3 Domain Name Service subroutines. */
6 * Copyright (c) 2009-2010 by Internet Systems Consortium, Inc. ("ISC")
7 * Copyright (c) 2004-2007 by Internet Systems Consortium, Inc. ("ISC")
8 * Copyright (c) 2001-2003 by Internet Software Consortium
10 * Permission to use, copy, modify, and distribute this software for any
11 * purpose with or without fee is hereby granted, provided that the above
12 * copyright notice and this permission notice appear in all copies.
14 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
15 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
16 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
17 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
18 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
19 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
20 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 * Internet Systems Consortium, Inc.
24 * Redwood City, CA 94063
26 * https://www.isc.org/
28 * The original software was written for Internet Systems Consortium
29 * by Ted Lemon it has since been extensively modified to use the
30 * asynchronous DNS routines.
34 #include "arpa/nameser.h"
37 #include <dns/result.h>
40 * This file contains code to connect the DHCP code to the libdns modules.
41 * As part of that function it maintains a database of zone cuts that can
42 * be used to figure out which server should be contacted to update any
43 * given domain name. Included in the zone information may be a pointer
44 * to a key in which case that key is used for the update. If no zone
45 * is found then the DNS code determines the zone on its own.
47 * The way this works is that you define the domain name to which an
48 * SOA corresponds, and the addresses of some primaries for that domain name:
52 * secondary 10.0.22.1, 10.0.23.1;
56 * If an update is requested for GAZANGA.TOPANGA.FOO.COM, then the name
57 * server looks in its database for a zone record for "GAZANGA.TOPANGA.FOO.COM",
58 * doesn't find it, looks for one for "TOPANGA.FOO.COM", doesn't find *that*,
59 * looks for "FOO.COM", finds it. So it
60 * attempts the update to the primary for FOO.COM. If that times out, it
61 * tries the secondaries. You can list multiple primaries if you have some
62 * kind of magic name server that supports that. You shouldn't list
63 * secondaries that don't know how to forward updates (e.g., BIND 8 doesn't
64 * support update forwarding, AFAIK). If no TSIG key is listed, the update
65 * is attempted without TSIG.
67 * The DHCP server tries to find an existing zone for any given name by
68 * trying to look up a local zone structure for each domain containing
69 * that name, all the way up to '.'. If it finds one cached, it tries
70 * to use that one to do the update. That's why it tries to update
71 * "FOO.COM" above, even though theoretically it should try GAZANGA...
72 * and TOPANGA... first.
74 * If the update fails with a predefined zone the zone is marked as bad
75 * and another search of the predefined zones is done. If no predefined
76 * zone is found finding a zone is left to the DNS module via examination
77 * of SOA records. If the DNS module finds a zone it may cache the zone
78 * but the zone won't be cached here.
80 * TSIG updates are not performed on zones found by the DNS module - if
81 * you want TSIG updates you _must_ write a zone definition linking the
82 * key to the zone. In cases where you know for sure what the key is
83 * but do not want to hardcode the IP addresses of the primary or
84 * secondaries, a zone declaration can be made that doesn't include any
85 * primary or secondary declarations. When the DHCP server encounters
86 * this while hunting up a matching zone for a name, it looks up the SOA,
87 * fills in the IP addresses, and uses that record for the update.
88 * If the SOA lookup returns NXRRSET, a warning is printed and the zone is
89 * discarded, TSIG key and all. The search for the zone then continues
90 * as if the zone record hadn't been found. Zones without IP addresses
91 * don't match when initially hunting for a zone to update.
93 * When an update is attempted and no predefined zone is found
94 * that matches any enclosing domain of the domain being updated, the DHCP
95 * server goes through the same process that is done when the update to a
96 * predefined zone fails - starting with the most specific domain
97 * name (GAZANGA.TOPANGA.FOO.COM) and moving to the least specific (the root),
98 * it tries to look up an SOA record.
100 * TSIG keys are defined like this:
102 * key "FOO.COM Key" {
103 * algorithm HMAC-MD5.SIG-ALG.REG.INT;
107 * <Base64> is a number expressed in base64 that represents the key.
108 * It's also permissible to use a quoted string here - this will be
109 * translated as the ASCII bytes making up the string, and will not
110 * include any NUL termination. The key name can be any text string,
111 * and the key type must be one of the key types defined in the draft
112 * or by the IANA. Currently only the HMAC-MD5... key type is
115 * The DDNS processing has been split into two areas. One is the
116 * control code that determines what should be done. That code is found
117 * in the client or server directories. The other is the common code
118 * that performs functions such as properly formatting the arguments.
119 * That code is found in this file. The basic processing flow for a
121 * In the client or server code determine what needs to be done and
122 * collect the necesary information then pass it to a function from
124 * In this code lookup the zone and extract the zone and key information
125 * (if available) and prepare the arguments for the DNS module.
126 * When the DNS module completes its work (times out or gets a reply)
127 * it will trigger another function here which does generic processing
128 * and then passes control back to the code from the server or client.
129 * The server or client code then determines the next step which may
130 * result in another call to this module in which case the process repeats.
133 dns_zone_hash_t
*dns_zone_hash
;
136 * DHCP dns structures
137 * Normally the relationship between these structures isn't one to one
138 * but in the DHCP case it (mostly) is. To make the allocations, frees,
139 * and passing of the memory easier we make a single structure with all
142 * The maximum size of the data buffer should be large enough for any
143 * items DHCP will generate
146 typedef struct dhcp_ddns_rdata
{
148 dns_rdatalist_t rdatalist
;
149 dns_rdataset_t rdataset
;
152 #if defined (NSUPDATE)
154 void ddns_interlude(isc_task_t
*, isc_event_t
*);
157 #if defined (TRACING)
159 * Code to support tracing DDNS packets. We trace packets going to and
160 * coming from the libdns code but don't try to track the packets
161 * exchanged between the libdns code and the dns server(s) it contacts.
163 * The code is split into two sets of routines
164 * input refers to messages received from the dns module
165 * output refers to messages sent to the dns module
166 * Currently there are three routines in each set
167 * write is used to write information about the message to the trace file
168 * this routine is called directly from the proper place in the code.
169 * read is used to read information about a message from the trace file
170 * this routine is called from the trace loop as it reads through
171 * the file and is registered via the trace_type_register routine.
172 * When playing back a trace file we shall absorb records of output
173 * messages as part of processing the write function, therefore
174 * any output messages we encounter are flagged as errors.
175 * stop isn't currently used in this code but is needed for the register
178 * We pass a pointer to a control block to the dns module which it returns
179 * to use as part of the result. As the pointer may vary between traces
180 * we need to map between those from the trace file and the new ones during
183 * The mapping is complicated a little as a pointer could be 4 or 8 bytes
184 * long. We treat the old pointer as an 8 byte quantity and pad and compare
189 * Structure used to map old pointers to new pointers.
190 * Old pointers are 8 bytes long as we don't know if the trace was
191 * done on a 64 bit or 32 bit machine.
193 #define TRACE_PTR_LEN 8
195 typedef struct dhcp_ddns_map
{
196 char old_pointer
[TRACE_PTR_LEN
];
198 struct dhcp_ddns_map
*next
;
201 /* The starting point for the map structure */
202 static dhcp_ddns_map_t
*ddns_map
;
204 trace_type_t
*trace_ddns_input
;
205 trace_type_t
*trace_ddns_output
;
208 * The data written to the trace file is:
209 * 32 bits result from dns
210 * 64 bits pointer of cb
214 trace_ddns_input_write(dhcp_ddns_cb_t
*ddns_cb
, isc_result_t result
)
217 u_int32_t old_result
;
218 char old_pointer
[TRACE_PTR_LEN
];
220 old_result
= htonl((u_int32_t
)result
);
221 memset(old_pointer
, 0, TRACE_PTR_LEN
);
222 memcpy(old_pointer
, &ddns_cb
, sizeof(ddns_cb
));
224 iov
[0].len
= sizeof(old_result
);
225 iov
[0].buf
= (char *)&old_result
;
226 iov
[1].len
= TRACE_PTR_LEN
;
227 iov
[1].buf
= old_pointer
;
228 trace_write_packet_iov(trace_ddns_input
, 2, iov
, MDL
);
232 * Process the result and pointer from the trace file.
233 * We use the pointer map to find the proper pointer for this instance.
234 * Then we need to construct an event to pass along to the interlude
238 trace_ddns_input_read(trace_type_t
*ttype
, unsigned length
,
241 u_int32_t old_result
;
242 char old_pointer
[TRACE_PTR_LEN
];
243 dns_clientupdateevent_t
*eventp
;
245 dhcp_ddns_map_t
*ddns_map_ptr
;
247 if (length
< (sizeof(old_result
) + TRACE_PTR_LEN
)) {
248 log_error("trace_ddns_input_read: data too short");
252 memcpy(&old_result
, buf
, sizeof(old_result
));
253 memcpy(old_pointer
, buf
+ sizeof(old_result
), TRACE_PTR_LEN
);
255 /* map the old pointer to a new pointer */
256 for (ddns_map_ptr
= ddns_map
;
257 ddns_map_ptr
!= NULL
;
258 ddns_map_ptr
= ddns_map_ptr
->next
) {
259 if ((ddns_map_ptr
->new_pointer
!= NULL
) &&
260 memcmp(ddns_map_ptr
->old_pointer
,
261 old_pointer
, TRACE_PTR_LEN
) == 0) {
262 new_pointer
= ddns_map_ptr
->new_pointer
;
263 ddns_map_ptr
->new_pointer
= NULL
;
264 memset(ddns_map_ptr
->old_pointer
, 0, TRACE_PTR_LEN
);
268 if (ddns_map_ptr
== NULL
) {
269 log_error("trace_dns_input_read: unable to map cb pointer");
273 eventp
= (dns_clientupdateevent_t
*)
274 isc_event_allocate(dhcp_gbl_ctx
.mctx
,
279 sizeof(dns_clientupdateevent_t
));
280 if (eventp
== NULL
) {
281 log_error("trace_ddns_input_read: unable to allocate event");
284 eventp
->result
= ntohl(old_result
);
287 ddns_interlude(dhcp_gbl_ctx
.task
, (isc_event_t
*)eventp
);
293 trace_ddns_input_stop(trace_type_t
*ttype
)
298 * We use the same arguments as for the dns startupdate function to
299 * allows us to choose between the two via a macro. If tracing isn't
300 * in use we simply call the dns function directly.
302 * If we are doing playback we read the next packet from the file
303 * and compare the type. If it matches we extract the results and pointer
304 * from the trace file. The results are returned to the caller as if
305 * they had called the dns routine. The pointer is used to construct a
306 * map for when the "reply" is processed.
308 * The data written to trace file is:
310 * 64 bits pointer of cb (DDNS Control block)
315 trace_ddns_output_write(dns_client_t
*client
, dns_rdataclass_t rdclass
,
316 dns_name_t
*zonename
, dns_namelist_t
*prerequisites
,
317 dns_namelist_t
*updates
, isc_sockaddrlist_t
*servers
,
318 dns_tsec_t
*tsec
, unsigned int options
,
319 isc_task_t
*task
, isc_taskaction_t action
, void *arg
,
320 dns_clientupdatetrans_t
**transp
)
323 u_int32_t old_result
;
324 char old_pointer
[TRACE_PTR_LEN
];
325 dhcp_ddns_map_t
*ddns_map_ptr
;
327 if (trace_playback() != 0) {
328 /* We are doing playback, extract the entry from the file */
332 result
= trace_get_packet(&trace_ddns_output
,
334 if (result
!= ISC_R_SUCCESS
) {
335 log_error("trace_ddns_output_write: no input found");
336 return (ISC_R_FAILURE
);
338 if (buflen
< (sizeof(old_result
) + TRACE_PTR_LEN
)) {
339 log_error("trace_ddns_output_write: data too short");
341 return (ISC_R_FAILURE
);
343 memcpy(&old_result
, inbuf
, sizeof(old_result
));
344 result
= ntohl(old_result
);
345 memcpy(old_pointer
, inbuf
+ sizeof(old_result
), TRACE_PTR_LEN
);
348 /* add the pointer to the pointer map */
349 for (ddns_map_ptr
= ddns_map
;
350 ddns_map_ptr
!= NULL
;
351 ddns_map_ptr
= ddns_map_ptr
->next
) {
352 if (ddns_map_ptr
->new_pointer
== NULL
) {
358 * If we didn't find an empty entry, allocate an entry and
359 * link it into the list. The list isn't ordered.
361 if (ddns_map_ptr
== NULL
) {
362 ddns_map_ptr
= dmalloc(sizeof(*ddns_map_ptr
), MDL
);
363 if (ddns_map_ptr
== NULL
) {
364 log_error("trace_ddns_output_write: "
365 "unable to allocate map entry");
366 return(ISC_R_FAILURE
);
368 ddns_map_ptr
->next
= ddns_map
;
369 ddns_map
= ddns_map_ptr
;
372 memcpy(ddns_map_ptr
->old_pointer
, old_pointer
, TRACE_PTR_LEN
);
373 ddns_map_ptr
->new_pointer
= arg
;
376 /* We aren't doing playback, make the actual call */
377 result
= dns_client_startupdate(client
, rdclass
, zonename
,
378 prerequisites
, updates
,
379 servers
, tsec
, options
,
380 task
, action
, arg
, transp
);
383 if (trace_record() != 0) {
384 /* We are recording, save the information to the file */
386 old_result
= htonl((u_int32_t
)result
);
387 memset(old_pointer
, 0, TRACE_PTR_LEN
);
388 memcpy(old_pointer
, &arg
, sizeof(arg
));
389 iov
[0].len
= sizeof(old_result
);
390 iov
[0].buf
= (char *)&old_result
;
391 iov
[1].len
= TRACE_PTR_LEN
;
392 iov
[1].buf
= old_pointer
;
394 /* Write out the entire cb, in case we want to look at it */
395 iov
[2].len
= sizeof(dhcp_ddns_cb_t
);
396 iov
[2].buf
= (char *)arg
;
398 trace_write_packet_iov(trace_ddns_output
, 3, iov
, MDL
);
405 trace_ddns_output_read(trace_type_t
*ttype
, unsigned length
,
408 log_error("unaccounted for ddns output.");
412 trace_ddns_output_stop(trace_type_t
*ttype
)
419 trace_ddns_output
= trace_type_register("ddns-output", NULL
,
420 trace_ddns_output_read
,
421 trace_ddns_output_stop
, MDL
);
422 trace_ddns_input
= trace_type_register("ddns-input", NULL
,
423 trace_ddns_input_read
,
424 trace_ddns_input_stop
, MDL
);
428 #define ddns_update trace_ddns_output_write
430 #define ddns_update dns_client_startupdate
434 * Code to allocate and free a dddns control block. This block is used
435 * to pass and track the information associated with a DDNS update request.
438 ddns_cb_alloc(const char *file
, int line
)
440 dhcp_ddns_cb_t
*ddns_cb
;
443 ddns_cb
= dmalloc(sizeof(*ddns_cb
), file
, line
);
444 if (ddns_cb
!= NULL
) {
445 ISC_LIST_INIT(ddns_cb
->zone_server_list
);
446 for (i
= 0; i
< DHCP_MAXNS
; i
++) {
447 ISC_LINK_INIT(&ddns_cb
->zone_addrs
[i
], link
);
455 ddns_cb_free(dhcp_ddns_cb_t
*ddns_cb
, const char *file
, int line
)
457 data_string_forget(&ddns_cb
->fwd_name
, file
, line
);
458 data_string_forget(&ddns_cb
->rev_name
, file
, line
);
459 data_string_forget(&ddns_cb
->dhcid
, file
, line
);
461 if (ddns_cb
->zone
!= NULL
) {
462 forget_zone((struct dns_zone
**)&ddns_cb
->zone
);
465 /* Should be freed by now, check just in case. */
466 if (ddns_cb
->transaction
!= NULL
)
467 log_error("Impossible memory leak at %s:%d (attempt to free "
468 "DDNS Control Block before transaction).", MDL
);
470 dfree(ddns_cb
, file
, line
);
474 ddns_cb_forget_zone(dhcp_ddns_cb_t
*ddns_cb
)
478 forget_zone(&ddns_cb
->zone
);
479 ddns_cb
->zone_name
[0] = 0;
480 ISC_LIST_INIT(ddns_cb
->zone_server_list
);
481 for (i
= 0; i
< DHCP_MAXNS
; i
++) {
482 ISC_LINK_INIT(&ddns_cb
->zone_addrs
[i
], link
);
486 isc_result_t
find_tsig_key (ns_tsig_key
**key
, const char *zname
,
487 struct dns_zone
*zone
)
492 return ISC_R_NOTFOUND
;
495 return DHCP_R_KEY_UNKNOWN
;
498 if ((!zone
-> key
-> name
||
499 strlen (zone
-> key
-> name
) > NS_MAXDNAME
) ||
500 (!zone
-> key
-> algorithm
||
501 strlen (zone
-> key
-> algorithm
) > NS_MAXDNAME
) ||
503 (!zone
-> key
-> key
) ||
504 (zone
-> key
-> key
-> len
== 0)) {
505 return DHCP_R_INVALIDKEY
;
507 tkey
= dmalloc (sizeof *tkey
, MDL
);
510 return ISC_R_NOMEMORY
;
512 memset (tkey
, 0, sizeof *tkey
);
513 tkey
-> data
= dmalloc (zone
-> key
-> key
-> len
, MDL
);
518 strcpy (tkey
-> name
, zone
-> key
-> name
);
519 strcpy (tkey
-> alg
, zone
-> key
-> algorithm
);
520 memcpy (tkey
-> data
,
521 zone
-> key
-> key
-> value
, zone
-> key
-> key
-> len
);
522 tkey
-> len
= zone
-> key
-> key
-> len
;
524 return ISC_R_SUCCESS
;
527 void tkey_free (ns_tsig_key
**key
)
530 dfree ((*key
) -> data
, MDL
);
532 *key
= (ns_tsig_key
*)0;
536 isc_result_t
enter_dns_zone (struct dns_zone
*zone
)
538 struct dns_zone
*tz
= (struct dns_zone
*)0;
541 dns_zone_hash_lookup (&tz
,
542 dns_zone_hash
, zone
-> name
, 0, MDL
);
544 dns_zone_dereference (&tz
, MDL
);
545 return ISC_R_SUCCESS
;
548 dns_zone_hash_delete (dns_zone_hash
,
549 zone
-> name
, 0, MDL
);
550 dns_zone_dereference (&tz
, MDL
);
553 if (!dns_zone_new_hash(&dns_zone_hash
, DNS_HASH_SIZE
, MDL
))
554 return ISC_R_NOMEMORY
;
557 dns_zone_hash_add (dns_zone_hash
, zone
-> name
, 0, zone
, MDL
);
558 return ISC_R_SUCCESS
;
561 isc_result_t
dns_zone_lookup (struct dns_zone
**zone
, const char *name
)
564 char *tname
= (char *)0;
568 return ISC_R_NOTFOUND
;
571 if (name
[len
- 1] != '.') {
572 tname
= dmalloc ((unsigned)len
+ 2, MDL
);
574 return ISC_R_NOMEMORY
;
575 strcpy (tname
, name
);
580 if (!dns_zone_hash_lookup (zone
, dns_zone_hash
, name
, 0, MDL
))
581 status
= ISC_R_NOTFOUND
;
583 status
= ISC_R_SUCCESS
;
590 int dns_zone_dereference (ptr
, file
, line
)
591 struct dns_zone
**ptr
;
595 struct dns_zone
*dns_zone
;
598 log_error ("%s(%d): null pointer", file
, line
);
599 #if defined (POINTER_DEBUG)
607 *ptr
= (struct dns_zone
*)0;
608 --dns_zone
-> refcnt
;
609 rc_register (file
, line
, ptr
, dns_zone
, dns_zone
-> refcnt
, 1, RC_MISC
);
610 if (dns_zone
-> refcnt
> 0)
613 if (dns_zone
-> refcnt
< 0) {
614 log_error ("%s(%d): negative refcnt!", file
, line
);
615 #if defined (DEBUG_RC_HISTORY)
616 dump_rc_history (dns_zone
);
618 #if defined (POINTER_DEBUG)
625 if (dns_zone
-> name
)
626 dfree (dns_zone
-> name
, file
, line
);
628 omapi_auth_key_dereference (&dns_zone
-> key
, file
, line
);
629 if (dns_zone
-> primary
)
630 option_cache_dereference (&dns_zone
-> primary
, file
, line
);
631 if (dns_zone
-> secondary
)
632 option_cache_dereference (&dns_zone
-> secondary
, file
, line
);
633 dfree (dns_zone
, file
, line
);
637 #if defined (NSUPDATE)
639 find_cached_zone(dhcp_ddns_cb_t
*ddns_cb
, int direction
)
641 isc_result_t status
= ISC_R_NOTFOUND
;
643 struct dns_zone
*zone
= (struct dns_zone
*)0;
644 struct data_string nsaddrs
;
645 struct in_addr zone_addr
;
648 if (direction
== FIND_FORWARD
) {
649 np
= (const char *)ddns_cb
->fwd_name
.data
;
651 np
= (const char *)ddns_cb
->rev_name
.data
;
654 /* We can't look up a null zone. */
655 if ((np
== NULL
) || (*np
== '\0')) {
656 return DHCP_R_INVALIDARG
;
660 * For each subzone, try to find a cached zone.
661 * Skip the first zone as that shouldn't work.
663 for (np
= strchr(np
, '.'); np
!= NULL
; np
= strchr(np
, '.')) {
665 status
= dns_zone_lookup (&zone
, np
);
666 if (status
== ISC_R_SUCCESS
)
670 if (status
!= ISC_R_SUCCESS
)
673 /* Make sure the zone is valid. */
674 if (zone
-> timeout
&& zone
-> timeout
< cur_time
) {
675 dns_zone_dereference (&zone
, MDL
);
676 return ISC_R_CANCELED
;
679 /* Make sure the zone name will fit. */
680 if (strlen(zone
->name
) > sizeof(ddns_cb
->zone_name
)) {
681 dns_zone_dereference (&zone
, MDL
);
682 return ISC_R_NOSPACE
;
684 strcpy((char *)&ddns_cb
->zone_name
[0], zone
->name
);
686 memset (&nsaddrs
, 0, sizeof nsaddrs
);
689 if (zone
-> primary
) {
690 if (evaluate_option_cache (&nsaddrs
, (struct packet
*)0,
692 (struct client_state
*)0,
693 (struct option_state
*)0,
694 (struct option_state
*)0,
696 zone
-> primary
, MDL
)) {
698 while (ix
< DHCP_MAXNS
) {
699 if (ip
+ 4 > nsaddrs
.len
)
701 memcpy(&zone_addr
, &nsaddrs
.data
[ip
], 4);
702 isc_sockaddr_fromin(&ddns_cb
->zone_addrs
[ix
],
705 ISC_LIST_APPEND(ddns_cb
->zone_server_list
,
706 &ddns_cb
->zone_addrs
[ix
],
711 data_string_forget (&nsaddrs
, MDL
);
714 if (zone
-> secondary
) {
715 if (evaluate_option_cache (&nsaddrs
, (struct packet
*)0,
717 (struct client_state
*)0,
718 (struct option_state
*)0,
719 (struct option_state
*)0,
721 zone
-> secondary
, MDL
)) {
723 while (ix
< DHCP_MAXNS
) {
724 if (ip
+ 4 > nsaddrs
.len
)
726 memcpy(&zone_addr
, &nsaddrs
.data
[ip
], 4);
727 isc_sockaddr_fromin(&ddns_cb
->zone_addrs
[ix
],
730 ISC_LIST_APPEND(ddns_cb
->zone_server_list
,
731 &ddns_cb
->zone_addrs
[ix
],
736 data_string_forget (&nsaddrs
, MDL
);
740 dns_zone_reference(&ddns_cb
->zone
, zone
, MDL
);
741 dns_zone_dereference (&zone
, MDL
);
742 return ISC_R_SUCCESS
;
745 void forget_zone (struct dns_zone
**zone
)
747 dns_zone_dereference (zone
, MDL
);
750 void repudiate_zone (struct dns_zone
**zone
)
752 /* XXX Currently we're not differentiating between a cached
753 XXX zone and a zone that's been repudiated, which means
754 XXX that if we reap cached zones, we blow away repudiated
755 XXX zones. This isn't a big problem since we're not yet
756 XXX caching zones... :'} */
758 (*zone
) -> timeout
= cur_time
- 1;
759 dns_zone_dereference (zone
, MDL
);
762 /* Have to use TXT records for now. */
763 #define T_DHCID T_TXT
765 int get_dhcid (struct data_string
*id
,
766 int type
, const u_int8_t
*data
, unsigned len
)
768 unsigned char buf
[ISC_MD5_DIGESTLENGTH
];
772 /* Types can only be 0..(2^16)-1. */
773 if (type
< 0 || type
> 65535)
777 * Hexadecimal MD5 digest plus two byte type, NUL,
778 * and one byte for length for dns.
780 if (!buffer_allocate (&id
-> buffer
,
781 (ISC_MD5_DIGESTLENGTH
* 2) + 4, MDL
))
783 id
-> data
= id
-> buffer
-> data
;
786 * DHCP clients and servers should use the following forms of client
787 * identification, starting with the most preferable, and finishing
788 * with the least preferable. If the client does not send any of these
789 * forms of identification, the DHCP/DDNS interaction is not defined by
790 * this specification. The most preferable form of identification is
791 * the Globally Unique Identifier Option [TBD]. Next is the DHCP
792 * Client Identifier option. Last is the client's link-layer address,
793 * as conveyed in its DHCPREQUEST message. Implementors should note
794 * that the link-layer address cannot be used if there are no
795 * significant bytes in the chaddr field of the DHCP client's request,
796 * because this does not constitute a unique identifier.
797 * -- "Interaction between DHCP and DNS"
798 * <draft-ietf-dhc-dhcp-dns-12.txt>
799 * M. Stapp, Y. Rekhter
801 * We put the length into the first byte to turn
802 * this into a dns text string. This avoid needing to
803 * copy the string to add the byte later.
805 id
->buffer
->data
[0] = ISC_MD5_DIGESTLENGTH
* 2 + 2;
807 /* Put the type in the next two bytes. */
808 id
->buffer
->data
[1] = "0123456789abcdef"[type
>> 4];
809 id
->buffer
->data
[2] = "0123456789abcdef"[type
% 15];
811 /* Mash together an MD5 hash of the identifier. */
813 isc_md5_update(&md5
, data
, len
);
814 isc_md5_final(&md5
, buf
);
816 /* Convert into ASCII. */
817 for (i
= 0; i
< ISC_MD5_DIGESTLENGTH
; i
++) {
818 id
->buffer
->data
[i
* 2 + 3] =
819 "0123456789abcdef"[(buf
[i
] >> 4) & 0xf];
820 id
->buffer
->data
[i
* 2 + 4] =
821 "0123456789abcdef"[buf
[i
] & 0xf];
824 id
->len
= ISC_MD5_DIGESTLENGTH
* 2 + 3;
825 id
->buffer
->data
[id
->len
] = 0;
832 * The dhcid (text version) that we pass to DNS includes a length byte
833 * at the start but the text we store in the lease doesn't include the
834 * length byte. The following routines are to convert between the two
837 * When converting from a dhcid to a leaseid we reuse the buffer and
838 * simply adjust the data pointer and length fields in the data string.
839 * This avoids any prolems with allocating space.
843 dhcid_tolease(struct data_string
*dhcid
,
844 struct data_string
*leaseid
)
846 /* copy the data string then update the fields */
847 data_string_copy(leaseid
, dhcid
, MDL
);
853 dhcid_fromlease(struct data_string
*dhcid
,
854 struct data_string
*leaseid
)
856 if (!buffer_allocate(&dhcid
->buffer
, leaseid
->len
+ 2, MDL
)) {
857 return(ISC_R_FAILURE
);
860 dhcid
->data
= dhcid
->buffer
->data
;
862 dhcid
->buffer
->data
[0] = leaseid
->len
;
863 memcpy(dhcid
->buffer
->data
+ 1, leaseid
->data
, leaseid
->len
);
864 dhcid
->len
= leaseid
->len
+ 1;
865 if (leaseid
->terminated
== 1) {
866 dhcid
->buffer
->data
[dhcid
->len
] = 0;
867 dhcid
->terminated
= 1;
870 return(ISC_R_SUCCESS
);
874 * Construct the dataset for this item.
875 * This is a fairly simple arrangement as the operations we do are simple.
876 * If there is data we simply have the rdata point to it - the formatting
877 * must be correct already. We then link the rdatalist to the rdata and
878 * create a rdataset from the rdatalist.
882 make_dns_dataset(dns_rdataclass_t dataclass
,
883 dns_rdatatype_t datatype
,
884 dhcp_ddns_data_t
*dataspace
,
889 dns_rdata_t
*rdata
= &dataspace
->rdata
;
890 dns_rdatalist_t
*rdatalist
= &dataspace
->rdatalist
;
891 dns_rdataset_t
*rdataset
= &dataspace
->rdataset
;
895 /* set up the rdata */
896 dns_rdata_init(rdata
);
899 /* No data, set up the rdata fields we care about */
900 rdata
->flags
= DNS_RDATA_UPDATE
;
901 rdata
->type
= datatype
;
902 rdata
->rdclass
= dataclass
;
905 case dns_rdatatype_a
:
906 case dns_rdatatype_aaaa
:
907 case dns_rdatatype_txt
:
908 case dns_rdatatype_dhcid
:
909 case dns_rdatatype_ptr
:
910 /* The data must be in the right format we simply
911 * need to supply it via the correct structure */
913 region
.length
= datalen
;
914 dns_rdata_fromregion(rdata
, dataclass
, datatype
,
918 return(DHCP_R_INVALIDARG
);
923 /* setup the datalist and attach the rdata to it */
924 dns_rdatalist_init(rdatalist
);
925 rdatalist
->type
= datatype
;
926 rdatalist
->rdclass
= dataclass
;
927 rdatalist
->ttl
= ttl
;
928 ISC_LIST_APPEND(rdatalist
->rdata
, rdata
, link
);
930 /* convert the datalist to a dataset */
931 dns_rdataset_init(rdataset
);
932 dns_rdatalist_tordataset(rdatalist
, rdataset
);
934 return(ISC_R_SUCCESS
);
938 * When a DHCP client or server intends to update an A RR, it first
939 * prepares a DNS UPDATE query which includes as a prerequisite the
940 * assertion that the name does not exist. The update section of the
941 * query attempts to add the new name and its IP address mapping (an A
942 * RR), and the DHCID RR with its unique client-identity.
943 * -- "Interaction between DHCP and DNS"
945 * There are two cases, one for the server and one for the client.
947 * For the server the first step will have a request of:
948 * The name is not in use
950 * Add a DHCID RR (currently txt)
952 * For the client the first step will have a request of:
953 * The A RR does not exist
955 * Add a DHCID RR (currently txt)
959 ddns_modify_fwd_add1(dhcp_ddns_cb_t
*ddns_cb
,
960 dhcp_ddns_data_t
*dataspace
,
966 /* Construct the prerequisite list */
967 if ((ddns_cb
->flags
& DDNS_INCLUDE_RRSET
) != 0) {
968 /* The A RR shouldn't exist */
969 result
= make_dns_dataset(dns_rdataclass_none
,
970 ddns_cb
->address_type
,
971 dataspace
, NULL
, 0, 0);
973 /* The name is not in use */
974 result
= make_dns_dataset(dns_rdataclass_none
,
976 dataspace
, NULL
, 0, 0);
978 if (result
!= ISC_R_SUCCESS
) {
981 ISC_LIST_APPEND(pname
->list
, &dataspace
->rdataset
, link
);
984 /* Construct the update list */
986 result
= make_dns_dataset(dns_rdataclass_in
, ddns_cb
->address_type
,
988 (unsigned char *)ddns_cb
->address
.iabuf
,
989 ddns_cb
->address
.len
, ddns_cb
->ttl
);
990 if (result
!= ISC_R_SUCCESS
) {
993 ISC_LIST_APPEND(uname
->list
, &dataspace
->rdataset
, link
);
996 /* Add the DHCID RR */
997 result
= make_dns_dataset(dns_rdataclass_in
, dns_rdatatype_txt
,
999 (unsigned char *)ddns_cb
->dhcid
.data
,
1000 ddns_cb
->dhcid
.len
, ddns_cb
->ttl
);
1001 if (result
!= ISC_R_SUCCESS
) {
1004 ISC_LIST_APPEND(uname
->list
, &dataspace
->rdataset
, link
);
1006 return(ISC_R_SUCCESS
);
1010 * If the first update operation fails with YXDOMAIN, the updater can
1011 * conclude that the intended name is in use. The updater then
1012 * attempts to confirm that the DNS name is not being used by some
1013 * other host. The updater prepares a second UPDATE query in which the
1014 * prerequisite is that the desired name has attached to it a DHCID RR
1015 * whose contents match the client identity. The update section of
1016 * this query deletes the existing A records on the name, and adds the
1017 * A record that matches the DHCP binding and the DHCID RR with the
1019 * -- "Interaction between DHCP and DNS"
1021 * The message for the second step depends on if we are doing conflict
1022 * resolution. If we are we include a prerequisite. If not we delete
1023 * the DHCID in addition to all A rrsets.
1025 * Conflict resolution:
1026 * DHCID RR exists, and matches client identity.
1030 * Conflict override:
1038 ddns_modify_fwd_add2(dhcp_ddns_cb_t
*ddns_cb
,
1039 dhcp_ddns_data_t
*dataspace
,
1043 isc_result_t result
;
1046 * If we are doing conflict resolution (unset) we use a prereq list.
1047 * If not we delete the DHCID in addition to all A rrsets.
1049 if ((ddns_cb
->flags
& DDNS_CONFLICT_OVERRIDE
) == 0) {
1050 /* Construct the prereq list */
1051 /* The DHCID RR exists and matches the client identity */
1052 result
= make_dns_dataset(dns_rdataclass_in
, dns_rdatatype_txt
,
1054 (unsigned char *)ddns_cb
->dhcid
.data
,
1055 ddns_cb
->dhcid
.len
, 0);
1056 if (result
!= ISC_R_SUCCESS
) {
1059 ISC_LIST_APPEND(pname
->list
, &dataspace
->rdataset
, link
);
1062 /* Start constructing the update list.
1063 * Conflict detection override: delete DHCID RRs */
1064 result
= make_dns_dataset(dns_rdataclass_any
,
1066 dataspace
, NULL
, 0, 0);
1067 if (result
!= ISC_R_SUCCESS
) {
1070 ISC_LIST_APPEND(uname
->list
, &dataspace
->rdataset
, link
);
1073 /* Add current DHCID RR */
1074 result
= make_dns_dataset(dns_rdataclass_in
, dns_rdatatype_txt
,
1076 (unsigned char *)ddns_cb
->dhcid
.data
,
1077 ddns_cb
->dhcid
.len
, ddns_cb
->ttl
);
1078 if (result
!= ISC_R_SUCCESS
) {
1081 ISC_LIST_APPEND(uname
->list
, &dataspace
->rdataset
, link
);
1085 /* Start or continue constructing the update list */
1086 /* Delete the A RRset */
1087 result
= make_dns_dataset(dns_rdataclass_any
, ddns_cb
->address_type
,
1088 dataspace
, NULL
, 0, 0);
1089 if (result
!= ISC_R_SUCCESS
) {
1092 ISC_LIST_APPEND(uname
->list
, &dataspace
->rdataset
, link
);
1096 result
= make_dns_dataset(dns_rdataclass_in
, ddns_cb
->address_type
,
1098 (unsigned char *)ddns_cb
->address
.iabuf
,
1099 ddns_cb
->address
.len
, ddns_cb
->ttl
);
1100 if (result
!= ISC_R_SUCCESS
) {
1103 ISC_LIST_APPEND(uname
->list
, &dataspace
->rdataset
, link
);
1105 return(ISC_R_SUCCESS
);
1109 * The entity chosen to handle the A record for this client (either the
1110 * client or the server) SHOULD delete the A record that was added when
1111 * the lease was made to the client.
1113 * In order to perform this delete, the updater prepares an UPDATE
1114 * query which contains two prerequisites. The first prerequisite
1115 * asserts that the DHCID RR exists whose data is the client identity
1116 * described in Section 4.3. The second prerequisite asserts that the
1117 * data in the A RR contains the IP address of the lease that has
1118 * expired or been released.
1119 * -- "Interaction between DHCP and DNS"
1122 * DHCID RR exists, and matches client identity.
1123 * A RR matches the expiring lease.
1124 * Delete appropriate A RR.
1128 ddns_modify_fwd_rem1(dhcp_ddns_cb_t
*ddns_cb
,
1129 dhcp_ddns_data_t
*dataspace
,
1133 isc_result_t result
;
1135 /* Consruct the prereq list */
1136 /* The DHCID RR exists and matches the client identity */
1137 result
= make_dns_dataset(dns_rdataclass_in
, dns_rdatatype_txt
,
1139 (unsigned char *)ddns_cb
->dhcid
.data
,
1140 ddns_cb
->dhcid
.len
, 0);
1141 if (result
!= ISC_R_SUCCESS
) {
1144 ISC_LIST_APPEND(pname
->list
, &dataspace
->rdataset
, link
);
1147 /* The A RR matches the expiring lease */
1148 result
= make_dns_dataset(dns_rdataclass_in
, ddns_cb
->address_type
,
1150 (unsigned char *)ddns_cb
->address
.iabuf
,
1151 ddns_cb
->address
.len
, 0);
1152 if (result
!= ISC_R_SUCCESS
) {
1155 ISC_LIST_APPEND(pname
->list
, &dataspace
->rdataset
, link
);
1158 /* Construct the update list */
1159 /* Delete A RRset */
1160 result
= make_dns_dataset(dns_rdataclass_none
, ddns_cb
->address_type
,
1162 (unsigned char *)ddns_cb
->address
.iabuf
,
1163 ddns_cb
->address
.len
, 0);
1164 if (result
!= ISC_R_SUCCESS
) {
1167 ISC_LIST_APPEND(uname
->list
, &dataspace
->rdataset
, link
);
1169 return(ISC_R_SUCCESS
);
1173 * If the deletion of the A succeeded, and there are no A or AAAA
1174 * records left for this domain, then we can blow away the DHCID
1175 * record as well. We can't blow away the DHCID record above
1176 * because it's possible that more than one record has been added
1177 * to this domain name.
1180 * A RR does not exist.
1181 * AAAA RR does not exist.
1182 * Delete appropriate DHCID RR.
1186 ddns_modify_fwd_rem2(dhcp_ddns_cb_t
*ddns_cb
,
1187 dhcp_ddns_data_t
*dataspace
,
1191 isc_result_t result
;
1193 /* Construct the prereq list */
1194 /* The A RR does not exist */
1195 result
= make_dns_dataset(dns_rdataclass_none
, dns_rdatatype_a
,
1196 dataspace
, NULL
, 0, 0);
1197 if (result
!= ISC_R_SUCCESS
) {
1200 ISC_LIST_APPEND(pname
->list
, &dataspace
->rdataset
, link
);
1203 /* The AAAA RR does not exist */
1204 result
= make_dns_dataset(dns_rdataclass_none
, dns_rdatatype_aaaa
,
1205 dataspace
, NULL
, 0, 0);
1206 if (result
!= ISC_R_SUCCESS
) {
1209 ISC_LIST_APPEND(pname
->list
, &dataspace
->rdataset
, link
);
1212 /* Construct the update list */
1213 /* Delete DHCID RR */
1214 result
= make_dns_dataset(dns_rdataclass_none
, dns_rdatatype_txt
,
1216 (unsigned char *)ddns_cb
->dhcid
.data
,
1217 ddns_cb
->dhcid
.len
, 0);
1218 if (result
!= ISC_R_SUCCESS
) {
1221 ISC_LIST_APPEND(uname
->list
, &dataspace
->rdataset
, link
);
1223 return(ISC_R_SUCCESS
);
1227 * This routine converts from the task action call into something
1228 * easier to work with. It also handles the common case of a signature
1229 * or zone not being correct.
1231 void ddns_interlude(isc_task_t
*taskp
,
1232 isc_event_t
*eventp
)
1234 dhcp_ddns_cb_t
*ddns_cb
= (dhcp_ddns_cb_t
*)eventp
->ev_arg
;
1235 dns_clientupdateevent_t
*ddns_event
= (dns_clientupdateevent_t
*)eventp
;
1236 isc_result_t eresult
= ddns_event
->result
;
1237 isc_result_t result
;
1239 /* We've extracted the information we want from it, get rid of
1240 * the event block.*/
1241 isc_event_free(&eventp
);
1243 #if defined (TRACING)
1244 if (trace_record()) {
1245 trace_ddns_input_write(ddns_cb
, eresult
);
1249 #if defined (DEBUG_DNS_UPDATES)
1250 print_dns_status(DDNS_PRINT_INBOUND
, ddns_cb
, eresult
);
1253 /* This transaction is complete, clear the value */
1254 dns_client_destroyupdatetrans(&ddns_cb
->transaction
);
1256 /* If we cancelled or tried to cancel the operation we just
1257 * need to clean up. */
1258 if ((eresult
== ISC_R_CANCELED
) ||
1259 ((ddns_cb
->flags
& DDNS_ABORT
) != 0)) {
1260 if (ddns_cb
->next_op
!= NULL
) {
1261 /* if necessary cleanup up next op block */
1262 ddns_cb_free(ddns_cb
->next_op
, MDL
);
1264 ddns_cb_free(ddns_cb
, MDL
);
1268 /* If we had a problem with our key or zone try again */
1269 if ((eresult
== DNS_R_NOTAUTH
) ||
1270 (eresult
== DNS_R_NOTZONE
)) {
1272 /* Our zone information was questionable,
1273 * repudiate it and try again */
1274 repudiate_zone(&ddns_cb
->zone
);
1275 ddns_cb
->zone_name
[0] = 0;
1276 ISC_LIST_INIT(ddns_cb
->zone_server_list
);
1277 for (i
= 0; i
< DHCP_MAXNS
; i
++) {
1278 ISC_LINK_INIT(&ddns_cb
->zone_addrs
[i
], link
);
1281 if ((ddns_cb
->state
&
1282 (DDNS_STATE_ADD_PTR
| DDNS_STATE_REM_PTR
)) != 0) {
1283 result
= ddns_modify_ptr(ddns_cb
);
1285 result
= ddns_modify_fwd(ddns_cb
);
1288 if (result
!= ISC_R_SUCCESS
) {
1289 /* if we couldn't redo the query toss it */
1290 if (ddns_cb
->next_op
!= NULL
) {
1291 /* cleanup up next op block */
1292 ddns_cb_free(ddns_cb
->next_op
, MDL
);
1294 ddns_cb_free(ddns_cb
, MDL
);
1298 /* pass it along to be processed */
1299 ddns_cb
->cur_func(ddns_cb
, eresult
);
1306 * This routine does the generic work for sending a ddns message to
1307 * modify the forward record (A or AAAA) and calls one of a set of
1308 * routines to build the specific message.
1312 ddns_modify_fwd(dhcp_ddns_cb_t
*ddns_cb
)
1314 isc_result_t result
;
1315 dns_tsec_t
*tsec_key
= NULL
;
1317 unsigned char *clientname
;
1318 dhcp_ddns_data_t
*dataspace
= NULL
;
1319 dns_namelist_t prereqlist
, updatelist
;
1320 dns_fixedname_t zname0
, pname0
, uname0
;
1321 dns_name_t
*zname
= NULL
, *pname
, *uname
;
1323 isc_sockaddrlist_t
*zlist
= NULL
;
1325 /* Get a pointer to the clientname to make things easier. */
1326 clientname
= (unsigned char *)ddns_cb
->fwd_name
.data
;
1328 /* Extract and validate the type of the address. */
1329 if (ddns_cb
->address
.len
== 4) {
1330 ddns_cb
->address_type
= dns_rdatatype_a
;
1331 } else if (ddns_cb
->address
.len
== 16) {
1332 ddns_cb
->address_type
= dns_rdatatype_aaaa
;
1334 return DHCP_R_INVALIDARG
;
1338 * If we already have a zone use it, otherwise try to lookup the
1339 * zone in our cache. If we find one we will have a pointer to
1340 * the zone that needs to be dereferenced when we are done with it.
1341 * If we don't find one that is okay we'll let the DNS code try and
1342 * find the information for us.
1345 if (ddns_cb
->zone
== NULL
) {
1346 result
= find_cached_zone(ddns_cb
, FIND_FORWARD
);
1350 * If we have a zone try to get any information we need
1351 * from it - name, addresses and the key. The address
1352 * and key may be empty the name can't be.
1354 if (ddns_cb
->zone
) {
1355 /* Set up the zone name for use by DNS */
1356 result
= dhcp_isc_name(ddns_cb
->zone_name
, &zname0
, &zname
);
1357 if (result
!= ISC_R_SUCCESS
) {
1358 log_error("Unable to build name for zone for "
1359 "fwd update: %s %s",
1361 isc_result_totext(result
));
1365 if (!(ISC_LIST_EMPTY(ddns_cb
->zone_server_list
))) {
1366 /* If we have any addresses get them */
1367 zlist
= &ddns_cb
->zone_server_list
;
1371 if (ddns_cb
->zone
->key
!= NULL
) {
1373 * Not having a key is fine, having a key
1374 * but not a tsec is odd so we warn the user.
1377 /* should we do the warning? */
1378 tsec_key
= ddns_cb
->zone
->key
->tsec_key
;
1379 if (tsec_key
== NULL
) {
1380 log_error("No tsec for use with key %s",
1381 ddns_cb
->zone
->key
->name
);
1386 /* Set up the DNS names for the prereq and update lists */
1387 if (((result
= dhcp_isc_name(clientname
, &pname0
, &pname
))
1388 != ISC_R_SUCCESS
) ||
1389 ((result
= dhcp_isc_name(clientname
, &uname0
, &uname
))
1390 != ISC_R_SUCCESS
)) {
1391 log_error("Unable to build name for fwd update: %s %s",
1392 clientname
, isc_result_totext(result
));
1396 /* Allocate the various isc dns library structures we may require. */
1397 dataspace
= isc_mem_get(dhcp_gbl_ctx
.mctx
, sizeof(*dataspace
) * 4);
1398 if (dataspace
== NULL
) {
1399 log_error("Unable to allocate memory for fwd update");
1400 result
= ISC_R_NOMEMORY
;
1404 ISC_LIST_INIT(prereqlist
);
1405 ISC_LIST_INIT(updatelist
);
1407 switch(ddns_cb
->state
) {
1408 case DDNS_STATE_ADD_FW_NXDOMAIN
:
1409 result
= ddns_modify_fwd_add1(ddns_cb
, dataspace
,
1411 if (result
!= ISC_R_SUCCESS
) {
1414 ISC_LIST_APPEND(prereqlist
, pname
, link
);
1416 case DDNS_STATE_ADD_FW_YXDHCID
:
1417 result
= ddns_modify_fwd_add2(ddns_cb
, dataspace
,
1419 if (result
!= ISC_R_SUCCESS
) {
1423 /* If we aren't doing conflict override we have entries
1424 * in the pname list and we need to attach it to the
1427 if ((ddns_cb
->flags
& DDNS_CONFLICT_OVERRIDE
) == 0) {
1428 ISC_LIST_APPEND(prereqlist
, pname
, link
);
1432 case DDNS_STATE_REM_FW_YXDHCID
:
1433 result
= ddns_modify_fwd_rem1(ddns_cb
, dataspace
,
1435 if (result
!= ISC_R_SUCCESS
) {
1438 ISC_LIST_APPEND(prereqlist
, pname
, link
);
1440 case DDNS_STATE_REM_FW_NXRR
:
1441 result
= ddns_modify_fwd_rem2(ddns_cb
, dataspace
,
1443 if (result
!= ISC_R_SUCCESS
) {
1446 ISC_LIST_APPEND(prereqlist
, pname
, link
);
1450 log_error("Invalid operation in ddns code.");
1451 result
= DHCP_R_INVALIDARG
;
1457 * We always have an update list but may not have a prereqlist
1458 * if we are doing conflict override.
1460 ISC_LIST_APPEND(updatelist
, uname
, link
);
1462 /* send the message, cleanup and return the result */
1463 result
= ddns_update(dhcp_gbl_ctx
.dnsclient
,
1464 dns_rdataclass_in
, zname
,
1465 &prereqlist
, &updatelist
,
1467 DNS_CLIENTRESOPT_ALLOWRUN
,
1471 &ddns_cb
->transaction
);
1472 if (result
== ISC_R_FAMILYNOSUPPORT
) {
1473 log_info("Unable to perform DDNS update, "
1474 "address family not supported");
1477 #if defined (DEBUG_DNS_UPDATES)
1478 print_dns_status(DDNS_PRINT_OUTBOUND
, ddns_cb
, result
);
1482 if (dataspace
!= NULL
) {
1483 isc_mem_put(dhcp_gbl_ctx
.mctx
, dataspace
,
1484 sizeof(*dataspace
) * 4);
1491 ddns_modify_ptr(dhcp_ddns_cb_t
*ddns_cb
)
1493 isc_result_t result
;
1494 dns_tsec_t
*tsec_key
= NULL
;
1495 unsigned char *ptrname
;
1496 dhcp_ddns_data_t
*dataspace
= NULL
;
1497 dns_namelist_t updatelist
;
1498 dns_fixedname_t zname0
, uname0
;
1499 dns_name_t
*zname
= NULL
, *uname
;
1500 isc_sockaddrlist_t
*zlist
= NULL
;
1501 unsigned char buf
[256];
1505 * Try to lookup the zone in the zone cache. As with the forward
1506 * case it's okay if we don't have one, the DNS code will try to
1507 * find something also if we succeed we will need to dereference
1508 * the zone later. Unlike with the forward case we assume we won't
1509 * have a pre-existing zone.
1511 result
= find_cached_zone(ddns_cb
, FIND_REVERSE
);
1512 if ((result
== ISC_R_SUCCESS
) &&
1513 !(ISC_LIST_EMPTY(ddns_cb
->zone_server_list
))) {
1514 /* Set up the zone name for use by DNS */
1515 result
= dhcp_isc_name(ddns_cb
->zone_name
, &zname0
, &zname
);
1516 if (result
!= ISC_R_SUCCESS
) {
1517 log_error("Unable to build name for zone for "
1518 "fwd update: %s %s",
1520 isc_result_totext(result
));
1523 /* If we have any addresses get them */
1524 if (!(ISC_LIST_EMPTY(ddns_cb
->zone_server_list
))) {
1525 zlist
= &ddns_cb
->zone_server_list
;
1529 * If we now have a zone try to get the key, NULL is okay,
1530 * having a key but not a tsec is odd so we warn.
1533 /* should we do the warning if we have a key but no tsec? */
1534 if ((ddns_cb
->zone
!= NULL
) && (ddns_cb
->zone
->key
!= NULL
)) {
1535 tsec_key
= ddns_cb
->zone
->key
->tsec_key
;
1536 if (tsec_key
== NULL
) {
1537 log_error("No tsec for use with key %s",
1538 ddns_cb
->zone
->key
->name
);
1543 /* We must have a name for the update list */
1544 /* Get a pointer to the ptrname to make things easier. */
1545 ptrname
= (unsigned char *)ddns_cb
->rev_name
.data
;
1547 if ((result
= dhcp_isc_name(ptrname
, &uname0
, &uname
))
1549 log_error("Unable to build name for fwd update: %s %s",
1550 ptrname
, isc_result_totext(result
));
1555 * Allocate the various isc dns library structures we may require.
1556 * Allocating one blob avoids being halfway through the process
1557 * and being unable to allocate as well as making the free easy.
1559 dataspace
= isc_mem_get(dhcp_gbl_ctx
.mctx
, sizeof(*dataspace
) * 2);
1560 if (dataspace
== NULL
) {
1561 log_error("Unable to allocate memory for fwd update");
1562 result
= ISC_R_NOMEMORY
;
1566 ISC_LIST_INIT(updatelist
);
1569 * Construct the update list
1570 * We always delete what's currently there
1573 result
= make_dns_dataset(dns_rdataclass_any
, dns_rdatatype_ptr
,
1574 &dataspace
[0], NULL
, 0, 0);
1575 if (result
!= ISC_R_SUCCESS
) {
1578 ISC_LIST_APPEND(uname
->list
, &dataspace
[0].rdataset
, link
);
1581 * If we are updating the pointer we then add the new one
1584 if (ddns_cb
->state
== DDNS_STATE_ADD_PTR
) {
1587 * I've left this dead code in the file for now in case
1588 * we decide to try and get rid of the ns_name functions.
1593 * Need to convert pointer into on the wire representation
1594 * We replace the '.' characters with the lengths of the
1595 * next name and add a length to the beginning for the first
1598 if (ddns_cb
->fwd_name
.len
== 1) {
1605 memcpy(&buf
[1], ddns_cb
->fwd_name
.data
,
1606 ddns_cb
->fwd_name
.len
);
1607 for(cp
= buf
+ ddns_cb
->fwd_name
.len
, buflen
= 0;
1618 buflen
= ddns_cb
->fwd_name
.len
+ 1;
1622 * Need to convert pointer into on the wire representation
1624 if (MRns_name_pton((char *)ddns_cb
->fwd_name
.data
,
1629 while (buf
[buflen
] != 0) {
1630 buflen
+= buf
[buflen
] + 1;
1634 result
= make_dns_dataset(dns_rdataclass_in
,
1637 buf
, buflen
, ddns_cb
->ttl
);
1638 if (result
!= ISC_R_SUCCESS
) {
1641 ISC_LIST_APPEND(uname
->list
, &dataspace
[1].rdataset
, link
);
1644 ISC_LIST_APPEND(updatelist
, uname
, link
);
1648 * for now I'll cleanup the dataset immediately, it would be
1649 * more efficient to keep it around in case the signaturure failed
1650 * and we wanted to retry it.
1652 /* send the message, cleanup and return the result */
1653 result
= ddns_update((dns_client_t
*)dhcp_gbl_ctx
.dnsclient
,
1654 dns_rdataclass_in
, zname
,
1657 DNS_CLIENTRESOPT_ALLOWRUN
,
1659 ddns_interlude
, (void *)ddns_cb
,
1660 &ddns_cb
->transaction
);
1661 if (result
== ISC_R_FAMILYNOSUPPORT
) {
1662 log_info("Unable to perform DDNS update, "
1663 "address family not supported");
1666 #if defined (DEBUG_DNS_UPDATES)
1667 print_dns_status(DDNS_PRINT_OUTBOUND
, ddns_cb
, result
);
1671 if (dataspace
!= NULL
) {
1672 isc_mem_put(dhcp_gbl_ctx
.mctx
, dataspace
,
1673 sizeof(*dataspace
) * 2);
1679 ddns_cancel(dhcp_ddns_cb_t
*ddns_cb
) {
1680 ddns_cb
->flags
|= DDNS_ABORT
;
1681 if (ddns_cb
->transaction
!= NULL
) {
1682 dns_client_cancelupdate((dns_clientupdatetrans_t
*)
1683 ddns_cb
->transaction
);
1685 ddns_cb
->lease
= NULL
;
1688 #endif /* NSUPDATE */
1690 HASH_FUNCTIONS (dns_zone
, const char *, struct dns_zone
, dns_zone_hash_t
,
1691 dns_zone_reference
, dns_zone_dereference
, do_case_hash
)