]>
Commit | Line | Data |
---|---|---|
12471842 PL |
1 | /* |
2 | * This file is part of PowerDNS or dnsdist. | |
3 | * Copyright -- PowerDNS.COM B.V. and its contributors | |
4 | * | |
5 | * This program is free software; you can redistribute it and/or modify | |
6 | * it under the terms of version 2 of the GNU General Public License as | |
7 | * published by the Free Software Foundation. | |
8 | * | |
9 | * In addition, for the avoidance of any doubt, permission is granted to | |
10 | * link this program with OpenSSL and to (re)distribute the binaries | |
11 | * produced as the result of such linking. | |
12 | * | |
13 | * This program is distributed in the hope that it will be useful, | |
14 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | * GNU General Public License for more details. | |
17 | * | |
18 | * You should have received a copy of the GNU General Public License | |
19 | * along with this program; if not, write to the Free Software | |
20 | * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. | |
21 | */ | |
870a0fe4 AT |
22 | #ifdef HAVE_CONFIG_H |
23 | #include "config.h" | |
24 | #endif | |
0efda032 BH |
25 | #include <bitset> |
26 | #include "dnsparser.hh" | |
27 | #include "iputils.hh" | |
0efda032 BH |
28 | #include <boost/program_options.hpp> |
29 | ||
30 | #include <boost/format.hpp> | |
31 | #include <boost/utility.hpp> | |
32 | #include <boost/multi_index_container.hpp> | |
33 | #include <boost/multi_index/ordered_index.hpp> | |
34 | #include <boost/multi_index/key_extractors.hpp> | |
8472da1b BH |
35 | #include <boost/algorithm/string.hpp> |
36 | #include <sys/types.h> | |
37 | #include <sys/stat.h> | |
38 | #include <fcntl.h> | |
2d21c5cd | 39 | #include <grp.h> |
17d38f8d | 40 | #include <unistd.h> |
df62aa1d | 41 | #include "dnsrecords.hh" |
0efda032 | 42 | #include "mplexer.hh" |
8bc03e7e | 43 | #include "statbag.hh" |
0efda032 | 44 | |
61b26744 | 45 | #include "namespaces.hh" |
0efda032 | 46 | using namespace ::boost::multi_index; |
10f4eea8 | 47 | #include "namespaces.hh" |
0efda032 BH |
48 | |
49 | namespace po = boost::program_options; | |
50 | po::variables_map g_vm; | |
51 | ||
8bc03e7e BH |
52 | StatBag S; |
53 | ||
4226cfd0 | 54 | FDMultiplexer* g_fdm; |
0efda032 | 55 | int g_pdnssocket; |
8472da1b | 56 | bool g_verbose; |
0efda032 BH |
57 | |
58 | struct NotificationInFlight | |
59 | { | |
60 | ComboAddress source; | |
33ecb315 | 61 | time_t resentTime; |
5ab019ac | 62 | DNSName domain; |
33ecb315 BH |
63 | uint16_t origID, resentID; |
64 | int origSocket; | |
0efda032 BH |
65 | }; |
66 | ||
8472da1b BH |
67 | typedef map<uint16_t, NotificationInFlight> nifs_t; |
68 | nifs_t g_nifs; | |
33ecb315 | 69 | |
c37f5e15 BH |
70 | void syslogFmt(const boost::format& fmt) |
71 | { | |
72 | cerr<<"nproxy: "<<fmt<<endl; | |
73 | syslog(LOG_WARNING, "%s", str(fmt).c_str()); | |
74 | } | |
75 | ||
0efda032 BH |
76 | void handleOutsideUDPPacket(int fd, boost::any&) |
77 | try | |
78 | { | |
79 | char buffer[1500]; | |
80 | struct NotificationInFlight nif; | |
d7c676a5 RG |
81 | /* make sure we report enough room for IPv6 */ |
82 | nif.source.sin4.sin_family = AF_INET6; | |
33ecb315 | 83 | nif.origSocket = fd; |
0efda032 | 84 | |
d7c676a5 | 85 | socklen_t socklen=nif.source.getSocklen(); |
0efda032 BH |
86 | |
87 | int res=recvfrom(fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&nif.source, &socklen); | |
88 | if(!res) | |
89 | return; | |
90 | ||
91 | if(res < 0) | |
92 | throw runtime_error("reading packet from remote: "+stringerror()); | |
93 | ||
2010ac95 | 94 | MOADNSParser mdp(true, string(buffer,res)); |
33ecb315 BH |
95 | nif.domain = mdp.d_qname; |
96 | nif.origID = mdp.d_header.id; | |
0efda032 | 97 | |
c37f5e15 | 98 | |
5ab019ac | 99 | if(mdp.d_header.opcode == Opcode::Query && !mdp.d_header.qr && mdp.d_answers.empty() && mdp.d_qname.toString() == "pdns.nproxy." && |
8825be6b | 100 | (mdp.d_qtype == QType::TXT || mdp.d_qtype ==QType::A)) { |
df62aa1d BH |
101 | vector<uint8_t> packet; |
102 | DNSPacketWriter pw(packet, mdp.d_qname, mdp.d_qtype); | |
103 | pw.getHeader()->id = mdp.d_header.id; | |
104 | pw.getHeader()->rd = mdp.d_header.rd; | |
105 | pw.getHeader()->qr = 1; | |
106 | ||
8825be6b BH |
107 | pw.startRecord(mdp.d_qname, mdp.d_qtype); |
108 | if(mdp.d_qtype == QType::TXT) { | |
109 | TXTRecordContent trc("\"OK\""); | |
110 | trc.toPacket(pw); | |
111 | } | |
112 | else if(mdp.d_qtype == QType::A) { | |
113 | ARecordContent arc("1.2.3.4"); | |
114 | arc.toPacket(pw); | |
115 | } | |
df62aa1d | 116 | pw.commit(); |
0d502f42 BH |
117 | |
118 | if(sendto(fd, &packet[0], packet.size(), 0, (struct sockaddr*)&nif.source, socklen) < 0) { | |
119 | syslogFmt(boost::format("Unable to send health check response to external nameserver %s - %s") % nif.source.toStringWithPort() % stringerror()); | |
120 | } | |
df62aa1d BH |
121 | return; |
122 | } | |
0efda032 BH |
123 | |
124 | if(mdp.d_header.opcode != Opcode::Notify || mdp.d_qtype != QType::SOA) { | |
5ab019ac | 125 | syslogFmt(boost::format("Received non-notification packet for domain '%s' from external nameserver %s") % nif.domain.toString() % nif.source.toStringWithPort()); |
0efda032 BH |
126 | return; |
127 | } | |
5ab019ac | 128 | syslogFmt(boost::format("External notification received for domain '%s' from %s") % nif.domain.toString() % nif.source.toStringWithPort()); |
0efda032 BH |
129 | vector<uint8_t> outpacket; |
130 | DNSPacketWriter pw(outpacket, mdp.d_qname, mdp.d_qtype, 1, Opcode::Notify); | |
33ecb315 BH |
131 | |
132 | static uint16_t s_idpool; | |
133 | pw.getHeader()->id = nif.resentID = s_idpool++; | |
134 | ||
135 | if(send(g_pdnssocket, &outpacket[0], outpacket.size(), 0) < 0) { | |
136 | throw runtime_error("Unable to send notify to PowerDNS: "+stringerror()); | |
137 | } | |
138 | nif.resentTime=time(0); | |
139 | g_nifs[nif.resentID] = nif; | |
140 | ||
141 | } | |
adc10f99 | 142 | catch(std::exception &e) |
33ecb315 | 143 | { |
c37f5e15 | 144 | syslogFmt(boost::format("Error parsing packet from external nameserver: %s") % e.what()); |
33ecb315 BH |
145 | } |
146 | ||
147 | ||
148 | void handleInsideUDPPacket(int fd, boost::any&) | |
149 | try | |
150 | { | |
151 | char buffer[1500]; | |
152 | struct NotificationInFlight nif; | |
d7c676a5 RG |
153 | /* make sure we report enough room for IPv6 */ |
154 | nif.source.sin4.sin_family = AF_INET6; | |
33ecb315 | 155 | |
d7c676a5 | 156 | socklen_t socklen=nif.source.getSocklen(); |
33ecb315 | 157 | |
8472da1b BH |
158 | int len=recvfrom(fd, buffer, sizeof(buffer), 0, (struct sockaddr*)&nif.source, &socklen); |
159 | if(!len) | |
33ecb315 BH |
160 | return; |
161 | ||
8472da1b | 162 | if(len < 0) |
33ecb315 BH |
163 | throw runtime_error("reading packet from remote: "+stringerror()); |
164 | ||
8472da1b | 165 | string packet(buffer, len); |
27c0050c | 166 | MOADNSParser mdp(false, packet); |
33ecb315 | 167 | |
c37f5e15 | 168 | // cerr<<"Inside notification response for: "<<mdp.d_qname<<endl; |
33ecb315 BH |
169 | |
170 | if(!g_nifs.count(mdp.d_header.id)) { | |
73367b2e | 171 | syslogFmt(boost::format("Response from inner PowerDNS with unknown ID %1%") % (uint16_t)mdp.d_header.id); |
33ecb315 BH |
172 | return; |
173 | } | |
174 | ||
175 | nif=g_nifs[mdp.d_header.id]; | |
176 | ||
5ab019ac PL |
177 | if(nif.domain != mdp.d_qname) { |
178 | syslogFmt(boost::format("Response from inner nameserver for different domain '%s' than original notification '%s'") % mdp.d_qname.toString() % nif.domain.toString()); | |
8472da1b | 179 | } else { |
8472da1b | 180 | if(sendto(nif.origSocket, buffer, len, 0, (sockaddr*) &nif.source, nif.source.getSocklen()) < 0) { |
c37f5e15 | 181 | syslogFmt(boost::format("Unable to send notification response to external nameserver %s - %s") % nif.source.toStringWithPort() % stringerror()); |
8472da1b | 182 | } |
c37f5e15 | 183 | else |
5ab019ac | 184 | syslogFmt(boost::format("Sent notification response to external nameserver %s for domain '%s'") % nif.source.toStringWithPort() % nif.domain.toString()); |
0efda032 | 185 | } |
8472da1b | 186 | g_nifs.erase(mdp.d_header.id); |
0efda032 BH |
187 | |
188 | } | |
adc10f99 | 189 | catch(std::exception &e) |
0efda032 | 190 | { |
c37f5e15 | 191 | syslogFmt(boost::format("Error parsing packet from internal nameserver: %s") % e.what()); |
0efda032 BH |
192 | } |
193 | ||
8472da1b BH |
194 | void expireOldNotifications() |
195 | { | |
196 | time_t limit = time(0) - 10; | |
197 | for(nifs_t::iterator iter = g_nifs.begin(); iter != g_nifs.end(); ) { | |
198 | if(iter->second.resentTime < limit) { | |
5ab019ac | 199 | syslogFmt(boost::format("Notification for domain '%s' was sent to inner nameserver, but no response within 10 seconds") % iter->second.domain.toString()); |
8472da1b BH |
200 | g_nifs.erase(iter++); |
201 | } | |
202 | else | |
203 | ++iter; | |
204 | } | |
205 | } | |
33ecb315 | 206 | |
4c89ccef | 207 | void daemonize(int null_fd); |
33ecb315 | 208 | |
f5df3c78 PL |
209 | void usage(po::options_description &desc) { |
210 | cerr<<"nproxy"<<endl; | |
211 | cerr<<desc<<endl; | |
212 | } | |
213 | ||
0efda032 BH |
214 | int main(int argc, char** argv) |
215 | try | |
216 | { | |
df62aa1d | 217 | reportAllTypes(); |
c37f5e15 BH |
218 | openlog("nproxy", LOG_NDELAY | LOG_PID, LOG_DAEMON); |
219 | ||
4226cfd0 | 220 | g_fdm = FDMultiplexer::getMultiplexerSilent(); |
221 | if(!g_fdm) { | |
222 | throw std::runtime_error("Could not enable a multiplexer"); | |
223 | } | |
224 | ||
0efda032 BH |
225 | po::options_description desc("Allowed options"); |
226 | desc.add_options() | |
227 | ("help,h", "produce help message") | |
f5df3c78 | 228 | ("version", "print the version") |
8472da1b | 229 | ("powerdns-address", po::value<string>(), "IP address of PowerDNS server") |
c37f5e15 BH |
230 | ("chroot", po::value<string>(), "chroot to this directory for additional security") |
231 | ("setuid", po::value<int>(), "setuid to this numerical user id") | |
232 | ("setgid", po::value<int>(), "setgid to this numerical user id") | |
8472da1b BH |
233 | ("origin-address", po::value<string>()->default_value("::"), "Source address for notifications to PowerDNS") |
234 | ("listen-address", po::value<vector<string> >(), "IP addresses to listen on") | |
b4e82077 | 235 | ("listen-port", po::value<int>()->default_value(53), "Source port to listen on") |
8472da1b BH |
236 | ("daemon,d", po::value<bool>()->default_value(true), "operate in the background") |
237 | ("verbose,v", "be verbose"); | |
0efda032 BH |
238 | |
239 | po::store(po::command_line_parser(argc, argv).options(desc).run(), g_vm); | |
240 | po::notify(g_vm); | |
241 | ||
242 | if (g_vm.count("help")) { | |
f5df3c78 PL |
243 | usage(desc); |
244 | return EXIT_SUCCESS; | |
245 | } | |
246 | ||
247 | if (g_vm.count("version")) { | |
248 | cerr << "nproxy " << VERSION << endl; | |
0efda032 BH |
249 | return EXIT_SUCCESS; |
250 | } | |
251 | ||
8472da1b | 252 | if(!g_vm.count("powerdns-address")) { |
f5df3c78 PL |
253 | cerr<<"Mandatory setting 'powerdns-address' unset:\n"<<endl; |
254 | usage(desc); | |
0efda032 BH |
255 | return EXIT_FAILURE; |
256 | } | |
8472da1b BH |
257 | |
258 | if(!g_vm.count("verbose")) { | |
259 | g_verbose=true; | |
260 | } | |
0efda032 BH |
261 | |
262 | vector<string> addresses; | |
8472da1b BH |
263 | if(g_vm.count("listen-address")) |
264 | addresses=g_vm["listen-address"].as<vector<string> >(); | |
0efda032 BH |
265 | else |
266 | addresses.push_back("::"); | |
267 | ||
268 | // create sockets to listen on | |
269 | ||
c37f5e15 | 270 | syslogFmt(boost::format("Starting up")); |
0efda032 | 271 | for(vector<string>::const_iterator address = addresses.begin(); address != addresses.end(); ++address) { |
b4e82077 | 272 | ComboAddress local(*address, g_vm["listen-port"].as<int>()); |
0efda032 BH |
273 | int sock = socket(local.sin4.sin_family, SOCK_DGRAM, 0); |
274 | if(sock < 0) | |
275 | throw runtime_error("Creating socket for incoming packets: "+stringerror()); | |
276 | ||
277 | if(::bind(sock,(sockaddr*) &local, local.getSocklen()) < 0) | |
8472da1b | 278 | throw runtime_error("Binding socket for incoming packets to '"+ local.toStringWithPort()+"': "+stringerror()); |
0efda032 | 279 | |
4226cfd0 | 280 | g_fdm->addReadFD(sock, handleOutsideUDPPacket); // add to fdmultiplexer for each socket |
c37f5e15 | 281 | syslogFmt(boost::format("Listening for external notifications on address %s") % local.toStringWithPort()); |
0efda032 BH |
282 | } |
283 | ||
33ecb315 | 284 | // create socket that talks to inner PowerDNS |
b4e82077 BH |
285 | ComboAddress originAddress(g_vm["origin-address"].as<string>(), 0); |
286 | g_pdnssocket=socket(originAddress.sin4.sin_family, SOCK_DGRAM, 0); | |
0efda032 BH |
287 | if(g_pdnssocket < 0) |
288 | throw runtime_error("Creating socket for packets to PowerDNS: "+stringerror()); | |
289 | ||
b4e82077 | 290 | |
8472da1b BH |
291 | if(::bind(g_pdnssocket,(sockaddr*) &originAddress, originAddress.getSocklen()) < 0) |
292 | throw runtime_error("Binding local address of inward socket to '"+ originAddress.toStringWithPort()+"': "+stringerror()); | |
293 | ||
294 | ||
295 | ComboAddress pdns(g_vm["powerdns-address"].as<string>(), 53); | |
0efda032 | 296 | if(connect(g_pdnssocket, (struct sockaddr*) &pdns, pdns.getSocklen()) < 0) |
c37f5e15 BH |
297 | throw runtime_error("Failed to connect PowerDNS socket to address "+pdns.toStringWithPort()+": "+stringerror()); |
298 | ||
f7fb7022 | 299 | syslogFmt(boost::format("Sending notifications from %s to internal address %s") % originAddress.toString() % pdns.toStringWithPort()); |
0efda032 | 300 | |
4226cfd0 | 301 | g_fdm->addReadFD(g_pdnssocket, handleInsideUDPPacket); |
33ecb315 | 302 | |
4c89ccef CH |
303 | int null_fd=open("/dev/null",O_RDWR); /* open stdin */ |
304 | if(null_fd < 0) | |
305 | throw runtime_error("Unable to open /dev/null: "+stringerror()); | |
306 | ||
0efda032 | 307 | if(g_vm.count("chroot")) { |
4c89ccef | 308 | if(chroot(g_vm["chroot"].as<string>().c_str()) < 0 || chdir("/") < 0) |
0efda032 | 309 | throw runtime_error("while chrooting to "+g_vm["chroot"].as<string>()); |
c37f5e15 BH |
310 | syslogFmt(boost::format("Changed root to directory '%s'") % g_vm["chroot"].as<string>()); |
311 | } | |
312 | ||
fe97f596 PD |
313 | if(g_vm.count("setgid")) { |
314 | if(setgid(g_vm["setgid"].as<int>()) < 0) | |
335da0ba | 315 | throw runtime_error("while changing gid to "+std::to_string(g_vm["setgid"].as<int>())); |
fe97f596 PD |
316 | syslogFmt(boost::format("Changed gid to %d") % g_vm["setgid"].as<int>()); |
317 | if(setgroups(0, NULL) < 0) | |
318 | throw runtime_error("while dropping supplementary groups"); | |
319 | } | |
320 | ||
c37f5e15 BH |
321 | if(g_vm.count("setuid")) { |
322 | if(setuid(g_vm["setuid"].as<int>()) < 0) | |
335da0ba | 323 | throw runtime_error("while changing uid to "+std::to_string(g_vm["setuid"].as<int>())); |
c37f5e15 BH |
324 | syslogFmt(boost::format("Changed uid to %d") % g_vm["setuid"].as<int>()); |
325 | } | |
326 | ||
8472da1b | 327 | if(g_vm["daemon"].as<bool>()) { |
c37f5e15 | 328 | syslogFmt(boost::format("Daemonizing")); |
4c89ccef | 329 | daemonize(null_fd); |
8472da1b | 330 | } |
4c89ccef | 331 | close(null_fd); |
c37f5e15 | 332 | syslogFmt(boost::format("Program operational")); |
8472da1b BH |
333 | |
334 | ||
0efda032 BH |
335 | // start loop |
336 | struct timeval now; | |
337 | for(;;) { | |
338 | gettimeofday(&now, 0); | |
4226cfd0 | 339 | g_fdm->run(&now); |
0efda032 | 340 | // check for notifications that have been outstanding for more than 10 seconds |
8472da1b | 341 | expireOldNotifications(); |
0efda032 | 342 | } |
0efda032 | 343 | } |
c37f5e15 BH |
344 | catch(boost::program_options::error& e) |
345 | { | |
346 | syslogFmt(boost::format("Error parsing command line options: %s") % e.what()); | |
347 | } | |
adc10f99 | 348 | catch(std::exception& e) |
0efda032 | 349 | { |
c37f5e15 | 350 | syslogFmt(boost::format("Fatal: %s") % e.what()); |
0efda032 | 351 | } |
3f81d239 | 352 | catch(PDNSException& e) |
8472da1b | 353 | { |
c37f5e15 | 354 | syslogFmt(boost::format("Fatal: %s") % e.reason); |
8472da1b | 355 | } |
0efda032 | 356 | |
4c89ccef | 357 | void daemonize(int null_fd) |
8472da1b BH |
358 | { |
359 | if(fork()) | |
360 | exit(0); // bye bye | |
4c89ccef CH |
361 | |
362 | setsid(); | |
363 | ||
364 | dup2(null_fd,0); /* stdin */ | |
365 | dup2(null_fd,1); /* stderr */ | |
366 | dup2(null_fd,2); /* stderr */ | |
8472da1b | 367 | } |