1 /* 2 * services/localzone.c - local zones authority service. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36 /** 37 * \file 38 * 39 * This file contains functions to enable local zone authority service. 40 */ 41 #include "config.h" 42 #include "services/localzone.h" 43 #include "sldns/str2wire.h" 44 #include "util/regional.h" 45 #include "util/config_file.h" 46 #include "util/data/dname.h" 47 #include "util/data/packed_rrset.h" 48 #include "util/data/msgencode.h" 49 #include "util/net_help.h" 50 #include "util/netevent.h" 51 #include "util/data/msgreply.h" 52 #include "util/data/msgparse.h" 53 #include "util/as112.h" 54 55 /* maximum RRs in an RRset, to cap possible 'endless' list RRs. 56 * with 16 bytes for an A record, a 64K packet has about 4000 max */ 57 #define LOCALZONE_RRSET_COUNT_MAX 4096 58 59 static const char* default_zones_reverse_array[] = { 60 "127.in-addr.arpa.", /* reverse ip4 zone */ 61 "1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", /* reverse ip6 zone */ 62 0 63 }; 64 const char** local_zones_default_reverse = default_zones_reverse_array; 65 66 static const char* default_zones_special_array[] = { 67 "test.", /* RFC 6761 */ 68 "invalid.", /* RFC 6761 */ 69 "onion.", /* RFC 7686 */ 70 "home.arpa.", /* RFC 8375 */ 71 "resolver.arpa.", /* RFC 9462 */ 72 "service.arpa.", /* RFC 9665 */ 73 0 74 }; 75 const char** local_zones_default_special = default_zones_special_array; 76 77 /** print all RRsets in local zone */ 78 static void 79 local_zone_out(struct local_zone* z) 80 { 81 struct local_data* d; 82 struct local_rrset* p; 83 RBTREE_FOR(d, struct local_data*, &z->data) { 84 for(p = d->rrsets; p; p = p->next) { 85 log_nametypeclass(NO_VERBOSE, "rrset", d->name, 86 ntohs(p->rrset->rk.type), 87 ntohs(p->rrset->rk.rrset_class)); 88 } 89 } 90 } 91 92 static void 93 local_zone_print(struct local_zone* z) 94 { 95 char buf[64]; 96 lock_rw_rdlock(&z->lock); 97 snprintf(buf, sizeof(buf), "%s zone", 98 local_zone_type2str(z->type)); 99 log_nametypeclass(NO_VERBOSE, buf, z->name, 0, z->dclass); 100 local_zone_out(z); 101 lock_rw_unlock(&z->lock); 102 } 103 104 void local_zones_print(struct local_zones* zones) 105 { 106 struct local_zone* z; 107 lock_rw_rdlock(&zones->lock); 108 log_info("number of auth zones %u", (unsigned)zones->ztree.count); 109 RBTREE_FOR(z, struct local_zone*, &zones->ztree) { 110 local_zone_print(z); 111 } 112 lock_rw_unlock(&zones->lock); 113 } 114 115 struct local_zones* 116 local_zones_create(void) 117 { 118 struct local_zones* zones = (struct local_zones*)calloc(1, 119 sizeof(*zones)); 120 if(!zones) 121 return NULL; 122 rbtree_init(&zones->ztree, &local_zone_cmp); 123 lock_rw_init(&zones->lock); 124 lock_protect(&zones->lock, &zones->ztree, sizeof(zones->ztree)); 125 /* also lock protects the rbnode's in struct local_zone */ 126 return zones; 127 } 128 129 /** helper traverse to delete zones */ 130 static void 131 lzdel(rbnode_type* n, void* ATTR_UNUSED(arg)) 132 { 133 struct local_zone* z = (struct local_zone*)n->key; 134 local_zone_delete(z); 135 } 136 137 void 138 local_zones_delete(struct local_zones* zones) 139 { 140 if(!zones) 141 return; 142 lock_rw_destroy(&zones->lock); 143 /* walk through zones and delete them all */ 144 traverse_postorder(&zones->ztree, lzdel, NULL); 145 free(zones); 146 } 147 148 void 149 local_zone_delete(struct local_zone* z) 150 { 151 if(!z) 152 return; 153 lock_rw_destroy(&z->lock); 154 regional_destroy(z->region); 155 free(z->name); 156 free(z->taglist); 157 free(z); 158 } 159 160 int 161 local_zone_cmp(const void* z1, const void* z2) 162 { 163 /* first sort on class, so that hierarchy can be maintained within 164 * a class */ 165 struct local_zone* a = (struct local_zone*)z1; 166 struct local_zone* b = (struct local_zone*)z2; 167 int m; 168 if(a->dclass != b->dclass) { 169 if(a->dclass < b->dclass) 170 return -1; 171 return 1; 172 } 173 return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m); 174 } 175 176 int 177 local_data_cmp(const void* d1, const void* d2) 178 { 179 struct local_data* a = (struct local_data*)d1; 180 struct local_data* b = (struct local_data*)d2; 181 int m; 182 return dname_canon_lab_cmp(a->name, a->namelabs, b->name, 183 b->namelabs, &m); 184 } 185 186 /* form wireformat from text format domain name */ 187 int 188 parse_dname(const char* str, uint8_t** res, size_t* len, int* labs) 189 { 190 *res = sldns_str2wire_dname(str, len); 191 *labs = 0; 192 if(!*res) { 193 log_err("cannot parse name %s", str); 194 return 0; 195 } 196 *labs = dname_count_size_labels(*res, len); 197 return 1; 198 } 199 200 /** create a new localzone */ 201 static struct local_zone* 202 local_zone_create(uint8_t* nm, size_t len, int labs, 203 enum localzone_type t, uint16_t dclass) 204 { 205 struct local_zone* z = (struct local_zone*)calloc(1, sizeof(*z)); 206 if(!z) { 207 return NULL; 208 } 209 z->node.key = z; 210 z->dclass = dclass; 211 z->type = t; 212 z->name = nm; 213 z->namelen = len; 214 z->namelabs = labs; 215 lock_rw_init(&z->lock); 216 z->region = regional_create_nochunk(sizeof(struct regional)); 217 if(!z->region) { 218 free(z); 219 return NULL; 220 } 221 rbtree_init(&z->data, &local_data_cmp); 222 lock_protect(&z->lock, &z->parent, sizeof(*z)-sizeof(rbnode_type)); 223 /* also the zones->lock protects node, parent, name*, class */ 224 return z; 225 } 226 227 /** enter a new zone with allocated dname returns with WRlock */ 228 static struct local_zone* 229 lz_enter_zone_dname(struct local_zones* zones, uint8_t* nm, size_t len, 230 int labs, enum localzone_type t, uint16_t c) 231 { 232 struct local_zone* z = local_zone_create(nm, len, labs, t, c); 233 if(!z) { 234 free(nm); 235 log_err("out of memory"); 236 return NULL; 237 } 238 239 /* add to rbtree */ 240 lock_rw_wrlock(&zones->lock); 241 lock_rw_wrlock(&z->lock); 242 if(!rbtree_insert(&zones->ztree, &z->node)) { 243 struct local_zone* oldz; 244 char str[LDNS_MAX_DOMAINLEN]; 245 dname_str(nm, str); 246 log_warn("duplicate local-zone %s", str); 247 lock_rw_unlock(&z->lock); 248 /* save zone name locally before deallocation, 249 * otherwise, nm is gone if we zone_delete now. */ 250 oldz = z; 251 /* find the correct zone, so not an error for duplicate */ 252 z = local_zones_find(zones, nm, len, labs, c); 253 lock_rw_wrlock(&z->lock); 254 lock_rw_unlock(&zones->lock); 255 local_zone_delete(oldz); 256 return z; 257 } 258 lock_rw_unlock(&zones->lock); 259 return z; 260 } 261 262 /** enter a new zone */ 263 struct local_zone* 264 lz_enter_zone(struct local_zones* zones, const char* name, const char* type, 265 uint16_t dclass) 266 { 267 struct local_zone* z; 268 enum localzone_type t; 269 uint8_t* nm; 270 size_t len; 271 int labs; 272 if(!parse_dname(name, &nm, &len, &labs)) { 273 log_err("bad zone name %s %s", name, type); 274 return NULL; 275 } 276 if(!local_zone_str2type(type, &t)) { 277 log_err("bad lz_enter_zone type %s %s", name, type); 278 free(nm); 279 return NULL; 280 } 281 if(!(z=lz_enter_zone_dname(zones, nm, len, labs, t, dclass))) { 282 log_err("could not enter zone %s %s", name, type); 283 return NULL; 284 } 285 return z; 286 } 287 288 int 289 rrstr_get_rr_content(const char* str, uint8_t** nm, uint16_t* type, 290 uint16_t* dclass, time_t* ttl, uint8_t* rr, size_t len, 291 uint8_t** rdata, size_t* rdata_len) 292 { 293 size_t dname_len = 0; 294 int e = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600, 295 NULL, 0, NULL, 0); 296 if(e) { 297 log_err("error parsing local-data at %d: '%s': %s", 298 LDNS_WIREPARSE_OFFSET(e), str, 299 sldns_get_errorstr_parse(e)); 300 return 0; 301 } 302 *nm = memdup(rr, dname_len); 303 if(!*nm) { 304 log_err("out of memory"); 305 return 0; 306 } 307 *dclass = sldns_wirerr_get_class(rr, len, dname_len); 308 *type = sldns_wirerr_get_type(rr, len, dname_len); 309 *ttl = (time_t)sldns_wirerr_get_ttl(rr, len, dname_len); 310 *rdata = sldns_wirerr_get_rdatawl(rr, len, dname_len); 311 *rdata_len = sldns_wirerr_get_rdatalen(rr, len, dname_len)+2; 312 return 1; 313 } 314 315 /** return name and class of rr; parses string */ 316 static int 317 get_rr_nameclass(const char* str, uint8_t** nm, uint16_t* dclass, 318 uint16_t* dtype) 319 { 320 uint8_t rr[LDNS_RR_BUF_SIZE]; 321 size_t len = sizeof(rr), dname_len = 0; 322 int s = sldns_str2wire_rr_buf(str, rr, &len, &dname_len, 3600, 323 NULL, 0, NULL, 0); 324 if(s != 0) { 325 log_err("error parsing local-data at %d '%s': %s", 326 LDNS_WIREPARSE_OFFSET(s), str, 327 sldns_get_errorstr_parse(s)); 328 return 0; 329 } 330 *nm = memdup(rr, dname_len); 331 *dclass = sldns_wirerr_get_class(rr, len, dname_len); 332 *dtype = sldns_wirerr_get_type(rr, len, dname_len); 333 if(!*nm) { 334 log_err("out of memory"); 335 return 0; 336 } 337 return 1; 338 } 339 340 /** 341 * Find an rrset in local data structure. 342 * @param data: local data domain name structure. 343 * @param type: type to look for (host order). 344 * @param alias_ok: 1 if matching a non-exact, alias type such as CNAME is 345 * allowed. otherwise 0. 346 * @return rrset pointer or NULL if not found. 347 */ 348 static struct local_rrset* 349 local_data_find_type(struct local_data* data, uint16_t type, int alias_ok) 350 { 351 struct local_rrset* p, *cname = NULL; 352 type = htons(type); 353 for(p = data->rrsets; p; p = p->next) { 354 if(p->rrset->rk.type == type) 355 return p; 356 if(alias_ok && p->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) 357 cname = p; 358 } 359 if(alias_ok) 360 return cname; 361 return NULL; 362 } 363 364 /** check for RR duplicates */ 365 static int 366 rr_is_duplicate(struct packed_rrset_data* pd, uint8_t* rdata, size_t rdata_len) 367 { 368 size_t i; 369 for(i=0; i<pd->count; i++) { 370 if(pd->rr_len[i] == rdata_len && 371 memcmp(pd->rr_data[i], rdata, rdata_len) == 0) 372 return 1; 373 } 374 return 0; 375 } 376 377 /** new local_rrset */ 378 static struct local_rrset* 379 new_local_rrset(struct regional* region, struct local_data* node, 380 uint16_t rrtype, uint16_t rrclass) 381 { 382 struct packed_rrset_data* pd; 383 struct local_rrset* rrset = (struct local_rrset*) 384 regional_alloc_zero(region, sizeof(*rrset)); 385 if(!rrset) { 386 log_err("out of memory"); 387 return NULL; 388 } 389 rrset->next = node->rrsets; 390 node->rrsets = rrset; 391 rrset->rrset = (struct ub_packed_rrset_key*) 392 regional_alloc_zero(region, sizeof(*rrset->rrset)); 393 if(!rrset->rrset) { 394 log_err("out of memory"); 395 return NULL; 396 } 397 rrset->rrset->entry.key = rrset->rrset; 398 pd = (struct packed_rrset_data*)regional_alloc_zero(region, 399 sizeof(*pd)); 400 if(!pd) { 401 log_err("out of memory"); 402 return NULL; 403 } 404 pd->trust = rrset_trust_prim_noglue; 405 pd->security = sec_status_insecure; 406 rrset->rrset->entry.data = pd; 407 rrset->rrset->rk.dname = node->name; 408 rrset->rrset->rk.dname_len = node->namelen; 409 rrset->rrset->rk.type = htons(rrtype); 410 rrset->rrset->rk.rrset_class = htons(rrclass); 411 return rrset; 412 } 413 414 /** insert RR into RRset data structure; Wastes a couple of bytes */ 415 int 416 rrset_insert_rr(struct regional* region, struct packed_rrset_data* pd, 417 uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr) 418 { 419 size_t* oldlen = pd->rr_len; 420 time_t* oldttl = pd->rr_ttl; 421 uint8_t** olddata = pd->rr_data; 422 423 /* add RR to rrset */ 424 if(pd->count > LOCALZONE_RRSET_COUNT_MAX) { 425 log_warn("RRset '%s' has more than %d records, record ignored", 426 rrstr, LOCALZONE_RRSET_COUNT_MAX); 427 return 1; 428 } 429 pd->count++; 430 pd->rr_len = regional_alloc(region, sizeof(*pd->rr_len)*pd->count); 431 pd->rr_ttl = regional_alloc(region, sizeof(*pd->rr_ttl)*pd->count); 432 pd->rr_data = regional_alloc(region, sizeof(*pd->rr_data)*pd->count); 433 if(!pd->rr_len || !pd->rr_ttl || !pd->rr_data) { 434 log_err("out of memory"); 435 return 0; 436 } 437 if(pd->count > 1) { 438 memcpy(pd->rr_len+1, oldlen, 439 sizeof(*pd->rr_len)*(pd->count-1)); 440 memcpy(pd->rr_ttl+1, oldttl, 441 sizeof(*pd->rr_ttl)*(pd->count-1)); 442 memcpy(pd->rr_data+1, olddata, 443 sizeof(*pd->rr_data)*(pd->count-1)); 444 } 445 pd->rr_len[0] = rdata_len; 446 pd->rr_ttl[0] = ttl; 447 pd->rr_data[0] = regional_alloc_init(region, rdata, rdata_len); 448 if(!pd->rr_data[0]) { 449 log_err("out of memory"); 450 return 0; 451 } 452 return 1; 453 } 454 455 /** Delete RR from local-zone RRset, wastes memory as the deleted RRs cannot be 456 * free'd (regionally alloc'd) */ 457 int 458 local_rrset_remove_rr(struct packed_rrset_data* pd, size_t index) 459 { 460 log_assert(pd->count > 0); 461 if(index >= pd->count) { 462 log_warn("Trying to remove RR with out of bound index"); 463 return 0; 464 } 465 if(index + 1 < pd->count) { 466 /* not removing last element */ 467 size_t nexti = index + 1; 468 size_t num = pd->count - nexti; 469 memmove(pd->rr_len+index, pd->rr_len+nexti, sizeof(*pd->rr_len)*num); 470 memmove(pd->rr_ttl+index, pd->rr_ttl+nexti, sizeof(*pd->rr_ttl)*num); 471 memmove(pd->rr_data+index, pd->rr_data+nexti, sizeof(*pd->rr_data)*num); 472 } 473 pd->count--; 474 return 1; 475 } 476 477 struct local_data* 478 local_zone_find_data(struct local_zone* z, uint8_t* nm, size_t nmlen, int nmlabs) 479 { 480 struct local_data key; 481 key.node.key = &key; 482 key.name = nm; 483 key.namelen = nmlen; 484 key.namelabs = nmlabs; 485 return (struct local_data*)rbtree_search(&z->data, &key.node); 486 } 487 488 /** find a node, create it if not and all its empty nonterminal parents */ 489 static int 490 lz_find_create_node(struct local_zone* z, uint8_t* nm, size_t nmlen, 491 int nmlabs, struct local_data** res) 492 { 493 struct local_data* ld = local_zone_find_data(z, nm, nmlen, nmlabs); 494 if(!ld) { 495 /* create a domain name to store rr. */ 496 ld = (struct local_data*)regional_alloc_zero(z->region, 497 sizeof(*ld)); 498 if(!ld) { 499 log_err("out of memory adding local data"); 500 return 0; 501 } 502 ld->node.key = ld; 503 ld->name = regional_alloc_init(z->region, nm, nmlen); 504 if(!ld->name) { 505 log_err("out of memory"); 506 return 0; 507 } 508 ld->namelen = nmlen; 509 ld->namelabs = nmlabs; 510 if(!rbtree_insert(&z->data, &ld->node)) { 511 log_assert(0); /* duplicate name */ 512 } 513 /* see if empty nonterminals need to be created */ 514 if(nmlabs > z->namelabs) { 515 dname_remove_label(&nm, &nmlen); 516 if(!lz_find_create_node(z, nm, nmlen, nmlabs-1, res)) 517 return 0; 518 } 519 } 520 *res = ld; 521 return 1; 522 } 523 524 /* Mark the SOA record for the zone. This only marks the SOA rrset; the data 525 * for the RR is entered later on local_zone_enter_rr() as with the other 526 * records. An artificial soa_negative record with a modified TTL (minimum of 527 * the TTL and the SOA.MINIMUM) is also created and marked for usage with 528 * negative answers and to avoid allocations during those answers. */ 529 static int 530 lz_mark_soa_for_zone(struct local_zone* z, struct ub_packed_rrset_key* soa_rrset, 531 uint8_t* rdata, size_t rdata_len, time_t ttl, const char* rrstr) 532 { 533 struct packed_rrset_data* pd = (struct packed_rrset_data*) 534 regional_alloc_zero(z->region, sizeof(*pd)); 535 struct ub_packed_rrset_key* rrset_negative = (struct ub_packed_rrset_key*) 536 regional_alloc_zero(z->region, sizeof(*rrset_negative)); 537 time_t minimum; 538 if(!rrset_negative||!pd) { 539 log_err("out of memory"); 540 return 0; 541 } 542 /* Mark the original SOA record and then continue with the negative one. */ 543 z->soa = soa_rrset; 544 rrset_negative->entry.key = rrset_negative; 545 pd->trust = rrset_trust_prim_noglue; 546 pd->security = sec_status_insecure; 547 rrset_negative->entry.data = pd; 548 rrset_negative->rk.dname = soa_rrset->rk.dname; 549 rrset_negative->rk.dname_len = soa_rrset->rk.dname_len; 550 rrset_negative->rk.type = soa_rrset->rk.type; 551 rrset_negative->rk.rrset_class = soa_rrset->rk.rrset_class; 552 if(!rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr)) 553 return 0; 554 /* last 4 bytes are minimum ttl in network format */ 555 if(pd->count == 0 || pd->rr_len[0] < 2+4) 556 return 0; 557 minimum = (time_t)sldns_read_uint32(pd->rr_data[0]+(pd->rr_len[0]-4)); 558 minimum = ttl<minimum?ttl:minimum; 559 pd->ttl = minimum; 560 pd->rr_ttl[0] = minimum; 561 562 z->soa_negative = rrset_negative; 563 return 1; 564 } 565 566 int 567 local_zone_enter_rr(struct local_zone* z, uint8_t* nm, size_t nmlen, 568 int nmlabs, uint16_t rrtype, uint16_t rrclass, time_t ttl, 569 uint8_t* rdata, size_t rdata_len, const char* rrstr) 570 { 571 struct local_data* node; 572 struct local_rrset* rrset; 573 struct packed_rrset_data* pd; 574 575 if(!lz_find_create_node(z, nm, nmlen, nmlabs, &node)) { 576 return 0; 577 } 578 log_assert(node); 579 580 /* Reject it if we would end up having CNAME and other data (including 581 * another CNAME) for a redirect zone. */ 582 if((z->type == local_zone_redirect || 583 z->type == local_zone_inform_redirect) && node->rrsets) { 584 const char* othertype = NULL; 585 if (rrtype == LDNS_RR_TYPE_CNAME) 586 othertype = "other"; 587 else if (node->rrsets->rrset->rk.type == 588 htons(LDNS_RR_TYPE_CNAME)) { 589 othertype = "CNAME"; 590 } 591 if(othertype) { 592 log_err("local-data '%s' in redirect zone must not " 593 "coexist with %s local-data", rrstr, othertype); 594 return 0; 595 } 596 } 597 rrset = local_data_find_type(node, rrtype, 0); 598 if(!rrset) { 599 rrset = new_local_rrset(z->region, node, rrtype, rrclass); 600 if(!rrset) 601 return 0; 602 if(query_dname_compare(node->name, z->name) == 0) { 603 if(rrtype == LDNS_RR_TYPE_NSEC) 604 rrset->rrset->rk.flags = PACKED_RRSET_NSEC_AT_APEX; 605 if(rrtype == LDNS_RR_TYPE_SOA && 606 !lz_mark_soa_for_zone(z, rrset->rrset, rdata, rdata_len, ttl, 607 rrstr)) 608 return 0; 609 } 610 } 611 pd = (struct packed_rrset_data*)rrset->rrset->entry.data; 612 log_assert(rrset && pd); 613 614 /* check for duplicate RR */ 615 if(rr_is_duplicate(pd, rdata, rdata_len)) { 616 verbose(VERB_ALGO, "ignoring duplicate RR: %s", rrstr); 617 return 1; 618 } 619 return rrset_insert_rr(z->region, pd, rdata, rdata_len, ttl, rrstr); 620 } 621 622 /** enter data RR into auth zone */ 623 static int 624 lz_enter_rr_into_zone(struct local_zone* z, const char* rrstr) 625 { 626 uint8_t* nm; 627 size_t nmlen; 628 int nmlabs, ret; 629 uint16_t rrtype = 0, rrclass = 0; 630 time_t ttl = 0; 631 uint8_t rr[LDNS_RR_BUF_SIZE]; 632 uint8_t* rdata; 633 size_t rdata_len; 634 if(!rrstr_get_rr_content(rrstr, &nm, &rrtype, &rrclass, &ttl, rr, 635 sizeof(rr), &rdata, &rdata_len)) { 636 log_err("bad local-data: %s", rrstr); 637 return 0; 638 } 639 log_assert(z->dclass == rrclass); 640 if((z->type == local_zone_redirect || 641 z->type == local_zone_inform_redirect) && 642 query_dname_compare(z->name, nm) != 0) { 643 log_err("local-data in redirect zone must reside at top of zone" 644 ", not at %s", rrstr); 645 free(nm); 646 return 0; 647 } 648 nmlabs = dname_count_size_labels(nm, &nmlen); 649 ret = local_zone_enter_rr(z, nm, nmlen, nmlabs, rrtype, rrclass, ttl, 650 rdata, rdata_len, rrstr); 651 free(nm); 652 return ret; 653 } 654 655 /** enter a data RR into auth data; a zone for it must exist */ 656 static int 657 lz_enter_rr_str(struct local_zones* zones, const char* rr) 658 { 659 uint8_t* rr_name; 660 uint16_t rr_class, rr_type; 661 size_t len; 662 int labs; 663 struct local_zone* z; 664 int r; 665 if(!get_rr_nameclass(rr, &rr_name, &rr_class, &rr_type)) { 666 log_err("bad rr %s", rr); 667 return 0; 668 } 669 labs = dname_count_size_labels(rr_name, &len); 670 lock_rw_rdlock(&zones->lock); 671 z = local_zones_lookup(zones, rr_name, len, labs, rr_class, rr_type, 1); 672 if(!z) { 673 lock_rw_unlock(&zones->lock); 674 fatal_exit("internal error: no zone for rr %s", rr); 675 } 676 lock_rw_wrlock(&z->lock); 677 lock_rw_unlock(&zones->lock); 678 free(rr_name); 679 r = lz_enter_rr_into_zone(z, rr); 680 lock_rw_unlock(&z->lock); 681 return r; 682 } 683 684 /** enter tagstring into zone */ 685 static int 686 lz_enter_zone_tag(struct local_zones* zones, char* zname, uint8_t* list, 687 size_t len, uint16_t rr_class) 688 { 689 uint8_t dname[LDNS_MAX_DOMAINLEN+1]; 690 size_t dname_len = sizeof(dname); 691 int dname_labs, r = 0; 692 struct local_zone* z; 693 694 if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) { 695 log_err("cannot parse zone name in local-zone-tag: %s", zname); 696 return 0; 697 } 698 dname_labs = dname_count_labels(dname); 699 700 lock_rw_rdlock(&zones->lock); 701 z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class); 702 if(!z) { 703 lock_rw_unlock(&zones->lock); 704 log_err("no local-zone for tag %s", zname); 705 return 0; 706 } 707 lock_rw_wrlock(&z->lock); 708 lock_rw_unlock(&zones->lock); 709 free(z->taglist); 710 z->taglist = memdup(list, len); 711 z->taglen = len; 712 if(z->taglist) 713 r = 1; 714 lock_rw_unlock(&z->lock); 715 return r; 716 } 717 718 /** enter override into zone */ 719 static int 720 lz_enter_override(struct local_zones* zones, char* zname, char* netblock, 721 char* type, uint16_t rr_class) 722 { 723 uint8_t dname[LDNS_MAX_DOMAINLEN+1]; 724 size_t dname_len = sizeof(dname); 725 int dname_labs; 726 struct sockaddr_storage addr; 727 int net; 728 socklen_t addrlen; 729 struct local_zone* z; 730 enum localzone_type t; 731 732 /* parse zone name */ 733 if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) { 734 log_err("cannot parse zone name in local-zone-override: %s %s", 735 zname, netblock); 736 return 0; 737 } 738 dname_labs = dname_count_labels(dname); 739 740 /* parse netblock */ 741 if(!netblockstrtoaddr(netblock, UNBOUND_DNS_PORT, &addr, &addrlen, 742 &net)) { 743 log_err("cannot parse netblock in local-zone-override: %s %s", 744 zname, netblock); 745 return 0; 746 } 747 748 /* parse zone type */ 749 if(!local_zone_str2type(type, &t)) { 750 log_err("cannot parse type in local-zone-override: %s %s %s", 751 zname, netblock, type); 752 return 0; 753 } 754 755 /* find localzone entry */ 756 lock_rw_rdlock(&zones->lock); 757 z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class); 758 if(!z) { 759 lock_rw_unlock(&zones->lock); 760 log_err("no local-zone for local-zone-override %s", zname); 761 return 0; 762 } 763 lock_rw_wrlock(&z->lock); 764 lock_rw_unlock(&zones->lock); 765 766 /* create netblock addr_tree if not present yet */ 767 if(!z->override_tree) { 768 z->override_tree = (struct rbtree_type*)regional_alloc_zero( 769 z->region, sizeof(*z->override_tree)); 770 if(!z->override_tree) { 771 lock_rw_unlock(&z->lock); 772 log_err("out of memory"); 773 return 0; 774 } 775 addr_tree_init(z->override_tree); 776 } 777 /* add new elem to tree */ 778 if(z->override_tree) { 779 struct local_zone_override* n; 780 n = (struct local_zone_override*)regional_alloc_zero( 781 z->region, sizeof(*n)); 782 if(!n) { 783 lock_rw_unlock(&z->lock); 784 log_err("out of memory"); 785 return 0; 786 } 787 n->type = t; 788 if(!addr_tree_insert(z->override_tree, 789 (struct addr_tree_node*)n, &addr, addrlen, net)) { 790 lock_rw_unlock(&z->lock); 791 log_err("duplicate local-zone-override %s %s", 792 zname, netblock); 793 return 1; 794 } 795 } 796 797 lock_rw_unlock(&z->lock); 798 return 1; 799 } 800 801 /** parse local-zone: statements */ 802 static int 803 lz_enter_zones(struct local_zones* zones, struct config_file* cfg) 804 { 805 struct config_str2list* p; 806 #ifndef THREADS_DISABLED 807 struct local_zone* z; 808 #endif 809 for(p = cfg->local_zones; p; p = p->next) { 810 if(!( 811 #ifndef THREADS_DISABLED 812 z= 813 #endif 814 lz_enter_zone(zones, p->str, p->str2, 815 LDNS_RR_CLASS_IN))) 816 return 0; 817 lock_rw_unlock(&z->lock); 818 } 819 return 1; 820 } 821 822 /** lookup a zone in rbtree; exact match only; SLOW due to parse */ 823 static int 824 lz_exists(struct local_zones* zones, const char* name) 825 { 826 struct local_zone z; 827 z.node.key = &z; 828 z.dclass = LDNS_RR_CLASS_IN; 829 if(!parse_dname(name, &z.name, &z.namelen, &z.namelabs)) { 830 log_err("bad name %s", name); 831 return 0; 832 } 833 lock_rw_rdlock(&zones->lock); 834 if(rbtree_search(&zones->ztree, &z.node)) { 835 lock_rw_unlock(&zones->lock); 836 free(z.name); 837 return 1; 838 } 839 lock_rw_unlock(&zones->lock); 840 free(z.name); 841 return 0; 842 } 843 844 /** lookup a zone in cfg->nodefault list */ 845 static int 846 lz_nodefault(struct config_file* cfg, const char* name) 847 { 848 struct config_strlist* p; 849 size_t len = strlen(name); 850 if(len == 0) return 0; 851 if(name[len-1] == '.') len--; 852 853 for(p = cfg->local_zones_nodefault; p; p = p->next) { 854 /* compare zone name, lowercase, compare without ending . */ 855 if(strncasecmp(p->str, name, len) == 0 && 856 (strlen(p->str) == len || (strlen(p->str)==len+1 && 857 p->str[len] == '.'))) 858 return 1; 859 } 860 return 0; 861 } 862 863 /** enter reverse default zone */ 864 static int 865 add_reverse_default(struct local_zones* zones, struct config_file* cfg, 866 const char* name) 867 { 868 struct local_zone* z; 869 char str[1024]; /* known long enough */ 870 if(lz_exists(zones, name) || lz_nodefault(cfg, name)) 871 return 1; /* do not enter default content */ 872 if(!(z=lz_enter_zone(zones, name, "static", LDNS_RR_CLASS_IN))) 873 return 0; 874 snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. " 875 "nobody.invalid. 1 3600 1200 604800 10800", name); 876 if(!lz_enter_rr_into_zone(z, str)) { 877 lock_rw_unlock(&z->lock); 878 return 0; 879 } 880 snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name); 881 if(!lz_enter_rr_into_zone(z, str)) { 882 lock_rw_unlock(&z->lock); 883 return 0; 884 } 885 if(strncasecmp("127.in-addr.arpa.", name, 17) == 0) { 886 if(!lz_enter_rr_into_zone(z, 887 "1.0.0.127.in-addr.arpa. 10800 IN PTR localhost.")) { 888 lock_rw_unlock(&z->lock); 889 return 0; 890 } 891 } else if(strncasecmp("1.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa.", name, 73) == 0) { 892 snprintf(str, sizeof(str), "%s 10800 IN PTR localhost.", name); 893 if(!lz_enter_rr_into_zone(z, str)) { 894 lock_rw_unlock(&z->lock); 895 return 0; 896 } 897 } 898 lock_rw_unlock(&z->lock); 899 return 1; 900 } 901 902 /** enter (AS112) empty default zone */ 903 static int 904 add_empty_default(struct local_zones* zones, struct config_file* cfg, 905 const char* name) 906 { 907 struct local_zone* z; 908 char str[1024]; /* known long enough */ 909 if(lz_exists(zones, name) || lz_nodefault(cfg, name)) 910 return 1; /* do not enter default content */ 911 if(!(z=lz_enter_zone(zones, name, "static", LDNS_RR_CLASS_IN))) 912 return 0; 913 snprintf(str, sizeof(str), "%s 10800 IN SOA localhost. " 914 "nobody.invalid. 1 3600 1200 604800 10800", name); 915 if(!lz_enter_rr_into_zone(z, str)) { 916 lock_rw_unlock(&z->lock); 917 return 0; 918 } 919 snprintf(str, sizeof(str), "%s 10800 IN NS localhost. ", name); 920 if(!lz_enter_rr_into_zone(z, str)) { 921 lock_rw_unlock(&z->lock); 922 return 0; 923 } 924 lock_rw_unlock(&z->lock); 925 return 1; 926 } 927 928 /** enter default zones */ 929 int local_zone_enter_defaults(struct local_zones* zones, struct config_file* cfg) 930 { 931 struct local_zone* z; 932 const char** zstr; 933 934 /* Do not add any default */ 935 if(cfg->local_zones_disable_default) 936 return 1; 937 938 /* this list of zones is from RFC 6303 and RFC 7686 */ 939 940 /* block localhost level zones first, then onion and later the LAN zones */ 941 942 /* localhost. zone */ 943 if(!lz_exists(zones, "localhost.") && 944 !lz_nodefault(cfg, "localhost.")) { 945 if(!(z=lz_enter_zone(zones, "localhost.", "redirect", 946 LDNS_RR_CLASS_IN)) || 947 !lz_enter_rr_into_zone(z, 948 "localhost. 10800 IN NS localhost.") || 949 !lz_enter_rr_into_zone(z, 950 "localhost. 10800 IN SOA localhost. nobody.invalid. " 951 "1 3600 1200 604800 10800") || 952 !lz_enter_rr_into_zone(z, 953 "localhost. 10800 IN A 127.0.0.1") || 954 !lz_enter_rr_into_zone(z, 955 "localhost. 10800 IN AAAA ::1")) { 956 log_err("out of memory adding default zone"); 957 if(z) { lock_rw_unlock(&z->lock); } 958 return 0; 959 } 960 lock_rw_unlock(&z->lock); 961 } 962 963 /* ip4 and ip6 reverse */ 964 for(zstr = local_zones_default_reverse; *zstr; zstr++) { 965 if(!add_reverse_default(zones, cfg, *zstr)) { 966 log_err("out of memory adding default zone"); 967 return 0; 968 } 969 } 970 971 /* special-use zones */ 972 for(zstr = local_zones_default_special; *zstr; zstr++) { 973 if(!add_empty_default(zones, cfg, *zstr)) { 974 log_err("out of memory adding default zone"); 975 return 0; 976 } 977 } 978 979 /* block AS112 zones, unless asked not to */ 980 if(!cfg->unblock_lan_zones) { 981 for(zstr = as112_zones; *zstr; zstr++) { 982 if(!add_empty_default(zones, cfg, *zstr)) { 983 log_err("out of memory adding default zone"); 984 return 0; 985 } 986 } 987 } 988 return 1; 989 } 990 991 /** parse local-zone-override: statements */ 992 static int 993 lz_enter_overrides(struct local_zones* zones, struct config_file* cfg) 994 { 995 struct config_str3list* p; 996 for(p = cfg->local_zone_overrides; p; p = p->next) { 997 if(!lz_enter_override(zones, p->str, p->str2, p->str3, 998 LDNS_RR_CLASS_IN)) 999 return 0; 1000 } 1001 return 1; 1002 } 1003 1004 /* return closest parent in the tree, NULL if none */ 1005 static struct local_zone* find_closest_parent(struct local_zone* curr, 1006 struct local_zone* prev) 1007 { 1008 struct local_zone* p; 1009 int m; 1010 if(!prev || prev->dclass != curr->dclass) return NULL; 1011 (void)dname_lab_cmp(prev->name, prev->namelabs, curr->name, 1012 curr->namelabs, &m); /* we know prev is smaller */ 1013 /* sort order like: . com. bla.com. zwb.com. net. */ 1014 /* find the previous, or parent-parent-parent */ 1015 for(p = prev; p; p = p->parent) { 1016 /* looking for name with few labels, a parent */ 1017 if(p->namelabs <= m) { 1018 /* ==: since prev matched m, this is closest*/ 1019 /* <: prev matches more, but is not a parent, 1020 * this one is a (grand)parent */ 1021 return p; 1022 } 1023 } 1024 return NULL; 1025 } 1026 1027 /** setup parent pointers, so that a lookup can be done for closest match */ 1028 void 1029 lz_init_parents(struct local_zones* zones) 1030 { 1031 struct local_zone* node, *prev = NULL; 1032 lock_rw_wrlock(&zones->lock); 1033 RBTREE_FOR(node, struct local_zone*, &zones->ztree) { 1034 lock_rw_wrlock(&node->lock); 1035 node->parent = find_closest_parent(node, prev); 1036 prev = node; 1037 if(node->override_tree) 1038 addr_tree_init_parents(node->override_tree); 1039 lock_rw_unlock(&node->lock); 1040 } 1041 lock_rw_unlock(&zones->lock); 1042 } 1043 1044 /** enter implicit transparent zone for local-data: without local-zone: */ 1045 static int 1046 lz_setup_implicit(struct local_zones* zones, struct config_file* cfg) 1047 { 1048 /* walk over all items that have no parent zone and find 1049 * the name that covers them all (could be the root) and 1050 * add that as a transparent zone */ 1051 struct config_strlist* p; 1052 int have_name = 0; 1053 int have_other_classes = 0; 1054 uint16_t dclass = 0; 1055 uint8_t* nm = 0; 1056 size_t nmlen = 0; 1057 int nmlabs = 0; 1058 int match = 0; /* number of labels match count */ 1059 1060 lz_init_parents(zones); /* to enable local_zones_lookup() */ 1061 for(p = cfg->local_data; p; p = p->next) { 1062 uint8_t* rr_name; 1063 uint16_t rr_class, rr_type; 1064 size_t len; 1065 int labs; 1066 if(!get_rr_nameclass(p->str, &rr_name, &rr_class, &rr_type)) { 1067 log_err("Bad local-data RR %s", p->str); 1068 return 0; 1069 } 1070 labs = dname_count_size_labels(rr_name, &len); 1071 lock_rw_rdlock(&zones->lock); 1072 if(!local_zones_lookup(zones, rr_name, len, labs, rr_class, 1073 rr_type, 1)) { 1074 /* Check if there is a zone that this could go 1075 * under but for different class; created zones are 1076 * always for LDNS_RR_CLASS_IN. Create the zone with 1077 * a different class but the same configured 1078 * local_zone_type. */ 1079 struct local_zone* z = local_zones_lookup(zones, 1080 rr_name, len, labs, LDNS_RR_CLASS_IN, rr_type, 1081 1); 1082 if(z) { 1083 uint8_t* name = memdup(z->name, z->namelen); 1084 size_t znamelen = z->namelen; 1085 int znamelabs = z->namelabs; 1086 enum localzone_type ztype = z->type; 1087 lock_rw_unlock(&zones->lock); 1088 if(!name) { 1089 log_err("out of memory"); 1090 free(rr_name); 1091 return 0; 1092 } 1093 if(!( 1094 #ifndef THREADS_DISABLED 1095 z = 1096 #endif 1097 lz_enter_zone_dname(zones, name, 1098 znamelen, znamelabs, 1099 ztype, rr_class))) { 1100 free(rr_name); 1101 return 0; 1102 } 1103 lock_rw_unlock(&z->lock); 1104 free(rr_name); 1105 continue; 1106 } 1107 if(!have_name) { 1108 dclass = rr_class; 1109 nm = rr_name; 1110 nmlen = len; 1111 nmlabs = labs; 1112 match = labs; 1113 have_name = 1; 1114 } else { 1115 int m; 1116 if(rr_class != dclass) { 1117 /* process other classes later */ 1118 free(rr_name); 1119 have_other_classes = 1; 1120 lock_rw_unlock(&zones->lock); 1121 continue; 1122 } 1123 /* find smallest shared topdomain */ 1124 (void)dname_lab_cmp(nm, nmlabs, 1125 rr_name, labs, &m); 1126 free(rr_name); 1127 if(m < match) 1128 match = m; 1129 } 1130 } else free(rr_name); 1131 lock_rw_unlock(&zones->lock); 1132 } 1133 if(have_name) { 1134 uint8_t* n2; 1135 #ifndef THREADS_DISABLED 1136 struct local_zone* z; 1137 #endif 1138 /* allocate zone of smallest shared topdomain to contain em */ 1139 n2 = nm; 1140 dname_remove_labels(&n2, &nmlen, nmlabs - match); 1141 n2 = memdup(n2, nmlen); 1142 free(nm); 1143 if(!n2) { 1144 log_err("out of memory"); 1145 return 0; 1146 } 1147 log_nametypeclass(VERB_ALGO, "implicit transparent local-zone", 1148 n2, 0, dclass); 1149 if(!( 1150 #ifndef THREADS_DISABLED 1151 z= 1152 #endif 1153 lz_enter_zone_dname(zones, n2, nmlen, match, 1154 local_zone_transparent, dclass))) { 1155 return 0; 1156 } 1157 lock_rw_unlock(&z->lock); 1158 } 1159 if(have_other_classes) { 1160 /* restart to setup other class */ 1161 return lz_setup_implicit(zones, cfg); 1162 } 1163 return 1; 1164 } 1165 1166 /** enter local-zone-tag info */ 1167 static int 1168 lz_enter_zone_tags(struct local_zones* zones, struct config_file* cfg) 1169 { 1170 struct config_strbytelist* p; 1171 int c = 0; 1172 for(p = cfg->local_zone_tags; p; p = p->next) { 1173 if(!lz_enter_zone_tag(zones, p->str, p->str2, p->str2len, 1174 LDNS_RR_CLASS_IN)) 1175 return 0; 1176 c++; 1177 } 1178 if(c) verbose(VERB_ALGO, "applied tags to %d local zones", c); 1179 return 1; 1180 } 1181 1182 /** enter auth data */ 1183 static int 1184 lz_enter_data(struct local_zones* zones, struct config_file* cfg) 1185 { 1186 struct config_strlist* p; 1187 for(p = cfg->local_data; p; p = p->next) { 1188 if(!lz_enter_rr_str(zones, p->str)) 1189 return 0; 1190 } 1191 return 1; 1192 } 1193 1194 /** free memory from config */ 1195 static void 1196 lz_freeup_cfg(struct config_file* cfg) 1197 { 1198 config_deldblstrlist(cfg->local_zones); 1199 cfg->local_zones = NULL; 1200 config_delstrlist(cfg->local_zones_nodefault); 1201 cfg->local_zones_nodefault = NULL; 1202 config_delstrlist(cfg->local_data); 1203 cfg->local_data = NULL; 1204 } 1205 1206 int 1207 local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg) 1208 { 1209 /* create zones from zone statements. */ 1210 if(!lz_enter_zones(zones, cfg)) { 1211 return 0; 1212 } 1213 /* apply default zones+content (unless disabled, or overridden) */ 1214 if(!local_zone_enter_defaults(zones, cfg)) { 1215 return 0; 1216 } 1217 /* enter local zone overrides */ 1218 if(!lz_enter_overrides(zones, cfg)) { 1219 return 0; 1220 } 1221 /* create implicit transparent zone from data. */ 1222 if(!lz_setup_implicit(zones, cfg)) { 1223 return 0; 1224 } 1225 1226 /* setup parent ptrs for lookup during data entry */ 1227 lz_init_parents(zones); 1228 /* insert local zone tags */ 1229 if(!lz_enter_zone_tags(zones, cfg)) { 1230 return 0; 1231 } 1232 /* insert local data */ 1233 if(!lz_enter_data(zones, cfg)) { 1234 return 0; 1235 } 1236 /* freeup memory from cfg struct. */ 1237 lz_freeup_cfg(cfg); 1238 return 1; 1239 } 1240 1241 struct local_zone* 1242 local_zones_lookup(struct local_zones* zones, 1243 uint8_t* name, size_t len, int labs, uint16_t dclass, uint16_t dtype, 1244 int foradd) 1245 { 1246 return local_zones_tags_lookup(zones, name, len, labs, 1247 dclass, dtype, NULL, 0, 1, foradd); 1248 } 1249 1250 struct local_zone* 1251 local_zones_tags_lookup(struct local_zones* zones, 1252 uint8_t* name, size_t len, int labs, uint16_t dclass, uint16_t dtype, 1253 uint8_t* taglist, size_t taglen, int ignoretags, int foradd) 1254 { 1255 rbnode_type* res = NULL; 1256 struct local_zone *result; 1257 struct local_zone key; 1258 int m; 1259 key.node.key = &key; 1260 key.dclass = dclass; 1261 /* for type DS use a zone higher when on a zonecut */ 1262 if(dtype == LDNS_RR_TYPE_DS && !dname_is_root(name)) { 1263 /* If this is at a zone cut, of a local-zone, and it is 1264 * of type always_refuse. Then also refuse the type DS 1265 * for it. That could make it DNSSEC bogus, but it is 1266 * REFUSED anyway. It stops CNAME type answers in the 1267 * type DS lookup. */ 1268 key.name = name; 1269 key.namelen = len; 1270 key.namelabs = labs; 1271 /* For additions and removals, use the ordinary rule, 1272 * to remove a label for type DS to locate the parent zone. 1273 * That is where the DS RR needs to be put. */ 1274 if(!foradd && 1275 (result=(struct local_zone*)rbtree_search( 1276 &zones->ztree, &key)) != NULL && 1277 result->type == local_zone_always_refuse) { 1278 /* The type DS does not go up one label. */ 1279 return result; 1280 } else { 1281 dname_remove_label(&name, &len); 1282 labs--; 1283 } 1284 } 1285 key.name = name; 1286 key.namelen = len; 1287 key.namelabs = labs; 1288 rbtree_find_less_equal(&zones->ztree, &key, &res); 1289 result = (struct local_zone*)res; 1290 /* exact or smaller element (or no element) */ 1291 if(!result || result->dclass != dclass) 1292 return NULL; 1293 /* count number of labels matched */ 1294 (void)dname_lab_cmp(result->name, result->namelabs, key.name, 1295 key.namelabs, &m); 1296 while(result) { /* go up until qname is zone or subdomain of zone */ 1297 if(result->namelabs <= m) 1298 if(ignoretags || !result->taglist || 1299 taglist_intersect(result->taglist, 1300 result->taglen, taglist, taglen)) 1301 break; 1302 result = result->parent; 1303 } 1304 return result; 1305 } 1306 1307 struct local_zone* 1308 local_zones_find(struct local_zones* zones, 1309 uint8_t* name, size_t len, int labs, uint16_t dclass) 1310 { 1311 struct local_zone key; 1312 key.node.key = &key; 1313 key.dclass = dclass; 1314 key.name = name; 1315 key.namelen = len; 1316 key.namelabs = labs; 1317 /* exact */ 1318 return (struct local_zone*)rbtree_search(&zones->ztree, &key); 1319 } 1320 1321 struct local_zone* 1322 local_zones_find_le(struct local_zones* zones, 1323 uint8_t* name, size_t len, int labs, uint16_t dclass, 1324 int* exact) 1325 { 1326 struct local_zone key; 1327 rbnode_type *node; 1328 key.node.key = &key; 1329 key.dclass = dclass; 1330 key.name = name; 1331 key.namelen = len; 1332 key.namelabs = labs; 1333 *exact = rbtree_find_less_equal(&zones->ztree, &key, &node); 1334 return (struct local_zone*)node; 1335 } 1336 1337 /** encode answer consisting of 1 rrset */ 1338 static int 1339 local_encode(struct query_info* qinfo, struct module_env* env, 1340 struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf, 1341 struct regional* temp, struct ub_packed_rrset_key* rrset, int ansec, 1342 int rcode) 1343 { 1344 struct reply_info rep; 1345 uint16_t udpsize; 1346 /* make answer with time=0 for fixed TTL values */ 1347 memset(&rep, 0, sizeof(rep)); 1348 rep.flags = (uint16_t)((BIT_QR | BIT_AA | BIT_RA) | rcode); 1349 rep.qdcount = 1; 1350 if(ansec) 1351 rep.an_numrrsets = 1; 1352 else rep.ns_numrrsets = 1; 1353 rep.rrset_count = 1; 1354 rep.rrsets = &rrset; 1355 rep.reason_bogus = LDNS_EDE_NONE; 1356 udpsize = edns->udp_size; 1357 edns->edns_version = EDNS_ADVERTISED_VERSION; 1358 edns->udp_size = EDNS_ADVERTISED_SIZE; 1359 edns->ext_rcode = 0; 1360 edns->bits &= EDNS_DO; 1361 if(!inplace_cb_reply_local_call(env, qinfo, NULL, &rep, rcode, edns, 1362 repinfo, temp, env->now_tv) || !reply_info_answer_encode(qinfo, &rep, 1363 *(uint16_t*)sldns_buffer_begin(buf), sldns_buffer_read_u16_at(buf, 2), 1364 buf, 0, 0, temp, udpsize, edns, (int)(edns->bits&EDNS_DO), 0)) { 1365 error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo, 1366 *(uint16_t*)sldns_buffer_begin(buf), 1367 sldns_buffer_read_u16_at(buf, 2), edns); 1368 } 1369 return 1; 1370 } 1371 1372 /** encode local error answer */ 1373 static void 1374 local_error_encode(struct query_info* qinfo, struct module_env* env, 1375 struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf, 1376 struct regional* temp, int rcode, int r, int ede_code, 1377 const char* ede_txt) 1378 { 1379 edns->edns_version = EDNS_ADVERTISED_VERSION; 1380 edns->udp_size = EDNS_ADVERTISED_SIZE; 1381 edns->ext_rcode = 0; 1382 edns->bits &= EDNS_DO; 1383 1384 if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL, 1385 rcode, edns, repinfo, temp, env->now_tv)) 1386 edns->opt_list_inplace_cb_out = NULL; 1387 1388 if(ede_code != LDNS_EDE_NONE && env->cfg->ede) { 1389 edns_opt_list_append_ede(&edns->opt_list_out, temp, 1390 ede_code, ede_txt); 1391 } 1392 1393 error_encode(buf, r, qinfo, *(uint16_t*)sldns_buffer_begin(buf), 1394 sldns_buffer_read_u16_at(buf, 2), edns); 1395 } 1396 1397 /** find local data tag string match for the given type in the list */ 1398 int 1399 local_data_find_tag_datas(const struct query_info* qinfo, 1400 struct config_strlist* list, struct ub_packed_rrset_key* r, 1401 struct regional* temp) 1402 { 1403 struct config_strlist* p; 1404 char buf[65536]; 1405 uint8_t rr[LDNS_RR_BUF_SIZE]; 1406 size_t len; 1407 int res; 1408 struct packed_rrset_data* d; 1409 for(p=list; p; p=p->next) { 1410 uint16_t rdr_type; 1411 1412 len = sizeof(rr); 1413 /* does this element match the type? */ 1414 snprintf(buf, sizeof(buf), ". %s", p->str); 1415 res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, 1416 NULL, 0, NULL, 0); 1417 if(res != 0) 1418 /* parse errors are already checked before, in 1419 * acllist check_data, skip this for robustness */ 1420 continue; 1421 if(len < 1 /* . */ + 8 /* typeclassttl*/ + 2 /*rdatalen*/) 1422 continue; 1423 rdr_type = sldns_wirerr_get_type(rr, len, 1); 1424 if(rdr_type != qinfo->qtype && rdr_type != LDNS_RR_TYPE_CNAME) 1425 continue; 1426 1427 /* do we have entries already? if not setup key */ 1428 if(r->rk.dname == NULL) { 1429 r->entry.key = r; 1430 r->rk.dname = qinfo->qname; 1431 r->rk.dname_len = qinfo->qname_len; 1432 r->rk.type = htons(rdr_type); 1433 r->rk.rrset_class = htons(qinfo->qclass); 1434 r->rk.flags = 0; 1435 d = (struct packed_rrset_data*)regional_alloc_zero( 1436 temp, sizeof(struct packed_rrset_data) 1437 + sizeof(size_t) + sizeof(uint8_t*) + 1438 sizeof(time_t)); 1439 if(!d) return 0; /* out of memory */ 1440 r->entry.data = d; 1441 d->ttl = sldns_wirerr_get_ttl(rr, len, 1); 1442 d->rr_len = (size_t*)((uint8_t*)d + 1443 sizeof(struct packed_rrset_data)); 1444 d->rr_data = (uint8_t**)&(d->rr_len[1]); 1445 d->rr_ttl = (time_t*)&(d->rr_data[1]); 1446 } 1447 d = (struct packed_rrset_data*)r->entry.data; 1448 /* add entry to the data */ 1449 if(d->count != 0) { 1450 size_t* oldlen = d->rr_len; 1451 uint8_t** olddata = d->rr_data; 1452 time_t* oldttl = d->rr_ttl; 1453 /* increase arrays for lookup */ 1454 /* this is of course slow for very many records, 1455 * but most redirects are expected with few records */ 1456 d->rr_len = (size_t*)regional_alloc_zero(temp, 1457 (d->count+1)*sizeof(size_t)); 1458 d->rr_data = (uint8_t**)regional_alloc_zero(temp, 1459 (d->count+1)*sizeof(uint8_t*)); 1460 d->rr_ttl = (time_t*)regional_alloc_zero(temp, 1461 (d->count+1)*sizeof(time_t)); 1462 if(!d->rr_len || !d->rr_data || !d->rr_ttl) 1463 return 0; /* out of memory */ 1464 /* first one was allocated after struct d, but new 1465 * ones get their own array increment alloc, so 1466 * copy old content */ 1467 memmove(d->rr_len, oldlen, d->count*sizeof(size_t)); 1468 memmove(d->rr_data, olddata, d->count*sizeof(uint8_t*)); 1469 memmove(d->rr_ttl, oldttl, d->count*sizeof(time_t)); 1470 } 1471 1472 d->rr_len[d->count] = sldns_wirerr_get_rdatalen(rr, len, 1)+2; 1473 d->rr_ttl[d->count] = sldns_wirerr_get_ttl(rr, len, 1); 1474 d->rr_data[d->count] = regional_alloc_init(temp, 1475 sldns_wirerr_get_rdatawl(rr, len, 1), 1476 d->rr_len[d->count]); 1477 if(!d->rr_data[d->count]) 1478 return 0; /* out of memory */ 1479 d->count++; 1480 } 1481 if(r->rk.dname) 1482 return 1; 1483 return 0; 1484 } 1485 1486 static int 1487 find_tag_datas(struct query_info* qinfo, struct config_strlist* list, 1488 struct ub_packed_rrset_key* r, struct regional* temp) 1489 { 1490 int result = local_data_find_tag_datas(qinfo, list, r, temp); 1491 1492 /* If we've found a non-exact alias type of local data, make a shallow 1493 * copy of the RRset and remember it in qinfo to complete the alias 1494 * chain later. */ 1495 if(result && qinfo->qtype != LDNS_RR_TYPE_CNAME && 1496 r->rk.type == htons(LDNS_RR_TYPE_CNAME)) { 1497 qinfo->local_alias = 1498 regional_alloc_zero(temp, sizeof(struct local_rrset)); 1499 if(!qinfo->local_alias) 1500 return 0; /* out of memory */ 1501 qinfo->local_alias->rrset = 1502 regional_alloc_init(temp, r, sizeof(*r)); 1503 if(!qinfo->local_alias->rrset) 1504 return 0; /* out of memory */ 1505 } 1506 return result; 1507 } 1508 1509 int 1510 local_data_answer(struct local_zone* z, struct module_env* env, 1511 struct query_info* qinfo, struct edns_data* edns, 1512 struct comm_reply* repinfo, sldns_buffer* buf, 1513 struct regional* temp, int labs, struct local_data** ldp, 1514 enum localzone_type lz_type, int tag, struct config_strlist** tag_datas, 1515 size_t tag_datas_size, char** tagname, int num_tags) 1516 { 1517 struct local_data key; 1518 struct local_data* ld; 1519 struct local_rrset* lr; 1520 key.node.key = &key; 1521 key.name = qinfo->qname; 1522 key.namelen = qinfo->qname_len; 1523 key.namelabs = labs; 1524 if(lz_type == local_zone_redirect || 1525 lz_type == local_zone_inform_redirect) { 1526 key.name = z->name; 1527 key.namelen = z->namelen; 1528 key.namelabs = z->namelabs; 1529 if(tag != -1 && (size_t)tag<tag_datas_size && tag_datas[tag]) { 1530 struct ub_packed_rrset_key r; 1531 memset(&r, 0, sizeof(r)); 1532 if(find_tag_datas(qinfo, tag_datas[tag], &r, temp)) { 1533 verbose(VERB_ALGO, "redirect with tag data [%d] %s", 1534 tag, (tag<num_tags?tagname[tag]:"null")); 1535 1536 /* If we found a matching alias, we should 1537 * use it as part of the answer, but we can't 1538 * encode it until we complete the alias 1539 * chain. */ 1540 if(qinfo->local_alias) 1541 return 1; 1542 return local_encode(qinfo, env, edns, repinfo, buf, temp, 1543 &r, 1, LDNS_RCODE_NOERROR); 1544 } 1545 } 1546 } 1547 ld = (struct local_data*)rbtree_search(&z->data, &key.node); 1548 *ldp = ld; 1549 if(!ld) { 1550 return 0; 1551 } 1552 lr = local_data_find_type(ld, qinfo->qtype, 1); 1553 if(!lr) 1554 return 0; 1555 1556 /* Special case for alias matching. See local_data_answer(). */ 1557 if((lz_type == local_zone_redirect || 1558 lz_type == local_zone_inform_redirect) && 1559 qinfo->qtype != LDNS_RR_TYPE_CNAME && 1560 lr->rrset->rk.type == htons(LDNS_RR_TYPE_CNAME)) { 1561 uint8_t* ctarget; 1562 size_t ctargetlen = 0; 1563 1564 qinfo->local_alias = 1565 regional_alloc_zero(temp, sizeof(struct local_rrset)); 1566 if(!qinfo->local_alias) 1567 return 0; /* out of memory */ 1568 qinfo->local_alias->rrset = regional_alloc_init( 1569 temp, lr->rrset, sizeof(*lr->rrset)); 1570 if(!qinfo->local_alias->rrset) 1571 return 0; /* out of memory */ 1572 qinfo->local_alias->rrset->rk.dname = qinfo->qname; 1573 qinfo->local_alias->rrset->rk.dname_len = qinfo->qname_len; 1574 get_cname_target(lr->rrset, &ctarget, &ctargetlen); 1575 if(!ctargetlen) 1576 return 0; /* invalid cname */ 1577 if(dname_is_wild(ctarget)) { 1578 /* synthesize cname target */ 1579 struct packed_rrset_data* d, *lr_d; 1580 /* -3 for wildcard label and root label from qname */ 1581 size_t newtargetlen = qinfo->qname_len + ctargetlen - 3; 1582 1583 log_assert(ctargetlen >= 3); 1584 log_assert(qinfo->qname_len >= 1); 1585 1586 if(newtargetlen > LDNS_MAX_DOMAINLEN) { 1587 qinfo->local_alias = NULL; 1588 local_error_encode(qinfo, env, edns, repinfo, 1589 buf, temp, LDNS_RCODE_YXDOMAIN, 1590 (LDNS_RCODE_YXDOMAIN|BIT_AA), 1591 LDNS_EDE_OTHER, 1592 "DNAME expansion became too large"); 1593 return 1; 1594 } 1595 memset(&qinfo->local_alias->rrset->entry, 0, 1596 sizeof(qinfo->local_alias->rrset->entry)); 1597 qinfo->local_alias->rrset->entry.key = 1598 qinfo->local_alias->rrset; 1599 qinfo->local_alias->rrset->entry.hash = 1600 rrset_key_hash(&qinfo->local_alias->rrset->rk); 1601 d = (struct packed_rrset_data*)regional_alloc_zero(temp, 1602 sizeof(struct packed_rrset_data) + sizeof(size_t) + 1603 sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t) 1604 + newtargetlen); 1605 if(!d) 1606 return 0; /* out of memory */ 1607 lr_d = (struct packed_rrset_data*)lr->rrset->entry.data; 1608 qinfo->local_alias->rrset->entry.data = d; 1609 d->ttl = lr_d->rr_ttl[0]; /* RFC6672-like behavior: 1610 synth CNAME TTL uses original TTL*/ 1611 d->count = 1; 1612 d->rrsig_count = 0; 1613 d->trust = rrset_trust_ans_noAA; 1614 d->rr_len = (size_t*)((uint8_t*)d + 1615 sizeof(struct packed_rrset_data)); 1616 d->rr_len[0] = newtargetlen + sizeof(uint16_t); 1617 packed_rrset_ptr_fixup(d); 1618 d->rr_ttl[0] = d->ttl; 1619 sldns_write_uint16(d->rr_data[0], newtargetlen); 1620 /* write qname */ 1621 memmove(d->rr_data[0] + sizeof(uint16_t), qinfo->qname, 1622 qinfo->qname_len - 1); 1623 /* write cname target wildcard label */ 1624 memmove(d->rr_data[0] + sizeof(uint16_t) + 1625 qinfo->qname_len - 1, ctarget + 2, 1626 ctargetlen - 2); 1627 } 1628 return 1; 1629 } 1630 if(lz_type == local_zone_redirect || 1631 lz_type == local_zone_inform_redirect) { 1632 /* convert rrset name to query name; like a wildcard */ 1633 struct ub_packed_rrset_key r = *lr->rrset; 1634 r.rk.dname = qinfo->qname; 1635 r.rk.dname_len = qinfo->qname_len; 1636 return local_encode(qinfo, env, edns, repinfo, buf, temp, &r, 1, 1637 LDNS_RCODE_NOERROR); 1638 } 1639 return local_encode(qinfo, env, edns, repinfo, buf, temp, lr->rrset, 1, 1640 LDNS_RCODE_NOERROR); 1641 } 1642 1643 /** 1644 * See if the local zone does not cover the name, eg. the name is not 1645 * in the zone and the zone is transparent */ 1646 static int 1647 local_zone_does_not_cover(struct local_zone* z, struct query_info* qinfo, 1648 int labs) 1649 { 1650 struct local_data key; 1651 struct local_data* ld = NULL; 1652 struct local_rrset* lr = NULL; 1653 if(z->type == local_zone_always_transparent || z->type == local_zone_block_a) 1654 return 1; 1655 if(z->type != local_zone_transparent 1656 && z->type != local_zone_typetransparent 1657 && z->type != local_zone_inform) 1658 return 0; 1659 key.node.key = &key; 1660 key.name = qinfo->qname; 1661 key.namelen = qinfo->qname_len; 1662 key.namelabs = labs; 1663 ld = (struct local_data*)rbtree_search(&z->data, &key.node); 1664 if(z->type == local_zone_transparent || z->type == local_zone_inform) 1665 return (ld == NULL); 1666 if(ld) 1667 lr = local_data_find_type(ld, qinfo->qtype, 1); 1668 /* local_zone_typetransparent */ 1669 return (lr == NULL); 1670 } 1671 1672 static inline int 1673 local_zone_is_udp_query(struct comm_reply* repinfo) { 1674 return repinfo != NULL 1675 ? (repinfo->c != NULL 1676 ? repinfo->c->type == comm_udp 1677 : 0) 1678 : 0; 1679 } 1680 1681 int 1682 local_zones_zone_answer(struct local_zone* z, struct module_env* env, 1683 struct query_info* qinfo, struct edns_data* edns, 1684 struct comm_reply* repinfo, sldns_buffer* buf, struct regional* temp, 1685 struct local_data* ld, enum localzone_type lz_type) 1686 { 1687 if(lz_type == local_zone_deny || 1688 lz_type == local_zone_always_deny || 1689 lz_type == local_zone_inform_deny) { 1690 /** no reply at all, signal caller by clearing buffer. */ 1691 sldns_buffer_clear(buf); 1692 sldns_buffer_flip(buf); 1693 return 1; 1694 } else if(lz_type == local_zone_refuse 1695 || lz_type == local_zone_always_refuse) { 1696 local_error_encode(qinfo, env, edns, repinfo, buf, temp, 1697 LDNS_RCODE_REFUSED, (LDNS_RCODE_REFUSED|BIT_AA), 1698 LDNS_EDE_NONE, NULL); 1699 return 1; 1700 } else if(lz_type == local_zone_static || 1701 lz_type == local_zone_redirect || 1702 lz_type == local_zone_inform_redirect || 1703 lz_type == local_zone_always_nxdomain || 1704 lz_type == local_zone_always_nodata || 1705 (lz_type == local_zone_truncate 1706 && local_zone_is_udp_query(repinfo))) { 1707 /* for static, reply nodata or nxdomain 1708 * for redirect, reply nodata */ 1709 /* no additional section processing, 1710 * cname, dname or wildcard processing, 1711 * or using closest match for NSEC. 1712 * or using closest match for returning delegation downwards 1713 */ 1714 int rcode = (ld || lz_type == local_zone_redirect || 1715 lz_type == local_zone_inform_redirect || 1716 lz_type == local_zone_always_nodata || 1717 lz_type == local_zone_truncate)? 1718 LDNS_RCODE_NOERROR:LDNS_RCODE_NXDOMAIN; 1719 rcode = (lz_type == local_zone_truncate ? (rcode|BIT_TC) : rcode); 1720 if(z != NULL && z->soa && z->soa_negative) 1721 return local_encode(qinfo, env, edns, repinfo, buf, temp, 1722 z->soa_negative, 0, rcode); 1723 local_error_encode(qinfo, env, edns, repinfo, buf, temp, 1724 rcode, (rcode|BIT_AA), LDNS_EDE_NONE, NULL); 1725 return 1; 1726 } else if(lz_type == local_zone_typetransparent 1727 || lz_type == local_zone_always_transparent) { 1728 /* no NODATA or NXDOMAINS for this zone type */ 1729 return 0; 1730 } else if(lz_type == local_zone_block_a) { 1731 /* Return NODATA for all A queries */ 1732 if(qinfo->qtype == LDNS_RR_TYPE_A) { 1733 local_error_encode(qinfo, env, edns, repinfo, buf, temp, 1734 LDNS_RCODE_NOERROR, (LDNS_RCODE_NOERROR|BIT_AA), 1735 LDNS_EDE_NONE, NULL); 1736 return 1; 1737 } 1738 1739 return 0; 1740 } else if(lz_type == local_zone_always_null) { 1741 /* 0.0.0.0 or ::0 or noerror/nodata for this zone type, 1742 * used for blocklists. */ 1743 if(qinfo->qtype == LDNS_RR_TYPE_A || 1744 qinfo->qtype == LDNS_RR_TYPE_AAAA) { 1745 struct ub_packed_rrset_key lrr; 1746 struct packed_rrset_data d; 1747 time_t rr_ttl = 3600; 1748 size_t rr_len = 0; 1749 uint8_t rr_data[2+16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; 1750 uint8_t* rr_datas = rr_data; 1751 memset(&lrr, 0, sizeof(lrr)); 1752 memset(&d, 0, sizeof(d)); 1753 lrr.entry.data = &d; 1754 lrr.rk.dname = qinfo->qname; 1755 lrr.rk.dname_len = qinfo->qname_len; 1756 lrr.rk.type = htons(qinfo->qtype); 1757 lrr.rk.rrset_class = htons(qinfo->qclass); 1758 if(qinfo->qtype == LDNS_RR_TYPE_A) { 1759 rr_len = 4; 1760 sldns_write_uint16(rr_data, rr_len); 1761 rr_len += 2; 1762 } else { 1763 rr_len = 16; 1764 sldns_write_uint16(rr_data, rr_len); 1765 rr_len += 2; 1766 } 1767 d.ttl = rr_ttl; 1768 d.count = 1; 1769 d.rr_len = &rr_len; 1770 d.rr_data = &rr_datas; 1771 d.rr_ttl = &rr_ttl; 1772 return local_encode(qinfo, env, edns, repinfo, buf, temp, 1773 &lrr, 1, LDNS_RCODE_NOERROR); 1774 } else { 1775 /* NODATA: No EDE needed */ 1776 local_error_encode(qinfo, env, edns, repinfo, buf, 1777 temp, LDNS_RCODE_NOERROR, 1778 (LDNS_RCODE_NOERROR|BIT_AA), -1, NULL); 1779 } 1780 return 1; 1781 } 1782 /* else lz_type == local_zone_transparent */ 1783 1784 /* if the zone is transparent and the name exists, but the type 1785 * does not, then we should make this noerror/nodata */ 1786 if(ld && ld->rrsets) { 1787 int rcode = LDNS_RCODE_NOERROR; 1788 if(z != NULL && z->soa && z->soa_negative) 1789 return local_encode(qinfo, env, edns, repinfo, buf, temp, 1790 z->soa_negative, 0, rcode); 1791 /* NODATA: No EDE needed */ 1792 local_error_encode(qinfo, env, edns, repinfo, buf, temp, rcode, 1793 (rcode|BIT_AA), LDNS_EDE_NONE, NULL); 1794 return 1; 1795 } 1796 1797 /* stop here, and resolve further on */ 1798 return 0; 1799 } 1800 1801 /** print log information for an inform zone query */ 1802 static void 1803 lz_inform_print(struct local_zone* z, struct query_info* qinfo, 1804 struct sockaddr_storage* addr, socklen_t addrlen) 1805 { 1806 char ip[128], txt[512]; 1807 char zname[LDNS_MAX_DOMAINLEN]; 1808 uint16_t port = ntohs(((struct sockaddr_in*)addr)->sin_port); 1809 dname_str(z->name, zname); 1810 addr_to_str(addr, addrlen, ip, sizeof(ip)); 1811 snprintf(txt, sizeof(txt), "%s %s %s@%u", zname, local_zone_type2str(z->type), ip, 1812 (unsigned)port); 1813 log_nametypeclass(NO_VERBOSE, txt, qinfo->qname, qinfo->qtype, qinfo->qclass); 1814 } 1815 1816 static enum localzone_type 1817 lz_type(uint8_t *taglist, size_t taglen, uint8_t *taglist2, size_t taglen2, 1818 uint8_t *tagactions, size_t tagactionssize, enum localzone_type lzt, 1819 struct comm_reply* repinfo, struct rbtree_type* override_tree, 1820 int* tag, char** tagname, int num_tags) 1821 { 1822 struct local_zone_override* lzo; 1823 if(repinfo && override_tree) { 1824 lzo = (struct local_zone_override*)addr_tree_lookup( 1825 override_tree, &repinfo->client_addr, 1826 repinfo->client_addrlen); 1827 if(lzo && lzo->type) { 1828 verbose(VERB_ALGO, "local zone override to type %s", 1829 local_zone_type2str(lzo->type)); 1830 return lzo->type; 1831 } 1832 } 1833 if(!taglist || !taglist2) 1834 return lzt; 1835 return local_data_find_tag_action(taglist, taglen, taglist2, taglen2, 1836 tagactions, tagactionssize, lzt, tag, tagname, num_tags); 1837 } 1838 1839 enum localzone_type 1840 local_data_find_tag_action(const uint8_t* taglist, size_t taglen, 1841 const uint8_t* taglist2, size_t taglen2, const uint8_t* tagactions, 1842 size_t tagactionssize, enum localzone_type lzt, int* tag, 1843 char* const* tagname, int num_tags) 1844 { 1845 size_t i, j; 1846 uint8_t tagmatch; 1847 1848 for(i=0; i<taglen && i<taglen2; i++) { 1849 tagmatch = (taglist[i] & taglist2[i]); 1850 for(j=0; j<8 && tagmatch>0; j++) { 1851 if((tagmatch & 0x1)) { 1852 *tag = (int)(i*8+j); 1853 verbose(VERB_ALGO, "matched tag [%d] %s", 1854 *tag, (*tag<num_tags?tagname[*tag]:"null")); 1855 /* does this tag have a tag action? */ 1856 if(i*8+j < tagactionssize && tagactions 1857 && tagactions[i*8+j] != 0) { 1858 verbose(VERB_ALGO, "tag action [%d] %s to type %s", 1859 *tag, (*tag<num_tags?tagname[*tag]:"null"), 1860 local_zone_type2str( 1861 (enum localzone_type) 1862 tagactions[i*8+j])); 1863 return (enum localzone_type)tagactions[i*8+j]; 1864 } 1865 return lzt; 1866 } 1867 tagmatch >>= 1; 1868 } 1869 } 1870 return lzt; 1871 } 1872 1873 int 1874 local_zones_answer(struct local_zones* zones, struct module_env* env, 1875 struct query_info* qinfo, struct edns_data* edns, sldns_buffer* buf, 1876 struct regional* temp, struct comm_reply* repinfo, uint8_t* taglist, 1877 size_t taglen, uint8_t* tagactions, size_t tagactionssize, 1878 struct config_strlist** tag_datas, size_t tag_datas_size, 1879 char** tagname, int num_tags, struct view* view) 1880 { 1881 /* see if query is covered by a zone, 1882 * if so: - try to match (exact) local data 1883 * - look at zone type for negative response. */ 1884 int labs = dname_count_labels(qinfo->qname); 1885 struct local_data* ld = NULL; 1886 struct local_zone* z = NULL; 1887 enum localzone_type lzt = local_zone_transparent; 1888 int r, tag = -1; 1889 1890 if(view) { 1891 lock_rw_rdlock(&view->lock); 1892 if(view->local_zones && 1893 (z = local_zones_lookup(view->local_zones, 1894 qinfo->qname, qinfo->qname_len, labs, 1895 qinfo->qclass, qinfo->qtype, 0))) { 1896 lock_rw_rdlock(&z->lock); 1897 lzt = z->type; 1898 } 1899 if(lzt == local_zone_noview) { 1900 lock_rw_unlock(&z->lock); 1901 z = NULL; 1902 } 1903 if(z && (lzt == local_zone_transparent || 1904 lzt == local_zone_typetransparent || 1905 lzt == local_zone_inform || 1906 lzt == local_zone_always_transparent || 1907 lzt == local_zone_block_a) && 1908 local_zone_does_not_cover(z, qinfo, labs)) { 1909 lock_rw_unlock(&z->lock); 1910 z = NULL; 1911 } 1912 if(view->local_zones && !z && !view->isfirst){ 1913 lock_rw_unlock(&view->lock); 1914 return 0; 1915 } 1916 if(z && verbosity >= VERB_ALGO) { 1917 char zname[LDNS_MAX_DOMAINLEN]; 1918 dname_str(z->name, zname); 1919 verbose(VERB_ALGO, "using localzone %s %s from view %s", 1920 zname, local_zone_type2str(lzt), view->name); 1921 } 1922 lock_rw_unlock(&view->lock); 1923 } 1924 if(!z) { 1925 /* try global local_zones tree */ 1926 lock_rw_rdlock(&zones->lock); 1927 if(!(z = local_zones_tags_lookup(zones, qinfo->qname, 1928 qinfo->qname_len, labs, qinfo->qclass, qinfo->qtype, 1929 taglist, taglen, 0, 0))) { 1930 lock_rw_unlock(&zones->lock); 1931 return 0; 1932 } 1933 lock_rw_rdlock(&z->lock); 1934 lzt = lz_type(taglist, taglen, z->taglist, z->taglen, 1935 tagactions, tagactionssize, z->type, repinfo, 1936 z->override_tree, &tag, tagname, num_tags); 1937 lock_rw_unlock(&zones->lock); 1938 if(z && verbosity >= VERB_ALGO) { 1939 char zname[LDNS_MAX_DOMAINLEN]; 1940 dname_str(z->name, zname); 1941 verbose(VERB_ALGO, "using localzone %s %s", zname, 1942 local_zone_type2str(lzt)); 1943 } 1944 } 1945 if((env->cfg->log_local_actions || 1946 lzt == local_zone_inform || 1947 lzt == local_zone_inform_deny || 1948 lzt == local_zone_inform_redirect) 1949 && repinfo) 1950 lz_inform_print(z, qinfo, &repinfo->client_addr, 1951 repinfo->client_addrlen); 1952 1953 if(lzt != local_zone_always_refuse 1954 && lzt != local_zone_always_transparent 1955 && lzt != local_zone_block_a 1956 && lzt != local_zone_always_nxdomain 1957 && lzt != local_zone_always_nodata 1958 && lzt != local_zone_always_deny 1959 && local_data_answer(z, env, qinfo, edns, repinfo, buf, temp, labs, 1960 &ld, lzt, tag, tag_datas, tag_datas_size, tagname, num_tags)) { 1961 lock_rw_unlock(&z->lock); 1962 /* We should tell the caller that encode is deferred if we found 1963 * a local alias. */ 1964 return !qinfo->local_alias; 1965 } 1966 r = local_zones_zone_answer(z, env, qinfo, edns, repinfo, buf, temp, ld, lzt); 1967 lock_rw_unlock(&z->lock); 1968 return r && !qinfo->local_alias; /* see above */ 1969 } 1970 1971 const char* local_zone_type2str(enum localzone_type t) 1972 { 1973 switch(t) { 1974 case local_zone_unset: return "unset"; 1975 case local_zone_deny: return "deny"; 1976 case local_zone_refuse: return "refuse"; 1977 case local_zone_redirect: return "redirect"; 1978 case local_zone_transparent: return "transparent"; 1979 case local_zone_typetransparent: return "typetransparent"; 1980 case local_zone_static: return "static"; 1981 case local_zone_nodefault: return "nodefault"; 1982 case local_zone_inform: return "inform"; 1983 case local_zone_inform_deny: return "inform_deny"; 1984 case local_zone_inform_redirect: return "inform_redirect"; 1985 case local_zone_always_transparent: return "always_transparent"; 1986 case local_zone_block_a: return "block_a"; 1987 case local_zone_always_refuse: return "always_refuse"; 1988 case local_zone_always_nxdomain: return "always_nxdomain"; 1989 case local_zone_always_nodata: return "always_nodata"; 1990 case local_zone_always_deny: return "always_deny"; 1991 case local_zone_always_null: return "always_null"; 1992 case local_zone_noview: return "noview"; 1993 case local_zone_truncate: return "truncate"; 1994 case local_zone_invalid: return "invalid"; 1995 } 1996 return "badtyped"; 1997 } 1998 1999 int local_zone_str2type(const char* type, enum localzone_type* t) 2000 { 2001 if(strcmp(type, "deny") == 0) 2002 *t = local_zone_deny; 2003 else if(strcmp(type, "refuse") == 0) 2004 *t = local_zone_refuse; 2005 else if(strcmp(type, "static") == 0) 2006 *t = local_zone_static; 2007 else if(strcmp(type, "transparent") == 0) 2008 *t = local_zone_transparent; 2009 else if(strcmp(type, "typetransparent") == 0) 2010 *t = local_zone_typetransparent; 2011 else if(strcmp(type, "redirect") == 0) 2012 *t = local_zone_redirect; 2013 else if(strcmp(type, "inform") == 0) 2014 *t = local_zone_inform; 2015 else if(strcmp(type, "inform_deny") == 0) 2016 *t = local_zone_inform_deny; 2017 else if(strcmp(type, "inform_redirect") == 0) 2018 *t = local_zone_inform_redirect; 2019 else if(strcmp(type, "always_transparent") == 0) 2020 *t = local_zone_always_transparent; 2021 else if(strcmp(type, "block_a") == 0) 2022 *t = local_zone_block_a; 2023 else if(strcmp(type, "always_refuse") == 0) 2024 *t = local_zone_always_refuse; 2025 else if(strcmp(type, "always_nxdomain") == 0) 2026 *t = local_zone_always_nxdomain; 2027 else if(strcmp(type, "always_nodata") == 0) 2028 *t = local_zone_always_nodata; 2029 else if(strcmp(type, "always_deny") == 0) 2030 *t = local_zone_always_deny; 2031 else if(strcmp(type, "always_null") == 0) 2032 *t = local_zone_always_null; 2033 else if(strcmp(type, "noview") == 0) 2034 *t = local_zone_noview; 2035 else if(strcmp(type, "truncate") == 0) 2036 *t = local_zone_truncate; 2037 else if(strcmp(type, "nodefault") == 0) 2038 *t = local_zone_nodefault; 2039 else return 0; 2040 return 1; 2041 } 2042 2043 /** iterate over the kiddies of the given name and set their parent ptr */ 2044 static void 2045 set_kiddo_parents(struct local_zone* z, struct local_zone* match, 2046 struct local_zone* newp) 2047 { 2048 /* both zones and z are locked already */ 2049 /* in the sorted rbtree, the kiddies of z are located after z */ 2050 /* z must be present in the tree */ 2051 struct local_zone* p = z; 2052 p = (struct local_zone*)rbtree_next(&p->node); 2053 while(p!=(struct local_zone*)RBTREE_NULL && 2054 p->dclass == z->dclass && dname_strict_subdomain(p->name, 2055 p->namelabs, z->name, z->namelabs)) { 2056 /* update parent ptr */ 2057 /* only when matches with existing parent pointer, so that 2058 * deeper child structures are not touched, i.e. 2059 * update of x, and a.x, b.x, f.b.x, g.b.x, c.x, y 2060 * gets to update a.x, b.x and c.x */ 2061 lock_rw_wrlock(&p->lock); 2062 if(p->parent == match) 2063 p->parent = newp; 2064 lock_rw_unlock(&p->lock); 2065 p = (struct local_zone*)rbtree_next(&p->node); 2066 } 2067 } 2068 2069 struct local_zone* local_zones_add_zone(struct local_zones* zones, 2070 uint8_t* name, size_t len, int labs, uint16_t dclass, 2071 enum localzone_type tp) 2072 { 2073 int exact; 2074 /* create */ 2075 struct local_zone *prev; 2076 struct local_zone* z = local_zone_create(name, len, labs, tp, dclass); 2077 if(!z) { 2078 free(name); 2079 return NULL; 2080 } 2081 lock_rw_wrlock(&z->lock); 2082 2083 /* find the closest parent */ 2084 prev = local_zones_find_le(zones, name, len, labs, dclass, &exact); 2085 if(!exact) 2086 z->parent = find_closest_parent(z, prev); 2087 2088 /* insert into the tree */ 2089 if(exact||!rbtree_insert(&zones->ztree, &z->node)) { 2090 /* duplicate entry! */ 2091 lock_rw_unlock(&z->lock); 2092 local_zone_delete(z); 2093 log_err("internal: duplicate entry in local_zones_add_zone"); 2094 return NULL; 2095 } 2096 2097 /* set parent pointers right */ 2098 set_kiddo_parents(z, z->parent, z); 2099 2100 lock_rw_unlock(&z->lock); 2101 return z; 2102 } 2103 2104 void local_zones_del_zone(struct local_zones* zones, struct local_zone* z) 2105 { 2106 /* fix up parents in tree */ 2107 lock_rw_wrlock(&z->lock); 2108 set_kiddo_parents(z, z, z->parent); 2109 2110 /* remove from tree */ 2111 (void)rbtree_delete(&zones->ztree, z); 2112 2113 /* delete the zone */ 2114 lock_rw_unlock(&z->lock); 2115 local_zone_delete(z); 2116 } 2117 2118 int 2119 local_zones_add_RR(struct local_zones* zones, const char* rr) 2120 { 2121 uint8_t* rr_name; 2122 uint16_t rr_class, rr_type; 2123 size_t len; 2124 int labs; 2125 struct local_zone* z; 2126 int r; 2127 if(!get_rr_nameclass(rr, &rr_name, &rr_class, &rr_type)) { 2128 return 0; 2129 } 2130 labs = dname_count_size_labels(rr_name, &len); 2131 /* could first try readlock then get writelock if zone does not exist, 2132 * but we do not add enough RRs (from multiple threads) to optimize */ 2133 lock_rw_wrlock(&zones->lock); 2134 z = local_zones_lookup(zones, rr_name, len, labs, rr_class, rr_type, 2135 1); 2136 if(!z) { 2137 z = local_zones_add_zone(zones, rr_name, len, labs, rr_class, 2138 local_zone_transparent); 2139 if(!z) { 2140 lock_rw_unlock(&zones->lock); 2141 return 0; 2142 } 2143 } else { 2144 free(rr_name); 2145 } 2146 lock_rw_wrlock(&z->lock); 2147 lock_rw_unlock(&zones->lock); 2148 r = lz_enter_rr_into_zone(z, rr); 2149 lock_rw_unlock(&z->lock); 2150 return r; 2151 } 2152 2153 /** returns true if the node is terminal so no deeper domain names exist */ 2154 static int 2155 is_terminal(struct local_data* d) 2156 { 2157 /* for empty nonterminals, the deeper domain names are sorted 2158 * right after them, so simply check the next name in the tree 2159 */ 2160 struct local_data* n = (struct local_data*)rbtree_next(&d->node); 2161 if(n == (struct local_data*)RBTREE_NULL) 2162 return 1; /* last in tree, no deeper node */ 2163 if(dname_strict_subdomain(n->name, n->namelabs, d->name, d->namelabs)) 2164 return 0; /* there is a deeper node */ 2165 return 1; 2166 } 2167 2168 /** delete empty terminals from tree when final data is deleted */ 2169 static void 2170 del_empty_term(struct local_zone* z, struct local_data* d, 2171 uint8_t* name, size_t len, int labs) 2172 { 2173 while(d && d->rrsets == NULL && is_terminal(d)) { 2174 /* is this empty nonterminal? delete */ 2175 /* note, no memory recycling in zone region */ 2176 (void)rbtree_delete(&z->data, d); 2177 2178 /* go up and to the next label */ 2179 if(dname_is_root(name)) 2180 return; 2181 dname_remove_label(&name, &len); 2182 labs--; 2183 d = local_zone_find_data(z, name, len, labs); 2184 } 2185 } 2186 2187 /** find and remove type from list in domain struct */ 2188 static void 2189 del_local_rrset(struct local_data* d, uint16_t dtype) 2190 { 2191 struct local_rrset* prev=NULL, *p=d->rrsets; 2192 while(p && ntohs(p->rrset->rk.type) != dtype) { 2193 prev = p; 2194 p = p->next; 2195 } 2196 if(!p) 2197 return; /* rrset type not found */ 2198 /* unlink it */ 2199 if(prev) prev->next = p->next; 2200 else d->rrsets = p->next; 2201 /* no memory recycling for zone deletions ... */ 2202 } 2203 2204 void local_zones_del_data(struct local_zones* zones, 2205 uint8_t* name, size_t len, int labs, uint16_t dclass) 2206 { 2207 /* find zone */ 2208 struct local_zone* z; 2209 struct local_data* d; 2210 2211 /* remove DS */ 2212 lock_rw_rdlock(&zones->lock); 2213 z = local_zones_lookup(zones, name, len, labs, dclass, LDNS_RR_TYPE_DS, 2214 1); 2215 if(z) { 2216 lock_rw_wrlock(&z->lock); 2217 d = local_zone_find_data(z, name, len, labs); 2218 if(d) { 2219 del_local_rrset(d, LDNS_RR_TYPE_DS); 2220 del_empty_term(z, d, name, len, labs); 2221 } 2222 lock_rw_unlock(&z->lock); 2223 } 2224 lock_rw_unlock(&zones->lock); 2225 2226 /* remove other types */ 2227 lock_rw_rdlock(&zones->lock); 2228 z = local_zones_lookup(zones, name, len, labs, dclass, 0, 1); 2229 if(!z) { 2230 /* no such zone, we're done */ 2231 lock_rw_unlock(&zones->lock); 2232 return; 2233 } 2234 lock_rw_wrlock(&z->lock); 2235 lock_rw_unlock(&zones->lock); 2236 2237 /* find the domain */ 2238 d = local_zone_find_data(z, name, len, labs); 2239 if(d) { 2240 /* no memory recycling for zone deletions ... */ 2241 d->rrsets = NULL; 2242 /* did we delete the soa record ? */ 2243 if(query_dname_compare(d->name, z->name) == 0) { 2244 z->soa = NULL; 2245 z->soa_negative = NULL; 2246 } 2247 2248 /* cleanup the empty nonterminals for this name */ 2249 del_empty_term(z, d, name, len, labs); 2250 } 2251 2252 lock_rw_unlock(&z->lock); 2253 } 2254 2255 /** Get memory usage for local_zone */ 2256 static size_t 2257 local_zone_get_mem(struct local_zone* z) 2258 { 2259 size_t m = sizeof(*z); 2260 lock_rw_rdlock(&z->lock); 2261 m += z->namelen + z->taglen + regional_get_mem(z->region); 2262 lock_rw_unlock(&z->lock); 2263 return m; 2264 } 2265 2266 size_t local_zones_get_mem(struct local_zones* zones) 2267 { 2268 struct local_zone* z; 2269 size_t m; 2270 if(!zones) return 0; 2271 m = sizeof(*zones); 2272 lock_rw_rdlock(&zones->lock); 2273 RBTREE_FOR(z, struct local_zone*, &zones->ztree) { 2274 m += local_zone_get_mem(z); 2275 } 2276 lock_rw_unlock(&zones->lock); 2277 return m; 2278 } 2279 2280 void local_zones_swap_tree(struct local_zones* zones, struct local_zones* data) 2281 { 2282 rbtree_type oldtree = zones->ztree; 2283 zones->ztree = data->ztree; 2284 data->ztree = oldtree; 2285 } 2286
Indexes created Thu Jun 11 00:25:07 UTC 2026