/** setup qinfo and edns */ static int setup_qinfo_edns(struct libworker* w, struct ctx_query* q, struct query_info* qinfo, struct edns_data* edns) { ldns_rdf* rdf; qinfo->qtype = (uint16_t)q->res->qtype; qinfo->qclass = (uint16_t)q->res->qclass; rdf = ldns_dname_new_frm_str(q->res->qname); if(!rdf) { return 0; } #ifdef UNBOUND_ALLOC_LITE qinfo->qname = memdup(ldns_rdf_data(rdf), ldns_rdf_size(rdf)); qinfo->qname_len = ldns_rdf_size(rdf); ldns_rdf_deep_free(rdf); rdf = 0; #else qinfo->qname = ldns_rdf_data(rdf); qinfo->qname_len = ldns_rdf_size(rdf); #endif edns->edns_present = 1; edns->ext_rcode = 0; edns->edns_version = 0; edns->bits = EDNS_DO; if(ldns_buffer_capacity(w->back->udp_buff) < 65535) edns->udp_size = (uint16_t)ldns_buffer_capacity( w->back->udp_buff); else edns->udp_size = 65535; ldns_rdf_free(rdf); return 1; }
ldns_pkt * ldns_resolver_search(const ldns_resolver *r,const ldns_rdf *name, ldns_rr_type type, ldns_rr_class c, uint16_t flags) { char *str_dname; ldns_rdf *new_name; ldns_rdf **search_list; size_t i; ldns_pkt *p; str_dname = ldns_rdf2str(name); if (ldns_dname_str_absolute(str_dname)) { /* query as-is */ return ldns_resolver_query(r, name, type, c, flags); } else { search_list = ldns_resolver_searchlist(r); for (i = 0; i < ldns_resolver_searchlist_count(r); i++) { new_name = ldns_dname_cat_clone(name, search_list[i]); p = ldns_resolver_query(r, new_name, type, c, flags); ldns_rdf_free(new_name); if (p) { return p; } } } return NULL; }
static int l_rdf_free(lua_State *L) { ldns_rdf *tofree = (ldns_rdf*)lua_touserdata(L, 1); /* pop from the stack */ if (!tofree) { return 0; } ldns_rdf_free(tofree); return 0; }
ldns_pkt * ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, ldns_rr_type type, ldns_rr_class c, uint16_t flags) { ldns_rdf *newname; ldns_pkt *pkt; ldns_status status; pkt = NULL; if (!ldns_resolver_defnames(r)) { status = ldns_resolver_send(&pkt, (ldns_resolver *)r, name, type, c, flags); if (status == LDNS_STATUS_OK) { return pkt; } else { if (pkt) { ldns_pkt_free(pkt); } fprintf(stderr, "error: %s\n", ldns_get_errorstr_by_id(status)); return NULL; } } if (!ldns_resolver_domain(r)) { /* _defnames is set, but the domain is not....?? */ status = ldns_resolver_send(&pkt, (ldns_resolver *)r, name, type, c, flags); if (status == LDNS_STATUS_OK) { return pkt; } else { if (pkt) { ldns_pkt_free(pkt); } return NULL; } } newname = ldns_dname_cat_clone((const ldns_rdf*)name, ldns_resolver_domain(r)); if (!newname) { if (pkt) { ldns_pkt_free(pkt); } return NULL; } status = ldns_resolver_send(&pkt, (ldns_resolver *)r, newname, type, c, flags); ldns_rdf_free(newname); return pkt; }
getdns_return_t getdns_convert_dns_name_to_fqdn( const struct getdns_bindata *dns_name_wire_fmt, char **fqdn_as_string) { ldns_rdf *rdf = ldns_rdf_new(LDNS_RDF_TYPE_DNAME, dns_name_wire_fmt->size, (void *)dns_name_wire_fmt->data); /* unconst is safe here */ if (!rdf) return GETDNS_RETURN_MEMORY_ERROR; *fqdn_as_string = ldns_rdf2str(rdf); ldns_rdf_free(rdf); return *fqdn_as_string ? GETDNS_RETURN_GOOD : GETDNS_RETURN_GENERIC_ERROR; }
getdns_return_t getdns_convert_fqdn_to_dns_name( const char *fqdn_as_string, struct getdns_bindata **dns_name_wire_fmt) { ldns_rdf *rdf; if (ldns_str2rdf_dname(&rdf, fqdn_as_string) != LDNS_STATUS_OK) return GETDNS_RETURN_GENERIC_ERROR;; *dns_name_wire_fmt = malloc(sizeof(struct getdns_bindata)); if (*dns_name_wire_fmt) { (*dns_name_wire_fmt)->size = ldns_rdf_size(rdf); (*dns_name_wire_fmt)->data = ldns_rdf_data(rdf); } ldns_rdf_free(rdf); return *dns_name_wire_fmt ? GETDNS_RETURN_GOOD : GETDNS_RETURN_MEMORY_ERROR; }
/** parse ORIGIN */ static void get_origin(const char* name, int lineno, ldns_rdf** origin, char* parse) { /* snip off rest of the text so as to make the parse work in ldns */ char* end; char store; ldns_status status; ldns_rdf_free(*origin); *origin = NULL; end=parse; while(!isspace((int)*end) && !isendline(*end)) end++; store = *end; *end = 0; verbose(3, "parsing '%s'\n", parse); status = ldns_str2rdf_dname(origin, parse); *end = store; if (status != LDNS_STATUS_OK) error("%s line %d:\n\t%s: %s", name, lineno, ldns_get_errorstr_by_id(status), parse); }
void check_cover(ldns_rr_list *list, ldns_rdf *qname) { ldns_status status; size_t i; if(check_done(qname)) return; for(i=0; i<ldns_rr_list_rr_count(list); ++i) { ldns_rr* nsec3 = ldns_rr_list_rr(list, i); if(ldns_rr_get_type(nsec3) != LDNS_RR_TYPE_NSEC3) { /* skip non nsec3 */ continue; } ldns_rdf* hashed = ldns_nsec3_hash_name_frm_nsec3( nsec3, qname); status = ldns_dname_cat(hashed, ldns_dname_left_chop( ldns_rr_owner(nsec3))); if(status != LDNS_STATUS_OK) abort_ldns_error("ldns_dname_cat", status); if(ldns_dname_compare(hashed, ldns_rr_owner(nsec3)) == 0) { ldns_rdf_print(stdout, ldns_rr_owner(nsec3)); printf(" proves "); ldns_rdf_print(stdout, qname); printf(" exists.\n"); } else if(ldns_nsec_covers_name(nsec3, hashed)) { ldns_rdf_print(stdout, ldns_rr_owner(nsec3)); printf(" proves "); ldns_rdf_print(stdout, qname); printf(" does not exist.\n"); } ldns_rdf_free(hashed); } }
ldns_status ldns_pkt_tsig_sign_next(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac, int tsig_timers_only) { ldns_rr *tsig_rr; ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); ldns_rdf *fudge_rdf = NULL; ldns_rdf *orig_id_rdf = NULL; ldns_rdf *algorithm_rdf; ldns_rdf *error_rdf = NULL; ldns_rdf *mac_rdf = NULL; ldns_rdf *other_data_rdf = NULL; ldns_status status = LDNS_STATUS_OK; uint8_t *pkt_wire = NULL; size_t pkt_wire_len; struct timeval tv_time_signed; uint8_t *time_signed = NULL; ldns_rdf *time_signed_rdf = NULL; algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name); if(!key_name_rdf || !algorithm_rdf) { status = LDNS_STATUS_MEM_ERR; goto clean; } /* eww don't have create tsigtime rdf yet :( */ /* bleh :p */ if (gettimeofday(&tv_time_signed, NULL) == 0) { time_signed = LDNS_XMALLOC(uint8_t, 6); if(!time_signed) { status = LDNS_STATUS_MEM_ERR; goto clean; } ldns_write_uint64_as_uint48(time_signed, (uint64_t)tv_time_signed.tv_sec); } else { status = LDNS_STATUS_INTERNAL_ERR; goto clean; } time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed); if(!time_signed_rdf) { LDNS_FREE(time_signed); status = LDNS_STATUS_MEM_ERR; goto clean; } fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge); orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt)); error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0); other_data_rdf = ldns_native2rdf_int16_data(0, NULL); if(!fudge_rdf || !orig_id_rdf || !error_rdf || !other_data_rdf) { status = LDNS_STATUS_MEM_ERR; goto clean; } if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) { status = LDNS_STATUS_ERR; goto clean; } status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len, key_data, key_name_rdf, fudge_rdf, algorithm_rdf, time_signed_rdf, error_rdf, other_data_rdf, query_mac, tsig_timers_only); if (!mac_rdf) { goto clean; } LDNS_FREE(pkt_wire); /* Create the TSIG RR */ tsig_rr = ldns_rr_new(); if(!tsig_rr) { status = LDNS_STATUS_MEM_ERR; goto clean; } ldns_rr_set_owner(tsig_rr, key_name_rdf); ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY); ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG); ldns_rr_set_ttl(tsig_rr, 0); ldns_rr_push_rdf(tsig_rr, algorithm_rdf); ldns_rr_push_rdf(tsig_rr, time_signed_rdf); ldns_rr_push_rdf(tsig_rr, fudge_rdf); ldns_rr_push_rdf(tsig_rr, mac_rdf); ldns_rr_push_rdf(tsig_rr, orig_id_rdf); ldns_rr_push_rdf(tsig_rr, error_rdf); ldns_rr_push_rdf(tsig_rr, other_data_rdf); ldns_pkt_set_tsig(pkt, tsig_rr); return status; clean: LDNS_FREE(pkt_wire); ldns_rdf_free(key_name_rdf); ldns_rdf_free(algorithm_rdf); ldns_rdf_free(time_signed_rdf); ldns_rdf_free(fudge_rdf); ldns_rdf_free(orig_id_rdf); ldns_rdf_free(error_rdf); ldns_rdf_free(other_data_rdf); return status; }
/** * use this function to sign with a public/private key alg * return the created signatures */ ldns_rr_list * ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) { ldns_rr_list *signatures; ldns_rr_list *rrset_clone; ldns_rr *current_sig; ldns_rdf *b64rdf; ldns_key *current_key; size_t key_count; uint16_t i; ldns_buffer *sign_buf; ldns_rdf *new_owner; if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) { return NULL; } new_owner = NULL; key_count = 0; signatures = ldns_rr_list_new(); /* prepare a signature and add all the know data * prepare the rrset. Sign this together. */ rrset_clone = ldns_rr_list_clone(rrset); if (!rrset_clone) { return NULL; } /* make it canonical */ for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); } /* sort */ ldns_rr_list_sort(rrset_clone); for (key_count = 0; key_count < ldns_key_list_key_count(keys); key_count++) { if (!ldns_key_use(ldns_key_list_key(keys, key_count))) { continue; } sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); if (!sign_buf) { ldns_rr_list_free(rrset_clone); ldns_rr_list_free(signatures); ldns_rdf_free(new_owner); return NULL; } b64rdf = NULL; current_key = ldns_key_list_key(keys, key_count); /* sign all RRs with keys that have ZSKbit, !SEPbit. sign DNSKEY RRs with keys that have ZSKbit&SEPbit */ if ( ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY && (!(ldns_key_flags(current_key) & LDNS_KEY_SEP_KEY) || ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)) == LDNS_RR_TYPE_DNSKEY) ) { current_sig = ldns_create_empty_rrsig(rrset_clone, current_key); /* right now, we have: a key, a semi-sig and an rrset. For * which we can create the sig and base64 encode that and * add that to the signature */ if (ldns_rrsig2buffer_wire(sign_buf, current_sig) != LDNS_STATUS_OK) { ldns_buffer_free(sign_buf); /* ERROR */ ldns_rr_list_deep_free(rrset_clone); return NULL; } /* add the rrset in sign_buf */ if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone) != LDNS_STATUS_OK) { ldns_buffer_free(sign_buf); ldns_rr_list_deep_free(rrset_clone); return NULL; } b64rdf = ldns_sign_public_buffer(sign_buf, current_key); if (!b64rdf) { /* signing went wrong */ ldns_rr_list_deep_free(rrset_clone); return NULL; } ldns_rr_rrsig_set_sig(current_sig, b64rdf); /* push the signature to the signatures list */ ldns_rr_list_push_rr(signatures, current_sig); } ldns_buffer_free(sign_buf); /* restart for the next key */ } ldns_rr_list_deep_free(rrset_clone); return signatures; }
/* * Parses data buffer to a query, finds the correct answer * and calls the given function for every packet to send. */ void handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count, enum transport_type transport, void (*sendfunc)(uint8_t*, size_t, void*), void* userdata, FILE* verbose_out) { ldns_status status; ldns_pkt *query_pkt = NULL; ldns_pkt *answer_pkt = NULL; struct reply_packet *p; ldns_rr *query_rr = NULL; uint8_t *outbuf = NULL; size_t answer_size = 0; struct entry* entry = NULL; ldns_rdf *stop_command = ldns_dname_new_frm_str("server.stop."); status = ldns_wire2pkt(&query_pkt, inbuf, (size_t)inlen); if (status != LDNS_STATUS_OK) { verbose(1, "Got bad packet: %s\n", ldns_get_errorstr_by_id(status)); ldns_rdf_free(stop_command); return; } query_rr = ldns_rr_list_rr(ldns_pkt_question(query_pkt), 0); verbose(1, "query %d: id %d: %s %d bytes: ", ++(*count), (int)ldns_pkt_id(query_pkt), (transport==transport_tcp)?"TCP":"UDP", (int)inlen); if(verbose_out) ldns_rr_print(verbose_out, query_rr); if(verbose_out) ldns_pkt_print(verbose_out, query_pkt); if (ldns_rr_get_type(query_rr) == LDNS_RR_TYPE_TXT && ldns_rr_get_class(query_rr) == LDNS_RR_CLASS_CH && ldns_dname_compare(ldns_rr_owner(query_rr), stop_command) == 0) { exit(0); } /* fill up answer packet */ entry = find_match(entries, query_pkt, transport); if(!entry || !entry->reply_list) { verbose(1, "no answer packet for this query, no reply.\n"); ldns_pkt_free(query_pkt); ldns_rdf_free(stop_command); return; } for(p = entry->reply_list; p; p = p->next) { verbose(3, "Answer pkt:\n"); if (p->reply_from_hex) { /* try to parse the hex packet, if it can be * parsed, we can use adjust rules. if not, * send packet literally */ status = ldns_buffer2pkt_wire(&answer_pkt, p->reply_from_hex); if (status == LDNS_STATUS_OK) { adjust_packet(entry, answer_pkt, query_pkt); if(verbose_out) ldns_pkt_print(verbose_out, answer_pkt); status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size); verbose(2, "Answer packet size: %u bytes.\n", (unsigned int)answer_size); if (status != LDNS_STATUS_OK) { verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); ldns_pkt_free(query_pkt); ldns_rdf_free(stop_command); return; } ldns_pkt_free(answer_pkt); answer_pkt = NULL; } else { verbose(3, "Could not parse hex data (%s), sending hex data directly.\n", ldns_get_errorstr_by_id(status)); /* still try to adjust ID */ answer_size = ldns_buffer_capacity(p->reply_from_hex); outbuf = LDNS_XMALLOC(uint8_t, answer_size); memcpy(outbuf, ldns_buffer_export(p->reply_from_hex), answer_size); if(entry->copy_id) { ldns_write_uint16(outbuf, ldns_pkt_id(query_pkt)); } } } else { answer_pkt = ldns_pkt_clone(p->reply); adjust_packet(entry, answer_pkt, query_pkt); if(verbose_out) ldns_pkt_print(verbose_out, answer_pkt); status = ldns_pkt2wire(&outbuf, answer_pkt, &answer_size); verbose(1, "Answer packet size: %u bytes.\n", (unsigned int)answer_size); if (status != LDNS_STATUS_OK) { verbose(1, "Error creating answer: %s\n", ldns_get_errorstr_by_id(status)); ldns_pkt_free(query_pkt); ldns_rdf_free(stop_command); return; } ldns_pkt_free(answer_pkt); answer_pkt = NULL; } if(p->packet_sleep) { verbose(3, "sleeping for next packet %d secs\n", p->packet_sleep); #ifdef HAVE_SLEEP sleep(p->packet_sleep); #else Sleep(p->packet_sleep * 1000); #endif verbose(3, "wakeup for next packet " "(slept %d secs)\n", p->packet_sleep); } sendfunc(outbuf, answer_size, userdata); LDNS_FREE(outbuf); outbuf = NULL; answer_size = 0; } ldns_pkt_free(query_pkt); ldns_rdf_free(stop_command); }