From db1162cffeb0ac3760b25c730731cddfde147767 Mon Sep 17 00:00:00 2001 From: Aram Sargsyan Date: Fri, 24 May 2024 13:18:15 +0000 Subject: [PATCH] Reconfigure catz member zones during named reconfiguration During a reconfiguration named doesn't reconfigure catalog zones member zones. Implement the necessary code to reconfigure catz member zones. (cherry picked from commit fd71ed5d73ae2dc968e8782ce652fb8ef257c25e) --- bin/named/server.c | 122 +++++++++++++++++++++++++++++++++---- lib/dns/catz.c | 7 +++ lib/dns/include/dns/catz.h | 9 +++ 3 files changed, 126 insertions(+), 12 deletions(-) diff --git a/bin/named/server.c b/bin/named/server.c index 338f885bd8..d5b39ddcb3 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -342,6 +342,12 @@ typedef struct catz_chgzone { bool mod; } catz_chgzone_t; +typedef struct catz_reconfig_data { + dns_catz_zone_t *catz; + const cfg_obj_t *config; + catz_cb_data_t *cbd; +} catz_reconfig_data_t; + typedef enum { CATZ_ADDZONE, CATZ_MODZONE, @@ -466,7 +472,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, dns_view_t *view, dns_viewlist_t *viewlist, dns_kasplist_t *kasplist, dns_keystorelist_t *keystores, cfg_aclconfctx_t *aclconf, - bool added, bool old_rpz_ok, bool modify); + bool added, bool old_rpz_ok, bool is_catz_member, bool modify); static void configure_zone_setviewcommit(isc_result_t result, const cfg_obj_t *zconfig, @@ -2795,7 +2801,7 @@ catz_addmodzone_cb(void *arg) { isc_buffer_free(&confbuf); } /* - * Fail if either dns_catz_generate_zonecfg() or cfg_parse_buffer3() + * Fail if either dns_catz_generate_zonecfg() or cfg_parse_buffer() * failed. */ if (result != ISC_R_SUCCESS) { @@ -2821,7 +2827,7 @@ catz_addmodzone_cb(void *arg) { &cz->cbd->server->viewlist, &cz->cbd->server->kasplist, &cz->cbd->server->keystorelist, cfg->actx, true, - false, cz->mod); + false, true, cz->mod); dns_view_freeze(cz->view); isc_loopmgr_resume(named_g_loopmgr); @@ -3033,6 +3039,89 @@ catz_changeview(dns_catz_entry_t *entry, void *arg1, void *arg2) { dns_zone_detach(&zone); } +static void +catz_reconfigure(dns_catz_entry_t *entry, void *arg1, void *arg2) { + dns_view_t *view = arg1; + catz_reconfig_data_t *data = arg2; + isc_buffer_t namebuf; + isc_buffer_t *confbuf = NULL; + const cfg_obj_t *zlist = NULL; + char nameb[DNS_NAME_FORMATSIZE]; + cfg_obj_t *zoneconf = NULL; + cfg_obj_t *zoneobj = NULL; + ns_cfgctx_t *cfg = NULL; + dns_zone_t *zone = NULL; + isc_result_t result; + + isc_buffer_init(&namebuf, nameb, DNS_NAME_FORMATSIZE); + dns_name_totext(dns_catz_entry_getname(entry), DNS_NAME_OMITFINALDOT, + &namebuf); + isc_buffer_putuint8(&namebuf, 0); + + result = dns_view_findzone(view, dns_catz_entry_getname(entry), + DNS_ZTFIND_EXACT, &zone); + if (result != ISC_R_SUCCESS) { + return; + } + + cfg = (ns_cfgctx_t *)view->new_zone_config; + if (cfg == NULL) { + isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, + NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, + "catz_reconfigure: allow-new-zones statement " + "missing from config; cannot reconfigure a " + "member zone"); + goto cleanup; + } + + result = dns_catz_generate_zonecfg(data->catz, entry, &confbuf); + if (result == ISC_R_SUCCESS) { + cfg_parser_reset(cfg->add_parser); + result = cfg_parse_buffer(cfg->add_parser, confbuf, "catz", 0, + &cfg_type_addzoneconf, 0, &zoneconf); + isc_buffer_free(&confbuf); + } + /* + * Fail if either dns_catz_generate_zonecfg() or cfg_parse_buffer() + * failed. + */ + if (result != ISC_R_SUCCESS) { + isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, + NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, + "catz_reconfigure: error \"%s\" while trying to " + "generate config for member zone '%s'", + isc_result_totext(result), nameb); + goto cleanup; + } + + CHECK(cfg_map_get(zoneconf, "zone", &zlist)); + if (!cfg_obj_islist(zlist)) { + CHECK(ISC_R_FAILURE); + } + zoneobj = cfg_listelt_value(cfg_list_first(zlist)); + + result = configure_zone(data->config, zoneobj, cfg->vconfig, view, + &data->cbd->server->viewlist, + &data->cbd->server->kasplist, + &data->cbd->server->keystorelist, cfg->actx, + true, false, true, true); + if (result != ISC_R_SUCCESS) { + isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, + NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, + "catz_reconfigure : error \"%s\" while trying to " + "reconfigure member zone '%s'", + isc_result_totext(result), nameb); + goto cleanup; + } + +cleanup: + if (zoneconf != NULL) { + cfg_obj_destroy(cfg->add_parser, &zoneconf); + } + + dns_zone_detach(&zone); +} + static isc_result_t configure_catz_zone(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *config, const cfg_listelt_t *element) { @@ -3062,12 +3151,21 @@ configure_catz_zone(dns_view_t *view, dns_view_t *pview, result = dns_catz_zone_add(view->catzs, &origin, &zone); if (result == ISC_R_EXISTS) { + catz_reconfig_data_t data = { + .catz = zone, + .config = config, + .cbd = (catz_cb_data_t *)dns_catz_zones_get_udata( + view->catzs), + }; + /* - * We have to walk through all the member zones and re-attach - * them to current view + * We have to walk through all the member zones, re-attach + * them to the current view and reconfigure */ dns_catz_zone_for_each_entry2(zone, catz_changeview, pview, view); + dns_catz_zone_for_each_entry2(zone, catz_reconfigure, view, + &data); } dns_catz_zone_resetdefoptions(zone); @@ -4158,7 +4256,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config, const cfg_obj_t *zconfig = cfg_listelt_value(element); CHECK(configure_zone(config, zconfig, vconfig, view, viewlist, kasplist, keystores, actx, false, - old_rpz_ok, false)); + old_rpz_ok, false, false)); zone_element_latest = element; } @@ -6497,7 +6595,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, const cfg_obj_t *vconfig, dns_view_t *view, dns_viewlist_t *viewlist, dns_kasplist_t *kasplist, dns_keystorelist_t *keystores, cfg_aclconfctx_t *aclconf, - bool added, bool old_rpz_ok, bool modify) { + bool added, bool old_rpz_ok, bool is_catz_member, bool modify) { dns_view_t *pview = NULL; /* Production view */ dns_zone_t *zone = NULL; /* New or reused zone */ dns_zone_t *raw = NULL; /* New or reused raw zone */ @@ -6733,7 +6831,7 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig, } } - if (view->catzs != NULL && + if (!is_catz_member && view->catzs != NULL && dns_catz_zone_get(view->catzs, origin) != NULL) { zone_is_catz = true; @@ -7869,7 +7967,7 @@ configure_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig, &named_g_server->viewlist, &named_g_server->kasplist, &named_g_server->keystorelist, actx, true, - false, false)); + false, false, false)); } result = ISC_R_SUCCESS; @@ -8054,7 +8152,7 @@ configure_newzone(const cfg_obj_t *zconfig, cfg_obj_t *config, return (configure_zone( config, zconfig, vconfig, view, &named_g_server->viewlist, &named_g_server->kasplist, &named_g_server->keystorelist, actx, - true, false, false)); + true, false, false, false)); } /*% @@ -13705,7 +13803,7 @@ do_addzone(named_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view, result = configure_zone(cfg->config, zoneobj, cfg->vconfig, view, &server->viewlist, &server->kasplist, &server->keystorelist, cfg->actx, true, false, - false); + false, false); dns_view_freeze(view); isc_loopmgr_resume(named_g_loopmgr); @@ -13891,7 +13989,7 @@ do_modzone(named_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view, result = configure_zone(cfg->config, zoneobj, cfg->vconfig, view, &server->viewlist, &server->kasplist, &server->keystorelist, cfg->actx, true, false, - true); + false, true); dns_view_freeze(view); isc_loopmgr_resume(named_g_loopmgr); diff --git a/lib/dns/catz.c b/lib/dns/catz.c index cacd5d59d4..7c3a286324 100644 --- a/lib/dns/catz.c +++ b/lib/dns/catz.c @@ -801,6 +801,13 @@ dns_catz_zones_new(isc_mem_t *mctx, isc_loopmgr_t *loopmgr, return (catzs); } +void * +dns_catz_zones_get_udata(dns_catz_zones_t *catzs) { + REQUIRE(DNS_CATZ_ZONES_VALID(catzs)); + + return (catzs->zmm->udata); +} + void dns_catz_catzs_set_view(dns_catz_zones_t *catzs, dns_view_t *view) { REQUIRE(DNS_CATZ_ZONES_VALID(catzs)); diff --git a/lib/dns/include/dns/catz.h b/lib/dns/include/dns/catz.h index 5d9af5e0fa..923f3b33a6 100644 --- a/lib/dns/include/dns/catz.h +++ b/lib/dns/include/dns/catz.h @@ -298,6 +298,15 @@ dns_catz_zones_new(isc_mem_t *mctx, isc_loopmgr_t *loopmgr, * */ +void * +dns_catz_zones_get_udata(dns_catz_zones_t *catzs); +/*%< + * Get the 'udata' member of the zone methods which was set when creating catzs. + * + * Requires: + * \li 'catzs' is a valid dns_catz_zones_t. + */ + isc_result_t dns_catz_zone_add(dns_catz_zones_t *catzs, const dns_name_t *name, dns_catz_zone_t **catzp);