Commit Diff
Diff:
28aad59d7ab1759621133e2413a32b5fb5e3f552
c92531288e60344f05fed565e6fdfdc4ec375bf3
Commit:
c92531288e60344f05fed565e6fdfdc4ec375bf3
Tree:
69224b1e222bd7abd45b3ec32da7143de88b1372
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Fri Nov 1 19:46:56 2019 UTC
Message:
make a replicant server skeleton, it doesn't do much right now but sleep a lot. It will eventually AXFR transfer zones to delphinusdnsd and then restart delphinusdnsd. I had to move some functions around to be able to put this in raxfr.c and I created a new function called drop_privs() which should help wiht the dropping of privileges in 4 different places. XXX an oddity is that I don't see the U flag on all delphinusdnsd processes on OpenBSD 6.6. Tested on OpenBSD 6.6
blob - af62793f96f774a51f33b615b42cfe8023f0d517
blob + c663fe105156272dc55d81487d090d928f186172
--- ddd-db.h
+++ ddd-db.h
@@ -27,7 +27,7 @@
*/
/*
- * $Id: ddd-db.h,v 1.22 2019/10/30 12:14:36 pjp Exp $
+ * $Id: ddd-db.h,v 1.23 2019/11/01 19:46:56 pjp Exp $
*/
#ifndef _DB_H
@@ -349,7 +349,8 @@ struct cfg {
#define MY_IMSG_AXFR 1
#define MY_IMSG_TCP 2
#define MY_IMSG_PARSER 3
-#define MY_IMSG_MAX 4
+#define MY_IMSG_RAXFR 4
+#define MY_IMSG_MAX 5
int recurse; /* recurse socket */
int log; /* logging socket */
int sockcount; /* set sockets */
@@ -395,5 +396,20 @@ struct mzone {
struct sockaddr_storage notifybind;
SLIST_HEAD(,mzone_dest) dest;
} *mz, *mz0;
+
+#define DELPHINUS_RZONE_PATH "/etc/delphinusdns/replicant"
+
+struct rzone {
+ SLIST_ENTRY(rzone) rzone_entry;
+ int active;
+ char *zonename;
+ u_int16_t masterport;
+ char *master;
+ struct sockaddr_storage storage;
+ char *tsigkey;
+ char *filename;
+ struct soa *soa;
+} *rz, *rz0;
+
#endif /* _DB_H */
blob - 34c431d7e864f8fdc75743a3cf5f2bfff6ef61df
blob + a8bc84aaff0387f9da3759f664561a11e7ee0ce3
--- dddctl.c
+++ dddctl.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: dddctl.c,v 1.79 2019/10/30 12:14:36 pjp Exp $
+ * $Id: dddctl.c,v 1.80 2019/11/01 19:46:56 pjp Exp $
*/
#include <sys/param.h>
@@ -187,9 +187,6 @@ void free_private_key(struct keysentry *);
RSA * get_private_key_rsa(struct keysentry *);
EC_KEY *get_private_key_ec(struct keysentry *);
int store_private_key(struct keysentry *, char *, int, int);
-u_int64_t timethuman(time_t);
-char * bitmap2human(char *, int);
-char * bin2hex(char *, int);
int print_rbt(FILE *, struct rbtree *);
int print_rbt_bind(FILE *, struct rbtree *);
int usage(int argc, char *argv[]);
@@ -340,6 +337,9 @@ extern struct rbtree * create_rr(ddDB *db, char *name,
extern struct rbtree * find_rrset(ddDB *db, char *name, int len);
extern struct rrset * find_rr(struct rbtree *rbt, u_int16_t rrtype);
extern int add_rr(struct rbtree *rbt, char *name, int len, u_int16_t rrtype, void *rdata);
+extern char * bin2hex(char *, int);
+extern u_int64_t timethuman(time_t);
+extern char * bitmap2human(char *, int);
extern int raxfr_a(FILE *, u_char *, u_char *, u_char *, struct soa *, u_int16_t, HMAC_CTX *);
extern int raxfr_tlsa(FILE *, u_char *, u_char *, u_char *, struct soa *, u_int16_t, HMAC_CTX *);
@@ -5747,20 +5747,7 @@ store_private_key(struct keysentry *kn, char *zonename
}
-u_int64_t
-timethuman(time_t timet)
-{
- char timebuf[512];
- struct tm *tm;
- u_int64_t retbuf;
- tm = gmtime((time_t *)&timet);
- strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
- retbuf = atoll(timebuf);
-
- return(retbuf);
-}
-
int
construct_nsec3(ddDB *db, char *zone, int iterations, char *salt)
{
@@ -6036,105 +6023,6 @@ construct_nsec3(ddDB *db, char *zone, int iterations,
return 0;
}
-char *
-bin2hex(char *bin, int len)
-{
- static char hex[4096];
- char *p;
- int i;
-
- memset(&hex, 0, sizeof(hex));
- p = &hex[0];
-
- for (i = 0; i < len; i++) {
- snprintf(p, sizeof(hex), "%02x", bin[i] & 0xff);
- p += 2;
- }
-
- return ((char *)&hex);
-}
-
-char *
-bitmap2human(char *bitmap, int len)
-{
- static char human[4096];
- char expanded_bitmap[32];
- u_int16_t bit;
- int i, j, block, bitlen;
- int x;
- char *p;
-
- memset(&human, 0, sizeof(human));
-
- for (i = 0, p = bitmap; i < len;) {
- block = *p;
- p++;
- i++;
- memset(&expanded_bitmap, 0, sizeof(expanded_bitmap));
- bitlen = *p;
- p++;
- i++;
- memcpy(&expanded_bitmap, p, bitlen);
- p += bitlen;
- i += bitlen;
- for (j = 0; j < 32; j++) {
- if (expanded_bitmap[j] & 0x80) {
- x = 0;
- bit = (block * 255) + ((j * 8) + x);
- strlcat(human, get_dns_type(bit, 0), sizeof(human));
- strlcat(human, " ", sizeof(human));
- }
- if (expanded_bitmap[j] & 0x40) {
- x = 1;
- bit = (block * 255) + ((j * 8) + x);
- strlcat(human, get_dns_type(bit, 0), sizeof(human));
- strlcat(human, " ", sizeof(human));
- }
- if (expanded_bitmap[j] & 0x20) {
- x = 2;
- bit = (block * 255) + ((j * 8) + x);
- strlcat(human, get_dns_type(bit, 0), sizeof(human));
- strlcat(human, " ", sizeof(human));
- }
- if (expanded_bitmap[j] & 0x10) {
- x = 3;
- bit = (block * 255) + ((j * 8) + x);
- strlcat(human, get_dns_type(bit, 0), sizeof(human));
- strlcat(human, " ", sizeof(human));
- }
- if (expanded_bitmap[j] & 0x8) {
- x = 4;
- bit = (block * 255) + ((j * 8) + x);
- strlcat(human, get_dns_type(bit, 0), sizeof(human));
- strlcat(human, " ", sizeof(human));
- }
- if (expanded_bitmap[j] & 0x4) {
- x = 5;
- bit = (block * 255) + ((j * 8) + x);
- strlcat(human, get_dns_type(bit, 0), sizeof(human));
- strlcat(human, " ", sizeof(human));
- }
- if (expanded_bitmap[j] & 0x2) {
- x = 6;
- bit = (block * 255) + ((j * 8) + x);
- strlcat(human, get_dns_type(bit, 0), sizeof(human));
- strlcat(human, " ", sizeof(human));
- }
- if (expanded_bitmap[j] & 0x1) {
- x = 7;
- bit = (block * 255) + ((j * 8) + x);
- strlcat(human, get_dns_type(bit, 0), sizeof(human));
- strlcat(human, " ", sizeof(human));
- }
-
- }
- }
-
- if (human[strlen(human) - 1] == ' ')
- human[strlen(human) - 1] = '\0';
-
- return ((char *)&human);
-}
int
print_rbt(FILE *of, struct rbtree *rbt)
blob - 3f351963aebd78f9cafc08fbe305117046c7154c
blob + 4405ee9792d0ba15fdf39268c4822c0977792f1d
--- delphinusdnsd/Makefile.freebsd
+++ delphinusdnsd/Makefile.freebsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c
CFLAGS= -Wall -g
CFLAGS+= -I${.CURDIR}/..
blob - cccf4e1bf8f76f239d050583df7aa3a8577fdbba
blob + a23dd62d3e414f15970ffd821c52f1840cbf6eea
--- delphinusdnsd/Makefile.netbsd
+++ delphinusdnsd/Makefile.netbsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c
CFLAGS= -g
CFLAGS+= -I${.CURDIR}/.. -I/usr/pkg/libressl/include
blob - 53c4e02b8775a013a46e4ea43f6a3aea68819c16
blob + dd0c90393aa051deb63fcea397173ccd6fe91815
--- delphinusdnsd/Makefile.openbsd
+++ delphinusdnsd/Makefile.openbsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c tsig.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c tsig.c raxfr.c
#CFLAGS= -DDEBUG -g -Wall
CFLAGS= -Wall -g
blob - 668a9a323dcff164bd757de67800100f449a45c9
blob + c8ce84a6dbea57506c3c2ca220835d8b56142662
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.74 2019/10/31 16:34:35 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.75 2019/11/01 19:46:56 pjp Exp $
*/
@@ -97,6 +97,7 @@
extern void add_rrlimit(int, u_int16_t *, int, char *);
extern void axfrloop(int *, int, char **, ddDB *, struct imsgbuf *);
+extern void replicantloop(ddDB *, struct imsgbuf *);
extern struct question *build_fake_question(char *, int, u_int16_t, char *, int);
extern int check_ent(char *, int);
extern int check_rrlimit(int, u_int16_t *, int, char *);
@@ -166,6 +167,7 @@ extern int notifysource(struct question *, struct soc
struct question *convert_question(struct parsequestion *);
void build_reply(struct sreply *, int, char *, int, struct question *, struct sockaddr *, socklen_t, struct rbtree *, struct rbtree *, u_int8_t, int, int, void *, char *);
int compress_label(u_char *, u_int16_t, int);
+int drop_privs(char *, struct passwd *);
struct rbtree * get_soa(ddDB *, struct question *);
struct rbtree * get_ns(ddDB *, struct rbtree *, int *);
void mainloop(struct cfg *, struct imsgbuf **);
@@ -250,6 +252,7 @@ extern int ratelimit_packets_per_second;
extern int whitelist;
extern int tsig;
extern int dnssec;
+extern int raxfrflag;
static int reload = 0;
static int mshutdown = 0;
@@ -887,24 +890,18 @@ main(int argc, char *argv[], char *environ[])
} /* if logging.bind */
- /* chroot to the drop priv user home directory */
- if (chroot(pw->pw_dir) < 0) {
- dolog(LOG_INFO, "chroot: %s\n", strerror(errno));
+#if __OpenBSD__
+ if (unveil(DELPHINUS_RZONE_PATH, "rwc") < 0) {
+ perror("unveil");
slave_shutdown();
exit(1);
}
-
- if (chdir("/") < 0) {
- dolog(LOG_INFO, "chdir: %s\n", strerror(errno));
+ if (unveil(pw->pw_dir, "wc") < 0) {
+ perror("unveil");
slave_shutdown();
exit(1);
}
-#if __OpenBSD__
- if (pledge("stdio inet proc id sendfd recvfd unveil", NULL) < 0) {
- perror("pledge");
- exit(1);
- }
#endif
/*
@@ -917,48 +914,6 @@ main(int argc, char *argv[], char *environ[])
signal(SIGINT, slave_signal);
signal(SIGQUIT, slave_signal);
- /*
- * I open the log again after the chroot just in case I can't
- * reach the old /dev/log anymore.
- */
-
- closelog();
- openlog(__progname, LOG_PID | LOG_NDELAY, LOG_DAEMON);
-
- /* set groups */
-
- if (setgroups(1, &pw->pw_gid) < 0) {
- dolog(LOG_INFO, "setgroups: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
-
-#if defined __OpenBSD__ || defined __FreeBSD__
- if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) {
- dolog(LOG_INFO, "setresgid: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
-
- if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) {
- dolog(LOG_INFO, "setresuid: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
-
-#else
- if (setgid(pw->pw_gid) < 0) {
- dolog(LOG_INFO, "setgid: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
- if (setuid(pw->pw_uid) < 0) {
- dolog(LOG_INFO, "setuid: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
-#endif
-
/*
* start our axfr process
*/
@@ -971,6 +926,19 @@ main(int argc, char *argv[], char *environ[])
}
switch (pid = fork()) {
case 0:
+ /* chroot to the drop priv user home directory */
+ if (drop_privs(pw->pw_dir, pw) < 0) {
+ dolog(LOG_INFO, "axfr dropping privileges\n", strerror(errno));
+ slave_shutdown();
+ exit(1);
+ }
+#if __OpenBSD__
+ if (pledge("stdio inet proc id sendfd recvfd unveil", NULL) < 0) {
+ perror("pledge");
+ exit(1);
+ }
+#endif
+
/* close descriptors that we don't need */
for (j = 0; j < i; j++) {
close(tcp[j]);
@@ -979,9 +947,7 @@ main(int argc, char *argv[], char *environ[])
close(uafd[j]);
}
-#if !defined __APPLE__
setproctitle("AXFR engine on port %d", axfrport);
-#endif
/* don't need master here */
close(cfg->my_imsg[MY_IMSG_MASTER].imsg_fds[1]);
@@ -1006,6 +972,86 @@ main(int argc, char *argv[], char *environ[])
} /* axfrport */
+ if (raxfrflag) {
+
+ if (socketpair(AF_UNIX, SOCK_STREAM, PF_UNSPEC, &cfg->my_imsg[MY_IMSG_RAXFR].imsg_fds[0]) < 0) {
+ dolog(LOG_INFO, "socketpair() failed\n");
+ slave_shutdown();
+ exit(1);
+ }
+
+ switch (pid = fork()) {
+ case -1:
+ dolog(LOG_ERR, "fork() failed: %s\n", strerror(errno));
+ slave_shutdown();
+ exit(1);
+ case 0:
+ /* chroot to the drop priv user home directory */
+ if (drop_privs(DELPHINUS_RZONE_PATH, pw) < 0) {
+ dolog(LOG_INFO, "raxfr dropping privileges failed", strerror(errno));
+ slave_shutdown();
+ exit(1);
+ }
+
+#if __OpenBSD__
+ if (pledge("stdio inet proc id sendfd recvfd unveil cpath wpath rpath", NULL) < 0) {
+ perror("pledge");
+ slave_shutdown();
+ exit(1);
+ }
+#endif
+
+ /* close descriptors that we don't need */
+ for (j = 0; j < i; j++) {
+ close(tcp[j]);
+ close(udp[j]);
+ }
+
+ setproctitle("Replicant engine");
+
+ /* don't need master here */
+#if 0
+ close(cfg->my_imsg[MY_IMSG_MASTER].imsg_fds[1]);
+#endif
+ /* close any axfr's */
+ close(cfg->my_imsg[MY_IMSG_AXFR].imsg_fds[0]);
+ /* close the replicant parent */
+ close(cfg->my_imsg[MY_IMSG_RAXFR].imsg_fds[1]);
+ imsg_init(parent_ibuf[MY_IMSG_RAXFR], cfg->my_imsg[MY_IMSG_RAXFR].imsg_fds[0]);
+
+ replicantloop(db, parent_ibuf[MY_IMSG_RAXFR]);
+
+ /* NOTREACHED */
+ exit(1);
+
+ default:
+
+ close(cfg->my_imsg[MY_IMSG_RAXFR].imsg_fds[0]);
+ imsg_init(child_ibuf[MY_IMSG_RAXFR], cfg->my_imsg[MY_IMSG_RAXFR].imsg_fds[1]);
+
+ break;
+ }
+
+ } /* raxfrflag */
+
+ /* the rest of the daemon goes on in TCP and UDP loops */
+ if (drop_privs(pw->pw_dir, pw) < 0) {
+ dolog(LOG_INFO, "dropping privileges failed\n");
+ slave_shutdown();
+ exit(1);
+ }
+#if __OpenBSD__
+ if (unveil(NULL, NULL) < 0) {
+ dolog(LOG_INFO, "unveil locking failed: %s\n", strerror(errno));
+ slave_shutdown();
+ exit(1);
+ }
+ if (pledge("stdio inet proc id sendfd recvfd", NULL) < 0) {
+ perror("pledge");
+ exit(1);
+ }
+#endif
+
/* what follows is a bit mangled code, we set up nflag + 1 amount of
* server instances (1 per cpu?) and if we're recursive we also set up
* the same amount of recursive instances all connected through a
@@ -1594,10 +1640,6 @@ mainloop(struct cfg *cfg, struct imsgbuf **ibuf)
}
#if __OpenBSD__
- if (unveil(NULL, NULL) < 0) {
- perror("unveil");
- exit(1);
- }
if (pledge("stdio inet sendfd recvfd", NULL) < 0) {
perror("pledge");
exit(1);
@@ -2519,12 +2561,7 @@ tcploop(struct cfg *cfg, struct imsgbuf **ibuf)
break;
}
- /* pjp */
#if __OpenBSD__
- if (unveil(NULL, NULL) < 0) {
- perror("unveil");
- exit(1);
- }
if (pledge("stdio inet sendfd recvfd", NULL) < 0) {
perror("pledge");
exit(1);
@@ -3499,60 +3536,15 @@ setup_unixsocket(char *socketpath, struct imsgbuf *ibu
exit(1);
}
- /* chroot to the drop priv user home directory */
- if (chroot(pw->pw_dir) < 0) {
- perror("chroot");
+ if (drop_privs(pw->pw_dir, pw) < 0) {
+ dolog(LOG_INFO, "dropping privileges failed in unix socket\n");
slave_shutdown();
exit(1);
}
- if (chdir("/") < 0) {
- perror("chdir");
- slave_shutdown();
- exit(1);
- }
-
- if (setgroups(1, &pw->pw_gid) < 0) {
- perror("setgroups");
- slave_shutdown();
- exit(1);
- }
-
-#if defined __OpenBSD__ || defined __FreeBSD__
- if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) {
- perror("setresgid");
- slave_shutdown();
- exit(1);
- }
-
- if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) {
- perror("setresuid");
- slave_shutdown();
- exit(1);
- }
-
-#else
- if (setgid(pw->pw_gid) < 0) {
- perror("setgid");
- slave_shutdown();
- exit(1);
- }
- if (setuid(pw->pw_uid) < 0) {
- perror("setuid");
- slave_shutdown();
- exit(1);
- }
-#endif
-
listen(so, 5);
#if __OpenBSD__
- if (unveil(NULL, NULL) < 0) {
- perror("unveil");
- slave_shutdown();
- exit(1);
- }
-
if (pledge("stdio rpath wpath cpath unix proc", NULL) < 0) {
perror("pledge");
slave_shutdown();
@@ -3613,4 +3605,55 @@ setup_unixsocket(char *socketpath, struct imsgbuf *ibu
} /* for (;;) */
/* NOTREACHED */
+}
+
+int
+drop_privs(char *chrootpath, struct passwd *pw)
+{
+ /* chroot to the drop priv user home directory */
+ if (chroot(chrootpath) < 0) {
+ dolog(LOG_INFO, "chroot: %s\n", strerror(errno));
+ return -1;
+ }
+
+ if (unveil("/", "r") < 0) {
+ dolog(LOG_INFO, "unveil: %s\n", strerror(errno));
+ return -1;
+ }
+
+ if (chdir("/") < 0) {
+ dolog(LOG_INFO, "chdir: %s\n", strerror(errno));
+ return -1;
+ }
+
+ /* set groups */
+
+ if (setgroups(1, &pw->pw_gid) < 0) {
+ dolog(LOG_INFO, "setgroups: %s\n", strerror(errno));
+ return -1;
+ }
+
+#if defined __OpenBSD__ || defined __FreeBSD__
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) < 0) {
+ dolog(LOG_INFO, "setresgid: %s\n", strerror(errno));
+ return -1;
+ }
+
+ if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) < 0) {
+ dolog(LOG_INFO, "setresuid: %s\n", strerror(errno));
+ return -1;
+ }
+
+#else
+ if (setgid(pw->pw_gid) < 0) {
+ dolog(LOG_INFO, "setgid: %s\n", strerror(errno));
+ return -1;
+ }
+ if (setuid(pw->pw_uid) < 0) {
+ dolog(LOG_INFO, "setuid: %s\n", strerror(errno));
+ return -1;
+ }
+#endif
+
+ return 0;
}
blob - 27a51fc901d1b5875a9561c1ebb07d05f40e890f
blob + d63fd44ff38092afdb6e3322212524d456e4b4c2
--- parse.y
+++ parse.y
@@ -21,7 +21,7 @@
*/
/*
- * $Id: parse.y,v 1.76 2019/10/29 09:19:32 pjp Exp $
+ * $Id: parse.y,v 1.77 2019/11/01 19:46:57 pjp Exp $
*/
%{
@@ -134,17 +134,6 @@ static struct file {
} *file, *topfile, *rzonefile;
SLIST_HEAD(rzones, rzone) rzones = SLIST_HEAD_INITIALIZER(rzones);
-struct rzone {
- SLIST_ENTRY(rzone) rzone_entry;
- int active;
- char *zonename;
- u_int16_t masterport;
- char *master;
- struct sockaddr_storage storage;
- char *tsigkey;
- char *filename;
-} *rz, *rz0;
-
SLIST_HEAD(mzones ,mzone) mzones = SLIST_HEAD_INITIALIZER(mzones);
#define STATE_IP 1
@@ -197,6 +186,7 @@ struct logging logging;
int axfrport = 0;
time_t time_changed;
int dnssec = 0;
+int raxfrflag = 0;
char *check_rr(char *, char *, int, int *);
int fill_a(char *, char *, int, char *);
@@ -652,6 +642,7 @@ rzone:
}
(void)add_rzone();
+ raxfrflag = 1;
}
;
blob - f92d36ac29b2e8e270b27dc92d3d26ef6e14132a
blob + 4e85ddd67b5ef3eba7b13ea8204d232363d4ac07
--- raxfr.c
+++ raxfr.c
@@ -26,7 +26,7 @@
*
*/
/*
- * $Id: raxfr.c,v 1.15 2019/10/10 16:55:25 pjp Exp $
+ * $Id: raxfr.c,v 1.16 2019/11/01 19:46:57 pjp Exp $
*/
#include <sys/types.h>
@@ -41,6 +41,8 @@
#include <string.h>
#include <ctype.h>
#include <errno.h>
+#include <unistd.h>
+#include <syslog.h>
#ifdef __linux__
#include <grp.h>
@@ -52,9 +54,11 @@
#define __unused
#include <bsd/sys/tree.h>
#include <bsd/sys/endian.h>
+#include "imsg.h"
#else /* not linux */
#include <sys/queue.h>
#include <sys/tree.h>
+#include <imsg.h>
#endif /* __linux__ */
#include <openssl/bn.h>
@@ -63,6 +67,8 @@
#include "ddd-dns.h"
#include "ddd-db.h"
+SLIST_HEAD(rzones ,rzone) rzones;
+
int raxfr_a(FILE *, u_char *, u_char *, u_char *, struct soa *, u_int16_t, HMAC_CTX *);
int raxfr_aaaa(FILE *, u_char *, u_char *, u_char *, struct soa *, u_int16_t, HMAC_CTX *);
int raxfr_cname(FILE *, u_char *, u_char *, u_char *, struct soa *, u_int16_t, HMAC_CTX *);
@@ -84,6 +90,7 @@ u_int16_t raxfr_skip(FILE *, u_char *, u_char *);
int raxfr_soa(FILE *, u_char *, u_char *, u_char *, struct soa *, int, u_int32_t, u_int16_t, HMAC_CTX *);
int raxfr_peek(FILE *, u_char *, u_char *, u_char *, int *, int, u_int16_t *, u_int32_t, HMAC_CTX *);
int raxfr_tsig(FILE *f, u_char *p, u_char *estart, u_char *end, struct soa *mysoa, u_int16_t rdlen, HMAC_CTX *ctx, char *);
+void replicantloop(ddDB *, struct imsgbuf *);
extern int memcasecmp(u_char *, u_char *, int);
@@ -96,6 +103,7 @@ extern char *convert_name(char *, int);
extern char *base32hex_encode(u_char *, int);
extern u_int64_t timethuman(time_t);
extern char * expand_compression(u_char *, u_char *, u_char *, u_char *, int *, int);
+extern void dolog(int, char *, ...);
/* The following alias helps with bounds checking all input, needed! */
@@ -1180,4 +1188,38 @@ out:
free(rawkeyname);
free(rawalgname);
return (rrlen);
+}
+
+
+void
+replicantloop(ddDB *db, struct imsgbuf *ibuf)
+{
+ struct rzone *lrz;
+ time_t scheduled_reboot = (time_t)(1572628314 + (31 * 24 * 3600));
+ time_t now;
+ int sleepint = 10;
+
+#if __OpenBSD__
+ if (pledge("stdio wpath rpath cpath inet", NULL) < 0) {
+ perror("pledge");
+ exit(1);
+ }
+#endif
+
+ SLIST_FOREACH(lrz, &rzones, rzone_entry) {
+ if (lrz->zonename == NULL)
+ continue;
+
+ dolog(LOG_INFO, "adding SOA values to zone %s\n", lrz->zonename);
+ }
+
+ for (;;) {
+ now = time(NULL);
+ if (now >= scheduled_reboot) {
+
+ dolog(LOG_INFO, "pretending to send a scheduled reboot\n");
+ }
+
+ sleep (sleepint);
+ }
}
blob - 1f05f06634dd9cf4679cf0b44cddc7d7800e4651
blob + 5b9d7e89e558ef0d651bde547f03c23ff8d35b3a
--- util.c
+++ util.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: util.c,v 1.41 2019/10/31 16:34:35 pjp Exp $
+ * $Id: util.c,v 1.42 2019/11/01 19:46:57 pjp Exp $
*/
#include <sys/types.h>
@@ -100,6 +100,9 @@ struct rrtab *rrlookup(char *);
char * expand_compression(u_char *, u_char *, u_char *, u_char *, int *, int);
void log_diff(char *sha256, char *mac, int len);
int tsig_pseudoheader(char *, uint16_t, time_t, HMAC_CTX *);
+char * bin2hex(char *, int);
+u_int64_t timethuman(time_t);
+char * bitmap2human(char *, int);
/* externs */
@@ -1472,4 +1475,120 @@ tsig_pseudoheader(char *tsigkeyname, uint16_t fudge, t
HMAC_Update(ctx, pseudo_packet, ppoffset);
return 0;
+}
+
+
+char *
+bin2hex(char *bin, int len)
+{
+ static char hex[4096];
+ char *p;
+ int i;
+
+ memset(&hex, 0, sizeof(hex));
+ p = &hex[0];
+
+ for (i = 0; i < len; i++) {
+ snprintf(p, sizeof(hex), "%02x", bin[i] & 0xff);
+ p += 2;
+ }
+
+ return ((char *)&hex);
+}
+
+u_int64_t
+timethuman(time_t timet)
+{
+ char timebuf[512];
+ struct tm *tm;
+ u_int64_t retbuf;
+
+ tm = gmtime((time_t *)&timet);
+ strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
+ retbuf = atoll(timebuf);
+
+ return(retbuf);
+}
+
+
+char *
+bitmap2human(char *bitmap, int len)
+{
+ static char human[4096];
+ char expanded_bitmap[32];
+ u_int16_t bit;
+ int i, j, block, bitlen;
+ int x;
+ char *p;
+
+ memset(&human, 0, sizeof(human));
+
+ for (i = 0, p = bitmap; i < len;) {
+ block = *p;
+ p++;
+ i++;
+ memset(&expanded_bitmap, 0, sizeof(expanded_bitmap));
+ bitlen = *p;
+ p++;
+ i++;
+ memcpy(&expanded_bitmap, p, bitlen);
+ p += bitlen;
+ i += bitlen;
+ for (j = 0; j < 32; j++) {
+ if (expanded_bitmap[j] & 0x80) {
+ x = 0;
+ bit = (block * 255) + ((j * 8) + x);
+ strlcat(human, get_dns_type(bit, 0), sizeof(human));
+ strlcat(human, " ", sizeof(human));
+ }
+ if (expanded_bitmap[j] & 0x40) {
+ x = 1;
+ bit = (block * 255) + ((j * 8) + x);
+ strlcat(human, get_dns_type(bit, 0), sizeof(human));
+ strlcat(human, " ", sizeof(human));
+ }
+ if (expanded_bitmap[j] & 0x20) {
+ x = 2;
+ bit = (block * 255) + ((j * 8) + x);
+ strlcat(human, get_dns_type(bit, 0), sizeof(human));
+ strlcat(human, " ", sizeof(human));
+ }
+ if (expanded_bitmap[j] & 0x10) {
+ x = 3;
+ bit = (block * 255) + ((j * 8) + x);
+ strlcat(human, get_dns_type(bit, 0), sizeof(human));
+ strlcat(human, " ", sizeof(human));
+ }
+ if (expanded_bitmap[j] & 0x8) {
+ x = 4;
+ bit = (block * 255) + ((j * 8) + x);
+ strlcat(human, get_dns_type(bit, 0), sizeof(human));
+ strlcat(human, " ", sizeof(human));
+ }
+ if (expanded_bitmap[j] & 0x4) {
+ x = 5;
+ bit = (block * 255) + ((j * 8) + x);
+ strlcat(human, get_dns_type(bit, 0), sizeof(human));
+ strlcat(human, " ", sizeof(human));
+ }
+ if (expanded_bitmap[j] & 0x2) {
+ x = 6;
+ bit = (block * 255) + ((j * 8) + x);
+ strlcat(human, get_dns_type(bit, 0), sizeof(human));
+ strlcat(human, " ", sizeof(human));
+ }
+ if (expanded_bitmap[j] & 0x1) {
+ x = 7;
+ bit = (block * 255) + ((j * 8) + x);
+ strlcat(human, get_dns_type(bit, 0), sizeof(human));
+ strlcat(human, " ", sizeof(human));
+ }
+
+ }
+ }
+
+ if (human[strlen(human) - 1] == ' ')
+ human[strlen(human) - 1] = '\0';
+
+ return ((char *)&human);
}
repomaster@centroid.eu