controlconf.c revision 368aedf188d7c7782cae8a5ce2a978be47b5a764
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley/*
ca41b452ede6feaa9d8739ec3cae19389a7b0d03Bob Halley * Copyright (C) 2004-2008, 2011-2014 Internet Systems Consortium, Inc. ("ISC")
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * Copyright (C) 2001-2003 Internet Software Consortium.
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley *
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * Permission to use, copy, modify, and/or distribute this software for any
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * purpose with or without fee is hereby granted, provided that the above
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * copyright notice and this permission notice appear in all copies.
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley *
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * PERFORMANCE OF THIS SOFTWARE.
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley */
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley/* $Id: controlconf.c,v 1.63 2011/12/22 08:07:48 marka Exp $ */
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley/*! \file */
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <config.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/base64.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/buffer.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/event.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/file.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/mem.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/net.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/netaddr.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/random.h>
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley#include <isc/result.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/stdtime.h>
eefea43215016bce437ab4a7441b2851fd182960David Lawrence#include <isc/string.h>
440be4c866f6935ac069db79a414304507a664c2Michael Graff#include <isc/timer.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isc/util.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isccfg/namedconf.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley#include <bind9/check.h>
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley#include <isccc/alist.h>
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley#include <isccc/cc.h>
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley#include <isccc/ccmsg.h>
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley#include <isccc/events.h>
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley#include <isccc/result.h>
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley#include <isccc/sexpr.h>
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley#include <isccc/symtab.h>
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley#include <isccc/util.h>
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley#include <dns/result.h>
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley#include <named/config.h>
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley#include <named/control.h>
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley#include <named/log.h>
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley#include <named/server.h>
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley/*
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley * Note: Listeners and connections are not locked. All event handlers are
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley * executed by the server task, and all callers of exported routines must
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley * be running under the server task.
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley */
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleytypedef struct controlkey controlkey_t;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleytypedef ISC_LIST(controlkey_t) controlkeylist_t;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrencetypedef struct controlconnection controlconnection_t;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halleytypedef ISC_LIST(controlconnection_t) controlconnectionlist_t;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halleytypedef struct controllistener controllistener_t;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halleytypedef ISC_LIST(controllistener_t) controllistenerlist_t;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrencestruct controlkey {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley char * keyname;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_uint32_t algorithm;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_region_t secret;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley ISC_LINK(controlkey_t) link;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley};
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halleystruct controlconnection {
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isc_socket_t * sock;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isccc_ccmsg_t ccmsg;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isc_boolean_t ccmsg_valid;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isc_boolean_t sending;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isc_timer_t * timer;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley unsigned char buffer[2048];
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley controllistener_t * listener;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isc_uint32_t nonce;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley ISC_LINK(controlconnection_t) link;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley};
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halleystruct controllistener {
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley ns_controls_t * controls;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isc_mem_t * mctx;
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isc_task_t * task;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_sockaddr_t address;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_socket_t * sock;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley dns_acl_t * acl;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_boolean_t listening;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_boolean_t exiting;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley controlkeylist_t keys;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley controlconnectionlist_t connections;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_sockettype_t type;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_uint32_t perm;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_uint32_t owner;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_uint32_t group;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley ISC_LINK(controllistener_t) link;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley};
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleystruct ns_controls {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley ns_server_t *server;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley controllistenerlist_t listeners;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_boolean_t shuttingdown;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isccc_symtab_t *symtab;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley};
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleystatic void control_newconn(isc_task_t *task, isc_event_t *event);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleystatic void control_recvmessage(isc_task_t *task, isc_event_t *event);
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley#define CLOCKSKEW 300
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley
a829555ed724caa56b1ff7716d7eda2266491eafBob Halleystatic void
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleyfree_controlkey(controlkey_t *key, isc_mem_t *mctx) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (key->keyname != NULL)
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_mem_free(mctx, key->keyname);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (key->secret.base != NULL)
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_mem_put(mctx, key->secret.base, key->secret.length);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_mem_put(mctx, key, sizeof(*key));
0e58c0998df1ccd1a289b2c3f078e7d03d9331d3Bob Halley}
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleystatic void
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleyfree_controlkeylist(controlkeylist_t *keylist, isc_mem_t *mctx) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley while (!ISC_LIST_EMPTY(*keylist)) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley controlkey_t *key = ISC_LIST_HEAD(*keylist);
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley ISC_LIST_UNLINK(*keylist, key, link);
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley free_controlkey(key, mctx);
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley }
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley}
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halleystatic void
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleyfree_listener(controllistener_t *listener) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley INSIST(listener->exiting);
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley INSIST(!listener->listening);
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley INSIST(ISC_LIST_EMPTY(listener->connections));
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley if (listener->sock != NULL)
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley isc_socket_detach(&listener->sock);
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley
dd324bd791a766c48d90ce9e43d1ab1446378983Bob Halley free_controlkeylist(&listener->keys, listener->mctx);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (listener->acl != NULL)
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley dns_acl_detach(&listener->acl);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_mem_putanddetach(&listener->mctx, listener, sizeof(*listener));
0e58c0998df1ccd1a289b2c3f078e7d03d9331d3Bob Halley}
0e58c0998df1ccd1a289b2c3f078e7d03d9331d3Bob Halley
0e58c0998df1ccd1a289b2c3f078e7d03d9331d3Bob Halleystatic void
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleymaybe_free_listener(controllistener_t *listener) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (listener->exiting &&
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley !listener->listening &&
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley ISC_LIST_EMPTY(listener->connections))
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley free_listener(listener);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley}
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleystatic void
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleymaybe_free_connection(controlconnection_t *conn) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley controllistener_t *listener = conn->listener;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (conn->timer != NULL)
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_timer_detach(&conn->timer);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (conn->ccmsg_valid) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isccc_ccmsg_cancelread(&conn->ccmsg);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley return;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley }
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (conn->sending) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_socket_cancel(conn->sock, listener->task,
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley ISC_SOCKCANCEL_SEND);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley return;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley }
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley ISC_LIST_UNLINK(listener->connections, conn, link);
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley isc_mem_put(listener->mctx, conn, sizeof(*conn));
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley}
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halleystatic void
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halleyshutdown_listener(controllistener_t *listener) {
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley controlconnection_t *conn;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley controlconnection_t *next;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley if (!listener->exiting) {
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley char socktext[ISC_SOCKADDR_FORMATSIZE];
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley ISC_LIST_UNLINK(listener->controls->listeners, listener, link);
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley isc_sockaddr_format(&listener->address, socktext,
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley sizeof(socktext));
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley "stopping command channel on %s", socktext);
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley if (listener->type == isc_sockettype_unix)
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley isc_socket_cleanunix(&listener->address, ISC_TRUE);
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley listener->exiting = ISC_TRUE;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley }
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley for (conn = ISC_LIST_HEAD(listener->connections);
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley conn != NULL;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley conn = next)
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley {
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley next = ISC_LIST_NEXT(conn, link);
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff maybe_free_connection(conn);
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley }
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley if (listener->listening)
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley isc_socket_cancel(listener->sock, listener->task,
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley ISC_SOCKCANCEL_ACCEPT);
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley maybe_free_listener(listener);
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley}
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleystatic isc_boolean_t
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halleyaddress_ok(isc_sockaddr_t *sockaddr, dns_acl_t *acl) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_netaddr_t netaddr;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_result_t result;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley int match;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_netaddr_fromsockaddr(&netaddr, sockaddr);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley result = dns_acl_match(&netaddr, NULL, acl,
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley &ns_g_server->aclenv, &match, NULL);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (result != ISC_R_SUCCESS || match <= 0)
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley return (ISC_FALSE);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley else
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley return (ISC_TRUE);
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley}
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley
a829555ed724caa56b1ff7716d7eda2266491eafBob Halleystatic isc_result_t
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halleycontrol_accept(controllistener_t *listener) {
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley isc_result_t result;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley result = isc_socket_accept(listener->sock,
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley listener->task,
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley control_newconn, listener);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (result != ISC_R_SUCCESS)
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley UNEXPECTED_ERROR(__FILE__, __LINE__,
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley "isc_socket_accept() failed: %s",
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley isc_result_totext(result));
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley else
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley listener->listening = ISC_TRUE;
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff return (result);
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff}
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graff
e44487bfc23599b6b240e09d83d1c862fecfcc82Michael Graffstatic isc_result_t
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halleycontrol_listen(controllistener_t *listener) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley isc_result_t result;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley result = isc_socket_listen(listener->sock, 0);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (result != ISC_R_SUCCESS)
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley UNEXPECTED_ERROR(__FILE__, __LINE__,
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley "isc_socket_listen() failed: %s",
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley isc_result_totext(result));
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley return (result);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley}
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halleystatic void
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halleycontrol_next(controllistener_t *listener) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley (void)control_accept(listener);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley}
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halleystatic void
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halleycontrol_senddone(isc_task_t *task, isc_event_t *event) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley isc_socketevent_t *sevent = (isc_socketevent_t *) event;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley controlconnection_t *conn = event->ev_arg;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley controllistener_t *listener = conn->listener;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley isc_socket_t *sock = (isc_socket_t *)sevent->ev_sender;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley isc_result_t result;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley REQUIRE(conn->sending);
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley UNUSED(task);
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley conn->sending = ISC_FALSE;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley if (sevent->result != ISC_R_SUCCESS &&
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley sevent->result != ISC_R_CANCELED)
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley {
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley char socktext[ISC_SOCKADDR_FORMATSIZE];
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isc_sockaddr_t peeraddr;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley (void)isc_socket_getpeername(sock, &peeraddr);
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence "error sending command response to %s: %s",
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley socktext, isc_result_totext(sevent->result));
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley }
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isc_event_free(&event);
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task,
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley control_recvmessage, conn);
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley if (result != ISC_R_SUCCESS) {
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isc_socket_detach(&conn->sock);
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence maybe_free_connection(conn);
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence maybe_free_listener(listener);
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence }
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence}
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrencestatic inline void
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrencelog_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence char socktext[ISC_SOCKADDR_FORMATSIZE];
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence isc_sockaddr_t peeraddr;
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence (void)isc_socket_getpeername(ccmsg->sock, &peeraddr);
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley NS_LOGMODULE_CONTROL, ISC_LOG_ERROR,
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley "invalid command from %s: %s",
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley socktext, isc_result_totext(result));
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley}
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halleystatic void
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halleycontrol_recvmessage(isc_task_t *task, isc_event_t *event) {
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley controlconnection_t *conn;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley controllistener_t *listener;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley controlkey_t *key;
e8336c458cca9289f34dc5cb58fc0b5769502649David Lawrence isccc_sexpr_t *request = NULL;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isccc_sexpr_t *response = NULL;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isccc_region_t ccregion;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isc_uint32_t algorithm;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isccc_region_t secret;
03dd96d177e4ed6771be7fb5f86a3a9d5f17be4eBob Halley isc_stdtime_t now;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley isc_buffer_t b;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley isc_region_t r;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_uint32_t len;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_buffer_t text;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley char textarray[2*1024];
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_result_t result;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_result_t eresult;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isccc_sexpr_t *_ctrl;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isccc_time_t sent;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isccc_time_t exp;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isc_uint32_t nonce;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley REQUIRE(event->ev_type == ISCCC_EVENT_CCMSG);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley conn = event->ev_arg;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley listener = conn->listener;
bed86971bf7eb315e9c64f75bba331917f4557cfBob Halley algorithm = DST_ALG_UNKNOWN;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley secret.rstart = NULL;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley /* Is the server shutting down? */
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (listener->controls->shuttingdown)
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley goto cleanup;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (conn->ccmsg.result != ISC_R_SUCCESS) {
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley if (conn->ccmsg.result != ISC_R_CANCELED &&
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley conn->ccmsg.result != ISC_R_EOF)
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley log_invalid(&conn->ccmsg, conn->ccmsg.result);
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley goto cleanup;
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley }
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley request = NULL;
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley for (key = ISC_LIST_HEAD(listener->keys);
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley key != NULL;
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley key = ISC_LIST_NEXT(key, link))
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley {
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley if (secret.rstart == NULL)
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley goto cleanup;
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley memmove(secret.rstart, key->secret.base, key->secret.length);
a829555ed724caa56b1ff7716d7eda2266491eafBob Halley secret.rend = secret.rstart + key->secret.length;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley algorithm = key->algorithm;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley result = isccc_cc_fromwire(&ccregion, &request,
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley algorithm, &secret);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley if (result == ISC_R_SUCCESS)
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley break;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (result != ISCCC_R_BADAUTH) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley log_invalid(&conn->ccmsg, result);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley goto cleanup;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley }
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley }
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (key == NULL) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley goto cleanup;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley }
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley /* We shouldn't be getting a reply. */
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (isccc_cc_isreply(request)) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley log_invalid(&conn->ccmsg, ISC_R_FAILURE);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley goto cleanup_request;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley }
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley isc_stdtime_get(&now);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley /*
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley * Limit exposure to replay attacks.
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley */
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley _ctrl = isccc_alist_lookup(request, "_ctrl");
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (_ctrl == NULL) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley log_invalid(&conn->ccmsg, ISC_R_FAILURE);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley goto cleanup_request;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley }
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley goto cleanup_request;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley }
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley } else {
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley log_invalid(&conn->ccmsg, ISC_R_FAILURE);
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley goto cleanup_request;
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley }
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley /*
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley * Expire messages that are too old.
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley */
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
97f1a75cf072c2cab98b4bc28c4d2491cfcd3086Bob Halley now > exp) {
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED);
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley goto cleanup_request;
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley }
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley /*
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley * Duplicate suppression (required for UDP).
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley */
96f55bdc736f8559b3a57260db6f0e964c44070dBob Halley isccc_cc_cleansymtab(listener->controls->symtab, now);
result = isccc_cc_checkdup(listener->controls->symtab, request, now);
if (result != ISC_R_SUCCESS) {
if (result == ISC_R_EXISTS)
result = ISCCC_R_DUPLICATE;
log_invalid(&conn->ccmsg, result);
goto cleanup_request;
}
if (conn->nonce != 0 &&
(isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS ||
conn->nonce != nonce)) {
log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
goto cleanup_request;
}
isc_buffer_init(&text, textarray, sizeof(textarray));
/*
* Establish nonce.
*/
if (conn->nonce == 0) {
while (conn->nonce == 0)
isc_random_get(&conn->nonce);
eresult = ISC_R_SUCCESS;
} else
eresult = ns_control_docommand(request, &text);
result = isccc_cc_createresponse(request, now, now + 60, &response);
if (result != ISC_R_SUCCESS)
goto cleanup_request;
if (eresult != ISC_R_SUCCESS) {
isccc_sexpr_t *data;
data = isccc_alist_lookup(response, "_data");
if (data != NULL) {
const char *estr = isc_result_totext(eresult);
if (isccc_cc_definestring(data, "err", estr) == NULL)
goto cleanup_response;
}
}
if (isc_buffer_usedlength(&text) > 0) {
isccc_sexpr_t *data;
data = isccc_alist_lookup(response, "_data");
if (data != NULL) {
char *str = (char *)isc_buffer_base(&text);
if (isccc_cc_definestring(data, "text", str) == NULL)
goto cleanup_response;
}
}
_ctrl = isccc_alist_lookup(response, "_ctrl");
if (_ctrl == NULL ||
isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL)
goto cleanup_response;
ccregion.rstart = conn->buffer + 4;
ccregion.rend = conn->buffer + sizeof(conn->buffer);
result = isccc_cc_towire(response, &ccregion, algorithm, &secret);
if (result != ISC_R_SUCCESS)
goto cleanup_response;
isc_buffer_init(&b, conn->buffer, 4);
len = sizeof(conn->buffer) - REGION_SIZE(ccregion);
isc_buffer_putuint32(&b, len - 4);
r.base = conn->buffer;
r.length = len;
result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
if (result != ISC_R_SUCCESS)
goto cleanup_response;
conn->sending = ISC_TRUE;
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
isccc_sexpr_free(&request);
isccc_sexpr_free(&response);
return;
cleanup_response:
isccc_sexpr_free(&response);
cleanup_request:
isccc_sexpr_free(&request);
isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
cleanup:
isc_socket_detach(&conn->sock);
isccc_ccmsg_invalidate(&conn->ccmsg);
conn->ccmsg_valid = ISC_FALSE;
maybe_free_connection(conn);
maybe_free_listener(listener);
}
static void
control_timeout(isc_task_t *task, isc_event_t *event) {
controlconnection_t *conn = event->ev_arg;
UNUSED(task);
isc_timer_detach(&conn->timer);
maybe_free_connection(conn);
isc_event_free(&event);
}
static isc_result_t
newconnection(controllistener_t *listener, isc_socket_t *sock) {
controlconnection_t *conn;
isc_interval_t interval;
isc_result_t result;
conn = isc_mem_get(listener->mctx, sizeof(*conn));
if (conn == NULL)
return (ISC_R_NOMEMORY);
conn->sock = sock;
isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
conn->ccmsg_valid = ISC_TRUE;
conn->sending = ISC_FALSE;
conn->timer = NULL;
isc_interval_set(&interval, 60, 0);
result = isc_timer_create(ns_g_timermgr, isc_timertype_once,
NULL, &interval, listener->task,
control_timeout, conn, &conn->timer);
if (result != ISC_R_SUCCESS)
goto cleanup;
conn->listener = listener;
conn->nonce = 0;
ISC_LINK_INIT(conn, link);
result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task,
control_recvmessage, conn);
if (result != ISC_R_SUCCESS)
goto cleanup;
isccc_ccmsg_setmaxsize(&conn->ccmsg, 2048);
ISC_LIST_APPEND(listener->connections, conn, link);
return (ISC_R_SUCCESS);
cleanup:
isccc_ccmsg_invalidate(&conn->ccmsg);
if (conn->timer != NULL)
isc_timer_detach(&conn->timer);
isc_mem_put(listener->mctx, conn, sizeof(*conn));
return (result);
}
static void
control_newconn(isc_task_t *task, isc_event_t *event) {
isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
controllistener_t *listener = event->ev_arg;
isc_socket_t *sock;
isc_sockaddr_t peeraddr;
isc_result_t result;
UNUSED(task);
listener->listening = ISC_FALSE;
if (nevent->result != ISC_R_SUCCESS) {
if (nevent->result == ISC_R_CANCELED) {
shutdown_listener(listener);
goto cleanup;
}
goto restart;
}
sock = nevent->newsocket;
isc_socket_setname(sock, "control", NULL);
(void)isc_socket_getpeername(sock, &peeraddr);
if (listener->type == isc_sockettype_tcp &&
!address_ok(&peeraddr, listener->acl)) {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"rejected command channel message from %s",
socktext);
isc_socket_detach(&sock);
goto restart;
}
result = newconnection(listener, sock);
if (result != ISC_R_SUCCESS) {
char socktext[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"dropped command channel from %s: %s",
socktext, isc_result_totext(result));
isc_socket_detach(&sock);
goto restart;
}
restart:
control_next(listener);
cleanup:
isc_event_free(&event);
}
static void
controls_shutdown(ns_controls_t *controls) {
controllistener_t *listener;
controllistener_t *next;
for (listener = ISC_LIST_HEAD(controls->listeners);
listener != NULL;
listener = next)
{
/*
* This is asynchronous. As listeners shut down, they will
* call their callbacks.
*/
next = ISC_LIST_NEXT(listener, link);
shutdown_listener(listener);
}
}
void
ns_controls_shutdown(ns_controls_t *controls) {
controls_shutdown(controls);
controls->shuttingdown = ISC_TRUE;
}
static isc_result_t
cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
const cfg_obj_t **objp)
{
const cfg_listelt_t *element;
const char *str;
const cfg_obj_t *obj;
for (element = cfg_list_first(keylist);
element != NULL;
element = cfg_list_next(element))
{
obj = cfg_listelt_value(element);
str = cfg_obj_asstring(cfg_map_getname(obj));
if (strcasecmp(str, keyname) == 0)
break;
}
if (element == NULL)
return (ISC_R_NOTFOUND);
obj = cfg_listelt_value(element);
*objp = obj;
return (ISC_R_SUCCESS);
}
static isc_result_t
controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
controlkeylist_t *keyids)
{
const cfg_listelt_t *element;
char *newstr = NULL;
const char *str;
const cfg_obj_t *obj;
controlkey_t *key;
for (element = cfg_list_first(keylist);
element != NULL;
element = cfg_list_next(element))
{
obj = cfg_listelt_value(element);
str = cfg_obj_asstring(obj);
newstr = isc_mem_strdup(mctx, str);
if (newstr == NULL)
goto cleanup;
key = isc_mem_get(mctx, sizeof(*key));
if (key == NULL)
goto cleanup;
key->keyname = newstr;
key->algorithm = DST_ALG_UNKNOWN;
key->secret.base = NULL;
key->secret.length = 0;
ISC_LINK_INIT(key, link);
ISC_LIST_APPEND(*keyids, key, link);
newstr = NULL;
}
return (ISC_R_SUCCESS);
cleanup:
if (newstr != NULL)
isc_mem_free(mctx, newstr);
free_controlkeylist(keyids, mctx);
return (ISC_R_NOMEMORY);
}
static void
register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext)
{
controlkey_t *keyid, *next;
const cfg_obj_t *keydef;
char secret[1024];
isc_buffer_t b;
isc_result_t result;
/*
* Find the keys corresponding to the keyids used by this listener.
*/
for (keyid = ISC_LIST_HEAD(*keyids); keyid != NULL; keyid = next) {
next = ISC_LIST_NEXT(keyid, link);
result = cfgkeylist_find(keylist, keyid->keyname, &keydef);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
"couldn't find key '%s' for use with "
"command channel %s",
keyid->keyname, socktext);
ISC_LIST_UNLINK(*keyids, keyid, link);
free_controlkey(keyid, mctx);
} else {
const cfg_obj_t *algobj = NULL;
const cfg_obj_t *secretobj = NULL;
const char *algstr = NULL;
const char *secretstr = NULL;
unsigned int algtype;
(void)cfg_map_get(keydef, "algorithm", &algobj);
(void)cfg_map_get(keydef, "secret", &secretobj);
INSIST(algobj != NULL && secretobj != NULL);
algstr = cfg_obj_asstring(algobj);
secretstr = cfg_obj_asstring(secretobj);
if (ns_config_getkeyalgorithm2(algstr, NULL,
&algtype, NULL) != ISC_R_SUCCESS)
{
cfg_obj_log(control, ns_g_lctx,
ISC_LOG_WARNING,
"unsupported algorithm '%s' in "
"key '%s' for use with command "
"channel %s",
algstr, keyid->keyname, socktext);
ISC_LIST_UNLINK(*keyids, keyid, link);
free_controlkey(keyid, mctx);
continue;
}
keyid->algorithm = algtype;
isc_buffer_init(&b, secret, sizeof(secret));
result = isc_base64_decodestring(secretstr, &b);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING,
"secret for key '%s' on "
"command channel %s: %s",
keyid->keyname, socktext,
isc_result_totext(result));
ISC_LIST_UNLINK(*keyids, keyid, link);
free_controlkey(keyid, mctx);
continue;
}
keyid->secret.length = isc_buffer_usedlength(&b);
keyid->secret.base = isc_mem_get(mctx,
keyid->secret.length);
if (keyid->secret.base == NULL) {
cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING,
"couldn't register key '%s': "
"out of memory", keyid->keyname);
ISC_LIST_UNLINK(*keyids, keyid, link);
free_controlkey(keyid, mctx);
break;
}
memmove(keyid->secret.base, isc_buffer_base(&b),
keyid->secret.length);
}
}
}
#define CHECK(x) \
do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto cleanup; \
} while (0)
static isc_result_t
get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
isc_result_t result;
cfg_parser_t *pctx = NULL;
cfg_obj_t *config = NULL;
const cfg_obj_t *key = NULL;
const cfg_obj_t *algobj = NULL;
const cfg_obj_t *secretobj = NULL;
const char *algstr = NULL;
const char *secretstr = NULL;
controlkey_t *keyid = NULL;
char secret[1024];
unsigned int algtype;
isc_buffer_t b;
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_INFO,
"configuring command channel from '%s'",
ns_g_keyfile);
if (! isc_file_exists(ns_g_keyfile))
return (ISC_R_FILENOTFOUND);
CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx));
CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config));
CHECK(cfg_map_get(config, "key", &key));
keyid = isc_mem_get(mctx, sizeof(*keyid));
if (keyid == NULL)
CHECK(ISC_R_NOMEMORY);
keyid->keyname = isc_mem_strdup(mctx,
cfg_obj_asstring(cfg_map_getname(key)));
keyid->secret.base = NULL;
keyid->secret.length = 0;
keyid->algorithm = DST_ALG_UNKNOWN;
ISC_LINK_INIT(keyid, link);
if (keyid->keyname == NULL)
CHECK(ISC_R_NOMEMORY);
CHECK(bind9_check_key(key, ns_g_lctx));
(void)cfg_map_get(key, "algorithm", &algobj);
(void)cfg_map_get(key, "secret", &secretobj);
INSIST(algobj != NULL && secretobj != NULL);
algstr = cfg_obj_asstring(algobj);
secretstr = cfg_obj_asstring(secretobj);
if (ns_config_getkeyalgorithm2(algstr, NULL,
&algtype, NULL) != ISC_R_SUCCESS) {
cfg_obj_log(key, ns_g_lctx,
ISC_LOG_WARNING,
"unsupported algorithm '%s' in "
"key '%s' for use with command "
"channel",
algstr, keyid->keyname);
goto cleanup;
}
keyid->algorithm = algtype;
isc_buffer_init(&b, secret, sizeof(secret));
result = isc_base64_decodestring(secretstr, &b);
if (result != ISC_R_SUCCESS) {
cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
"secret for key '%s' on command channel: %s",
keyid->keyname, isc_result_totext(result));
goto cleanup;
}
keyid->secret.length = isc_buffer_usedlength(&b);
keyid->secret.base = isc_mem_get(mctx,
keyid->secret.length);
if (keyid->secret.base == NULL) {
cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
"couldn't register key '%s': "
"out of memory", keyid->keyname);
CHECK(ISC_R_NOMEMORY);
}
memmove(keyid->secret.base, isc_buffer_base(&b),
keyid->secret.length);
ISC_LIST_APPEND(*keyids, keyid, link);
keyid = NULL;
result = ISC_R_SUCCESS;
cleanup:
if (keyid != NULL)
free_controlkey(keyid, mctx);
if (config != NULL)
cfg_obj_destroy(pctx, &config);
if (pctx != NULL)
cfg_parser_destroy(&pctx);
return (result);
}
/*
* Ensures that both '*global_keylistp' and '*control_keylistp' are
* valid or both are NULL.
*/
static void
get_key_info(const cfg_obj_t *config, const cfg_obj_t *control,
const cfg_obj_t **global_keylistp,
const cfg_obj_t **control_keylistp)
{
isc_result_t result;
const cfg_obj_t *control_keylist = NULL;
const cfg_obj_t *global_keylist = NULL;
REQUIRE(global_keylistp != NULL && *global_keylistp == NULL);
REQUIRE(control_keylistp != NULL && *control_keylistp == NULL);
control_keylist = cfg_tuple_get(control, "keys");
if (!cfg_obj_isvoid(control_keylist) &&
cfg_list_first(control_keylist) != NULL) {
result = cfg_map_get(config, "key", &global_keylist);
if (result == ISC_R_SUCCESS) {
*global_keylistp = global_keylist;
*control_keylistp = control_keylist;
}
}
}
static void
update_listener(ns_controls_t *cp, controllistener_t **listenerp,
const cfg_obj_t *control, const cfg_obj_t *config,
isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
const char *socktext, isc_sockettype_t type)
{
controllistener_t *listener;
const cfg_obj_t *allow;
const cfg_obj_t *global_keylist = NULL;
const cfg_obj_t *control_keylist = NULL;
dns_acl_t *new_acl = NULL;
controlkeylist_t keys;
isc_result_t result = ISC_R_SUCCESS;
for (listener = ISC_LIST_HEAD(cp->listeners);
listener != NULL;
listener = ISC_LIST_NEXT(listener, link))
if (isc_sockaddr_equal(addr, &listener->address))
break;
if (listener == NULL) {
*listenerp = NULL;
return;
}
/*
* There is already a listener for this sockaddr.
* Update the access list and key information.
*
* First try to deal with the key situation. There are a few
* possibilities:
* (a) It had an explicit keylist and still has an explicit keylist.
* (b) It had an automagic key and now has an explicit keylist.
* (c) It had an explicit keylist and now needs an automagic key.
* (d) It has an automagic key and still needs the automagic key.
*
* (c) and (d) are the annoying ones. The caller needs to know
* that it should use the automagic configuration for key information
* in place of the named.conf configuration.
*
* XXXDCL There is one other hazard that has not been dealt with,
* the problem that if a key change is being caused by a control
* channel reload, then the response will be with the new key
* and not able to be decrypted by the client.
*/
if (control != NULL)
get_key_info(config, control, &global_keylist,
&control_keylist);
if (control_keylist != NULL) {
INSIST(global_keylist != NULL);
ISC_LIST_INIT(keys);
result = controlkeylist_fromcfg(control_keylist,
listener->mctx, &keys);
if (result == ISC_R_SUCCESS) {
free_controlkeylist(&listener->keys, listener->mctx);
listener->keys = keys;
register_keys(control, global_keylist, &listener->keys,
listener->mctx, socktext);
}
} else {
free_controlkeylist(&listener->keys, listener->mctx);
result = get_rndckey(listener->mctx, &listener->keys);
}
if (result != ISC_R_SUCCESS && global_keylist != NULL) {
/*
* This message might be a little misleading since the
* "new keys" might in fact be identical to the old ones,
* but tracking whether they are identical just for the
* sake of avoiding this message would be too much trouble.
*/
if (control != NULL)
cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
"couldn't install new keys for "
"command channel %s: %s",
socktext, isc_result_totext(result));
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"couldn't install new keys for "
"command channel %s: %s",
socktext, isc_result_totext(result));
}
/*
* Now, keep the old access list unless a new one can be made.
*/
if (control != NULL && type == isc_sockettype_tcp) {
allow = cfg_tuple_get(control, "allow");
result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
aclconfctx, listener->mctx, 0,
&new_acl);
} else {
result = dns_acl_any(listener->mctx, &new_acl);
}
if (result == ISC_R_SUCCESS) {
dns_acl_detach(&listener->acl);
dns_acl_attach(new_acl, &listener->acl);
dns_acl_detach(&new_acl);
/* XXXDCL say the old acl is still used? */
} else if (control != NULL)
cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
"couldn't install new acl for "
"command channel %s: %s",
socktext, isc_result_totext(result));
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,
"couldn't install new acl for "
"command channel %s: %s",
socktext, isc_result_totext(result));
if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
isc_uint32_t perm, owner, group;
perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
owner = cfg_obj_asuint32(cfg_tuple_get(control, "owner"));
group = cfg_obj_asuint32(cfg_tuple_get(control, "group"));
result = ISC_R_SUCCESS;
if (listener->perm != perm || listener->owner != owner ||
listener->group != group)
result = isc_socket_permunix(&listener->address, perm,
owner, group);
if (result == ISC_R_SUCCESS) {
listener->perm = perm;
listener->owner = owner;
listener->group = group;
} else if (control != NULL)
cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
"couldn't update ownership/permission for "
"command channel %s", socktext);
}
*listenerp = listener;
}
static void
add_listener(ns_controls_t *cp, controllistener_t **listenerp,
const cfg_obj_t *control, const cfg_obj_t *config,
isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
const char *socktext, isc_sockettype_t type)
{
isc_mem_t *mctx = cp->server->mctx;
controllistener_t *listener;
const cfg_obj_t *allow;
const cfg_obj_t *global_keylist = NULL;
const cfg_obj_t *control_keylist = NULL;
dns_acl_t *new_acl = NULL;
isc_result_t result = ISC_R_SUCCESS;
listener = isc_mem_get(mctx, sizeof(*listener));
if (listener == NULL)
result = ISC_R_NOMEMORY;
if (result == ISC_R_SUCCESS) {
listener->mctx = NULL;
isc_mem_attach(mctx, &listener->mctx);
listener->controls = cp;
listener->task = cp->server->task;
listener->address = *addr;
listener->sock = NULL;
listener->listening = ISC_FALSE;
listener->exiting = ISC_FALSE;
listener->acl = NULL;
listener->type = type;
listener->perm = 0;
listener->owner = 0;
listener->group = 0;
ISC_LINK_INIT(listener, link);
ISC_LIST_INIT(listener->keys);
ISC_LIST_INIT(listener->connections);
/*
* Make the acl.
*/
if (control != NULL && type == isc_sockettype_tcp) {
allow = cfg_tuple_get(control, "allow");
result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
aclconfctx, mctx, 0,
&new_acl);
} else {
result = dns_acl_any(mctx, &new_acl);
}
}
if (result == ISC_R_SUCCESS) {
dns_acl_attach(new_acl, &listener->acl);
dns_acl_detach(&new_acl);
if (config != NULL)
get_key_info(config, control, &global_keylist,
&control_keylist);
if (control_keylist != NULL) {
result = controlkeylist_fromcfg(control_keylist,
listener->mctx,
&listener->keys);
if (result == ISC_R_SUCCESS)
register_keys(control, global_keylist,
&listener->keys,
listener->mctx, socktext);
} else
result = get_rndckey(mctx, &listener->keys);
if (result != ISC_R_SUCCESS && control != NULL)
cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
"couldn't install keys for "
"command channel %s: %s",
socktext, isc_result_totext(result));
}
if (result == ISC_R_SUCCESS) {
int pf = isc_sockaddr_pf(&listener->address);
if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
#ifdef ISC_PLATFORM_HAVESYSUNH
(pf == AF_UNIX && isc_net_probeunix() != ISC_R_SUCCESS) ||
#endif
(pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
result = ISC_R_FAMILYNOSUPPORT;
}
if (result == ISC_R_SUCCESS && type == isc_sockettype_unix)
isc_socket_cleanunix(&listener->address, ISC_FALSE);
if (result == ISC_R_SUCCESS)
result = isc_socket_create(ns_g_socketmgr,
isc_sockaddr_pf(&listener->address),
type, &listener->sock);
if (result == ISC_R_SUCCESS)
isc_socket_setname(listener->sock, "control", NULL);
#ifndef ISC_ALLOW_MAPPED
if (result == ISC_R_SUCCESS)
isc_socket_ipv6only(listener->sock, ISC_TRUE);
#endif
if (result == ISC_R_SUCCESS)
result = isc_socket_bind(listener->sock, &listener->address,
ISC_SOCKET_REUSEADDRESS);
if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
listener->perm = cfg_obj_asuint32(cfg_tuple_get(control,
"perm"));
listener->owner = cfg_obj_asuint32(cfg_tuple_get(control,
"owner"));
listener->group = cfg_obj_asuint32(cfg_tuple_get(control,
"group"));
result = isc_socket_permunix(&listener->address, listener->perm,
listener->owner, listener->group);
}
if (result == ISC_R_SUCCESS)
result = control_listen(listener);
if (result == ISC_R_SUCCESS)
result = control_accept(listener);
if (result == ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
"command channel listening on %s", socktext);
*listenerp = listener;
} else {
if (listener != NULL) {
listener->exiting = ISC_TRUE;
free_listener(listener);
}
if (control != NULL)
cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
"couldn't add command channel %s: %s",
socktext, isc_result_totext(result));
else
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
"couldn't add command channel %s: %s",
socktext, isc_result_totext(result));
*listenerp = NULL;
}
/* XXXDCL return error results? fail hard? */
}
isc_result_t
ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
cfg_aclconfctx_t *aclconfctx)
{
controllistener_t *listener;
controllistenerlist_t new_listeners;
const cfg_obj_t *controlslist = NULL;
const cfg_listelt_t *element, *element2;
char socktext[ISC_SOCKADDR_FORMATSIZE];
ISC_LIST_INIT(new_listeners);
/*
* Get the list of named.conf 'controls' statements.
*/
(void)cfg_map_get(config, "controls", &controlslist);
/*
* Run through the new control channel list, noting sockets that
* are already being listened on and moving them to the new list.
*
* Identifying duplicate addr/port combinations is left to either
* the underlying config code, or to the bind attempt getting an
* address-in-use error.
*/
if (controlslist != NULL) {
for (element = cfg_list_first(controlslist);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *controls;
const cfg_obj_t *inetcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "inet", &inetcontrols);
if (inetcontrols == NULL)
continue;
for (element2 = cfg_list_first(inetcontrols);
element2 != NULL;
element2 = cfg_list_next(element2)) {
const cfg_obj_t *control;
const cfg_obj_t *obj;
isc_sockaddr_t addr;
/*
* The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause.
*/
control = cfg_listelt_value(element2);
obj = cfg_tuple_get(control, "address");
addr = *cfg_obj_assockaddr(obj);
if (isc_sockaddr_getport(&addr) == 0)
isc_sockaddr_setport(&addr,
NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext,
sizeof(socktext));
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"processing control channel %s",
socktext);
update_listener(cp, &listener, control, config,
&addr, aclconfctx, socktext,
isc_sockettype_tcp);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, control,
config, &addr, aclconfctx,
socktext,
isc_sockettype_tcp);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
for (element = cfg_list_first(controlslist);
element != NULL;
element = cfg_list_next(element)) {
const cfg_obj_t *controls;
const cfg_obj_t *unixcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "unix", &unixcontrols);
if (unixcontrols == NULL)
continue;
for (element2 = cfg_list_first(unixcontrols);
element2 != NULL;
element2 = cfg_list_next(element2)) {
const cfg_obj_t *control;
const cfg_obj_t *path;
isc_sockaddr_t addr;
isc_result_t result;
/*
* The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause.
*/
control = cfg_listelt_value(element2);
path = cfg_tuple_get(control, "path");
result = isc_sockaddr_frompath(&addr,
cfg_obj_asstring(path));
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"control channel '%s': %s",
cfg_obj_asstring(path),
isc_result_totext(result));
continue;
}
isc_log_write(ns_g_lctx,
NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"processing control channel '%s'",
cfg_obj_asstring(path));
update_listener(cp, &listener, control, config,
&addr, aclconfctx,
cfg_obj_asstring(path),
isc_sockettype_unix);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, control,
config, &addr, aclconfctx,
cfg_obj_asstring(path),
isc_sockettype_unix);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
} else {
int i;
for (i = 0; i < 2; i++) {
isc_sockaddr_t addr;
if (i == 0) {
struct in_addr localhost;
if (isc_net_probeipv4() != ISC_R_SUCCESS)
continue;
localhost.s_addr = htonl(INADDR_LOOPBACK);
isc_sockaddr_fromin(&addr, &localhost, 0);
} else {
if (isc_net_probeipv6() != ISC_R_SUCCESS)
continue;
isc_sockaddr_fromin6(&addr,
&in6addr_loopback, 0);
}
isc_sockaddr_setport(&addr, NS_CONTROL_PORT);
isc_sockaddr_format(&addr, socktext, sizeof(socktext));
update_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext,
isc_sockettype_tcp);
if (listener != NULL)
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners,
listener, link);
else
/*
* This is a new listener.
*/
add_listener(cp, &listener, NULL, NULL,
&addr, NULL, socktext,
isc_sockettype_tcp);
if (listener != NULL)
ISC_LIST_APPEND(new_listeners,
listener, link);
}
}
/*
* ns_control_shutdown() will stop whatever is on the global
* listeners list, which currently only has whatever sockaddrs
* were in the previous configuration (if any) that do not
* remain in the current configuration.
*/
controls_shutdown(cp);
/*
* Put all of the valid listeners on the listeners list.
* Anything already on listeners in the process of shutting
* down will be taken care of by listen_done().
*/
ISC_LIST_APPENDLIST(cp->listeners, new_listeners, link);
return (ISC_R_SUCCESS);
}
isc_result_t
ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp) {
isc_mem_t *mctx = server->mctx;
isc_result_t result;
ns_controls_t *controls = isc_mem_get(mctx, sizeof(*controls));
if (controls == NULL)
return (ISC_R_NOMEMORY);
controls->server = server;
ISC_LIST_INIT(controls->listeners);
controls->shuttingdown = ISC_FALSE;
controls->symtab = NULL;
result = isccc_cc_createsymtab(&controls->symtab);
if (result != ISC_R_SUCCESS) {
isc_mem_put(server->mctx, controls, sizeof(*controls));
return (result);
}
*ctrlsp = controls;
return (ISC_R_SUCCESS);
}
void
ns_controls_destroy(ns_controls_t **ctrlsp) {
ns_controls_t *controls = *ctrlsp;
REQUIRE(ISC_LIST_EMPTY(controls->listeners));
isccc_symtab_destroy(&controls->symtab);
isc_mem_put(controls->server->mctx, controls, sizeof(*controls));
*ctrlsp = NULL;
}