uint8_t *
ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *from,
socklen_t *fromlen)
{
uint8_t *wire, *wireout;
ssize_t wire_size;
wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN);
if (!wire) {
*size = 0;
return NULL;
}
wire_size = recvfrom(sockfd, (void*)wire, LDNS_MAX_PACKETLEN, 0,
(struct sockaddr *)from, fromlen);
/* recvfrom can also return 0 */
if (wire_size == -1 || wire_size == 0) {
*size = 0;
LDNS_FREE(wire);
return NULL;
}
*size = (size_t)wire_size;
wireout = LDNS_XREALLOC(wire, uint8_t, (size_t)wire_size);
if(!wireout) LDNS_FREE(wire);
return wireout;
}
ssize_t
ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data,
const char *d_del, size_t data_limit, int *line_nr)
{
/* we assume: keyword|sep|data */
char *fkeyword;
ssize_t i;
if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
return -1;
fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
if(!fkeyword)
return -1;
i = ldns_fget_token(f, fkeyword, k_del, LDNS_MAX_KEYWORDLEN);
if(i==0 || i==-1) {
LDNS_FREE(fkeyword);
return -1;
}
/* case??? i instead of strlen? */
if (strncmp(fkeyword, keyword, LDNS_MAX_KEYWORDLEN - 1) == 0) {
/* whee! */
/* printf("%s\n%s\n", "Matching keyword", fkeyword); */
i = ldns_fget_token_l(f, data, d_del, data_limit, line_nr);
LDNS_FREE(fkeyword);
return i;
} else {
/*printf("no match for %s (read: %s)\n", keyword, fkeyword);*/
LDNS_FREE(fkeyword);
return -1;
}
}
ssize_t
ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char
*data, const char *d_del, size_t data_limit)
{
/* we assume: keyword|sep|data */
char *fkeyword;
ssize_t i;
if(strlen(keyword) >= LDNS_MAX_KEYWORDLEN)
return -1;
fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN);
if(!fkeyword)
return -1; /* out of memory */
i = ldns_bget_token(b, fkeyword, k_del, data_limit);
if(i==0 || i==-1) {
LDNS_FREE(fkeyword);
return -1; /* nothing read */
}
/* case??? */
if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) {
LDNS_FREE(fkeyword);
/* whee, the match! */
/* retrieve it's data */
i = ldns_bget_token(b, data, d_del, 0);
return i;
} else {
LDNS_FREE(fkeyword);
return -1;
}
}
uint8_t *
ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout)
{
uint8_t *wire;
uint16_t wire_size;
ssize_t bytes = 0, rc = 0;
wire = LDNS_XMALLOC(uint8_t, 2);
if (!wire) {
*size = 0;
return NULL;
}
while (bytes < 2) {
if(!ldns_sock_wait(sockfd, timeout, 0)) {
*size = 0;
LDNS_FREE(wire);
return NULL;
}
rc = recv(sockfd, (void*) (wire + bytes),
(size_t) (2 - bytes), 0);
if (rc == -1 || rc == 0) {
*size = 0;
LDNS_FREE(wire);
return NULL;
}
bytes += rc;
}
wire_size = ldns_read_uint16(wire);
LDNS_FREE(wire);
wire = LDNS_XMALLOC(uint8_t, wire_size);
if (!wire) {
*size = 0;
return NULL;
}
bytes = 0;
while (bytes < (ssize_t) wire_size) {
if(!ldns_sock_wait(sockfd, timeout, 0)) {
*size = 0;
LDNS_FREE(wire);
return NULL;
}
rc = recv(sockfd, (void*) (wire + bytes),
(size_t) (wire_size - bytes), 0);
if (rc == -1 || rc == 0) {
LDNS_FREE(wire);
*size = 0;
return NULL;
}
bytes += rc;
}
*size = (size_t) bytes;
return wire;
}
void
free_match_files()
{
size_t i;
for (i = 0; i < match_file_count; i++) {
LDNS_FREE(match_files[i].description);
LDNS_FREE(match_files[i].query_match);
LDNS_FREE(match_files[i].answer_match);
}
}
void
ldns_buffer_free(ldns_buffer *buffer)
{
if (!buffer) {
return;
}
if (!buffer->_fixed)
LDNS_FREE(buffer->_data);
LDNS_FREE(buffer);
}
void
ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone)
{
if (zone) {
if (zone->names) {
/* destroy all name structures within the tree */
ldns_traverse_postorder(zone->names,
ldns_dnssec_name_node_deep_free,
NULL);
LDNS_FREE(zone->names);
}
LDNS_FREE(zone);
}
}
/* keep in mind that in DNS tcp messages the first 2 bytes signal the
* amount data to expect
*/
static ldns_status
ldns_tcp_send_from(uint8_t **result, ldns_buffer *qbin,
const struct sockaddr_storage *to, socklen_t tolen,
const struct sockaddr_storage *from, socklen_t fromlen,
struct timeval timeout, size_t *answer_size)
{
int sockfd;
uint8_t *answer;
sockfd = ldns_tcp_bgsend_from(qbin, to, tolen, from, fromlen, timeout);
if (sockfd == 0) {
return LDNS_STATUS_ERR;
}
answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout);
#ifndef USE_WINSOCK
close(sockfd);
#else
closesocket(sockfd);
#endif
if (*answer_size == 0) {
/* oops */
return LDNS_STATUS_NETWORK_ERR;
}
/* resize accordingly */
*result = LDNS_XREALLOC(answer, uint8_t, (size_t)*answer_size);
if(!*result) {
LDNS_FREE(answer);
return LDNS_STATUS_MEM_ERR;
}
return LDNS_STATUS_OK;
}
static void
ldns_dnssec_zone_hashed_names_from_nsec3(
ldns_dnssec_zone* zone, ldns_rr* nsec3rr)
{
ldns_rbnode_t* current_node;
ldns_dnssec_name* current_name;
assert(zone != NULL);
assert(nsec3rr != NULL);
if (zone->hashed_names) {
ldns_traverse_postorder(zone->hashed_names,
ldns_hashed_names_node_free, NULL);
LDNS_FREE(zone->hashed_names);
}
zone->_nsec3params = nsec3rr;
/* So this is a NSEC3 zone.
* Calculate hashes for all names already in the zone
*/
zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v);
if (zone->hashed_names == NULL) {
return;
}
for ( current_node = ldns_rbtree_first(zone->names)
; current_node != LDNS_RBTREE_NULL
; current_node = ldns_rbtree_next(current_node)
) {
current_name = (ldns_dnssec_name *) current_node->data;
ldns_dnssec_name_make_hashed_name(zone, current_name, nsec3rr);
}
}
static void
ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone,
ldns_dnssec_name* name, ldns_rr* nsec3rr)
{
ldns_rbnode_t* new_node;
assert(name != NULL);
if (! zone->_nsec3params) {
if (! nsec3rr) {
return;
}
ldns_dnssec_zone_hashed_names_from_nsec3(zone, nsec3rr);
} else if (! nsec3rr) {
nsec3rr = zone->_nsec3params;
}
name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsec3rr, name->name);
/* Also store in zone->hashed_names */
if ((new_node = LDNS_MALLOC(ldns_rbnode_t))) {
new_node->key = name->hashed_name;
new_node->data = name;
if (ldns_rbtree_insert(zone->hashed_names, new_node) == NULL) {
LDNS_FREE(new_node);
}
}
}
void
ldns_zone_deep_free(ldns_zone *zone)
{
ldns_rr_free(zone->_soa);
ldns_rr_list_deep_free(zone->_rrs);
LDNS_FREE(zone);
}
INLINE void
ldns_dnssec_name_free_internal(ldns_dnssec_name *name,
int deep)
{
if (name) {
if (name->name_alloced) {
ldns_rdf_deep_free(name->name);
}
if (name->rrsets) {
ldns_dnssec_rrsets_free_internal(name->rrsets, deep);
}
if (name->nsec && deep) {
ldns_rr_free(name->nsec);
}
if (name->nsec_signatures) {
ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep);
}
if (name->hashed_name) {
if (deep) {
ldns_rdf_deep_free(name->hashed_name);
}
}
LDNS_FREE(name);
}
}
/**
* Sign data with DSA
*
* \param[in] to_sign The ldns_buffer containing raw data that is
* to be signed
* \param[in] key The DSA key structure to sign with
* \return ldns_rdf for the RRSIG ldns_rr
*/
ldns_rdf *
ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key)
{
unsigned char *sha1_hash;
ldns_rdf *sigdata_rdf;
ldns_buffer *b64sig;
DSA_SIG *sig;
uint8_t *data;
size_t pad;
b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!b64sig) {
return NULL;
}
sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign),
ldns_buffer_position(to_sign), NULL);
if (!sha1_hash) {
ldns_buffer_free(b64sig);
return NULL;
}
sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key);
if(!sig) {
ldns_buffer_free(b64sig);
return NULL;
}
data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH);
if(!data) {
ldns_buffer_free(b64sig);
DSA_SIG_free(sig);
return NULL;
}
data[0] = 1;
pad = 20 - (size_t) BN_num_bytes(sig->r);
if (pad > 0) {
memset(data + 1, 0, pad);
}
BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad);
pad = 20 - (size_t) BN_num_bytes(sig->s);
if (pad > 0) {
memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad);
}
BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad));
sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64,
1 + 2 * SHA_DIGEST_LENGTH,
data);
ldns_buffer_free(b64sig);
LDNS_FREE(data);
DSA_SIG_free(sig);
return sigdata_rdf;
}
/** check the packet and make sure that EDNS and DO and the type and RRSIG */
static int
check_packet(uint8_t* wire, size_t len, int tp)
{
ldns_pkt *p = NULL;
ldns_status s;
if( (s=ldns_wire2pkt(&p, wire, len)) != LDNS_STATUS_OK) {
if(verb) printf("error: %s\n", ldns_get_errorstr_by_id(s));
goto failed;
}
if(!p) {
if(verb) printf("error: out of memory\n");
goto failed;
}
/* does DNS work? */
if(ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) {
char* r = ldns_pkt_rcode2str(ldns_pkt_get_rcode(p));
if(verb) printf("no answer, %s\n", r?r:"(out of memory)");
LDNS_FREE(r);
goto failed;
}
/* test EDNS0 presence, of OPT record */
/* LDNS forgets during pkt parse, but we test the ARCOUNT;
* 0 additionals means no EDNS(on the wire), and after parsing the
* same additional RRs as before means no EDNS OPT */
if(LDNS_ARCOUNT(wire) == 0 ||
ldns_pkt_arcount(p) == LDNS_ARCOUNT(wire)) {
if(verb) printf("no EDNS\n");
goto failed;
}
/* test if the type, RRSIG present */
if(!check_type_in_answer(p, tp) ||
!check_type_in_answer(p, LDNS_RR_TYPE_RRSIG)) {
goto failed;
}
LDNS_FREE(wire);
ldns_pkt_free(p);
return 1;
failed:
LDNS_FREE(wire);
ldns_pkt_free(p);
return 0;
}
void
dump_hex(const ldns_pkt *pkt, const char *filename)
{
uint8_t *wire = NULL;
size_t size, i;
FILE *fp;
ldns_status status;
fp = fopen(filename, "w");
if (fp == NULL) {
error("Unable to open %s for writing", filename);
return;
}
status = ldns_pkt2wire(&wire, pkt, &size);
if (status != LDNS_STATUS_OK) {
error("Unable to convert packet: error code %u", status);
LDNS_FREE(wire);
fclose(fp);
return;
}
fprintf(fp, "; 0");
for (i = 1; i < 20; i++) {
fprintf(fp, " %2u", (unsigned int) i);
}
fprintf(fp, "\n");
fprintf(fp, ";--");
for (i = 1; i < 20; i++) {
fprintf(fp, " --");
}
fprintf(fp, "\n");
for (i = 0; i < size; i++) {
if (i % 20 == 0 && i > 0) {
fprintf(fp, "\t;\t%4u-%4u\n", (unsigned int) i-19, (unsigned int) i);
}
fprintf(fp, " %02x", (unsigned int)wire[i]);
}
fprintf(fp, "\n");
fclose(fp);
LDNS_FREE(wire);
}
/** test if type is present in returned packet */
static int
check_type_in_answer(ldns_pkt* p, int t)
{
ldns_rr_list *l = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANSWER);
if(!l) {
char* s = ldns_rr_type2str(t);
if(verb) printf("no DNSSEC %s\n", s?s:"(out of memory)");
LDNS_FREE(s);
return 0;
}
ldns_rr_list_deep_free(l);
return 1;
}
INLINE void
ldns_dnssec_rrs_free_internal(ldns_dnssec_rrs *rrs, int deep)
{
ldns_dnssec_rrs *next;
while (rrs) {
next = rrs->next;
if (deep) {
ldns_rr_free(rrs->rr);
}
LDNS_FREE(rrs);
rrs = next;
}
}
void
ldns_resolver_deep_free(ldns_resolver *res)
{
size_t i;
if (res) {
if (res->_searchlist) {
for (i = 0; i < ldns_resolver_searchlist_count(res); i++) {
ldns_rdf_deep_free(res->_searchlist[i]);
}
LDNS_FREE(res->_searchlist);
}
if (res->_nameservers) {
for (i = 0; i < res->_nameserver_count; i++) {
ldns_rdf_deep_free(res->_nameservers[i]);
}
LDNS_FREE(res->_nameservers);
}
if (ldns_resolver_domain(res)) {
ldns_rdf_deep_free(ldns_resolver_domain(res));
}
if (ldns_resolver_tsig_keyname(res)) {
LDNS_FREE(res->_tsig_keyname);
}
if (res->_cur_axfr_pkt) {
ldns_pkt_free(res->_cur_axfr_pkt);
}
if (res->_rtt) {
LDNS_FREE(res->_rtt);
}
if (res->_dnssec_anchors) {
ldns_rr_list_deep_free(res->_dnssec_anchors);
}
LDNS_FREE(res);
}
}
INLINE void
ldns_dnssec_rrsets_free_internal(ldns_dnssec_rrsets *rrsets, int deep)
{
if (rrsets) {
if (rrsets->rrs) {
ldns_dnssec_rrs_free_internal(rrsets->rrs, deep);
}
if (rrsets->next) {
ldns_dnssec_rrsets_free_internal(rrsets->next, deep);
}
if (rrsets->signatures) {
ldns_dnssec_rrs_free_internal(rrsets->signatures, deep);
}
LDNS_FREE(rrsets);
}
}
bool
ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f)
{
/* 2 types to check, cannot use the macro... */
ldns_rdf *pop;
if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A &&
ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) {
return false;
}
pop = ldns_rr_set_rdf(r, f, 0);
if (pop) {
LDNS_FREE(pop);
return true;
} else {
return false;
}
}
/**
* Encode RR.
*
*/
static int
response_encode_rr(query_type* q, ldns_rr* rr, ldns_pkt_section section)
{
uint8_t *data = NULL;
size_t size = 0;
ldns_status status = LDNS_STATUS_OK;
ods_log_assert(q);
ods_log_assert(rr);
ods_log_assert(section);
status = ldns_rr2wire(&data, rr, section, &size);
if (status != LDNS_STATUS_OK) {
ods_log_error("[%s] unable to send good response: ldns_rr2wire() "
"failed (%s)", query_str, ldns_get_errorstr_by_id(status));
return 0;
}
buffer_write(q->buffer, (const void*) data, size);
LDNS_FREE(data);
return 1;
}
bool
dump_hex(FILE *fp, const ldns_pkt *pkt)
{
uint8_t *wire;
size_t size, i;
ldns_status status;
status = ldns_pkt2wire(&wire, pkt, &size);
if (status != LDNS_STATUS_OK) {
fprintf(stdout, "= Unable to convert packet back to wire: error code %u", status);
fprintf(stdout, "= original hex:\n");
return false;
}
for (i = 0; i < size; i++) {
fprintf(fp, "%02x", (unsigned int)wire[i]);
}
LDNS_FREE(wire);
return true;
}
void
ldns_rr_soa_increment_func_data(ldns_rr *soa,
ldns_soa_serial_increment_func_t f, void *data)
{
ldns_rdf *prev_soa_serial_rdf;
if ( !soa || !f || ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA
|| !ldns_rr_rdf(soa, 2)) {
return;
}
prev_soa_serial_rdf = ldns_rr_set_rdf(
soa
, ldns_native2rdf_int32(
LDNS_RDF_TYPE_INT32
, (*f)( ldns_rdf2native_int32(
ldns_rr_rdf(soa, 2))
, data
)
)
, 2
);
LDNS_FREE(prev_soa_serial_rdf);
}
/* code from rdata.c */
static struct sockaddr_storage *
ldns_rdf2native_sockaddr_storage_port(
const ldns_rdf *rd, uint16_t port, size_t *size)
{
struct sockaddr_storage *data;
struct sockaddr_in *data_in;
struct sockaddr_in6 *data_in6;
data = LDNS_MALLOC(struct sockaddr_storage);
if (!data) {
return NULL;
}
/* zero the structure for portability */
memset(data, 0, sizeof(struct sockaddr_storage));
switch(ldns_rdf_get_type(rd)) {
case LDNS_RDF_TYPE_A:
#ifndef S_SPLINT_S
data->ss_family = AF_INET;
#endif
data_in = (struct sockaddr_in*) data;
data_in->sin_port = (in_port_t)htons(port);
memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd));
*size = sizeof(struct sockaddr_in);
return data;
case LDNS_RDF_TYPE_AAAA:
#ifndef S_SPLINT_S
data->ss_family = AF_INET6;
#endif
data_in6 = (struct sockaddr_in6*) data;
data_in6->sin6_port = (in_port_t)htons(port);
memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd));
*size = sizeof(struct sockaddr_in6);
return data;
default:
LDNS_FREE(data);
return NULL;
}
}
ssize_t
ldns_tcp_send_query(ldns_buffer *qbin, int sockfd,
const struct sockaddr_storage *to, socklen_t tolen)
{
uint8_t *sendbuf;
ssize_t bytes;
/* add length of packet */
sendbuf = LDNS_XMALLOC(uint8_t, ldns_buffer_position(qbin) + 2);
if(!sendbuf) return 0;
ldns_write_uint16(sendbuf, ldns_buffer_position(qbin));
memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin));
bytes = sendto(sockfd, (void*)sendbuf,
ldns_buffer_position(qbin) + 2, 0, (struct sockaddr *)to, tolen);
LDNS_FREE(sendbuf);
if (bytes == -1 || (size_t) bytes != ldns_buffer_position(qbin) + 2 ) {
return 0;
}
return bytes;
}
ldns_buffer *
ldns_buffer_new(size_t capacity)
{
ldns_buffer *buffer = LDNS_MALLOC(ldns_buffer);
if (!buffer) {
return NULL;
}
buffer->_data = (uint8_t *) LDNS_XMALLOC(uint8_t, capacity);
if (!buffer->_data) {
LDNS_FREE(buffer);
return NULL;
}
buffer->_position = 0;
buffer->_limit = buffer->_capacity = capacity;
buffer->_fixed = 0;
buffer->_status = LDNS_STATUS_OK;
ldns_buffer_invariant(buffer);
return buffer;
}
void zkdns_start(const char* my_address, int port, const char* my_zone)
{
rp_handle = rp_initialize(my_zone);
/* network */
int sock;
ssize_t nb;
struct sockaddr addr_me;
struct sockaddr addr_him;
socklen_t hislen = (socklen_t) sizeof(addr_him);
uint8_t inbuf[INBUF_SIZE];
uint8_t *outbuf;
/* dns */
ldns_status status;
ldns_pkt *query_pkt;
ldns_pkt *answer_pkt;
size_t answer_size;
ldns_rr *query_rr;
ldns_rr_list *answer_qr;
ldns_rr_list *answer_an;
ldns_rr_list *answer_ns;
ldns_rr_list *answer_ad;
ldns_rdf *origin = NULL;
/* zone */
ldns_zone *zone;
int line_nr;
FILE *zone_fp;
if (ldns_str2rdf_dname(&origin, my_zone) != LDNS_STATUS_OK) {
fprintf(stderr, "Bad origin, not a correct domain name\n");
exit(EXIT_FAILURE);
}
printf("Listening on port %d\n", port);
sock = socket(AF_INET, SOCK_DGRAM, 0);
if (sock < 0) {
fprintf(stderr, "socket(): %s\n", strerror(errno));
exit(1);
}
memset(&addr_me, 0, sizeof(addr_me));
/* bind: try all ports in that range */
if (udp_bind(sock, port, my_address)) {
fprintf(stderr, "cannot bind(): %s\n", strerror(errno));
exit(errno);
}
/* Done. Now receive */
while (1) {
nb = recvfrom(sock, (void*)inbuf, INBUF_SIZE, 0,
&addr_him, &hislen);
if (nb < 1) {
fprintf(stderr, "recvfrom(): %s\n",
strerror(errno));
exit(1);
}
/*
show(inbuf, nb, nn, hp, sp, ip, bp);
*/
status = ldns_wire2pkt(&query_pkt, inbuf, (size_t) nb);
if (status != LDNS_STATUS_OK) {
printf("Got bad packet: %s\n", ldns_get_errorstr_by_id(status));
}
query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0);
answer_qr = ldns_rr_list_new();
ldns_rr_list_push_rr(answer_qr, ldns_rr_clone(query_rr));
answer_an = get_rrset(zone, ldns_rr_owner(query_rr), ldns_rr_get_type(query_rr), ldns_rr_get_class(query_rr));
answer_pkt = ldns_pkt_new();
answer_ns = ldns_rr_list_new();
answer_ad = ldns_rr_list_new();
ldns_pkt_set_qr(answer_pkt, 1);
ldns_pkt_set_aa(answer_pkt, 1);
ldns_pkt_set_id(answer_pkt, ldns_pkt_id(query_pkt));
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_QUESTION, answer_qr);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ANSWER, answer_an);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_AUTHORITY, answer_ns);
ldns_pkt_push_rr_list(answer_pkt, LDNS_SECTION_ADDITIONAL, answer_ad);
status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size);
if (status != LDNS_STATUS_OK) {
printf("Error creating answer: %s\n", ldns_get_errorstr_by_id(status));
} else {
nb = sendto(sock, (void*)outbuf, answer_size, 0,
&addr_him, hislen);
}
ldns_pkt_free(query_pkt);
ldns_pkt_free(answer_pkt);
LDNS_FREE(outbuf);
ldns_rr_list_free(answer_qr);
ldns_rr_list_free(answer_an);
ldns_rr_list_free(answer_ns);
ldns_rr_list_free(answer_ad);
}
ldns_rdf_deep_free(origin);
ldns_zone_deep_free(zone);
rp_shutdown(rp_handle);
}
ldns_status
ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data,
uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only)
{
ldns_rr *tsig_rr;
ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name);
ldns_rdf *fudge_rdf = NULL;
ldns_rdf *orig_id_rdf = NULL;
ldns_rdf *algorithm_rdf;
ldns_rdf *error_rdf = NULL;
ldns_rdf *mac_rdf = NULL;
ldns_rdf *other_data_rdf = NULL;
ldns_status status = LDNS_STATUS_OK;
uint8_t *pkt_wire = NULL;
size_t pkt_wire_len;
struct timeval tv_time_signed;
uint8_t *time_signed = NULL;
ldns_rdf *time_signed_rdf = NULL;
algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name);
if(!key_name_rdf || !algorithm_rdf) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
/* eww don't have create tsigtime rdf yet :( */
/* bleh :p */
if (gettimeofday(&tv_time_signed, NULL) == 0) {
time_signed = LDNS_XMALLOC(uint8_t, 6);
if(!time_signed) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
ldns_write_uint64_as_uint48(time_signed,
(uint64_t)tv_time_signed.tv_sec);
} else {
status = LDNS_STATUS_INTERNAL_ERR;
goto clean;
}
time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed);
if(!time_signed_rdf) {
LDNS_FREE(time_signed);
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge);
orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt));
error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0);
other_data_rdf = ldns_native2rdf_int16_data(0, NULL);
if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) {
status = LDNS_STATUS_ERR;
goto clean;
}
status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len,
key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only);
if (!mac_rdf) {
goto clean;
}
LDNS_FREE(pkt_wire);
/* Create the TSIG RR */
tsig_rr = ldns_rr_new();
if(!tsig_rr) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
ldns_rr_set_owner(tsig_rr, key_name_rdf);
ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY);
ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG);
ldns_rr_set_ttl(tsig_rr, 0);
ldns_rr_push_rdf(tsig_rr, algorithm_rdf);
ldns_rr_push_rdf(tsig_rr, time_signed_rdf);
ldns_rr_push_rdf(tsig_rr, fudge_rdf);
ldns_rr_push_rdf(tsig_rr, mac_rdf);
ldns_rr_push_rdf(tsig_rr, orig_id_rdf);
ldns_rr_push_rdf(tsig_rr, error_rdf);
ldns_rr_push_rdf(tsig_rr, other_data_rdf);
ldns_pkt_set_tsig(pkt, tsig_rr);
return status;
clean:
LDNS_FREE(pkt_wire);
ldns_rdf_free(key_name_rdf);
ldns_rdf_free(algorithm_rdf);
ldns_rdf_free(time_signed_rdf);
ldns_rdf_free(fudge_rdf);
ldns_rdf_free(orig_id_rdf);
ldns_rdf_free(error_rdf);
ldns_rdf_free(other_data_rdf);
return status;
}
bool
ldns_pkt_tsig_verify_next(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, const char* key_name,
const char *key_data, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
{
ldns_rdf *fudge_rdf;
ldns_rdf *algorithm_rdf;
ldns_rdf *time_signed_rdf;
ldns_rdf *orig_id_rdf;
ldns_rdf *error_rdf;
ldns_rdf *other_data_rdf;
ldns_rdf *pkt_mac_rdf;
ldns_rdf *my_mac_rdf;
ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name);
uint16_t pkt_id, orig_pkt_id;
ldns_status status;
uint8_t *prepared_wire = NULL;
size_t prepared_wire_size = 0;
ldns_rr *orig_tsig = ldns_pkt_tsig(pkt);
if (!orig_tsig || ldns_rr_rd_count(orig_tsig) <= 6) {
ldns_rdf_deep_free(key_name_rdf);
return false;
}
algorithm_rdf = ldns_rr_rdf(orig_tsig, 0);
time_signed_rdf = ldns_rr_rdf(orig_tsig, 1);
fudge_rdf = ldns_rr_rdf(orig_tsig, 2);
pkt_mac_rdf = ldns_rr_rdf(orig_tsig, 3);
orig_id_rdf = ldns_rr_rdf(orig_tsig, 4);
error_rdf = ldns_rr_rdf(orig_tsig, 5);
other_data_rdf = ldns_rr_rdf(orig_tsig, 6);
/* remove temporarily */
ldns_pkt_set_tsig(pkt, NULL);
/* temporarily change the id to the original id */
pkt_id = ldns_pkt_id(pkt);
orig_pkt_id = ldns_rdf2native_int16(orig_id_rdf);
ldns_pkt_set_id(pkt, orig_pkt_id);
prepared_wire = ldns_tsig_prepare_pkt_wire(wire, wirelen, &prepared_wire_size);
status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size,
key_data, key_name_rdf, fudge_rdf, algorithm_rdf,
time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf, tsig_timers_only);
LDNS_FREE(prepared_wire);
if (status != LDNS_STATUS_OK) {
ldns_rdf_deep_free(key_name_rdf);
return false;
}
/* Put back the values */
ldns_pkt_set_tsig(pkt, orig_tsig);
ldns_pkt_set_id(pkt, pkt_id);
ldns_rdf_deep_free(key_name_rdf);
if (ldns_rdf_compare(pkt_mac_rdf, my_mac_rdf) == 0) {
ldns_rdf_deep_free(my_mac_rdf);
return true;
} else {
ldns_rdf_deep_free(my_mac_rdf);
return false;
}
}
static ldns_status
ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf,
ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf,
ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf, int tsig_timers_only)
{
ldns_status status;
char *wireformat;
int wiresize;
unsigned char *mac_bytes = NULL;
unsigned char *key_bytes = NULL;
int key_size;
const EVP_MD *digester;
char *algorithm_name = NULL;
unsigned int md_len = EVP_MAX_MD_SIZE;
ldns_rdf *result = NULL;
ldns_buffer *data_buffer = NULL;
ldns_rdf *canonical_key_name_rdf = NULL;
ldns_rdf *canonical_algorithm_rdf = NULL;
if (key_name_rdf == NULL || algorithm_rdf == NULL) {
return LDNS_STATUS_NULL;
}
canonical_key_name_rdf = ldns_rdf_clone(key_name_rdf);
if (canonical_key_name_rdf == NULL) {
return LDNS_STATUS_MEM_ERR;
}
canonical_algorithm_rdf = ldns_rdf_clone(algorithm_rdf);
if (canonical_algorithm_rdf == NULL) {
ldns_rdf_deep_free(canonical_key_name_rdf);
return LDNS_STATUS_MEM_ERR;
}
/*
* prepare the digestable information
*/
data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!data_buffer) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
/* if orig_mac is not NULL, add it too */
if (orig_mac_rdf) {
(void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf);
}
ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size);
if (!tsig_timers_only) {
ldns_dname2canonical(canonical_key_name_rdf);
(void)ldns_rdf2buffer_wire(data_buffer,
canonical_key_name_rdf);
ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY);
ldns_buffer_write_u32(data_buffer, 0);
ldns_dname2canonical(canonical_algorithm_rdf);
(void)ldns_rdf2buffer_wire(data_buffer,
canonical_algorithm_rdf);
}
(void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf);
(void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf);
if (!tsig_timers_only) {
(void)ldns_rdf2buffer_wire(data_buffer, error_rdf);
(void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf);
}
wireformat = (char *) data_buffer->_data;
wiresize = (int) ldns_buffer_position(data_buffer);
algorithm_name = ldns_rdf2str(algorithm_rdf);
if(!algorithm_name) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
/* prepare the key */
key_bytes = LDNS_XMALLOC(unsigned char,
ldns_b64_pton_calculate_size(strlen(key_data)));
if(!key_bytes) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
key_size = ldns_b64_pton(key_data, key_bytes,
ldns_b64_pton_calculate_size(strlen(key_data)));
if (key_size < 0) {
status = LDNS_STATUS_INVALID_B64;
goto clean;
}
/* hmac it */
/* 2 spare bytes for the length */
mac_bytes = LDNS_XMALLOC(unsigned char, md_len+2);
if(!mac_bytes) {
status = LDNS_STATUS_MEM_ERR;
goto clean;
}
memset(mac_bytes, 0, md_len+2);
digester = ldns_digest_function(algorithm_name);
if (digester) {
(void) HMAC(digester, key_bytes, key_size, (void *)wireformat,
(size_t) wiresize, mac_bytes + 2, &md_len);
ldns_write_uint16(mac_bytes, md_len);
result = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16_DATA, md_len + 2,
mac_bytes);
} else {
status = LDNS_STATUS_CRYPTO_UNKNOWN_ALGO;
goto clean;
}
*tsig_mac = result;
status = LDNS_STATUS_OK;
clean:
LDNS_FREE(mac_bytes);
LDNS_FREE(key_bytes);
LDNS_FREE(algorithm_name);
ldns_buffer_free(data_buffer);
ldns_rdf_deep_free(canonical_algorithm_rdf);
ldns_rdf_deep_free(canonical_key_name_rdf);
return status;
}
