL;
  505. if (done)
  506. destroy(view);
  507. }
  508. static void
  509. resolver_shutdown(isc_task_t *task, isc_event_t *event) {
  510. dns_view_t *view = event->ev_arg;
  511. isc_boolean_t done;
  512. REQUIRE(event->ev_type == DNS_EVENT_VIEWRESSHUTDOWN);
  513. REQUIRE(DNS_VIEW_VALID(view));
  514. REQUIRE(view->task == task);
  515. UNUSED(task);
  516. LOCK(&view->lock);
  517. view->attributes |= DNS_VIEWATTR_RESSHUTDOWN;
  518. done = all_done(view);
  519. UNLOCK(&view->lock);
  520. isc_event_free(&event);
  521. if (done)
  522. destroy(view);
  523. }
  524. static void
  525. adb_shutdown(isc_task_t *task, isc_event_t *event) {
  526. dns_view_t *view = event->ev_arg;
  527. isc_boolean_t done;
  528. REQUIRE(event->ev_type == DNS_EVENT_VIEWADBSHUTDOWN);
  529. REQUIRE(DNS_VIEW_VALID(view));
  530. REQUIRE(view->task == task);
  531. UNUSED(task);
  532. LOCK(&view->lock);
  533. view->attributes |= DNS_VIEWATTR_ADBSHUTDOWN;
  534. done = all_done(view);
  535. UNLOCK(&view->lock);
  536. isc_event_free(&event);
  537. if (done)
  538. destroy(view);
  539. }
  540. static void
  541. req_shutdown(isc_task_t *task, isc_event_t *event) {
  542. dns_view_t *view = event->ev_arg;
  543. isc_boolean_t done;
  544. REQUIRE(event->ev_type == DNS_EVENT_VIEWREQSHUTDOWN);
  545. REQUIRE(DNS_VIEW_VALID(view));
  546. REQUIRE(view->task == task);
  547. UNUSED(task);
  548. LOCK(&view->lock);
  549. view->attributes |= DNS_VIEWATTR_REQSHUTDOWN;
  550. done = all_done(view);
  551. UNLOCK(&view->lock);
  552. isc_event_free(&event);
  553. if (done)
  554. destroy(view);
  555. }
  556. isc_result_t
  557. dns_view_createresolver(dns_view_t *view,
  558. isc_taskmgr_t *taskmgr, unsigned int ntasks,
  559. isc_socketmgr_t *socketmgr,
  560. isc_timermgr_t *timermgr,
  561. unsigned int options,
  562. dns_dispatchmgr_t *dispatchmgr,
  563. dns_dispatch_t *dispatchv4,
  564. dns_dispatch_t *dispatchv6)
  565. {
  566. isc_result_t result;
  567. isc_event_t *event;
  568. isc_mem_t *mctx = NULL;
  569. REQUIRE(DNS_VIEW_VALID(view));
  570. REQUIRE(!view->frozen);
  571. REQUIRE(view->resolver == NULL);
  572. result = isc_task_create(taskmgr, 0, &view->task);
  573. if (result != ISC_R_SUCCESS)
  574. return (result);
  575. isc_task_setname(view->task, "view", view);
  576. result = dns_resolver_create(view, taskmgr, ntasks, socketmgr,
  577. timermgr, options, dispatchmgr,
  578. dispatchv4, dispatchv6,
  579. &view->resolver);
  580. if (result != ISC_R_SUCCESS) {
  581. isc_task_detach(&view->task);
  582. return (result);
  583. }
  584. event = &view->resevent;
  585. dns_resolver_whenshutdown(view->resolver, view->task, &event);
  586. view->attributes &= ~DNS_VIEWATTR_RESSHUTDOWN;
  587. result = isc_mem_create(0, 0, &mctx);
  588. if (result != ISC_R_SUCCESS) {
  589. dns_resolver_shutdown(view->resolver);
  590. return (result);
  591. }
  592. result = dns_adb_create(mctx, view, timermgr, taskmgr, &view->adb);
  593. isc_mem_setname(mctx, "ADB", NULL);
  594. isc_mem_detach(&mctx);
  595. if (result != ISC_R_SUCCESS) {
  596. dns_resolver_shutdown(view->resolver);
  597. return (result);
  598. }
  599. event = &view->adbevent;
  600. dns_adb_whenshutdown(view->adb, view->task, &event);
  601. view->attributes &= ~DNS_VIEWATTR_ADBSHUTDOWN;
  602. result = dns_requestmgr_create(view->mctx, timermgr, socketmgr,
  603. dns_resolver_taskmgr(view->resolver),
  604. dns_resolver_dispatchmgr(view->resolver),
  605. dns_resolver_dispatchv4(view->resolver),
  606. dns_resolver_dispatchv6(view->resolver),
  607. &view->requestmgr);
  608. if (result != ISC_R_SUCCESS) {
  609. dns_adb_shutdown(view->adb);
  610. dns_resolver_shutdown(view->resolver);
  611. return (result);
  612. }
  613. event = &view->reqevent;
  614. dns_requestmgr_whenshutdown(view->requestmgr, view->task, &event);
  615. view->attributes &= ~DNS_VIEWATTR_REQSHUTDOWN;
  616. return (ISC_R_SUCCESS);
  617. }
  618. void
  619. dns_view_setcache(dns_view_t *view, dns_cache_t *cache) {
  620. dns_view_setcache2(view, cache, ISC_FALSE);
  621. }
  622. void
  623. dns_view_setcache2(dns_view_t *view, dns_cache_t *cache, isc_boolean_t shared) {
  624. REQUIRE(DNS_VIEW_VALID(view));
  625. REQUIRE(!view->frozen);
  626. view->cacheshared = shared;
  627. if (view->cache != NULL) {
  628. #ifdef BIND9
  629. if (view->acache != NULL)
  630. dns_acache_putdb(view->acache, view->cachedb);
  631. #endif
  632. dns_db_detach(&view->cachedb);
  633. dns_cache_detach(&view->cache);
  634. }
  635. dns_cache_attach(cache, &view->cache);
  636. dns_cache_attachdb(cache, &view->cachedb);
  637. INSIST(DNS_DB_VALID(view->cachedb));
  638. #ifdef BIND9
  639. if (view->acache != NULL)
  640. dns_acache_setdb(view->acache, view->cachedb);
  641. #endif
  642. }
  643. isc_boolean_t
  644. dns_view_iscacheshared(dns_view_t *view) {
  645. REQUIRE(DNS_VIEW_VALID(view));
  646. return (view->cacheshared);
  647. }
  648. void
  649. dns_view_sethints(dns_view_t *view, dns_db_t *hints) {
  650. REQUIRE(DNS_VIEW_VALID(view));
  651. REQUIRE(!view->frozen);
  652. REQUIRE(view->hints == NULL);
  653. REQUIRE(dns_db_iszone(hints));
  654. dns_db_attach(hints, &view->hints);
  655. }
  656. void
  657. dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
  658. REQUIRE(DNS_VIEW_VALID(view));
  659. REQUIRE(ring != NULL);
  660. if (view->statickeys != NULL)
  661. dns_tsigkeyring_detach(&view->statickeys);
  662. dns_tsigkeyring_attach(ring, &view->statickeys);
  663. }
  664. void
  665. dns_view_setdynamickeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
  666. REQUIRE(DNS_VIEW_VALID(view));
  667. REQUIRE(ring != NULL);
  668. if (view->dynamickeys != NULL)
  669. dns_tsigkeyring_detach(&view->dynamickeys);
  670. dns_tsigkeyring_attach(ring, &view->dynamickeys);
  671. }
  672. void
  673. dns_view_getdynamickeyring(dns_view_t *view, dns_tsig_keyring_t **ringp) {
  674. REQUIRE(DNS_VIEW_VALID(view));
  675. REQUIRE(ringp != NULL && *ringp == NULL);
  676. if (view->dynamickeys != NULL)
  677. dns_tsigkeyring_attach(view->dynamickeys, ringp);
  678. }
  679. void
  680. dns_view_restorekeyring(dns_view_t *view) {
  681. FILE *fp;
  682. char keyfile[20];
  683. int n;
  684. REQUIRE(DNS_VIEW_VALID(view));
  685. if (view->dynamickeys != NULL) {
  686. n = snprintf(keyfile, sizeof(keyfile), "%s.tsigkeys",
  687. view->name);
  688. if (n > 0 && (size_t)n < sizeof(keyfile)) {
  689. fp = fopen(keyfile, "r");
  690. if (fp != NULL) {
  691. dns_keyring_restore(view->dynamickeys, fp);
  692. (void)fclose(fp);
  693. }
  694. }
  695. }
  696. }
  697. void
  698. dns_view_setdstport(dns_view_t *view, in_port_t dstport) {
  699. REQUIRE(DNS_VIEW_VALID(view));
  700. view->dstport = dstport;
  701. }
  702. void
  703. dns_view_freeze(dns_view_t *view) {
  704. REQUIRE(DNS_VIEW_VALID(view));
  705. REQUIRE(!view->frozen);
  706. if (view->resolver != NULL) {
  707. INSIST(view->cachedb != NULL);
  708. dns_resolver_freeze(view->resolver);
  709. }
  710. view->frozen = ISC_TRUE;
  711. }
  712. #ifdef BIND9
  713. void
  714. dns_view_thaw(dns_view_t *view) {
  715. REQUIRE(DNS_VIEW_VALID(view));
  716. REQUIRE(view->frozen);
  717. view->frozen = ISC_FALSE;
  718. }
  719. isc_result_t
  720. dns_view_addzone(dns_view_t *view, dns_zone_t *zone) {
  721. isc_result_t result;
  722. REQUIRE(DNS_VIEW_VALID(view));
  723. REQUIRE(!view->frozen);
  724. result = dns_zt_mount(view->zonetable, zone);
  725. return (result);
  726. }
  727. #endif
  728. #ifdef BIND9
  729. isc_result_t
  730. dns_view_findzone(dns_view_t *view, dns_name_t *name, dns_zone_t **zonep) {
  731. isc_result_t result;
  732. REQUIRE(DNS_VIEW_VALID(view));
  733. result = dns_zt_find(view->zonetable, name, 0, NULL, zonep);
  734. if (result == DNS_R_PARTIALMATCH) {
  735. dns_zone_detach(zonep);
  736. result = ISC_R_NOTFOUND;
  737. }
  738. return (result);
  739. }
  740. #endif
  741. isc_result_t
  742. dns_view_find(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
  743. isc_stdtime_t now, unsigned int options, isc_boolean_t use_hints,
  744. dns_db_t **dbp, dns_dbnode_t **nodep, dns_name_t *foundname,
  745. dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) {
  746. return (dns_view_find2(view, name, type, now, options, use_hints,
  747. ISC_FALSE, dbp, nodep, foundname, rdataset,
  748. sigrdataset));
  749. }
  750. isc_result_t
  751. dns_view_find2(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
  752. isc_stdtime_t now, unsigned int options,
  753. isc_boolean_t use_hints, isc_boolean_t use_static_stub,
  754. dns_db_t **dbp, dns_dbnode_t **nodep, dns_name_t *foundname,
  755. dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
  756. {
  757. isc_result_t result;
  758. dns_db_t *db, *zdb;
  759. dns_dbnode_t *node, *znode;
  760. isc_boolean_t is_cache, is_staticstub_zone;
  761. dns_rdataset_t zrdataset, zsigrdataset;
  762. dns_zone_t *zone;
  763. #ifndef BIND9
  764. UNUSED(use_hints);
  765. UNUSED(use_static_stub);
  766. #endif
  767. /*
  768. * Find an rdataset whose owner name is 'name', and whose type is
  769. * 'type'.
  770. */
  771. REQUIRE(DNS_VIEW_VALID(view));
  772. REQUIRE(view->frozen);
  773. REQUIRE(type != dns_rdatatype_rrsig);
  774. REQUIRE(rdataset != NULL); /* XXXBEW - remove this */
  775. REQUIRE(nodep == NULL || *nodep == NULL);
  776. /*
  777. * Initialize.
  778. */
  779. dns_rdataset_init(&zrdataset);
  780. dns_rdataset_init(&zsigrdataset);
  781. zdb = NULL;
  782. znode = NULL;
  783. /*
  784. * Find a database to answer the query.
  785. */
  786. zone = NULL;
  787. db = NULL;
  788. node = NULL;
  789. is_staticstub_zone = ISC_FALSE;
  790. #ifdef BIND9
  791. result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
  792. if (zone != NULL && dns_zone_gettype(zone) == dns_zone_staticstub &&
  793. !use_static_stub) {
  794. result = ISC_R_NOTFOUND;
  795. }
  796. if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH) {
  797. result = dns_zone_getdb(zone, &db);
  798. if (result != ISC_R_SUCCESS && view->cachedb != NULL)
  799. dns_db_attach(view->cachedb, &db);
  800. else if (result != ISC_R_SUCCESS)
  801. goto cleanup;
  802. if (dns_zone_gettype(zone) == dns_zone_staticstub &&
  803. dns_name_equal(name, dns_zone_getorigin(zone))) {
  804. is_staticstub_zone = ISC_TRUE;
  805. }
  806. } else if (result == ISC_R_NOTFOUND && view->cachedb != NULL)
  807. dns_db_attach(view->cachedb, &db);
  808. #else
  809. result = ISC_R_NOTFOUND;
  810. if (view->cachedb != NULL)
  811. dns_db_attach(view->cachedb, &db);
  812. #endif /* BIND9 */
  813. else
  814. goto cleanup;
  815. is_cache = dns_db_iscache(db);
  816. db_find:
  817. /*
  818. * Now look for an answer in the database.
  819. */
  820. result = dns_db_find(db, name, NULL, type, options,
  821. now, &node, foundname, rdataset, sigrdataset);
  822. if (result == DNS_R_DELEGATION || result == ISC_R_NOTFOUND) {
  823. if (dns_rdataset_isassociated(rdataset))
  824. dns_rdataset_disassociate(rdataset);
  825. if (sigrdataset != NULL &&
  826. dns_rdataset_isassociated(sigrdataset))
  827. dns_rdataset_disassociate(sigrdataset);
  828. if (node != NULL)
  829. dns_db_detachnode(db, &node);
  830. if (!is_cache) {
  831. dns_db_detach(&db);
  832. if (view->cachedb != NULL && !is_staticstub_zone) {
  833. /*
  834. * Either the answer is in the cache, or we
  835. * don't know it.
  836. * Note that if the result comes from a
  837. * static-stub zone we stop the search here
  838. * (see the function description in view.h).
  839. */
  840. is_cache = ISC_TRUE;
  841. dns_db_attach(view->cachedb, &db);
  842. goto db_find;
  843. }
  844. } else {
  845. /*
  846. * We don't have the data in the cache. If we've got
  847. * glue from the zone, use it.
  848. */
  849. if (dns_rdataset_isassociated(&zrdataset)) {
  850. dns_rdataset_clone(&zrdataset, rdataset);
  851. if (sigrdataset != NULL &&
  852. dns_rdataset_isassociated(&zsigrdataset))
  853. dns_rdataset_clone(&zsigrdataset,
  854. sigrdataset);
  855. result = DNS_R_GLUE;
  856. if (db != NULL)
  857. dns_db_detach(&db);
  858. dns_db_attach(zdb, &db);
  859. dns_db_attachnode(db, znode, &node);
  860. goto cleanup;
  861. }
  862. }
  863. /*
  864. * We don't know the answer.
  865. */
  866. result = ISC_R_NOTFOUND;
  867. } else if (result == DNS_R_GLUE) {
  868. if (view->cachedb != NULL && !is_staticstub_zone) {
  869. /*
  870. * We found an answer, but the cache may be better.
  871. * Remember what we've got and go look in the cache.
  872. */
  873. is_cache = ISC_TRUE;
  874. dns_rdataset_clone(rdataset, &zrdataset);
  875. dns_rdataset_disassociate(rdataset);
  876. if (sigrdataset != NULL &&
  877. dns_rdataset_isassociated(sigrdataset)) {
  878. dns_rdataset_clone(sigrdataset, &zsigrdataset);
  879. dns_rdataset_disassociate(sigrdataset);
  880. }
  881. dns_db_attach(db, &zdb);
  882. dns_db_attachnode(zdb, node, &znode);
  883. dns_db_detachnode(db, &node);
  884. dns_db_detach(&db);
  885. dns_db_attach(view->cachedb, &db);
  886. goto db_find;
  887. }
  888. /*
  889. * Otherwise, the glue is the best answer.
  890. */
  891. result = ISC_R_SUCCESS;
  892. }
  893. #ifdef BIND9
  894. if (result == ISC_R_NOTFOUND && use_hints && view->hints != NULL) {
  895. if (dns_rdataset_isassociated(rdataset))
  896. dns_rdataset_disassociate(rdataset);
  897. if (sigrdataset != NULL &&
  898. dns_rdataset_isassociated(sigrdataset))
  899. dns_rdataset_disassociate(sigrdataset);
  900. if (db != NULL) {
  901. if (node != NULL)
  902. dns_db_detachnode(db, &node);
  903. dns_db_detach(&db);
  904. }
  905. result = dns_db_find(view->hints, name, NULL, type, options,
  906. now, &node, foundname,
  907. rdataset, sigrdataset);
  908. if (result == ISC_R_SUCCESS || result == DNS_R_GLUE) {
  909. /*
  910. * We just used a hint. Let the resolver know it
  911. * should consider priming.
  912. */
  913. dns_resolver_prime(view->resolver);
  914. dns_db_attach(view->hints, &db);
  915. result = DNS_R_HINT;
  916. } else if (result == DNS_R_NXRRSET) {
  917. dns_db_attach(view->hints, &db);
  918. result = DNS_R_HINTNXRRSET;
  919. } else if (result == DNS_R_NXDOMAIN)
  920. result = ISC_R_NOTFOUND;
  921. /*
  922. * Cleanup if non-standard hints are used.
  923. */
  924. if (db == NULL && node != NULL)
  925. dns_db_detachnode(view->hints, &node);
  926. }
  927. #endif /* BIND9 */
  928. cleanup:
  929. if (dns_rdataset_isassociated(&zrdataset)) {
  930. dns_rdataset_disassociate(&zrdataset);
  931. if (dns_rdataset_isassociated(&zsigrdataset))
  932. dns_rdataset_disassociate(&zsigrdataset);
  933. }
  934. if (zdb != NULL) {
  935. if (znode != NULL)
  936. dns_db_detachnode(zdb, &znode);
  937. dns_db_detach(&zdb);
  938. }
  939. if (db != NULL) {
  940. if (node != NULL) {
  941. if (nodep != NULL)
  942. *nodep = node;
  943. else
  944. dns_db_detachnode(db, &node);
  945. }
  946. if (dbp != NULL)
  947. *dbp = db;
  948. else
  949. dns_db_detach(&db);
  950. } else
  951. INSIST(node == NULL);
  952. #ifdef BIND9
  953. if (zone != NULL)
  954. dns_zone_detach(&zone);
  955. #endif
  956. return (result);
  957. }
  958. isc_result_t
  959. dns_view_simplefind(dns_view_t *view, dns_name_t *name, dns_rdatatype_t type,
  960. isc_stdtime_t now, unsigned int options,
  961. isc_boolean_t use_hints,
  962. dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
  963. {
  964. isc_result_t result;
  965. dns_fixedname_t foundname;
  966. dns_fixedname_init(&foundname);
  967. result = dns_view_find(view, name, type, now, options, use_hints,
  968. NULL, NULL, dns_fixedname_name(&foundname),
  969. rdataset, sigrdataset);
  970. if (result == DNS_R_NXDOMAIN) {
  971. /*
  972. * The rdataset and sigrdataset of the relevant NSEC record
  973. * may be returned, but the caller cannot use them because
  974. * foundname is not returned by this simplified API. We
  975. * disassociate them here to prevent any misuse by the caller.
  976. */
  977. if (dns_rdataset_isassociated(rdataset))
  978. dns_rdataset_disassociate(rdataset);
  979. if (sigrdataset != NULL &&
  980. dns_rdataset_isassociated(sigrdataset))
  981. dns_rdataset_disassociate(sigrdataset);
  982. } else if (result != ISC_R_SUCCESS &&
  983. result != DNS_R_GLUE &&
  984. result != DNS_R_HINT &&
  985. result != DNS_R_NCACHENXDOMAIN &&
  986. result != DNS_R_NCACHENXRRSET &&
  987. result != DNS_R_NXRRSET &&
  988. result != DNS_R_HINTNXRRSET &&
  989. result != ISC_R_NOTFOUND) {
  990. if (dns_rdataset_isassociated(rdataset))
  991. dns_rdataset_disassociate(rdataset);
  992. if (sigrdataset != NULL &&
  993. dns_rdataset_isassociated(sigrdataset))
  994. dns_rdataset_disassociate(sigrdataset);
  995. result = ISC_R_NOTFOUND;
  996. }
  997. return (result);
  998. }
  999. isc_result_t
  1000. dns_view_findzonecut(dns_view_t *view, dns_name_t *name, dns_name_t *fname,
  1001. isc_stdtime_t now, unsigned int options,
  1002. isc_boolean_t use_hints,
  1003. dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
  1004. {
  1005. return(dns_view_findzonecut2(view, name, fname, now, options,
  1006. use_hints, ISC_TRUE,
  1007. rdataset, sigrdataset));
  1008. }
  1009. isc_result_t
  1010. dns_view_findzonecut2(dns_view_t *view, dns_name_t *name, dns_name_t *fname,
  1011. isc_stdtime_t now, unsigned int options,
  1012. isc_boolean_t use_hints, isc_boolean_t use_cache,
  1013. dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset)
  1014. {
  1015. isc_result_t result;
  1016. dns_db_t *db;
  1017. isc_boolean_t is_cache, use_zone, try_hints;
  1018. dns_zone_t *zone;
  1019. dns_name_t *zfname;
  1020. dns_rdataset_t zrdataset, zsigrdataset;
  1021. dns_fixedname_t zfixedname;
  1022. REQUIRE(DNS_VIEW_VALID(view));
  1023. REQUIRE(view->frozen);
  1024. db = NULL;
  1025. zone = NULL;
  1026. use_zone = ISC_FALSE;
  1027. try_hints = ISC_FALSE;
  1028. zfname = NULL;
  1029. /*
  1030. * Initialize.
  1031. */
  1032. dns_fixedname_init(&zfixedname);
  1033. dns_rdataset_init(&zrdataset);
  1034. dns_rdataset_init(&zsigrdataset);
  1035. /*
  1036. * Find the right database.
  1037. */
  1038. #ifdef BIND9
  1039. result = dns_zt_find(view->zonetable, name, 0, NULL, &zone);
  1040. if (result == ISC_R_SUCCESS || result == DNS_R_PARTIALMATCH)
  1041. result = dns_zone_getdb(zone, &db);
  1042. #else
  1043. result = ISC_R_NOTFOUND;
  1044. #endif
  1045. if (result == ISC_R_NOTFOUND) {
  1046. /*
  1047. * We're not directly authoritative for this query name, nor
  1048. * is it a subdomain of any zone for which we're
  1049. * authoritative.
  1050. */
  1051. if (use_cache && view->cachedb != NULL) {
  1052. /*
  1053. * We have a cache; try it.
  1054. */
  1055. dns_db_attach(view->cachedb, &db);
  1056. } else {
  1057. /*
  1058. * Maybe we have hints...
  1059. */
  1060. try_hints = ISC_TRUE;
  1061. goto finish;
  1062. }
  1063. } else if (result != ISC_R_SUCCESS) {
  1064. /*
  1065. * Something is broken.
  1066. */
  1067. goto cleanup;
  1068. }
  1069. is_cache = dns_db_iscache(db);
  1070. db_find:
  1071. /*
  1072. * Look for the zonecut.
  1073. */
  1074. if (!is_cache) {
  1075. result = dns_db_find(db, name, NULL, dns_rdatatype_ns, options,
  1076. now, NULL, fname, rdataset, sigrdataset);
  1077. if (result == DNS_R_DELEGATION)
  1078. result = ISC_R_SUCCESS;
  1079. else if (result != ISC_R_SUCCESS)
  1080. goto cleanup;
  1081. if (use_cache && view->cachedb != NULL && db != view->hints) {
  1082. /*
  1083. * We found an answer, but the cache may be better.
  1084. */
  1085. zfname = dns_fixedname_name(&zfixedname);
  1086. result = dns_name_copy(fname, zfname, NULL);
  1087. if (result != ISC_R_SUCCESS)
  1088. goto cleanup;
  1089. dns_rdataset_clone(rdataset, &zrdataset);
  1090. dns_rdataset_disassociate(rdataset);
  1091. if (sigrdataset != NULL &&
  1092. dns_rdataset_isassociated(sigrdataset)) {
  1093. dns_rdataset_clone(sigrdataset, &zsigrdataset);
  1094. dns_rdataset_disassociate(sigrdataset);
  1095. }
  1096. dns_db_detach(&db);
  1097. dns_db_attach(view->cachedb, &db);
  1098. is_cache = ISC_TRUE;
  1099. goto db_find;
  1100. }
  1101. } else {
  1102. result = dns_db_findzonecut(db, name, options, now, NULL,
  1103. fname, rdataset, sigrdataset);
  1104. if (result == ISC_R_SUCCESS) {
  1105. if (zfname != NULL &&
  1106. (!dns_name_issubdomain(fname, zfname) ||
  1107. (dns_zone_staticstub &&
  1108. dns_name_equal(fname, zfname)))) {
  1109. /*
  1110. * We found a zonecut in the cache, but our
  1111. * zone delegation is better.
  1112. */
  1113. use_zone = ISC_TRUE;
  1114. }
  1115. } else if (result == ISC_R_NOTFOUND) {
  1116. if (zfname != NULL) {
  1117. /*
  1118. * We didn't find anything in the cache, but we
  1119. * have a zone delegation, so use it.
  1120. */
  1121. use_zone = ISC_TRUE;
  1122. } else {
  1123. /*
  1124. * Maybe we have hints...
  1125. */
  1126. try_hints = ISC_TRUE;
  1127. }
  1128. } else {
  1129. /*
  1130. * Something bad happened.
  1131. */
  1132. goto cleanup;
  1133. }
  1134. }
  1135. finish:
  1136. if (use_zone) {
  1137. if (dns_rdataset_isassociated(rdataset)) {
  1138. dns_rdataset_disassociate(rdataset);
  1139. if (sigrdataset != NULL &&
  1140. dns_rdataset_isassociated(sigrdataset))
  1141. dns_rdataset_disassociate(sigrdataset);
  1142. }
  1143. result = dns_name_copy(zfname, fname, NULL);
  1144. if (result != ISC_R_SUCCESS)
  1145. goto cleanup;
  1146. dns_rdataset_clone(&zrdataset, rdataset);
  1147. if (sigrdataset != NULL &&
  1148. dns_rdataset_isassociated(&zrdataset))
  1149. dns_rdataset_clone(&zsigrdataset, sigrdataset);
  1150. } else if (try_hints && use_hints && view->hints != NULL) {
  1151. /*
  1152. * We've found nothing so far, but we have hints.
  1153. */
  1154. result = dns_db_find(view->hints, dns_rootname, NULL,
  1155. dns_rdatatype_ns, 0, now, NULL, fname,
  1156. rdataset, NULL);
  1157. if (result != ISC_R_SUCCESS) {
  1158. /*
  1159. * We can't even find the hints for the root
  1160. * nameservers!
  1161. */
  1162. if (dns_rdataset_isassociated(rdataset))
  1163. dns_rdataset_disassociate(rdataset);
  1164. result = ISC_R_NOTFOUND;
  1165. }
  1166. }
  1167. cleanup:
  1168. if (dns_rdataset_isassociated(&zrdataset)) {
  1169. dns_rdataset_disassociate(&zrdataset);
  1170. if (dns_rdataset_isassociated(&zsigrdataset))
  1171. dns_rdataset_disassociate(&zsigrdataset);
  1172. }
  1173. if (db != NULL)
  1174. dns_db_detach(&db);
  1175. #ifdef BIND9
  1176. if (zone != NULL)
  1177. dns_zone_detach(&zone);
  1178. #endif
  1179. return (result);
  1180. }
  1181. isc_result_t
  1182. dns_viewlist_find(dns_viewlist_t *list, const char *name,
  1183. dns_rdataclass_t rdclass, dns_view_t **viewp)
  1184. {
  1185. dns_view_t *view;
  1186. REQUIRE(list != NULL);
  1187. for (view = ISC_LIST_HEAD(*list);
  1188. view != NULL;
  1189. view = ISC_LIST_NEXT(view, link)) {
  1190. if (strcmp(view->name, name) == 0 && view->rdclass == rdclass)
  1191. break;
  1192. }
  1193. if (view == NULL)
  1194. return (ISC_R_NOTFOUND);
  1195. dns_view_attach(view, viewp);
  1196. return (ISC_R_SUCCESS);
  1197. }
  1198. #ifdef BIND9
  1199. isc_result_t
  1200. dns_viewlist_findzone(dns_viewlist_t *list, dns_name_t *name,
  1201. isc_boolean_t allclasses, dns_rdataclass_t rdclass,
  1202. dns_zone_t **zonep)
  1203. {
  1204. dns_view_t *view;
  1205. isc_result_t result;
  1206. dns_zone_t *zone1 = NULL, *zone2 = NULL;
  1207. dns_zone_t **zp = NULL;;
  1208. REQUIRE(list != NULL);
  1209. for (view = ISC_LIST_HEAD(*list);
  1210. view != NULL;
  1211. view = ISC_LIST_NEXT(view, link)) {
  1212. if (allclasses == ISC_FALSE && view->rdclass != rdclass)
  1213. continue;
  1214. /*
  1215. * If the zone is defined in more than one view,
  1216. * treat it as not found.
  1217. */
  1218. zp = (zone1 == NULL) ? &zone1 : &zone2;
  1219. result = dns_zt_find(view->zonetable, name, 0, NULL, zp);
  1220. INSIST(result == ISC_R_SUCCESS ||
  1221. result == ISC_R_NOTFOUND ||
  1222. result == DNS_R_PARTIALMATCH);
  1223. /* Treat a partial match as no match */
  1224. if (result == DNS_R_PARTIALMATCH) {
  1225. dns_zone_detach(zp);
  1226. result = ISC_R_NOTFOUND;
  1227. POST(result);
  1228. }
  1229. if (zone2 != NULL) {
  1230. dns_zone_detach(&zone1);
  1231. dns_zone_detach(&zone2);
  1232. return (ISC_R_NOTFOUND);
  1233. }
  1234. }
  1235. if (zone1 != NULL) {
  1236. dns_zone_attach(zone1, zonep);
  1237. dns_zone_detach(&zone1);
  1238. return (ISC_R_SUCCESS);
  1239. }
  1240. return (ISC_R_NOTFOUND);
  1241. }
  1242. isc_result_t
  1243. dns_view_load(dns_view_t *view, isc_boolean_t stop) {
  1244. REQUIRE(DNS_VIEW_VALID(view));
  1245. return (dns_zt_load(view->zonetable, stop));
  1246. }
  1247. isc_result_t
  1248. dns_view_loadnew(dns_view_t *view, isc_boolean_t stop) {
  1249. REQUIRE(DNS_VIEW_VALID(view));
  1250. return (dns_zt_loadnew(view->zonetable, stop));
  1251. }
  1252. #endif /* BIND9 */
  1253. isc_result_t
  1254. dns_view_gettsig(dns_view_t *view, dns_name_t *keyname, dns_tsigkey_t **keyp)
  1255. {
  1256. isc_result_t result;
  1257. REQUIRE(keyp != NULL && *keyp == NULL);
  1258. result = dns_tsigkey_find(keyp, keyname, NULL,
  1259. view->statickeys);
  1260. if (result == ISC_R_NOTFOUND)
  1261. result = dns_tsigkey_find(keyp, keyname, NULL,
  1262. view->dynamickeys);
  1263. return (result);
  1264. }
  1265. isc_result_t
  1266. dns_view_getpeertsig(dns_view_t *view, isc_netaddr_t *peeraddr,
  1267. dns_tsigkey_t **keyp)
  1268. {
  1269. isc_result_t result;
  1270. dns_name_t *keyname = NULL;
  1271. dns_peer_t *peer = NULL;
  1272. result = dns_peerlist_peerbyaddr(view->peers, peeraddr, &peer);
  1273. if (result != ISC_R_SUCCESS)
  1274. return (result);
  1275. result = dns_peer_getkey(peer, &keyname);
  1276. if (result != ISC_R_SUCCESS)
  1277. return (result);
  1278. result = dns_view_gettsig(view, keyname, keyp);
  1279. return ((result == ISC_R_NOTFOUND) ? ISC_R_FAILURE : result);
  1280. }
  1281. isc_result_t
  1282. dns_view_checksig(dns_view_t *view, isc_buffer_t *source, dns_message_t *msg) {
  1283. REQUIRE(DNS_VIEW_VALID(view));
  1284. REQUIRE(source != NULL);
  1285. return (dns_tsig_verify(source, msg, view->statickeys,
  1286. view->dynamickeys));
  1287. }
  1288. #ifdef BIND9
  1289. isc_result_t
  1290. dns_view_dumpdbtostream(dns_view_t *view, FILE *fp) {
  1291. isc_result_t result;
  1292. REQUIRE(DNS_VIEW_VALID(view));
  1293. (void)fprintf(fp, ";\n; Cache dump of view '%s'\n;\n", view->name);
  1294. result = dns_master_dumptostream(view->mctx, view->cachedb, NULL,
  1295. &dns_master_style_cache, fp);
  1296. if (result != ISC_R_SUCCESS)
  1297. return (result);
  1298. dns_adb_dump(view->adb, fp);
  1299. dns_resolver_printbadcache(view->resolver, fp);
  1300. return (ISC_R_SUCCESS);
  1301. }
  1302. #endif
  1303. isc_result_t
  1304. dns_view_flushcache(dns_view_t *view) {
  1305. return (dns_view_flushcache2(view, ISC_FALSE));
  1306. }
  1307. isc_result_t
  1308. dns_view_flushcache2(dns_view_t *view, isc_boolean_t fixuponly) {
  1309. isc_result_t result;
  1310. REQUIRE(DNS_VIEW_VALID(view));
  1311. if (view->cachedb == NULL)
  1312. return (ISC_R_SUCCESS);
  1313. if (!fixuponly) {
  1314. result = dns_cache_flush(view->cache);
  1315. if (result != ISC_R_SUCCESS)
  1316. return (result);
  1317. }
  1318. #ifdef BIND9
  1319. if (view->acache != NULL)
  1320. dns_acache_putdb(view->acache, view->cachedb);
  1321. #endif
  1322. dns_db_detach(&view->cachedb);
  1323. dns_cache_attachdb(view->cache, &view->cachedb);
  1324. #ifdef BIND9
  1325. if (view->acache != NULL)
  1326. dns_acache_setdb(view->acache, view->cachedb);
  1327. if (view->resolver != NULL)
  1328. dns_resolver_flushbadcache(view->resolver, NULL);
  1329. #endif
  1330. dns_adb_flush(view->adb);
  1331. return (ISC_R_SUCCESS);
  1332. }
  1333. isc_result_t
  1334. dns_view_flushname(dns_view_t *view, dns_name_t *name) {
  1335. REQUIRE(DNS_VIEW_VALID(view));
  1336. if (view->adb != NULL)
  1337. dns_adb_flushname(view->adb, name);
  1338. if (view->cache == NULL)
  1339. return (ISC_R_SUCCESS);
  1340. if (view->resolver != NULL)
  1341. dns_resolver_flushbadcache(view->resolver, name);
  1342. return (dns_cache_flushname(view->cache, name));
  1343. }
  1344. isc_result_t
  1345. dns_view_adddelegationonly(dns_view_t *view, dns_name_t *name) {
  1346. isc_result_t result;
  1347. dns_name_t *new;
  1348. isc_uint32_t hash;
  1349. REQUIRE(DNS_VIEW_VALID(view));
  1350. if (view->delonly == NULL) {
  1351. view->delonly = isc_mem_get(view->mctx,
  1352. sizeof(dns_namelist_t) *
  1353. DNS_VIEW_DELONLYHASH);
  1354. if (view->delonly == NULL)
  1355. return (ISC_R_NOMEMORY);
  1356. for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++)
  1357. ISC_LIST_INIT(view->delonly[hash]);
  1358. }
  1359. hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
  1360. new = ISC_LIST_HEAD(view->delonly[hash]);
  1361. while (new != NULL && !dns_name_equal(new, name))
  1362. new = ISC_LIST_NEXT(new, link);
  1363. if (new != NULL)
  1364. return (ISC_R_SUCCESS);
  1365. new = isc_mem_get(view->mctx, sizeof(*new));
  1366. if (new == NULL)
  1367. return (ISC_R_NOMEMORY);
  1368. dns_name_init(new, NULL);
  1369. result = dns_name_dup(name, view->mctx, new);
  1370. if (result == ISC_R_SUCCESS)
  1371. ISC_LIST_APPEND(view->delonly[hash], new, link);
  1372. else
  1373. isc_mem_put(view->mctx, new, sizeof(*new));
  1374. return (result);
  1375. }
  1376. isc_result_t
  1377. dns_view_excludedelegationonly(dns_view_t *view, dns_name_t *name) {
  1378. isc_result_t result;
  1379. dns_name_t *new;
  1380. isc_uint32_t hash;
  1381. REQUIRE(DNS_VIEW_VALID(view));
  1382. if (view->rootexclude == NULL) {
  1383. view->rootexclude = isc_mem_get(view->mctx,
  1384. sizeof(dns_namelist_t) *
  1385. DNS_VIEW_DELONLYHASH);
  1386. if (view->rootexclude == NULL)
  1387. return (ISC_R_NOMEMORY);
  1388. for (hash = 0; hash < DNS_VIEW_DELONLYHASH; hash++)
  1389. ISC_LIST_INIT(view->rootexclude[hash]);
  1390. }
  1391. hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
  1392. new = ISC_LIST_HEAD(view->rootexclude[hash]);
  1393. while (new != NULL && !dns_name_equal(new, name))
  1394. new = ISC_LIST_NEXT(new, link);
  1395. if (new != NULL)
  1396. return (ISC_R_SUCCESS);
  1397. new = isc_mem_get(view->mctx, sizeof(*new));
  1398. if (new == NULL)
  1399. return (ISC_R_NOMEMORY);
  1400. dns_name_init(new, NULL);
  1401. result = dns_name_dup(name, view->mctx, new);
  1402. if (result == ISC_R_SUCCESS)
  1403. ISC_LIST_APPEND(view->rootexclude[hash], new, link);
  1404. else
  1405. isc_mem_put(view->mctx, new, sizeof(*new));
  1406. return (result);
  1407. }
  1408. isc_boolean_t
  1409. dns_view_isdelegationonly(dns_view_t *view, dns_name_t *name) {
  1410. dns_name_t *new;
  1411. isc_uint32_t hash;
  1412. REQUIRE(DNS_VIEW_VALID(view));
  1413. if (!view->rootdelonly && view->delonly == NULL)
  1414. return (ISC_FALSE);
  1415. hash = dns_name_hash(name, ISC_FALSE) % DNS_VIEW_DELONLYHASH;
  1416. if (view->rootdelonly && dns_name_countlabels(name) <= 2) {
  1417. if (view->rootexclude == NULL)
  1418. return (ISC_TRUE);
  1419. new = ISC_LIST_HEAD(view->rootexclude[hash]);
  1420. while (new != NULL && !dns_name_equal(new, name))
  1421. new = ISC_LIST_NEXT(new, link);
  1422. if (new == NULL)
  1423. return (ISC_TRUE);
  1424. }
  1425. if (view->delonly == NULL)
  1426. return (ISC_FALSE);
  1427. new = ISC_LIST_HEAD(view->delonly[hash]);
  1428. while (new != NULL && !dns_name_equal(new, name))
  1429. new = ISC_LIST_NEXT(new, link);
  1430. if (new == NULL)
  1431. return (ISC_FALSE);
  1432. return (ISC_TRUE);
  1433. }
  1434. void
  1435. dns_view_setrootdelonly(dns_view_t *view, isc_boolean_t value) {
  1436. REQUIRE(DNS_VIEW_VALID(view));
  1437. view->rootdelonly = value;
  1438. }
  1439. isc_boolean_t
  1440. dns_view_getrootdelonly(dns_view_t *view) {
  1441. REQUIRE(DNS_VIEW_VALID(view));
  1442. return (view->rootdelonly);
  1443. }
  1444. #ifdef BIND9
  1445. isc_result_t
  1446. dns_view_freezezones(dns_view_t *view, isc_boolean_t value) {
  1447. REQUIRE(DNS_VIEW_VALID(view));
  1448. return (dns_zt_freezezones(view->zonetable, value));
  1449. }
  1450. #endif
  1451. void
  1452. dns_view_setresstats(dns_view_t *view, isc_stats_t *stats) {
  1453. REQUIRE(DNS_VIEW_VALID(view));
  1454. REQUIRE(!view->frozen);
  1455. REQUIRE(view->resstats == NULL);
  1456. isc_stats_attach(stats, &view->resstats);
  1457. }
  1458. void
  1459. dns_view_getresstats(dns_view_t *view, isc_stats_t **statsp) {
  1460. REQUIRE(DNS_VIEW_VALID(view));
  1461. REQUIRE(statsp != NULL && *statsp == NULL);
  1462. if (view->resstats != NULL)
  1463. isc_stats_attach(view->resstats, statsp);
  1464. }
  1465. void
  1466. dns_view_setresquerystats(dns_view_t *view, dns_stats_t *stats) {
  1467. REQUIRE(DNS_VIEW_VALID(view));
  1468. REQUIRE(!view->frozen);
  1469. REQUIRE(view->resquerystats == NULL);
  1470. dns_stats_attach(stats, &view->resquerystats);
  1471. }
  1472. void
  1473. dns_view_getresquerystats(dns_view_t *view, dns_stats_t **statsp) {
  1474. REQUIRE(DNS_VIEW_VALID(view));
  1475. REQUIRE(statsp != NULL && *statsp == NULL);
  1476. if (view->resquerystats != NULL)
  1477. dns_stats_attach(view->resquerystats, statsp);
  1478. }
  1479. isc_result_t
  1480. dns_view_initsecroots(dns_view_t *view, isc_mem_t *mctx) {
  1481. REQUIRE(DNS_VIEW_VALID(view));
  1482. if (view->secroots_priv != NULL)
  1483. dns_keytable_detach(&view->secroots_priv);
  1484. return (dns_keytable_create(mctx, &view->secroots_priv));
  1485. }
  1486. isc_result_t
  1487. dns_view_getsecroots(dns_view_t *view, dns_keytable_t **ktp) {
  1488. REQUIRE(DNS_VIEW_VALID(view));
  1489. REQUIRE(ktp != NULL && *ktp == NULL);
  1490. if (view->secroots_priv == NULL)
  1491. return (ISC_R_NOTFOUND);
  1492. dns_keytable_attach(view->secroots_priv, ktp);
  1493. return (ISC_R_SUCCESS);
  1494. }
  1495. isc_result_t
  1496. dns_view_issecuredomain(dns_view_t *view, dns_name_t *name,
  1497. isc_boolean_t *secure_domain) {
  1498. REQUIRE(DNS_VIEW_VALID(view));
  1499. if (view->secroots_priv == NULL)
  1500. return (ISC_R_NOTFOUND);
  1501. return (dns_keytable_issecuredomain(view->secroots_priv, name,
  1502. secure_domain));
  1503. }
  1504. void
  1505. dns_view_untrust(dns_view_t *view, dns_name_t *keyname,
  1506. dns_rdata_dnskey_t *dnskey, isc_mem_t *mctx)
  1507. {
  1508. isc_result_t result;
  1509. unsigned char data[4096];
  1510. dns_rdata_t rdata = DNS_RDATA_INIT;
  1511. isc_buffer_t buffer;
  1512. dst_key_t *key = NULL;
  1513. dns_keytable_t *sr = NULL;
  1514. /*
  1515. * Clear the revoke bit, if set, so that the key will match what's
  1516. * in secroots now.
  1517. */
  1518. dnskey->flags &= ~DNS_KEYFLAG_REVOKE;
  1519. /* Convert dnskey to DST key. */
  1520. isc_buffer_init(&buffer, data, sizeof(data));
  1521. dns_rdata_fromstruct(&rdata, dnskey->common.rdclass,
  1522. dns_rdatatype_dnskey, dnskey, &buffer);
  1523. result = dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &key);
  1524. if (result != ISC_R_SUCCESS)
  1525. return;
  1526. result = dns_view_getsecroots(view, &sr);
  1527. if (result == ISC_R_SUCCESS) {
  1528. dns_keytable_deletekeynode(sr, key);
  1529. dns_keytable_detach(&sr);
  1530. }
  1531. dst_key_free(&key);
  1532. }
  1533. #define NZF ".nzf"
  1534. void
  1535. dns_view_setnewzones(dns_view_t *view, isc_boolean_t allow, void *cfgctx,
  1536. void (*cfg_destroy)(void **))
  1537. {
  1538. REQUIRE(DNS_VIEW_VALID(view));
  1539. REQUIRE((cfgctx != NULL && cfg_destroy != NULL) || !allow);
  1540. #ifdef BIND9
  1541. if (view->new_zone_file != NULL) {
  1542. isc_mem_free(view->mctx, view->new_zone_file);
  1543. view->new_zone_file = NULL;
  1544. }
  1545. if (view->new_zone_config != NULL) {
  1546. view->cfg_destroy(&view->new_zone_config);
  1547. view->cfg_destroy = NULL;
  1548. }
  1549. if (allow) {
  1550. char buffer[ISC_SHA256_DIGESTSTRINGLENGTH + sizeof(NZF)];
  1551. isc_sha256_data((void *)view->name, strlen(view->name), buffer);
  1552. /* Truncate the hash at 16 chars; full length is overkill */
  1553. isc_string_printf(buffer + 16, sizeof(NZF), "%s", NZF);
  1554. view->new_zone_file = isc_mem_strdup(view->mctx, buffer);
  1555. view->new_zone_config = cfgctx;
  1556. view->cfg_destroy = cfg_destroy;
  1557. }
  1558. #else
  1559. UNUSED(allow);
  1560. UNUSED(cfgctx);
  1561. UNUSED(cfg_destroy);
  1562. #endif
  1563. }