1 /*------------------------------------------------------------------------------ 2 * 3 * Copyright (c) 2011-2021, EURid vzw. All rights reserved. 4 * The YADIFA TM software product is provided under the BSD 3-clause license: 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * * Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * * Neither the name of EURid nor the names of its contributors may be 16 * used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 23 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * 31 *------------------------------------------------------------------------------ 32 * 33 */ 34 35 /** @defgroup config Configuration handling 36 * @ingroup yadifad 37 * @brief 38 * 39 * @{ 40 */ 41 /*----------------------------------------------------------------------------*/ 42 #ifndef CONFS_H_ 43 #define CONFS_H_ 44 45 #ifdef __cplusplus 46 extern "C" { 47 #endif 48 49 /* ------------------------------------------------------------ */ 50 51 #include <string.h> 52 #include <errno.h> 53 #include <stddef.h> 54 55 #include "server-config.h" 56 57 #include <dnscore/rfc.h> 58 #include <dnscore/ptr_set.h> 59 #include <dnscore/acl.h> 60 #include <dnscore/dnscore-release-date.h> 61 #include <dnsdb/zdb_types.h> 62 63 /* ------------------------------------------------------------ */ 64 65 #define PREPROCESSOR_INT2STR(x) #x 66 67 #define TCP_QUERIES_MIN 0 68 #define TCP_QUERIES_MAX 0x20000 69 #define AXFR_PACKET_SIZE_MIN 512 70 #define AXFR_PACKET_SIZE_MAX 65535 71 #define AXFR_RECORD_BY_PACKET_MIN 0 72 #define AXFR_RECORD_BY_PACKET_MAX 65535 73 #define AXFR_RETRY_DELAY_MIN 60 74 #define AXFR_RETRY_DELAY_MAX 86400 75 #define AXFR_RETRY_JITTER_MIN 60 76 #define AXFR_RETRY_JITTER_MAX "don't use me, use the axfr_retry_delay value instead" 77 78 #define MAX_CONFIG_STRING 50 79 #define PRINTARGLEN 10 80 81 #define PROGRAM_NAME "yadifad" 82 #define PROGRAM_VERSION PACKAGE_VERSION 83 #define RELEASEDATE YADIFA_DNSCORE_RELEASE_DATE 84 85 /* List of default values for the different configuration parameters */ 86 #define S_CONFIGDIR SYSCONFDIR "/" 87 #define S_CONFIGFILE PROGRAM_NAME ".conf" 88 #define S_CONFIGFILEDYNAMIC PROGRAM_NAME ".conf.dyn" 89 #define S_DATAPATH LOCALSTATEDIR "/zones/" 90 #define S_XFRPATH LOCALSTATEDIR "/zones/xfr/" 91 #define S_KEYSPATH LOCALSTATEDIR "/zones/keys/" /** Keys should not be in "shared" */ 92 #define S_LOGPATH LOGDIR 93 #define S_PIDFILE LOCALSTATEDIR "/run/" PROGRAM_NAME ".pid" /// @TODO 20200623 edf -- use RUNSTATEDIR instead 94 95 #define S_VERSION_CHAOS PACKAGE_VERSION /* limit the size */ 96 #define S_HOSTNAME_CHAOS NULL 97 #define S_SERVERID_CHAOS NULL 98 99 #define S_DEBUGLEVEL "0" 100 101 /* default values for SERVER_FL */ 102 #define S_SYSLOG "0" 103 #define S_STATISTICS "1" 104 #define S_STATISTICS_MAX_PERIOD "60" /* 1 -> 31 * 86400 */ 105 #define S_DAEMONRUN "0" 106 #define S_ANSWER_FORMERR_PACKETS "1" 107 #define S_DYNAMIC_PROVISIONING "0" 108 109 /** \def S_RUNMODE 110 * Run mode of the program */ 111 #define S_RUNMODE RUNMODE_CONTINUE_CLEAN 112 113 #define S_NETWORK_MODEL "2" 114 #define S_INTERACTIVE "0" 115 #define S_LOG_FROM_START "0" 116 #define S_LOG_FILES_DISABLED "0" 117 118 /* */ 119 #define S_CPU_COUNT_OVERRIDE "0" /* max 256 */ 120 #define S_THREAD_COUNT_BY_ADDRESS "-1" /* -1 for auto */ 121 #define S_DNSSEC_THREAD_COUNT "0" /* max 1024 */ 122 123 #define S_ZONE_LOAD_THREAD_COUNT "1" // disk 124 #define ZONE_LOAD_THREAD_COUNT_MIN 1 125 #define ZONE_LOAD_THREAD_COUNT_MAX 4 126 127 #define S_ZONE_SAVE_THREAD_COUNT "1" // disk 128 #define ZONE_SAVE_THREAD_COUNT_MIN 1 129 #define ZONE_SAVE_THREAD_COUNT_MAX 4 130 131 #define S_ZONE_UNLOAD_THREAD_COUNT "1" // cpu 132 #define ZONE_UNLOAD_THREAD_COUNT_MIN 1 133 #define ZONE_UNLOAD_THREAD_COUNT_MAX 4 134 135 #define S_ZONE_DOWNLOAD_THREAD_COUNT "4" // network 136 #define ZONE_DOWNLOAD_THREAD_COUNT_MIN 1 137 #define ZONE_DOWNLOAD_THREAD_COUNT_MAX 16 138 139 /* Chroot, uid and gid */ 140 #define S_CHROOT "0" 141 #define S_LOG_UNPROCESSABLE "0" 142 #define S_CHROOTPATH "/" 143 #define S_UID "0" 144 #define S_GID "0" 145 146 /** \def S_LISTEN 147 * Listening to all interfaces */ 148 #define S_LISTEN "0.0.0.0;::0" 149 150 #if HAS_SYSTEMD_RESOLVED_AVOIDANCE 151 #define S_DO_NOT_LISTEN "127.0.0.53 port 53" 152 #else 153 #define S_DO_NOT_LISTEN "" 154 #endif 155 156 #define MAX_INTERFACES 256 157 158 #define S_TOTALINTERFACES 1 159 #define S_MAX_TCP_QUERIES "128" /* max : 65536 */ 160 #define S_MAX_TCP_QUERIES_PER_ADDRESS "2" 161 #define S_MAX_SECONDARY_TCP_QUERIES "16" 162 #define S_TCP_QUERY_MIN_RATE "512" /* bytes per second minimum rate */ 163 164 #define S_TCP_QUEUE_SIZE "1024" 165 #define S_TCP_QUEUE_SIZE_MIN 64 166 #define S_TCP_QUEUE_SIZE_MAX 65536 167 168 #define S_MAX_AXFR "10" 169 170 #define S_AXFR_MAX_RECORD_BY_PACKET "0" /** No limit. Old applications can only work with this set to 1 */ 171 #define S_AXFR_PACKET_SIZE_MAX "4096" /** plus TSIG */ 172 #define S_AXFR_COMPRESS_PACKETS "1" 173 #define S_AXFR_RETRY_DELAY "600" 174 #define S_AXFR_RETRY_JITTER "180" 175 176 #if HAS_NON_AA_AXFR_SUPPORT 177 #define S_AXFR_STRICT_AUTHORITY "0" 178 #else 179 #define S_AXFR_STRICT_AUTHORITY "1" 180 #endif 181 182 #define S_AXFR_RETRY_FAILURE_DELAY_MULTIPLIER "5" 183 #define AXFR_RETRY_FAILURE_DELAY_MULTIPLIER_MIN 0 184 #define AXFR_RETRY_FAILURE_DELAY_MULTIPLIER_MAX 86400 185 186 #define S_AXFR_RETRY_FAILURE_DELAY_MULTIPLIER_MAX "3600" 187 #define AXFR_RETRY_FAILURE_DELAY_MULTIPLIER_MAX_MIN 0 188 #define AXFR_RETRY_FAILURE_DELAY_MULTIPLIER_MAX_MAX 604800 189 190 #define S_SERVER_RW_BACKLOG_QUEUE_SIZE "16384" 191 #define SERVER_RW_BACKLOG_QUEUE_SIZE_MIN 0x001000 192 #define SERVER_RW_BACKLOG_QUEUE_SIZE_MAX 0x100000 193 194 #define S_XFR_CONNECT_TIMEOUT "5" /* seconds */ 195 196 #define S_QUERIES_LOG_TYPE "1" /* 0: none, 1: YADIFA, 2: bind 3:both */ 197 198 #define S_ALLOW_QUERY "any" 199 #define S_ALLOW_UPDATE "none" 200 #define S_ALLOW_TRANSFER "none" 201 #define S_ALLOW_UPDATE_FORWARDING "none" 202 #define S_ALLOW_NOTIFY "any" 203 #define S_ALLOW_CONTROL "none" 204 205 /** \def S_SERVERPORT 206 * Standard port for listening udp and tcp */ 207 #define S_SERVERPORT "53" /* PREPROCESSOR_INT2STR(DNS_DEFAULT_PORT) */ 208 #define S_TRANSFER_SOURCE "0.0.0.0" 209 210 /* IP FLAGS */ 211 #define S_IPV4 "1" 212 #define S_IPV6 "1" 213 214 /* QUERIES FLAGS */ 215 #define S_ADDITIONAL_AUTH "1" 216 #define S_AUTHORITY_AUTH "1" 217 #define S_ADDITIONAL_CACHE "1" 218 #define S_AUTHORITY_CACHE "1" 219 #define S_EDNS0 "1" 220 #define S_EDNS0_MAX_SIZE "4096" 221 #define S_RECURSION "1" 222 223 #define S_S32_VALUE_NOT_SET NULL 224 #define S_SIG_VALIDITY_INTERVAL "30" /* 30 days in days */ 225 #define S_SIG_VALIDITY_REGENERATION "168" /* 7 days in hours 24->168 */ 226 #define S_SIG_VALIDITY_JITTER "3600" /* 1 hour in seconds */ 227 #define S_SIG_SIGNING_TYPE "65534" 228 229 #define S_NOTIFY_RETRY_COUNT "5" /* 5 retries */ 230 #define S_NOTIFY_RETRY_PERIOD "1" /* first after 1 minute */ 231 #define S_NOTIFY_RETRY_PERIOD_INCREASE "0" /* period increased by "0" after every try */ 232 233 #define S_ZONE_NOTIFY_AUTO "1" 234 #define S_ZONE_FLAG_DROP_BEFORE_LOAD "0" 235 #define S_ZONE_NO_MASTER_UPDATES "0" 236 #define S_ZONE_FLAG_MAINTAIN_DNSSEC "1" 237 #define S_ZONE_FLAG_TRUE_MULTIMASTER "0" 238 #define S_ZONE_FLAG_RRSIG_NSUPDATE_ALLOWED "0" 239 240 #define S_MULTIMASTER_RETRIES "0" // in a multimaster setup, how many retries before changing master 241 // 0 is perfectly fine except in true-multimaster mode where the resource cost 242 // asks for some caution. In that case 60 would be a good choice. Maximum is 255 243 #define S_ZONE_DNSSEC_DNSSEC "off" 244 245 #define S_JOURNAL_SIZE_KB_DEFAULT "0" // 0 means "automatic" 246 #define S_JOURNAL_SIZE_KB_MIN 0 // less than 64KB is asking for trouble (0 means "automatic") 247 #define S_JOURNAL_SIZE_KB_MAX 3698688 // 3GB 248 249 /* ------------------------------------------------------------ */ 250 251 /* List of cases for adjusting the keys configuration parameters */ 252 #define KC_NAME 1 253 #define KC_ALGORITHM 2 254 #define KC_SECRET 3 255 256 /* List of cases for adjusting the control configuration parameters */ 257 #define CC_NET 1 258 #define CC_KEYS 2 259 260 #define CONTAINER_MAIN 1 261 #define CONTAINER_ZONE 2 262 #define CONTAINER_CHANNELS 3 263 #define CONTAINER_LOGGERS 4 264 #define CONTAINER_KEYS 5 265 #define CONTAINER_CONTROL 6 266 267 /* Run modes of the program, 268 * only RUNMODE_DAEMON can be asked via the configuration file 269 */ 270 #define RUNMODE_FLAG 0x0F 271 /* Only one of these can be active */ 272 #define RUNMODE_EXIT_CLEAN 0x01 273 #define RUNMODE_CONTINUE_CLEAN 0x02 /* normal mode */ 274 #define RUNMODE_DAEMON 0x03 /* daemon mode */ 275 #define RUNMODE_INTERACTIVE 0x04 /* interactive mode */ 276 277 #define RUNMODE_SWITCH_FLAG 0xF0 278 279 /* Server flags */ 280 #define SERVER_FL_CHROOT 0x01 281 #define SERVER_FL_DAEMON 0x02 282 #define SERVER_FL_STATISTICS 0x04 283 #define SERVER_FL_ANSWER_FORMERR 0x08 284 #define SERVER_FL_LOG_UNPROCESSABLE 0x10 285 #define SERVER_FL_INTERACTIVE 0x20 286 #define SERVER_FL_DYNAMIC_PROVISIONING 0x40 287 #define SERVER_FL_LOG_FROM_START 0x8000 288 #define SERVER_FL_LOG_FILE_DISABLED 0x4000 289 290 /* IP flags */ 291 #define IP_FLAGS_IPV4 0x01 292 #define IP_FLAGS_IPV6 0x02 293 294 #if 0 /* fix */ 295 #else 296 #define SIGNATURE_VALIDITY_INTERVAL_MIN 7 /* 7 days */ 297 #endif 298 #define SIGNATURE_VALIDITY_INTERVAL_MAX 366 /* 366 days */ 299 #define SIGNATURE_VALIDITY_INTERVAL_S 86400 /* seconds for that unit */ 300 301 #if 0 /* fix */ 302 #else 303 #define SIGNATURE_VALIDITY_REGENERATION_MIN 24 /* 1 day */ 304 #endif 305 #define SIGNATURE_VALIDITY_REGENERATION_MAX 168 /* 7 days */ 306 #define SIGNATURE_VALIDITY_REGENERATION_S 3600 /* seconds for that unit */ 307 308 #define SIGNATURE_VALIDITY_JITTER_MIN 0 309 #define SIGNATURE_VALIDITY_JITTER_MAX 86400 310 #define SIGNATURE_VALIDITY_JITTER_S 1 /* seconds for that unit */ 311 312 #define NOTIFY_RETRY_COUNT_MIN 0 313 #define NOTIFY_RETRY_COUNT_MAX 10 314 315 #define NOTIFY_RETRY_PERIOD_MIN 1 316 #define NOTIFY_RETRY_PERIOD_MAX 600 317 318 #define NOTIFY_RETRY_PERIOD_INCREASE_MIN 0 319 #define NOTIFY_RETRY_PERIOD_INCREASE_MAX 600 320 321 /* ------------------------------------------------------------ */ 322 323 typedef struct udp udp; 324 struct udp 325 { 326 struct addrinfo *addr; 327 int sockfd; 328 }; 329 330 typedef struct tcp tcp; 331 struct tcp 332 { 333 struct addrinfo *addr; 334 int sockfd; 335 }; 336 337 #ifdef WIN32 338 #ifdef interface 339 #undef interface 340 #endif 341 #endif // WIN32 342 343 typedef struct interface interface; 344 struct interface 345 { 346 udp udp; 347 tcp tcp; 348 }; 349 350 typedef struct scheduler scheduler; 351 struct scheduler 352 { 353 int sockfd; 354 }; 355 356 #define CONFIG_READER_CONTEXT_MAX_DEPTH 128 357 358 typedef struct config_reader_context config_reader_context; 359 360 struct config_reader_context 361 { 362 s32 top; // -1 363 bool dynamic; 364 FILE* data[CONFIG_READER_CONTEXT_MAX_DEPTH]; 365 char* file_name[CONFIG_READER_CONTEXT_MAX_DEPTH]; 366 }; 367 368 /** \struct config_data 369 * Struct with the configuration data. This data can be the default 370 * data, data from a configuration file, or data as arguments on 371 * the command line 372 */ 373 typedef struct config_data config_data; 374 375 #define YGCONFIG_TAG 0x4749464e4f434759 376 377 #define CONFIG_SIGNATURE_TYPE_CONFIGURABLE 0 378 379 struct config_data 380 { 381 // Which are the interfaces to listen to 382 host_address *listen; 383 // Which are the interfaces to not listen to 384 host_address *do_not_listen; 385 // List of hosts registered by the TCP manager 386 host_address *known_hosts; 387 388 /* General variables */ 389 char *data_path; /* zones */ 390 char *xfr_path; /* full and incremental images base ... */ 391 #ifndef WIN32 392 char *chroot_path; /* chroot point */ 393 #endif 394 char *log_path; /* log files */ 395 char *keys_path; /* keys */ 396 char *config_file; /* config */ 397 398 char *pid_file; /* pid file path and name */ 399 400 char *version_chaos; 401 char *hostname_chaos; 402 char *serverid_chaos; 403 char *server_port; 404 405 #if HAS_EVENT_DYNAMIC_MODULE 406 ptr_vector dynamic_modules; 407 #endif 408 409 pid_t pid; 410 411 /* Server variables */ 412 413 u16 server_flags; 414 415 int total_interfaces; 416 int cpu_count_override; 417 s32 thread_count_by_address; 418 int thread_affinity_base; 419 int thread_affinity_multiplier; 420 #if DATABASE_ZONE_RRSIG_THREAD_POOL 421 int dnssec_thread_count; 422 #endif 423 int zone_load_thread_count; 424 int zone_store_thread_count; 425 int zone_unload_thread_count; 426 int zone_download_thread_count; 427 int max_tcp_queries; 428 int max_tcp_queries_per_address; 429 int max_secondary_tcp_queries; 430 int tcp_query_min_rate; 431 int tcp_queue_size; 432 int axfr_max_record_by_packet; 433 int axfr_max_packet_size; 434 int axfr_retry_delay; 435 int axfr_retry_jitter; 436 u32 axfr_retry_failure_delay_multiplier; 437 u32 axfr_retry_failure_delay_max; 438 int xfr_connect_timeout; 439 u32 statistics_max_period; 440 int edns0_max_size; 441 int network_model; // 0: default MT, 1: experimental RqW 442 u32 worker_backlog_queue_size; 443 s32 set_nofile; 444 bool axfr_compress_packets; 445 bool axfr_strict_authority; // if the AA bit isn't set, AXFR is rejected 446 447 /**/ 448 449 access_control *ac; 450 451 /**/ 452 453 gid_t gid; 454 uid_t uid; 455 456 u16 process_flags; 457 u16 server_port_value; 458 459 //u8 ip; 460 461 /* 462 * The pid of the only child (a.k.a the server) 463 */ 464 465 zdb *database; 466 467 u32 queries_log_type; 468 469 #if HAS_DNSSEC_SUPPORT 470 u32 sig_validity_interval; 471 u32 sig_validity_regeneration; 472 u32 sig_validity_jitter; 473 #if CONFIG_SIGNATURE_TYPE_CONFIGURABLE 474 u16 sig_signing_type; 475 #endif 476 #endif 477 478 double tcp_query_min_rate_us; 479 480 bool chrooted; 481 bool reloadable; 482 483 bool hidden_master; 484 485 bool check_policies; 486 }; 487 488 /** 489 * zone_desc filter callback, 490 * The second argument is the proprietary data passed to the 491 * 492 * Must return 1 for accept, 0 for reject, or an error code. 493 * 494 */ 495 496 struct zone_desc_s; 497 typedef struct zone_desc_s zone_desc_s; 498 499 typedef ya_result config_section_zone_filter_callback(zone_desc_s *, void *); 500 501 #ifndef CONFS_MAIN_C_ 502 503 extern config_data *g_config; 504 505 #endif 506 507 508 /** 509 * @brief Tool function printing all the known names in a table. 510 */ 511 512 /* ------------------------------------------------------------ */ 513 514 void config_logger_setdefault(); 515 void config_logger_cleardefault(); 516 517 /* ------------------------------------------------------------ */ 518 519 ya_result yadifad_config_init(); 520 ya_result yadifad_config_cmdline(int argc, char **argv); 521 ya_result yadifad_config_read(const char *config_file); 522 ya_result yadifad_config_finalize(); 523 524 ya_result yadifad_config_update(const char *config_file); 525 526 ya_result yadifad_config_update_zone(const char *config_file, const ptr_set *fqdn); 527 528 void yadifad_print_usage(const char *name); 529 530 /* ------------------------------------------------------------ */ 531 532 ya_result confs_set_dnssec(const char *value, u32 *dest, anytype notused); 533 534 void config_zone_print(zone_desc_s *zone_desc, output_stream *os); 535 536 /** 537 * 538 * Enables a callback filter that is called before pushing a zone_desc to the database service. 539 * 540 * @param cb a callback function or NULL to reset to the "accept all" filter. 541 * @param params a pointer that will be passed to the callback 542 */ 543 544 void config_section_zone_set_filter(config_section_zone_filter_callback *cb, void *params); 545 546 bool config_check_bounds_s32(s32 minval, s32 maxval, s32 val, const char *name); 547 548 #ifdef __cplusplus 549 } 550 #endif 551 552 #endif /* CONFS_H_ */ 553 554 /** @} */ 555