xfrin.c revision e44487bfc23599b6b240e09d83d1c862fecfcc82
5785N/A/*
5785N/A * Copyright (C) 1999, 2000 Internet Software Consortium.
5785N/A *
5785N/A * Permission to use, copy, modify, and distribute this software for any
5785N/A * purpose with or without fee is hereby granted, provided that the above
5785N/A * copyright notice and this permission notice appear in all copies.
5785N/A *
5785N/A * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
5785N/A * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
5785N/A * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
5785N/A * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
5785N/A * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
5785N/A * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
5785N/A * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
5785N/A * SOFTWARE.
5785N/A */
5785N/A
5785N/A/* $Id: xfrin.c,v 1.64 2000/04/17 19:22:29 explorer Exp $ */
5785N/A
5785N/A#include <config.h>
5785N/A
5785N/A#include <stdlib.h>
5785N/A#include <unistd.h>
5785N/A#include <fcntl.h>
5785N/A#include <errno.h>
5785N/A#include <string.h>
5785N/A
5785N/A#include <sys/types.h>
5785N/A
5785N/A#include <isc/assertions.h>
5785N/A#include <isc/error.h>
5785N/A#include <isc/mem.h>
5785N/A#include <isc/result.h>
5785N/A#include <isc/timer.h>
5785N/A#include <isc/net.h>
5785N/A#include <isc/print.h>
5785N/A#include <isc/util.h>
5785N/A
5785N/A#include <dns/db.h>
5785N/A#include <dns/dbiterator.h>
5785N/A#include <dns/events.h>
5785N/A#include <dns/fixedname.h>
5785N/A#include <dns/journal.h>
5785N/A#include <dns/log.h>
5785N/A#include <dns/message.h>
5785N/A#include <dns/name.h>
5785N/A#include <dns/peer.h>
5785N/A#include <dns/rdata.h>
5785N/A#include <dns/rdatalist.h>
5785N/A#include <dns/rdataset.h>
5785N/A#include <dns/rdatasetiter.h>
5785N/A#include <dns/result.h>
5785N/A#include <dns/tcpmsg.h>
5785N/A#include <dns/tsig.h>
5785N/A#include <dns/types.h>
5785N/A#include <dns/view.h>
5785N/A#include <dns/xfrin.h>
5785N/A#include <dns/zone.h>
5785N/A#include <dns/zt.h>
5785N/A
5785N/A/*
5785N/A * Incoming AXFR and IXFR.
5785N/A */
5785N/A
5785N/A#define FAIL(code) do { result = (code); goto failure; } while (0)
5785N/A#define CHECK(op) do { result = (op); \
5785N/A if (result != ISC_R_SUCCESS) goto failure; \
5785N/A } while (0)
5785N/A
5785N/A/*
5785N/A * The states of the *XFR state machine. We handle both IXFR and AXFR
5785N/A * with a single integrated state machine because they cannot be distinguished
5785N/A * immediately - an AXFR response to an IXFR request can only be detected
5785N/A * when the first two (2) response RRs have already been received.
5785N/A */
5785N/Atypedef enum {
5785N/A XFRST_SOAQUERY,
5785N/A XFRST_GOTSOA,
5785N/A XFRST_INITIALSOA,
5785N/A XFRST_FIRSTDATA,
5785N/A XFRST_IXFR_DELSOA,
5785N/A XFRST_IXFR_DEL,
5785N/A XFRST_IXFR_ADDSOA,
5785N/A XFRST_IXFR_ADD,
5785N/A XFRST_AXFR,
5785N/A XFRST_END
5785N/A} xfrin_state_t;
5785N/A
5785N/A/*
5785N/A * Incoming zone transfer context.
5785N/A */
5785N/A
5785N/Astruct dns_xfrin_ctx {
5785N/A unsigned int magic;
5785N/A isc_mem_t *mctx;
5785N/A dns_zone_t *zone;
5785N/A
5785N/A int refcount;
5785N/A
5785N/A isc_task_t *task;
5785N/A isc_timer_t *timer;
5785N/A isc_socketmgr_t *socketmgr;
5785N/A
5785N/A int connects; /* Connect in progress */
5785N/A int sends; /* Send in progress */
5785N/A int recvs; /* Receive in progress */
5785N/A isc_boolean_t shuttingdown;
5785N/A
5785N/A dns_name_t name; /* Name of zone to transfer */
5785N/A dns_rdataclass_t rdclass;
5785N/A
5785N/A /*
5785N/A * Requested transfer type (dns_rdatatype_axfr or
5785N/A * dns_rdatatype_ixfr). The actual transfer type
5785N/A * may differ due to IXFR->AXFR fallback.
5785N/A */
5785N/A dns_rdatatype_t reqtype;
5785N/A
5785N/A isc_sockaddr_t masteraddr;
5785N/A isc_sockaddr_t sourceaddr;
5785N/A isc_socket_t *socket;
5785N/A
5785N/A /* Buffer for IXFR/AXFR request message */
5785N/A isc_buffer_t qbuffer;
5785N/A unsigned char qbuffer_data[512];
5785N/A
5785N/A /* Incoming reply TCP message */
5785N/A dns_tcpmsg_t tcpmsg;
5785N/A isc_boolean_t tcpmsg_valid;
5785N/A
5785N/A dns_db_t *db;
5785N/A dns_dbversion_t *ver;
5785N/A dns_diff_t diff; /* Pending database changes */
5785N/A int difflen; /* Number of pending tuples */
5785N/A
5785N/A xfrin_state_t state;
5785N/A isc_uint32_t end_serial;
5785N/A isc_boolean_t is_ixfr;
5785N/A
5785N/A unsigned int nmsg; /* Number of messages recvd */
5785N/A
5785N/A dns_tsigkey_t *tsigkey; /* Key used to create TSIG */
5785N/A dns_rdata_any_tsig_t *lasttsig; /* The last TSIG */
5785N/A void *tsigctx; /* TSIG verification context */
5785N/A unsigned int sincetsig; /* recvd since the last TSIG */
5785N/A dns_xfrindone_t done;
5785N/A
5785N/A /*
5785N/A * AXFR- and IXFR-specific data. Only one is used at a time
5785N/A * according to the is_ixfr flag, so this could be a union,
5785N/A * but keeping them separate makes it a bit simpler to clean
5785N/A * things up when destroying the context.
5785N/A */
5785N/A struct {
5785N/A dns_addrdatasetfunc_t add_func;
dns_dbload_t *add_private;
} axfr;
struct {
isc_uint32_t request_serial;
isc_uint32_t end_serial;
dns_journal_t *journal;
} ixfr;
ISC_LINK(dns_xfrin_ctx_t) link;
dns_xfrinlist_t *transferlist;
};
#define XFRIN_MAGIC 0x58667269U /* XfrI. */
#define VALID_XFRIN(x) ISC_MAGIC_VALID(x, XFRIN_MAGIC)
/**************************************************************************/
/*
* Forward declarations.
*/
static isc_result_t
xfrin_create(isc_mem_t *mctx,
dns_zone_t *zone,
dns_db_t *db,
isc_task_t *task,
isc_timermgr_t *timermgr,
isc_socketmgr_t *socketmgr,
dns_name_t *zonename,
dns_rdataclass_t rdclass,
dns_rdatatype_t reqtype,
isc_sockaddr_t *masteraddr,
dns_tsigkey_t *tsigkey,
dns_xfrin_ctx_t **xfrp);
static isc_result_t axfr_init(dns_xfrin_ctx_t *xfr);
static isc_result_t axfr_makedb(dns_xfrin_ctx_t *xfr, dns_db_t **dbp);
static isc_result_t axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
dns_name_t *name, dns_ttl_t ttl,
dns_rdata_t *rdata);
static isc_result_t axfr_apply(dns_xfrin_ctx_t *xfr);
static isc_result_t axfr_commit(dns_xfrin_ctx_t *xfr);
static isc_result_t ixfr_init(dns_xfrin_ctx_t *xfr);
static isc_result_t ixfr_apply(dns_xfrin_ctx_t *xfr);
static isc_result_t ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
dns_name_t *name, dns_ttl_t ttl,
dns_rdata_t *rdata);
static isc_result_t ixfr_commit(dns_xfrin_ctx_t *xfr);
static isc_result_t xfr_rr(dns_xfrin_ctx_t *xfr, dns_name_t *name,
isc_uint32_t ttl, dns_rdata_t *rdata);
static isc_result_t xfrin_start(dns_xfrin_ctx_t *xfr);
static void xfrin_connect_done(isc_task_t *task, isc_event_t *event);
static isc_result_t xfrin_send_request(dns_xfrin_ctx_t *xfr);
static void xfrin_send_done(isc_task_t *task, isc_event_t *event);
static void xfrin_sendlen_done(isc_task_t *task, isc_event_t *event);
static void xfrin_recv_done(isc_task_t *task, isc_event_t *event);
static void xfrin_timeout(isc_task_t *task, isc_event_t *event);
static void maybe_free(dns_xfrin_ctx_t *xfr);
static void xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, char *msg);
static isc_result_t render(dns_message_t *msg, isc_buffer_t *buf);
static void
xfrin_logv(int level, dns_name_t *zonename, isc_sockaddr_t *masteraddr,
const char *fmt, va_list ap);
static void
xfrin_log1(int level, dns_name_t *zonename, isc_sockaddr_t *masteraddr,
const char *fmt, ...);
static void
xfrin_log(dns_xfrin_ctx_t *xfr, unsigned int level, const char *fmt, ...);
/**************************************************************************/
/*
* AXFR handling
*/
static isc_result_t
axfr_init(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
xfr->is_ixfr = ISC_FALSE;
if (xfr->db != NULL)
dns_db_detach(&xfr->db);
CHECK(axfr_makedb(xfr, &xfr->db));
CHECK(dns_db_beginload(xfr->db, &xfr->axfr.add_func,
&xfr->axfr.add_private));
result = ISC_R_SUCCESS;
failure:
return (result);
}
static isc_result_t
axfr_makedb(dns_xfrin_ctx_t *xfr, dns_db_t **dbp) {
return (dns_db_create(xfr->mctx, /* XXX */
"rbt", /* XXX guess */
&xfr->name,
ISC_FALSE,
xfr->rdclass,
0, NULL, /* XXX guess */
dbp));
}
static isc_result_t
axfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata)
{
isc_result_t result;
dns_difftuple_t *tuple = NULL;
CHECK(dns_difftuple_create(xfr->diff.mctx, op,
name, ttl, rdata, &tuple));
dns_diff_append(&xfr->diff, &tuple);
if (++xfr->difflen > 100)
CHECK(axfr_apply(xfr));
result = ISC_R_SUCCESS;
failure:
return (result);
}
/* Store a set of AXFR RRs in the database. */
static isc_result_t
axfr_apply(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
CHECK(dns_diff_load(&xfr->diff,
xfr->axfr.add_func, xfr->axfr.add_private));
xfr->difflen = 0;
dns_diff_clear(&xfr->diff);
result = ISC_R_SUCCESS;
failure:
return (result);
}
static isc_result_t
axfr_commit(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
CHECK(axfr_apply(xfr));
CHECK(dns_db_endload(xfr->db, &xfr->axfr.add_private));
CHECK(dns_zone_replacedb(xfr->zone, xfr->db, ISC_TRUE));
result = ISC_R_SUCCESS;
failure:
return (result);
}
/**************************************************************************/
/*
* IXFR handling
*/
static isc_result_t
ixfr_init(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
xfr->is_ixfr = ISC_TRUE;
INSIST(xfr->db != NULL);
xfr->difflen = 0;
CHECK(dns_journal_open(xfr->mctx, dns_zone_getjournal(xfr->zone),
ISC_TRUE, &xfr->ixfr.journal));
result = ISC_R_SUCCESS;
failure:
return (result);
}
static isc_result_t
ixfr_putdata(dns_xfrin_ctx_t *xfr, dns_diffop_t op,
dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata)
{
isc_result_t result;
dns_difftuple_t *tuple = NULL;
CHECK(dns_difftuple_create(xfr->diff.mctx, op,
name, ttl, rdata, &tuple));
dns_diff_append(&xfr->diff, &tuple);
if (++xfr->difflen > 100)
CHECK(ixfr_apply(xfr));
result = ISC_R_SUCCESS;
failure:
return (result);
}
/* Apply a set of IXFR changes to the database. */
static isc_result_t
ixfr_apply(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
if (xfr->ver == NULL) {
CHECK(dns_db_newversion(xfr->db, &xfr->ver));
CHECK(dns_journal_begin_transaction(xfr->ixfr.journal));
}
CHECK(dns_diff_apply(&xfr->diff, xfr->db, xfr->ver));
dns_journal_writediff(xfr->ixfr.journal, &xfr->diff);
dns_diff_clear(&xfr->diff);
xfr->difflen = 0;
result = ISC_R_SUCCESS;
failure:
return (result);
}
static isc_result_t
ixfr_commit(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
ixfr_apply(xfr);
if (xfr->ver != NULL) {
/* XXX enter ready-to-commit state here */
CHECK(dns_journal_commit(xfr->ixfr.journal));
dns_db_closeversion(xfr->db, &xfr->ver, ISC_TRUE);
}
result = ISC_R_SUCCESS;
failure:
return (result);
}
/**************************************************************************/
/*
* Common AXFR/IXFR protocol code
*/
/*
* Handle a single incoming resource record according to the current
* state.
*/
static isc_result_t
xfr_rr(dns_xfrin_ctx_t *xfr,
dns_name_t *name, isc_uint32_t ttl, dns_rdata_t *rdata)
{
isc_result_t result;
redo:
switch (xfr->state) {
case XFRST_SOAQUERY:
xfr->end_serial = dns_soa_getserial(rdata);
if (!DNS_SERIAL_GT(xfr->end_serial, xfr->ixfr.request_serial)) {
xfrin_log(xfr, ISC_LOG_DEBUG(3),
"requested serial %u, "
"master has %u, not updating",
xfr->ixfr.request_serial, xfr->end_serial);
FAIL(DNS_R_UPTODATE);
}
xfr->state = XFRST_GOTSOA;
break;
case XFRST_GOTSOA:
/*
* skip other records in the answer section
*/
break;
case XFRST_INITIALSOA:
if (rdata->type != dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_ERROR,
"first RR in zone transfer must be SOA");
FAIL(DNS_R_FORMERR);
}
/*
* Remember the serial number in the intial SOA.
* We need it to recognize the end of an IXFR.
*/
xfr->end_serial = dns_soa_getserial(rdata);
if (xfr->reqtype == dns_rdatatype_ixfr &&
! DNS_SERIAL_GT(xfr->end_serial, xfr->ixfr.request_serial))
{
/*
* This must be the single SOA record that is
* sent when the current version on the master
* is not newer than the version in the request.
*/
xfrin_log(xfr, ISC_LOG_DEBUG(3),
"requested serial %u, "
"master has %u, not updating",
xfr->ixfr.request_serial, xfr->end_serial);
FAIL(DNS_R_UPTODATE);
}
xfr->state = XFRST_FIRSTDATA;
break;
case XFRST_FIRSTDATA:
/*
* If the transfer begins with one SOA record, it is an AXFR,
* if it begins with two SOAs, it is an IXFR.
*/
if (rdata->type == dns_rdatatype_soa) {
xfrin_log(xfr, ISC_LOG_DEBUG(3),
"got incremental response");
CHECK(ixfr_init(xfr));
xfr->state = XFRST_IXFR_DELSOA;
} else {
xfrin_log(xfr, ISC_LOG_DEBUG(3),
"got nonincremental response");
CHECK(axfr_init(xfr));
xfr->state = XFRST_AXFR;
}
goto redo;
case XFRST_IXFR_DELSOA:
INSIST(rdata->type == dns_rdatatype_soa);
CHECK(ixfr_putdata(xfr, DNS_DIFFOP_DEL, name, ttl, rdata));
xfr->state = XFRST_IXFR_DEL;
break;
case XFRST_IXFR_DEL:
if (rdata->type == dns_rdatatype_soa) {
isc_uint32_t soa_serial = dns_soa_getserial(rdata);
xfr->state = XFRST_IXFR_ADDSOA;
xfr->ixfr.end_serial = soa_serial;
goto redo;
}
CHECK(ixfr_putdata(xfr, DNS_DIFFOP_DEL, name, ttl, rdata));
break;
case XFRST_IXFR_ADDSOA:
INSIST(rdata->type == dns_rdatatype_soa);
CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
xfr->state = XFRST_IXFR_ADD;
break;
case XFRST_IXFR_ADD:
if (rdata->type == dns_rdatatype_soa) {
isc_uint32_t soa_serial = dns_soa_getserial(rdata);
CHECK(ixfr_commit(xfr));
if (soa_serial == xfr->end_serial) {
xfr->state = XFRST_END;
break;
} else {
xfr->state = XFRST_IXFR_DELSOA;
goto redo;
}
}
CHECK(ixfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
break;
case XFRST_AXFR:
CHECK(axfr_putdata(xfr, DNS_DIFFOP_ADD, name, ttl, rdata));
if (rdata->type == dns_rdatatype_soa) {
CHECK(axfr_commit(xfr));
xfr->state = XFRST_END;
break;
}
break;
case XFRST_END:
FAIL(DNS_R_EXTRADATA);
default:
INSIST(0);
break;
}
result = ISC_R_SUCCESS;
failure:
return (result);
}
isc_result_t
dns_xfrin_create(dns_zone_t *zone, isc_sockaddr_t *masteraddr,
isc_mem_t *mctx, isc_timermgr_t *timermgr,
isc_socketmgr_t *socketmgr, isc_task_t *task,
dns_xfrindone_t done, dns_xfrin_ctx_t **xfrp)
{
dns_name_t *zonename;
dns_xfrin_ctx_t *xfr, *x;
isc_result_t result;
dns_db_t *db = NULL;
dns_rdatatype_t xfrtype;
dns_tsigkey_t *key = NULL;
dns_name_t *keyname = NULL;
isc_netaddr_t masterip;
dns_peer_t *peer = NULL;
int maxtransfersin, maxtransfersperns;
int nxfrsin, nxfrsperns;
dns_xfrinlist_t *transferlist;
REQUIRE(xfrp != NULL && *xfrp == NULL);
zonename = dns_zone_getorigin(zone);
xfrin_log1(ISC_LOG_INFO, zonename, masteraddr, "starting");
/*
* Find any configured information about the server we are about
* to transfer from.
*/
isc_netaddr_fromsockaddr(&masterip, masteraddr);
(void) dns_peerlist_peerbyaddr(dns_zone_getview(zone)->peers,
&masterip, &peer);
result = dns_zone_getdb(zone, &db);
if (result == DNS_R_NOTLOADED)
INSIST(db == NULL);
else
CHECK(result);
/*
* Decide whether we should request IXFR or AXFR.
*/
if (db == NULL) {
xfrin_log1(ISC_LOG_DEBUG(3), zonename, masteraddr,
"no database exists yet, "
"requesting AXFR of initial version");
xfrtype = dns_rdatatype_axfr;
} else {
isc_boolean_t use_ixfr = ISC_TRUE;
if (peer != NULL &&
dns_peer_getrequestixfr(peer, &use_ixfr) ==
ISC_R_SUCCESS) {
; /* Using peer setting */
} else {
use_ixfr = dns_zone_getview(zone)->requestixfr;
}
if (use_ixfr == ISC_FALSE) {
xfrin_log1(ISC_LOG_DEBUG(3), zonename, masteraddr,
"IXFR disabled, requesting AXFR");
xfrtype = dns_rdatatype_axfr;
} else {
xfrin_log1(ISC_LOG_DEBUG(3), zonename, masteraddr,
"requesting IXFR");
xfrtype = dns_rdatatype_ixfr;
}
}
/*
* Determine the maximum number of simultaneous transfers
* allowed for this server, then count the number of
* transfers already in progress and fail if the quota
* is already full.
*
* Count the number of transfers that are in progress from
* this master. We linearly scan a list of all transfers;
* if this turns out to be too slow, we could hash on the
* master address.
*
* Note that we must keep the transfer list locked for an
* awkwardly long time because the scanning of the list
* and the creation of a new entry must be done atomically,
* and we don't want to create the transfer object until we
* know there is quota available.
*/
maxtransfersin =
dns_zonemgr_getttransfersin(dns_zone_getmgr(zone));
maxtransfersperns =
dns_zonemgr_getttransfersperns(dns_zone_getmgr(zone));
if (peer != NULL) {
(void) dns_peer_gettransfers(peer, &maxtransfersperns);
}
/*
* Determine if we should attempt to sign the request with TSIG.
*/
if (peer != NULL && dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS) {
dns_view_t *view = dns_zone_getview(zone);
result = dns_tsigkey_find(&key, keyname, NULL,
view->statickeys);
if (result == ISC_R_NOTFOUND)
result = dns_tsigkey_find(&key, keyname, NULL,
view->dynamickeys);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
goto failure;
}
transferlist = dns_zonemgr_gettransferlist(dns_zone_getmgr(zone));
LOCK(&transferlist->lock);
nxfrsin = nxfrsperns = 0;
for (x = ISC_LIST_HEAD(transferlist->transfers);
x != NULL;
x = ISC_LIST_NEXT(x, link))
{
isc_netaddr_t xip;
isc_netaddr_fromsockaddr(&xip, &x->masteraddr);
nxfrsin++;
if (isc_netaddr_equal(&xip, &masterip))
nxfrsperns++;
}
if (nxfrsin >= maxtransfersin || nxfrsperns >= maxtransfersperns) {
result = ISC_R_QUOTA;
xfrin_log1(ISC_LOG_INFO, zonename, masteraddr,
"deferred: %s", isc_result_totext(result));
goto unlock;
}
result = xfrin_create(mctx,
zone,
db,
task,
timermgr,
socketmgr,
zonename,
dns_zone_getclass(zone), xfrtype,
masteraddr, key, &xfr);
if (result != ISC_R_SUCCESS)
goto unlock;
xfr->transferlist = transferlist;
ISC_LIST_APPEND(transferlist->transfers, xfr, link);
unlock:
UNLOCK(&transferlist->lock);
CHECK(result);
CHECK(xfrin_start(xfr));
xfr->done = done;
xfr->refcount++;
*xfrp = xfr;
failure:
if (db != NULL)
dns_db_detach(&db);
if (result != ISC_R_SUCCESS)
xfrin_log1(ISC_LOG_ERROR, zonename, masteraddr,
"zone transfer setup failed");
return (result);
}
void dns_xfrin_shutdown(dns_xfrin_ctx_t *xfr) {
if (! xfr->shuttingdown)
xfrin_fail(xfr, ISC_R_CANCELED, "shut down");
}
void dns_xfrin_detach(dns_xfrin_ctx_t **xfrp) {
dns_xfrin_ctx_t *xfr = *xfrp;
INSIST(xfr->refcount > 0);
xfr->refcount--;
maybe_free(xfr);
*xfrp = NULL;
}
static void
xfrin_fail(dns_xfrin_ctx_t *xfr, isc_result_t result, char *msg) {
if (result != DNS_R_UPTODATE) {
xfrin_log(xfr, ISC_LOG_ERROR, "%s: %s",
msg, isc_result_totext(result));
}
if (xfr->connects > 0) {
isc_socket_cancel(xfr->socket, xfr->task,
ISC_SOCKCANCEL_CONNECT);
} else if (xfr->recvs > 0) {
dns_tcpmsg_cancelread(&xfr->tcpmsg);
} else if (xfr->sends > 0) {
isc_socket_cancel(xfr->socket, xfr->task,
ISC_SOCKCANCEL_SEND);
}
if (xfr->done != NULL) {
(xfr->done)(xfr->zone, result);
xfr->done = NULL;
}
xfr->shuttingdown = ISC_TRUE;
maybe_free(xfr);
}
static isc_result_t
xfrin_create(isc_mem_t *mctx,
dns_zone_t *zone,
dns_db_t *db,
isc_task_t *task,
isc_timermgr_t *timermgr,
isc_socketmgr_t *socketmgr,
dns_name_t *zonename,
dns_rdataclass_t rdclass,
dns_rdatatype_t reqtype,
isc_sockaddr_t *masteraddr,
dns_tsigkey_t *tsigkey,
dns_xfrin_ctx_t **xfrp)
{
dns_xfrin_ctx_t *xfr = NULL;
isc_result_t result;
isc_interval_t maxinterval, idleinterval;
isc_time_t expires;
xfr = isc_mem_get(mctx, sizeof(*xfr));
if (xfr == NULL)
return (ISC_R_NOMEMORY);
xfr->mctx = mctx;
xfr->refcount = 0;
xfr->zone = NULL;
dns_zone_iattach(zone, &xfr->zone);
xfr->task = NULL;
isc_task_attach(task, &xfr->task);
xfr->timer = NULL;
xfr->socketmgr = socketmgr;
xfr->done = NULL;
xfr->connects = 0;
xfr->sends = 0;
xfr->recvs = 0;
xfr->shuttingdown = ISC_FALSE;
dns_name_init(&xfr->name, NULL);
xfr->rdclass = rdclass;
xfr->reqtype = reqtype;
/* sockaddr */
xfr->socket = NULL;
/* qbuffer */
/* qbuffer_data */
/* tcpmsg */
xfr->tcpmsg_valid = ISC_FALSE;
xfr->db = NULL;
if (db != NULL)
dns_db_attach(db, &xfr->db);
xfr->ver = NULL;
dns_diff_init(xfr->mctx, &xfr->diff);
xfr->difflen = 0;
xfr->state = XFRST_INITIALSOA;
/* end_serial */
xfr->nmsg = 0;
xfr->tsigkey = tsigkey;
xfr->lasttsig = NULL;
xfr->tsigctx = NULL;
xfr->sincetsig = 0;
/* is_ixfr */
/* ixfr.request_serial */
/* ixfr.end_serial */
xfr->ixfr.journal = NULL;
xfr->axfr.add_func = NULL;
xfr->axfr.add_private = NULL;
ISC_LINK_INIT(xfr, link);
xfr->transferlist = NULL;
CHECK(dns_name_dup(zonename, mctx, &xfr->name));
isc_interval_set(&maxinterval, dns_zone_getmaxxfrin(xfr->zone), 0);
CHECK(isc_time_nowplusinterval(&expires, &maxinterval));
isc_interval_set(&idleinterval, dns_zone_getidlein(xfr->zone), 0);
CHECK(isc_timer_create(timermgr, isc_timertype_once,
&expires, &idleinterval, task,
xfrin_timeout, xfr, &xfr->timer));
xfr->masteraddr = *masteraddr;
switch (isc_sockaddr_pf(masteraddr)) {
case PF_INET:
xfr->sourceaddr = *dns_zone_getxfrsource4(zone);
break;
case PF_INET6:
xfr->sourceaddr = *dns_zone_getxfrsource6(zone);
break;
default:
INSIST(0);
}
isc_buffer_init(&xfr->qbuffer, xfr->qbuffer_data,
sizeof(xfr->qbuffer_data),
ISC_BUFFERTYPE_BINARY);
xfr->magic = XFRIN_MAGIC;
*xfrp = xfr;
return (ISC_R_SUCCESS);
failure:
xfrin_fail(xfr, result, "creating transfer context");
return (result);
}
static isc_result_t
xfrin_start(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
CHECK(isc_socket_create(xfr->socketmgr,
isc_sockaddr_pf(&xfr->sourceaddr),
isc_sockettype_tcp,
&xfr->socket));
CHECK(isc_socket_bind(xfr->socket, &xfr->sourceaddr));
CHECK(isc_socket_connect(xfr->socket, &xfr->masteraddr, xfr->task,
xfrin_connect_done, xfr));
xfr->connects++;
return (ISC_R_SUCCESS);
failure:
xfrin_fail(xfr, result, "setting up socket");
return (result);
}
/* XXX the resolver could use this, too */
static isc_result_t
render(dns_message_t *msg, isc_buffer_t *buf) {
isc_result_t result;
CHECK(dns_message_renderbegin(msg, buf));
CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0));
CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0));
CHECK(dns_message_rendersection(msg, DNS_SECTION_AUTHORITY, 0));
CHECK(dns_message_rendersection(msg, DNS_SECTION_ADDITIONAL, 0));
CHECK(dns_message_renderend(msg));
result = ISC_R_SUCCESS;
failure:
return (result);
}
/*
* A connection has been established.
*/
static void
xfrin_connect_done(isc_task_t *task, isc_event_t *event) {
isc_socket_connev_t *cev = (isc_socket_connev_t *) event;
dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
isc_result_t evresult = cev->result;
isc_result_t result;
REQUIRE(VALID_XFRIN(xfr));
UNUSED(task);
INSIST(event->ev_type == ISC_SOCKEVENT_CONNECT);
isc_event_free(&event);
xfr->connects--;
if (xfr->shuttingdown) {
maybe_free(xfr);
return;
}
CHECK(evresult);
xfrin_log(xfr, ISC_LOG_DEBUG(3), "connected");
dns_tcpmsg_init(xfr->mctx, xfr->socket, &xfr->tcpmsg);
xfr->tcpmsg_valid = ISC_TRUE;
CHECK(xfrin_send_request(xfr));
failure:
if (result != ISC_R_SUCCESS)
xfrin_fail(xfr, result, "connect");
}
/*
* Convert a tuple into a dns_name_t suitable for inserting
* into the given dns_message_t.
*/
static isc_result_t
tuple2msgname(dns_difftuple_t *tuple, dns_message_t *msg, dns_name_t **target)
{
isc_result_t result;
dns_rdata_t *rdata = NULL;
dns_rdatalist_t *rdl = NULL;
dns_rdataset_t *rds = NULL;
dns_name_t *name = NULL;
REQUIRE(target != NULL && *target == NULL);
CHECK(dns_message_gettemprdata(msg, &rdata));
dns_rdata_init(rdata);
*rdata = tuple->rdata; /* Struct assignment. */
CHECK(dns_message_gettemprdatalist(msg, &rdl));
dns_rdatalist_init(rdl);
rdl->type = tuple->rdata.type;
rdl->rdclass = tuple->rdata.rdclass;
rdl->ttl = tuple->ttl;
ISC_LIST_APPEND(rdl->rdata, rdata, link);
CHECK(dns_message_gettemprdataset(msg, &rds));
dns_rdataset_init(rds);
CHECK(dns_rdatalist_tordataset(rdl, rds));
CHECK(dns_message_gettempname(msg, &name));
dns_name_init(name, NULL);
dns_name_clone(&tuple->name, name);
ISC_LIST_APPEND(name->list, rds, link);
*target = name;
failure:
return (result);
}
/*
* Build an *XFR request and send its length prefix.
*/
static isc_result_t
xfrin_send_request(dns_xfrin_ctx_t *xfr) {
isc_result_t result;
isc_region_t region;
isc_region_t lregion;
dns_rdataset_t *qrdataset = NULL;
dns_message_t *msg = NULL;
unsigned char length[2];
dns_difftuple_t *soatuple = NULL;
dns_name_t *qname = NULL;
dns_dbversion_t *ver = NULL;
dns_name_t *msgsoaname = NULL;
/* Create the request message */
CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTRENDER, &msg));
msg->tsigkey = xfr->tsigkey;
/* Create a name for the question section. */
dns_message_gettempname(msg, &qname);
dns_name_init(qname, NULL);
dns_name_clone(&xfr->name, qname);
/* Formulate the question and attach it to the question name. */
dns_message_gettemprdataset(msg, &qrdataset);
dns_rdataset_init(qrdataset);
dns_rdataset_makequestion(qrdataset, xfr->rdclass, xfr->reqtype);
ISC_LIST_APPEND(qname->list, qrdataset, link);
dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
if (xfr->reqtype == dns_rdatatype_ixfr) {
/* Get the SOA and add it to the authority section. */
/* XXX is using the current version the right thing? */
dns_db_currentversion(xfr->db, &ver);
CHECK(dns_db_createsoatuple(xfr->db, ver, xfr->mctx,
DNS_DIFFOP_EXISTS, &soatuple));
xfr->ixfr.request_serial = dns_soa_getserial(&soatuple->rdata);
xfrin_log(xfr, ISC_LOG_DEBUG(3),
"requesting IXFR for serial %u",
xfr->ixfr.request_serial);
CHECK(tuple2msgname(soatuple, msg, &msgsoaname));
dns_message_addname(msg, msgsoaname, DNS_SECTION_AUTHORITY);
}
msg->id = ('b' << 8) | '9'; /* Arbitrary */
CHECK(render(msg, &xfr->qbuffer));
/* Save the query TSIG and don't let message_destroy free it */
xfr->lasttsig = msg->tsig;
msg->tsig = NULL;
isc_buffer_used(&xfr->qbuffer, &region);
INSIST(region.length <= 65535);
length[0] = region.length >> 8;
length[1] = region.length & 0xFF;
lregion.base = length;
lregion.length = 2;
CHECK(isc_socket_send(xfr->socket, &lregion, xfr->task,
xfrin_sendlen_done, xfr));
xfr->sends++;
failure:
if (msg != NULL)
dns_message_destroy(&msg);
if (soatuple != NULL)
dns_difftuple_free(&soatuple);
if (ver != NULL)
dns_db_closeversion(xfr->db, &ver, ISC_FALSE);
return (result);
}
/* XXX there should be library support for sending DNS TCP messages */
static void
xfrin_sendlen_done(isc_task_t *task, isc_event_t *event)
{
isc_socketevent_t *sev = (isc_socketevent_t *) event;
dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
isc_result_t evresult = sev->result;
isc_result_t result;
isc_region_t region;
REQUIRE(VALID_XFRIN(xfr));
UNUSED(task);
INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE);
isc_event_free(&event);
xfr->sends--;
if (xfr->shuttingdown) {
maybe_free(xfr);
return;
}
xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request length prefix");
CHECK(evresult);
isc_buffer_used(&xfr->qbuffer, &region);
CHECK(isc_socket_send(xfr->socket, &region, xfr->task,
xfrin_send_done, xfr));
xfr->sends++;
failure:
if (result != ISC_R_SUCCESS)
xfrin_fail(xfr, result, "sending request length prefix");
}
static void
xfrin_send_done(isc_task_t *task, isc_event_t *event)
{
isc_socketevent_t *sev = (isc_socketevent_t *) event;
dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
isc_result_t result;
REQUIRE(VALID_XFRIN(xfr));
UNUSED(task);
INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE);
xfr->sends--;
xfrin_log(xfr, ISC_LOG_DEBUG(3), "sent request data");
CHECK(sev->result);
CHECK(dns_tcpmsg_readmessage(&xfr->tcpmsg, xfr->task,
xfrin_recv_done, xfr));
xfr->recvs++;
failure:
isc_event_free(&event);
if (result != ISC_R_SUCCESS)
xfrin_fail(xfr, result, "sending request data");
}
static void
xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) ev->ev_arg;
isc_result_t result;
dns_message_t *msg = NULL;
dns_name_t *name;
dns_tcpmsg_t *tcpmsg;
REQUIRE(VALID_XFRIN(xfr));
UNUSED(task);
INSIST(ev->ev_type == DNS_EVENT_TCPMSG);
tcpmsg = ev->ev_sender;
isc_event_free(&ev);
xfr->recvs--;
if (xfr->shuttingdown) {
maybe_free(xfr);
return;
}
CHECK(tcpmsg->result);
xfrin_log(xfr, ISC_LOG_DEBUG(7), "received %u bytes",
tcpmsg->buffer.used);
CHECK(isc_timer_touch(xfr->timer));
CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTPARSE, &msg));
msg->tsigkey = xfr->tsigkey;
msg->querytsig = xfr->lasttsig;
msg->tsigctx = xfr->tsigctx;
if (xfr->nmsg > 0)
msg->tcp_continuation = 1;
result = dns_message_parse(msg, &tcpmsg->buffer, ISC_TRUE);
if (result != ISC_R_SUCCESS || msg->rcode != dns_rcode_noerror) {
if (result == ISC_R_SUCCESS)
result = ISC_RESULTCLASS_DNSRCODE + msg->rcode; /*XXX*/
if (xfr->reqtype == dns_rdatatype_axfr ||
xfr->reqtype == dns_rdatatype_soa)
FAIL(result);
xfrin_log(xfr, ISC_LOG_DEBUG(3), "got %s, retrying with AXFR",
isc_result_totext(result));
dns_message_destroy(&msg);
xfr->reqtype = dns_rdatatype_soa;
xfr->state = XFRST_SOAQUERY;
CHECK(xfrin_send_request(xfr));
return;
}
result = dns_message_checksig(msg, dns_zone_getview(xfr->zone));
if (result != ISC_R_SUCCESS) {
xfrin_log(xfr, ISC_LOG_DEBUG(3), "TSIG check failed: %s",
isc_result_totext(result));
return;
}
for (result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
result == ISC_R_SUCCESS;
result = dns_message_nextname(msg, DNS_SECTION_ANSWER))
{
dns_rdataset_t *rds;
name = NULL;
dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
if (!dns_name_issubdomain(name, &xfr->name)) {
/*
* Ignore out-of-zone data.
*/
continue;
}
for (rds = ISC_LIST_HEAD(name->list);
rds != NULL;
rds = ISC_LIST_NEXT(rds, link))
{
for (result = dns_rdataset_first(rds);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(rds))
{
dns_rdata_t rdata;
dns_rdataset_current(rds, &rdata);
CHECK(xfr_rr(xfr, name, rds->ttl, &rdata));
}
}
}
if (result != ISC_R_NOMORE)
goto failure;
if (msg->tsig != NULL) {
/* Reset the counter */
xfr->sincetsig = 0;
/* Free the last tsig, if there is one */
if (xfr->lasttsig != NULL) {
dns_rdata_freestruct(xfr->lasttsig);
isc_mem_put(xfr->mctx, xfr->lasttsig,
sizeof(*xfr->lasttsig));
}
/* Update the last tsig pointer */
xfr->lasttsig = msg->tsig;
/* Reset msg->tsig so it doesn't get freed */
msg->tsig = NULL;
} else if (msg->tsigkey != NULL) {
xfr->sincetsig++;
if (xfr->sincetsig > 100 ||
xfr->nmsg == 0 || xfr->state == XFRST_END)
{
result = DNS_R_EXPECTEDTSIG;
goto failure;
}
}
/* Update the number of messages received */
xfr->nmsg++;
/* Reset msg->querytsig so it doesn't get freed */
msg->querytsig = NULL;
/* Copy the context back */
xfr->tsigctx = msg->tsigctx;
dns_message_destroy(&msg);
if (xfr->state == XFRST_GOTSOA) {
xfr->reqtype = dns_rdatatype_axfr;
xfr->state = XFRST_INITIALSOA;
CHECK(xfrin_send_request(xfr));
} else if (xfr->state == XFRST_END) {
/*
* Inform the caller we succeeded.
*/
if (xfr->done != NULL) {
(xfr->done)(xfr->zone, ISC_R_SUCCESS);
xfr->done = NULL;
}
/*
* We should have no outstanding events at this
* point, thus maybe_free() should succeed.
*/
xfr->shuttingdown = ISC_TRUE;
maybe_free(xfr);
} else {
/* Read the next message. */
CHECK(dns_tcpmsg_readmessage(&xfr->tcpmsg, xfr->task,
xfrin_recv_done, xfr));
xfr->recvs++;
}
return;
failure:
if (msg != NULL) {
msg->querytsig = NULL;
dns_message_destroy(&msg);
}
if (result != ISC_R_SUCCESS)
xfrin_fail(xfr, result, "receiving responses");
}
static void
xfrin_timeout(isc_task_t *task, isc_event_t *event) {
dns_xfrin_ctx_t *xfr = (dns_xfrin_ctx_t *) event->ev_arg;
REQUIRE(VALID_XFRIN(xfr));
UNUSED(task);
isc_event_free(&event);
/* This will log "giving up: timeout". */
xfrin_fail(xfr, ISC_R_TIMEDOUT, "giving up");
}
static void
maybe_free(dns_xfrin_ctx_t *xfr) {
REQUIRE(VALID_XFRIN(xfr));
if (! xfr->shuttingdown || xfr->refcount != 0 ||
xfr->connects != 0 || xfr->sends != 0 ||
xfr->recvs != 0)
return;
xfrin_log(xfr, ISC_LOG_INFO, "end of transfer");
if (xfr->transferlist != NULL) {
LOCK(&xfr->transferlist->lock);
ISC_LIST_UNLINK(xfr->transferlist->transfers, xfr, link);
UNLOCK(&xfr->transferlist->lock);
xfr->transferlist = NULL;
}
if (xfr->socket != NULL)
isc_socket_detach(&xfr->socket);
if (xfr->timer != NULL)
isc_timer_detach(&xfr->timer);
if (xfr->task != NULL)
isc_task_detach(&xfr->task);
if (xfr->lasttsig != NULL) {
dns_rdata_freestruct(xfr->lasttsig);
isc_mem_put(xfr->mctx, xfr->lasttsig, sizeof(*xfr->lasttsig));
}
dns_diff_clear(&xfr->diff);
if (xfr->ixfr.journal != NULL)
dns_journal_destroy(&xfr->ixfr.journal);
if (xfr->axfr.add_private != NULL)
(void) dns_db_endload(xfr->db, &xfr->axfr.add_private);
if (xfr->tcpmsg_valid)
dns_tcpmsg_invalidate(&xfr->tcpmsg);
if ((xfr->name.attributes & DNS_NAMEATTR_DYNAMIC) != 0)
dns_name_free(&xfr->name, xfr->mctx);
if (xfr->ver != NULL)
dns_db_closeversion(xfr->db, &xfr->ver, ISC_FALSE);
if (xfr->db != NULL)
dns_db_detach(&xfr->db);
if (xfr->zone != NULL)
dns_zone_idetach(&xfr->zone);
isc_mem_put(xfr->mctx, xfr, sizeof(*xfr));
}
/*
* Log incoming zone transfer messages in a format like
* transfer of <zone> from <address>: <message>
*/
static void
xfrin_logv(int level, dns_name_t *zonename, isc_sockaddr_t *masteraddr,
const char *fmt, va_list ap)
{
char znbuf[1024];
isc_buffer_t masterbuf;
char mastermem[256];
isc_result_t result;
char msgmem[2048];
dns_name_format(zonename, znbuf, sizeof(znbuf));
isc_buffer_init(&masterbuf, mastermem, sizeof(mastermem),
ISC_BUFFERTYPE_TEXT);
result = isc_sockaddr_totext(masteraddr, &masterbuf);
if (result != ISC_R_SUCCESS)
strcpy(masterbuf.base, "<UNKNOWN>");
vsnprintf(msgmem, sizeof(msgmem), fmt, ap);
isc_log_write(dns_lctx, DNS_LOGCATEGORY_XFER_IN,
DNS_LOGMODULE_XFER_IN, level,
"transfer of '%s' from %s: %s", znbuf,
masterbuf.base, msgmem);
}
/* Logging function for use when a xfrin_ctx_t has not yet been created. */
static void
xfrin_log1(int level, dns_name_t *zonename, isc_sockaddr_t *masteraddr,
const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
xfrin_logv(level, zonename, masteraddr, fmt, ap);
va_end(ap);
}
/* Logging function for use when there is a xfrin_ctx_t. */
static void
xfrin_log(dns_xfrin_ctx_t *xfr, unsigned int level, const char *fmt, ...)
{
va_list ap;
va_start(ap, fmt);
xfrin_logv(level, &xfr->name, &xfr->masteraddr, fmt, ap);
va_end(ap);
}
isc_result_t dns_xfrinlist_init(dns_xfrinlist_t *list) {
ISC_LIST_INIT(list->transfers);
return (isc_mutex_init(&list->lock));
}
void dns_xfrinlist_destroy(dns_xfrinlist_t *list) {
isc_mutex_destroy(&list->lock);
}