2018-07-31 03:48:58 -04:00
|
|
|
/*
|
|
|
|
|
* util/edns.c - handle base EDNS options.
|
|
|
|
|
*
|
|
|
|
|
* Copyright (c) 2018, NLnet Labs. All rights reserved.
|
|
|
|
|
*
|
|
|
|
|
* This software is open source.
|
|
|
|
|
*
|
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
|
* are met:
|
|
|
|
|
*
|
|
|
|
|
* Redistributions of source code must retain the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer.
|
|
|
|
|
*
|
|
|
|
|
* Redistributions in binary form must reproduce the above copyright notice,
|
|
|
|
|
* this list of conditions and the following disclaimer in the documentation
|
|
|
|
|
* and/or other materials provided with the distribution.
|
|
|
|
|
*
|
|
|
|
|
* Neither the name of the NLNET LABS nor the names of its contributors may
|
|
|
|
|
* be used to endorse or promote products derived from this software without
|
|
|
|
|
* specific prior written permission.
|
|
|
|
|
*
|
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
|
|
|
|
|
* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
|
|
|
* HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
|
* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
|
|
|
|
|
* TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
|
|
|
|
|
* PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
|
|
|
|
|
* LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
|
|
|
|
|
* NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
|
|
|
* SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* \file
|
|
|
|
|
*
|
|
|
|
|
* This file contains functions for base EDNS options.
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
#include "config.h"
|
2019-01-24 11:05:00 -05:00
|
|
|
#include "util/edns.h"
|
2019-01-24 11:10:05 -05:00
|
|
|
#include "util/config_file.h"
|
2018-07-31 03:48:58 -04:00
|
|
|
#include "util/netevent.h"
|
2020-07-24 10:00:13 -04:00
|
|
|
#include "util/net_help.h"
|
2018-07-31 03:48:58 -04:00
|
|
|
#include "util/regional.h"
|
2023-08-04 08:26:08 -04:00
|
|
|
#include "util/rfc_1982.h"
|
|
|
|
|
#include "util/siphash.h"
|
2018-07-31 03:48:58 -04:00
|
|
|
#include "util/data/msgparse.h"
|
|
|
|
|
#include "util/data/msgreply.h"
|
2023-08-04 08:26:08 -04:00
|
|
|
#include "sldns/sbuffer.h"
|
2018-07-31 03:48:58 -04:00
|
|
|
|
2020-09-30 17:17:53 -04:00
|
|
|
struct edns_strings* edns_strings_create(void)
|
2020-07-23 11:17:44 -04:00
|
|
|
{
|
2020-09-30 17:17:53 -04:00
|
|
|
struct edns_strings* edns_strings = calloc(1,
|
|
|
|
|
sizeof(struct edns_strings));
|
|
|
|
|
if(!edns_strings)
|
2020-07-23 11:17:44 -04:00
|
|
|
return NULL;
|
2020-09-30 17:17:53 -04:00
|
|
|
if(!(edns_strings->region = regional_create())) {
|
|
|
|
|
edns_strings_delete(edns_strings);
|
2020-07-23 11:17:44 -04:00
|
|
|
return NULL;
|
|
|
|
|
}
|
2020-09-30 17:17:53 -04:00
|
|
|
return edns_strings;
|
2020-07-23 11:17:44 -04:00
|
|
|
}
|
|
|
|
|
|
2020-09-30 17:17:53 -04:00
|
|
|
void edns_strings_delete(struct edns_strings* edns_strings)
|
2020-07-23 11:17:44 -04:00
|
|
|
{
|
2020-09-30 17:17:53 -04:00
|
|
|
if(!edns_strings)
|
2020-07-23 11:17:44 -04:00
|
|
|
return;
|
2020-09-30 17:17:53 -04:00
|
|
|
regional_destroy(edns_strings->region);
|
|
|
|
|
free(edns_strings);
|
2020-07-23 11:17:44 -04:00
|
|
|
}
|
|
|
|
|
|
2020-07-24 10:00:13 -04:00
|
|
|
static int
|
2020-09-30 17:17:53 -04:00
|
|
|
edns_strings_client_insert(struct edns_strings* edns_strings,
|
2020-07-24 10:00:13 -04:00
|
|
|
struct sockaddr_storage* addr, socklen_t addrlen, int net,
|
2020-09-30 17:17:53 -04:00
|
|
|
const char* string)
|
2020-07-24 10:00:13 -04:00
|
|
|
{
|
2020-09-30 17:17:53 -04:00
|
|
|
struct edns_string_addr* esa = regional_alloc_zero(edns_strings->region,
|
|
|
|
|
sizeof(struct edns_string_addr));
|
|
|
|
|
if(!esa)
|
2020-07-24 10:00:13 -04:00
|
|
|
return 0;
|
2020-09-30 17:17:53 -04:00
|
|
|
esa->string_len = strlen(string);
|
|
|
|
|
esa->string = regional_alloc_init(edns_strings->region, string,
|
|
|
|
|
esa->string_len);
|
|
|
|
|
if(!esa->string)
|
|
|
|
|
return 0;
|
|
|
|
|
if(!addr_tree_insert(&edns_strings->client_strings, &esa->node, addr,
|
|
|
|
|
addrlen, net)) {
|
|
|
|
|
verbose(VERB_QUERY, "duplicate EDNS client string ignored.");
|
2020-07-24 10:00:13 -04:00
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-30 17:17:53 -04:00
|
|
|
int edns_strings_apply_cfg(struct edns_strings* edns_strings,
|
2020-07-23 11:17:44 -04:00
|
|
|
struct config_file* config)
|
|
|
|
|
{
|
2020-07-24 10:00:13 -04:00
|
|
|
struct config_str2list* c;
|
2020-09-30 17:17:53 -04:00
|
|
|
regional_free_all(edns_strings->region);
|
|
|
|
|
addr_tree_init(&edns_strings->client_strings);
|
2020-07-23 11:17:44 -04:00
|
|
|
|
2020-09-30 17:17:53 -04:00
|
|
|
for(c=config->edns_client_strings; c; c=c->next) {
|
2020-07-24 10:00:13 -04:00
|
|
|
struct sockaddr_storage addr;
|
|
|
|
|
socklen_t addrlen;
|
|
|
|
|
int net;
|
|
|
|
|
log_assert(c->str && c->str2);
|
|
|
|
|
|
|
|
|
|
if(!netblockstrtoaddr(c->str, UNBOUND_DNS_PORT, &addr, &addrlen,
|
|
|
|
|
&net)) {
|
2020-09-30 17:17:53 -04:00
|
|
|
log_err("cannot parse EDNS client string IP netblock: "
|
|
|
|
|
"%s", c->str);
|
2020-07-24 10:00:13 -04:00
|
|
|
return 0;
|
|
|
|
|
}
|
2020-09-30 17:17:53 -04:00
|
|
|
if(!edns_strings_client_insert(edns_strings, &addr, addrlen,
|
|
|
|
|
net, c->str2)) {
|
|
|
|
|
log_err("out of memory while adding EDNS strings");
|
2020-07-24 10:00:13 -04:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-09-30 17:17:53 -04:00
|
|
|
edns_strings->client_string_opcode = config->edns_client_string_opcode;
|
2020-07-23 11:17:44 -04:00
|
|
|
|
2020-09-30 17:17:53 -04:00
|
|
|
addr_tree_init_parents(&edns_strings->client_strings);
|
2020-07-23 11:17:44 -04:00
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-30 17:17:53 -04:00
|
|
|
struct edns_string_addr*
|
|
|
|
|
edns_string_addr_lookup(rbtree_type* tree, struct sockaddr_storage* addr,
|
2020-07-23 11:17:44 -04:00
|
|
|
socklen_t addrlen)
|
|
|
|
|
{
|
2020-09-30 17:17:53 -04:00
|
|
|
return (struct edns_string_addr*)addr_tree_lookup(tree, addr, addrlen);
|
2020-07-23 11:17:44 -04:00
|
|
|
}
|
|
|
|
|
|
Fast Reload Option (#1042)
* - fast-reload, add unbound-control fast_reload
* - fast-reload, make a thread to service the unbound-control command.
* - fast-reload, communication sockets for information transfer.
* - fast-reload, fix compile for unbound-dnstap-socket.
* - fast-reload, set nonblocking communication to keep the server thread
responding to DNS requests.
* - fast-reload, poll routine to test for readiness, timeout fails connection.
* - fast-reload, detect loop in sock_poll_timeout routine.
* - fast-reload, send done and exited notification.
* - fast-reload, defines for constants in ipc.
* - fast-reload, ipc socket recv and send resists partial reads and writes and
can continue byte by byte. Also it can continue after an interrupt.
* - fast-reload, send exit command to thread when done.
* - fast-reload, output strings for client on string list.
* - fast-reload, add newline to terminal output.
* - fast-reload, send client string to remote client.
* - fast-reload, better debug output.
* - fast-reload, print queue structure, for output to the remote client.
* - fast-reload, move print items to print queue from fast_reload_thread struct.
* - fast-reload, keep list of pending print queue items in daemon struct.
* - fast-reload, comment explains in_list for printq to print remainder.
* - fast-reload, unit test testdata/fast_reload_thread.tdir that tests the
thread output.
* - fast-reload, fix test link for fast_reload_printq_list_delete function.
* - fast-reload, reread config file from disk.
* - fast-reload, unshare forwards, making the structure locked, with an rwlock.
* - fast-reload, for nonthreaded, the unbound-control commands forward,
forward_add and forward_delete should be distributed to other processes,
but when threaded, they should not be distributed to other threads because
the structure is not thread specific any more.
* - fast-reload, unshared stub hints, making the structure locked, with an rwlock.
* - fast-reload, helpful comments for hints lookup function return value.
* - fast-reload, fix bug in fast reload printout, the strlist appendlist routine,
and printout time statistics after the reload is done.
* - fast-reload, keep track of reloadtime and deletestime and print them.
* - fast-reload, keep track of constructtime and print it.
* - fast-reload, construct new items.
* - fast-reload, better comment.
* - fast-reload, reload the config and swap trees for forwards and stub hints.
* - fast-reload, in forwards_swap_tree set protection of trees with locks.
* - fast-reload, in hints_swap_tree also swap the node count of the trees.
* - fast-reload, reload ipc to stop and start threads.
* - fast-reload, unused forward declarations removed.
* - fast-reload, unit test that fast reload works with forwards and stubs.
* - fast-reload, fix clang analyzer warnings.
* - fast-reload, small documentation entry in unbound-control -h output.
* - fast-reload, printout memory use by fast reload, in bytes.
* - fast-reload, compile without threads.
* - fast-reload, document fast_reload in man page.
* - fast-reload, print ok when done successfully.
* - fast-reload, option for fast-reload commandline, +v verbosity option,
with timing and memory use output.
* - fast-reload, option for fast-reload commandline, +p does not pause threads.
* - fast-reload, option for fast-reload commandline, +d drops mesh queries.
* - fast-reload, fix to poll every thread with nopause to make certain that
resources are not held by the threads and can be deleted.
* - fast-reload, fix to use atomic store for config variables with nopause.
* - fast-reload, reload views.
* - fast-reload, when tag defines are different, it drops the queries.
* - fast-reload, fix tag define check.
* - fast-reload, document that tag change causes drop of queries.
* - fast-reload, fix space in documentation man page.
* - fast-reload, copy respip client information to query state, put views tree
in module env for lookup.
* - fast-reload, nicer respip view comparison.
* - fast-reload, respip global set is in module env.
* - fast-reload, document that respip_client_info acl info is copied.
* - fast-reload, reload the respip_set.
* - fast-reload, document no pause and pick up of use_response_ip boolean.
* - fast-reload, fix test compile.
* - fast-reload, reload local zones.
* Update locking management for iter_fwd and iter_hints methods. (#1054)
fast reload, move most of the locking management to iter_fwd and
iter_hints methods. The caller still has the ability to handle its
own locking, if desired, for atomic operations on sets of different
structs.
Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
* - fast-reload, reload access-control.
* - fast-reload, reload access control interface, such as interface-action.
* - fast-reload, reload tcp-connection-limit.
* - fast-reload, improve comments on acl_list and tcl_list swap tree.
* - fast-reload, fixup references to old tcp connection limits in open tcp
connections.
* - fast-reload, fixup to clean tcp connection also for different linked order.
* - fast-reload, if no tcp connection limits existed, no need to remove
references for that.
* - fast-reload, document more options that work and do not work.
* - fast-reload, reload auth_zone and rpz data.
* - fast-reload, fix auth_zones_get_mem.
* - fast-reload, fix compilation of testbound for the new comm_timer_get_mem
reference in remote control.
* - fast-reload, change use_rpz with reload.
* - fast-reload, list changes in auth zones and stop zonemd callbacks for
deleted auth zones.
* - fast-reload, note xtree is not swapped, and why it is not swapped.
* - fast-reload, for added auth zones, pick up zone transfer and zonemd tasks.
* - fast-reload, unlock xfr when done with transfer pick up.
* - fast-reload, unlock z when picking up the xfr for it during transfer task
pick up.
* - fast-reload, pick up task changes for added, deleted and modified auth zones.
* - fast-reload, remove xfr of auth zone deletion without tasks.
* - fast-reload, pick up zone transfer config.
* - fast-reload, the main worker thread picks up the transfer tasks and also
performs setup of the xfer struct.
* - fast-reload, keep writelock on newzone when auth zone changes.
* - fast-reload, change cachedb_enabled setting.
* - fast-reload, pick up edns-strings config.
* - fast-reload, note that settings are not updated.
* - fast-reload, pick up dnstap config.
* - fast-reload, dnstap options that need to be loaded without +p.
* - fast-reload, fix auth zone reload
* - fast-reload, remove debug for auth zone test.
* - fast-reload, fix auth zone reload with zone transfer.
* - fast-reload, fix auth zone reload lock order.
* - fast-reload, remove debug from fast reload test.
* - fast-reload, remove unused function.
* - fast-reload, fix the worker trust anchor probe timer lock acquisition in
the probe answer callback routine for trust anchor probes.
* - fast-reload, reload trust anchors.
* - fast-reload, fix trust anchor reload lock on autr global data and test
for trust anchor reload.
* - fast-reload, adjust cache sizes.
* - fast-reload, reload cache sizes when changed.
* - fast-reload, reload validator env changes.
* - fast-reload, reload mesh changes.
* - fast-reload, check for incompatible changes.
* - fast-reload, improve error text for incompatible change.
* - fast-reload, fix check config option compatibility.
* - fast-reload, improve error text for nopause change.
* - fast-reload, fix spelling of incompatible options.
* - fast-reload, reload target-fetch-policy, outbound-msg-retry, max-sent-count
and max-query-restarts.
* - fast-reload, check nopause config change for target-fetch-policy.
* - fast-reload, reload do-not-query-address, private-address and capt-exempt.
* - fast-reload, check nopause config change for do-not-query-address,
private-address and capt-exempt.
* - fast-reload, check fast reload not possible due to interface and
outgoing-interface changes.
* - fast-reload, reload nat64 settings.
* - fast-reload, reload settings stored in the infra structure.
* - fast-reload, fix modstack lookup and remove outgoing-range check.
* - fast-reload, more explanation for config parse failure.
* - fast-reload, reload worker outside network changes.
* - fast-reload, detect incompatible changes in network settings.
* fast-reload, commit test files.
* - fast-reload, fix warnings for call types in windows compile.
* - fast-reload, fix warnings and comm_point_internal for tcp wouldblock calls.
* - fast-reload, extend lock checks for repeat thread ids.
* - fast-reload, additional test cases, cache change and tag changes.
* - fast-reload, fix documentation for auth_zone_verify_zonemd_with_key.
* - fast-reload, fix copy_cfg type casts and memory leak on config parse failure.
* - fast-reload, fix use of WSAPoll.
* Review comments for the fast reload feature (#1259)
* - fast-reload review, respip set can be null from a view.
* - fast-reload review, typos.
* - fast-reload review, keep clang static analyzer happy.
* - fast-reload review, don't forget to copy tag_actions.
* - fast-reload review, less indentation.
* - fast-reload review, don't leak respip_actions when reloading.
* - fast-reload review, protect NULL pointer dereference in get_mem
functions.
* - fast-reload review, add fast_reload_most_options.tdir to test most
options with high verbosity when fast reloading.
* - fast-reload review, don't skip new line on long error printouts.
* - fast-reload review, typo.
* - fast-reload review, use new_z for consistency.
* - fast-reload review, nit for unlock ordering to make eye comparison
with the lock counterpart easier.
* - fast-reload review, in case of error the sockets are already closed.
* - fast-reload review, identation.
* - fast-reload review, add static keywords.
* - fast-reload review, update unbound-control usage text.
* - fast-reload review, updates to the man page.
* - fast-reload, the fast-reload command is experimental.
* - fast-reload, fix compile of doqclient for fast reload functions.
* Changelog comment for #1042
- Merge #1042: Fast Reload. The unbound-control fast_reload is added.
It reads changed config in a thread, then only briefly pauses the
service threads, that keep running. DNS service is only interrupted
briefly, less than a second.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
2025-03-31 09:25:24 -04:00
|
|
|
size_t
|
|
|
|
|
edns_strings_get_mem(struct edns_strings* edns_strings)
|
|
|
|
|
{
|
|
|
|
|
if(!edns_strings) return 0;
|
|
|
|
|
return regional_get_mem(edns_strings->region) + sizeof(*edns_strings);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
edns_strings_swap_tree(struct edns_strings* edns_strings,
|
|
|
|
|
struct edns_strings* data)
|
|
|
|
|
{
|
|
|
|
|
rbtree_type tree = edns_strings->client_strings;
|
|
|
|
|
uint16_t opcode = edns_strings->client_string_opcode;
|
|
|
|
|
struct regional* region = edns_strings->region;
|
|
|
|
|
|
|
|
|
|
edns_strings->client_strings = data->client_strings;
|
|
|
|
|
edns_strings->client_string_opcode = data->client_string_opcode;
|
|
|
|
|
edns_strings->region = data->region;
|
|
|
|
|
data->client_strings = tree;
|
|
|
|
|
data->client_string_opcode = opcode;
|
|
|
|
|
data->region = region;
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-04 08:26:08 -04:00
|
|
|
uint8_t*
|
|
|
|
|
edns_cookie_server_hash(const uint8_t* in, const uint8_t* secret, int v4,
|
|
|
|
|
uint8_t* hash)
|
|
|
|
|
{
|
|
|
|
|
v4?siphash(in, 20, secret, hash, 8):siphash(in, 32, secret, hash, 8);
|
|
|
|
|
return hash;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
edns_cookie_server_write(uint8_t* buf, const uint8_t* secret, int v4,
|
|
|
|
|
uint32_t timestamp)
|
|
|
|
|
{
|
|
|
|
|
uint8_t hash[8];
|
|
|
|
|
buf[ 8] = 1; /* Version */
|
|
|
|
|
buf[ 9] = 0; /* Reserved */
|
|
|
|
|
buf[10] = 0; /* Reserved */
|
|
|
|
|
buf[11] = 0; /* Reserved */
|
|
|
|
|
sldns_write_uint32(buf + 12, timestamp);
|
|
|
|
|
(void)edns_cookie_server_hash(buf, secret, v4, hash);
|
|
|
|
|
memcpy(buf + 16, hash, 8);
|
|
|
|
|
}
|
|
|
|
|
|
2023-08-08 09:19:56 -04:00
|
|
|
enum edns_cookie_val_status
|
2023-08-04 08:26:08 -04:00
|
|
|
edns_cookie_server_validate(const uint8_t* cookie, size_t cookie_len,
|
|
|
|
|
const uint8_t* secret, size_t secret_len, int v4,
|
|
|
|
|
const uint8_t* hash_input, uint32_t now)
|
|
|
|
|
{
|
|
|
|
|
uint8_t hash[8];
|
2023-08-07 05:20:48 -04:00
|
|
|
uint32_t timestamp;
|
|
|
|
|
uint32_t subt_1982 = 0; /* Initialize for the compiler; unused value */
|
2023-08-04 08:26:08 -04:00
|
|
|
int comp_1982;
|
2023-08-08 09:19:56 -04:00
|
|
|
if(cookie_len != 24)
|
|
|
|
|
/* RFC9018 cookies are 24 bytes long */
|
|
|
|
|
return COOKIE_STATUS_CLIENT_ONLY;
|
|
|
|
|
if(secret_len != 16 || /* RFC9018 cookies have 16 byte secrets */
|
|
|
|
|
cookie[8] != 1) /* RFC9018 cookies are cookie version 1 */
|
|
|
|
|
return COOKIE_STATUS_INVALID;
|
2023-08-04 08:26:08 -04:00
|
|
|
timestamp = sldns_read_uint32(cookie + 12);
|
|
|
|
|
if((comp_1982 = compare_1982(now, timestamp)) > 0
|
|
|
|
|
&& (subt_1982 = subtract_1982(timestamp, now)) > 3600)
|
|
|
|
|
/* Cookie is older than 1 hour (see RFC9018 Section 4.3.) */
|
2023-08-08 09:19:56 -04:00
|
|
|
return COOKIE_STATUS_EXPIRED;
|
2023-08-04 08:26:08 -04:00
|
|
|
if(comp_1982 <= 0 && subtract_1982(now, timestamp) > 300)
|
|
|
|
|
/* Cookie time is more than 5 minutes in the future.
|
|
|
|
|
* (see RFC9018 Section 4.3.) */
|
2023-08-08 09:19:56 -04:00
|
|
|
return COOKIE_STATUS_FUTURE;
|
2023-08-04 08:26:08 -04:00
|
|
|
if(memcmp(edns_cookie_server_hash(hash_input, secret, v4, hash),
|
|
|
|
|
cookie + 16, 8) != 0)
|
|
|
|
|
/* Hashes do not match */
|
2023-08-08 09:19:56 -04:00
|
|
|
return COOKIE_STATUS_INVALID;
|
2023-08-04 08:26:08 -04:00
|
|
|
if(comp_1982 > 0 && subt_1982 > 1800)
|
|
|
|
|
/* Valid cookie but older than 30 minutes, so create a new one
|
|
|
|
|
* anyway */
|
2023-08-08 09:19:56 -04:00
|
|
|
return COOKIE_STATUS_VALID_RENEW;
|
|
|
|
|
return COOKIE_STATUS_VALID;
|
2023-08-04 08:26:08 -04:00
|
|
|
}
|
Cookie secret file (#1090)
* - cookie-secret-file, define struct.
* - cookie-secret-file, add config option, create, read and delete struct.
* - cookie-secret-file, check cookie secrets for cookie validation.
* - cookie-secret-file, unbound-control add_cookie_secret, drop_cookie_secret,
activate_cookie_secret and print_cookie_secrets.
* - cookie-secret-file, test and fix locks, renew writes a fresh cookie,
staging cookies get a fresh cookie and spelling in error message.
* - cookie-secret-file, remove unused variable from cookie file unit test.
* Remove unshare and faketime dependencies for cookie_file test; documentation nits.
---------
Co-authored-by: Yorgos Thessalonikefs <yorgos@nlnetlabs.nl>
2024-08-02 07:32:08 -04:00
|
|
|
|
|
|
|
|
struct cookie_secrets*
|
|
|
|
|
cookie_secrets_create(void)
|
|
|
|
|
{
|
|
|
|
|
struct cookie_secrets* cookie_secrets = calloc(1,
|
|
|
|
|
sizeof(*cookie_secrets));
|
|
|
|
|
if(!cookie_secrets)
|
|
|
|
|
return NULL;
|
|
|
|
|
lock_basic_init(&cookie_secrets->lock);
|
|
|
|
|
lock_protect(&cookie_secrets->lock, &cookie_secrets->cookie_count,
|
|
|
|
|
sizeof(cookie_secrets->cookie_count));
|
|
|
|
|
lock_protect(&cookie_secrets->lock, cookie_secrets->cookie_secrets,
|
|
|
|
|
sizeof(cookie_secret_type)*UNBOUND_COOKIE_HISTORY_SIZE);
|
|
|
|
|
return cookie_secrets;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void
|
|
|
|
|
cookie_secrets_delete(struct cookie_secrets* cookie_secrets)
|
|
|
|
|
{
|
|
|
|
|
if(!cookie_secrets)
|
|
|
|
|
return;
|
|
|
|
|
lock_basic_destroy(&cookie_secrets->lock);
|
|
|
|
|
explicit_bzero(cookie_secrets->cookie_secrets,
|
|
|
|
|
sizeof(cookie_secret_type)*UNBOUND_COOKIE_HISTORY_SIZE);
|
|
|
|
|
free(cookie_secrets);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/** Read the cookie secret file */
|
|
|
|
|
static int
|
|
|
|
|
cookie_secret_file_read(struct cookie_secrets* cookie_secrets,
|
|
|
|
|
char* cookie_secret_file)
|
|
|
|
|
{
|
|
|
|
|
char secret[UNBOUND_COOKIE_SECRET_SIZE * 2 + 2/*'\n' and '\0'*/];
|
|
|
|
|
FILE* f;
|
|
|
|
|
int corrupt = 0;
|
|
|
|
|
size_t count;
|
|
|
|
|
|
|
|
|
|
log_assert(cookie_secret_file != NULL);
|
|
|
|
|
cookie_secrets->cookie_count = 0;
|
|
|
|
|
f = fopen(cookie_secret_file, "r");
|
|
|
|
|
/* a non-existing cookie file is not an error */
|
|
|
|
|
if( f == NULL ) {
|
|
|
|
|
if(errno != EPERM) {
|
|
|
|
|
log_err("Could not read cookie-secret-file '%s': %s",
|
|
|
|
|
cookie_secret_file, strerror(errno));
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
/* cookie secret file exists and is readable */
|
|
|
|
|
for( count = 0; count < UNBOUND_COOKIE_HISTORY_SIZE; count++ ) {
|
|
|
|
|
size_t secret_len = 0;
|
|
|
|
|
ssize_t decoded_len = 0;
|
|
|
|
|
if( fgets(secret, sizeof(secret), f) == NULL ) { break; }
|
|
|
|
|
secret_len = strlen(secret);
|
|
|
|
|
if( secret_len == 0 ) { break; }
|
|
|
|
|
log_assert( secret_len <= sizeof(secret) );
|
|
|
|
|
secret_len = secret[secret_len - 1] == '\n' ? secret_len - 1 : secret_len;
|
|
|
|
|
if( secret_len != UNBOUND_COOKIE_SECRET_SIZE * 2 ) { corrupt++; break; }
|
|
|
|
|
/* needed for `hex_pton`; stripping potential `\n` */
|
|
|
|
|
secret[secret_len] = '\0';
|
|
|
|
|
decoded_len = hex_pton(secret, cookie_secrets->cookie_secrets[count].cookie_secret,
|
|
|
|
|
UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
if( decoded_len != UNBOUND_COOKIE_SECRET_SIZE ) { corrupt++; break; }
|
|
|
|
|
cookie_secrets->cookie_count++;
|
|
|
|
|
}
|
|
|
|
|
fclose(f);
|
|
|
|
|
return corrupt == 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int
|
|
|
|
|
cookie_secrets_apply_cfg(struct cookie_secrets* cookie_secrets,
|
|
|
|
|
char* cookie_secret_file)
|
|
|
|
|
{
|
|
|
|
|
if(!cookie_secrets) {
|
|
|
|
|
if(!cookie_secret_file || !cookie_secret_file[0])
|
|
|
|
|
return 1; /* There is nothing to read anyway */
|
|
|
|
|
log_err("Could not read cookie secrets, no structure alloced");
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
if(!cookie_secret_file_read(cookie_secrets, cookie_secret_file))
|
|
|
|
|
return 0;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
enum edns_cookie_val_status
|
|
|
|
|
cookie_secrets_server_validate(const uint8_t* cookie, size_t cookie_len,
|
|
|
|
|
struct cookie_secrets* cookie_secrets, int v4,
|
|
|
|
|
const uint8_t* hash_input, uint32_t now)
|
|
|
|
|
{
|
|
|
|
|
size_t i;
|
|
|
|
|
enum edns_cookie_val_status cookie_val_status,
|
|
|
|
|
last = COOKIE_STATUS_INVALID;
|
|
|
|
|
if(!cookie_secrets)
|
|
|
|
|
return COOKIE_STATUS_INVALID; /* There are no cookie secrets.*/
|
|
|
|
|
lock_basic_lock(&cookie_secrets->lock);
|
|
|
|
|
if(cookie_secrets->cookie_count == 0) {
|
|
|
|
|
lock_basic_unlock(&cookie_secrets->lock);
|
|
|
|
|
return COOKIE_STATUS_INVALID; /* There are no cookie secrets.*/
|
|
|
|
|
}
|
|
|
|
|
for(i=0; i<cookie_secrets->cookie_count; i++) {
|
|
|
|
|
cookie_val_status = edns_cookie_server_validate(cookie,
|
|
|
|
|
cookie_len,
|
|
|
|
|
cookie_secrets->cookie_secrets[i].cookie_secret,
|
|
|
|
|
UNBOUND_COOKIE_SECRET_SIZE, v4, hash_input, now);
|
|
|
|
|
if(cookie_val_status == COOKIE_STATUS_VALID ||
|
|
|
|
|
cookie_val_status == COOKIE_STATUS_VALID_RENEW) {
|
|
|
|
|
lock_basic_unlock(&cookie_secrets->lock);
|
|
|
|
|
/* For staging cookies, write a fresh cookie. */
|
|
|
|
|
if(i != 0)
|
|
|
|
|
return COOKIE_STATUS_VALID_RENEW;
|
|
|
|
|
return cookie_val_status;
|
|
|
|
|
}
|
|
|
|
|
if(last == COOKIE_STATUS_INVALID)
|
|
|
|
|
last = cookie_val_status; /* Store more interesting
|
|
|
|
|
failure to return. */
|
|
|
|
|
}
|
|
|
|
|
lock_basic_unlock(&cookie_secrets->lock);
|
|
|
|
|
return last;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void add_cookie_secret(struct cookie_secrets* cookie_secrets,
|
|
|
|
|
uint8_t* secret, size_t secret_len)
|
|
|
|
|
{
|
|
|
|
|
log_assert(secret_len == UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
(void)secret_len;
|
|
|
|
|
if(!cookie_secrets)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
/* New cookie secret becomes the staging secret (position 1)
|
|
|
|
|
* unless there is no active cookie yet, then it becomes the active
|
|
|
|
|
* secret. If the UNBOUND_COOKIE_HISTORY_SIZE > 2 then all staging cookies
|
|
|
|
|
* are moved one position down.
|
|
|
|
|
*/
|
|
|
|
|
if(cookie_secrets->cookie_count == 0) {
|
|
|
|
|
memcpy( cookie_secrets->cookie_secrets->cookie_secret
|
|
|
|
|
, secret, UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
cookie_secrets->cookie_count = 1;
|
|
|
|
|
explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
#if UNBOUND_COOKIE_HISTORY_SIZE > 2
|
|
|
|
|
memmove( &cookie_secrets->cookie_secrets[2], &cookie_secrets->cookie_secrets[1]
|
|
|
|
|
, sizeof(struct cookie_secret) * (UNBOUND_COOKIE_HISTORY_SIZE - 2));
|
|
|
|
|
#endif
|
|
|
|
|
memcpy( cookie_secrets->cookie_secrets[1].cookie_secret
|
|
|
|
|
, secret, UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
cookie_secrets->cookie_count = cookie_secrets->cookie_count < UNBOUND_COOKIE_HISTORY_SIZE
|
|
|
|
|
? cookie_secrets->cookie_count + 1 : UNBOUND_COOKIE_HISTORY_SIZE;
|
|
|
|
|
explicit_bzero(secret, UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void activate_cookie_secret(struct cookie_secrets* cookie_secrets)
|
|
|
|
|
{
|
|
|
|
|
uint8_t active_secret[UNBOUND_COOKIE_SECRET_SIZE];
|
|
|
|
|
if(!cookie_secrets)
|
|
|
|
|
return;
|
|
|
|
|
/* The staging secret becomes the active secret.
|
|
|
|
|
* The active secret becomes a staging secret.
|
|
|
|
|
* If the UNBOUND_COOKIE_HISTORY_SIZE > 2 then all staging secrets are moved
|
|
|
|
|
* one position up and the previously active secret becomes the last
|
|
|
|
|
* staging secret.
|
|
|
|
|
*/
|
|
|
|
|
if(cookie_secrets->cookie_count < 2)
|
|
|
|
|
return;
|
|
|
|
|
memcpy( active_secret, cookie_secrets->cookie_secrets[0].cookie_secret
|
|
|
|
|
, UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
memmove( &cookie_secrets->cookie_secrets[0], &cookie_secrets->cookie_secrets[1]
|
|
|
|
|
, sizeof(struct cookie_secret) * (UNBOUND_COOKIE_HISTORY_SIZE - 1));
|
|
|
|
|
memcpy( cookie_secrets->cookie_secrets[cookie_secrets->cookie_count - 1].cookie_secret
|
|
|
|
|
, active_secret, UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
explicit_bzero(active_secret, UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void drop_cookie_secret(struct cookie_secrets* cookie_secrets)
|
|
|
|
|
{
|
|
|
|
|
if(!cookie_secrets)
|
|
|
|
|
return;
|
|
|
|
|
/* Drops a staging cookie secret. If there are more than one, it will
|
|
|
|
|
* drop the last staging secret. */
|
|
|
|
|
if(cookie_secrets->cookie_count < 2)
|
|
|
|
|
return;
|
|
|
|
|
explicit_bzero( cookie_secrets->cookie_secrets[cookie_secrets->cookie_count - 1].cookie_secret
|
|
|
|
|
, UNBOUND_COOKIE_SECRET_SIZE);
|
|
|
|
|
cookie_secrets->cookie_count -= 1;
|
|
|
|
|
}
|
