/** DNS query on a specific SRV record service. */
static int kdldap_ad_DNS_get_service(kdldap_servers *self,
apr_pool_t *pool,
const char *ldap_service,
kdldap_servers_list **srv_lst) {
apr_pool_t *lst_pool;
adns_answer *answer = NULL;
int i, err = -1;
DEBUG(_log_ldap_, "Querying DNS for %s.", ldap_service);
apr_pool_create(&lst_pool, pool);
*srv_lst = kdldap_servers_list_new(lst_pool);
/* adns_qf_quoteok_query is needed since the query might include
caracters that are thought to be invalid for DNS query by ADNS. */
err = adns_synchronous(self->adns_state, ldap_service,
adns_r_srv_raw, adns_qf_quoteok_query, &answer);
if (err < 0)
KERROR_SET(_ldap_, 0, "request for SRV record %s failed", ldap_service);
else {
if (answer->status == adns_s_ok) {
for (i = 0 ; i < answer->nrrs ; i++) {
char *host;
int port;
host = answer->rrs.srvraw[i].host;
port = answer->rrs.srvraw[i].port;
DEBUG(_log_ldap_, "DNS query found: %s:%d.", host, port);
kdldap_servers_list_add(*srv_lst, host, port);
}
if (answer->nrrs == 0)
DEBUG(_log_ldap_, "DNS query found nothing.");
err = 0;
}
free(answer);
}
if (err) {
apr_pool_destroy(lst_pool);
*srv_lst = NULL;
}
return err < 0 ? -1 : 0;
}
void Modnsctx::modns_lookup(const char *owner,struct timeval *res){
adns_answer *answer = NULL;
struct timeval tvp,tv;
if(gettimeofday(&tv,NULL)){
throw ModnsException();
}
if(adns_synchronous(adns,owner,adns_r_a,adns_qf_none,&answer)){
throw ModnsLookupException();
}
if(gettimeofday(&tvp,NULL)){
throw ModnsException();
}
if(answer->status > adns_s_max_localfail){
throw ModnsLookupException();
}else if(answer->status){
throw ModnsException();
}
timeval_subtract(res,&tvp,&tv);
}
/* This function resolves the srv name specified and copies the addresses and
* ports found to 'addr_array' and 'port_array'. Up to '*nb_addr' addresses and
* ports will be copied. On success, '*nb_addr' is set to the number of
* addresses actually copied. This function returns -1 on failure, 0 on success.
*/
static int knp_query_resolve_srv_name(char *srv_name, unsigned long *addr_array, unsigned int *port_array,
int *nb_addr) {
int error = 0;
adns_state state;
adns_answer *answer = NULL;
/* Try. */
do {
int r;
int i, j;
int nb_out = 0;
/* Initialize the ADNS state. */
r = adns_init(&state, 0, NULL);
if (r) {
kmo_seterror("cannot resolve %s: %s", srv_name, kmo_syserror(r));
error = -1;
state = NULL; /* Don't call adns_finish(): ADNS sucks. */
break;
}
/* Perform the query. */
r = adns_synchronous(state, srv_name, adns_r_srv, 0, &answer);
if (r) {
kmo_seterror("cannot resolve %s: %s", srv_name, kmo_syserror(r));
error = -1;
break;
}
/* The query failed. */
if (answer->status != adns_s_ok) {
kmo_seterror("cannot resolve %s: %s", srv_name, adns_strerror(answer->status));
error = -1;
break;
}
/* We got the results. */
for (i = 0; i < answer->nrrs; i++) {
unsigned int port = answer->rrs.srvha[i].port;
/* No addresses returned so resolve the SRV host name. */
if (! answer->rrs.srvha[i].ha.naddrs) {
int nb = *nb_addr - nb_out;
/* Ignore errors, since it's likely the DNS that's badly
* configured if this function fails.
*/
if (ksock_get_host_addr_list(answer->rrs.srvha[i].ha.host, addr_array + nb_out, &nb)) {
continue;
}
for (j = 0; j < nb; j++) {
port_array[nb_out + j] = port;
}
nb_out += nb;
}
/* Use the returned addresses. */
else {
for (j = 0; j < answer->rrs.srvha[i].ha.naddrs; j++) {
unsigned long addr = answer->rrs.srvha[i].ha.addrs[j].addr.inet.sin_addr.s_addr;
if (nb_out == *nb_addr) {
goto out;
}
addr_array[nb_out] = addr;
port_array[nb_out] = port;
nb_out++;
}
}
}
out:
*nb_addr = nb_out;
if (nb_out == 0) {
kmo_seterror("cannot resolve %s: no addresses found for service", srv_name);
error = -1;
break;
}
} while (0);
free(answer);
adns_finish(state);
return error;
}
int
getsrv (const char *name,struct srventry **list)
{
int srvcount=0;
u16 count;
int i, rc;
*list = NULL;
#ifdef USE_ADNS
{
adns_state state;
adns_answer *answer = NULL;
rc = adns_init (&state, adns_if_noerrprint, NULL);
if (rc)
{
log_error ("error initializing adns: %s\n", strerror (errno));
return -1;
}
rc = adns_synchronous (state, name, adns_r_srv, adns_qf_quoteok_query,
&answer);
if (rc)
{
log_error ("DNS query failed: %s\n", strerror (errno));
adns_finish (state);
return -1;
}
if (answer->status != adns_s_ok
|| answer->type != adns_r_srv || !answer->nrrs)
{
/* log_error ("DNS query returned an error or no records: %s (%s)\n", */
/* adns_strerror (answer->status), */
/* adns_errabbrev (answer->status)); */
adns_free (answer);
adns_finish (state);
return 0;
}
for (count = 0; count < answer->nrrs; count++)
{
struct srventry *srv = NULL;
struct srventry *newlist;
if (strlen (answer->rrs.srvha[count].ha.host) >= MAXDNAME)
{
log_info ("hostname in SRV record too long - skipped\n");
continue;
}
newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
if (!newlist)
goto fail;
*list = newlist;
memset (&(*list)[srvcount], 0, sizeof(struct srventry));
srv = &(*list)[srvcount];
srvcount++;
srv->priority = answer->rrs.srvha[count].priority;
srv->weight = answer->rrs.srvha[count].weight;
srv->port = answer->rrs.srvha[count].port;
strcpy (srv->target, answer->rrs.srvha[count].ha.host);
}
adns_free (answer);
adns_finish (state);
}
#else /*!USE_ADNS*/
{
unsigned char answer[2048];
HEADER *header = (HEADER *)answer;
unsigned char *pt, *emsg;
int r;
u16 dlen;
r = res_query (name, C_IN, T_SRV, answer, sizeof answer);
if (r < sizeof (HEADER) || r > sizeof answer)
return -1;
if (header->rcode != NOERROR || !(count=ntohs (header->ancount)))
return 0; /* Error or no record found. */
emsg = &answer[r];
pt = &answer[sizeof(HEADER)];
/* Skip over the query */
rc = dn_skipname (pt, emsg);
if (rc == -1)
goto fail;
pt += rc + QFIXEDSZ;
while (count-- > 0 && pt < emsg)
{
struct srventry *srv=NULL;
u16 type,class;
struct srventry *newlist;
newlist = xtryrealloc (*list, (srvcount+1)*sizeof(struct srventry));
if (!newlist)
goto fail;
*list = newlist;
memset(&(*list)[srvcount],0,sizeof(struct srventry));
srv=&(*list)[srvcount];
srvcount++;
rc = dn_skipname(pt,emsg); /* the name we just queried for */
if (rc == -1)
goto fail;
pt+=rc;
/* Truncated message? */
if((emsg-pt)<16)
goto fail;
type=*pt++ << 8;
type|=*pt++;
/* We asked for SRV and got something else !? */
if(type!=T_SRV)
goto fail;
class=*pt++ << 8;
class|=*pt++;
/* We asked for IN and got something else !? */
if(class!=C_IN)
goto fail;
pt+=4; /* ttl */
dlen=*pt++ << 8;
dlen|=*pt++;
srv->priority=*pt++ << 8;
srv->priority|=*pt++;
srv->weight=*pt++ << 8;
srv->weight|=*pt++;
srv->port=*pt++ << 8;
srv->port|=*pt++;
/* Get the name. 2782 doesn't allow name compression, but
dn_expand still works to pull the name out of the
packet. */
rc = dn_expand(answer,emsg,pt,srv->target,MAXDNAME);
if (rc == 1 && srv->target[0] == 0) /* "." */
{
xfree(*list);
*list = NULL;
return 0;
}
if (rc == -1)
goto fail;
pt += rc;
/* Corrupt packet? */
if (dlen != rc+6)
goto fail;
}
}
#endif /*!USE_ADNS*/
/* Now we have an array of all the srv records. */
/* Order by priority */
qsort(*list,srvcount,sizeof(struct srventry),priosort);
/* For each priority, move the zero-weighted items first. */
for (i=0; i < srvcount; i++)
{
int j;
for (j=i;j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
{
if((*list)[j].weight==0)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy (&temp,&(*list)[j],sizeof(struct srventry));
memcpy (&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy (&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
/* Run the RFC-2782 weighting algorithm. We don't need very high
quality randomness for this, so regular libc srand/rand is
sufficient. Fixme: It is a bit questionaly to reinitalize srand
- better use a gnupg fucntion for this. */
srand(time(NULL)*getpid());
for (i=0; i < srvcount; i++)
{
int j;
float prio_count=0,chose;
for (j=i; j < srvcount && (*list)[i].priority == (*list)[j].priority; j++)
{
prio_count+=(*list)[j].weight;
(*list)[j].run_count=prio_count;
}
chose=prio_count*rand()/RAND_MAX;
for (j=i;j<srvcount && (*list)[i].priority==(*list)[j].priority;j++)
{
if (chose<=(*list)[j].run_count)
{
/* Swap j with i */
if(j!=i)
{
struct srventry temp;
memcpy(&temp,&(*list)[j],sizeof(struct srventry));
memcpy(&(*list)[j],&(*list)[i],sizeof(struct srventry));
memcpy(&(*list)[i],&temp,sizeof(struct srventry));
}
break;
}
}
}
return srvcount;
fail:
xfree(*list);
*list=NULL;
return -1;
}
DNS_STATUS WINAPI
DnsQuery_A(LPCSTR Name,
WORD Type,
DWORD Options,
PIP4_ARRAY Servers,
PDNS_RECORD *QueryResultSet,
PVOID *Reserved)
{
adns_state astate;
int quflags = 0;
int adns_error;
adns_answer *answer;
LPSTR CurrentName;
unsigned i, CNameLoop;
*QueryResultSet = 0;
switch(Type)
{
case DNS_TYPE_A:
adns_error = adns_init(&astate, adns_if_noenv | adns_if_noerrprint | adns_if_noserverwarn, 0);
if(adns_error != adns_s_ok)
return DnsIntTranslateAdnsToDNS_STATUS(adns_error);
if (Servers)
{
for(i = 0; i < Servers->AddrCount; i++)
{
adns_addserver(astate, *((struct in_addr *)&Servers->AddrArray[i]));
}
}
/*
* adns doesn't resolve chained CNAME records (a CNAME which points to
* another CNAME pointing to another... pointing to an A record), according
* to a mailing list thread the authors believe that chained CNAME records
* are invalid and the DNS entries should be fixed. That's a nice academic
* standpoint, but there certainly are chained CNAME records out there,
* even some fairly major ones (at the time of this writing
* download.mozilla.org is a chained CNAME). Everyone else seems to resolve
* these fine, so we should too. So we loop here to try to resolve CNAME
* chains ourselves. Of course, there must be a limit to protect against
* CNAME loops.
*/
#define CNAME_LOOP_MAX 16
CurrentName = (LPSTR) Name;
for (CNameLoop = 0; CNameLoop < CNAME_LOOP_MAX; CNameLoop++)
{
adns_error = adns_synchronous(astate, CurrentName, adns_r_addr, quflags, &answer);
if(adns_error != adns_s_ok)
{
adns_finish(astate);
if (CurrentName != Name)
RtlFreeHeap(RtlGetProcessHeap(), 0, CurrentName);
return DnsIntTranslateAdnsToDNS_STATUS(adns_error);
}
if(answer && answer->rrs.addr)
{
if (CurrentName != Name)
RtlFreeHeap(RtlGetProcessHeap(), 0, CurrentName);
*QueryResultSet = (PDNS_RECORD)RtlAllocateHeap(RtlGetProcessHeap(), 0, sizeof(DNS_RECORD));
if (NULL == *QueryResultSet)
{
adns_finish( astate );
return ERROR_OUTOFMEMORY;
}
(*QueryResultSet)->pNext = NULL;
(*QueryResultSet)->wType = Type;
(*QueryResultSet)->wDataLength = sizeof(DNS_A_DATA);
(*QueryResultSet)->Data.A.IpAddress = answer->rrs.addr->addr.inet.sin_addr.s_addr;
adns_finish(astate);
(*QueryResultSet)->pName = xstrsave( Name );
return NULL != (*QueryResultSet)->pName ? ERROR_SUCCESS : ERROR_OUTOFMEMORY;
}
if (NULL == answer || adns_s_prohibitedcname != answer->status || NULL == answer->cname)
{
adns_finish(astate);
if (CurrentName != Name)
RtlFreeHeap(RtlGetProcessHeap(), 0, CurrentName);
return ERROR_FILE_NOT_FOUND;
}
if (CurrentName != Name)
RtlFreeHeap(RtlGetProcessHeap(), 0, CurrentName);
CurrentName = xstrsave(answer->cname);
if (!CurrentName)
{
adns_finish(astate);
return ERROR_OUTOFMEMORY;
}
}
adns_finish(astate);
RtlFreeHeap(RtlGetProcessHeap(), 0, CurrentName);
return ERROR_FILE_NOT_FOUND;
default:
return ERROR_OUTOFMEMORY; /* XXX arty: find a better error code. */
}
}
