void
dump_dns(const u_char *payload, size_t paylen,
FILE *trace, const char *endline)
{
u_int opcode, rcode, id;
const char *sep;
ns_msg msg;
fprintf(trace, " %sdns ", endline);
if (ns_initparse(payload, paylen, &msg) < 0) {
fputs(strerror(errno), trace);
return;
}
opcode = ns_msg_getflag(msg, ns_f_opcode);
rcode = ns_msg_getflag(msg, ns_f_rcode);
id = ns_msg_id(msg);
fprintf(trace, "%s,%s,%u", p_opcode(opcode), p_rcode(rcode), id);
sep = ",";
#define FLAG(t,f) if (ns_msg_getflag(msg, f)) { \
fprintf(trace, "%s%s", sep, t); \
sep = "|"; \
}
FLAG("qr", ns_f_qr);
FLAG("aa", ns_f_aa);
FLAG("tc", ns_f_tc);
FLAG("rd", ns_f_rd);
FLAG("ra", ns_f_ra);
FLAG("z", ns_f_z);
FLAG("ad", ns_f_ad);
FLAG("cd", ns_f_cd);
#undef FLAG
dump_dns_sect(&msg, ns_s_qd, trace, endline);
dump_dns_sect(&msg, ns_s_an, trace, endline);
dump_dns_sect(&msg, ns_s_ns, trace, endline);
dump_dns_sect(&msg, ns_s_ar, trace, endline);
}
/* res_nsendsigned */
int
res_nsendsigned(res_state statp, const u_char *msg, int msglen,
ns_tsig_key *key, u_char *answer, int anslen)
{
res_state nstatp;
DST_KEY *dstkey;
int usingTCP = 0;
u_char *newmsg;
int newmsglen, bufsize, siglen;
u_char sig[64];
HEADER *hp;
time_t tsig_time;
int ret;
dst_init();
nstatp = (res_state) malloc(sizeof(*statp));
if (nstatp == NULL) {
errno = ENOMEM;
return (-1);
}
memcpy(nstatp, statp, sizeof(*statp));
bufsize = msglen + 1024;
newmsg = (u_char *) malloc(bufsize);
if (newmsg == NULL) {
errno = ENOMEM;
return (-1);
}
memcpy(newmsg, msg, msglen);
newmsglen = msglen;
if (ns_samename(key->alg, NS_TSIG_ALG_HMAC_MD5) != 1)
dstkey = NULL;
else
dstkey = dst_buffer_to_key(key->name, KEY_HMAC_MD5,
NS_KEY_TYPE_AUTH_ONLY,
NS_KEY_PROT_ANY,
key->data, key->len);
if (dstkey == NULL) {
errno = EINVAL;
free(nstatp);
free(newmsg);
return (-1);
}
nstatp->nscount = 1;
siglen = sizeof(sig);
ret = ns_sign(newmsg, &newmsglen, bufsize, ns_r_noerror, dstkey, NULL, 0,
sig, &siglen, 0);
if (ret < 0) {
free (nstatp);
free (newmsg);
dst_free_key(dstkey);
if (ret == NS_TSIG_ERROR_NO_SPACE)
errno = EMSGSIZE;
else if (ret == -1)
errno = EINVAL;
return (ret);
}
if (newmsglen > NS_PACKETSZ || (nstatp->options & RES_IGNTC))
usingTCP = 1;
if (usingTCP == 0)
nstatp->options |= RES_IGNTC;
else
nstatp->options |= RES_USEVC;
retry:
ret = res_nsend(nstatp, newmsg, newmsglen, answer, anslen);
if (ret < 0) {
free (nstatp);
free (newmsg);
dst_free_key(dstkey);
return (ret);
}
anslen = ret;
ret = ns_verify(answer, &anslen, dstkey, sig, siglen,
NULL, NULL, &tsig_time, nstatp->options & RES_KEEPTSIG);
if (ret != 0) {
Dprint(nstatp->pfcode & RES_PRF_REPLY,
(stdout, ";; TSIG invalid (%s)\n", p_rcode(ret)));
free (nstatp);
free (newmsg);
dst_free_key(dstkey);
if (ret == -1)
errno = EINVAL;
else
errno = ENOTTY;
return (-1);
}
Dprint(nstatp->pfcode & RES_PRF_REPLY, (stdout, ";; TSIG ok\n"));
hp = (HEADER *) answer;
if (hp->tc && usingTCP == 0) {
nstatp->options &= ~RES_IGNTC;
usingTCP = 1;
goto retry;
}
free (nstatp);
free (newmsg);
dst_free_key(dstkey);
return (anslen);
}
/*% res_nsendsigned */
int
res_nsendsigned(res_state statp, const u_char *msg, int msglen,
ns_tsig_key *key, u_char *answer, int anslen)
{
res_state nstatp;
DST_KEY *dstkey;
int usingTCP = 0;
u_char *newmsg;
int newmsglen, bufsize, siglen;
u_char sig[64];
HEADER *hp;
time_t tsig_time;
int ret;
int len;
dst_init();
nstatp = (res_state) malloc(sizeof(*statp));
if (nstatp == NULL) {
errno = ENOMEM;
return (-1);
}
memcpy(nstatp, statp, sizeof(*statp));
bufsize = msglen + 1024;
newmsg = (u_char *) malloc(bufsize);
if (newmsg == NULL) {
free(nstatp);
errno = ENOMEM;
return (-1);
}
memcpy(newmsg, msg, msglen);
newmsglen = msglen;
if (ns_samename(key->alg, NS_TSIG_ALG_HMAC_MD5) != 1)
dstkey = NULL;
else
dstkey = dst_buffer_to_key(key->name, KEY_HMAC_MD5,
NS_KEY_TYPE_AUTH_ONLY,
NS_KEY_PROT_ANY,
key->data, key->len);
if (dstkey == NULL) {
errno = EINVAL;
free(nstatp);
free(newmsg);
return (-1);
}
nstatp->nscount = 1;
siglen = sizeof(sig);
ret = ns_sign(newmsg, &newmsglen, bufsize, NOERROR, dstkey, NULL, 0,
sig, &siglen, 0);
if (ret < 0) {
free (nstatp);
free (newmsg);
dst_free_key(dstkey);
if (ret == NS_TSIG_ERROR_NO_SPACE)
errno = EMSGSIZE;
else if (ret == -1)
errno = EINVAL;
return (ret);
}
if (newmsglen > PACKETSZ || nstatp->options & RES_USEVC)
usingTCP = 1;
if (usingTCP == 0)
nstatp->options |= RES_IGNTC;
else
nstatp->options |= RES_USEVC;
/*
* Stop res_send printing the answer.
*/
nstatp->options &= ~RES_DEBUG;
nstatp->pfcode &= ~RES_PRF_REPLY;
retry:
len = res_nsend(nstatp, newmsg, newmsglen, answer, anslen);
if (len < 0) {
free (nstatp);
free (newmsg);
dst_free_key(dstkey);
return (len);
}
ret = ns_verify(answer, &len, dstkey, sig, siglen,
NULL, NULL, &tsig_time, nstatp->options & RES_KEEPTSIG);
if (ret != 0) {
Dprint((statp->options & RES_DEBUG) ||
((statp->pfcode & RES_PRF_REPLY) &&
(statp->pfcode & RES_PRF_HEAD1)),
(stdout, ";; got answer:\n"));
DprintQ((statp->options & RES_DEBUG) ||
(statp->pfcode & RES_PRF_REPLY),
(stdout, "%s", ""),
answer, (anslen > len) ? len : anslen);
if (ret > 0) {
Dprint(statp->pfcode & RES_PRF_REPLY,
(stdout, ";; server rejected TSIG (%s)\n",
p_rcode(ret)));
} else {
Dprint(statp->pfcode & RES_PRF_REPLY,
(stdout, ";; TSIG invalid (%s)\n",
p_rcode(-ret)));
}
free (nstatp);
free (newmsg);
dst_free_key(dstkey);
if (ret == -1)
errno = EINVAL;
else
errno = ENOTTY;
return (-1);
}
hp = (HEADER *) answer;
if (hp->tc && !usingTCP && (statp->options & RES_IGNTC) == 0U) {
nstatp->options &= ~RES_IGNTC;
usingTCP = 1;
goto retry;
}
Dprint((statp->options & RES_DEBUG) ||
((statp->pfcode & RES_PRF_REPLY) &&
(statp->pfcode & RES_PRF_HEAD1)),
(stdout, ";; got answer:\n"));
DprintQ((statp->options & RES_DEBUG) ||
(statp->pfcode & RES_PRF_REPLY),
(stdout, "%s", ""),
answer, (anslen > len) ? len : anslen);
Dprint(statp->pfcode & RES_PRF_REPLY, (stdout, ";; TSIG ok\n"));
free (nstatp);
free (newmsg);
dst_free_key(dstkey);
return (len);
}
/*
* Print the contents of a query.
* This is intended to be primarily a debugging routine.
*/
void
fp_nquery (const unsigned char *msg, int len, FILE *file)
{
ns_msg handle;
int qdcount, ancount, nscount, arcount;
u_int opcode, rcode, id;
/* There is no need to initialize _res: If _res is not yet
initialized, _res.pfcode is zero. But initialization will
leave it at zero, too. _res.pfcode is an unsigned long,
but the code here assumes that the flags fit into an int,
so use that. */
int pfcode = _res.pfcode;
if (ns_initparse(msg, len, &handle) < 0) {
fprintf(file, ";; ns_initparse: %s\n", strerror(errno));
return;
}
opcode = ns_msg_getflag(handle, ns_f_opcode);
rcode = ns_msg_getflag(handle, ns_f_rcode);
id = ns_msg_id(handle);
qdcount = ns_msg_count(handle, ns_s_qd);
ancount = ns_msg_count(handle, ns_s_an);
nscount = ns_msg_count(handle, ns_s_ns);
arcount = ns_msg_count(handle, ns_s_ar);
/*
* Print header fields.
*/
if ((!pfcode) || (pfcode & RES_PRF_HEADX) || rcode)
fprintf(file,
";; ->>HEADER<<- opcode: %s, status: %s, id: %d\n",
res_opcodes[opcode], p_rcode(rcode), id);
if ((!pfcode) || (pfcode & RES_PRF_HEADX))
putc(';', file);
if ((!pfcode) || (pfcode & RES_PRF_HEAD2)) {
fprintf(file, "; flags:");
if (ns_msg_getflag(handle, ns_f_qr))
fprintf(file, " qr");
if (ns_msg_getflag(handle, ns_f_aa))
fprintf(file, " aa");
if (ns_msg_getflag(handle, ns_f_tc))
fprintf(file, " tc");
if (ns_msg_getflag(handle, ns_f_rd))
fprintf(file, " rd");
if (ns_msg_getflag(handle, ns_f_ra))
fprintf(file, " ra");
if (ns_msg_getflag(handle, ns_f_z))
fprintf(file, " ??");
if (ns_msg_getflag(handle, ns_f_ad))
fprintf(file, " ad");
if (ns_msg_getflag(handle, ns_f_cd))
fprintf(file, " cd");
}
if ((!pfcode) || (pfcode & RES_PRF_HEAD1)) {
fprintf(file, "; %s: %d",
p_section(ns_s_qd, opcode), qdcount);
fprintf(file, ", %s: %d",
p_section(ns_s_an, opcode), ancount);
fprintf(file, ", %s: %d",
p_section(ns_s_ns, opcode), nscount);
fprintf(file, ", %s: %d",
p_section(ns_s_ar, opcode), arcount);
}
if ((!pfcode) || (pfcode &
(RES_PRF_HEADX | RES_PRF_HEAD2 | RES_PRF_HEAD1))) {
putc('\n',file);
}
/*
* Print the various sections.
*/
do_section (pfcode, &handle, ns_s_qd, RES_PRF_QUES, file);
do_section (pfcode, &handle, ns_s_an, RES_PRF_ANS, file);
do_section (pfcode, &handle, ns_s_ns, RES_PRF_AUTH, file);
do_section (pfcode, &handle, ns_s_ar, RES_PRF_ADD, file);
if (qdcount == 0 && ancount == 0 &&
nscount == 0 && arcount == 0)
putc('\n', file);
}
/*
* Print the contents of a query.
* This is intended to be primarily a debugging routine.
*/
void
res_pquery(const res_state statp, const u_char *msg, int len, FILE *file) {
ns_msg handle;
int qdcount, ancount, nscount, arcount;
u_int opcode, rcode, id;
if (ns_initparse(msg, len, &handle) < 0) {
fprintf(file, ";; ns_initparse: %s\n", strerror(errno));
return;
}
opcode = ns_msg_getflag(handle, ns_f_opcode);
rcode = ns_msg_getflag(handle, ns_f_rcode);
id = ns_msg_id(handle);
qdcount = ns_msg_count(handle, ns_s_qd);
ancount = ns_msg_count(handle, ns_s_an);
nscount = ns_msg_count(handle, ns_s_ns);
arcount = ns_msg_count(handle, ns_s_ar);
/*
* Print header fields.
*/
if ((!statp->pfcode) || (statp->pfcode & RES_PRF_HEADX) || rcode)
fprintf(file,
";; ->>HEADER<<- opcode: %s, status: %s, id: %d\n",
_res_opcodes[opcode], p_rcode(rcode), id);
if ((!statp->pfcode) || (statp->pfcode & RES_PRF_HEADX))
putc(';', file);
if ((!statp->pfcode) || (statp->pfcode & RES_PRF_HEAD2)) {
fprintf(file, "; flags:");
if (ns_msg_getflag(handle, ns_f_qr))
fprintf(file, " qr");
if (ns_msg_getflag(handle, ns_f_aa))
fprintf(file, " aa");
if (ns_msg_getflag(handle, ns_f_tc))
fprintf(file, " tc");
if (ns_msg_getflag(handle, ns_f_rd))
fprintf(file, " rd");
if (ns_msg_getflag(handle, ns_f_ra))
fprintf(file, " ra");
if (ns_msg_getflag(handle, ns_f_z))
fprintf(file, " ??");
if (ns_msg_getflag(handle, ns_f_ad))
fprintf(file, " ad");
if (ns_msg_getflag(handle, ns_f_cd))
fprintf(file, " cd");
}
if ((!statp->pfcode) || (statp->pfcode & RES_PRF_HEAD1)) {
fprintf(file, "; %s: %d",
p_section(ns_s_qd, opcode), qdcount);
fprintf(file, ", %s: %d",
p_section(ns_s_an, opcode), ancount);
fprintf(file, ", %s: %d",
p_section(ns_s_ns, opcode), nscount);
fprintf(file, ", %s: %d",
p_section(ns_s_ar, opcode), arcount);
}
if ((!statp->pfcode) || (statp->pfcode &
(RES_PRF_HEADX | RES_PRF_HEAD2 | RES_PRF_HEAD1))) {
putc('\n',file);
}
/*
* Print the various sections.
*/
do_section(statp, &handle, ns_s_qd, RES_PRF_QUES, file);
do_section(statp, &handle, ns_s_an, RES_PRF_ANS, file);
do_section(statp, &handle, ns_s_ns, RES_PRF_AUTH, file);
do_section(statp, &handle, ns_s_ar, RES_PRF_ADD, file);
if (qdcount == 0 && ancount == 0 &&
nscount == 0 && arcount == 0)
putc('\n', file);
}