1 /* 2 * services/authzone.h - authoritative zone that is locally hosted. 3 * 4 * Copyright (c) 2017, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains the functions for an authority zone. This zone 40 * is queried by the iterator, just like a stub or forward zone, but then 41 * the data is locally held. 42 */ 43 44 #ifndef SERVICES_AUTHZONE_H 45 #define SERVICES_AUTHZONE_H 46 #include "util/rbtree.h" 47 #include "util/locks.h" 48 #include "services/mesh.h" 49 struct ub_packed_rrset_key; 50 struct regional; 51 struct config_file; 52 struct config_auth; 53 struct query_info; 54 struct dns_msg; 55 struct edns_data; 56 struct module_env; 57 struct worker; 58 struct comm_point; 59 struct comm_timer; 60 struct comm_reply; 61 struct auth_rrset; 62 struct auth_nextprobe; 63 struct auth_probe; 64 struct auth_transfer; 65 struct auth_master; 66 struct auth_chunk; 67 68 /** 69 * Authoritative zones, shared. 70 */ 71 struct auth_zones { 72 /** lock on the authzone trees */ 73 lock_rw_type lock; 74 /** rbtree of struct auth_zone */ 75 rbtree_type ztree; 76 /** rbtree of struct auth_xfer */ 77 rbtree_type xtree; 78 /** do we have downstream enabled */ 79 int have_downstream; 80 }; 81 82 /** 83 * Auth zone. Authoritative data, that is fetched from instead of sending 84 * packets to the internet. 85 */ 86 struct auth_zone { 87 /** rbtree node, key is name and class */ 88 rbnode_type node; 89 90 /** zone name, in uncompressed wireformat */ 91 uint8_t* name; 92 /** length of zone name */ 93 size_t namelen; 94 /** number of labels in zone name */ 95 int namelabs; 96 /** the class of this zone, in host byteorder. 97 * uses 'dclass' to not conflict with c++ keyword class. */ 98 uint16_t dclass; 99 100 /** lock on the data in the structure 101 * For the node, parent, name, namelen, namelabs, dclass, you 102 * need to also hold the zones_tree lock to change them (or to 103 * delete this zone) */ 104 lock_rw_type lock; 105 106 /** auth data for this zone 107 * rbtree of struct auth_data */ 108 rbtree_type data; 109 110 /** zonefile name (or NULL for no zonefile) */ 111 char* zonefile; 112 /** fallback to the internet on failure or ttl-expiry of auth zone */ 113 int fallback_enabled; 114 /** the zone has expired (enabled by the xfer worker), fallback 115 * happens if that option is enabled. */ 116 int zone_expired; 117 /** zone is a slave zone (it has masters) */ 118 int zone_is_slave; 119 /** for downstream: this zone answers queries towards the downstream 120 * clients */ 121 int for_downstream; 122 /** for upstream: this zone answers queries that unbound intends to 123 * send upstream. */ 124 int for_upstream; 125 }; 126 127 /** 128 * Auth data. One domain name, and the RRs to go with it. 129 */ 130 struct auth_data { 131 /** rbtree node, key is name only */ 132 rbnode_type node; 133 /** domain name */ 134 uint8_t* name; 135 /** length of name */ 136 size_t namelen; 137 /** number of labels in name */ 138 int namelabs; 139 /** the data rrsets, with different types, linked list. 140 * if the list if NULL the node would be an empty non-terminal, 141 * but in this data structure such nodes that represent an empty 142 * non-terminal are not needed; they just don't exist. 143 */ 144 struct auth_rrset* rrsets; 145 }; 146 147 /** 148 * A auth data RRset 149 */ 150 struct auth_rrset { 151 /** next in list */ 152 struct auth_rrset* next; 153 /** RR type in host byteorder */ 154 uint16_t type; 155 /** RRset data item */ 156 struct packed_rrset_data* data; 157 }; 158 159 /** 160 * Authoritative zone transfer structure. 161 * Create and destroy needs the auth_zones* biglock. 162 * The structure consists of different tasks. Each can be unowned (-1) or 163 * owner by a worker (worker-num). A worker can pick up a task and then do 164 * it. This means the events (timeouts, sockets) are for that worker. 165 * 166 * (move this to tasks). 167 * They don't have locks themselves, the worker (that owns it) uses it, 168 * also as part of callbacks, hence it has separate zonename pointers for 169 * lookup in the main zonetree. If the zone has no transfers, this 170 * structure is not created. 171 */ 172 struct auth_xfer { 173 /** rbtree node, key is name and class */ 174 rbnode_type node; 175 176 /** lock on this structure, and on the workernum elements of the 177 * tasks. First hold the tree-lock in auth_zones, find the auth_xfer, 178 * lock this lock. Then a worker can reassign itself to fill up 179 * one of the tasks. 180 * Once it has the task assigned to it, the worker can access the 181 * other elements of the task structure without a lock, because that 182 * is necessary for the eventloop and callbacks from that. */ 183 lock_basic_type lock; 184 185 /** zone name, in uncompressed wireformat */ 186 uint8_t* name; 187 /** length of zone name */ 188 size_t namelen; 189 /** number of labels in zone name */ 190 int namelabs; 191 /** the class of this zone, in host byteorder. 192 * uses 'dclass' to not conflict with c++ keyword class. */ 193 uint16_t dclass; 194 195 /** task to wait for next-probe-timeout, 196 * once timeouted, see if a SOA probe is needed, or already 197 * in progress */ 198 struct auth_nextprobe* task_nextprobe; 199 200 /** task for SOA probe. Check if the zone can be updated */ 201 struct auth_probe* task_probe; 202 203 /** Task for transfer. Transferring and updating the zone. This 204 * includes trying (potentially) several upstream masters. Downloading 205 * and storing the zone */ 206 struct auth_transfer* task_transfer; 207 208 /** a notify was received, but a zone transfer or probe was already 209 * acted on. 210 * However, the zone transfer could signal a newer serial number. 211 * The serial number of that notify is saved below. The transfer and 212 * probe tasks should check this once done to see if they need to 213 * restart the transfer task for the newer notify serial. 214 * Hold the lock to access this member (and the serial). 215 */ 216 int notify_received; 217 /** serial number of the notify */ 218 uint32_t notify_serial; 219 220 /* protected by the lock on the structure, information about 221 * the loaded authority zone. */ 222 /** is the zone currently considered expired? after expiry also older 223 * serial numbers are allowed (not just newer) */ 224 int zone_expired; 225 /** do we have a zone (if 0, no zone data at all) */ 226 int have_zone; 227 228 /** current serial (from SOA), if we have no zone, 0 */ 229 uint32_t serial; 230 /** retry time (from SOA), time to wait with next_probe 231 * if no master responds */ 232 time_t retry; 233 /** refresh time (from SOA), time to wait with next_probe 234 * if everything is fine */ 235 time_t refresh; 236 /** expiry time (from SOA), time until zone data is not considered 237 * valid any more, if no master responds within this time, either 238 * with the current zone or a new zone. */ 239 time_t expiry; 240 }; 241 242 /** 243 * The next probe task. 244 * This task consists of waiting for the probetimeout. It is a task because 245 * it needs an event in the eventtable. Once the timeout has passed, that 246 * worker can (potentially) become the auth_probe worker, or if another worker 247 * is already doing that, do nothing. Tasks becomes unowned. 248 * The probe worker, if it detects nothing has to be done picks up this task, 249 * if unowned. 250 */ 251 struct auth_nextprobe { 252 /* Worker pointer. NULL means unowned. */ 253 struct worker* worker; 254 /* module env for this task */ 255 struct module_env* env; 256 257 /** Timeout for next probe (for SOA) */ 258 time_t next_probe; 259 /** zone lease start time (start+expiry is expiration time). 260 * this is renewed every SOA probe and transfer. On zone load 261 * from zonefile it is also set (with probe set soon to check) */ 262 time_t lease_time; 263 /** timeout callback for next_probe or expiry(if that is sooner). 264 * it is on the worker's event_base */ 265 struct comm_timer* timer; 266 }; 267 268 /** 269 * The probe task. 270 * Send a SOA UDP query to see if the zone needs to be updated (or similar, 271 * potential, HTTP probe query) and check serial number. 272 * If yes, start the auth_transfer task. If no, make sure auth_nextprobe 273 * timeout wait task is running. 274 * Needs to be a task, because the UDP query needs an event entry. 275 * This task could also be started by eg. a NOTIFY being received, even though 276 * another worker is performing the nextprobe task (and that worker keeps 277 * waiting uninterrupted). 278 */ 279 struct auth_probe { 280 /* Worker pointer. NULL means unowned. */ 281 struct worker* worker; 282 /* module env for this task */ 283 struct module_env* env; 284 285 /** list of upstream masters for this zone, from config */ 286 struct auth_master* masters; 287 288 /** for the hostname lookups, which master is current */ 289 struct auth_master* lookup_target; 290 /** are we looking up A or AAAA, first A, then AAAA (if ip6 enabled) */ 291 int lookup_aaaa; 292 293 /** once notified, or the timeout has been reached. a scan starts. */ 294 /** the scan specific target (notify source), or NULL if none */ 295 struct auth_master* scan_specific; 296 /** scan tries all the upstream masters. the scan current target. 297 * or NULL if not working on sequential scan */ 298 struct auth_master* scan_target; 299 /** if not NULL, the specific addr for the current master */ 300 struct auth_addr* scan_addr; 301 302 /** dns id of packet in flight */ 303 uint16_t id; 304 /** the SOA probe udp event. 305 * on the workers event base. */ 306 struct comm_point* cp; 307 /** timeout for packets. 308 * on the workers event base. */ 309 struct comm_timer* timer; 310 /** timeout in msec */ 311 int timeout; 312 }; 313 314 /** 315 * The transfer task. 316 * Once done, make sure the nextprobe waiting task is running, whether done 317 * with failure or success. If failure, use shorter timeout for wait time. 318 */ 319 struct auth_transfer { 320 /* Worker pointer. NULL means unowned. */ 321 struct worker* worker; 322 /* module env for this task */ 323 struct module_env* env; 324 325 /** xfer data that has been transferred, the data is applied 326 * once the transfer has completed correctly */ 327 struct auth_chunk* chunks_first; 328 /** last element in chunks list (to append new data at the end) */ 329 struct auth_chunk* chunks_last; 330 331 /** list of upstream masters for this zone, from config */ 332 struct auth_master* masters; 333 334 /** for the hostname lookups, which master is current */ 335 struct auth_master* lookup_target; 336 /** are we looking up A or AAAA, first A, then AAAA (if ip6 enabled) */ 337 int lookup_aaaa; 338 339 /** once notified, or the timeout has been reached. a scan starts. */ 340 /** the scan specific target (notify source), or NULL if none */ 341 struct auth_master* scan_specific; 342 /** scan tries all the upstream masters. the scan current target. 343 * or NULL if not working on sequential scan */ 344 struct auth_master* scan_target; 345 /** what address we are scanning for the master, or NULL if the 346 * master is in IP format itself */ 347 struct auth_addr* scan_addr; 348 /** the zone transfer in progress (or NULL if in scan). It is 349 * from this master */ 350 struct auth_master* master; 351 352 /** failed ixfr transfer, retry with axfr (to the current master), 353 * the IXFR was 'REFUSED', 'SERVFAIL', 'NOTIMPL' or the contents of 354 * the IXFR did not apply cleanly (out of sync, delete of nonexistent 355 * data or add of duplicate data). Flag is cleared once the retry 356 * with axfr is done. */ 357 int ixfr_fail; 358 359 /** dns id of AXFR query */ 360 uint16_t id; 361 /** the transfer (TCP) to the master. 362 * on the workers event base. */ 363 struct comm_point* cp; 364 }; 365 366 /** list of addresses */ 367 struct auth_addr { 368 /** next in list */ 369 struct auth_addr* next; 370 /** IP address */ 371 struct sockaddr_storage addr; 372 /** addr length */ 373 socklen_t addrlen; 374 }; 375 376 /** auth zone master upstream, and the config settings for it */ 377 struct auth_master { 378 /** next master in list */ 379 struct auth_master* next; 380 /** master IP address (and port), or hostname, string */ 381 char* host; 382 /** for http, filename */ 383 char* file; 384 /** use HTTP for this master */ 385 int http; 386 /** use IXFR for this master */ 387 int ixfr; 388 /** use ssl for channel */ 389 int ssl; 390 /** if the host is a hostname, the list of resolved addrs, if any*/ 391 struct auth_addr* list; 392 }; 393 394 /** auth zone master zone transfer data chunk */ 395 struct auth_chunk { 396 /** next chunk in list */ 397 struct auth_chunk* next; 398 /** the data from this chunk, this is what was received. 399 * for an IXFR that means results from comm_net tcp actions, 400 * packets. also for an AXFR. For HTTP a zonefile chunk. */ 401 uint8_t* data; 402 /** length of allocated data */ 403 size_t len; 404 }; 405 406 /** 407 * Create auth zones structure 408 */ 409 struct auth_zones* auth_zones_create(void); 410 411 /** 412 * Apply configuration to auth zones. Reads zonefiles. 413 * @param az: auth zones structure 414 * @param cfg: config to apply. 415 * @param setup: if true, also sets up values in the auth zones structure 416 * @param env: for setup, with current time. 417 * @return false on failure. 418 */ 419 int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg, 420 int setup, struct module_env* env); 421 422 /** 423 * Delete auth zones structure 424 */ 425 void auth_zones_delete(struct auth_zones* az); 426 427 /** 428 * Write auth zone data to file, in zonefile format. 429 */ 430 int auth_zone_write_file(struct auth_zone* z, const char* fname); 431 432 /** 433 * Use auth zones to lookup the answer to a query. 434 * The query is from the iterator. And the auth zones attempts to provide 435 * the answer instead of going to the internet. 436 * 437 * @param az: auth zones structure. 438 * @param qinfo: query info to lookup. 439 * @param region: region to use to allocate the reply in. 440 * @param msg: reply is stored here (if one). 441 * @param fallback: if true, fallback to making a query to the internet. 442 * @param dp_nm: name of delegation point to look for. This zone is used 443 * to answer the query. 444 * If the dp_nm is not found, fallback is set to true and false returned. 445 * @param dp_nmlen: length of dp_nm. 446 * @return 0: failure (an error of some sort, like servfail). 447 * if 0 and fallback is true, fallback to the internet. 448 * if 0 and fallback is false, like getting servfail. 449 * If true, an answer is available. 450 */ 451 int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo, 452 struct regional* region, struct dns_msg** msg, int* fallback, 453 uint8_t* dp_nm, size_t dp_nmlen); 454 455 /** 456 * Answer query from auth zone. Create authoritative answer. 457 * @param az: auth zones structure. 458 * @param env: the module environment. 459 * @param qinfo: query info (parsed). 460 * @param edns: edns info (parsed). 461 * @param buf: buffer with query ID and flags, also for reply. 462 * @param temp: temporary storage region. 463 * @return false if not answered 464 */ 465 int auth_zones_answer(struct auth_zones* az, struct module_env* env, 466 struct query_info* qinfo, struct edns_data* edns, struct sldns_buffer* buf, 467 struct regional* temp); 468 469 /** 470 * Find the auth zone that is above the given qname. 471 * Return NULL when there is no auth_zone above the give name, otherwise 472 * returns the closest auth_zone above the qname that pertains to it. 473 * @param az: auth zones structure. 474 * @param qinfo: query info to lookup. 475 * @return NULL or auth_zone that pertains to the query. 476 */ 477 struct auth_zone* auth_zones_find_zone(struct auth_zones* az, 478 struct query_info* qinfo); 479 480 /** find an auth zone by name (exact match by name or NULL returned) */ 481 struct auth_zone* auth_zone_find(struct auth_zones* az, uint8_t* nm, 482 size_t nmlen, uint16_t dclass); 483 484 /** find an xfer zone by name (exact match by name or NULL returned) */ 485 struct auth_xfer* auth_xfer_find(struct auth_zones* az, uint8_t* nm, 486 size_t nmlen, uint16_t dclass); 487 488 489 /** create an auth zone. returns wrlocked zone. caller must have wrlock 490 * on az. returns NULL on malloc failure */ 491 struct auth_zone* auth_zone_create(struct auth_zones* az, uint8_t* nm, 492 size_t nmlen, uint16_t dclass); 493 494 /** set auth zone zonefile string. caller must have lock on zone */ 495 int auth_zone_set_zonefile(struct auth_zone* z, char* zonefile); 496 497 /** set auth zone fallback. caller must have lock on zone. 498 * fallbackstr is "yes" or "no". false on parse failure. */ 499 int auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr); 500 501 /** read auth zone from zonefile. caller must lock zone. false on failure */ 502 int auth_zone_read_zonefile(struct auth_zone* z); 503 504 /** compare auth_zones for sorted rbtree */ 505 int auth_zone_cmp(const void* z1, const void* z2); 506 507 /** compare auth_data for sorted rbtree */ 508 int auth_data_cmp(const void* z1, const void* z2); 509 510 /** compare auth_xfer for sorted rbtree */ 511 int auth_xfer_cmp(const void* z1, const void* z2); 512 513 /** Create auth_xfer structure. 514 * Caller must have wrlock on az. Returns locked xfer zone. 515 * @param az: zones structure. 516 * @param z: zone with name and class 517 * @return xfer zone or NULL 518 */ 519 struct auth_xfer* auth_xfer_create(struct auth_zones* az, struct auth_zone* z); 520 521 /** 522 * Set masters in auth xfer structure from config. 523 * @param list: pointer to start of list. The malloced list is returned here. 524 * @param c: the config items to copy over. 525 * @return false on failure. 526 */ 527 int xfer_set_masters(struct auth_master** list, struct config_auth* c); 528 529 530 /** xfer nextprobe timeout callback, this is part of task_nextprobe */ 531 void auth_xfer_timer(void* arg); 532 533 /** callback for commpoint udp replies to task_probe */ 534 int auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err, 535 struct comm_reply* repinfo); 536 /** callback for task_transfer tcp connections */ 537 int auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err, 538 struct comm_reply* repinfo); 539 /** xfer probe timeout callback, part of task_probe */ 540 void auth_xfer_probe_timer_callback(void* arg); 541 /** mesh callback for task_probe on lookup of host names */ 542 void auth_xfer_probe_lookup_callback(void* arg, int rcode, 543 struct sldns_buffer* buf, enum sec_status sec, char* why_bogus); 544 /** mesh callback for task_transfer on lookup of host names */ 545 void auth_xfer_transfer_lookup_callback(void* arg, int rcode, 546 struct sldns_buffer* buf, enum sec_status sec, char* why_bogus); 547 548 /* 549 * Compares two 32-bit serial numbers as defined in RFC1982. Returns 550 * <0 if a < b, 0 if a == b, and >0 if a > b. The result is undefined 551 * if a != b but neither is greater or smaller (see RFC1982 section 552 * 3.2.). 553 */ 554 int compare_serial(uint32_t a, uint32_t b); 555 556 #endif /* SERVICES_AUTHZONE_H */ 557