aboutsummaryrefslogtreecommitdiff
path: root/daemon/remote.c
diff options
context:
space:
mode:
Diffstat (limited to 'daemon/remote.c')
-rw-r--r--daemon/remote.c337
1 files changed, 291 insertions, 46 deletions
diff --git a/daemon/remote.c b/daemon/remote.c
index 3fe6650b4ba6..d4ac833e33d0 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -146,6 +146,7 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
* the command : "openssl dhparam -C 2048"
* (some openssl versions reject DH that is 'too small', eg. 512).
*/
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S
static DH *get_dh2048(void)
{
@@ -203,6 +204,7 @@ err:
return NULL;
}
#endif /* SPLINT */
+#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */
struct daemon_remote*
daemon_remote_create(struct config_file* cfg)
@@ -243,12 +245,18 @@ daemon_remote_create(struct config_file* cfg)
if (cfg->remote_control_use_cert == 0) {
/* No certificates are requested */
- if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {
+#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
+ SSL_CTX_set_security_level(rc->ctx, 0);
+#endif
+ if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL, eNULL")) {
log_crypto_err("Failed to set aNULL cipher list");
daemon_remote_delete(rc);
return NULL;
}
+ /* in openssl 1.1, the securitylevel 0 allows eNULL, that
+ * does not need the DH */
+#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
/* Since we have no certificates and hence no source of
* DH params, let's generate and set them
*/
@@ -257,6 +265,7 @@ daemon_remote_create(struct config_file* cfg)
daemon_remote_delete(rc);
return NULL;
}
+#endif
return rc;
}
rc->use_cert = 1;
@@ -760,6 +769,8 @@ print_stats(SSL* ssl, const char* nm, struct stats_info* s)
(unsigned long)s->svr.num_queries_missed_cache)) return 0;
if(!ssl_printf(ssl, "%s.num.prefetch"SQ"%lu\n", nm,
(unsigned long)s->svr.num_queries_prefetch)) return 0;
+ if(!ssl_printf(ssl, "%s.num.zero_ttl"SQ"%lu\n", nm,
+ (unsigned long)s->svr.zero_ttl_responses)) return 0;
if(!ssl_printf(ssl, "%s.num.recursivereplies"SQ"%lu\n", nm,
(unsigned long)s->mesh_replies_sent)) return 0;
if(!ssl_printf(ssl, "%s.requestlist.avg"SQ"%g\n", nm,
@@ -818,12 +829,6 @@ print_mem(SSL* ssl, struct worker* worker, struct daemon* daemon)
{
int m;
size_t msg, rrset, val, iter;
-#ifdef HAVE_SBRK
- extern void* unbound_start_brk;
- void* cur = sbrk(0);
- if(!print_longnum(ssl, "mem.total.sbrk"SQ,
- (size_t)((char*)cur - (char*)unbound_start_brk))) return 0;
-#endif /* HAVE_SBRK */
msg = slabhash_get_mem(daemon->env->msg_cache);
rrset = slabhash_get_mem(&daemon->env->rrset_cache->table);
val=0;
@@ -1123,8 +1128,8 @@ find_arg2(SSL* ssl, char* arg, char** arg2)
}
/** Add a new zone */
-static void
-do_zone_add(SSL* ssl, struct worker* worker, char* arg)
+static int
+perform_zone_add(SSL* ssl, struct local_zones* zones, char* arg)
{
uint8_t* nm;
int nmlabs;
@@ -1133,83 +1138,266 @@ do_zone_add(SSL* ssl, struct worker* worker, char* arg)
enum localzone_type t;
struct local_zone* z;
if(!find_arg2(ssl, arg, &arg2))
- return;
+ return 0;
if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
- return;
+ return 0;
if(!local_zone_str2type(arg2, &t)) {
ssl_printf(ssl, "error not a zone type. %s\n", arg2);
free(nm);
- return;
+ return 0;
}
- lock_rw_wrlock(&worker->daemon->local_zones->lock);
- if((z=local_zones_find(worker->daemon->local_zones, nm, nmlen,
+ lock_rw_wrlock(&zones->lock);
+ if((z=local_zones_find(zones, nm, nmlen,
nmlabs, LDNS_RR_CLASS_IN))) {
/* already present in tree */
lock_rw_wrlock(&z->lock);
z->type = t; /* update type anyway */
lock_rw_unlock(&z->lock);
free(nm);
- lock_rw_unlock(&worker->daemon->local_zones->lock);
- send_ok(ssl);
- return;
+ lock_rw_unlock(&zones->lock);
+ return 1;
}
- if(!local_zones_add_zone(worker->daemon->local_zones, nm, nmlen,
+ if(!local_zones_add_zone(zones, nm, nmlen,
nmlabs, LDNS_RR_CLASS_IN, t)) {
- lock_rw_unlock(&worker->daemon->local_zones->lock);
+ lock_rw_unlock(&zones->lock);
ssl_printf(ssl, "error out of memory\n");
- return;
+ return 0;
}
- lock_rw_unlock(&worker->daemon->local_zones->lock);
+ lock_rw_unlock(&zones->lock);
+ return 1;
+}
+
+/** Do the local_zone command */
+static void
+do_zone_add(SSL* ssl, struct local_zones* zones, char* arg)
+{
+ if(!perform_zone_add(ssl, zones, arg))
+ return;
send_ok(ssl);
}
-/** Remove a zone */
+/** Do the local_zones command */
static void
-do_zone_remove(SSL* ssl, struct worker* worker, char* arg)
+do_zones_add(SSL* ssl, struct local_zones* zones)
+{
+ char buf[2048];
+ int num = 0;
+ while(ssl_read_line(ssl, buf, sizeof(buf))) {
+ if(buf[0] == 0x04 && buf[1] == 0)
+ break; /* end of transmission */
+ if(!perform_zone_add(ssl, zones, buf)) {
+ if(!ssl_printf(ssl, "error for input line: %s\n", buf))
+ return;
+ }
+ else
+ num++;
+ }
+ (void)ssl_printf(ssl, "added %d zones\n", num);
+}
+
+/** Remove a zone */
+static int
+perform_zone_remove(SSL* ssl, struct local_zones* zones, char* arg)
{
uint8_t* nm;
int nmlabs;
size_t nmlen;
struct local_zone* z;
if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
- return;
- lock_rw_wrlock(&worker->daemon->local_zones->lock);
- if((z=local_zones_find(worker->daemon->local_zones, nm, nmlen,
+ return 0;
+ lock_rw_wrlock(&zones->lock);
+ if((z=local_zones_find(zones, nm, nmlen,
nmlabs, LDNS_RR_CLASS_IN))) {
/* present in tree */
- local_zones_del_zone(worker->daemon->local_zones, z);
+ local_zones_del_zone(zones, z);
}
- lock_rw_unlock(&worker->daemon->local_zones->lock);
+ lock_rw_unlock(&zones->lock);
free(nm);
+ return 1;
+}
+
+/** Do the local_zone_remove command */
+static void
+do_zone_remove(SSL* ssl, struct local_zones* zones, char* arg)
+{
+ if(!perform_zone_remove(ssl, zones, arg))
+ return;
send_ok(ssl);
}
-/** Add new RR data */
+/** Do the local_zones_remove command */
static void
-do_data_add(SSL* ssl, struct worker* worker, char* arg)
+do_zones_remove(SSL* ssl, struct local_zones* zones)
+{
+ char buf[2048];
+ int num = 0;
+ while(ssl_read_line(ssl, buf, sizeof(buf))) {
+ if(buf[0] == 0x04 && buf[1] == 0)
+ break; /* end of transmission */
+ if(!perform_zone_remove(ssl, zones, buf)) {
+ if(!ssl_printf(ssl, "error for input line: %s\n", buf))
+ return;
+ }
+ else
+ num++;
+ }
+ (void)ssl_printf(ssl, "removed %d zones\n", num);
+}
+
+/** Add new RR data */
+static int
+perform_data_add(SSL* ssl, struct local_zones* zones, char* arg)
{
- if(!local_zones_add_RR(worker->daemon->local_zones, arg)) {
+ if(!local_zones_add_RR(zones, arg)) {
ssl_printf(ssl,"error in syntax or out of memory, %s\n", arg);
- return;
+ return 0;
}
+ return 1;
+}
+
+/** Do the local_data command */
+static void
+do_data_add(SSL* ssl, struct local_zones* zones, char* arg)
+{
+ if(!perform_data_add(ssl, zones, arg))
+ return;
send_ok(ssl);
}
-/** Remove RR data */
+/** Do the local_datas command */
static void
-do_data_remove(SSL* ssl, struct worker* worker, char* arg)
+do_datas_add(SSL* ssl, struct local_zones* zones)
+{
+ char buf[2048];
+ int num = 0;
+ while(ssl_read_line(ssl, buf, sizeof(buf))) {
+ if(buf[0] == 0x04 && buf[1] == 0)
+ break; /* end of transmission */
+ if(!perform_data_add(ssl, zones, buf)) {
+ if(!ssl_printf(ssl, "error for input line: %s\n", buf))
+ return;
+ }
+ else
+ num++;
+ }
+ (void)ssl_printf(ssl, "added %d datas\n", num);
+}
+
+/** Remove RR data */
+static int
+perform_data_remove(SSL* ssl, struct local_zones* zones, char* arg)
{
uint8_t* nm;
int nmlabs;
size_t nmlen;
if(!parse_arg_name(ssl, arg, &nm, &nmlen, &nmlabs))
- return;
- local_zones_del_data(worker->daemon->local_zones, nm,
+ return 0;
+ local_zones_del_data(zones, nm,
nmlen, nmlabs, LDNS_RR_CLASS_IN);
free(nm);
+ return 1;
+}
+
+/** Do the local_data_remove command */
+static void
+do_data_remove(SSL* ssl, struct local_zones* zones, char* arg)
+{
+ if(!perform_data_remove(ssl, zones, arg))
+ return;
send_ok(ssl);
}
+/** Do the local_datas_remove command */
+static void
+do_datas_remove(SSL* ssl, struct local_zones* zones)
+{
+ char buf[2048];
+ int num = 0;
+ while(ssl_read_line(ssl, buf, sizeof(buf))) {
+ if(buf[0] == 0x04 && buf[1] == 0)
+ break; /* end of transmission */
+ if(!perform_data_remove(ssl, zones, buf)) {
+ if(!ssl_printf(ssl, "error for input line: %s\n", buf))
+ return;
+ }
+ else
+ num++;
+ }
+ (void)ssl_printf(ssl, "removed %d datas\n", num);
+}
+
+/** Add a new zone to view */
+static void
+do_view_zone_add(SSL* ssl, struct worker* worker, char* arg)
+{
+ char* arg2;
+ struct view* v;
+ if(!find_arg2(ssl, arg, &arg2))
+ return;
+ v = views_find_view(worker->daemon->views,
+ arg, 1 /* get write lock*/);
+ if(!v) {
+ ssl_printf(ssl,"no view with name: %s\n", arg);
+ return;
+ }
+ do_zone_add(ssl, v->local_zones, arg2);
+ lock_rw_unlock(&v->lock);
+}
+
+/** Remove a zone from view */
+static void
+do_view_zone_remove(SSL* ssl, struct worker* worker, char* arg)
+{
+ char* arg2;
+ struct view* v;
+ if(!find_arg2(ssl, arg, &arg2))
+ return;
+ v = views_find_view(worker->daemon->views,
+ arg, 1 /* get write lock*/);
+ if(!v) {
+ ssl_printf(ssl,"no view with name: %s\n", arg);
+ return;
+ }
+ do_zone_remove(ssl, v->local_zones, arg2);
+ lock_rw_unlock(&v->lock);
+}
+
+/** Add new RR data to view */
+static void
+do_view_data_add(SSL* ssl, struct worker* worker, char* arg)
+{
+ char* arg2;
+ struct view* v;
+ if(!find_arg2(ssl, arg, &arg2))
+ return;
+ v = views_find_view(worker->daemon->views,
+ arg, 1 /* get write lock*/);
+ if(!v) {
+ ssl_printf(ssl,"no view with name: %s\n", arg);
+ return;
+ }
+ do_data_add(ssl, v->local_zones, arg2);
+ lock_rw_unlock(&v->lock);
+}
+
+/** Remove RR data from view */
+static void
+do_view_data_remove(SSL* ssl, struct worker* worker, char* arg)
+{
+ char* arg2;
+ struct view* v;
+ if(!find_arg2(ssl, arg, &arg2))
+ return;
+ v = views_find_view(worker->daemon->views,
+ arg, 1 /* get write lock*/);
+ if(!v) {
+ ssl_printf(ssl,"no view with name: %s\n", arg);
+ return;
+ }
+ do_data_remove(ssl, v->local_zones, arg2);
+ lock_rw_unlock(&v->lock);
+}
+
/** cache lookup of nameservers */
static void
do_lookup(SSL* ssl, struct worker* worker, char* arg)
@@ -1238,6 +1426,7 @@ do_cache_remove(struct worker* worker, uint8_t* nm, size_t nmlen,
k.qname_len = nmlen;
k.qtype = t;
k.qclass = c;
+ k.local_alias = NULL;
h = query_info_hash(&k, 0);
slabhash_remove(worker->env.msg_cache, h, &k);
if(t == LDNS_RR_TYPE_AAAA) {
@@ -2183,6 +2372,14 @@ do_set_option(SSL* ssl, struct worker* worker, char* arg)
(void)ssl_printf(ssl, "error setting option\n");
return;
}
+ /* effectuate some arguments */
+ if(strcmp(arg, "val-override-date:") == 0) {
+ int m = modstack_find(&worker->env.mesh->mods, "validator");
+ struct val_env* val_env = NULL;
+ if(m != -1) val_env = (struct val_env*)worker->env.modinfo[m];
+ if(val_env)
+ val_env->date_override = worker->env.cfg->val_date_override;
+ }
send_ok(ssl);
}
@@ -2263,9 +2460,8 @@ do_list_stubs(SSL* ssl, struct worker* worker)
/** do the list_local_zones command */
static void
-do_list_local_zones(SSL* ssl, struct worker* worker)
+do_list_local_zones(SSL* ssl, struct local_zones* zones)
{
- struct local_zones* zones = worker->daemon->local_zones;
struct local_zone* z;
char buf[257];
lock_rw_rdlock(&zones->lock);
@@ -2286,9 +2482,8 @@ do_list_local_zones(SSL* ssl, struct worker* worker)
/** do the list_local_data command */
static void
-do_list_local_data(SSL* ssl, struct worker* worker)
+do_list_local_data(SSL* ssl, struct worker* worker, struct local_zones* zones)
{
- struct local_zones* zones = worker->daemon->local_zones;
struct local_zone* z;
struct local_data* d;
struct local_rrset* p;
@@ -2324,6 +2519,34 @@ do_list_local_data(SSL* ssl, struct worker* worker)
lock_rw_unlock(&zones->lock);
}
+/** do the view_list_local_zones command */
+static void
+do_view_list_local_zones(SSL* ssl, struct worker* worker, char* arg)
+{
+ struct view* v = views_find_view(worker->daemon->views,
+ arg, 0 /* get read lock*/);
+ if(!v) {
+ ssl_printf(ssl,"no view with name: %s\n", arg);
+ return;
+ }
+ do_list_local_zones(ssl, v->local_zones);
+ lock_rw_unlock(&v->lock);
+}
+
+/** do the view_list_local_data command */
+static void
+do_view_list_local_data(SSL* ssl, struct worker* worker, char* arg)
+{
+ struct view* v = views_find_view(worker->daemon->views,
+ arg, 0 /* get read lock*/);
+ if(!v) {
+ ssl_printf(ssl,"no view with name: %s\n", arg);
+ return;
+ }
+ do_list_local_data(ssl, worker, v->local_zones);
+ lock_rw_unlock(&v->lock);
+}
+
/** struct for user arg ratelimit list */
struct ratelimit_list_arg {
/** the infra cache */
@@ -2436,10 +2659,16 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
do_insecure_list(ssl, worker);
return;
} else if(cmdcmp(p, "list_local_zones", 16)) {
- do_list_local_zones(ssl, worker);
+ do_list_local_zones(ssl, worker->daemon->local_zones);
return;
} else if(cmdcmp(p, "list_local_data", 15)) {
- do_list_local_data(ssl, worker);
+ do_list_local_data(ssl, worker, worker->daemon->local_zones);
+ return;
+ } else if(cmdcmp(p, "view_list_local_zones", 21)) {
+ do_view_list_local_zones(ssl, worker, skipwhite(p+21));
+ return;
+ } else if(cmdcmp(p, "view_list_local_data", 20)) {
+ do_view_list_local_data(ssl, worker, skipwhite(p+20));
return;
} else if(cmdcmp(p, "ratelimit_list", 14)) {
do_ratelimit_list(ssl, worker, p+14);
@@ -2505,13 +2734,29 @@ execute_cmd(struct daemon_remote* rc, SSL* ssl, char* cmd,
if(cmdcmp(p, "verbosity", 9)) {
do_verbosity(ssl, skipwhite(p+9));
} else if(cmdcmp(p, "local_zone_remove", 17)) {
- do_zone_remove(ssl, worker, skipwhite(p+17));
+ do_zone_remove(ssl, worker->daemon->local_zones, skipwhite(p+17));
+ } else if(cmdcmp(p, "local_zones_remove", 18)) {
+ do_zones_remove(ssl, worker->daemon->local_zones);
} else if(cmdcmp(p, "local_zone", 10)) {
- do_zone_add(ssl, worker, skipwhite(p+10));
+ do_zone_add(ssl, worker->daemon->local_zones, skipwhite(p+10));
+ } else if(cmdcmp(p, "local_zones", 11)) {
+ do_zones_add(ssl, worker->daemon->local_zones);
} else if(cmdcmp(p, "local_data_remove", 17)) {
- do_data_remove(ssl, worker, skipwhite(p+17));
+ do_data_remove(ssl, worker->daemon->local_zones, skipwhite(p+17));
+ } else if(cmdcmp(p, "local_datas_remove", 18)) {
+ do_datas_remove(ssl, worker->daemon->local_zones);
} else if(cmdcmp(p, "local_data", 10)) {
- do_data_add(ssl, worker, skipwhite(p+10));
+ do_data_add(ssl, worker->daemon->local_zones, skipwhite(p+10));
+ } else if(cmdcmp(p, "local_datas", 11)) {
+ do_datas_add(ssl, worker->daemon->local_zones);
+ } else if(cmdcmp(p, "view_local_zone_remove", 22)) {
+ do_view_zone_remove(ssl, worker, skipwhite(p+22));
+ } else if(cmdcmp(p, "view_local_zone", 15)) {
+ do_view_zone_add(ssl, worker, skipwhite(p+15));
+ } else if(cmdcmp(p, "view_local_data_remove", 22)) {
+ do_view_data_remove(ssl, worker, skipwhite(p+22));
+ } else if(cmdcmp(p, "view_local_data", 15)) {
+ do_view_data_add(ssl, worker, skipwhite(p+15));
} else if(cmdcmp(p, "flush_zone", 10)) {
do_flush_zone(ssl, worker, skipwhite(p+10));
} else if(cmdcmp(p, "flush_type", 10)) {
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-23 05:15:03 +0000