Coverage for src/bin/xfrin/xfrin : 92%
Hot-keys on this page
r m x p toggle line displays
j k next/prev highlighted chunk
0 (zero) top of page
1 (one) first highlighted chunk
|
#!/usr/bin/python3
# Copyright (C) 2009-2011 Internet Systems Consortium. # # Permission to use, copy, modify, and distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # # THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SYSTEMS CONSORTIUM # DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL # INTERNET SYSTEMS CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, # INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING # FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, # NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION # WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
# Pending system-wide debug level definitions, the ones we # use here are hardcoded for now
except ImportError as e: # C++ loadable module may not be installed; even so the xfrin process # must keep running, so we warn about it and move forward. logger.error(XFRIN_IMPORT_DNS, str(e))
# If B10_FROM_BUILD is set in the environment, we use data files # from a directory relative to that, otherwise we use the ones # installed on the system else: PREFIX = "/home/jelte/opt/bind10" DATAROOTDIR = "${prefix}/share" SPECFILE_PATH = "${datarootdir}/bind10-devel".replace("${datarootdir}", DATAROOTDIR).replace("${prefix}", PREFIX) AUTH_SPECFILE_PATH = SPECFILE_PATH
# Constants for debug levels.
# These two default are currently hard-coded. For config this isn't # necessary, but we need these defaults for optional command arguments # (TODO: have similar support to get default values for command # arguments as we do for config options)
# Internal result codes of an xfr session
'''An exception raised for errors encountered in xfrin protocol handling. '''
'''TBD '''
"""This exception is raised if there is an error in the given configuration (part), or when a command does not have a required argument or has bad arguments, for instance when the zone's master address is not a valid IP address, when the zone does not have a name, or when multiple settings are given for the same zone."""
"""Checks if the given zone name is a valid domain name, and returns it as a Name object. Raises an XfrinException if it is not.""" # In the _zones dict, part of the key is the zone name, # but due to a limitation in the Name class, we # cannot directly use it as a dict key, and we use to_text() # # Downcase the name here for that reason. TooLongName, IncompleteName) as ne:
"""If the given argument is a string: checks if the given class is a valid one, and returns an RRClass object if so. Raises XfrinZoneInfoException if not. If it is None, this function returns the default RRClass.IN()"""
"""Helper function to format a zone name and class as a string of the form '<name>/<class>'. Parameters: zone_name (isc.dns.Name) name to format zone_class (isc.dns.RRClass) class to format """
"""Helper function to format the addrinfo as a string of the form <addr>:<port> (for IPv4) or [<addr>]:port (for IPv6). For unix domain sockets, and unknown address families, it returns a basic string conversion of the third element of the passed tuple. Parameters: addrinfo: a 3-tuple consisting of address family, socket type, and, depending on the family, either a 2-tuple with the address and port, or a filename """ else: "appear to be consisting of (family, socktype, (addr, port))")
'''Extract the serial field of SOA RDATA and return it as a Serial object.
We don't have to be very efficient here, so we first dump the entire RDATA as a string and convert the first corresponding field. This should be sufficient in practice, but may not always work when the MNAME or RNAME contains an (escaped) space character in their labels. Ideally there should be a more direct and convenient way to get access to the SOA fields. '''
''' The states of the incomding *XFR state machine.
We (will) handle both IXFR and AXFR with a single integrated state machine because they cannot be distinguished immediately - an AXFR response to an IXFR request can only be detected when the first two (2) response RRs have already been received.
The following diagram summarizes the state transition. After sending the query, xfrin starts the process with the InitialSOA state (all IXFR/AXFR response begins with an SOA). When it reaches IXFREnd or AXFREnd, the process successfully completes.
(AXFR or (recv SOA) AXFR-style IXFR) (SOA, add) InitialSOA------->FirstData------------->AXFR--------->AXFREnd | | | ^ (post xfr |(IXFR && | | | checks, then | recv SOA | +--+ commit) | not new) | (non SOA, add) V | IXFRUptodate | (non SOA, delete) (pure IXFR,| +-------+ keep handling)| (Delete SOA) V | + ->IXFRDeleteSOA------>IXFRDelete--+ ^ | (see SOA, not end, | (see SOA)| commit, keep handling) | | | V +---------IXFRAdd<----------+IXFRAddSOA (non SOA, add)| ^ | (Add SOA) ----------+ | |(see SOA w/ end serial, commit changes) V IXFREnd
Note that changes are committed for every "difference sequence" (i.e. changes for one SOA update). This means when an IXFR response contains multiple difference sequences and something goes wrong after several commits, these changes have been published and visible to clients even if the IXFR session is subsequently aborted. It is not clear if this is valid in terms of the protocol specification. Section 4 of RFC 1995 states:
An IXFR client, should only replace an older version with a newer version after all the differences have been successfully processed.
If this "replacement" is for the changes of one difference sequence and "all the differences" mean the changes for that sequence, this implementation strictly follows what RFC states. If this is for the entire IXFR response (that may contain multiple sequences), we should implement it with one big transaction and one final commit at the very end.
For now, we implement it with multiple smaller commits for two reasons. First, this is what BIND 9 does, and we generally port the implementation logic here. BIND 9 has been supporting IXFR for many years, so the fact that it still behaves this way probably means it at least doesn't cause a severe operational problem in practice. Second, especially because BIND 10 would often uses a database backend, a larger transaction could cause an undesirable effects, e.g. suspending normal lookups for a longer period depending on the characteristics of the database. Even if we find something wrong in a later sequeunce and abort the session, we can start another incremental update from what has been validated, or we can switch to AXFR to replace the zone completely.
This implementation uses the state design pattern, where each state is represented as a subclass of the base XfrinState class. Each concrete subclass of XfrinState is assumed to define two methods: handle_rr() and finish_message(). These methods handle specific part of XFR protocols and (if necessary) perform the state transition.
Conceptually, XfrinState and its subclasses are a "friend" of XfrinConnection and are assumed to be allowed to access its internal information (even though Python does not have a strict access control between different classes).
The XfrinState and its subclasses are designed to be stateless, and can be used as singleton objects. For now, however, we always instantiate a new object for every state transition, partly because the introduction of singleton will make a code bit complicated, and partly because the overhead of object instantiotion wouldn't be significant for xfrin.
''' '''Set the XfrConnection to a given new state.
As a "friend" class, this method intentionally gets access to the connection's "private" method.
'''
'''Handle one RR of an XFR response message.
Depending on the state, the RR is generally added or deleted in the corresponding data source, or in some special cases indicates a specifi transition, such as starting a new IXFR difference sequence or completing the session.
All subclass has their specific behaviors for this method, so there is no default definition. If the base class version is called, it's a bug of the caller, and it's notified via an XfrinException exception.
This method returns a boolean value: True if the given RR was fully handled and the caller should go to the next RR; False if the caller needs to call this method with the (possibly) new state for the same RR again.
''' "XfrinState.handle_rr() called directly")
'''Perform any final processing after handling all RRs of a response.
This method then returns a boolean indicating whether to continue receiving the message. Unless it's in the end of the entire XFR session, we should continue, so this default method simply returns True.
'''
+ rr.get_type().to_text() + ' received)')
conn._end_serial <= conn._request_serial: conn._request_serial, conn._end_serial) else:
'''Handle the first RR after initial SOA in an XFR session.
This state happens exactly once in an XFR session, where we decide whether it's incremental update ("real" IXFR) or non incremental update (AXFR or AXFR-style IXFR). If we initiated IXFR and the transfer begins with two SOAs (the serial of the second one being equal to our serial), it's incremental; otherwise it's non incremental.
This method always return False (unlike many other handle_rr() methods) because this first RR must be examined again in the determined update context.
Note that in the non incremental case the RR should normally be something other SOA, but it's still possible it's an SOA with a different serial than ours. The only possible interpretation at this point is that it's non incremental update that only consists of the SOA RR. It will result in broken zone (for example, it wouldn't even contain an apex NS) and should be rejected at post XFR processing, but in terms of the XFR session processing we accept it and move forward.
Note further that, in the half-broken SOA-only transfer case, these two SOAs are supposed to be the same as stated in Section 2.2 of RFC 5936. We don't check that condition here, either; we'll leave whether and how to deal with that situation to the end of the processing of non incremental update. See also a related discussion at the IETF dnsext wg: http://www.ietf.org/mail-archive/web/dnsext/current/msg07908.html
''' rr.get_type() == RRType.SOA() and \ conn._request_serial == get_soa_serial(rr.get_rdata()[0]): conn.zone_str()) else: conn.zone_str()) # We are now going to add RRs to the new zone. We need create # a Diff object. It will be used throughtout the XFR session.
# this shouldn't happen; should this occur it means an internal # bug. ' RR is given in IXFRDeleteSOA state') # This is the beginning state of one difference sequence (changes # for one SOA update). We need to create a new Diff object now. # Note also that we (unconditionally) enable journaling here. The # Diff constructor may internally disable it, however, if the # underlying data source doesn't support journaling.
# This is the only place where current_serial is set
# this shouldn't happen; should this occur it means an internal # bug. ' RR is given in IXFRAddSOA state')
# This SOA marks the end of a difference sequence 'serial ' + str(conn._current_serial) + ', got ' + str(soa_serial)) else:
rr.to_text())
'''Final processing after processing an entire IXFR session.
There will be more actions here, but for now we simply return False, indicating there will be no more message to receive.
'''
rr.to_text())
""" Handle the RR by putting it into the zone. """ # SOA means end. Don't commit it yet - we need to perform # post-transfer checks
conn._end_serial, soa_serial)
# Yes, we've eaten this RR.
rr.to_text())
""" Final processing after processing an entire AXFR session.
In this process all the AXFR changes are committed to the data source.
There might be more actions here, but for now we simply return False, indicating there will be no more message to receive.
"""
""" This class keeps a record of transfer data for logging purposes. It records number of messages, rrs, and bytes transfered, as well as the start and end time. The start time is set upon instantiation of this class. The end time is set the first time finalize(), get_running_time(), or get_bytes_per_second() is called. The end time is set only once; subsequent calls to any of these methods does not modify it further. All _count instance variables can be directly set as needed by the class collecting these results. """
"""Sets the end time to time.time() if not done already."""
"""Calls finalize(), then returns the difference between creation and finalization time"""
"""Returns the number of bytes per second, based on the result of get_running_time() and the value of bytes_count.""" else: # This should never happen, but if some clock is so # off or reset in the meantime, we do need to return # *something* (and not raise an error) else:
'''Do xfrin in this class. '''
sock_map, zone_name, rrclass, datasrc_client, shutdown_event, master_addrinfo, db_file, tsig_key=None, idle_timeout=60): '''Constructor of the XfirnConnection class.
db_file: SQLite3 DB file. Unforutnately we still need this for temporary workaround in _get_zone_soa(). This should be removed when we eliminate the need for the workaround. idle_timeout: max idle time for read data from socket. datasrc_client: the data source client object used for the XFR session. This will eventually replace db_file completely.
'''
# The XFR state. Conceptually this is purely private, so we emphasize # the fact by the double underscore. Other classes are assumed to # get access to this via get_xfrstate(), and only XfrinState classes # are assumed to be allowed to modify it via __set_xfrstate().
# Requested transfer type (RRType.AXFR or RRType.IXFR). The actual # transfer type may differ due to IXFR->AXFR fallback:
# Zone parameters
# Data source handler
# tsig_ctx_creator is introduced to allow tests to use a mock class for # easier tests (in normal case we always use the default)
# keep a record of this specific transfer to log on success # (time, rr/s, etc)
'''Initialize the underlyig socket.
This is essentially a part of __init__() and is expected to be called immediately after the constructor. It's separated from the constructor because otherwise we might not be able to close it if the constructor raises an exception after opening the socket. '''
'''Retrieve the current SOA RR of the zone to be transferred.
It will be used for various purposes in subsequent xfr protocol processing. It is validly possible that the zone is currently empty and therefore doesn't have an SOA, so this method doesn't consider it an error and returns None in such a case. It may or may not result in failure in the actual processing depending on how the SOA is used.
When the zone has an SOA RR, this method makes sure that it's valid, i.e., it has exactly one RDATA; if it is not the case this method returns None.
If the underlying data source doesn't even know the zone, this method tries to provide backward compatible behavior where xfrin is responsible for creating zone in the corresponding DB table. For a longer term we should deprecate this behavior by introducing more generic zone management framework, but at the moment we try to not surprise existing users. (Note also that the part of providing the compatible behavior uses the old data source API. We'll deprecate this API in a near future, too).
''' # get the zone finder. this must be SUCCESS (not even # PARTIALMATCH) because we are specifying the zone origin name. # The data source doesn't know the zone. For now, we provide # backward compatibility and creates a new one ourselves. self._zone_name.to_text(), lambda : []) # try again soa_rrset.get_rdata_count())
"""Returns the transfer stats object, used to measure transfer time, and number of messages/records/bytes transfered."""
'''A convenience function for logging to include zone name and class'''
'''Connect to master in TCP.'''
try: self.connect(self._master_addrinfo[2]) return True except socket.error as e: logger.error(XFRIN_CONNECT_MASTER, self._master_addrinfo[2], str(e)) return False
'''Create an XFR-related query message.
query_type is either SOA, AXFR or IXFR. An IXFR query needs the zone's current SOA record. If it's not known, it raises an XfrinException exception. Note that this may not necessarily a broken configuration; for the first attempt of transfer the secondary may not have any boot-strap zone information, in which case IXFR simply won't work. The xfrin should then fall back to AXFR. _request_serial is recorded for later use.
'''
# Remember our serial, if known if self._zone_soa is not None else None
# Set the authority section with our SOA for IXFR # (incremental) IXFR doesn't work without known SOA 'SOA for ' + self.zone_str())
'''Send query message over TCP. '''
# XXX Currently, python wrapper doesn't accept 'None' parameter in this case, # we should remove the if statement and use a universal interface later. else:
''' This method is a trivial wrapper for asyncore.loop(). It's extracted from _get_request_response so that we can test the rest of the code without involving actual communication with a remote server.''' asyncore.loop(self._idle_timeout, map=self._sock_map, count=1)
str(tsig_error)) # If the response includes a TSIG while we didn't sign the query, # we treat it as an error. RFC doesn't say anything about this # case, but it clearly states the server must not sign a response # to an unsigned request. Although we could be flexible, no sane # implementation would return such a response, and since this is # part of security mechanism, it's probably better to be more # strict.
'''Parse a response to SOA query and extract the SOA from answer.
This is a subroutine of _check_soa_serial(). This method also validates message, and rejects bogus responses with XfrinProtocolError.
If everything is okay, it returns the SOA RR from the answer section of the response.
''' # Check TSIG integrity and validate the header. Unlike AXFR/IXFR, # we should be more strict for SOA queries and check the AA flag, too.
# Validate the question section '(' + str(n_question) + ' questions, 1 ' + 'expected)') resp_question.get_class() != self._rrclass or \ resp_question.get_type() != RRType.SOA(): 'question mismatch: ' + str(resp_question))
# Look into the answer section for SOA # There should not be a CNAME record at top of zone.
# If SOA is not found, try to figure out the reason then report it. # See if we have any SOA records in the authority section. 'SOA query')
# Check if the SOA is really what we asked for soa.get_class() != self._rrclass: str(soa))
# All okay, return it
'''Send SOA query and compare the local and remote serials.
If we know our local serial and the remote serial isn't newer than ours, we abort the session with XfrinZoneUptodate. On success it returns XFRIN_OK for testing. The caller won't use it.
'''
# Validate/parse the rest of the response, and extract the SOA # from the answer section
# Compare the two serials. If ours is 'new', abort with ZoneUptodate. self._request_serial >= primary_serial: self.zone_str(), format_addrinfo(self._master_addrinfo), self._request_serial)
'''Do an xfr session by sending xfr request and parsing responses.'''
# Right now RRType.[IA]XFR().to_text() is 'TYPExxx', so we need # to hardcode here.
# Depending what data was found, we log different status reports # (In case of an AXFR-style IXFR, print the 'AXFR' message) self.zone_str(), self._transfer_stats.message_count, self._transfer_stats.ixfr_changeset_count, self._transfer_stats.ixfr_deletion_count, self._transfer_stats.ixfr_addition_count, self._transfer_stats.byte_count, "%.3f" % self._transfer_stats.get_running_time(), "%.f" % self._transfer_stats.get_bytes_per_second() ) else: req_str, self.zone_str(), self._transfer_stats.message_count, self._transfer_stats.axfr_rr_count, self._transfer_stats.byte_count, "%.3f" % self._transfer_stats.get_running_time(), "%.f" % self._transfer_stats.get_bytes_per_second() )
# Eventually we'll probably have to treat this case as a trigger # of trying another primary server, etc, but for now we treat it # as "success". self.zone_str(), format_addrinfo(self._master_addrinfo), str(e)) self.zone_str(), format_addrinfo(self._master_addrinfo), str(e)) # Catching all possible exceptions like this is generally not a # good practice, but handling an xfr session could result in # so many types of exceptions, including ones from the DNS library # or from the data source library. Eventually we'd introduce a # hierarchy for exception classes from a base "ISC exception" and # catch it here, but until then we need broadest coverage so that # we won't miss anything.
self.zone_str(), str(e)) finally: # Make sure any remaining transaction in the diff is closed # (if not yet - possible in case of xfr-level exception) as soon # as possible
'''Perform minimal validation on responses'''
# It's not clear how strict we should be about response validation. # BIND 9 ignores some cases where it would normally be considered a # bogus response. For example, it accepts a response even if its # opcode doesn't match that of the corresponding request. # According to an original developer of BIND 9 some of the missing # checks are deliberate to be kind to old implementations that would # cause interoperability trouble with stricter checks.
msg_rcode.to_text())
'''Check validation of xfr response. '''
# TSIG related checks, including an unexpected signed response
# Perform response status validation
'''Read query's response from socket. '''
'''Ignore the writable socket. '''
return False
shutdown_event, master_addrinfo, check_soa, tsig_key, request_type, conn_class): # Create a data source client used in this XFR session. Right now we # still assume an sqlite3-based data source, and use both the old and new # data source APIs. We also need to use a mock client for tests. # For a temporary workaround to deal with these situations, we skip the # creation when the given file is none (the test case). Eventually # this code will be much cleaner. # temporary hardcoded sqlite initialization. Once we decide on # the config specification, we need to update this (TODO) # this may depend on #1207, or any followup ticket created for #1207 datasrc_type = "sqlite3" datasrc_config = "{ \"database_file\": \"" + db_file + "\"}" datasrc_client = DataSourceClient(datasrc_type, datasrc_config)
# Create a TCP connection for the XFR session and perform the operation. # In case we were asked to do IXFR and that one fails, we try again with # AXFR. But only if we could actually connect to the server. # # So we start with retry as True, which is set to false on each attempt. # In the case of connected but failed IXFR, we set it to true once again. shutdown_event, master_addrinfo, db_file, tsig_key) # IXFR failed for some reason. It might mean the server can't # handle it, or we don't have the zone or we are out of sync or # whatever else. So we retry with with AXFR, as it may succeed # in many such cases.
# If exception happens, just remember it here so that we can re-raise # after cleaning up things. We don't log it here because we want # eliminate smallest possibility of having an exception in logging # itself.
# asyncore.dispatcher requires explicit close() unless its lifetime # from born to destruction is closed within asyncore.loop, which is not # the case for us. We always close() here, whether or not do_xfrin # succeeds, and even when we see an unexpected exception.
# Publish the zone transfer result news, so zonemgr can reset the # zone timer, and xfrout can notify the zone's slaves if the result # is success.
raise exception
shutdown_event, master_addrinfo, check_soa, tsig_key, request_type, conn_class=XfrinConnection): # Even if it should be rare, the main process of xfrin session can # raise an exception. In order to make sure the lock in xfrin_recorder # is released in any cases, we delegate the main part to the helper # function in the try block, catch any exceptions, then release the lock. shutdown_event, master_addrinfo, check_soa, tsig_key, request_type, conn_class) # don't log it until we complete decrement().
str(rrclass), str(exception))
"""Creates a zone_info with the config data element as specified by the 'zones' list in xfrin.spec. Module_cc is needed to get the defaults from the specification"""
"""Set the name for this zone given a name string. Raises XfrinZoneInfoException if name_str is None or if it cannot be parsed.""" "element does not contain " "'name' attribute") else:
"""Set the master address for this zone given an IP address string. Raises XfrinZoneInfoException if master_addr_str is None or if it cannot be parsed.""" raise XfrinZoneInfoException("master address missing from config data") else:
"""Set the master port given a port number string. If master_port_str is None, the default from the specification for this module will be used. Raises XfrinZoneInfoException if the string contains an invalid port number""" else:
"""Set the zone class given an RR class str (e.g. "IN"). If zone_class_str is None, it will default to what is specified in the specification file for this module. Raises XfrinZoneInfoException if the string cannot be parsed.""" # TODO: remove _str #TODO rrclass->zone_class else:
"""Set the tsig_key for this zone, given a TSIG key string representation. If tsig_key_str is None, no TSIG key will be set. Raises XfrinZoneInfoException if tsig_key_str cannot be parsed.""" else:
"""Set use_ixfr. If set to True, it will use IXFR for incoming transfers. If set to False, it will use AXFR. At this moment there is no automatic fallback""" # TODO: http://bind10.isc.org/ticket/1279 self._module_cc.get_default_value("zones/use_ixfr") else:
(str(self.master_addr), self.master_port))
# This is a set of (zone/class) tuples (both as strings), # representing the in-memory zones maintaned by Xfrin. It # is used to trigger Auth/in-memory so that it reloads # zones when they have been transfered in
'''This method is used only as part of initialization, but is implemented separately for convenience of unit tests; by letting the test code override this method we can test most of this class without requiring a command channel.''' # Create one session for sending command to other modules, because the # listening session will block the send operation. self._send_cc_session = isc.cc.Session() self._module_cc = isc.config.ModuleCCSession(SPECFILE_LOCATION, self.config_handler, self.command_handler) self._module_cc.start() config_data = self._module_cc.get_full_config() self.config_handler(config_data) self._module_cc.add_remote_config(AUTH_SPECFILE_LOCATION, self._auth_config_handler)
'''This is a straightforward wrapper for cc.check_command, but provided as a separate method for the convenience of unit tests.''' self._module_cc.check_command(False)
"""Returns the ZoneInfo object containing the configured data for the given zone name. If the zone name did not have any data, returns None"""
"""Add the zone info. Raises a XfrinZoneInfoException if a zone with the same name and class is already configured""" " configured multiple times")
# backup all config data (should there be a problem in the new # data)
# Config handler for changes in Auth configuration self._set_db_file() self._set_memory_zones(new_config, config_data)
"""Clears the memory_zones set; called before processing the changed list of memory datasource zones that have file type sqlite3""" self._memory_zones.clear()
"""Returns true if the given zone/class combination is configured in the in-memory datasource of the Auth process with file type 'sqlite3'. Note: this method is not thread-safe. We are considering changing the threaded model here, but if we do not, take care in accessing and updating the memory zone set (or add locks) """ # Normalize them first, if either conversion fails, return false # (they won't be in the set anyway) except Exception: return False
"""Part of the _auth_config_handler function, keeps an internal set of zones in the datasources config subset that have 'sqlite3' as their file type. Note: this method is not thread-safe. We are considering changing the threaded model here, but if we do not, take care in accessing and updating the memory zone set (or add locks) """ # walk through the data and collect the memory zones # If this causes any exception, assume we were passed bad data # and keep the original set else: # Get the default "datasources/class")) zone["filetype"] == "sqlite3": ds_class.to_text())) # Ok, we can use the data, update our list # Something is wrong with the data. If this data even reached us, # we cannot do more than assume the real module has logged and # reported an error. Keep the old set.
''' shutdown the xfrin process. the thread which is doing xfrin should be terminated. ''' th.join()
# Xfrin receives the refresh/notify command from zone manager. # notify command maybe has the parameters which # specify the notifyfrom address and port, according the RFC1996, zone # transfer should starts first from the notifyfrom, but now, let 'TODO' it. # (using the value now, while we can only set one master address, would be # a security hole. Once we add the ability to have multiple master addresses, # we should check if it matches one of them, and then use it.) rrclass) # TODO what to do? no info known about zone. defaults? else: request_type = RRType.IXFR() notify_addr[2] == master_addr[2]: rrclass, self._get_db_file(), master_addr, zone_info.tsig_key, request_type, True) else: + "from unknown address: " + notify_addr_str; notify_addr_str, master_addr_str)
# Xfrin receives the retransfer/refresh from cmdctl(sent by bindctl). # If the command has specified master address, do transfer from the # master address, or else do transfer from the configured masters. rrclass) rrclass, db_file, master_addr, tsig_key, request_type, (False if command == 'retransfer' else True))
else:
""" Return tuple (family, socktype, sockaddr) for address and port in given args dict. IPv4 and IPv6 are the only supported addresses now, so sockaddr will be (address, port). The socktype is socket.SOCK_STREAM for now. """ # check if we have configured info about this zone, in case # port or master are not specified
else: "configured for " + zone_name.to_text()) else: (addr_str, str(err)))
else: else: (port_str, str(err)))
return self._db_file
db_file, is_default =\ self._module_cc.get_remote_config_value("Auth", "database_file") if is_default and "B10_FROM_BUILD" in os.environ: # override the local database setting if it is default and we # are running from the source tree # This should be hidden inside the data source library and/or # done as a configuration, and this special case should be gone). db_file = os.environ["B10_FROM_BUILD"] + os.sep +\ "bind10_zones.sqlite3" self._db_file = db_file
'''Send command to xfrout/zone manager module. If xfrin has finished successfully for one zone, tell the good news(command: zone_new_data_ready) to zone manager and xfrout. if xfrin failed, just tell the bad news to zone manager, so that it can reset the refresh timer for that zone. ''' 'zone_class': zone_class.to_text()} msg = create_command(notify_out.ZONE_NEW_DATA_READY_CMD, param) # catch the exception, in case msgq has been killed. try: seq = self._send_cc_session.group_sendmsg(msg, XFROUT_MODULE_NAME) try: answer, env = self._send_cc_session.group_recvmsg(False, seq) except isc.cc.session.SessionTimeout: pass # for now we just ignore the failure seq = self._send_cc_session.group_sendmsg(msg, ZONE_MANAGER_MODULE_NAME) try: answer, env = self._send_cc_session.group_recvmsg(False, seq) except isc.cc.session.SessionTimeout: pass # for now we just ignore the failure except socket.error as err: logger.error(XFRIN_MSGQ_SEND_ERROR, XFROUT_MODULE_NAME, ZONE_MANAGER_MODULE_NAME) else: # catch the exception, in case msgq has been killed. try: answer, env = self._send_cc_session.group_recvmsg(False, seq) except isc.cc.session.SessionTimeout: pass # for now we just ignore the failure logger.error(XFRIN_MSGQ_SEND_ERROR_ZONE_MANAGER, ZONE_MANAGER_MODULE_NAME)
tsig_key, request_type, check_soa=True):
# check max_transfer_in, else return quota error
args = (self, self.recorder, zone_name, rrclass, db_file, self._shutdown_event, master_addrinfo, check_soa, tsig_key, request_type))
if xfrind: xfrind.shutdown() sys.exit(0)
signal.signal(signal.SIGTERM, signal_handler) signal.signal(signal.SIGINT, signal_handler)
help="This option is obsolete and has no effect.")
"""The main loop of the Xfrin daemon.
@param xfrin_class: A class of the Xfrin object. This is normally Xfrin, but can be a subclass of it for customization. @param use_signal: True if this process should catch signals. This is normally True, but may be disabled when this function is called in a testing context.""" global xfrind
set_signal_handler()
main(Xfrin) |