1 /*
2 * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 *
4 * This Source Code Form is subject to the terms of the Mozilla Public
5 * License, v. 2.0. If a copy of the MPL was not distributed with this
6 * file, you can obtain one at https://mozilla.org/MPL/2.0/.
7 *
8 * See the COPYRIGHT file distributed with this work for additional
9 * information regarding copyright ownership.
10 */
11
12 #include <config.h>
13
14 #include <inttypes.h>
15 #include <stdbool.h>
16
17 #include <isc/formatcheck.h>
18 #include <isc/mem.h>
19 #include <isc/timer.h>
20 #include <isc/print.h>
21 #include <isc/stats.h>
22 #include <isc/util.h>
23
24 #include <dns/db.h>
25 #include <dns/dbiterator.h>
26 #include <dns/dlz.h>
27 #include <dns/fixedname.h>
28 #include <dns/journal.h>
29 #include <dns/message.h>
30 #include <dns/peer.h>
31 #include <dns/rdataclass.h>
32 #include <dns/rdatalist.h>
33 #include <dns/rdataset.h>
34 #include <dns/rdatasetiter.h>
35 #include <dns/result.h>
36 #include <dns/rriterator.h>
37 #include <dns/soa.h>
38 #include <dns/stats.h>
39 #include <dns/timer.h>
40 #include <dns/tsig.h>
41 #include <dns/view.h>
42 #include <dns/zone.h>
43 #include <dns/zt.h>
44
45 #include <named/client.h>
46 #include <named/log.h>
47 #include <named/server.h>
48 #include <named/xfrout.h>
49
50 /*! \file
51 * \brief
52 * Outgoing AXFR and IXFR.
53 */
54
55 /*
56 * TODO:
57 * - IXFR over UDP
58 */
59
60 #define XFROUT_COMMON_LOGARGS \
61 ns_g_lctx, DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT
62
63 #define XFROUT_PROTOCOL_LOGARGS \
64 XFROUT_COMMON_LOGARGS, ISC_LOG_INFO
65
66 #define XFROUT_DEBUG_LOGARGS(n) \
67 XFROUT_COMMON_LOGARGS, ISC_LOG_DEBUG(n)
68
69 #define XFROUT_RR_LOGARGS \
70 XFROUT_COMMON_LOGARGS, XFROUT_RR_LOGLEVEL
71
72 #define XFROUT_RR_LOGLEVEL ISC_LOG_DEBUG(8)
73
74 /*%
75 * Fail unconditionally and log as a client error.
76 * The test against ISC_R_SUCCESS is there to keep the Solaris compiler
77 * from complaining about "end-of-loop code not reached".
78 */
79 #define FAILC(code, msg) \
80 do { \
81 result = (code); \
82 ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, \
83 NS_LOGMODULE_XFER_OUT, ISC_LOG_INFO, \
84 "bad zone transfer request: %s (%s)", \
85 msg, isc_result_totext(code)); \
86 if (result != ISC_R_SUCCESS) goto failure; \
87 } while (0)
88
89 #define FAILQ(code, msg, question, rdclass) \
90 do { \
91 char _buf1[DNS_NAME_FORMATSIZE]; \
92 char _buf2[DNS_RDATACLASS_FORMATSIZE]; \
93 result = (code); \
94 dns_name_format(question, _buf1, sizeof(_buf1)); \
95 dns_rdataclass_format(rdclass, _buf2, sizeof(_buf2)); \
96 ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT, \
97 NS_LOGMODULE_XFER_OUT, ISC_LOG_INFO, \
98 "bad zone transfer request: '%s/%s': %s (%s)", \
99 _buf1, _buf2, msg, isc_result_totext(code)); \
100 if (result != ISC_R_SUCCESS) goto failure; \
101 } while (0)
102
103 #define CHECK(op) \
104 do { result = (op); \
105 if (result != ISC_R_SUCCESS) goto failure; \
106 } while (0)
107
108 /**************************************************************************/
109
110 static inline void
inc_stats(dns_zone_t * zone,isc_statscounter_t counter)111 inc_stats(dns_zone_t *zone, isc_statscounter_t counter) {
112 isc_stats_increment(ns_g_server->nsstats, counter);
113 if (zone != NULL) {
114 isc_stats_t *zonestats = dns_zone_getrequeststats(zone);
115 if (zonestats != NULL)
116 isc_stats_increment(zonestats, counter);
117 }
118 }
119
120 /**************************************************************************/
121
122 /*% Log an RR (for debugging) */
123
124 static void
log_rr(dns_name_t * name,dns_rdata_t * rdata,uint32_t ttl)125 log_rr(dns_name_t *name, dns_rdata_t *rdata, uint32_t ttl) {
126 isc_result_t result;
127 isc_buffer_t buf;
128 char mem[2000];
129 dns_rdatalist_t rdl;
130 dns_rdataset_t rds;
131 dns_rdata_t rd = DNS_RDATA_INIT;
132
133 dns_rdatalist_init(&rdl);
134 rdl.type = rdata->type;
135 rdl.rdclass = rdata->rdclass;
136 rdl.ttl = ttl;
137 if (rdata->type == dns_rdatatype_sig ||
138 rdata->type == dns_rdatatype_rrsig)
139 rdl.covers = dns_rdata_covers(rdata);
140 else
141 rdl.covers = dns_rdatatype_none;
142 dns_rdataset_init(&rds);
143 dns_rdata_init(&rd);
144 dns_rdata_clone(rdata, &rd);
145 ISC_LIST_APPEND(rdl.rdata, &rd, link);
146 RUNTIME_CHECK(dns_rdatalist_tordataset(&rdl, &rds) == ISC_R_SUCCESS);
147
148 isc_buffer_init(&buf, mem, sizeof(mem));
149 result = dns_rdataset_totext(&rds, name,
150 false, false, &buf);
151
152 /*
153 * We could use xfrout_log(), but that would produce
154 * very long lines with a repetitive prefix.
155 */
156 if (result == ISC_R_SUCCESS) {
157 /*
158 * Get rid of final newline.
159 */
160 INSIST(buf.used >= 1 &&
161 ((char *) buf.base)[buf.used - 1] == '\n');
162 buf.used--;
163
164 isc_log_write(XFROUT_RR_LOGARGS, "%.*s",
165 (int)isc_buffer_usedlength(&buf),
166 (char *)isc_buffer_base(&buf));
167 } else {
168 isc_log_write(XFROUT_RR_LOGARGS, "<RR too large to print>");
169 }
170 }
171
172 /**************************************************************************/
173 /*
174 * An 'rrstream_t' is a polymorphic iterator that returns
175 * a stream of resource records. There are multiple implementations,
176 * e.g. for generating AXFR and IXFR records streams.
177 */
178
179 typedef struct rrstream_methods rrstream_methods_t;
180
181 typedef struct rrstream {
182 isc_mem_t *mctx;
183 rrstream_methods_t *methods;
184 } rrstream_t;
185
186 struct rrstream_methods {
187 isc_result_t (*first)(rrstream_t *);
188 isc_result_t (*next)(rrstream_t *);
189 void (*current)(rrstream_t *,
190 dns_name_t **,
191 uint32_t *,
192 dns_rdata_t **);
193 void (*pause)(rrstream_t *);
194 void (*destroy)(rrstream_t **);
195 };
196
197 static void
rrstream_noop_pause(rrstream_t * rs)198 rrstream_noop_pause(rrstream_t *rs) {
199 UNUSED(rs);
200 }
201
202 /**************************************************************************/
203 /*
204 * An 'ixfr_rrstream_t' is an 'rrstream_t' that returns
205 * an IXFR-like RR stream from a journal file.
206 *
207 * The SOA at the beginning of each sequence of additions
208 * or deletions are included in the stream, but the extra
209 * SOAs at the beginning and end of the entire transfer are
210 * not included.
211 */
212
213 typedef struct ixfr_rrstream {
214 rrstream_t common;
215 dns_journal_t *journal;
216 } ixfr_rrstream_t;
217
218 /* Forward declarations. */
219 static void
220 ixfr_rrstream_destroy(rrstream_t **sp);
221
222 static rrstream_methods_t ixfr_rrstream_methods;
223
224 /*
225 * Returns: anything dns_journal_open() or dns_journal_iter_init()
226 * may return.
227 */
228
229 static isc_result_t
ixfr_rrstream_create(isc_mem_t * mctx,const char * journal_filename,uint32_t begin_serial,uint32_t end_serial,rrstream_t ** sp)230 ixfr_rrstream_create(isc_mem_t *mctx,
231 const char *journal_filename,
232 uint32_t begin_serial,
233 uint32_t end_serial,
234 rrstream_t **sp)
235 {
236 ixfr_rrstream_t *s;
237 isc_result_t result;
238
239 INSIST(sp != NULL && *sp == NULL);
240
241 s = isc_mem_get(mctx, sizeof(*s));
242 if (s == NULL)
243 return (ISC_R_NOMEMORY);
244 s->common.mctx = NULL;
245 isc_mem_attach(mctx, &s->common.mctx);
246 s->common.methods = &ixfr_rrstream_methods;
247 s->journal = NULL;
248
249 CHECK(dns_journal_open(mctx, journal_filename,
250 DNS_JOURNAL_READ, &s->journal));
251 CHECK(dns_journal_iter_init(s->journal, begin_serial, end_serial));
252
253 *sp = (rrstream_t *) s;
254 return (ISC_R_SUCCESS);
255
256 failure:
257 ixfr_rrstream_destroy((rrstream_t **) (void *)&s);
258 return (result);
259 }
260
261 static isc_result_t
ixfr_rrstream_first(rrstream_t * rs)262 ixfr_rrstream_first(rrstream_t *rs) {
263 ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
264 return (dns_journal_first_rr(s->journal));
265 }
266
267 static isc_result_t
ixfr_rrstream_next(rrstream_t * rs)268 ixfr_rrstream_next(rrstream_t *rs) {
269 ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
270 return (dns_journal_next_rr(s->journal));
271 }
272
273 static void
ixfr_rrstream_current(rrstream_t * rs,dns_name_t ** name,uint32_t * ttl,dns_rdata_t ** rdata)274 ixfr_rrstream_current(rrstream_t *rs,
275 dns_name_t **name, uint32_t *ttl,
276 dns_rdata_t **rdata)
277 {
278 ixfr_rrstream_t *s = (ixfr_rrstream_t *) rs;
279 dns_journal_current_rr(s->journal, name, ttl, rdata);
280 }
281
282 static void
ixfr_rrstream_destroy(rrstream_t ** rsp)283 ixfr_rrstream_destroy(rrstream_t **rsp) {
284 ixfr_rrstream_t *s = (ixfr_rrstream_t *) *rsp;
285 if (s->journal != 0)
286 dns_journal_destroy(&s->journal);
287 isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
288 }
289
290 static rrstream_methods_t ixfr_rrstream_methods = {
291 ixfr_rrstream_first,
292 ixfr_rrstream_next,
293 ixfr_rrstream_current,
294 rrstream_noop_pause,
295 ixfr_rrstream_destroy
296 };
297
298 /**************************************************************************/
299 /*
300 * An 'axfr_rrstream_t' is an 'rrstream_t' that returns
301 * an AXFR-like RR stream from a database.
302 *
303 * The SOAs at the beginning and end of the transfer are
304 * not included in the stream.
305 */
306
307 typedef struct axfr_rrstream {
308 rrstream_t common;
309 dns_rriterator_t it;
310 bool it_valid;
311 } axfr_rrstream_t;
312
313 /*
314 * Forward declarations.
315 */
316 static void
317 axfr_rrstream_destroy(rrstream_t **rsp);
318
319 static rrstream_methods_t axfr_rrstream_methods;
320
321 static isc_result_t
axfr_rrstream_create(isc_mem_t * mctx,dns_db_t * db,dns_dbversion_t * ver,rrstream_t ** sp)322 axfr_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
323 rrstream_t **sp)
324 {
325 axfr_rrstream_t *s;
326 isc_result_t result;
327
328 INSIST(sp != NULL && *sp == NULL);
329
330 s = isc_mem_get(mctx, sizeof(*s));
331 if (s == NULL)
332 return (ISC_R_NOMEMORY);
333 s->common.mctx = NULL;
334 isc_mem_attach(mctx, &s->common.mctx);
335 s->common.methods = &axfr_rrstream_methods;
336 s->it_valid = false;
337
338 CHECK(dns_rriterator_init(&s->it, db, ver, 0));
339 s->it_valid = true;
340
341 *sp = (rrstream_t *) s;
342 return (ISC_R_SUCCESS);
343
344 failure:
345 axfr_rrstream_destroy((rrstream_t **) (void *)&s);
346 return (result);
347 }
348
349 static isc_result_t
axfr_rrstream_first(rrstream_t * rs)350 axfr_rrstream_first(rrstream_t *rs) {
351 axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
352 isc_result_t result;
353 result = dns_rriterator_first(&s->it);
354 if (result != ISC_R_SUCCESS)
355 return (result);
356 /* Skip SOA records. */
357 for (;;) {
358 dns_name_t *name_dummy = NULL;
359 uint32_t ttl_dummy;
360 dns_rdata_t *rdata = NULL;
361 dns_rriterator_current(&s->it, &name_dummy,
362 &ttl_dummy, NULL, &rdata);
363 if (rdata->type != dns_rdatatype_soa)
364 break;
365 result = dns_rriterator_next(&s->it);
366 if (result != ISC_R_SUCCESS)
367 break;
368 }
369 return (result);
370 }
371
372 static isc_result_t
axfr_rrstream_next(rrstream_t * rs)373 axfr_rrstream_next(rrstream_t *rs) {
374 axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
375 isc_result_t result;
376
377 /* Skip SOA records. */
378 for (;;) {
379 dns_name_t *name_dummy = NULL;
380 uint32_t ttl_dummy;
381 dns_rdata_t *rdata = NULL;
382 result = dns_rriterator_next(&s->it);
383 if (result != ISC_R_SUCCESS)
384 break;
385 dns_rriterator_current(&s->it, &name_dummy,
386 &ttl_dummy, NULL, &rdata);
387 if (rdata->type != dns_rdatatype_soa)
388 break;
389 }
390 return (result);
391 }
392
393 static void
axfr_rrstream_current(rrstream_t * rs,dns_name_t ** name,uint32_t * ttl,dns_rdata_t ** rdata)394 axfr_rrstream_current(rrstream_t *rs, dns_name_t **name, uint32_t *ttl,
395 dns_rdata_t **rdata)
396 {
397 axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
398 dns_rriterator_current(&s->it, name, ttl, NULL, rdata);
399 }
400
401 static void
axfr_rrstream_pause(rrstream_t * rs)402 axfr_rrstream_pause(rrstream_t *rs) {
403 axfr_rrstream_t *s = (axfr_rrstream_t *) rs;
404 dns_rriterator_pause(&s->it);
405 }
406
407 static void
axfr_rrstream_destroy(rrstream_t ** rsp)408 axfr_rrstream_destroy(rrstream_t **rsp) {
409 axfr_rrstream_t *s = (axfr_rrstream_t *) *rsp;
410 if (s->it_valid)
411 dns_rriterator_destroy(&s->it);
412 isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
413 }
414
415 static rrstream_methods_t axfr_rrstream_methods = {
416 axfr_rrstream_first,
417 axfr_rrstream_next,
418 axfr_rrstream_current,
419 axfr_rrstream_pause,
420 axfr_rrstream_destroy
421 };
422
423 /**************************************************************************/
424 /*
425 * An 'soa_rrstream_t' is a degenerate 'rrstream_t' that returns
426 * a single SOA record.
427 */
428
429 typedef struct soa_rrstream {
430 rrstream_t common;
431 dns_difftuple_t *soa_tuple;
432 } soa_rrstream_t;
433
434 /*
435 * Forward declarations.
436 */
437 static void
438 soa_rrstream_destroy(rrstream_t **rsp);
439
440 static rrstream_methods_t soa_rrstream_methods;
441
442 static isc_result_t
soa_rrstream_create(isc_mem_t * mctx,dns_db_t * db,dns_dbversion_t * ver,rrstream_t ** sp)443 soa_rrstream_create(isc_mem_t *mctx, dns_db_t *db, dns_dbversion_t *ver,
444 rrstream_t **sp)
445 {
446 soa_rrstream_t *s;
447 isc_result_t result;
448
449 INSIST(sp != NULL && *sp == NULL);
450
451 s = isc_mem_get(mctx, sizeof(*s));
452 if (s == NULL)
453 return (ISC_R_NOMEMORY);
454 s->common.mctx = NULL;
455 isc_mem_attach(mctx, &s->common.mctx);
456 s->common.methods = &soa_rrstream_methods;
457 s->soa_tuple = NULL;
458
459 CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
460 &s->soa_tuple));
461
462 *sp = (rrstream_t *) s;
463 return (ISC_R_SUCCESS);
464
465 failure:
466 soa_rrstream_destroy((rrstream_t **) (void *)&s);
467 return (result);
468 }
469
470 static isc_result_t
soa_rrstream_first(rrstream_t * rs)471 soa_rrstream_first(rrstream_t *rs) {
472 UNUSED(rs);
473 return (ISC_R_SUCCESS);
474 }
475
476 static isc_result_t
soa_rrstream_next(rrstream_t * rs)477 soa_rrstream_next(rrstream_t *rs) {
478 UNUSED(rs);
479 return (ISC_R_NOMORE);
480 }
481
482 static void
soa_rrstream_current(rrstream_t * rs,dns_name_t ** name,uint32_t * ttl,dns_rdata_t ** rdata)483 soa_rrstream_current(rrstream_t *rs, dns_name_t **name, uint32_t *ttl,
484 dns_rdata_t **rdata)
485 {
486 soa_rrstream_t *s = (soa_rrstream_t *) rs;
487 *name = &s->soa_tuple->name;
488 *ttl = s->soa_tuple->ttl;
489 *rdata = &s->soa_tuple->rdata;
490 }
491
492 static void
soa_rrstream_destroy(rrstream_t ** rsp)493 soa_rrstream_destroy(rrstream_t **rsp) {
494 soa_rrstream_t *s = (soa_rrstream_t *) *rsp;
495 if (s->soa_tuple != NULL)
496 dns_difftuple_free(&s->soa_tuple);
497 isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
498 }
499
500 static rrstream_methods_t soa_rrstream_methods = {
501 soa_rrstream_first,
502 soa_rrstream_next,
503 soa_rrstream_current,
504 rrstream_noop_pause,
505 soa_rrstream_destroy
506 };
507
508 /**************************************************************************/
509 /*
510 * A 'compound_rrstream_t' objects owns a soa_rrstream
511 * and another rrstream, the "data stream". It returns
512 * a concatenated stream consisting of the soa_rrstream, then
513 * the data stream, then the soa_rrstream again.
514 *
515 * The component streams are owned by the compound_rrstream_t
516 * and are destroyed with it.
517 */
518
519 typedef struct compound_rrstream {
520 rrstream_t common;
521 rrstream_t *components[3];
522 int state;
523 isc_result_t result;
524 } compound_rrstream_t;
525
526 /*
527 * Forward declarations.
528 */
529 static void
530 compound_rrstream_destroy(rrstream_t **rsp);
531
532 static isc_result_t
533 compound_rrstream_next(rrstream_t *rs);
534
535 static rrstream_methods_t compound_rrstream_methods;
536
537 /*
538 * Requires:
539 * soa_stream != NULL && *soa_stream != NULL
540 * data_stream != NULL && *data_stream != NULL
541 * sp != NULL && *sp == NULL
542 *
543 * Ensures:
544 * *soa_stream == NULL
545 * *data_stream == NULL
546 * *sp points to a valid compound_rrstream_t
547 * The soa and data streams will be destroyed
548 * when the compound_rrstream_t is destroyed.
549 */
550 static isc_result_t
compound_rrstream_create(isc_mem_t * mctx,rrstream_t ** soa_stream,rrstream_t ** data_stream,rrstream_t ** sp)551 compound_rrstream_create(isc_mem_t *mctx, rrstream_t **soa_stream,
552 rrstream_t **data_stream, rrstream_t **sp)
553 {
554 compound_rrstream_t *s;
555
556 INSIST(sp != NULL && *sp == NULL);
557
558 s = isc_mem_get(mctx, sizeof(*s));
559 if (s == NULL)
560 return (ISC_R_NOMEMORY);
561 s->common.mctx = NULL;
562 isc_mem_attach(mctx, &s->common.mctx);
563 s->common.methods = &compound_rrstream_methods;
564 s->components[0] = *soa_stream;
565 s->components[1] = *data_stream;
566 s->components[2] = *soa_stream;
567 s->state = -1;
568 s->result = ISC_R_FAILURE;
569
570 *soa_stream = NULL;
571 *data_stream = NULL;
572 *sp = (rrstream_t *) s;
573 return (ISC_R_SUCCESS);
574 }
575
576 static isc_result_t
compound_rrstream_first(rrstream_t * rs)577 compound_rrstream_first(rrstream_t *rs) {
578 compound_rrstream_t *s = (compound_rrstream_t *) rs;
579 s->state = 0;
580 do {
581 rrstream_t *curstream = s->components[s->state];
582 s->result = curstream->methods->first(curstream);
583 } while (s->result == ISC_R_NOMORE && s->state < 2);
584 return (s->result);
585 }
586
587 static isc_result_t
compound_rrstream_next(rrstream_t * rs)588 compound_rrstream_next(rrstream_t *rs) {
589 compound_rrstream_t *s = (compound_rrstream_t *) rs;
590 rrstream_t *curstream = s->components[s->state];
591 s->result = curstream->methods->next(curstream);
592 while (s->result == ISC_R_NOMORE) {
593 /*
594 * Make sure locks held by the current stream
595 * are released before we switch streams.
596 */
597 curstream->methods->pause(curstream);
598 if (s->state == 2)
599 return (ISC_R_NOMORE);
600 s->state++;
601 curstream = s->components[s->state];
602 s->result = curstream->methods->first(curstream);
603 }
604 return (s->result);
605 }
606
607 static void
compound_rrstream_current(rrstream_t * rs,dns_name_t ** name,uint32_t * ttl,dns_rdata_t ** rdata)608 compound_rrstream_current(rrstream_t *rs, dns_name_t **name, uint32_t *ttl,
609 dns_rdata_t **rdata)
610 {
611 compound_rrstream_t *s = (compound_rrstream_t *) rs;
612 rrstream_t *curstream;
613 INSIST(0 <= s->state && s->state < 3);
614 INSIST(s->result == ISC_R_SUCCESS);
615 curstream = s->components[s->state];
616 curstream->methods->current(curstream, name, ttl, rdata);
617 }
618
619 static void
compound_rrstream_pause(rrstream_t * rs)620 compound_rrstream_pause(rrstream_t *rs)
621 {
622 compound_rrstream_t *s = (compound_rrstream_t *) rs;
623 rrstream_t *curstream;
624 INSIST(0 <= s->state && s->state < 3);
625 curstream = s->components[s->state];
626 curstream->methods->pause(curstream);
627 }
628
629 static void
compound_rrstream_destroy(rrstream_t ** rsp)630 compound_rrstream_destroy(rrstream_t **rsp) {
631 compound_rrstream_t *s = (compound_rrstream_t *) *rsp;
632 s->components[0]->methods->destroy(&s->components[0]);
633 s->components[1]->methods->destroy(&s->components[1]);
634 s->components[2] = NULL; /* Copy of components[0]. */
635 isc_mem_putanddetach(&s->common.mctx, s, sizeof(*s));
636 }
637
638 static rrstream_methods_t compound_rrstream_methods = {
639 compound_rrstream_first,
640 compound_rrstream_next,
641 compound_rrstream_current,
642 compound_rrstream_pause,
643 compound_rrstream_destroy
644 };
645
646 /**************************************************************************/
647 /*
648 * An 'xfrout_ctx_t' contains the state of an outgoing AXFR or IXFR
649 * in progress.
650 */
651
652 typedef struct {
653 isc_mem_t *mctx;
654 ns_client_t *client;
655 unsigned int id; /* ID of request */
656 dns_name_t *qname; /* Question name of request */
657 dns_rdatatype_t qtype; /* dns_rdatatype_{a,i}xfr */
658 dns_rdataclass_t qclass;
659 dns_zone_t *zone; /* (necessary for stats) */
660 dns_db_t *db;
661 dns_dbversion_t *ver;
662 isc_quota_t *quota;
663 rrstream_t *stream; /* The XFR RR stream */
664 bool end_of_stream; /* EOS has been reached */
665 isc_buffer_t buf; /* Buffer for message owner
666 names and rdatas */
667 isc_buffer_t txlenbuf; /* Transmit length buffer */
668 isc_buffer_t txbuf; /* Transmit message buffer */
669 void *txmem;
670 unsigned int txmemlen;
671 unsigned int nmsg; /* Number of messages sent */
672 dns_tsigkey_t *tsigkey; /* Key used to create TSIG */
673 isc_buffer_t *lasttsig; /* the last TSIG */
674 bool verified_tsig; /* verified request MAC */
675 bool many_answers;
676 int sends; /* Send in progress */
677 bool shuttingdown;
678 const char *mnemonic; /* Style of transfer */
679 } xfrout_ctx_t;
680
681 static isc_result_t
682 xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client,
683 unsigned int id, dns_name_t *qname, dns_rdatatype_t qtype,
684 dns_rdataclass_t qclass, dns_zone_t *zone,
685 dns_db_t *db, dns_dbversion_t *ver, isc_quota_t *quota,
686 rrstream_t *stream, dns_tsigkey_t *tsigkey,
687 isc_buffer_t *lasttsig,
688 bool verified_tsig,
689 unsigned int maxtime,
690 unsigned int idletime,
691 bool many_answers,
692 xfrout_ctx_t **xfrp);
693
694 static void
695 sendstream(xfrout_ctx_t *xfr);
696
697 static void
698 xfrout_senddone(isc_task_t *task, isc_event_t *event);
699
700 static void
701 xfrout_fail(xfrout_ctx_t *xfr, isc_result_t result, const char *msg);
702
703 static void
704 xfrout_maybe_destroy(xfrout_ctx_t *xfr);
705
706 static void
707 xfrout_ctx_destroy(xfrout_ctx_t **xfrp);
708
709 static void
710 xfrout_client_shutdown(void *arg, isc_result_t result);
711
712 static void
713 xfrout_log1(ns_client_t *client, dns_name_t *zonename,
714 dns_rdataclass_t rdclass, int level,
715 const char *fmt, ...) ISC_FORMAT_PRINTF(5, 6);
716
717 static void
718 xfrout_log(xfrout_ctx_t *xfr, int level, const char *fmt, ...)
719 ISC_FORMAT_PRINTF(3, 4);
720
721 /**************************************************************************/
722
723 void
ns_xfr_start(ns_client_t * client,dns_rdatatype_t reqtype)724 ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
725 isc_result_t result;
726 dns_name_t *question_name;
727 dns_rdataset_t *question_rdataset;
728 dns_zone_t *zone = NULL, *raw = NULL, *mayberaw;
729 dns_db_t *db = NULL;
730 dns_dbversion_t *ver = NULL;
731 dns_rdataclass_t question_class;
732 rrstream_t *soa_stream = NULL;
733 rrstream_t *data_stream = NULL;
734 rrstream_t *stream = NULL;
735 dns_difftuple_t *current_soa_tuple = NULL;
736 dns_name_t *soa_name;
737 dns_rdataset_t *soa_rdataset;
738 dns_rdata_t soa_rdata = DNS_RDATA_INIT;
739 bool have_soa = false;
740 const char *mnemonic = NULL;
741 isc_mem_t *mctx = client->mctx;
742 dns_message_t *request = client->message;
743 xfrout_ctx_t *xfr = NULL;
744 isc_quota_t *quota = NULL;
745 dns_transfer_format_t format = client->view->transfer_format;
746 isc_netaddr_t na;
747 dns_peer_t *peer = NULL;
748 isc_buffer_t *tsigbuf = NULL;
749 char *journalfile;
750 char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")];
751 char keyname[DNS_NAME_FORMATSIZE];
752 bool is_poll = false;
753 bool is_dlz = false;
754 bool is_ixfr = false;
755 uint32_t begin_serial = 0, current_serial;
756
757 switch (reqtype) {
758 case dns_rdatatype_axfr:
759 mnemonic = "AXFR";
760 break;
761 case dns_rdatatype_ixfr:
762 mnemonic = "IXFR";
763 break;
764 default:
765 INSIST(0);
766 ISC_UNREACHABLE();
767 }
768
769 ns_client_log(client,
770 DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT,
771 ISC_LOG_DEBUG(6), "%s request", mnemonic);
772 /*
773 * Apply quota.
774 */
775 result = isc_quota_attach(&ns_g_server->xfroutquota, "a);
776 if (result != ISC_R_SUCCESS) {
777 isc_log_write(XFROUT_COMMON_LOGARGS, ISC_LOG_WARNING,
778 "%s request denied: %s", mnemonic,
779 isc_result_totext(result));
780 goto failure;
781 }
782
783 /*
784 * Interpret the question section.
785 */
786 result = dns_message_firstname(request, DNS_SECTION_QUESTION);
787 INSIST(result == ISC_R_SUCCESS);
788
789 /*
790 * The question section must contain exactly one question, and
791 * it must be for AXFR/IXFR as appropriate.
792 */
793 question_name = NULL;
794 dns_message_currentname(request, DNS_SECTION_QUESTION, &question_name);
795 question_rdataset = ISC_LIST_HEAD(question_name->list);
796 question_class = question_rdataset->rdclass;
797 INSIST(question_rdataset->type == reqtype);
798 if (ISC_LIST_NEXT(question_rdataset, link) != NULL) {
799 FAILC(DNS_R_FORMERR, "multiple questions");
800 }
801 result = dns_message_nextname(request, DNS_SECTION_QUESTION);
802 if (result != ISC_R_NOMORE) {
803 FAILC(DNS_R_FORMERR, "multiple questions");
804 }
805
806 result = dns_zt_find(client->view->zonetable, question_name, 0, NULL,
807 &zone);
808
809 if (result != ISC_R_SUCCESS || dns_zone_gettype(zone) == dns_zone_dlz) {
810 /*
811 * The normal zone table does not have a match, or this is
812 * marked in the zone table as a DLZ zone. Check the DLZ
813 * databases for a match.
814 */
815 if (! ISC_LIST_EMPTY(client->view->dlz_searched)) {
816 result = dns_dlzallowzonexfr(client->view,
817 question_name,
818 &client->peeraddr,
819 &db);
820
821 if (result == ISC_R_NOPERM) {
822 char _buf1[DNS_NAME_FORMATSIZE];
823 char _buf2[DNS_RDATACLASS_FORMATSIZE];
824
825 result = DNS_R_REFUSED;
826 dns_name_format(question_name, _buf1,
827 sizeof(_buf1));
828 dns_rdataclass_format(question_class,
829 _buf2, sizeof(_buf2));
830 ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
831 NS_LOGMODULE_XFER_OUT,
832 ISC_LOG_ERROR,
833 "zone transfer '%s/%s' denied",
834 _buf1, _buf2);
835 goto failure;
836 }
837 if (result != ISC_R_SUCCESS)
838 FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
839 question_name, question_class);
840 is_dlz = true;
841 } else {
842 /*
843 * not DLZ and not in normal zone table, we are
844 * not authoritative
845 */
846 FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
847 question_name, question_class);
848 }
849 } else {
850 /* zone table has a match */
851 switch(dns_zone_gettype(zone)) {
852 /* Master and slave zones are OK for transfer. */
853 case dns_zone_master:
854 case dns_zone_slave:
855 case dns_zone_dlz:
856 break;
857 default:
858 FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
859 question_name, question_class);
860 }
861 CHECK(dns_zone_getdb(zone, &db));
862 dns_db_currentversion(db, &ver);
863 }
864
865 xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
866 "%s question section OK", mnemonic);
867
868 /*
869 * Check the authority section. Look for a SOA record with
870 * the same name and class as the question.
871 */
872 for (result = dns_message_firstname(request, DNS_SECTION_AUTHORITY);
873 result == ISC_R_SUCCESS;
874 result = dns_message_nextname(request, DNS_SECTION_AUTHORITY))
875 {
876 soa_name = NULL;
877 dns_message_currentname(request, DNS_SECTION_AUTHORITY,
878 &soa_name);
879
880 /*
881 * Ignore data whose owner name is not the zone apex.
882 */
883 if (! dns_name_equal(soa_name, question_name)) {
884 continue;
885 }
886
887 for (soa_rdataset = ISC_LIST_HEAD(soa_name->list);
888 soa_rdataset != NULL;
889 soa_rdataset = ISC_LIST_NEXT(soa_rdataset, link))
890 {
891 /*
892 * Ignore non-SOA data.
893 */
894 if (soa_rdataset->type != dns_rdatatype_soa) {
895 continue;
896 }
897 if (soa_rdataset->rdclass != question_class) {
898 continue;
899 }
900
901 CHECK(dns_rdataset_first(soa_rdataset));
902 dns_rdataset_current(soa_rdataset, &soa_rdata);
903 result = dns_rdataset_next(soa_rdataset);
904 if (result == ISC_R_SUCCESS) {
905 FAILC(DNS_R_FORMERR,
906 "IXFR authority section "
907 "has multiple SOAs");
908 }
909 have_soa = true;
910 goto got_soa;
911 }
912 }
913 got_soa:
914 if (result != ISC_R_NOMORE) {
915 CHECK(result);
916 }
917
918 xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
919 "%s authority section OK", mnemonic);
920
921 /*
922 * If not a DLZ zone, decide whether to allow this transfer.
923 */
924 if (!is_dlz) {
925 ns_client_aclmsg("zone transfer", question_name, reqtype,
926 client->view->rdclass, msg, sizeof(msg));
927 CHECK(ns_client_checkacl(client, NULL, msg,
928 dns_zone_getxfracl(zone),
929 true, ISC_LOG_ERROR));
930 }
931
932 /*
933 * AXFR over UDP is not possible.
934 */
935 if (reqtype == dns_rdatatype_axfr &&
936 (client->attributes & NS_CLIENTATTR_TCP) == 0) {
937 FAILC(DNS_R_FORMERR, "attempted AXFR over UDP");
938 }
939
940 /*
941 * Look up the requesting server in the peer table.
942 */
943 isc_netaddr_fromsockaddr(&na, &client->peeraddr);
944 (void)dns_peerlist_peerbyaddr(client->view->peers, &na, &peer);
945
946 /*
947 * Decide on the transfer format (one-answer or many-answers).
948 */
949 if (peer != NULL) {
950 (void)dns_peer_gettransferformat(peer, &format);
951 }
952
953 /*
954 * Get a dynamically allocated copy of the current SOA.
955 */
956 if (is_dlz)
957 dns_db_currentversion(db, &ver);
958
959 CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
960 ¤t_soa_tuple));
961
962 current_serial = dns_soa_getserial(¤t_soa_tuple->rdata);
963 if (reqtype == dns_rdatatype_ixfr) {
964 if (!have_soa) {
965 FAILC(DNS_R_FORMERR, "IXFR request missing SOA");
966 }
967
968 begin_serial = dns_soa_getserial(&soa_rdata);
969
970 /*
971 * RFC1995 says "If an IXFR query with the same or
972 * newer version number than that of the server
973 * is received, it is replied to with a single SOA
974 * record of the server's current version, just as
975 * in AXFR". The claim about AXFR is incorrect,
976 * but other than that, we do as the RFC says.
977 *
978 * Sending a single SOA record is also how we refuse
979 * IXFR over UDP (currently, we always do).
980 */
981 if (DNS_SERIAL_GE(begin_serial, current_serial) ||
982 (client->attributes & NS_CLIENTATTR_TCP) == 0)
983 {
984 CHECK(soa_rrstream_create(mctx, db, ver, &stream));
985 is_poll = true;
986 goto have_stream;
987 }
988
989 /*
990 * Outgoing IXFR may have been disabled for this peer
991 * or globally.
992 */
993 if ((client->attributes & NS_CLIENTATTR_TCP) != 0) {
994 bool provide_ixfr;
995
996 provide_ixfr = client->view->provideixfr;
997 if (peer != NULL) {
998 (void)dns_peer_getprovideixfr(peer,
999 &provide_ixfr);
1000 }
1001 if (!provide_ixfr) {
1002 xfrout_log1(client, question_name,
1003 question_class, ISC_LOG_DEBUG(4),
1004 "IXFR delta response disabled due "
1005 "to 'provide-ixfr no;' being set");
1006 mnemonic = "AXFR-style IXFR";
1007 goto axfr_fallback;
1008 }
1009 }
1010
1011 journalfile = is_dlz ? NULL : dns_zone_getjournal(zone);
1012 if (journalfile != NULL) {
1013 result = ixfr_rrstream_create(mctx,
1014 journalfile,
1015 begin_serial,
1016 current_serial,
1017 &data_stream);
1018 } else {
1019 result = ISC_R_NOTFOUND;
1020 }
1021 if (result == ISC_R_NOTFOUND || result == ISC_R_RANGE) {
1022 xfrout_log1(client, question_name, question_class,
1023 ISC_LOG_DEBUG(4),
1024 "IXFR version not in journal, "
1025 "falling back to AXFR");
1026 mnemonic = "AXFR-style IXFR";
1027 goto axfr_fallback;
1028 }
1029 CHECK(result);
1030 is_ixfr = true;
1031 } else {
1032 axfr_fallback:
1033 CHECK(axfr_rrstream_create(mctx, db, ver, &data_stream));
1034 }
1035
1036 /*
1037 * Bracket the data stream with SOAs.
1038 */
1039 CHECK(soa_rrstream_create(mctx, db, ver, &soa_stream));
1040 CHECK(compound_rrstream_create(mctx, &soa_stream, &data_stream,
1041 &stream));
1042 soa_stream = NULL;
1043 data_stream = NULL;
1044
1045 have_stream:
1046 CHECK(dns_message_getquerytsig(request, mctx, &tsigbuf));
1047 /*
1048 * Create the xfrout context object. This transfers the ownership
1049 * of "stream", "db", "ver", and "quota" to the xfrout context object.
1050 */
1051
1052
1053
1054 if (is_dlz) {
1055 CHECK(xfrout_ctx_create(mctx, client, request->id,
1056 question_name, reqtype, question_class,
1057 zone, db, ver, quota, stream,
1058 dns_message_gettsigkey(request),
1059 tsigbuf,
1060 request->verified_sig,
1061 3600,
1062 3600,
1063 (format == dns_many_answers) ?
1064 true : false,
1065 &xfr));
1066 } else {
1067 CHECK(xfrout_ctx_create(mctx, client, request->id,
1068 question_name, reqtype, question_class,
1069 zone, db, ver, quota, stream,
1070 dns_message_gettsigkey(request),
1071 tsigbuf,
1072 request->verified_sig,
1073 dns_zone_getmaxxfrout(zone),
1074 dns_zone_getidleout(zone),
1075 (format == dns_many_answers) ?
1076 true : false,
1077 &xfr));
1078 }
1079
1080 xfr->mnemonic = mnemonic;
1081 stream = NULL;
1082 quota = NULL;
1083
1084 CHECK(xfr->stream->methods->first(xfr->stream));
1085
1086 if (xfr->tsigkey != NULL) {
1087 dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname));
1088 } else {
1089 keyname[0] = '\0';
1090 }
1091 if (is_poll) {
1092 xfrout_log1(client, question_name, question_class,
1093 ISC_LOG_DEBUG(1), "IXFR poll up to date%s%s",
1094 (xfr->tsigkey != NULL) ? ": TSIG " : "", keyname);
1095 } else if (is_ixfr) {
1096 xfrout_log1(client, question_name, question_class,
1097 ISC_LOG_INFO, "%s started%s%s (serial %u -> %u)",
1098 mnemonic, (xfr->tsigkey != NULL) ? ": TSIG " : "",
1099 keyname, begin_serial, current_serial);
1100 } else {
1101 xfrout_log1(client, question_name, question_class,
1102 ISC_LOG_INFO, "%s started%s%s (serial %u)",
1103 mnemonic, (xfr->tsigkey != NULL) ? ": TSIG " : "",
1104 keyname, current_serial);
1105 }
1106
1107
1108 if (zone != NULL) {
1109 dns_zone_getraw(zone, &raw);
1110 mayberaw = (raw != NULL) ? raw : zone;
1111 if ((client->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0 &&
1112 dns_zone_gettype(mayberaw) == dns_zone_slave) {
1113 isc_time_t expiretime;
1114 uint32_t secs;
1115 dns_zone_getexpiretime(zone, &expiretime);
1116 secs = isc_time_seconds(&expiretime);
1117 if (secs >= client->now && result == ISC_R_SUCCESS) {
1118 client->attributes |= NS_CLIENTATTR_HAVEEXPIRE;
1119 client->expire = secs - client->now;
1120 }
1121 }
1122 if (raw != NULL) {
1123 dns_zone_detach(&raw);
1124 }
1125 }
1126
1127 /*
1128 * Hand the context over to sendstream(). Set xfr to NULL;
1129 * sendstream() is responsible for either passing the
1130 * context on to a later event handler or destroying it.
1131 */
1132 sendstream(xfr);
1133 xfr = NULL;
1134
1135 result = ISC_R_SUCCESS;
1136
1137 failure:
1138 if (result == DNS_R_REFUSED) {
1139 inc_stats(zone, dns_nsstatscounter_xfrrej);
1140 }
1141 if (quota != NULL) {
1142 isc_quota_detach("a);
1143 }
1144 if (current_soa_tuple != NULL) {
1145 dns_difftuple_free(¤t_soa_tuple);
1146 }
1147 if (stream != NULL) {
1148 stream->methods->destroy(&stream);
1149 }
1150 if (soa_stream != NULL) {
1151 soa_stream->methods->destroy(&soa_stream);
1152 }
1153 if (data_stream != NULL) {
1154 data_stream->methods->destroy(&data_stream);
1155 }
1156 if (ver != NULL) {
1157 dns_db_closeversion(db, &ver, false);
1158 }
1159 if (db != NULL) {
1160 dns_db_detach(&db);
1161 }
1162 if (zone != NULL) {
1163 dns_zone_detach(&zone);
1164 }
1165 /* XXX kludge */
1166 if (xfr != NULL) {
1167 xfrout_fail(xfr, result, "setting up zone transfer");
1168 } else if (result != ISC_R_SUCCESS) {
1169 ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT,
1170 NS_LOGMODULE_XFER_OUT,
1171 ISC_LOG_DEBUG(3), "zone transfer setup failed");
1172 ns_client_error(client, result);
1173 }
1174 }
1175
1176 static isc_result_t
xfrout_ctx_create(isc_mem_t * mctx,ns_client_t * client,unsigned int id,dns_name_t * qname,dns_rdatatype_t qtype,dns_rdataclass_t qclass,dns_zone_t * zone,dns_db_t * db,dns_dbversion_t * ver,isc_quota_t * quota,rrstream_t * stream,dns_tsigkey_t * tsigkey,isc_buffer_t * lasttsig,bool verified_tsig,unsigned int maxtime,unsigned int idletime,bool many_answers,xfrout_ctx_t ** xfrp)1177 xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
1178 dns_name_t *qname, dns_rdatatype_t qtype,
1179 dns_rdataclass_t qclass, dns_zone_t *zone,
1180 dns_db_t *db, dns_dbversion_t *ver, isc_quota_t *quota,
1181 rrstream_t *stream, dns_tsigkey_t *tsigkey,
1182 isc_buffer_t *lasttsig, bool verified_tsig,
1183 unsigned int maxtime, unsigned int idletime,
1184 bool many_answers, xfrout_ctx_t **xfrp)
1185 {
1186 xfrout_ctx_t *xfr;
1187 isc_result_t result;
1188 unsigned int len;
1189 void *mem;
1190
1191 INSIST(xfrp != NULL && *xfrp == NULL);
1192 xfr = isc_mem_get(mctx, sizeof(*xfr));
1193 if (xfr == NULL)
1194 return (ISC_R_NOMEMORY);
1195 xfr->mctx = NULL;
1196 isc_mem_attach(mctx, &xfr->mctx);
1197 xfr->client = NULL;
1198 ns_client_attach(client, &xfr->client);
1199 xfr->id = id;
1200 xfr->qname = qname;
1201 xfr->qtype = qtype;
1202 xfr->qclass = qclass;
1203 xfr->zone = NULL;
1204 xfr->db = NULL;
1205 xfr->ver = NULL;
1206 if (zone != NULL) /* zone will be NULL if it's DLZ */
1207 dns_zone_attach(zone, &xfr->zone);
1208 dns_db_attach(db, &xfr->db);
1209 dns_db_attachversion(db, ver, &xfr->ver);
1210 xfr->end_of_stream = false;
1211 xfr->tsigkey = tsigkey;
1212 xfr->lasttsig = lasttsig;
1213 xfr->verified_tsig = verified_tsig;
1214 xfr->nmsg = 0;
1215 xfr->many_answers = many_answers;
1216 xfr->sends = 0;
1217 xfr->shuttingdown = false;
1218 xfr->mnemonic = NULL;
1219 xfr->buf.base = NULL;
1220 xfr->buf.length = 0;
1221 xfr->txmem = NULL;
1222 xfr->txmemlen = 0;
1223 xfr->stream = NULL;
1224 xfr->quota = NULL;
1225
1226 /*
1227 * Allocate a temporary buffer for the uncompressed response
1228 * message data. The size should be no more than 65535 bytes
1229 * so that the compressed data will fit in a TCP message,
1230 * and no less than 65535 bytes so that an almost maximum-sized
1231 * RR will fit. Note that although 65535-byte RRs are allowed
1232 * in principle, they cannot be zone-transferred (at least not
1233 * if uncompressible), because the message and RR headers would
1234 * push the size of the TCP message over the 65536 byte limit.
1235 */
1236 len = 65535;
1237 mem = isc_mem_get(mctx, len);
1238 if (mem == NULL) {
1239 result = ISC_R_NOMEMORY;
1240 goto failure;
1241 }
1242 isc_buffer_init(&xfr->buf, mem, len);
1243
1244 /*
1245 * Allocate another temporary buffer for the compressed
1246 * response message and its TCP length prefix.
1247 */
1248 len = 2 + 65535;
1249 mem = isc_mem_get(mctx, len);
1250 if (mem == NULL) {
1251 result = ISC_R_NOMEMORY;
1252 goto failure;
1253 }
1254 isc_buffer_init(&xfr->txlenbuf, mem, 2);
1255 isc_buffer_init(&xfr->txbuf, (char *) mem + 2, len - 2);
1256 xfr->txmem = mem;
1257 xfr->txmemlen = len;
1258
1259 CHECK(dns_timer_setidle(xfr->client->timer,
1260 maxtime, idletime, false));
1261
1262 /*
1263 * Register a shutdown callback with the client, so that we
1264 * can stop the transfer immediately when the client task
1265 * gets a shutdown event.
1266 */
1267 xfr->client->shutdown = xfrout_client_shutdown;
1268 xfr->client->shutdown_arg = xfr;
1269 /*
1270 * These MUST be after the last "goto failure;" / CHECK to
1271 * prevent a double free by the caller.
1272 */
1273 xfr->quota = quota;
1274 xfr->stream = stream;
1275
1276 *xfrp = xfr;
1277 return (ISC_R_SUCCESS);
1278
1279 failure:
1280 xfrout_ctx_destroy(&xfr);
1281 return (result);
1282 }
1283
1284
1285 /*
1286 * Arrange to send as much as we can of "stream" without blocking.
1287 *
1288 * Requires:
1289 * The stream iterator is initialized and points at an RR,
1290 * or possibly at the end of the stream (that is, the
1291 * _first method of the iterator has been called).
1292 */
1293 static void
sendstream(xfrout_ctx_t * xfr)1294 sendstream(xfrout_ctx_t *xfr) {
1295 dns_message_t *tcpmsg = NULL;
1296 dns_message_t *msg = NULL; /* Client message if UDP, tcpmsg if TCP */
1297 isc_result_t result;
1298 isc_region_t used;
1299 isc_region_t region;
1300 dns_rdataset_t *qrdataset;
1301 dns_name_t *msgname = NULL;
1302 dns_rdata_t *msgrdata = NULL;
1303 dns_rdatalist_t *msgrdl = NULL;
1304 dns_rdataset_t *msgrds = NULL;
1305 dns_compress_t cctx;
1306 bool cleanup_cctx = false;
1307 bool is_tcp;
1308
1309 int n_rrs;
1310
1311 isc_buffer_clear(&xfr->buf);
1312 isc_buffer_clear(&xfr->txlenbuf);
1313 isc_buffer_clear(&xfr->txbuf);
1314
1315 is_tcp = ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0);
1316 if (!is_tcp) {
1317 /*
1318 * In the UDP case, we put the response data directly into
1319 * the client message.
1320 */
1321 msg = xfr->client->message;
1322 CHECK(dns_message_reply(msg, true));
1323 } else {
1324 /*
1325 * TCP. Build a response dns_message_t, temporarily storing
1326 * the raw, uncompressed owner names and RR data contiguously
1327 * in xfr->buf. We know that if the uncompressed data fits
1328 * in xfr->buf, the compressed data will surely fit in a TCP
1329 * message.
1330 */
1331
1332 CHECK(dns_message_create(xfr->mctx,
1333 DNS_MESSAGE_INTENTRENDER, &tcpmsg));
1334 msg = tcpmsg;
1335
1336 msg->id = xfr->id;
1337 msg->rcode = dns_rcode_noerror;
1338 msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
1339 if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0)
1340 msg->flags |= DNS_MESSAGEFLAG_RA;
1341 CHECK(dns_message_settsigkey(msg, xfr->tsigkey));
1342 CHECK(dns_message_setquerytsig(msg, xfr->lasttsig));
1343 if (xfr->lasttsig != NULL)
1344 isc_buffer_free(&xfr->lasttsig);
1345 msg->verified_sig = xfr->verified_tsig;
1346
1347 /*
1348 * Add a EDNS option to the message?
1349 */
1350 if ((xfr->client->attributes & NS_CLIENTATTR_WANTOPT) != 0) {
1351 dns_rdataset_t *opt = NULL;
1352
1353 CHECK(ns_client_addopt(xfr->client, msg, &opt));
1354 CHECK(dns_message_setopt(msg, opt));
1355 /*
1356 * Add to first message only.
1357 */
1358 xfr->client->attributes &= ~NS_CLIENTATTR_WANTNSID;
1359 xfr->client->attributes &= ~NS_CLIENTATTR_HAVEEXPIRE;
1360 }
1361
1362 /*
1363 * Account for reserved space.
1364 */
1365 if (xfr->tsigkey != NULL)
1366 INSIST(msg->reserved != 0U);
1367 isc_buffer_add(&xfr->buf, msg->reserved);
1368
1369 /*
1370 * Include a question section in the first message only.
1371 * BIND 8.2.1 will not recognize an IXFR if it does not
1372 * have a question section.
1373 */
1374 if (xfr->nmsg == 0) {
1375 dns_name_t *qname = NULL;
1376 isc_region_t r;
1377
1378 /*
1379 * Reserve space for the 12-byte message header
1380 * and 4 bytes of question.
1381 */
1382 isc_buffer_add(&xfr->buf, 12 + 4);
1383
1384 qrdataset = NULL;
1385 result = dns_message_gettemprdataset(msg, &qrdataset);
1386 if (result != ISC_R_SUCCESS)
1387 goto failure;
1388 dns_rdataset_makequestion(qrdataset,
1389 xfr->client->message->rdclass,
1390 xfr->qtype);
1391
1392 result = dns_message_gettempname(msg, &qname);
1393 if (result != ISC_R_SUCCESS)
1394 goto failure;
1395 dns_name_init(qname, NULL);
1396 isc_buffer_availableregion(&xfr->buf, &r);
1397 INSIST(r.length >= xfr->qname->length);
1398 r.length = xfr->qname->length;
1399 isc_buffer_putmem(&xfr->buf, xfr->qname->ndata,
1400 xfr->qname->length);
1401 dns_name_fromregion(qname, &r);
1402 ISC_LIST_INIT(qname->list);
1403 ISC_LIST_APPEND(qname->list, qrdataset, link);
1404
1405 dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
1406 } else {
1407 /*
1408 * Reserve space for the 12-byte message header
1409 */
1410 isc_buffer_add(&xfr->buf, 12);
1411 msg->tcp_continuation = 1;
1412 }
1413 }
1414
1415 /*
1416 * Try to fit in as many RRs as possible, unless "one-answer"
1417 * format has been requested.
1418 */
1419 for (n_rrs = 0; ; n_rrs++) {
1420 dns_name_t *name = NULL;
1421 uint32_t ttl;
1422 dns_rdata_t *rdata = NULL;
1423
1424 unsigned int size;
1425 isc_region_t r;
1426
1427 msgname = NULL;
1428 msgrdata = NULL;
1429 msgrdl = NULL;
1430 msgrds = NULL;
1431
1432 xfr->stream->methods->current(xfr->stream,
1433 &name, &ttl, &rdata);
1434 size = name->length + 10 + rdata->length;
1435 isc_buffer_availableregion(&xfr->buf, &r);
1436 if (size >= r.length) {
1437 /*
1438 * RR would not fit. If there are other RRs in the
1439 * buffer, send them now and leave this RR to the
1440 * next message. If this RR overflows the buffer
1441 * all by itself, fail.
1442 *
1443 * In theory some RRs might fit in a TCP message
1444 * when compressed even if they do not fit when
1445 * uncompressed, but surely we don't want
1446 * to send such monstrosities to an unsuspecting
1447 * slave.
1448 */
1449 if (n_rrs == 0) {
1450 xfrout_log(xfr, ISC_LOG_WARNING,
1451 "RR too large for zone transfer "
1452 "(%d bytes)", size);
1453 /* XXX DNS_R_RRTOOLARGE? */
1454 result = ISC_R_NOSPACE;
1455 goto failure;
1456 }
1457 break;
1458 }
1459
1460 if (isc_log_wouldlog(ns_g_lctx, XFROUT_RR_LOGLEVEL))
1461 log_rr(name, rdata, ttl); /* XXX */
1462
1463 result = dns_message_gettempname(msg, &msgname);
1464 if (result != ISC_R_SUCCESS)
1465 goto failure;
1466 dns_name_init(msgname, NULL);
1467 isc_buffer_availableregion(&xfr->buf, &r);
1468 INSIST(r.length >= name->length);
1469 r.length = name->length;
1470 isc_buffer_putmem(&xfr->buf, name->ndata, name->length);
1471 dns_name_fromregion(msgname, &r);
1472
1473 /* Reserve space for RR header. */
1474 isc_buffer_add(&xfr->buf, 10);
1475
1476 result = dns_message_gettemprdata(msg, &msgrdata);
1477 if (result != ISC_R_SUCCESS)
1478 goto failure;
1479 isc_buffer_availableregion(&xfr->buf, &r);
1480 r.length = rdata->length;
1481 isc_buffer_putmem(&xfr->buf, rdata->data, rdata->length);
1482 dns_rdata_init(msgrdata);
1483 dns_rdata_fromregion(msgrdata,
1484 rdata->rdclass, rdata->type, &r);
1485
1486 result = dns_message_gettemprdatalist(msg, &msgrdl);
1487 if (result != ISC_R_SUCCESS)
1488 goto failure;
1489 msgrdl->type = rdata->type;
1490 msgrdl->rdclass = rdata->rdclass;
1491 msgrdl->ttl = ttl;
1492 if (rdata->type == dns_rdatatype_sig ||
1493 rdata->type == dns_rdatatype_rrsig)
1494 msgrdl->covers = dns_rdata_covers(rdata);
1495 else
1496 msgrdl->covers = dns_rdatatype_none;
1497 ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link);
1498
1499 result = dns_message_gettemprdataset(msg, &msgrds);
1500 if (result != ISC_R_SUCCESS)
1501 goto failure;
1502 result = dns_rdatalist_tordataset(msgrdl, msgrds);
1503 INSIST(result == ISC_R_SUCCESS);
1504
1505 ISC_LIST_APPEND(msgname->list, msgrds, link);
1506
1507 dns_message_addname(msg, msgname, DNS_SECTION_ANSWER);
1508 msgname = NULL;
1509
1510 result = xfr->stream->methods->next(xfr->stream);
1511 if (result == ISC_R_NOMORE) {
1512 xfr->end_of_stream = true;
1513 break;
1514 }
1515 CHECK(result);
1516
1517 if (! xfr->many_answers)
1518 break;
1519 /*
1520 * At this stage, at least 1 RR has been rendered into
1521 * the message. Check if we want to clamp this message
1522 * here (TCP only).
1523 */
1524 if ((isc_buffer_usedlength(&xfr->buf) >=
1525 ns_g_server->transfer_tcp_message_size) && is_tcp)
1526 break;
1527 }
1528
1529 if (is_tcp) {
1530 CHECK(dns_compress_init(&cctx, -1, xfr->mctx));
1531 dns_compress_setsensitive(&cctx, true);
1532 cleanup_cctx = true;
1533 CHECK(dns_message_renderbegin(msg, &cctx, &xfr->txbuf));
1534 CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0));
1535 CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0));
1536 CHECK(dns_message_renderend(msg));
1537 dns_compress_invalidate(&cctx);
1538 cleanup_cctx = false;
1539
1540 isc_buffer_usedregion(&xfr->txbuf, &used);
1541 isc_buffer_putuint16(&xfr->txlenbuf,
1542 (uint16_t)used.length);
1543 region.base = xfr->txlenbuf.base;
1544 region.length = 2 + used.length;
1545 xfrout_log(xfr, ISC_LOG_DEBUG(8),
1546 "sending TCP message of %d bytes",
1547 used.length);
1548 CHECK(isc_socket_send(xfr->client->tcpsocket, /* XXX */
1549 ®ion, xfr->client->task,
1550 xfrout_senddone,
1551 xfr));
1552 xfr->sends++;
1553 } else {
1554 xfrout_log(xfr, ISC_LOG_DEBUG(8), "sending IXFR UDP response");
1555 ns_client_send(xfr->client);
1556 xfr->stream->methods->pause(xfr->stream);
1557 xfrout_ctx_destroy(&xfr);
1558 return;
1559 }
1560
1561 /* Advance lasttsig to be the last TSIG generated */
1562 CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
1563
1564 xfr->nmsg++;
1565
1566 failure:
1567 if (msgname != NULL) {
1568 if (msgrds != NULL) {
1569 if (dns_rdataset_isassociated(msgrds))
1570 dns_rdataset_disassociate(msgrds);
1571 dns_message_puttemprdataset(msg, &msgrds);
1572 }
1573 if (msgrdl != NULL) {
1574 ISC_LIST_UNLINK(msgrdl->rdata, msgrdata, link);
1575 dns_message_puttemprdatalist(msg, &msgrdl);
1576 }
1577 if (msgrdata != NULL)
1578 dns_message_puttemprdata(msg, &msgrdata);
1579 dns_message_puttempname(msg, &msgname);
1580 }
1581
1582 if (tcpmsg != NULL)
1583 dns_message_detach(&tcpmsg);
1584
1585 if (cleanup_cctx)
1586 dns_compress_invalidate(&cctx);
1587 /*
1588 * Make sure to release any locks held by database
1589 * iterators before returning from the event handler.
1590 */
1591 xfr->stream->methods->pause(xfr->stream);
1592
1593 if (result == ISC_R_SUCCESS)
1594 return;
1595
1596 xfrout_fail(xfr, result, "sending zone data");
1597 }
1598
1599 static void
xfrout_ctx_destroy(xfrout_ctx_t ** xfrp)1600 xfrout_ctx_destroy(xfrout_ctx_t **xfrp) {
1601 xfrout_ctx_t *xfr = *xfrp;
1602 ns_client_t *client = NULL;
1603
1604 INSIST(xfr->sends == 0);
1605
1606 xfr->client->shutdown = NULL;
1607 xfr->client->shutdown_arg = NULL;
1608
1609 if (xfr->stream != NULL)
1610 xfr->stream->methods->destroy(&xfr->stream);
1611 if (xfr->buf.base != NULL)
1612 isc_mem_put(xfr->mctx, xfr->buf.base, xfr->buf.length);
1613 if (xfr->txmem != NULL)
1614 isc_mem_put(xfr->mctx, xfr->txmem, xfr->txmemlen);
1615 if (xfr->lasttsig != NULL)
1616 isc_buffer_free(&xfr->lasttsig);
1617 if (xfr->quota != NULL)
1618 isc_quota_detach(&xfr->quota);
1619 if (xfr->ver != NULL)
1620 dns_db_closeversion(xfr->db, &xfr->ver, false);
1621 if (xfr->zone != NULL)
1622 dns_zone_detach(&xfr->zone);
1623 if (xfr->db != NULL)
1624 dns_db_detach(&xfr->db);
1625
1626 /*
1627 * We want to detch the client after we have released the memory
1628 * context as ns_client_detach checks the memory reference count.
1629 */
1630 ns_client_attach(xfr->client, &client);
1631 ns_client_detach(&xfr->client);
1632 isc_mem_putanddetach(&xfr->mctx, xfr, sizeof(*xfr));
1633 ns_client_detach(&client);
1634
1635 *xfrp = NULL;
1636 }
1637
1638 static void
xfrout_senddone(isc_task_t * task,isc_event_t * event)1639 xfrout_senddone(isc_task_t *task, isc_event_t *event) {
1640 isc_socketevent_t *sev = (isc_socketevent_t *)event;
1641 xfrout_ctx_t *xfr = (xfrout_ctx_t *)event->ev_arg;
1642 isc_result_t evresult = sev->result;
1643
1644 UNUSED(task);
1645
1646 INSIST(event->ev_type == ISC_SOCKEVENT_SENDDONE);
1647
1648 isc_event_free(&event);
1649 xfr->sends--;
1650 INSIST(xfr->sends == 0);
1651
1652 (void)isc_timer_touch(xfr->client->timer);
1653 if (xfr->shuttingdown == true) {
1654 xfrout_maybe_destroy(xfr);
1655 } else if (evresult != ISC_R_SUCCESS) {
1656 xfrout_fail(xfr, evresult, "send");
1657 } else if (xfr->end_of_stream == false) {
1658 sendstream(xfr);
1659 } else {
1660 /* End of zone transfer stream. */
1661 inc_stats(xfr->zone, dns_nsstatscounter_xfrdone);
1662 xfrout_log(xfr, ISC_LOG_INFO, "%s ended", xfr->mnemonic);
1663 ns_client_next(xfr->client, ISC_R_SUCCESS);
1664 xfrout_ctx_destroy(&xfr);
1665 }
1666 }
1667
1668 static void
xfrout_fail(xfrout_ctx_t * xfr,isc_result_t result,const char * msg)1669 xfrout_fail(xfrout_ctx_t *xfr, isc_result_t result, const char *msg) {
1670 xfr->shuttingdown = true;
1671 xfrout_log(xfr, ISC_LOG_ERROR, "%s: %s",
1672 msg, isc_result_totext(result));
1673 xfrout_maybe_destroy(xfr);
1674 }
1675
1676 static void
xfrout_maybe_destroy(xfrout_ctx_t * xfr)1677 xfrout_maybe_destroy(xfrout_ctx_t *xfr) {
1678 INSIST(xfr->shuttingdown == true);
1679 if (xfr->sends > 0) {
1680 /*
1681 * If we are currently sending, cancel it and wait for
1682 * cancel event before destroying the context.
1683 */
1684 isc_socket_cancel(xfr->client->tcpsocket, xfr->client->task,
1685 ISC_SOCKCANCEL_SEND);
1686 } else {
1687 ns_client_next(xfr->client, ISC_R_CANCELED);
1688 xfrout_ctx_destroy(&xfr);
1689 }
1690 }
1691
1692 static void
xfrout_client_shutdown(void * arg,isc_result_t result)1693 xfrout_client_shutdown(void *arg, isc_result_t result) {
1694 xfrout_ctx_t *xfr = (xfrout_ctx_t *) arg;
1695 xfrout_fail(xfr, result, "aborted");
1696 }
1697
1698 /*
1699 * Log outgoing zone transfer messages in a format like
1700 * <client>: transfer of <zone>: <message>
1701 */
1702
1703 static void
1704 xfrout_logv(ns_client_t *client, dns_name_t *zonename,
1705 dns_rdataclass_t rdclass, int level, const char *fmt, va_list ap)
1706 ISC_FORMAT_PRINTF(5, 0);
1707
1708 static void
xfrout_logv(ns_client_t * client,dns_name_t * zonename,dns_rdataclass_t rdclass,int level,const char * fmt,va_list ap)1709 xfrout_logv(ns_client_t *client, dns_name_t *zonename,
1710 dns_rdataclass_t rdclass, int level, const char *fmt, va_list ap)
1711 {
1712 char msgbuf[2048];
1713 char namebuf[DNS_NAME_FORMATSIZE];
1714 char classbuf[DNS_RDATACLASS_FORMATSIZE];
1715
1716 dns_name_format(zonename, namebuf, sizeof(namebuf));
1717 dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
1718 vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
1719 ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT,
1720 NS_LOGMODULE_XFER_OUT, level,
1721 "transfer of '%s/%s': %s", namebuf, classbuf, msgbuf);
1722 }
1723
1724 /*
1725 * Logging function for use when a xfrout_ctx_t has not yet been created.
1726 */
1727 static void
xfrout_log1(ns_client_t * client,dns_name_t * zonename,dns_rdataclass_t rdclass,int level,const char * fmt,...)1728 xfrout_log1(ns_client_t *client, dns_name_t *zonename,
1729 dns_rdataclass_t rdclass, int level, const char *fmt, ...) {
1730 va_list ap;
1731 va_start(ap, fmt);
1732 xfrout_logv(client, zonename, rdclass, level, fmt, ap);
1733 va_end(ap);
1734 }
1735
1736 /*
1737 * Logging function for use when there is a xfrout_ctx_t.
1738 */
1739 static void
xfrout_log(xfrout_ctx_t * xfr,int level,const char * fmt,...)1740 xfrout_log(xfrout_ctx_t *xfr, int level, const char *fmt, ...) {
1741 va_list ap;
1742 va_start(ap, fmt);
1743 xfrout_logv(xfr->client, xfr->qname, xfr->qclass, level, fmt, ap);
1744 va_end(ap);
1745 }
1746