kea/src/bin/ddns/ddns.py.in

#!@PYTHON@

# Copyright (C) 2011  Internet Systems Consortium.
#
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SYSTEMS CONSORTIUM
# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
# INTERNET SYSTEMS CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.


import sys; sys.path.append ('@@PYTHONPATH@@')
import isc
import bind10_config
from isc.dns import *
import isc.ddns.session
from isc.ddns.zone_config import ZoneConfig
from isc.config.ccsession import *
from isc.cc import SessionError, SessionTimeout
import isc.util.process
import isc.util.cio.socketsession
import isc.server_common.tsig_keyring
from isc.datasrc import DataSourceClient
import select
import errno

from isc.log_messages.ddns_messages import *

from optparse import OptionParser, OptionValueError
import os
import os.path
import signal
import socket

isc.log.init("b10-ddns")
logger = isc.log.Logger("ddns")
TRACE_BASIC = logger.DBGLVL_TRACE_BASIC

# Well known path settings.  We need to define
# SPECFILE_LOCATION: ddns configuration spec file
# SOCKET_FILE: Unix domain socket file to communicate with b10-auth
# AUTH_SPECFILE_LOCATION: b10-auth configuration spec file (tentatively
#  necessarily for sqlite3-only-and-older-datasrc-API stuff).  This should be
#  gone once we migrate to the new API and start using generalized config.
#
# If B10_FROM_SOURCE is set in the environment, we use data files
# from a directory relative to that, otherwise we use the ones
# installed on the system
if "B10_FROM_SOURCE" in os.environ:
    SPECFILE_PATH = os.environ["B10_FROM_SOURCE"] + "/src/bin/ddns"
else:
    PREFIX = "@prefix@"
    DATAROOTDIR = "@datarootdir@"
    SPECFILE_PATH = "@datadir@/@PACKAGE@".replace("${datarootdir}", DATAROOTDIR)
    SPECFILE_PATH = SPECFILE_PATH.replace("${prefix}", PREFIX)

if "B10_FROM_BUILD" in os.environ:
    AUTH_SPECFILE_PATH = os.environ["B10_FROM_BUILD"] + "/src/bin/auth"
    if "B10_FROM_SOURCE_LOCALSTATEDIR" in os.environ:
        SOCKET_FILE_PATH = os.environ["B10_FROM_SOURCE_LOCALSTATEDIR"]
    else:
        SOCKET_FILE_PATH = os.environ["B10_FROM_BUILD"]
else:
    SOCKET_FILE_PATH = bind10_config.DATA_PATH
    AUTH_SPECFILE_PATH = SPECFILE_PATH

SPECFILE_LOCATION = SPECFILE_PATH + "/ddns.spec"
SOCKET_FILE = SOCKET_FILE_PATH + '/ddns_socket'
AUTH_SPECFILE_LOCATION = AUTH_SPECFILE_PATH + '/auth.spec'

isc.util.process.rename()

class DDNSConfigError(Exception):
    '''An exception indicating an error in updating ddns configuration.

    This exception is raised when the ddns process encounters an error in
    handling configuration updates.  Not all syntax error can be caught
    at the module-CC layer, so ddns needs to (explicitly or implicitly)
    validate the given configuration data itself.  When it finds an error
    it raises this exception (either directly or by converting an exception
    from other modules) as a unified error in configuration.
    '''
    pass

class DDNSSessionError(Exception):
    '''An exception raised for some unexpected events during a ddns session.
    '''
    pass

class DDNSSession:
    '''Class to handle one DDNS update'''

    def __init__(self):
        '''Initialize a DDNS Session'''
        pass

def clear_socket():
    '''
    Removes the socket file, if it exists.
    '''
    if os.path.exists(SOCKET_FILE):
        os.remove(SOCKET_FILE)

def get_datasrc_client(cc_session):
    '''Return data source client for update requests.

    This is supposed to have a very short lifetime and should soon be replaced
    with generic data source configuration framework.  Based on that
    observation we simply hardcode everything except the SQLite3 database file,
    which will be retrieved from the auth server configuration (this behavior
    will also be deprecated).  When something goes wrong with it this function
    still returns a dummy client so that the caller doesn't have to bother
    to handle the error (which would also have to be replaced anyway).
    The caller will subsequently call its find_zone method via an update
    session object, which will result in an exception, and then result in
    a SERVFAIL response.

    Once we are ready for introducing the general framework, the whole
    function will simply be removed.

    '''
    try:
        HARDCODED_DATASRC_CLASS = RRClass.IN()
        file, is_default = cc_session.get_remote_config_value("Auth",
                                                              "database_file")
        # See xfrout.py:get_db_file() for this trick:
        if is_default and "B10_FROM_BUILD" in os.environ:
            file = os.environ["B10_FROM_BUILD"] + "/bind10_zones.sqlite3"

        datasrc_config = '{ "database_file": "' + file + '"}'
        return HARDCODED_DATASRC_CLASS, DataSourceClient('sqlite3',
                                                         datasrc_config)
    except isc.datasrc.Error as ex:
        class DummyDataSourceClient:
            def __init__(self, ex):
                self.__ex = ex
            def find_zone(self, zone_name):
                raise isc.datasrc.Error(self.__ex)
        return HARDCODED_DATASRC_CLASS, DummyDataSourceClient(ex)

class DDNSServer:
    def __init__(self, cc_session=None):
        '''
        Initialize the DDNS Server.
        This sets up a ModuleCCSession for the BIND 10 system.
        Parameters:
        cc_session: If None (default), a new ModuleCCSession will be set up.
                    If specified, the given session will be used. This is
                    mainly used for testing.
        '''
        if cc_session is not None:
            self._cc = cc_session
        else:
            self._cc = isc.config.ModuleCCSession(SPECFILE_LOCATION,
                                                  self.config_handler,
                                                  self.command_handler)

        self._config_data = self._cc.get_full_config()
        self._cc.start()

        self._cc.add_remote_config(AUTH_SPECFILE_LOCATION)
        isc.server_common.tsig_keyring.init_keyring(self._cc)

        self._shutdown = False
        # List of the session receivers where we get the requests
        self._socksession_receivers = {}
        clear_socket()
        self._listen_socket = socket.socket(socket.AF_UNIX, socket.SOCK_STREAM)
        self._listen_socket.bind(SOCKET_FILE)
        self._listen_socket.listen(16)

        # Create reusable resources
        self.__request_msg = Message(Message.PARSE)
        self.__response_renderer = MessageRenderer()

        # The following attribute(s) are essentially private and constant,
        # but defined as "protected" so that test code can customize them.
        # They should not be overridden for any other purposes.
        #
        # DDNS Protocol handling class.
        self._UpdateSessionClass = isc.ddns.session.UpdateSession

    class SessionError(Exception):
        '''Exception for internal errors in an update session.

        This exception is expected to be caught within the server class,
        only used for controling the code flow.

        '''
        pass

    def config_handler(self, new_config):
        '''Update config data.'''
        # TODO: Handle exceptions and turn them to an error response
        # (once we have any configuration)
        answer = create_answer(0)
        return answer

    def command_handler(self, cmd, args):
        '''
        Handle a CC session command, as sent from bindctl or other
        BIND 10 modules.
        '''
        # TODO: Handle exceptions and turn them to an error response
        if cmd == "shutdown":
            logger.info(DDNS_RECEIVED_SHUTDOWN_COMMAND)
            self.trigger_shutdown()
            answer = create_answer(0)
        else:
            answer = create_answer(1, "Unknown command: " + str(cmd))
        return answer

    def trigger_shutdown(self):
        '''Initiate a shutdown sequence.

        This method is expected to be called in various ways including
        in the middle of a signal handler, and is designed to be as simple
        as possible to minimize side effects.  Actual shutdown will take
        place in a normal control flow.

        '''
        logger.info(DDNS_SHUTDOWN)
        self._shutdown = True

    def shutdown_cleanup(self):
        '''
        Perform any cleanup that is necessary when shutting down the server.
        Do NOT call this to initialize shutdown, use trigger_shutdown().

        Currently, it only causes the ModuleCCSession to send a message that
        this module is stopping.
        '''
        self._cc.send_stopping()

    def accept(self):
        """
        Accept another connection and create the session receiver.
        """
        try:
            sock = self._listen_socket.accept()
            fileno = sock.fileno()
            logger.debug(TRACE_BASIC, DDNS_NEW_CONN, fileno,
                         sock.getpeername())
            receiver = isc.util.cio.socketsession.SocketSessionReceiver(sock)
            self._socksession_receivers[fileno] = (sock, receiver)
        except (socket.error, isc.util.cio.socketsession.SocketSessionError) \
            as e:
            # These exceptions mean the connection didn't work, but we can
            # continue with the rest
            logger.error(DDNS_ACCEPT_FAILURE, e)

    def __check_request_tsig(self, msg, req_data):
        '''TSIG checker for update requests.

        This is a helper method for handle_request() below.  It examines
        the given update request message to see if it contains a TSIG RR,
        and verifies the signature if it does.  It returs the TSIG context
        used for the verification, or None if the request doesn't contain
        a TSIG.  If the verification fails it simply raises an exception
        as handle_request() assumes it should succeed.

        '''
        tsig_record = msg.get_tsig_record()
        if tsig_record is None:
            return None
        tsig_ctx = TSIGContext(tsig_record.get_name(),
                               tsig_record.get_rdata().get_algorithm(),
                               isc.server_common.tsig_keyring.get_keyring())
        tsig_error = tsig_ctx.verify(tsig_record, req_data)
        if tsig_error != TSIGError.NOERROR:
            raise SessionError("Failed to verify request's TSIG: " +
                               str(tsig_error))
        return tsig_ctx

    def handle_request(self, req_session):
        """
        This is the place where the actual DDNS processing is done. Other
        methods are either subroutines of this method or methods doing the
        uninteresting "accounting" stuff, like accepting socket,
        initialization, etc.

        It is called with the request being session as received from
        SocketSessionReceiver, i.e. tuple
        (socket, local_address, remote_address, data).

        """
        # give tuple elements intuitive names
        (sock, local_addr, remote_addr, req_data) = req_session

        # The session sender (b10-auth) should have made sure that this is
        # a validly formed DNS message of OPCODE being UPDATE, and if it's
        # TSIG signed, its key is known to the system and the signature is
        # valid.  Messages that don't meet these should have been resopnded
        # or dropped by the sender, so if such error is detected we treat it
        # as an internal error and don't bother to respond.
        try:
            self.__request_msg.clear(Message.PARSE)
            self.__request_msg.from_wire(req_data)
            if self.__request_msg.get_opcode() != Opcode.UPDATE():
                raise SessionError('Update request has unexpected opcode: ' +
                                   str(self.__request_msg.get_opcode()))
            tsig_ctx = self.__check_request_tsig(self.__request_msg, req_data)
        except Exception as ex:
            logger.error(DDNS_REQUEST_PARSE_FAIL, ex)
            return False

        # TODO: Don't propagate most of the exceptions (like datasrc errors),
        # just drop the packet.

        # Let an update session object handle the request.  Note: things around
        # ZoneConfig will soon be substantially revised.  For now we don't
        # bother to generalize it.
        datasrc_class, datasrc_client = get_datasrc_client(self._cc)
        zone_cfg = ZoneConfig([], datasrc_class, datasrc_client, {})
        update_session = self._UpdateSessionClass(self.__request_msg,
                                                  remote_addr, zone_cfg)
        result, zname, zclass = update_session.handle()

        # If the request should be dropped, we're done; otherwise, send the
        # response generated by the session object.
        if result == isc.ddns.session.UPDATE_DROP:
            return False
        msg = update_session.get_message()
        self.__response_renderer.clear()
        if tsig_ctx is not None:
            msg.to_wire(self.__response_renderer, tsig_ctx)
        else:
            msg.to_wire(self.__response_renderer)
        sock.sendto(self.__response_renderer.get_data(), remote_addr)

        return True

    def handle_session(self, fileno):
        """
        Handle incoming session on the socket with given fileno.
        """
        logger.debug(TRACE_BASIC, DDNS_SESSION, fileno)
        (socket, receiver) = self._socksession_receivers[fileno]
        try:
            self.handle_request(receiver.pop())
        except isc.util.cio.socketsession.SocketSessionError as se:
            # No matter why this failed, the connection is in unknown, possibly
            # broken state. So, we close the socket and remove the receiver.
            del self._socksession_receivers[fileno]
            socket.close()
            logger.warn(DDNS_DROP_CONN, fileno, se)

    def run(self):
        '''
        Get and process all commands sent from cfgmgr or other modules.
        This loops waiting for events until self.shutdown() has been called.
        '''
        logger.info(DDNS_RUNNING)
        cc_fileno = self._cc.get_socket().fileno()
        listen_fileno = self._listen_socket.fileno()
        while not self._shutdown:
            # In this event loop, we propagate most of exceptions, which will
            # subsequently kill the process. We expect the handling functions
            # to catch their own exceptions which they can recover from
            # (malformed packets, lost connections, etc). The rationale behind
            # this is they know best which exceptions are recoverable there
            # and an exception may be recoverable somewhere, but not elsewhere.

            try:
                (reads, writes, exceptions) = \
                    select.select([cc_fileno, listen_fileno] +
                                  list(self._socksession_receivers.keys()), [],
                                  [])
            except select.error as se:
                # In case it is just interrupted, we continue like nothing
                # happened
                if se.args[0] == errno.EINTR:
                    (reads, writes, exceptions) = ([], [], [])
                else:
                    raise
            for fileno in reads:
                if fileno == cc_fileno:
                    self._cc.check_command(True)
                elif fileno == listen_fileno:
                    self.accept()
                else:
                    self.handle_session(fileno)
        self.shutdown_cleanup()
        logger.info(DDNS_STOPPED)

def create_signal_handler(ddns_server):
    '''
    This creates a signal_handler for use in set_signal_handler, which
    shuts down the given DDNSServer (or any object that has a shutdown()
    method)
    '''
    def signal_handler(signal, frame):
        '''
        Handler for process signals. Since only signals to shut down are sent
        here, the actual signal is not checked and the server is simply shut
        down.
        '''
        ddns_server.trigger_shutdown()
    return signal_handler

def set_signal_handler(signal_handler):
    '''
    Sets the signal handler(s).
    '''
    signal.signal(signal.SIGTERM, signal_handler)
    signal.signal(signal.SIGINT, signal_handler)

def set_cmd_options(parser):
    '''
    Helper function to set command-line options
    '''
    parser.add_option("-v", "--verbose", dest="verbose", action="store_true",
            help="display more about what is going on")

def main(ddns_server=None):
    '''
    The main function.
    Parameters:
    ddns_server: If None (default), a DDNSServer object is initialized.
                 If specified, the given DDNSServer will be used. This is
                 mainly used for testing.
    cc_session: If None (default), a new ModuleCCSession will be set up.
                If specified, the given session will be used. This is
                mainly used for testing.
    '''
    try:
        parser = OptionParser()
        set_cmd_options(parser)
        (options, args) = parser.parse_args()
        if options.verbose:
            print("[b10-ddns] Warning: -v verbose option is ignored at this point.")

        if ddns_server is None:
            ddns_server = DDNSServer()
        set_signal_handler(create_signal_handler(ddns_server))
        ddns_server.run()
    except KeyboardInterrupt:
        logger.info(DDNS_STOPPED_BY_KEYBOARD)
    except SessionError as e:
        logger.error(DDNS_CC_SESSION_ERROR, str(e))
    except ModuleCCSessionError as e:
        logger.error(DDNS_MODULECC_SESSION_ERROR, str(e))
    except DDNSConfigError as e:
        logger.error(DDNS_CONFIG_ERROR, str(e))
    except SessionTimeout as e:
        logger.error(DDNS_CC_SESSION_TIMEOUT_ERROR)
    except Exception as e:
        logger.error(DDNS_UNCAUGHT_EXCEPTION, type(e).__name__, str(e))
    clear_socket()

if '__main__' == __name__:
    main()