controlconf.c revision b4b47bf1874a9dd19796d5593de47bd4c9d3d896
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * Copyright (C) 2001 Internet Software Consortium.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * Permission to use, copy, modify, and distribute this software for any
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * purpose with or without fee is hereby granted, provided that the above
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * copyright notice and this permission notice appear in all copies.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff/* $Id: controlconf.c,v 1.23 2001/08/03 20:05:42 gson Exp $ */
f9df80f4348ef68043903efa08299480324f4823Michael Graff * Note: Listeners and connections are not locked. All event handlers are
f9df80f4348ef68043903efa08299480324f4823Michael Graff * executed by the server task, and all callers of exported routines must
f9df80f4348ef68043903efa08299480324f4823Michael Graff * be running under the server task.
f9df80f4348ef68043903efa08299480324f4823Michael Grafftypedef ISC_LIST(controlkey_t) controlkeylist_t;
f9df80f4348ef68043903efa08299480324f4823Michael Grafftypedef struct controlconnection controlconnection_t;
f9df80f4348ef68043903efa08299480324f4823Michael Grafftypedef ISC_LIST(controlconnection_t) controlconnectionlist_t;
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Grafftypedef struct controllistener controllistener_t;
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Grafftypedef ISC_LIST(controllistener_t) controllistenerlist_t;
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffstatic void control_newconn(isc_task_t *task, isc_event_t *event);
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graffstatic void control_recvmessage(isc_task_t *task, isc_event_t *event);
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Grafffree_controlkey(controlkey_t *key, isc_mem_t *mctx) {
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff isc_mem_put(mctx, key->secret.base, key->secret.length);
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Grafffree_controlkeylist(controlkeylist_t *keylist, isc_mem_t *mctx) {
f9df80f4348ef68043903efa08299480324f4823Michael Graff INSIST(ISC_LIST_EMPTY(listener->connections));
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff free_controlkeylist(&listener->keys, listener->mctx);
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff isc_mem_put(listener->mctx, listener, sizeof(*listener));
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffmaybe_free_listener(controllistener_t *listener) {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffmaybe_free_connection(controlconnection_t *conn) {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff ISC_LIST_UNLINK(listener->connections, conn, link);
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff isc_mem_put(listener->mctx, conn, sizeof(*conn));
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffshutdown_listener(controllistener_t *listener) {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff isc_sockaddr_format(&listener->address, socktext,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff for (conn = ISC_LIST_HEAD(listener->connections);
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff isc_socket_cancel(listener->sock, listener->task,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffaddress_ok(isc_sockaddr_t *sockaddr, dns_acl_t *acl) {
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff "isc_socket_accept() failed: %s",
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff result = isc_socket_listen(listener->sock, 0);
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff "isc_socket_listen() failed: %s",
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffcontrol_senddone(isc_task_t *task, isc_event_t *event) {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff isc_socketevent_t *sevent = (isc_socketevent_t *) event;
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff isc_socket_t *sock = (isc_socket_t *)sevent->ev_sender;
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff (void)isc_socket_getpeername(sock, &peeraddr);
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff "error sending command response to %s: %s",
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffstatic inline void
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Grafflog_invalid(isccc_ccmsg_t *ccmsg, isc_result_t result) {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff (void)isc_socket_getpeername(ccmsg->sock, &peeraddr);
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff "invalid command from %s: %s",
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffcontrol_recvmessage(isc_task_t *task, isc_event_t *event) {
823e45c1273512a8048cd5e7e57f31f58c964f7fMichael Graff log_invalid(&conn->ccmsg, conn->ccmsg.result);
f9df80f4348ef68043903efa08299480324f4823Michael Graff ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
f9df80f4348ef68043903efa08299480324f4823Michael Graff ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
f9df80f4348ef68043903efa08299480324f4823Michael Graff secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
f9df80f4348ef68043903efa08299480324f4823Michael Graff memcpy(secret.rstart, key->secret.base, key->secret.length);
f9df80f4348ef68043903efa08299480324f4823Michael Graff secret.rend = secret.rstart + key->secret.length;
f9df80f4348ef68043903efa08299480324f4823Michael Graff result = isccc_cc_fromwire(&ccregion, &request, &secret);
f9df80f4348ef68043903efa08299480324f4823Michael Graff * For some reason, request is non-NULL when
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff * isccc_cc_fromwire returns ISCCC_R_BADAUTH.
f9df80f4348ef68043903efa08299480324f4823Michael Graff /* We shouldn't be getting a reply. */
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_buffer_init(&text, textarray, sizeof(textarray));
f9df80f4348ef68043903efa08299480324f4823Michael Graff eresult = ns_control_docommand(request, &text);
f9df80f4348ef68043903efa08299480324f4823Michael Graff result = isccc_cc_createresponse(request, now, now + 60, &response);
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff const char *estr = isc_result_totext(eresult);
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff if (isccc_cc_definestring(data, "err", estr) == NULL)
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff if (isccc_cc_definestring(data, "text", str) == NULL)
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff ccregion.rend = conn->buffer + sizeof(conn->buffer);
70fd62761dfe44f2254fb63ac3ded1b02663713fMichael Graff result = isccc_cc_towire(response, &ccregion, &secret);
f9df80f4348ef68043903efa08299480324f4823Michael Graff len = sizeof(conn->buffer) - REGION_SIZE(ccregion);
f9df80f4348ef68043903efa08299480324f4823Michael Graff result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
f9df80f4348ef68043903efa08299480324f4823Michael Graffcontrol_timeout(isc_task_t *task, isc_event_t *event) {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffnewconnection(controllistener_t *listener, isc_socket_t *sock) {
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff conn = isc_mem_get(listener->mctx, sizeof(*conn));
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
ddd035637d92035a0d9e2bc32a7e2c9cc8a99d3fMichael Graff result = isc_timer_create(ns_g_timermgr, isc_timertype_once,
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff result = isccc_ccmsg_readmessage(&conn->ccmsg, listener->task,
f9df80f4348ef68043903efa08299480324f4823Michael Graff ISC_LIST_APPEND(listener->connections, conn, link);
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_mem_put(listener->mctx, conn, sizeof(*conn));
f9df80f4348ef68043903efa08299480324f4823Michael Graffcontrol_newconn(isc_task_t *task, isc_event_t *event) {
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_socket_newconnev_t *nevent = (isc_socket_newconnev_t *)event;
f9df80f4348ef68043903efa08299480324f4823Michael Graff (void)isc_socket_getpeername(sock, &peeraddr);
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
f9df80f4348ef68043903efa08299480324f4823Michael Graff "rejected command channel message from %s",
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_sockaddr_format(&peeraddr, socktext, sizeof(socktext));
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
f9df80f4348ef68043903efa08299480324f4823Michael Graff "dropped command channel from %s: %s",
f9df80f4348ef68043903efa08299480324f4823Michael Graffns_controls_shutdown(ns_controls_t *controls) {
f9df80f4348ef68043903efa08299480324f4823Michael Graff for (listener = ISC_LIST_HEAD(controls->listeners);
f9df80f4348ef68043903efa08299480324f4823Michael Graff * This is asynchronous. As listeners shut down, they will
f9df80f4348ef68043903efa08299480324f4823Michael Graff * call their callbacks.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff ISC_LIST_UNLINK(controls->listeners, listener, link);
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graffcfgkeylist_find(cfg_obj_t *keylist, const char *keyname, cfg_obj_t **objp) {
f9df80f4348ef68043903efa08299480324f4823Michael Graff const char *str;
438d7099d1d6109c2df35d5e6f168fb6c40093f6Michael Graffcontrolkeylist_fromcfg(cfg_obj_t *keylist, isc_mem_t *mctx,
f9df80f4348ef68043903efa08299480324f4823Michael Graff const char *str;
e223094b2248afa2697c531f75e6f84855638becMichael Graffregister_keys(cfg_obj_t *control, cfg_obj_t *keylist,
e223094b2248afa2697c531f75e6f84855638becMichael Graff controlkeylist_t *keyids, isc_mem_t *mctx, const char *socktext)
e223094b2248afa2697c531f75e6f84855638becMichael Graff * Find the keys corresponding to the keyids used by this listener.
e223094b2248afa2697c531f75e6f84855638becMichael Graff for (keyid = ISC_LIST_HEAD(*keyids); keyid != NULL; keyid = next) {
e223094b2248afa2697c531f75e6f84855638becMichael Graff result = cfgkeylist_find(keylist, keyid->keyname, &keydef);
e223094b2248afa2697c531f75e6f84855638becMichael Graff cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
e223094b2248afa2697c531f75e6f84855638becMichael Graff "couldn't find key '%s' for use with "
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff "command channel %s",
e223094b2248afa2697c531f75e6f84855638becMichael Graff (void)cfg_map_get(keydef, "algorithm", &algobj);
e223094b2248afa2697c531f75e6f84855638becMichael Graff (void)cfg_map_get(keydef, "secret", &secretobj);
e223094b2248afa2697c531f75e6f84855638becMichael Graff if (ns_config_getkeyalgorithm(algstr, NULL) !=
e223094b2248afa2697c531f75e6f84855638becMichael Graff "unsupported algorithm '%s' in "
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff "key '%s' for use with command "
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff "channel %s",
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff result = isc_base64_decodestring(secretstr, &b);
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff "secret for key '%s' on "
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff "command channel %s: %s",
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff keyid->secret.length = isc_buffer_usedlength(&b);
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff cfg_obj_log(keydef, ns_g_lctx, ISC_LOG_WARNING,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff "couldn't register key '%s': "
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff memcpy(keyid->secret.base, isc_buffer_base(&b),
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffget_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff CHECK(cfg_parser_create(mctx, ns_g_lctx, &pctx));
e223094b2248afa2697c531f75e6f84855638becMichael Graff CHECK(cfg_parse_file(pctx, ns_g_keyfile, &cfg_type_rndckey, &config));
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff if (ns_config_getkeyalgorithm(algstr, NULL) != ISC_R_SUCCESS) {
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff "unsupported algorithm '%s' in "
e223094b2248afa2697c531f75e6f84855638becMichael Graff "key '%s' for use with command "
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff result = isc_base64_decodestring(secretstr, &b);
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff "secret for key '%s' on command channel: %s",
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff keyid->secret.length = isc_buffer_usedlength(&b);
e223094b2248afa2697c531f75e6f84855638becMichael Graff "couldn't register key '%s': "
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff memcpy(keyid->secret.base, isc_buffer_base(&b),
d68838693666ba930ec4143f848c18bff2bfc244Michael Graffget_key_info(cfg_obj_t *config, cfg_obj_t *control,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff cfg_obj_t **global_keylistp, cfg_obj_t **control_keylistp)
e223094b2248afa2697c531f75e6f84855638becMichael Graff REQUIRE(global_keylistp != NULL && *global_keylistp == NULL);
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff REQUIRE(control_keylistp != NULL && *control_keylistp == NULL);
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff control_keylist = cfg_tuple_get(control, "keys");
e223094b2248afa2697c531f75e6f84855638becMichael Graff controllistener_t **listenerp, cfg_obj_t *control,
e223094b2248afa2697c531f75e6f84855638becMichael Graff ns_aclconfctx_t *aclconfctx, const char *socktext)
1d11db66fa23e276074858091407734de40584acMichael Graff if (isc_sockaddr_equal(addr, &listener->address))
e223094b2248afa2697c531f75e6f84855638becMichael Graff * There is already a listener for this sockaddr.
e223094b2248afa2697c531f75e6f84855638becMichael Graff * Update the access list and key information.
e223094b2248afa2697c531f75e6f84855638becMichael Graff * First try to deal with the key situation. There are a few
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff * possibilities:
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff * (a) It had an explicit keylist and still has an explicit keylist.
e223094b2248afa2697c531f75e6f84855638becMichael Graff * (b) It had an automagic key and now has an explicit keylist.
e223094b2248afa2697c531f75e6f84855638becMichael Graff * (c) It had an explicit keylist and now needs an automagic key.
e223094b2248afa2697c531f75e6f84855638becMichael Graff * (d) It has an automagic key and still needs the automagic key.
e223094b2248afa2697c531f75e6f84855638becMichael Graff * (c) and (d) are the annoying ones. The caller needs to know
e223094b2248afa2697c531f75e6f84855638becMichael Graff * that it should use the automagic configuration for key information
e223094b2248afa2697c531f75e6f84855638becMichael Graff * in place of the named.conf configuration.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff * XXXDCL There is one other hazard that has not been dealt with,
e223094b2248afa2697c531f75e6f84855638becMichael Graff * the problem that if a key change is being caused by a control
e223094b2248afa2697c531f75e6f84855638becMichael Graff * channel reload, then the response will be with the new key
e223094b2248afa2697c531f75e6f84855638becMichael Graff * and not able to be decrypted by the client.
e223094b2248afa2697c531f75e6f84855638becMichael Graff get_key_info(config, control, &global_keylist, &control_keylist);
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff result = controlkeylist_fromcfg(control_keylist,
e223094b2248afa2697c531f75e6f84855638becMichael Graff free_controlkeylist(&listener->keys, listener->mctx);
e223094b2248afa2697c531f75e6f84855638becMichael Graff register_keys(control, global_keylist, &listener->keys,
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff free_controlkeylist(&listener->keys, listener->mctx);
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff result = get_rndckey(listener->mctx, &listener->keys);
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff if (result != ISC_R_SUCCESS && global_keylist != NULL)
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff * This message might be a little misleading since the
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff * "new keys" might in fact be identical to the old ones,
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff * but tracking whether they are identical just for the
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff * sake of avoiding this message would be too much trouble.
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff "couldn't install new keys for "
e223094b2248afa2697c531f75e6f84855638becMichael Graff "command channel %s: %s",
e223094b2248afa2697c531f75e6f84855638becMichael Graff * Now, keep the old access list unless a new one can be made.
e223094b2248afa2697c531f75e6f84855638becMichael Graff result = ns_acl_fromconfig(allow, config, aclconfctx,
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff result = dns_acl_any(listener->mctx, &new_acl);
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff /* XXXDCL say the old acl is still used? */
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff "couldn't install new acl for "
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff "command channel %s: %s",
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graffadd_listener(ns_controls_t *cp, controllistener_t **listenerp,
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff cfg_obj_t *control, cfg_obj_t *config, isc_sockaddr_t *addr,
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff ns_aclconfctx_t *aclconfctx, const char *socktext)
2726950412a5c598e123554e4d758fe66a2ebc21Michael Graff listener = isc_mem_get(mctx, sizeof(*listener));
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff * Make the acl.
e223094b2248afa2697c531f75e6f84855638becMichael Graff result = ns_acl_fromconfig(allow, config, aclconfctx,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff get_key_info(config, control, &global_keylist,
e223094b2248afa2697c531f75e6f84855638becMichael Graff result = controlkeylist_fromcfg(control_keylist,
e223094b2248afa2697c531f75e6f84855638becMichael Graff if (result != ISC_R_SUCCESS && control != NULL)
e223094b2248afa2697c531f75e6f84855638becMichael Graff cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff "couldn't install keys for "
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graff "command channel %s: %s",
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff (pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff cfg_obj_log(control, ns_g_lctx, ISC_LOG_WARNING,
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff "couldn't add command channel %s: %s",
e223094b2248afa2697c531f75e6f84855638becMichael Graff isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
e223094b2248afa2697c531f75e6f84855638becMichael Graff "couldn't add command channel %s: %s",
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff /* XXXDCL return error results? fail hard? */
d49555e76c5d02943fdd6606113aebf2317390d5Michael Graffns_controls_configure(ns_controls_t *cp, cfg_obj_t *config,
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff * Get the list of named.conf 'controls' statements.
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff (void)cfg_map_get(config, "controls", &controlslist);
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff * Run through the new control channel list, noting sockets that
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff * are already being listened on and moving them to the new list.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff * Identifying duplicate addr/port combinations is left to either
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff * the underlying config code, or to the bind attempt getting an
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff * address-in-use error.
f9df80f4348ef68043903efa08299480324f4823Michael Graff (void)cfg_map_get(controls, "inet", &inetcontrols);
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * The parser handles BIND 8 configuration file
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * syntax, so it allows unix phrases as well
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * inet phrases with no keys{} clause.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * "unix" phrases have been reported as
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * unsupported by the parser.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff "processing control channel %s",
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff update_listener(cp, &listener, control, config,
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * Remove the listener from the old
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * list, so it won't be shut down.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * This is a new listener.
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff for (i = 0 ; i < 2; i++) {
f9df80f4348ef68043903efa08299480324f4823Michael Graff if (i == 1) {
f9df80f4348ef68043903efa08299480324f4823Michael Graff isc_sockaddr_format(&addr, socktext, sizeof(socktext));
f9df80f4348ef68043903efa08299480324f4823Michael Graff * Remove the listener from the old
f9df80f4348ef68043903efa08299480324f4823Michael Graff * list, so it won't be shut down.
f9df80f4348ef68043903efa08299480324f4823Michael Graff * This is a new listener.
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff * ns_control_shutdown() will stop whatever is on the global
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff * listeners list, which currently only has whatever sockaddrs
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff * were in the previous configuration (if any) that do not
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff * remain in the current configuration.
a920f559c3689f52731519a9d5169ad5814866edMichael Graff * Put all of the valid listeners on the listeners list.
f9df80f4348ef68043903efa08299480324f4823Michael Graff * Anything already on listeners in the process of shutting
e690d225ad09e0b4617554c753b68abc82f0583aMichael Graff * down will be taken care of by listen_done().
a920f559c3689f52731519a9d5169ad5814866edMichael Graff ISC_LIST_APPENDLIST(cp->listeners, new_listeners, link);
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graffns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp) {
1d7987f4227c838f7fa790ad57255d3df3332ccaMichael Graff ns_controls_t *controls = isc_mem_get(mctx, sizeof(*controls));