]> git.ipfire.org Git - thirdparty/pdns.git/blob - pdns/ueberbackend.cc
projects / thirdparty / pdns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
rec: ensure correct service user on debian
[thirdparty/pdns.git] / pdns / ueberbackend.cc
1 /*
2 * This file is part of PowerDNS or dnsdist.
3 * Copyright -- PowerDNS.COM B.V. and its contributors
4 *
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of version 2 of the GNU General Public License as
7 * published by the Free Software Foundation.
8 *
9 * In addition, for the avoidance of any doubt, permission is granted to
10 * link this program with OpenSSL and to (re)distribute the binaries
11 * produced as the result of such linking.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
21 */
22 #ifdef HAVE_CONFIG_H
23 #include "config.h"
24 #endif
25 #include <boost/archive/binary_iarchive.hpp>
26 #include <boost/archive/binary_oarchive.hpp>
27
28 #include "auth-querycache.hh"
29 #include "utility.hh"
30
31
32 #include <dlfcn.h>
33 #include <string>
34 #include <map>
35 #include <sys/types.h>
36 #include <sstream>
37 #include <errno.h>
38 #include <iostream>
39 #include <sstream>
40 #include <functional>
41
42 #include "dns.hh"
43 #include "arguments.hh"
44 #include "dnsbackend.hh"
45 #include "ueberbackend.hh"
46 #include "dnspacket.hh"
47 #include "logger.hh"
48 #include "statbag.hh"
49
50 extern StatBag S;
51
52 vector<UeberBackend *>UeberBackend::instances;
53 pthread_mutex_t UeberBackend::instances_lock=PTHREAD_MUTEX_INITIALIZER;
54
55 // initially we are blocked
56 bool UeberBackend::d_go=false;
57 pthread_mutex_t UeberBackend::d_mut = PTHREAD_MUTEX_INITIALIZER;
58 pthread_cond_t UeberBackend::d_cond = PTHREAD_COND_INITIALIZER;
59
60 //! Loads a module and reports it to all UeberBackend threads
61 bool UeberBackend::loadmodule(const string &name)
62 {
63 g_log<<Logger::Warning <<"Loading '"<<name<<"'" << endl;
64
65 void *dlib=dlopen(name.c_str(), RTLD_NOW);
66
67 if(dlib == NULL) {
68 g_log<<Logger::Error <<"Unable to load module '"<<name<<"': "<<dlerror() << endl;
69 return false;
70 }
71
72 return true;
73 }
74
75 bool UeberBackend::loadModules(const vector<string>& modules, const string& path)
76 {
77 for (const auto& module: modules) {
78 bool res;
79 if (module.find(".")==string::npos) {
80 res = UeberBackend::loadmodule(path+"/lib"+module+"backend.so");
81 } else if (module[0]=='/' || (module[0]=='.' && module[1]=='/') || (module[0]=='.' && module[1]=='.')) {
82 // absolute or current path
83 res = UeberBackend::loadmodule(module);
84 } else {
85 res = UeberBackend::loadmodule(path+"/"+module);
86 }
87
88 if (res == false) {
89 return false;
90 }
91 }
92 return true;
93 }
94
95 void UeberBackend::go(void)
96 {
97 pthread_mutex_lock(&d_mut);
98 d_go=true;
99 pthread_cond_broadcast(&d_cond);
100 pthread_mutex_unlock(&d_mut);
101 }
102
103 bool UeberBackend::getDomainInfo(const DNSName &domain, DomainInfo &di, bool getSerial)
104 {
105 for(vector<DNSBackend *>::const_iterator i=backends.begin();i!=backends.end();++i)
106 if((*i)->getDomainInfo(domain, di, getSerial))
107 return true;
108 return false;
109 }
110
111 bool UeberBackend::createDomain(const DNSName &domain)
112 {
113 for(DNSBackend* mydb : backends) {
114 if(mydb->createDomain(domain)) {
115 return true;
116 }
117 }
118 return false;
119 }
120
121 bool UeberBackend::doesDNSSEC()
122 {
123 for(auto* db : backends) {
124 if(db->doesDNSSEC())
125 return true;
126 }
127 return false;
128 }
129
130 bool UeberBackend::addDomainKey(const DNSName& name, const DNSBackend::KeyData& key, int64_t& id)
131 {
132 id = -1;
133 for(DNSBackend* db : backends) {
134 if(db->addDomainKey(name, key, id))
135 return true;
136 }
137 return false;
138 }
139 bool UeberBackend::getDomainKeys(const DNSName& name, std::vector<DNSBackend::KeyData>& keys)
140 {
141 for(DNSBackend* db : backends) {
142 if(db->getDomainKeys(name, keys))
143 return true;
144 }
145 return false;
146 }
147
148 bool UeberBackend::getAllDomainMetadata(const DNSName& name, std::map<std::string, std::vector<std::string> >& meta)
149 {
150 for(DNSBackend* db : backends) {
151 if(db->getAllDomainMetadata(name, meta))
152 return true;
153 }
154 return false;
155 }
156
157 bool UeberBackend::getDomainMetadata(const DNSName& name, const std::string& kind, std::vector<std::string>& meta)
158 {
159 for(DNSBackend* db : backends) {
160 if(db->getDomainMetadata(name, kind, meta))
161 return true;
162 }
163 return false;
164 }
165
166 bool UeberBackend::setDomainMetadata(const DNSName& name, const std::string& kind, const std::vector<std::string>& meta)
167 {
168 for(DNSBackend* db : backends) {
169 if(db->setDomainMetadata(name, kind, meta))
170 return true;
171 }
172 return false;
173 }
174
175 bool UeberBackend::activateDomainKey(const DNSName& name, unsigned int id)
176 {
177 for(DNSBackend* db : backends) {
178 if(db->activateDomainKey(name, id))
179 return true;
180 }
181 return false;
182 }
183
184 bool UeberBackend::deactivateDomainKey(const DNSName& name, unsigned int id)
185 {
186 for(DNSBackend* db : backends) {
187 if(db->deactivateDomainKey(name, id))
188 return true;
189 }
190 return false;
191 }
192
193 bool UeberBackend::removeDomainKey(const DNSName& name, unsigned int id)
194 {
195 for(DNSBackend* db : backends) {
196 if(db->removeDomainKey(name, id))
197 return true;
198 }
199 return false;
200 }
201
202
203 bool UeberBackend::getTSIGKey(const DNSName& name, DNSName* algorithm, string* content)
204 {
205 for(DNSBackend* db : backends) {
206 if(db->getTSIGKey(name, algorithm, content))
207 return true;
208 }
209 return false;
210 }
211
212
213 bool UeberBackend::setTSIGKey(const DNSName& name, const DNSName& algorithm, const string& content)
214 {
215 for(DNSBackend* db : backends) {
216 if(db->setTSIGKey(name, algorithm, content))
217 return true;
218 }
219 return false;
220 }
221
222 bool UeberBackend::deleteTSIGKey(const DNSName& name)
223 {
224 for(DNSBackend* db : backends) {
225 if(db->deleteTSIGKey(name))
226 return true;
227 }
228 return false;
229 }
230
231 bool UeberBackend::getTSIGKeys(std::vector< struct TSIGKey > &keys)
232 {
233 for(DNSBackend* db : backends) {
234 db->getTSIGKeys(keys);
235 }
236 return true;
237 }
238
239 void UeberBackend::reload()
240 {
241 for ( vector< DNSBackend * >::iterator i = backends.begin(); i != backends.end(); ++i )
242 {
243 ( *i )->reload();
244 }
245 }
246
247 void UeberBackend::rediscover(string *status)
248 {
249
250 for ( vector< DNSBackend * >::iterator i = backends.begin(); i != backends.end(); ++i )
251 {
252 string tmpstr;
253 ( *i )->rediscover(&tmpstr);
254 if(status)
255 *status+=tmpstr + (i!=backends.begin() ? "\n" : "");
256 }
257 }
258
259
260 void UeberBackend::getUnfreshSlaveInfos(vector<DomainInfo>* domains)
261 {
262 for ( vector< DNSBackend * >::iterator i = backends.begin(); i != backends.end(); ++i )
263 {
264 ( *i )->getUnfreshSlaveInfos( domains );
265 }
266 }
267
268
269
270 void UeberBackend::getUpdatedMasters(vector<DomainInfo>* domains)
271 {
272 for ( vector< DNSBackend * >::iterator i = backends.begin(); i != backends.end(); ++i )
273 {
274 ( *i )->getUpdatedMasters( domains );
275 }
276 }
277
278 bool UeberBackend::getAuth(const DNSName &target, const QType& qtype, SOAData* sd, bool cachedOk)
279 {
280 // A backend can respond to our authority request with the 'best' match it
281 // has. For example, when asked for a.b.c.example.com. it might respond with
282 // com. We then store that and keep querying the other backends in case one
283 // of them has a more specific zone but don't bother asking this specific
284 // backend again for b.c.example.com., c.example.com. and example.com.
285 // If a backend has no match it may respond with an enmpty qname.
286
287 bool found = false;
288 int cstat;
289 DNSName shorter(target);
290 vector<pair<size_t, SOAData> > bestmatch (backends.size(), make_pair(target.wirelength()+1, SOAData()));
291 do {
292
293 // Check cache
294 if(cachedOk && (d_cache_ttl || d_negcache_ttl)) {
295 d_question.qtype = QType::SOA;
296 d_question.qname = shorter;
297 d_question.zoneId = -1;
298
299 cstat = cacheHas(d_question,d_answers);
300
301 if(cstat == 1 && !d_answers.empty() && d_cache_ttl) {
302 DLOG(g_log<<Logger::Error<<"has pos cache entry: "<<shorter<<endl);
303 fillSOAData(d_answers[0], *sd);
304
305 sd->db = 0;
306 sd->qname = shorter;
307 goto found;
308 } else if(cstat == 0 && d_negcache_ttl) {
309 DLOG(g_log<<Logger::Error<<"has neg cache entry: "<<shorter<<endl);
310 continue;
311 }
312 }
313
314 // Check backends
315 {
316 vector<DNSBackend *>::const_iterator i = backends.begin();
317 vector<pair<size_t, SOAData> >::iterator j = bestmatch.begin();
318 for(; i != backends.end() && j != bestmatch.end(); ++i, ++j) {
319
320 DLOG(g_log<<Logger::Error<<"backend: "<<i-backends.begin()<<", qname: "<<shorter<<endl);
321
322 if(j->first < shorter.wirelength()) {
323 DLOG(g_log<<Logger::Error<<"skipped, we already found a shorter best match in this backend: "<<j->second.qname<<endl);
324 continue;
325 } else if(j->first == shorter.wirelength()) {
326 DLOG(g_log<<Logger::Error<<"use shorter best match: "<<j->second.qname<<endl);
327 *sd = j->second;
328 break;
329 } else {
330 DLOG(g_log<<Logger::Error<<"lookup: "<<shorter<<endl);
331 if((*i)->getAuth(shorter, sd)) {
332 DLOG(g_log<<Logger::Error<<"got: "<<sd->qname<<endl);
333 j->first = sd->qname.wirelength();
334 j->second = *sd;
335 if(sd->qname == shorter) {
336 break;
337 }
338 } else {
339 DLOG(g_log<<Logger::Error<<"no match for: "<<shorter<<endl);
340 }
341 }
342 }
343
344 // Add to cache
345 if(i == backends.end()) {
346 if(d_negcache_ttl) {
347 DLOG(g_log<<Logger::Error<<"add neg cache entry:"<<shorter<<endl);
348 d_question.qname=shorter;
349 addNegCache(d_question);
350 }
351 continue;
352 } else if(d_cache_ttl) {
353 DLOG(g_log<<Logger::Error<<"add pos cache entry: "<<sd->qname<<endl);
354 d_question.qtype = QType::SOA;
355 d_question.qname = sd->qname;
356 d_question.zoneId = -1;
357
358 DNSZoneRecord rr;
359 rr.dr.d_name = sd->qname;
360 rr.dr.d_type = QType::SOA;
361 rr.dr.d_content = makeSOAContent(*sd);
362 rr.dr.d_ttl = sd->ttl;
363 rr.domain_id = sd->domain_id;
364
365 addCache(d_question, {rr});
366 }
367 }
368
369 found:
370 if(found == (qtype == QType::DS) || target != shorter) {
371 DLOG(g_log<<Logger::Error<<"found: "<<sd->qname<<endl);
372 return true;
373 } else {
374 DLOG(g_log<<Logger::Error<<"chasing next: "<<sd->qname<<endl);
375 found = true;
376 }
377
378 } while(shorter.chopOff());
379 return found;
380 }
381
382 bool UeberBackend::getSOA(const DNSName &domain, SOAData &sd)
383 {
384 d_question.qtype=QType::SOA;
385 d_question.qname=domain;
386 d_question.zoneId=-1;
387
388 int cstat=cacheHas(d_question,d_answers);
389 if(cstat==0) { // negative
390 return false;
391 }
392 else if(cstat==1 && !d_answers.empty()) {
393 fillSOAData(d_answers[0],sd);
394 sd.domain_id=d_answers[0].domain_id;
395 sd.ttl=d_answers[0].dr.d_ttl;
396 sd.db=0;
397 return true;
398 }
399
400 // not found in neg. or pos. cache, look it up
401 return getSOAUncached(domain, sd);
402 }
403
404 bool UeberBackend::getSOAUncached(const DNSName &domain, SOAData &sd)
405 {
406 d_question.qtype=QType::SOA;
407 d_question.qname=domain;
408 d_question.zoneId=-1;
409
410 for(vector<DNSBackend *>::const_iterator i=backends.begin();i!=backends.end();++i)
411 if((*i)->getSOA(domain, sd)) {
412 if(d_cache_ttl) {
413 DNSZoneRecord rr;
414 rr.dr.d_name = sd.qname;
415 rr.dr.d_type = QType::SOA;
416 rr.dr.d_content = makeSOAContent(sd);
417 rr.dr.d_ttl = sd.ttl;
418 rr.domain_id = sd.domain_id;
419
420 addCache(d_question, {rr});
421
422 }
423 return true;
424 }
425
426 if(d_negcache_ttl)
427 addNegCache(d_question);
428 return false;
429 }
430
431 bool UeberBackend::superMasterBackend(const string &ip, const DNSName &domain, const vector<DNSResourceRecord>&nsset, string *nameserver, string *account, DNSBackend **db)
432 {
433 for(vector<DNSBackend *>::const_iterator i=backends.begin();i!=backends.end();++i)
434 if((*i)->superMasterBackend(ip, domain, nsset, nameserver, account, db))
435 return true;
436 return false;
437 }
438
439 UeberBackend::UeberBackend(const string &pname)
440 {
441 pthread_mutex_lock(&instances_lock);
442 instances.push_back(this); // report to the static list of ourself
443 pthread_mutex_unlock(&instances_lock);
444
445 d_negcached=0;
446 d_ancount=0;
447 d_domain_id=-1;
448 d_cached=0;
449 d_cache_ttl = ::arg().asNum("query-cache-ttl");
450 d_negcache_ttl = ::arg().asNum("negquery-cache-ttl");
451
452 d_tid=pthread_self();
453 d_stale=false;
454
455 backends=BackendMakers().all(pname=="key-only");
456 }
457
458 void del(DNSBackend* d)
459 {
460 delete d;
461 }
462
463 void UeberBackend::cleanup()
464 {
465 pthread_mutex_lock(&instances_lock);
466
467 remove(instances.begin(),instances.end(),this);
468 instances.resize(instances.size()-1);
469
470 pthread_mutex_unlock(&instances_lock);
471
472 for_each(backends.begin(),backends.end(),del);
473 }
474
475 // returns -1 for miss, 0 for negative match, 1 for hit
476 int UeberBackend::cacheHas(const Question &q, vector<DNSZoneRecord> &rrs)
477 {
478 extern AuthQueryCache QC;
479
480 if(!d_cache_ttl && ! d_negcache_ttl) {
481 return -1;
482 }
483
484 rrs.clear();
485 // g_log<<Logger::Warning<<"looking up: '"<<q.qname+"'|N|"+q.qtype.getName()+"|"+itoa(q.zoneId)<<endl;
486
487 bool ret=QC.getEntry(q.qname, q.qtype, rrs, q.zoneId); // think about lowercasing here
488 if(!ret) {
489 return -1;
490 }
491 if(rrs.empty()) // negatively cached
492 return 0;
493
494 return 1;
495 }
496
497 void UeberBackend::addNegCache(const Question &q)
498 {
499 extern AuthQueryCache QC;
500 if(!d_negcache_ttl)
501 return;
502 // we should also not be storing negative answers if a pipebackend does scopeMask, but we can't pass a negative scopeMask in an empty set!
503 QC.insert(q.qname, q.qtype, vector<DNSZoneRecord>(), d_negcache_ttl, q.zoneId);
504 }
505
506 void UeberBackend::addCache(const Question &q, const vector<DNSZoneRecord> &rrs)
507 {
508 extern AuthQueryCache QC;
509
510 if(!d_cache_ttl)
511 return;
512
513 unsigned int store_ttl = d_cache_ttl;
514 for(const auto& rr : rrs) {
515 if (rr.dr.d_ttl < d_cache_ttl)
516 store_ttl = rr.dr.d_ttl;
517 if (rr.scopeMask)
518 return;
519 }
520
521 QC.insert(q.qname, q.qtype, rrs, store_ttl, q.zoneId);
522 }
523
524 void UeberBackend::alsoNotifies(const DNSName &domain, set<string> *ips)
525 {
526 for ( vector< DNSBackend * >::iterator i = backends.begin(); i != backends.end(); ++i )
527 (*i)->alsoNotifies(domain,ips);
528 }
529
530 UeberBackend::~UeberBackend()
531 {
532 DLOG(g_log<<Logger::Error<<"UeberBackend destructor called, removing ourselves from instances, and deleting our backends"<<endl);
533 cleanup();
534 }
535
536 // this handle is more magic than most
537 void UeberBackend::lookup(const QType &qtype,const DNSName &qname, DNSPacket *pkt_p, int zoneId)
538 {
539 if(d_stale) {
540 g_log<<Logger::Error<<"Stale ueberbackend received question, signalling that we want to be recycled"<<endl;
541 throw PDNSException("We are stale, please recycle");
542 }
543
544 DLOG(g_log<<"UeberBackend received question for "<<qtype.getName()<<" of "<<qname<<endl);
545 if(!d_go) {
546 pthread_mutex_lock(&d_mut);
547 while (d_go==false) {
548 g_log<<Logger::Error<<"UeberBackend is blocked, waiting for 'go'"<<endl;
549 pthread_cond_wait(&d_cond, &d_mut);
550 g_log<<Logger::Error<<"Broadcast received, unblocked"<<endl;
551 }
552 pthread_mutex_unlock(&d_mut);
553 }
554
555 d_domain_id=zoneId;
556
557 d_handle.i=0;
558 d_handle.qtype=qtype;
559 d_handle.qname=qname;
560 d_handle.pkt_p=pkt_p;
561 d_ancount=0;
562
563 if(!backends.size()) {
564 g_log<<Logger::Error<<"No database backends available - unable to answer questions."<<endl;
565 d_stale=true; // please recycle us!
566 throw PDNSException("We are stale, please recycle");
567 }
568 else {
569 d_question.qtype=qtype;
570 d_question.qname=qname;
571 d_question.zoneId=zoneId;
572 int cstat=cacheHas(d_question, d_answers);
573 if(cstat<0) { // nothing
574 // cout<<"UeberBackend::lookup("<<qname<<"|"<<DNSRecordContent::NumberToType(qtype.getCode())<<"): uncached"<<endl;
575 d_negcached=d_cached=false;
576 d_answers.clear();
577 (d_handle.d_hinterBackend=backends[d_handle.i++])->lookup(qtype, qname,pkt_p,zoneId);
578 }
579 else if(cstat==0) {
580 // cout<<"UeberBackend::lookup("<<qname<<"|"<<DNSRecordContent::NumberToType(qtype.getCode())<<"): NEGcached"<<endl;
581 d_negcached=true;
582 d_cached=false;
583 d_answers.clear();
584 }
585 else {
586 // cout<<"UeberBackend::lookup("<<qname<<"|"<<DNSRecordContent::NumberToType(qtype.getCode())<<"): CACHED"<<endl;
587 d_negcached=false;
588 d_cached=true;
589 d_cachehandleiter = d_answers.begin();
590 }
591 }
592
593 d_handle.parent=this;
594 }
595
596 void UeberBackend::getAllDomains(vector<DomainInfo> *domains, bool include_disabled) {
597 for (vector<DNSBackend*>::iterator i = backends.begin(); i != backends.end(); ++i )
598 {
599 (*i)->getAllDomains(domains, include_disabled);
600 }
601 }
602
603 bool UeberBackend::get(DNSZoneRecord &rr)
604 {
605 // cout<<"UeberBackend::get(DNSZoneRecord) called"<<endl;
606 if(d_negcached) {
607 return false;
608 }
609
610 if(d_cached) {
611 if(d_cachehandleiter != d_answers.end()) {
612 rr=*d_cachehandleiter++;;
613 return true;
614 }
615 return false;
616 }
617 if(!d_handle.get(rr)) {
618 // cout<<"end of ueberbackend get, seeing if we should cache"<<endl;
619 if(!d_ancount && d_handle.qname.countLabels()) {// don't cache axfr
620 // cout<<"adding negcache"<<endl;
621 addNegCache(d_question);
622 }
623 else {
624 // cout<<"adding query cache"<<endl;
625 addCache(d_question, d_answers);
626 }
627 d_answers.clear();
628 return false;
629 }
630 d_ancount++;
631 d_answers.push_back(rr);
632 return true;
633 }
634
635 bool UeberBackend::searchRecords(const string& pattern, int maxResults, vector<DNSResourceRecord>& result)
636 {
637 bool rc = false;
638 for ( vector< DNSBackend * >::iterator i = backends.begin(); result.size() < static_cast<vector<DNSResourceRecord>::size_type>(maxResults) && i != backends.end(); ++i )
639 if ((*i)->searchRecords(pattern, maxResults - result.size(), result)) rc = true;
640 return rc;
641 }
642
643 bool UeberBackend::searchComments(const string& pattern, int maxResults, vector<Comment>& result)
644 {
645 bool rc = false;
646 for ( vector< DNSBackend * >::iterator i = backends.begin(); result.size() < static_cast<vector<Comment>::size_type>(maxResults) && i != backends.end(); ++i )
647 if ((*i)->searchComments(pattern, maxResults - result.size(), result)) rc = true;
648 return rc;
649 }
650
651 AtomicCounter UeberBackend::handle::instances(0);
652
653 UeberBackend::handle::handle()
654 {
655 // g_log<<Logger::Warning<<"Handle instances: "<<instances<<endl;
656 ++instances;
657 parent=NULL;
658 d_hinterBackend=NULL;
659 pkt_p=NULL;
660 i=0;
661 }
662
663 UeberBackend::handle::~handle()
664 {
665 --instances;
666 }
667
668 bool UeberBackend::handle::get(DNSZoneRecord &r)
669 {
670 DLOG(g_log << "Ueber get() was called for a "<<qtype.getName()<<" record" << endl);
671 bool isMore=false;
672 while(d_hinterBackend && !(isMore=d_hinterBackend->get(r))) { // this backend out of answers
673 if(i<parent->backends.size()) {
674 DLOG(g_log<<"Backend #"<<i<<" of "<<parent->backends.size()
675 <<" out of answers, taking next"<<endl);
676
677 d_hinterBackend=parent->backends[i++];
678 d_hinterBackend->lookup(qtype,qname,pkt_p,parent->d_domain_id);
679 }
680 else
681 break;
682
683 DLOG(g_log<<"Now asking backend #"<<i<<endl);
684 }
685
686 if(!isMore && i==parent->backends.size()) {
687 DLOG(g_log<<"UeberBackend reached end of backends"<<endl);
688 return false;
689 }
690
691 DLOG(g_log<<"Found an answering backend - will not try another one"<<endl);
692 i=parent->backends.size(); // don't go on to the next backend
693 return true;
694 }
Unnamed repository; edit this file 'description' to name the repository.