File: [local] / src / usr.sbin / nsd / zonec.c (download)
Revision 1.31, Thu Jun 29 19:38:50 2023 UTC (11 months ago) by florian
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE, OPENBSD_7_5, OPENBSD_7_4_BASE, OPENBSD_7_4, HEAD
Changes since 1.30: +0 -8 lines
Update to nsd 4.7.0
OK tb
|
/*
* zonec.c -- zone compiler.
*
* Copyright (c) 2001-2006, NLnet Labs. All rights reserved.
*
* See LICENSE for the license.
*
*/
#include "config.h"
#include <assert.h>
#include <fcntl.h>
#include <ctype.h>
#include <errno.h>
#include <limits.h>
#include <stdio.h>
#include <string.h>
#ifdef HAVE_STRINGS_H
#include <strings.h>
#endif
#include <unistd.h>
#include <stdlib.h>
#include <time.h>
#ifdef HAVE_SYS_STAT_H
#include <sys/stat.h>
#endif
#include <netinet/in.h>
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
#include "zonec.h"
#include "dname.h"
#include "dns.h"
#include "namedb.h"
#include "rdata.h"
#include "region-allocator.h"
#include "util.h"
#include "zparser.h"
#include "options.h"
#include "nsec3.h"
#define ILNP_MAXDIGITS 4
#define ILNP_NUMGROUPS 4
#define SVCB_MAX_COMMA_SEPARATED_VALUES 1000
const dname_type *error_dname;
domain_type *error_domain;
static time_t startzonec = 0;
static long int totalrrs = 0;
extern uint8_t nsecbits[NSEC_WINDOW_COUNT][NSEC_WINDOW_BITS_SIZE];
extern uint16_t nsec_highest_rcode;
/*
* Allocate SIZE+sizeof(uint16_t) bytes and store SIZE in the first
* element. Return a pointer to the allocation.
*/
static uint16_t *
alloc_rdata(region_type *region, size_t size)
{
uint16_t *result = region_alloc(region, sizeof(uint16_t) + size);
*result = size;
return result;
}
uint16_t *
alloc_rdata_init(region_type *region, const void *data, size_t size)
{
uint16_t *result = region_alloc(region, sizeof(uint16_t) + size);
*result = size;
memcpy(result + 1, data, size);
return result;
}
/*
* These are parser function for generic zone file stuff.
*/
uint16_t *
zparser_conv_hex(region_type *region, const char *hex, size_t len)
{
/* convert a hex value to wireformat */
uint16_t *r = NULL;
uint8_t *t;
int i;
if(len == 1 && hex[0] == '0') {
/* single 0 represents empty buffer */
return alloc_rdata(region, 0);
}
if (len % 2 != 0) {
zc_error_prev_line("number of hex digits must be a multiple of 2");
} else if (len > MAX_RDLENGTH * 2) {
zc_error_prev_line("hex data exceeds maximum rdata length (%d)",
MAX_RDLENGTH);
} else {
/* the length part */
r = alloc_rdata(region, len/2);
t = (uint8_t *)(r + 1);
/* Now process octet by octet... */
while (*hex) {
*t = 0;
for (i = 16; i >= 1; i -= 15) {
if (isxdigit((unsigned char)*hex)) {
*t += hexdigit_to_int(*hex) * i;
} else {
zc_error_prev_line(
"illegal hex character '%c'",
(int) *hex);
return NULL;
}
++hex;
}
++t;
}
}
return r;
}
/* convert hex, precede by a 1-byte length */
uint16_t *
zparser_conv_hex_length(region_type *region, const char *hex, size_t len)
{
uint16_t *r = NULL;
uint8_t *t;
int i;
if (len % 2 != 0) {
zc_error_prev_line("number of hex digits must be a multiple of 2");
} else if (len > 255 * 2) {
zc_error_prev_line("hex data exceeds 255 bytes");
} else {
uint8_t *l;
/* the length part */
r = alloc_rdata(region, len/2+1);
t = (uint8_t *)(r + 1);
l = t++;
*l = '\0';
/* Now process octet by octet... */
while (*hex) {
*t = 0;
for (i = 16; i >= 1; i -= 15) {
if (isxdigit((unsigned char)*hex)) {
*t += hexdigit_to_int(*hex) * i;
} else {
zc_error_prev_line(
"illegal hex character '%c'",
(int) *hex);
return NULL;
}
++hex;
}
++t;
++*l;
}
}
return r;
}
uint16_t *
zparser_conv_time(region_type *region, const char *time)
{
/* convert a time YYHM to wireformat */
uint16_t *r = NULL;
struct tm tm;
/* Try to scan the time... */
if (!strptime(time, "%Y%m%d%H%M%S", &tm)) {
zc_error_prev_line("date and time is expected");
} else {
uint32_t l = htonl(mktime_from_utc(&tm));
r = alloc_rdata_init(region, &l, sizeof(l));
}
return r;
}
uint16_t *
zparser_conv_services(region_type *region, const char *protostr,
char *servicestr)
{
/*
* Convert a protocol and a list of service port numbers
* (separated by spaces) in the rdata to wireformat
*/
uint16_t *r = NULL;
uint8_t *p;
uint8_t bitmap[65536/8];
char sep[] = " ";
char *word;
int max_port = -8;
/* convert a protocol in the rdata to wireformat */
struct protoent *proto;
memset(bitmap, 0, sizeof(bitmap));
proto = getprotobyname(protostr);
if (!proto) {
proto = getprotobynumber(atoi(protostr));
}
if (!proto) {
zc_error_prev_line("unknown protocol '%s'", protostr);
return NULL;
}
for (word = strtok(servicestr, sep); word; word = strtok(NULL, sep)) {
struct servent *service;
int port;
service = getservbyname(word, proto->p_name);
if (service) {
/* Note: ntohs not ntohl! Strange but true. */
port = ntohs((uint16_t) service->s_port);
} else {
char *end;
port = strtol(word, &end, 10);
if (*end != '\0') {
zc_error_prev_line("unknown service '%s' for protocol '%s'",
word, protostr);
continue;
}
}
if (port < 0 || port > 65535) {
zc_error_prev_line("bad port number %d", port);
} else {
set_bit(bitmap, port);
if (port > max_port)
max_port = port;
}
}
r = alloc_rdata(region, sizeof(uint8_t) + max_port / 8 + 1);
p = (uint8_t *) (r + 1);
*p = proto->p_proto;
memcpy(p + 1, bitmap, *r-1);
return r;
}
uint16_t *
zparser_conv_serial(region_type *region, const char *serialstr)
{
uint16_t *r = NULL;
uint32_t serial;
const char *t;
serial = strtoserial(serialstr, &t);
if (*t != '\0') {
zc_error_prev_line("serial is expected or serial too big");
} else {
serial = htonl(serial);
r = alloc_rdata_init(region, &serial, sizeof(serial));
}
return r;
}
uint16_t *
zparser_conv_period(region_type *region, const char *periodstr)
{
/* convert a time period (think TTL's) to wireformat) */
uint16_t *r = NULL;
uint32_t period;
const char *end;
/* Allocate required space... */
period = strtottl(periodstr, &end);
if (*end != '\0') {
zc_error_prev_line("time period is expected");
} else {
period = htonl(period);
r = alloc_rdata_init(region, &period, sizeof(period));
}
return r;
}
uint16_t *
zparser_conv_short(region_type *region, const char *text)
{
uint16_t *r = NULL;
uint16_t value;
char *end;
value = htons((uint16_t) strtol(text, &end, 10));
if (*end != '\0') {
zc_error_prev_line("integer value is expected");
} else {
r = alloc_rdata_init(region, &value, sizeof(value));
}
return r;
}
uint16_t *
zparser_conv_byte(region_type *region, const char *text)
{
uint16_t *r = NULL;
uint8_t value;
char *end;
value = (uint8_t) strtol(text, &end, 10);
if (*end != '\0') {
zc_error_prev_line("integer value is expected");
} else {
r = alloc_rdata_init(region, &value, sizeof(value));
}
return r;
}
uint16_t *
zparser_conv_algorithm(region_type *region, const char *text)
{
const lookup_table_type *alg;
uint8_t id;
alg = lookup_by_name(dns_algorithms, text);
if (alg) {
id = (uint8_t) alg->id;
} else {
char *end;
id = (uint8_t) strtol(text, &end, 10);
if (*end != '\0') {
zc_error_prev_line("algorithm is expected");
return NULL;
}
}
return alloc_rdata_init(region, &id, sizeof(id));
}
uint16_t *
zparser_conv_certificate_type(region_type *region, const char *text)
{
/* convert an algorithm string to integer */
const lookup_table_type *type;
uint16_t id;
type = lookup_by_name(dns_certificate_types, text);
if (type) {
id = htons((uint16_t) type->id);
} else {
char *end;
id = htons((uint16_t) strtol(text, &end, 10));
if (*end != '\0') {
zc_error_prev_line("certificate type is expected");
return NULL;
}
}
return alloc_rdata_init(region, &id, sizeof(id));
}
uint16_t *
zparser_conv_a(region_type *region, const char *text)
{
in_addr_t address;
uint16_t *r = NULL;
if (inet_pton(AF_INET, text, &address) != 1) {
zc_error_prev_line("invalid IPv4 address '%s'", text);
} else {
r = alloc_rdata_init(region, &address, sizeof(address));
}
return r;
}
uint16_t *
zparser_conv_aaaa(region_type *region, const char *text)
{
uint8_t address[IP6ADDRLEN];
uint16_t *r = NULL;
if (inet_pton(AF_INET6, text, address) != 1) {
zc_error_prev_line("invalid IPv6 address '%s'", text);
} else {
r = alloc_rdata_init(region, address, sizeof(address));
}
return r;
}
uint16_t *
zparser_conv_ilnp64(region_type *region, const char *text)
{
uint16_t *r = NULL;
int ngroups, num;
unsigned long hex;
const char *ch;
char digits[ILNP_MAXDIGITS+1];
unsigned int ui[ILNP_NUMGROUPS];
uint16_t a[ILNP_NUMGROUPS];
ngroups = 1; /* Always at least one group */
num = 0;
for (ch = text; *ch != '\0'; ch++) {
if (*ch == ':') {
if (num <= 0) {
zc_error_prev_line("ilnp64: empty group of "
"digits is not allowed");
return NULL;
}
digits[num] = '\0';
hex = (unsigned long) strtol(digits, NULL, 16);
num = 0;
ui[ngroups - 1] = hex;
if (ngroups >= ILNP_NUMGROUPS) {
zc_error_prev_line("ilnp64: more than %d groups "
"of digits", ILNP_NUMGROUPS);
return NULL;
}
ngroups++;
} else {
/* Our grammar is stricter than the one accepted by
* strtol. */
if (!isxdigit((unsigned char)*ch)) {
zc_error_prev_line("ilnp64: invalid "
"(non-hexadecimal) character %c", *ch);
return NULL;
}
if (num >= ILNP_MAXDIGITS) {
zc_error_prev_line("ilnp64: more than %d digits "
"in a group", ILNP_MAXDIGITS);
return NULL;
}
digits[num++] = *ch;
}
}
if (num <= 0) {
zc_error_prev_line("ilnp64: empty group of digits is not "
"allowed");
return NULL;
}
digits[num] = '\0';
hex = (unsigned long) strtol(digits, NULL, 16);
ui[ngroups - 1] = hex;
if (ngroups < 4) {
zc_error_prev_line("ilnp64: less than %d groups of digits",
ILNP_NUMGROUPS);
return NULL;
}
a[0] = htons(ui[0]);
a[1] = htons(ui[1]);
a[2] = htons(ui[2]);
a[3] = htons(ui[3]);
r = alloc_rdata_init(region, a, sizeof(a));
return r;
}
static uint16_t *
zparser_conv_eui48(region_type *region, const char *text)
{
uint8_t nums[6];
uint16_t *r = NULL;
unsigned int a, b, c, d, e, f;
int l;
if (sscanf(text, "%2x-%2x-%2x-%2x-%2x-%2x%n",
&a, &b, &c, &d, &e, &f, &l) != 6 ||
l != (int)strlen(text)){
zc_error_prev_line("eui48: invalid rr");
return NULL;
}
nums[0] = (uint8_t)a;
nums[1] = (uint8_t)b;
nums[2] = (uint8_t)c;
nums[3] = (uint8_t)d;
nums[4] = (uint8_t)e;
nums[5] = (uint8_t)f;
r = alloc_rdata_init(region, nums, sizeof(nums));
return r;
}
static uint16_t *
zparser_conv_eui64(region_type *region, const char *text)
{
uint8_t nums[8];
uint16_t *r = NULL;
unsigned int a, b, c, d, e, f, g, h;
int l;
if (sscanf(text, "%2x-%2x-%2x-%2x-%2x-%2x-%2x-%2x%n",
&a, &b, &c, &d, &e, &f, &g, &h, &l) != 8 ||
l != (int)strlen(text)) {
zc_error_prev_line("eui64: invalid rr");
return NULL;
}
nums[0] = (uint8_t)a;
nums[1] = (uint8_t)b;
nums[2] = (uint8_t)c;
nums[3] = (uint8_t)d;
nums[4] = (uint8_t)e;
nums[5] = (uint8_t)f;
nums[6] = (uint8_t)g;
nums[7] = (uint8_t)h;
r = alloc_rdata_init(region, nums, sizeof(nums));
return r;
}
uint16_t *
zparser_conv_eui(region_type *region, const char *text, size_t len)
{
uint16_t *r = NULL;
int nnum, num;
const char* ch;
nnum = len/8;
num = 1;
for (ch = text; *ch != '\0'; ch++) {
if (*ch == '-') {
num++;
} else if (!isxdigit((unsigned char)*ch)) {
zc_error_prev_line("eui%u: invalid (non-hexadecimal) "
"character %c", (unsigned) len, *ch);
return NULL;
}
}
if (num != nnum) {
zc_error_prev_line("eui%u: wrong number of hex numbers",
(unsigned) len);
return NULL;
}
switch (len) {
case 48:
r = zparser_conv_eui48(region, text);
break;
case 64:
r = zparser_conv_eui64(region, text);
break;
default:
zc_error_prev_line("eui%u: invalid length",
(unsigned) len);
return NULL;
break;
}
return r;
}
uint16_t *
zparser_conv_text(region_type *region, const char *text, size_t len)
{
uint16_t *r = NULL;
uint8_t *p;
if (len > 255) {
zc_error_prev_line("text string is longer than 255 characters,"
" try splitting it into multiple parts");
len = 255;
}
r = alloc_rdata(region, len + 1);
p = (uint8_t *) (r + 1);
*p = len;
memcpy(p + 1, text, len);
return r;
}
/* for CAA Value [RFC 6844] */
uint16_t *
zparser_conv_long_text(region_type *region, const char *text, size_t len)
{
uint16_t *r = NULL;
if (len > MAX_RDLENGTH) {
zc_error_prev_line("text string is longer than max rdlen");
return NULL;
}
r = alloc_rdata_init(region, text, len);
return r;
}
/* for CAA Tag [RFC 6844] */
uint16_t *
zparser_conv_tag(region_type *region, const char *text, size_t len)
{
uint16_t *r = NULL;
uint8_t *p;
const char* ptr;
if (len < 1) {
zc_error_prev_line("invalid tag: zero length");
return NULL;
}
if (len > 15) {
zc_error_prev_line("invalid tag %s: longer than 15 characters (%u)",
text, (unsigned) len);
return NULL;
}
for (ptr = text; *ptr; ptr++) {
if (!isdigit((unsigned char)*ptr) && !islower((unsigned char)*ptr)) {
zc_error_prev_line("invalid tag %s: contains invalid char %c",
text, *ptr);
return NULL;
}
}
r = alloc_rdata(region, len + 1);
p = (uint8_t *) (r + 1);
*p = len;
memmove(p + 1, text, len);
return r;
}
uint16_t *
zparser_conv_dns_name(region_type *region, const uint8_t* name, size_t len)
{
uint16_t* r = NULL;
uint8_t* p = NULL;
r = alloc_rdata(region, len);
p = (uint8_t *) (r + 1);
memcpy(p, name, len);
return r;
}
uint16_t *
zparser_conv_b32(region_type *region, const char *b32)
{
uint8_t buffer[B64BUFSIZE];
uint16_t *r = NULL;
int i;
if(strcmp(b32, "-") == 0) {
return alloc_rdata_init(region, "", 1);
}
i = b32_pton(b32, buffer+1, B64BUFSIZE-1);
if (i == -1 || i > 255) {
zc_error_prev_line("invalid base32 data");
} else {
buffer[0] = i; /* store length byte */
r = alloc_rdata_init(region, buffer, i+1);
}
return r;
}
uint16_t *
zparser_conv_b64(region_type *region, const char *b64)
{
uint8_t buffer[B64BUFSIZE];
uint16_t *r = NULL;
int i;
if(strcmp(b64, "0") == 0) {
/* single 0 represents empty buffer */
return alloc_rdata(region, 0);
}
i = __b64_pton(b64, buffer, B64BUFSIZE);
if (i == -1) {
zc_error_prev_line("invalid base64 data");
} else {
r = alloc_rdata_init(region, buffer, i);
}
return r;
}
uint16_t *
zparser_conv_rrtype(region_type *region, const char *text)
{
uint16_t *r = NULL;
uint16_t type = rrtype_from_string(text);
if (type == 0) {
zc_error_prev_line("unrecognized RR type '%s'", text);
} else {
type = htons(type);
r = alloc_rdata_init(region, &type, sizeof(type));
}
return r;
}
uint16_t *
zparser_conv_nxt(region_type *region, uint8_t nxtbits[])
{
/* nxtbits[] consists of 16 bytes with some zero's in it
* copy every byte with zero to r and write the length in
* the first byte
*/
uint16_t i;
uint16_t last = 0;
for (i = 0; i < 16; i++) {
if (nxtbits[i] != 0)
last = i + 1;
}
return alloc_rdata_init(region, nxtbits, last);
}
/* we potentially have 256 windows, each one is numbered. empty ones
* should be discarded
*/
uint16_t *
zparser_conv_nsec(region_type *region,
uint8_t nsecbits[NSEC_WINDOW_COUNT][NSEC_WINDOW_BITS_SIZE])
{
/* nsecbits contains up to 64K of bits which represent the
* types available for a name. Walk the bits according to
* nsec++ draft from jakob
*/
uint16_t *r;
uint8_t *ptr;
size_t i,j;
uint16_t window_count = 0;
uint16_t total_size = 0;
uint16_t window_max = 0;
/* The used windows. */
int used[NSEC_WINDOW_COUNT];
/* The last byte used in each the window. */
int size[NSEC_WINDOW_COUNT];
window_max = 1 + (nsec_highest_rcode / 256);
/* used[i] is the i-th window included in the nsec
* size[used[0]] is the size of window 0
*/
/* walk through the 256 windows */
for (i = 0; i < window_max; ++i) {
int empty_window = 1;
/* check each of the 32 bytes */
for (j = 0; j < NSEC_WINDOW_BITS_SIZE; ++j) {
if (nsecbits[i][j] != 0) {
size[i] = j + 1;
empty_window = 0;
}
}
if (!empty_window) {
used[window_count] = i;
window_count++;
}
}
for (i = 0; i < window_count; ++i) {
total_size += sizeof(uint16_t) + size[used[i]];
}
r = alloc_rdata(region, total_size);
ptr = (uint8_t *) (r + 1);
/* now walk used and copy it */
for (i = 0; i < window_count; ++i) {
ptr[0] = used[i];
ptr[1] = size[used[i]];
memcpy(ptr + 2, &nsecbits[used[i]], size[used[i]]);
ptr += size[used[i]] + 2;
}
return r;
}
static uint16_t
svcbparam_lookup_key(const char *key, size_t key_len)
{
char buf[64];
char *endptr;
unsigned long int key_value;
if (key_len >= 4 && key_len <= 8 && !strncmp(key, "key", 3)) {
memcpy(buf, key + 3, key_len - 3);
buf[key_len - 3] = 0;
key_value = strtoul(buf, &endptr, 10);
if (endptr > buf /* digits seen */
&& *endptr == 0 /* no non-digit chars after digits */
&& key_value <= 65535) /* no overflow */
return key_value;
} else switch (key_len) {
case sizeof("mandatory")-1:
if (!strncmp(key, "mandatory", sizeof("mandatory")-1))
return SVCB_KEY_MANDATORY;
if (!strncmp(key, "echconfig", sizeof("echconfig")-1))
return SVCB_KEY_ECH; /* allow "echconfig" as well as "ech" */
break;
case sizeof("alpn")-1:
if (!strncmp(key, "alpn", sizeof("alpn")-1))
return SVCB_KEY_ALPN;
if (!strncmp(key, "port", sizeof("port")-1))
return SVCB_KEY_PORT;
break;
case sizeof("no-default-alpn")-1:
if (!strncmp( key , "no-default-alpn"
, sizeof("no-default-alpn")-1))
return SVCB_KEY_NO_DEFAULT_ALPN;
break;
case sizeof("ipv4hint")-1:
if (!strncmp(key, "ipv4hint", sizeof("ipv4hint")-1))
return SVCB_KEY_IPV4HINT;
if (!strncmp(key, "ipv6hint", sizeof("ipv6hint")-1))
return SVCB_KEY_IPV6HINT;
break;
case sizeof("dohpath")-1:
if (!strncmp(key, "dohpath", sizeof("dohpath")-1))
return SVCB_KEY_DOHPATH;
break;
case sizeof("ech")-1:
if (!strncmp(key, "ech", sizeof("ech")-1))
return SVCB_KEY_ECH;
break;
default:
break;
}
if (key_len > sizeof(buf) - 1)
zc_error_prev_line("Unknown SvcParamKey");
else {
memcpy(buf, key, key_len);
buf[key_len] = 0;
zc_error_prev_line("Unknown SvcParamKey: %s", buf);
}
/* Although the returned value might be used by the caller,
* the parser has erred, so the zone will not be loaded.
*/
return -1;
}
static uint16_t *
zparser_conv_svcbparam_port_value(region_type *region, const char *val)
{
unsigned long int port;
char *endptr;
uint16_t *r;
port = strtoul(val, &endptr, 10);
if (endptr > val /* digits seen */
&& *endptr == 0 /* no non-digit chars after digits */
&& port <= 65535) { /* no overflow */
r = alloc_rdata(region, 3 * sizeof(uint16_t));
r[1] = htons(SVCB_KEY_PORT);
r[2] = htons(sizeof(uint16_t));
r[3] = htons(port);
return r;
}
zc_error_prev_line("Could not parse port SvcParamValue: \"%s\"", val);
return NULL;
}
static uint16_t *
zparser_conv_svcbparam_ipv4hint_value(region_type *region, const char *val)
{
uint16_t *r;
int count;
char ip_str[INET_ADDRSTRLEN+1];
char *next_ip_str;
uint32_t *ip_wire_dst;
size_t i;
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
zc_error_prev_line("Too many IPV4 addresses in ipv4hint");
return NULL;
}
}
/* count == number of comma's in val + 1, so the actual number of IPv4
* addresses in val
*/
r = alloc_rdata(region, 2 * sizeof(uint16_t) + IP4ADDRLEN * count);
r[1] = htons(SVCB_KEY_IPV4HINT);
r[2] = htons(IP4ADDRLEN * count);
ip_wire_dst = (void *)&r[3];
while (count) {
if (!(next_ip_str = strchr(val, ','))) {
if (inet_pton(AF_INET, val, ip_wire_dst) != 1)
break;
assert(count == 1);
} else if (next_ip_str - val >= (int)sizeof(ip_str))
break;
else {
memcpy(ip_str, val, next_ip_str - val);
ip_str[next_ip_str - val] = 0;
if (inet_pton(AF_INET, ip_str, ip_wire_dst) != 1) {
val = ip_str; /* to use in error reporting below */
break;
}
val = next_ip_str + 1;
}
ip_wire_dst++;
count--;
}
if (count)
zc_error_prev_line("Could not parse ipv4hint SvcParamValue: %s", val);
return r;
}
static uint16_t *
zparser_conv_svcbparam_ipv6hint_value(region_type *region, const char *val)
{
uint16_t *r;
int i, count;
char ip6_str[INET6_ADDRSTRLEN+1];
char *next_ip6_str;
uint8_t *ipv6_wire_dst;
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
zc_error_prev_line("Too many IPV6 addresses in ipv6hint");
return NULL;
}
}
/* count == number of comma's in val + 1
* so actually the number of IPv6 addresses in val
*/
r = alloc_rdata(region, 2 * sizeof(uint16_t) + IP6ADDRLEN * count);
r[1] = htons(SVCB_KEY_IPV6HINT);
r[2] = htons(IP6ADDRLEN * count);
ipv6_wire_dst = (void *)&r[3];
while (count) {
if (!(next_ip6_str = strchr(val, ','))) {
if ((inet_pton(AF_INET6, val, ipv6_wire_dst) != 1))
break;
assert(count == 1);
} else if (next_ip6_str - val >= (int)sizeof(ip6_str))
break;
else {
memcpy(ip6_str, val, next_ip6_str - val);
ip6_str[next_ip6_str - val] = 0;
if (inet_pton(AF_INET6, ip6_str, ipv6_wire_dst) != 1) {
val = ip6_str; /* for error reporting below */
break;
}
val = next_ip6_str + 1; /* skip the comma */
}
ipv6_wire_dst += IP6ADDRLEN;
count--;
}
if (count)
zc_error_prev_line("Could not parse ipv6hint SvcParamValue: %s", val);
return r;
}
static int
network_uint16_cmp(const void *a, const void *b)
{
return ((int)read_uint16(a)) - ((int)read_uint16(b));
}
static uint16_t *
zparser_conv_svcbparam_mandatory_value(region_type *region,
const char *val, size_t val_len)
{
uint16_t *r;
size_t i, count;
char* next_key;
uint16_t* key_dst;
for (i = 0, count = 1; val[i]; i++) {
if (val[i] == ',')
count += 1;
if (count > SVCB_MAX_COMMA_SEPARATED_VALUES) {
zc_error_prev_line("Too many keys in mandatory");
return NULL;
}
}
r = alloc_rdata(region, (2 + count) * sizeof(uint16_t));
r[1] = htons(SVCB_KEY_MANDATORY);
r[2] = htons(sizeof(uint16_t) * count);
key_dst = (void *)&r[3];
for(;;) {
if (!(next_key = strchr(val, ','))) {
*key_dst = htons(svcbparam_lookup_key(val, val_len));
break;
} else {
*key_dst = htons(svcbparam_lookup_key(val, next_key - val));
}
val_len -= next_key - val + 1;
val = next_key + 1; /* skip the comma */
key_dst += 1;
}
/* In draft-ietf-dnsop-svcb-https-04 Section 7:
*
* In wire format, the keys are represented by their numeric
* values in network byte order, concatenated in ascending order.
*/
qsort((void *)&r[3], count, sizeof(uint16_t), network_uint16_cmp);
return r;
}
static uint16_t *
zparser_conv_svcbparam_ech_value(region_type *region, const char *b64)
{
uint8_t buffer[B64BUFSIZE];
uint16_t *r = NULL;
int wire_len;
if(strcmp(b64, "0") == 0) {
/* single 0 represents empty buffer */
return alloc_rdata(region, 0);
}
wire_len = __b64_pton(b64, buffer, B64BUFSIZE);
if (wire_len == -1) {
zc_error_prev_line("invalid base64 data in ech");
} else {
r = alloc_rdata(region, 2 * sizeof(uint16_t) + wire_len);
r[1] = htons(SVCB_KEY_ECH);
r[2] = htons(wire_len);
memcpy(&r[3], buffer, wire_len);
}
return r;
}
static const char* parse_alpn_next_unescaped_comma(const char *val)
{
while (*val) {
/* Only return when the comma is not escaped*/
if (*val == '\\'){
++val;
if (!*val)
break;
} else if (*val == ',')
return val;
val++;
}
return NULL;
}
static size_t
parse_alpn_copy_unescaped(uint8_t *dst, const char *src, size_t len)
{
uint8_t *orig_dst = dst;
while (len) {
if (*src == '\\') {
src++;
len--;
if (!len)
break;
}
*dst++ = *src++;
len--;
}
return (size_t)(dst - orig_dst);
}
static uint16_t *
zparser_conv_svcbparam_alpn_value(region_type *region,
const char *val, size_t val_len)
{
uint8_t unescaped_dst[65536];
uint8_t *dst = unescaped_dst;
const char *next_str;
size_t str_len;
size_t dst_len;
uint16_t *r = NULL;
if (val_len > sizeof(unescaped_dst)) {
zc_error_prev_line("invalid alpn");
return r;
}
while (val_len) {
size_t dst_len;
str_len = (next_str = parse_alpn_next_unescaped_comma(val))
? (size_t)(next_str - val) : val_len;
if (str_len > 255) {
zc_error_prev_line("alpn strings need to be"
" smaller than 255 chars");
return r;
}
dst_len = parse_alpn_copy_unescaped(dst + 1, val, str_len);
*dst++ = dst_len;
dst += dst_len;
if (!next_str)
break;
/* skip the comma for the next iteration */
val_len -= next_str - val + 1;
val = next_str + 1;
}
dst_len = dst - unescaped_dst;
r = alloc_rdata(region, 2 * sizeof(uint16_t) + dst_len);
r[1] = htons(SVCB_KEY_ALPN);
r[2] = htons(dst_len);
memcpy(&r[3], unescaped_dst, dst_len);
return r;
}
static uint16_t *
zparser_conv_svcbparam_key_value(region_type *region,
const char *key, size_t key_len, const char *val, size_t val_len)
{
uint16_t svcparamkey = svcbparam_lookup_key(key, key_len);
uint16_t *r;
switch (svcparamkey) {
case SVCB_KEY_PORT:
return zparser_conv_svcbparam_port_value(region, val);
case SVCB_KEY_IPV4HINT:
return zparser_conv_svcbparam_ipv4hint_value(region, val);
case SVCB_KEY_IPV6HINT:
return zparser_conv_svcbparam_ipv6hint_value(region, val);
case SVCB_KEY_MANDATORY:
return zparser_conv_svcbparam_mandatory_value(region, val, val_len);
case SVCB_KEY_NO_DEFAULT_ALPN:
if(zone_is_slave(parser->current_zone->opts))
zc_warning_prev_line("no-default-alpn should not have a value");
else
zc_error_prev_line("no-default-alpn should not have a value");
break;
case SVCB_KEY_ECH:
return zparser_conv_svcbparam_ech_value(region, val);
case SVCB_KEY_ALPN:
return zparser_conv_svcbparam_alpn_value(region, val, val_len);
case SVCB_KEY_DOHPATH:
/* fallthrough */
default:
break;
}
r = alloc_rdata(region, 2 * sizeof(uint16_t) + val_len);
r[1] = htons(svcparamkey);
r[2] = htons(val_len);
memcpy(r + 3, val, val_len);
return r;
}
uint16_t *
zparser_conv_svcbparam(region_type *region, const char *key, size_t key_len
, const char *val, size_t val_len)
{
const char *eq;
uint16_t *r;
uint16_t svcparamkey;
/* Form <key>="<value>" (or at least with quoted value) */
if (val && val_len) {
/* Does key end with '=' */
if (key_len && key[key_len - 1] == '=')
return zparser_conv_svcbparam_key_value(
region, key, key_len - 1, val, val_len);
zc_error_prev_line( "SvcParam syntax error in param: %s\"%s\""
, key, val);
}
assert(val == NULL);
if ((eq = memchr(key, '=', key_len))) {
size_t new_key_len = eq - key;
if (key_len - new_key_len - 1 > 0)
return zparser_conv_svcbparam_key_value(region,
key, new_key_len, eq+1, key_len - new_key_len - 1);
key_len = new_key_len;
}
/* Some SvcParamKeys require values */
svcparamkey = svcbparam_lookup_key(key, key_len);
switch (svcparamkey) {
case SVCB_KEY_MANDATORY:
case SVCB_KEY_ALPN:
case SVCB_KEY_PORT:
case SVCB_KEY_IPV4HINT:
case SVCB_KEY_IPV6HINT:
case SVCB_KEY_DOHPATH:
if(zone_is_slave(parser->current_zone->opts))
zc_warning_prev_line("value expected for SvcParam: %s", key);
else
zc_error_prev_line("value expected for SvcParam: %s", key);
break;
default:
break;
}
/* SvcParam is only a SvcParamKey */
r = alloc_rdata(region, 2 * sizeof(uint16_t));
r[1] = htons(svcparamkey);
r[2] = 0;
return r;
}
/* Parse an int terminated in the specified range. */
static int
parse_int(const char *str,
char **end,
int *result,
const char *name,
int min,
int max)
{
*result = (int) strtol(str, end, 10);
if (*result < min || *result > max) {
zc_error_prev_line("%s must be within the range [%d .. %d]",
name,
min,
max);
return 0;
} else {
return 1;
}
}
/* RFC1876 conversion routines */
static unsigned int poweroften[10] = {1, 10, 100, 1000, 10000, 100000,
1000000,10000000,100000000,1000000000};
/*
* Converts ascii size/precision X * 10**Y(cm) to 0xXY.
* Sets the given pointer to the last used character.
*
*/
static uint8_t
precsize_aton (char *cp, char **endptr)
{
unsigned int mval = 0, cmval = 0;
uint8_t retval = 0;
int exponent;
int mantissa;
while (isdigit((unsigned char)*cp))
mval = mval * 10 + hexdigit_to_int(*cp++);
if (*cp == '.') { /* centimeters */
cp++;
if (isdigit((unsigned char)*cp)) {
cmval = hexdigit_to_int(*cp++) * 10;
if (isdigit((unsigned char)*cp)) {
cmval += hexdigit_to_int(*cp++);
}
}
}
if(mval >= poweroften[7]) {
assert(poweroften[7] != 0);
/* integer overflow possible for *100 */
mantissa = mval / poweroften[7];
exponent = 9; /* max */
}
else {
cmval = (mval * 100) + cmval;
for (exponent = 0; exponent < 9; exponent++)
if (cmval < poweroften[exponent+1])
break;
assert(poweroften[exponent] != 0);
mantissa = cmval / poweroften[exponent];
}
if (mantissa > 9)
mantissa = 9;
retval = (mantissa << 4) | exponent;
if (*cp == 'm') cp++;
*endptr = cp;
return (retval);
}
/*
* Parses a specific part of rdata.
*
* Returns:
*
* number of elements parsed
* zero on error
*
*/
uint16_t *
zparser_conv_loc(region_type *region, char *str)
{
uint16_t *r;
uint32_t *p;
int i;
int deg, min, secs; /* Secs is stored times 1000. */
uint32_t lat = 0, lon = 0, alt = 0;
/* encoded defaults: version=0 sz=1m hp=10000m vp=10m */
uint8_t vszhpvp[4] = {0, 0x12, 0x16, 0x13};
char *start;
double d;
for(;;) {
deg = min = secs = 0;
/* Degrees */
if (*str == '\0') {
zc_error_prev_line("unexpected end of LOC data");
return NULL;
}
if (!parse_int(str, &str, °, "degrees", 0, 180))
return NULL;
if (!isspace((unsigned char)*str)) {
zc_error_prev_line("space expected after degrees");
return NULL;
}
++str;
/* Minutes? */
if (isdigit((unsigned char)*str)) {
if (!parse_int(str, &str, &min, "minutes", 0, 60))
return NULL;
if (!isspace((unsigned char)*str)) {
zc_error_prev_line("space expected after minutes");
return NULL;
}
++str;
}
/* Seconds? */
if (isdigit((unsigned char)*str)) {
start = str;
if (!parse_int(str, &str, &i, "seconds", 0, 60)) {
return NULL;
}
if (*str == '.' && !parse_int(str + 1, &str, &i, "seconds fraction", 0, 999)) {
return NULL;
}
if (!isspace((unsigned char)*str)) {
zc_error_prev_line("space expected after seconds");
return NULL;
}
/* No need for precision specifiers, it's a double */
if (sscanf(start, "%lf", &d) != 1) {
zc_error_prev_line("error parsing seconds");
}
if (d < 0.0 || d > 60.0) {
zc_error_prev_line("seconds not in range 0.0 .. 60.0");
}
secs = (int) (d * 1000.0 + 0.5);
++str;
}
switch(*str) {
case 'N':
case 'n':
lat = ((uint32_t)1<<31) + (deg * 3600000 + min * 60000 + secs);
break;
case 'E':
case 'e':
lon = ((uint32_t)1<<31) + (deg * 3600000 + min * 60000 + secs);
break;
case 'S':
case 's':
lat = ((uint32_t)1<<31) - (deg * 3600000 + min * 60000 + secs);
break;
case 'W':
case 'w':
lon = ((uint32_t)1<<31) - (deg * 3600000 + min * 60000 + secs);
break;
default:
zc_error_prev_line("invalid latitude/longtitude: '%c'", *str);
return NULL;
}
++str;
if (lat != 0 && lon != 0)
break;
if (!isspace((unsigned char)*str)) {
zc_error_prev_line("space expected after latitude/longitude");
return NULL;
}
++str;
}
/* Altitude */
if (*str == '\0') {
zc_error_prev_line("unexpected end of LOC data");
return NULL;
}
if (!isspace((unsigned char)*str)) {
zc_error_prev_line("space expected before altitude");
return NULL;
}
++str;
start = str;
/* Sign */
if (*str == '+' || *str == '-') {
++str;
}
/* Meters of altitude... */
if(strtol(str, &str, 10) == LONG_MAX) {
zc_error_prev_line("altitude too large, number overflow");
return NULL;
}
switch(*str) {
case ' ':
case '\0':
case 'm':
break;
case '.':
if (!parse_int(str + 1, &str, &i, "altitude fraction", 0, 99)) {
return NULL;
}
if (!isspace((unsigned char)*str) && *str != '\0' && *str != 'm') {
zc_error_prev_line("altitude fraction must be a number");
return NULL;
}
break;
default:
zc_error_prev_line("altitude must be expressed in meters");
return NULL;
}
if (!isspace((unsigned char)*str) && *str != '\0')
++str;
if (sscanf(start, "%lf", &d) != 1) {
zc_error_prev_line("error parsing altitude");
}
alt = (uint32_t) (10000000.0 + d * 100 + 0.5);
if (!isspace((unsigned char)*str) && *str != '\0') {
zc_error_prev_line("unexpected character after altitude");
return NULL;
}
/* Now parse size, horizontal precision and vertical precision if any */
for(i = 1; isspace((unsigned char)*str) && i <= 3; i++) {
vszhpvp[i] = precsize_aton(str + 1, &str);
if (!isspace((unsigned char)*str) && *str != '\0') {
zc_error_prev_line("invalid size or precision");
return NULL;
}
}
/* Allocate required space... */
r = alloc_rdata(region, 16);
p = (uint32_t *) (r + 1);
memmove(p, vszhpvp, 4);
write_uint32(p + 1, lat);
write_uint32(p + 2, lon);
write_uint32(p + 3, alt);
return r;
}
/*
* Convert an APL RR RDATA element.
*/
uint16_t *
zparser_conv_apl_rdata(region_type *region, char *str)
{
int negated = 0;
uint16_t address_family;
uint8_t prefix;
uint8_t maximum_prefix;
uint8_t length;
uint8_t address[IP6ADDRLEN];
char *colon = strchr(str, ':');
char *slash = strchr(str, '/');
int af;
int rc;
uint16_t rdlength;
uint16_t *r;
uint8_t *t;
char *end;
long p;
if (!colon) {
zc_error("address family separator is missing");
return NULL;
}
if (!slash) {
zc_error("prefix separator is missing");
return NULL;
}
*colon = '\0';
*slash = '\0';
if (*str == '!') {
negated = 1;
++str;
}
if (strcmp(str, "1") == 0) {
address_family = htons(1);
af = AF_INET;
length = sizeof(in_addr_t);
maximum_prefix = length * 8;
} else if (strcmp(str, "2") == 0) {
address_family = htons(2);
af = AF_INET6;
length = IP6ADDRLEN;
maximum_prefix = length * 8;
} else {
zc_error("invalid address family '%s'", str);
return NULL;
}
rc = inet_pton(af, colon + 1, address);
if (rc == 0) {
zc_error("invalid address '%s'", colon + 1);
return NULL;
} else if (rc == -1) {
zc_error("inet_pton failed: %s", strerror(errno));
return NULL;
}
/* Strip trailing zero octets. */
while (length > 0 && address[length - 1] == 0)
--length;
p = strtol(slash + 1, &end, 10);
if (p < 0 || p > maximum_prefix) {
zc_error("prefix not in the range 0 .. %d", maximum_prefix);
return NULL;
} else if (*end != '\0') {
zc_error("invalid prefix '%s'", slash + 1);
return NULL;
}
prefix = (uint8_t) p;
rdlength = (sizeof(address_family) + sizeof(prefix) + sizeof(length)
+ length);
r = alloc_rdata(region, rdlength);
t = (uint8_t *) (r + 1);
memcpy(t, &address_family, sizeof(address_family));
t += sizeof(address_family);
memcpy(t, &prefix, sizeof(prefix));
t += sizeof(prefix);
memcpy(t, &length, sizeof(length));
if (negated) {
*t |= APL_NEGATION_MASK;
}
t += sizeof(length);
memcpy(t, address, length);
return r;
}
/*
* Below some function that also convert but not to wireformat
* but to "normal" (int,long,char) types
*/
uint32_t
zparser_ttl2int(const char *ttlstr, int* error)
{
/* convert a ttl value to a integer
* return the ttl in a int
* -1 on error
*/
uint32_t ttl;
const char *t;
ttl = strtottl(ttlstr, &t);
if (*t != 0) {
zc_error_prev_line("invalid TTL value: %s",ttlstr);
*error = 1;
}
return ttl;
}
void
zadd_rdata_wireformat(uint16_t *data)
{
if (parser->current_rr.rdata_count >= MAXRDATALEN) {
zc_error_prev_line("too many rdata elements");
} else {
parser->current_rr.rdatas[parser->current_rr.rdata_count].data
= data;
++parser->current_rr.rdata_count;
}
}
/**
* Used for TXT RR's to grow with undefined number of strings.
*/
void
zadd_rdata_txt_wireformat(uint16_t *data, int first)
{
rdata_atom_type *rd;
if (parser->current_rr.rdata_count >= MAXRDATALEN) {
zc_error_prev_line("too many rdata txt elements");
return;
}
/* First STR in str_seq, allocate 65K in first unused rdata
* else find last used rdata */
if (first) {
rd = &parser->current_rr.rdatas[parser->current_rr.rdata_count];
if ((rd->data = (uint16_t *) region_alloc(parser->rr_region,
sizeof(uint16_t) + 65535 * sizeof(uint8_t))) == NULL) {
zc_error_prev_line("Could not allocate memory for TXT RR");
return;
}
parser->current_rr.rdata_count++;
rd->data[0] = 0;
}
else
rd = &parser->current_rr.rdatas[parser->current_rr.rdata_count-1];
if ((size_t)rd->data[0] + (size_t)data[0] > 65535) {
zc_error_prev_line("too large rdata element");
return;
}
memcpy((uint8_t *)rd->data + 2 + rd->data[0], data + 1, data[0]);
rd->data[0] += data[0];
}
/**
* Clean up after last call of zadd_rdata_txt_wireformat
*/
void
zadd_rdata_txt_clean_wireformat()
{
uint16_t *tmp_data;
rdata_atom_type *rd = &parser->current_rr.rdatas[parser->current_rr.rdata_count-1];
if(!rd || !rd->data)
return; /* previous syntax failure */
if ((tmp_data = (uint16_t *) region_alloc(parser->region,
((size_t)rd->data[0]) + ((size_t)2))) != NULL) {
memcpy(tmp_data, rd->data, rd->data[0] + 2);
/* rd->data of u16+65535 freed when rr_region is freed */
rd->data = tmp_data;
}
else {
/* We could not get memory in non-volatile region */
zc_error_prev_line("could not allocate memory for rdata");
return;
}
}
static int
svcparam_key_cmp(const void *a, const void *b)
{
return ((int)read_uint16(rdata_atom_data(*(rdata_atom_type *)a)))
- ((int)read_uint16(rdata_atom_data(*(rdata_atom_type *)b)));
}
void
zadd_rdata_svcb_check_wireformat()
{
size_t i;
uint8_t paramkeys[65536];
int prev_key = - 1;
int key = 0;
size_t size;
uint16_t *mandatory_values;
if (parser->current_rr.rdata_count <= 2) {
if (!parser->error_occurred)
zc_error_prev_line("invalid SVCB or HTTPS rdata");
return;
} else for (i = 2; i < parser->current_rr.rdata_count; i++) {
if (parser->current_rr.rdatas[i].data == NULL
|| rdata_atom_data(parser->current_rr.rdatas[i]) == NULL
|| rdata_atom_size(parser->current_rr.rdatas[i]) < 4) {
if (!parser->error_occurred)
zc_error_prev_line("invalid SVCB or HTTPS rdata");
return;
}
}
/* After this point, all rdatas do have data larger than 4 bytes.
* So we may assume a uint16_t SVCB key followed by uint16_t length
* in each rdata in the remainder of this function.
*/
memset(paramkeys, 0, sizeof(paramkeys));
/*
* In draft-ietf-dnsop-svcb-https-04 Section 7:
* In wire format, the keys are represented by their numeric values in
* network byte order, concatenated in ascending order.
*
* svcparam_key_cmp assumes the rdatas to have a SVCB key, which is
* safe because we checked.
*
*/
qsort( (void *)&parser->current_rr.rdatas[2]
, parser->current_rr.rdata_count - 2
, sizeof(rdata_atom_type)
, svcparam_key_cmp
);
for (i = 2; i < parser->current_rr.rdata_count; i++) {
assert(parser->current_rr.rdatas[i].data);
assert(rdata_atom_data(parser->current_rr.rdatas[i]));
assert(rdata_atom_size(parser->current_rr.rdatas[i]) >= sizeof(uint16_t));
key = read_uint16(rdata_atom_data(parser->current_rr.rdatas[i]));
/* In draft-ietf-dnsop-svcb-https-04 Section 7:
*
* Keys (...) MUST NOT appear more than once.
*
* If they key has already been seen, we have a duplicate
*/
if (!paramkeys[key])
/* keep track of keys that are present */
paramkeys[key] = 1;
else if (key < SVCPARAMKEY_COUNT) {
if(zone_is_slave(parser->current_zone->opts))
zc_warning_prev_line(
"Duplicate key found: %s",
svcparamkey_strs[key]);
else {
zc_error_prev_line(
"Duplicate key found: %s",
svcparamkey_strs[key]);
}
} else if(zone_is_slave(parser->current_zone->opts))
zc_warning_prev_line(
"Duplicate key found: key%d", key);
else
zc_error_prev_line(
"Duplicate key found: key%d", key);
}
/* Checks when a mandatory key is present */
if (!paramkeys[SVCB_KEY_MANDATORY])
return;
size = rdata_atom_size(parser->current_rr.rdatas[2]);
assert(size >= 4);
mandatory_values = (void*)rdata_atom_data(parser->current_rr.rdatas[2]);
mandatory_values += 2; /* skip the key type and length */
if (size % 2)
zc_error_prev_line("mandatory rdata must be a multiple of shorts");
else for (i = 0; i < (size - 4)/2; i++) {
key = ntohs(mandatory_values[i]);
if (paramkeys[key])
; /* pass */
else if (key < SVCPARAMKEY_COUNT) {
if(zone_is_slave(parser->current_zone->opts))
zc_warning_prev_line("mandatory SvcParamKey: %s is missing "
"the record", svcparamkey_strs[key]);
else
zc_error_prev_line("mandatory SvcParamKey: %s is missing "
"the record", svcparamkey_strs[key]);
} else {
if(zone_is_slave(parser->current_zone->opts))
zc_warning_prev_line("mandatory SvcParamKey: key%d is missing "
"the record", key);
else
zc_error_prev_line("mandatory SvcParamKey: key%d is missing "
"the record", key);
}
/* In draft-ietf-dnsop-svcb-https-04 Section 8
* automatically mandatory MUST NOT appear in its own value-list
*/
if (key == SVCB_KEY_MANDATORY) {
if(zone_is_slave(parser->current_zone->opts))
zc_warning_prev_line("mandatory MUST not be included"
" as mandatory parameter");
else
zc_error_prev_line("mandatory MUST not be included"
" as mandatory parameter");
}
if (key == prev_key) {
if(zone_is_slave(parser->current_zone->opts))
zc_warning_prev_line("Keys inSvcParam mandatory "
"MUST NOT appear more than once.");
else
zc_error_prev_line("Keys in SvcParam mandatory "
"MUST NOT appear more than once.");
}
prev_key = key;
}
}
void
zadd_rdata_domain(domain_type *domain)
{
if (parser->current_rr.rdata_count >= MAXRDATALEN) {
zc_error_prev_line("too many rdata elements");
} else {
parser->current_rr.rdatas[parser->current_rr.rdata_count].domain
= domain;
domain->usage ++; /* new reference to domain */
++parser->current_rr.rdata_count;
}
}
void
parse_unknown_rdata(uint16_t type, uint16_t *wireformat)
{
buffer_type packet;
uint16_t size;
ssize_t rdata_count;
ssize_t i;
rdata_atom_type *rdatas;
if (wireformat) {
size = *wireformat;
} else {
return;
}
buffer_create_from(&packet, wireformat + 1, *wireformat);
rdata_count = rdata_wireformat_to_rdata_atoms(parser->region,
parser->db->domains,
type,
size,
&packet,
&rdatas);
if (rdata_count == -1) {
zc_error_prev_line("bad unknown RDATA");
return;
}
for (i = 0; i < rdata_count; ++i) {
if (rdata_atom_is_domain(type, i)) {
zadd_rdata_domain(rdatas[i].domain);
} else {
zadd_rdata_wireformat(rdatas[i].data);
}
}
region_recycle(parser->region, rdatas,
rdata_count*sizeof(rdata_atom_type));
}
/*
* Compares two rdata arrays.
*
* Returns:
*
* zero if they are equal
* non-zero if not
*
*/
static int
zrdatacmp(uint16_t type, rr_type *a, rr_type *b)
{
int i = 0;
assert(a);
assert(b);
/* One is shorter than another */
if (a->rdata_count != b->rdata_count)
return 1;
/* Compare element by element */
for (i = 0; i < a->rdata_count; ++i) {
if (rdata_atom_is_domain(type, i)) {
if (rdata_atom_domain(a->rdatas[i])
!= rdata_atom_domain(b->rdatas[i]))
{
return 1;
}
} else if(rdata_atom_is_literal_domain(type, i)) {
if (rdata_atom_size(a->rdatas[i])
!= rdata_atom_size(b->rdatas[i]))
return 1;
if (!dname_equal_nocase(rdata_atom_data(a->rdatas[i]),
rdata_atom_data(b->rdatas[i]),
rdata_atom_size(a->rdatas[i])))
return 1;
} else {
if (rdata_atom_size(a->rdatas[i])
!= rdata_atom_size(b->rdatas[i]))
{
return 1;
}
if (memcmp(rdata_atom_data(a->rdatas[i]),
rdata_atom_data(b->rdatas[i]),
rdata_atom_size(a->rdatas[i])) != 0)
{
return 1;
}
}
}
/* Otherwise they are equal */
return 0;
}
/*
*
* Opens a zone file.
*
* Returns:
*
* - pointer to the parser structure
* - NULL on error and errno set
*
*/
static int
zone_open(const char *filename, uint32_t ttl, uint16_t klass,
const dname_type *origin)
{
/* Open the zone file... */
if (strcmp(filename, "-") == 0) {
yyin = stdin;
filename = "<stdin>";
warn_if_directory("zonefile from stdin", yyin, filename);
} else {
if (!(yyin = fopen(filename, "r"))) {
return 0;
}
warn_if_directory("zonefile", yyin, filename);
}
zparser_init(filename, ttl, klass, origin);
return 1;
}
void
set_bitnsec(uint8_t bits[NSEC_WINDOW_COUNT][NSEC_WINDOW_BITS_SIZE],
uint16_t index)
{
/*
* The bits are counted from left to right, so bit #0 is the
* left most bit.
*/
uint8_t window = index / 256;
uint8_t bit = index % 256;
bits[window][bit / 8] |= (1 << (7 - bit % 8));
}
static int
has_soa(domain_type* domain)
{
rrset_type* p = NULL;
if(!domain) return 0;
for(p = domain->rrsets; p; p = p->next)
if(rrset_rrtype(p) == TYPE_SOA)
return 1;
return 0;
}
int
process_rr(void)
{
zone_type *zone = parser->current_zone;
rr_type *rr = &parser->current_rr;
rrset_type *rrset;
size_t max_rdlength;
int i;
rrtype_descriptor_type *descriptor
= rrtype_descriptor_by_type(rr->type);
/* We only support IN class */
if (rr->klass != CLASS_IN) {
if(zone_is_slave(zone->opts))
zc_warning_prev_line("only class IN is supported");
else
zc_error_prev_line("only class IN is supported");
return 0;
}
/* Make sure the maximum RDLENGTH does not exceed 65535 bytes. */
max_rdlength = rdata_maximum_wireformat_size(
descriptor, rr->rdata_count, rr->rdatas);
if (max_rdlength > MAX_RDLENGTH) {
zc_error_prev_line("maximum rdata length exceeds %d octets", MAX_RDLENGTH);
return 0;
}
/* We cannot print invalid owner names,
* so error on that before it is used in printing other errors.
*/
if (rr->owner == error_domain
|| domain_dname(rr->owner) == error_dname) {
zc_error_prev_line("invalid owner name");
return 0;
}
/* we have the zone already */
assert(zone);
if (rr->type == TYPE_SOA) {
if (rr->owner != zone->apex) {
char s[MAXDOMAINLEN*5];
snprintf(s, sizeof(s), "%s", domain_to_string(zone->apex));
zc_error_prev_line(
"SOA record with invalid domain name, '%s' is not '%s'", domain_to_string(rr->owner), s);
return 0;
}
if(has_soa(rr->owner)) {
if(zone_is_slave(zone->opts))
zc_warning_prev_line("this SOA record was already encountered");
else
zc_error_prev_line("this SOA record was already encountered");
return 0;
}
rr->owner->is_apex = 1;
}
if (!domain_is_subdomain(rr->owner, zone->apex))
{
char s[MAXDOMAINLEN*5];
snprintf(s, sizeof(s), "%s", domain_to_string(zone->apex));
if(zone_is_slave(zone->opts))
zc_warning_prev_line("out of zone data: %s is outside the zone for fqdn %s", domain_to_string(rr->owner), s);
else
zc_error_prev_line("out of zone data: %s is outside the zone for fqdn %s", domain_to_string(rr->owner), s);
return 0;
}
/* Do we have this type of rrset already? */
rrset = domain_find_rrset(rr->owner, zone, rr->type);
if (!rrset) {
rrset = (rrset_type *) region_alloc(parser->region,
sizeof(rrset_type));
rrset->zone = zone;
rrset->rr_count = 1;
rrset->rrs = (rr_type *) region_alloc(parser->region,
sizeof(rr_type));
rrset->rrs[0] = *rr;
/* Add it */
domain_add_rrset(rr->owner, rrset);
} else {
rr_type* o;
if (rr->type != TYPE_RRSIG && rrset->rrs[0].ttl != rr->ttl) {
zc_warning_prev_line(
"%s TTL %u does not match the TTL %u of the %s RRset",
domain_to_string(rr->owner), (unsigned)rr->ttl,
(unsigned)rrset->rrs[0].ttl,
rrtype_to_string(rr->type));
}
/* Search for possible duplicates... */
for (i = 0; i < rrset->rr_count; i++) {
if (!zrdatacmp(rr->type, rr, &rrset->rrs[i])) {
break;
}
}
/* Discard the duplicates... */
if (i < rrset->rr_count) {
/* add rdatas to recycle bin. */
size_t i;
for (i = 0; i < rr->rdata_count; i++) {
if(!rdata_atom_is_domain(rr->type, i))
region_recycle(parser->region, rr->rdatas[i].data,
rdata_atom_size(rr->rdatas[i])
+ sizeof(uint16_t));
}
region_recycle(parser->region, rr->rdatas,
sizeof(rdata_atom_type)*rr->rdata_count);
return 0;
}
if(rrset->rr_count == 65535) {
zc_error_prev_line("too many RRs for domain RRset");
return 0;
}
/* Add it... */
o = rrset->rrs;
rrset->rrs = (rr_type *) region_alloc_array(parser->region,
(rrset->rr_count + 1), sizeof(rr_type));
memcpy(rrset->rrs, o, (rrset->rr_count) * sizeof(rr_type));
region_recycle(parser->region, o,
(rrset->rr_count) * sizeof(rr_type));
rrset->rrs[rrset->rr_count] = *rr;
++rrset->rr_count;
}
if(rr->type == TYPE_DNAME && rrset->rr_count > 1) {
if(zone_is_slave(zone->opts))
zc_warning_prev_line("multiple DNAMEs at the same name");
else
zc_error_prev_line("multiple DNAMEs at the same name");
}
if(rr->type == TYPE_CNAME && rrset->rr_count > 1) {
if(zone_is_slave(zone->opts))
zc_warning_prev_line("multiple CNAMEs at the same name");
else
zc_error_prev_line("multiple CNAMEs at the same name");
}
if((rr->type == TYPE_DNAME && domain_find_rrset(rr->owner, zone, TYPE_CNAME))
||(rr->type == TYPE_CNAME && domain_find_rrset(rr->owner, zone, TYPE_DNAME))) {
if(zone_is_slave(zone->opts))
zc_warning_prev_line("DNAME and CNAME at the same name");
else
zc_error_prev_line("DNAME and CNAME at the same name");
}
if(domain_find_rrset(rr->owner, zone, TYPE_CNAME) &&
domain_find_non_cname_rrset(rr->owner, zone)) {
if(zone_is_slave(zone->opts))
zc_warning_prev_line("CNAME and other data at the same name");
else
zc_error_prev_line("CNAME and other data at the same name");
}
/* Check we have SOA */
if(rr->owner == zone->apex)
apex_rrset_checks(parser->db, rrset, rr->owner);
if(parser->line % ZONEC_PCT_COUNT == 0 && time(NULL) > startzonec + ZONEC_PCT_TIME) {
struct stat buf;
startzonec = time(NULL);
buf.st_size = 0;
fstat(fileno(yyin), &buf);
if(buf.st_size == 0) buf.st_size = 1;
VERBOSITY(1, (LOG_INFO, "parse %s %d %%",
parser->current_zone->opts->name,
(int)((uint64_t)ftell(yyin)*(uint64_t)100/(uint64_t)buf.st_size)));
}
++totalrrs;
return 1;
}
/*
* Find rrset type for any zone
*/
static rrset_type*
domain_find_rrset_any(domain_type *domain, uint16_t type)
{
rrset_type *result = domain->rrsets;
while (result) {
if (rrset_rrtype(result) == type) {
return result;
}
result = result->next;
}
return NULL;
}
/*
* Check for DNAME type. Nothing is allowed below it
*/
static void
check_dname(zone_type* zone)
{
domain_type* domain;
for(domain = zone->apex; domain && domain_is_subdomain(domain,
zone->apex); domain=domain_next(domain))
{
if(domain->is_existing) {
/* there may not be DNAMEs above it */
domain_type* parent = domain->parent;
#ifdef NSEC3
if(domain_has_only_NSEC3(domain, NULL))
continue;
#endif
while(parent) {
if(domain_find_rrset_any(parent, TYPE_DNAME)) {
zc_error("While checking node %s,",
domain_to_string(domain));
zc_error("DNAME at %s has data below it. "
"This is not allowed (rfc 2672).",
domain_to_string(parent));
return;
}
parent = parent->parent;
}
}
}
}
/*
* Reads the specified zone into the memory
* nsd_options can be NULL if no config file is passed.
*/
unsigned int
zonec_read(const char* name, const char* zonefile, zone_type* zone)
{
const dname_type *dname;
totalrrs = 0;
startzonec = time(NULL);
parser->errors = 0;
dname = dname_parse(parser->rr_region, name);
if (!dname) {
zc_error("incorrect zone name '%s'", name);
return 1;
}
/* Open the zone file */
if (!zone_open(zonefile, 3600, CLASS_IN, dname)) {
zc_error("cannot open '%s': %s", zonefile, strerror(errno));
return 1;
}
parser->current_zone = zone;
/* Parse and process all RRs. */
yyparse();
/* remove origin if it was unused */
if(parser->origin != error_domain)
domain_table_deldomain(parser->db, parser->origin);
/* rr_region has been emptied by now */
dname = dname_parse(parser->rr_region, name);
/* check if zone file contained a correct SOA record */
if (!parser->current_zone) {
zc_error("zone configured as '%s' has no content.", name);
} else if(!parser->current_zone->soa_rrset ||
parser->current_zone->soa_rrset->rr_count == 0) {
zc_error("zone configured as '%s' has no SOA record.", name);
} else if(dname_compare(domain_dname(
parser->current_zone->soa_rrset->rrs[0].owner), dname) != 0) {
zc_error("zone configured as '%s', but SOA has owner '%s'.",
name, domain_to_string(
parser->current_zone->soa_rrset->rrs[0].owner));
}
region_free_all(parser->rr_region);
parser_flush();
fclose(yyin);
if(!zone_is_slave(zone->opts))
check_dname(zone);
parser->filename = NULL;
return parser->errors;
}
/*
* setup parse
*/
void
zonec_setup_parser(namedb_type* db)
{
region_type* rr_region = region_create(xalloc, free);
parser = zparser_create(db->region, rr_region, db);
assert(parser);
/* Unique pointers used to mark errors. */
error_dname = (dname_type *) region_alloc(db->region, 1);
error_domain = (domain_type *) region_alloc(db->region, 1);
/* Open the network database */
setprotoent(1);
setservent(1);
}
/** desetup parse */
void
zonec_desetup_parser(void)
{
if(parser) {
endservent();
endprotoent();
region_destroy(parser->rr_region);
/* removed when parser->region(=db->region) is destroyed:
* region_recycle(parser->region, (void*)error_dname, 1);
* region_recycle(parser->region, (void*)error_domain, 1); */
/* clear memory for exit, but this is not portable to
* other versions of lex. yylex_destroy(); */
#ifdef MEMCLEAN /* OS collects memory pages */
yylex_destroy();
#endif
}
}
static domain_table_type* orig_domains = NULL;
static region_type* orig_region = NULL;
static region_type* orig_dbregion = NULL;
/** setup for string parse */
void
zonec_setup_string_parser(region_type* region, domain_table_type* domains)
{
assert(parser); /* global parser must be setup */
orig_domains = parser->db->domains;
orig_region = parser->region;
orig_dbregion = parser->db->region;
parser->region = region;
parser->db->region = region;
parser->db->domains = domains;
zparser_init("string", 3600, CLASS_IN, domain_dname(domains->root));
}
/** desetup string parse */
void
zonec_desetup_string_parser(void)
{
parser->region = orig_region;
parser->db->domains = orig_domains;
parser->db->region = orig_dbregion;
}
/** parse a string into temporary storage */
int
zonec_parse_string(region_type* region, domain_table_type* domains,
zone_type* zone, char* str, domain_type** parsed, int* num_rrs)
{
int errors;
zonec_setup_string_parser(region, domains);
parser->current_zone = zone;
parser->errors = 0;
totalrrs = 0;
startzonec = time(NULL)+100000; /* disable */
parser_push_stringbuf(str);
yyparse();
parser_pop_stringbuf();
errors = parser->errors;
*num_rrs = totalrrs;
if(*num_rrs == 0)
*parsed = NULL;
else *parsed = parser->prev_dname;
/* remove origin if it was not used during the parse */
if(parser->origin != error_domain)
domain_table_deldomain(parser->db, parser->origin);
region_free_all(parser->rr_region);
zonec_desetup_string_parser();
parser_flush();
return errors;
}
/** check SSHFP type for failures and emit warnings */
void check_sshfp(void)
{
uint8_t hash;
uint16_t size;
if(parser->current_rr.rdata_count < 3)
return; /* cannot check it, too few rdata elements */
if(!parser->current_rr.rdatas[0].data ||
!parser->current_rr.rdatas[1].data ||
!parser->current_rr.rdatas[2].data ||
!parser->current_rr.owner)
return; /* cannot check, NULLs (due to earlier errors) */
if(rdata_atom_size(parser->current_rr.rdatas[1]) != 1)
return; /* wrong size of the hash type rdata element */
hash = rdata_atom_data(parser->current_rr.rdatas[1])[0];
size = rdata_atom_size(parser->current_rr.rdatas[2]);
if(hash == 1 && size != 20) {
zc_warning_prev_line("SSHFP %s of type SHA1 has hash of "
"wrong length, %d bytes, should be 20",
domain_to_string(parser->current_rr.owner),
(int)size);
} else if(hash == 2 && size != 32) {
zc_warning_prev_line("SSHFP %s of type SHA256 has hash of "
"wrong length, %d bytes, should be 32",
domain_to_string(parser->current_rr.owner),
(int)size);
}
}
void
apex_rrset_checks(namedb_type* db, rrset_type* rrset, domain_type* domain)
{
uint32_t soa_minimum;
unsigned i;
zone_type* zone = rrset->zone;
assert(domain == zone->apex);
(void)domain;
if (rrset_rrtype(rrset) == TYPE_SOA) {
zone->soa_rrset = rrset;
/* BUG #103 add another soa with a tweaked ttl */
if(zone->soa_nx_rrset == 0) {
zone->soa_nx_rrset = region_alloc(db->region,
sizeof(rrset_type));
zone->soa_nx_rrset->rr_count = 1;
zone->soa_nx_rrset->next = 0;
zone->soa_nx_rrset->zone = zone;
zone->soa_nx_rrset->rrs = region_alloc(db->region,
sizeof(rr_type));
}
memcpy(zone->soa_nx_rrset->rrs, rrset->rrs, sizeof(rr_type));
/* check the ttl and MINIMUM value and set accordingly */
memcpy(&soa_minimum, rdata_atom_data(rrset->rrs->rdatas[6]),
rdata_atom_size(rrset->rrs->rdatas[6]));
if (rrset->rrs->ttl > ntohl(soa_minimum)) {
zone->soa_nx_rrset->rrs[0].ttl = ntohl(soa_minimum);
}
} else if (rrset_rrtype(rrset) == TYPE_NS) {
zone->ns_rrset = rrset;
} else if (rrset_rrtype(rrset) == TYPE_RRSIG) {
for (i = 0; i < rrset->rr_count; ++i) {
if(rr_rrsig_type_covered(&rrset->rrs[i])==TYPE_DNSKEY){
zone->is_secure = 1;
break;
}
}
}
}
![[BACK]](/icons/back.gif){kind=icon}
Return to zonec.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.sbin / nsd