Commit Graph

3950 Commits

Author SHA1 Message Date
Ondřej Surý
cedfc97974 Improve reporting for pthread_once errors
Replace all uses of RUNTIME_CHECK() in lib/isc/include/isc/once.h with
PTHEADS_RUNTIME_CHECK(), in order to improve error reporting for any
once-related run-time failures (by augmenting error messages with
file/line/caller information and the error string corresponding to
errno).
2022-10-14 16:39:21 +02:00
Ondřej Surý
beecde7120 Rewrite isc_httpd using picohttpparser and isc_url_parse
Rewrite the isc_httpd to be more robust.

1. Replace the hand-crafted HTTP request parser with picohttpparser for
   parsing the whole HTTP/1.0 and HTTP/1.1 requests.  Limit the number
   of allowed headers to 10 (arbitrary number).

2. Replace the hand-crafted URL parser with isc_url_parse for parsing
   the URL from the HTTP request.

3. Increase the receive buffer to match the isc_netmgr buffers, so we
   can at least receive two full isc_nm_read()s.  This makes the
   truncation processing much simpler.

4. Process the received buffer from single isc_nm_read() in a single
   loop and schedule the sends to be independent of each other.

The first two changes makes the code simpler and rely on already
existing libraries that we already had (isc_url based on nodejs) or are
used elsewhere (picohttpparser).

The second two changes remove the artificial "truncation" limit on
parsing multiple request.  Now only a request that has too many
headers (currently 10) or is too big (so, the receive buffer fills up
without reaching end of the request) will end the connection.

We can be benevolent here with the limites, because the statschannel
channel is by definition private and access must be allowed only to
administrators of the server.  There are no timers, no rate-limiting, no
upper limit on the number of requests that can be served, etc.
2022-10-14 11:26:54 +02:00
Ondřej Surý
0dcbc6274b Record the 'edns-udp-size' in the view, not in the resolver
Getting the recorded value of 'edns-udp-size' from the resolver requires
strong attach to the dns_view because we are accessing `view->resolver`.
This is not the case in places (f.e. dns_zone unit) where `.udpsize` is
accessed.  By moving the .udpsize field from `struct dns_resolver` to
`struct dns_view`, we can access the value directly even with weakly
attached dns_view without the need to lock the view because `.udpsize`
can be accessed after the dns_view object has been shut down.
2022-10-05 11:59:36 -07:00
Ondřej Surý
e18b6fb6a6 Use isc_mem_regetx() when appropriate
While refactoring the isc_mem_getx(...) usage, couple places were
identified where the memory was resized manually.  Use the
isc_mem_reget(...) that was introduced in [GL !5440] to resize the
arrays via function rather than a custom code.
2022-10-05 16:44:05 +02:00
Ondřej Surý
c0598d404c Use designated initializers instead of memset()/MEM_ZERO for structs
In several places, the structures were cleaned with memset(...)) and
thus the semantic patch converted the isc_mem_get(...) to
isc_mem_getx(..., ISC_MEM_ZERO).  Use the designated initializer to
initialized the structures instead of zeroing the memory with
ISC_MEM_ZERO flag as this better matches the intended purpose.
2022-10-05 16:44:05 +02:00
Ondřej Surý
c1d26b53eb Add and use semantic patch to replace isc_mem_get/allocate+memset
Add new semantic patch to replace the straightfoward uses of:

  ptr = isc_mem_{get,allocate}(..., size);
  memset(ptr, 0, size);

with the new API call:

  ptr = isc_mem_{get,allocate}x(..., size, ISC_MEM_ZERO);
2022-10-05 16:44:05 +02:00
Ondřej Surý
477eb22c12 Refactor isc_ratelimiter API
Because the dns_zonemgr_create() was run before the loopmgr was started,
the isc_ratelimiter API was more complicated that it had to be.  Move
the dns_zonemgr_create() to run_server() task which is run on the main
loop, and simplify the isc_ratelimiter API implementation.

The isc_timer is now created in the isc_ratelimiter_create() and
starting the timer is now separate async task as is destroying the timer
in case it's not launched from the loop it was created on.  The
ratelimiter tick now doesn't have to create and destroy timer logic and
just stops the timer when there's no more work to do.

This should also solve all the races that were causing the
isc_ratelimiter to be left dangling because the timer was stopped before
the last reference would be detached.
2022-09-30 10:36:30 +02:00
Ondřej Surý
36cdeb7656 Remove debugging fprintf from run_server()
In the loopmgr branch, we forgot the scissors^Hdebugging output in the
patient^Hnamed, remove it.
2022-09-29 14:22:58 +02:00
Ondřej Surý
3b31f7f563 Add autoconf option to enable memory leak detection in libraries
There's a known memory leak in the engine_pkcs11 at the time of writing
this and it interferes with the named ability to check for memory leaks
in the OpenSSL memory context by default.

Add an autoconf option to explicitly enable the memory leak detection,
and use it in the CI except for pkcs11 enabled builds.  When this gets
fixed in the engine_pkc11, the option can be enabled by default.
2022-09-27 17:53:04 +02:00
Ondřej Surý
d1cc847ab0 Check the libuv, OpenSSL and libxml2 memory context on exit
As we can't check the deallocations done in the library memory contexts
by default because it would always fail on non-clean exit (that happens
on error or by calling exit() early), we just want to enable the checks
to be done on normal exit.
2022-09-27 17:10:42 +02:00
Ondřej Surý
e537fea861 Use custom isc_mem based allocator for libxml2
The libxml2 library provides a way to replace the default allocator with
user supplied allocator (malloc, realloc, strdup and free).

Create a memory context specifically for libxml2 to allow tracking the
memory usage that has originated from within libxml2.  This will provide
a separate memory context for libxml2 to track the allocations and when
shutting down the application it will check that all libxml2 allocations
were returned to the allocator.

Additionally, move the xmlInitParser() and xmlCleanupParser() calls from
bin/named/main.c to library constructor/destructor in libisc library.
2022-09-27 17:10:42 +02:00
Petr Špaček
c648e280e4 Document list of crypto algorithms in named -V output 2022-09-27 16:54:39 +02:00
Mark Andrews
d34ecdb366 Deduplicate string formating 2022-09-27 16:54:39 +02:00
Mark Andrews
3156d36495 silence scan-build false positive 2022-09-27 16:54:39 +02:00
Mark Andrews
cb1515e71f Report algorithms supported by named at startup 2022-09-27 16:54:39 +02:00
Mark Andrews
b308f866c0 Have 'named -V' report supported algorithms
These cover DNSSEC, DS, HMAC and TKEY algorithms.
2022-09-27 16:54:39 +02:00
Ondřej Surý
f6e4f620b3 Use the semantic patch to do the unsigned -> unsigned int change
Apply the semantic patch on the whole code base to get rid of 'unsigned'
usage in favor of explicit 'unsigned int'.
2022-09-19 15:56:02 +02:00
Ondřej Surý
52b62b7890 Add support for reporting status via sd_notify()
sd_notify() may be called by a service to notify the service manager
about state changes. It can be used to send arbitrary information,
encoded in an environment-block-like string. Most importantly, it can be
used for start-up completion notification.

Add libsystemd check to autoconf script and when the library is detected
add calls to sd_notify() around the server->reload_status changes.

Co-authored-by: Petr Špaček <pspacek@isc.org>
2022-09-15 10:12:15 +02:00
Mark Andrews
b1ef1ded69 Emit key algorithm + key id in dnssec signing statsistics
If there was a collision of key id across algorithms it was not
possible to determine where counter applies to which algorithm for
xml statistics while for json only one of the values was emitted.
The key names are now "<algorithm-number>+<id>" (e.g. "8+54274").
2022-09-15 08:42:45 +10:00
Mark Andrews
7751e5e039 Add server clause require-cookie
Specifies if an UDP response requires a DNS COOKIE or not.
Fallback to TCP if not present and not TSIG signed.
2022-09-13 12:07:13 +10:00
Tony Finch
7b71b1020f Ensure that named_server_t is properly initialized
There was a ubsan error reporting an invalid value for interface_auto
(a boolean value cannot be 190) because it was not initialized. To
avoid this problem happening again, ensure the whole of the server
structure is initialized to zero before setting the (relatively few)
non-zero elements.
2022-09-12 10:35:39 +01:00
Aram Sargsyan
a5d412d924 Do not use libxml2 deprecated functions
The usage of xmlInitThreads() and xmlCleanupThreads() functions in
libxml2 is now marked as deprecated, and these functions will be made
private in the future.

Use xmlInitParser() and xmlCleanupParser() instead of them.
2022-09-06 08:55:07 +00:00
Aram Sargsyan
7ce1f3d872 Use the return value of isc_portset_create()
There is an omission of assigning the return value coming from the
isc_portset_create() function to the result variable.

CID 356328:

    /bin/named/server.c: 8756 in load_configuration()
    8750     			      "creating UDP/IPv4 port set: %s",
    8751     			      isc_result_totext(result));
    8752     		goto cleanup_bindkeys_parser;
    8753     	}
    8754     	isc_portset_create(named_g_mctx, &v6portset);
    8755     	if (result != ISC_R_SUCCESS) {
    >>>     CID 356328:  Control flow issues  (DEADCODE)
    >>>     Execution cannot reach this statement: "isc_log_write(named_g_lctx,...".
    8756     		isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
    8757     			      NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
    8758     			      "creating UDP/IPv6 port set: %s",
    8759     			      isc_result_totext(result));
    8760     		goto cleanup_v4portset;
    8761     	}
2022-09-02 07:40:27 +00:00
Aram Sargsyan
77f12ecba7 Add extended DNS error configuration option for RPZ zones
Implement the configuration option with its checking and parsing parts.

The option should be later used by BIND to set an extended error
code (EDE) for the queries modified in the result of RPZ processing.
2022-08-31 08:56:03 +00:00
Ondřej Surý
b69e783164 Update netmgr, tasks, and applications to use isc_loopmgr
Previously:

* applications were using isc_app as the base unit for running the
  application and signal handling.

* networking was handled in the netmgr layer, which would start a
  number of threads, each with a uv_loop event loop.

* task/event handling was done in the isc_task unit, which used
  netmgr event loops to run the isc_event calls.

In this refactoring:

* the network manager now uses isc_loop instead of maintaining its
  own worker threads and event loops.

* the taskmgr that manages isc_task instances now also uses isc_loopmgr,
  and every isc_task runs on a specific isc_loop bound to the specific
  thread.

* applications have been updated as necessary to use the new API.

* new ISC_LOOP_TEST macros have been added to enable unit tests to
  run isc_loop event loops. unit tests have been updated to use this
  where needed.
2022-08-26 09:09:24 +02:00
Ondřej Surý
49b149f5fd Update isc_timer to use isc_loopmgr
* isc_timer was rewritten using the uv_timer, and isc_timermgr_t was
  completely removed; isc_timer objects are now directly created on the
  isc_loop event loops.

* the isc_timer API has been simplified. the "inactive" timer type has
  been removed; timers are now stopped by calling isc_timer_stop()
  instead of resetting to inactive.

* isc_manager now creates a loop manager rather than a timer manager.

* modules and applications using isc_timer have been updated to use the
  new API.
2022-08-25 17:17:07 +02:00
Matthijs Mekking
d447b1b58c Remove implicit inline-signing code
Remove the code that sets implicit inline-signing on zones using
dnssec-policy.
2022-08-15 11:44:20 +02:00
Aram Sargsyan
c51b052827 dns_rdatalist_tordataset() and dns_rdatalist_fromrdataset() can not fail
Clean up dns_rdatalist_tordataset() and dns_rdatalist_fromrdataset()
functions by making them return void, because they cannot fail.

Clean up other functions that subsequently cannot fail.
2022-08-09 08:19:51 +00:00
Matthijs Mekking
0712ba502c Reject zones with TTL higher than dnssec-policy max-zone-ttl
Reject loading of zones with TTL higher than the max-zone-ttl
from the dnssec-policy.

With this change, any zone with a dnssec-policy in use will ignore
the max-zone-ttl option in zone/view/options.
2022-07-20 11:55:07 -07:00
Ondřej Surý
b35861f1eb Increase the BUFSIZ-long buffers
The BUFSIZ value varies between platforms, it could be 8K on Linux and
512 bytes on mingw.  Make sure the buffers are always big enough for the
output data to prevent truncation of the output by appropriately
enlarging or sizing the buffers.
2022-07-15 10:33:46 +00:00
Michał Kępień
fc8e6a4cb2 Update documentation for named's -M option
Remove "external" from the list of legal values for the -M command-line
option as it has not been allowed since the internal memory allocator
was removed by commit 55ace5d3aa.

Make the style of the relevant paragraph more in line with the next one
and split its contents up into an unordered list of options for improved
readability.
2022-07-15 10:23:03 +02:00
Mark Andrews
ee9ec0052e Remove redundant assignment of 'clistenon = NULL' 2022-07-14 00:24:37 +00:00
Evan Hunt
9372baac27 check putstr return values
The calls to putstr() in named_server_fetchlimit() were not checked
for failure.
2022-07-14 00:04:39 +00:00
Matthijs Mekking
576b21b168 Inherit dnssec-policy in check for inline-signing
When dnssec-policy is used, and the zone is not dynamic, BIND will
assume that the zone is inline-signed. But the function responsible
for this did not inherit the dnssec-policy option from the view or
options level, and thus never enabled inline-signing, while the zone
should have been.

This is fixed by this commit.
2022-07-12 11:29:03 +02:00
Evan Hunt
549cf0f3e6 "rndc fetchlimit" now also lists rate-limited domains
"rndc fetchlimit" now also prints a list of domain names that are
currently rate-limited by "fetches-per-zone".

The "fetchlimit" system test has been updated to use this feature
to check that domain limits are applied correctly.
2022-07-06 19:46:23 -07:00
Evan Hunt
6175897478 add "rndc fetchlimit" to show fetchlimited servers
this command runs dns_adb_dumpquota() to display all servers
in the ADB that are being actively fetchlimited by the
fetches-per-server controls (i.e, servers with a nonzero average
timeout ratio or with the quota having been reduced from the
default value).

the "fetchlimit" system test has been updated to use the
new command to check quota values instead of "rndc dumpdb".
2022-07-06 19:46:20 -07:00
Mark Andrews
a5b57ed293 Add synth-from-dnssec namespaces for keytable entries
We do this by adding callbacks for when a node is added or deleted
from the keytable.  dns_keytable_add and dns_keytable_delete where
extended to take a callback.  dns_keytable_deletekey does not remove
the node so it was not extended.
2022-07-05 12:29:01 +10:00
Mark Andrews
a559d6fdd1 Add synth-from-dnssec namespace entries for forward only namespaces
Currently forward entries are only removed on view destruction so
there is no matching dns_view_sfd_del call.
2022-07-05 12:29:01 +10:00
Petr Špaček
908acd5d70 Add note that named.conf man page is not a complete manual
We cannot simply do URL because it would make our lives more complicated
with -S edition.
2022-07-01 08:59:24 +02:00
Petr Špaček
0bbbdc6244 Remove auto-generated rst files in repo in favour of grammar pretty printer 2022-07-01 08:59:23 +02:00
Petr Špaček
699570cdec Un-format grammar files in doc/misc
The next commit is going to add parser for ISC configuration format.
To simplify the parser the grammar files in doc/misc are no longer
line-wrapped as handling it would make the grammar parser unnecessairly
complicated.

This affects visible output in the ARM, but in the end we are going to
replace the auto-generated .rst files with grammar pretty printed, so
formatting of these files does not matter in practical terms.
2022-07-01 08:56:33 +02:00
Michał Kępień
887c666caf Obsolete the "glue-cache" option
The "glue-cache" option was marked as deprecated by commit
5ae33351f2 (first released in BIND 9.17.6,
back in October 2020), so now obsolete that option, removing all code
and documentation related to it.

Note: this causes the glue cache feature to be permanently enabled, not
disabled.
2022-06-30 15:24:08 +02:00
Artem Boldariev
3f0b310772 Store HTTP quota size inside a listenlist instead of the quota
This way only quota size is passed to the interface/listener
management code instead of a quota object. Thus, we can implement
updating the quota object size instead of recreating the object.
2022-06-28 15:42:38 +03:00
Matthijs Mekking
c2a7950417 Also inherit from "default" for "insecure" policy
Remove the duplication from the defaultconf and inherit the values
not set in the "insecure" policy from the "default" policy. Therefore,
we must insist that the first read built-in policy is the default one.
2022-06-28 11:56:31 +02:00
Matthijs Mekking
20acb8d3a3 When loading dnssec-policies, inherit from default
Most of the settings (durations) are already inheriting from the default
because they use the constants from lib/dns/kasp.h. We need them as
constants so we can use them in named-checkconf to verify the policy
parameters.

The NSEC(3) parameters and keys should come from the actual default
policy. Change the call to cfg_kasp_fromconfig() to include the default
kasp. We also no longer need to corner case where config is NULL we load
the built-in policy: the built-in policies are now loaded when config is
set to named_g_config.

Finally, add a debug log (it is useful to see which policies are being
loaded).
2022-06-28 11:56:31 +02:00
Matthijs Mekking
5ff414e986 Store built-in dnssec-policies in defaultconf
Update the defaultconf with the built-in policies. These will now be
printed with "named -C".

Change the defines in kasp.h to be strings, so they can be concatenated
in the defaultconf. This means when creating a kasp structure, we no
longer initialize the defaults (this is fine because only kaspconf.c
uses dns_kasp_create() and it inherits from the default policy).

In kaspconf.c, the default values now need to be parsed from string.

Introduce some variables so we don't need to do get_duration multiple
times on the same configuration option.

Finally, clang-format-14 decided to do some random formatting changes.
2022-06-28 11:56:31 +02:00
Matthijs Mekking
c80531758c Add comment on DNSSEC signing zone configuration
I was slightly confused here, so IMO it can use a comment.
2022-06-20 11:18:46 +02:00
Michal Nowak
1c45a9885a Update clang to version 14 2022-06-16 17:21:11 +02:00
Aram Sargsyan
8156c46bd2 Convert some catz error messages from ISC_LOG_INFO to ISC_LOG_WARNING
There is no reason for these two messages to be `ISC_LOG_INFO` while all
the other similar messages in `catz_addmodzone_taskaction()` and
`catz_delzone_taskaction()` functions are logged as `ISC_LOG_WARNING`.
2022-06-09 10:45:10 +00:00
Aram Sargsyan
2aff264fb1 Check that catz member zone is not a configured forward zone
When processing a catalog zone member zone make sure that there is no
configured pre-existing forward zone with that name.

Refactor the `dns_fwdtable_find()` function to not alter the
`DNS_R_PARTIALMATCH` result (coming from `dns_rbt_findname()`) into
`DNS_R_SUCCESS`, so that now the caller can differentiate partial
and exact matches. Patch the calling sites to expect and process
the new return value.
2022-06-09 10:45:10 +00:00