From b9b3af22f35a954f7bca60c8a153c52d359595c2 Mon Sep 17 00:00:00 2001 From: Jan Lentfer Date: Tue, 9 Mar 2010 21:42:10 +0100 Subject: [PATCH] Initial vendor import of ldns-1.6.4 into contrib. --- contrib/ldns/Changelog | 467 +++++ contrib/ldns/LICENSE | 26 + contrib/ldns/README | 103 + contrib/ldns/README.DELETED | 24 + contrib/ldns/README.DRAGONFLY | 9 + contrib/ldns/README.snapshots | 8 + contrib/ldns/README.svn | 26 + contrib/ldns/buffer.c | 172 ++ contrib/ldns/compat/b32_ntop.c | 320 +++ contrib/ldns/compat/b32_pton.c | 389 ++++ contrib/ldns/compat/b64_ntop.c | 204 ++ contrib/ldns/compat/b64_pton.c | 262 +++ contrib/ldns/compat/ctime_r.c | 16 + contrib/ldns/compat/fake-rfc2553.c | 229 +++ contrib/ldns/compat/fake-rfc2553.h | 175 ++ contrib/ldns/compat/gmtime_r.c | 14 + contrib/ldns/compat/inet_aton.c | 182 ++ contrib/ldns/compat/inet_ntop.c | 216 ++ contrib/ldns/compat/inet_pton.c | 230 +++ contrib/ldns/compat/isblank.c | 15 + contrib/ldns/compat/malloc.c | 22 + contrib/ldns/compat/memmove.c | 43 + contrib/ldns/compat/realloc.c | 30 + contrib/ldns/compat/snprintf.c | 770 ++++++++ contrib/ldns/compat/strlcpy.c | 57 + contrib/ldns/compat/timegm.c | 31 + contrib/ldns/dname.c | 528 +++++ contrib/ldns/dnssec.c | 1578 +++++++++++++++ contrib/ldns/dnssec_sign.c | 1170 +++++++++++ contrib/ldns/dnssec_verify.c | 2228 +++++++++++++++++++++ contrib/ldns/dnssec_zone.c | 833 ++++++++ contrib/ldns/drill/ChangeLog.22-nov-2005 | 105 + contrib/ldns/drill/README | 12 + contrib/ldns/drill/REGRESSIONS | 25 + contrib/ldns/drill/chasetrace.c | 401 ++++ contrib/ldns/drill/dnssec.c | 494 +++++ contrib/ldns/drill/drill.1 | 230 +++ contrib/ldns/drill/drill.c | 932 +++++++++ contrib/ldns/drill/drill_util.c | 294 +++ contrib/ldns/drill/drill_util.h | 58 + contrib/ldns/drill/error.c | 115 ++ contrib/ldns/drill/root.c | 122 ++ contrib/ldns/drill/securetrace.c | 754 +++++++ contrib/ldns/drill/work.c | 276 +++ contrib/ldns/error.c | 103 + contrib/ldns/higher.c | 340 ++++ contrib/ldns/host2str.c | 1949 ++++++++++++++++++ contrib/ldns/host2wire.c | 414 ++++ contrib/ldns/keys.c | 1373 +++++++++++++ contrib/ldns/ldns/buffer.h | 636 ++++++ contrib/ldns/ldns/common.h | 52 + contrib/ldns/ldns/config.h.in | 443 +++++ contrib/ldns/ldns/dname.h | 186 ++ contrib/ldns/ldns/dnssec.h | 454 +++++ contrib/ldns/ldns/dnssec_sign.h | 312 +++ contrib/ldns/ldns/dnssec_verify.h | 604 ++++++ contrib/ldns/ldns/dnssec_zone.h | 358 ++++ contrib/ldns/ldns/error.h | 109 + contrib/ldns/ldns/higher.h | 105 + contrib/ldns/ldns/host2str.h | 512 +++++ contrib/ldns/ldns/host2wire.h | 156 ++ contrib/ldns/ldns/keys.h | 579 ++++++ contrib/ldns/ldns/ldns.h | 147 ++ contrib/ldns/ldns/net.h.in | 200 ++ contrib/ldns/ldns/packet.h | 847 ++++++++ contrib/ldns/ldns/parse.h | 159 ++ contrib/ldns/ldns/rbtree.h | 221 +++ contrib/ldns/ldns/rdata.h | 372 ++++ contrib/ldns/ldns/resolver.h | 699 +++++++ contrib/ldns/ldns/rr.h | 874 ++++++++ contrib/ldns/ldns/rr_functions.h | 251 +++ contrib/ldns/ldns/sha1.h | 29 + contrib/ldns/ldns/sha2.h | 152 ++ contrib/ldns/ldns/str2host.h | 243 +++ contrib/ldns/ldns/tsig.h | 56 + contrib/ldns/ldns/update.h | 107 + contrib/ldns/ldns/util.h.in | 331 ++++ contrib/ldns/ldns/wire2host.h | 189 ++ contrib/ldns/ldns/zone.h | 167 ++ contrib/ldns/linktest.c | 13 + contrib/ldns/net.c | 796 ++++++++ contrib/ldns/packet.c | 1013 ++++++++++ contrib/ldns/parse.c | 428 ++++ contrib/ldns/rbtree.c | 665 +++++++ contrib/ldns/rdata.c | 663 +++++++ contrib/ldns/resolver.c | 1193 +++++++++++ contrib/ldns/rr.c | 2310 ++++++++++++++++++++++ contrib/ldns/rr_functions.c | 337 ++++ contrib/ldns/sha1.c | 177 ++ contrib/ldns/sha2.c | 970 +++++++++ contrib/ldns/str2host.c | 1182 +++++++++++ contrib/ldns/tsig.c | 386 ++++ contrib/ldns/update.c | 315 +++ contrib/ldns/util.c | 370 ++++ contrib/ldns/wire2host.c | 455 +++++ contrib/ldns/zone.c | 434 ++++ 96 files changed, 39631 insertions(+) create mode 100644 contrib/ldns/Changelog create mode 100644 contrib/ldns/LICENSE create mode 100644 contrib/ldns/README create mode 100644 contrib/ldns/README.DELETED create mode 100644 contrib/ldns/README.DRAGONFLY create mode 100644 contrib/ldns/README.snapshots create mode 100644 contrib/ldns/README.svn create mode 100644 contrib/ldns/buffer.c create mode 100644 contrib/ldns/compat/b32_ntop.c create mode 100644 contrib/ldns/compat/b32_pton.c create mode 100644 contrib/ldns/compat/b64_ntop.c create mode 100644 contrib/ldns/compat/b64_pton.c create mode 100644 contrib/ldns/compat/ctime_r.c create mode 100644 contrib/ldns/compat/fake-rfc2553.c create mode 100644 contrib/ldns/compat/fake-rfc2553.h create mode 100644 contrib/ldns/compat/gmtime_r.c create mode 100644 contrib/ldns/compat/inet_aton.c create mode 100644 contrib/ldns/compat/inet_ntop.c create mode 100644 contrib/ldns/compat/inet_pton.c create mode 100644 contrib/ldns/compat/isblank.c create mode 100644 contrib/ldns/compat/malloc.c create mode 100644 contrib/ldns/compat/memmove.c create mode 100644 contrib/ldns/compat/realloc.c create mode 100644 contrib/ldns/compat/snprintf.c create mode 100644 contrib/ldns/compat/strlcpy.c create mode 100644 contrib/ldns/compat/timegm.c create mode 100644 contrib/ldns/dname.c create mode 100644 contrib/ldns/dnssec.c create mode 100644 contrib/ldns/dnssec_sign.c create mode 100644 contrib/ldns/dnssec_verify.c create mode 100644 contrib/ldns/dnssec_zone.c create mode 100644 contrib/ldns/drill/ChangeLog.22-nov-2005 create mode 100644 contrib/ldns/drill/README create mode 100644 contrib/ldns/drill/REGRESSIONS create mode 100644 contrib/ldns/drill/chasetrace.c create mode 100644 contrib/ldns/drill/dnssec.c create mode 100644 contrib/ldns/drill/drill.1 create mode 100644 contrib/ldns/drill/drill.c create mode 100644 contrib/ldns/drill/drill_util.c create mode 100644 contrib/ldns/drill/drill_util.h create mode 100644 contrib/ldns/drill/error.c create mode 100644 contrib/ldns/drill/root.c create mode 100644 contrib/ldns/drill/securetrace.c create mode 100644 contrib/ldns/drill/work.c create mode 100644 contrib/ldns/error.c create mode 100644 contrib/ldns/higher.c create mode 100644 contrib/ldns/host2str.c create mode 100644 contrib/ldns/host2wire.c create mode 100644 contrib/ldns/keys.c create mode 100644 contrib/ldns/ldns/buffer.h create mode 100644 contrib/ldns/ldns/common.h create mode 100644 contrib/ldns/ldns/config.h.in create mode 100644 contrib/ldns/ldns/dname.h create mode 100644 contrib/ldns/ldns/dnssec.h create mode 100644 contrib/ldns/ldns/dnssec_sign.h create mode 100644 contrib/ldns/ldns/dnssec_verify.h create mode 100644 contrib/ldns/ldns/dnssec_zone.h create mode 100644 contrib/ldns/ldns/error.h create mode 100644 contrib/ldns/ldns/higher.h create mode 100644 contrib/ldns/ldns/host2str.h create mode 100644 contrib/ldns/ldns/host2wire.h create mode 100644 contrib/ldns/ldns/keys.h create mode 100644 contrib/ldns/ldns/ldns.h create mode 100644 contrib/ldns/ldns/net.h.in create mode 100644 contrib/ldns/ldns/packet.h create mode 100644 contrib/ldns/ldns/parse.h create mode 100644 contrib/ldns/ldns/rbtree.h create mode 100644 contrib/ldns/ldns/rdata.h create mode 100644 contrib/ldns/ldns/resolver.h create mode 100644 contrib/ldns/ldns/rr.h create mode 100644 contrib/ldns/ldns/rr_functions.h create mode 100644 contrib/ldns/ldns/sha1.h create mode 100644 contrib/ldns/ldns/sha2.h create mode 100644 contrib/ldns/ldns/str2host.h create mode 100644 contrib/ldns/ldns/tsig.h create mode 100644 contrib/ldns/ldns/update.h create mode 100644 contrib/ldns/ldns/util.h.in create mode 100644 contrib/ldns/ldns/wire2host.h create mode 100644 contrib/ldns/ldns/zone.h create mode 100644 contrib/ldns/linktest.c create mode 100644 contrib/ldns/net.c create mode 100644 contrib/ldns/packet.c create mode 100644 contrib/ldns/parse.c create mode 100644 contrib/ldns/rbtree.c create mode 100644 contrib/ldns/rdata.c create mode 100644 contrib/ldns/resolver.c create mode 100644 contrib/ldns/rr.c create mode 100644 contrib/ldns/rr_functions.c create mode 100644 contrib/ldns/sha1.c create mode 100644 contrib/ldns/sha2.c create mode 100644 contrib/ldns/str2host.c create mode 100644 contrib/ldns/tsig.c create mode 100644 contrib/ldns/update.c create mode 100644 contrib/ldns/util.c create mode 100644 contrib/ldns/wire2host.c create mode 100644 contrib/ldns/zone.c diff --git a/contrib/ldns/Changelog b/contrib/ldns/Changelog new file mode 100644 index 0000000000..5ad466ab8e --- /dev/null +++ b/contrib/ldns/Changelog @@ -0,0 +1,467 @@ +1.6.4 2010-01-20 + * Imported pyldns contribution by Zdenek Vasicek and Karel Slany. + Changed its configure and Makefile to fit into ldns. + Added its dname_* methods to the rdf_* class (as is the ldns API). + Changed swig destroy of ldns_buffer class to ldns_buffer_free. + Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them. + * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash. + * Bugfix: handle escaped characters in TXT rdata. + * bug292: no longer crash on malformed domain names where a label is + on position 255, which was a buffer overflow by one. + * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change), + which fixes resolv.conf reading badly terminated string buffers. + * Fix ldns_pkt_set_random_id to be more random, and a little faster, + it did not do value 0 statistically correctly. + * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes, + for portability. + * bug295: nsec3-hash routine no longer case sensitive. + * bug298: drill failed nsec3 denial of existence proof. + +1.6.3 2009-12-04 + * Bugfix: allow for unknown resource records in zonefile with rdlen=0. + * Bugfix: also mark an RR as question if it comes from the wire + * Bugfix: NSEC3 bitmap contained NSEC + * Bugfix: Inherit class when creating signatures + +1.6.2 2009-11-12 + * Fix Makefile patch from Havard Eidnes, better install.sh usage. + * Fix parse error on SOA serial of 2910532839. + Fix print of ';' and readback of '\;' in names, also for '\\'. + Fix parse of '\(' and '\)' in names. Also for file read. Also '\.' + * Fix signature creation when TTLs are different for RRs in RRset. + * bug273: fix so EDNS rdata is included in pkt to wire conversion. + * bug274: fix use of c++ keyword 'class' for RR class in the code. + * bug275: fix memory leak of packet edns rdata. + * Fix timeout procedure for TCP and AXFR on Solaris. + * Fix occasional NSEC bitmap bogus + * Fix rr comparing (was in reversed order since 1.6.0) + * bug278: fix parsing HINFO rdata (and other cases). + * Fix previous owner name: also pick up if owner name is @. + * RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher. + Reason for this default is the root to be signed with RSASHA256. + * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines + * Fix: Make ldns_dname_is_subdomain case insensitive. + * Fix ldns-verify-zone so that address records at zone NS set are not considered glue + (Or glue records fall below delegation) + * Fix LOC RR altitude printing. + * Feature: Added period (e.g. '3m6d') support at explicit TTLs. + * Feature: DNSKEY rrset by default signed with minimal signatures + but -A option for ldns-signzone to sign it with all keys. + This makes the DNSKEY responses smaller for signed domains. + +1.6.1 2009-09-14 + * --enable-gost : use the GOST algorithm (experimental). + * Added some missing options to drill manpage + * Some fixes to --without-ssl option + * Fixed quote parsing withing strings + * Bitmask fix in EDNS handling + * Fixed non-fqdn domain name completion for rdata field domain + names of length 1 + * Fixed chain validation with SHA256 DS records + +1.6.0 + Additions: + * Addition of an ldns-config script which gives cflags and libs + values, for use in configure scripts for applications that use + use ldns. Can be disabled with ./configure --disable-ldns-config + * Added direct sha1, sha256, and sha512 support in ldns. + With these functions, all NSEC3 functionality can still be + used, even if ldns is built without OpenSSL. Thanks to OpenBSD, + Steve Reid, and Aaron D. Gifford for the code. + * Added reading/writing support for the SPF Resource Record + * Base32 functions are now exported + Bugfixes: + * ldns_is_rrset did not go through the complete rrset, but + only compared the first two records. Thanks to Olafur + Gudmundsson for report and patch + * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(), + thanks to Marius Rieder for finding an patching this. + * --without-ssl should now work. Make sure that examples/ and + drill also get the --without-ssl flag on their configure, if + this is used. + * Some malloc() return value checks have been added + * NSEC3 creation has been improved wrt to empty nonterminals, + and opt-out. + * Fixed a bug in the parser when reading large NSEC3 salt + values. + * Made the allowed length for domain names on wire + and presentation format the same. + Example tools: + * ldns-key2ds can now also generate DS records for keys without + the SEP flag + * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to + the first non-default DNSKEY TTL value it sees) + +1.5.1 + Example tools: + * ldns-signzone was broken in 1.5.0 for multiple keys, this + has been repaired + + Build system: + * Removed a small erroneous output warning in + examples/configure and drill/configure + +1.5.0 + Bug fixes: + * fixed a possible memory overflow in the RR parser + * build flag fix for Sun Studio + * fixed a building race condition in the copying of header + files + * EDNS0 extended rcode; the correct assembled code number + is now printed (still in the EDNS0 field, though) + * ldns_pkt_rr no longer leaks memory (in fact, it no longer + copies anything all) + + API addition: + * ldns_key now has support for 'external' data, in which + case the OpenSSL EVP structures are not used; + ldns_key_set_external_key() and ldns_key_external_key() + * added ldns_key_get_file_base_name() which creates a + 'default' filename base string for key storage, of the + form "K++" + * the ldns_dnssec_* family of structures now have deep_free() + functions, which also free the ldns_rr's contained in them + * there is now an ldns_match_wildcard() function, which checks + whether a domain name matches a wildcard name + * ldns_sign_public has been split up; this resulted in the + addition of ldns_create_empty_rrsig() and + ldns_sign_public_buffer() + + Examples: + * ldns-signzone can now automatically add DNSKEY records when + using an OpenSSL engine, as it already did when using key + files + * added new example tool: ldns-nsec3-hash + * ldns-dpa can now filter on specific query name and types + * ldnsd has fixes for the zone name, a fix for the return + value of recvfrom(), and an memory initialization fix + (Thanks to Colm MacCárthaigh for the patch) + * Fixed memory leaks in ldnsd + + + +1.4.1 + Bug fixes: + * fixed a build issue where ldns lib existence was done too early + * removed unnecessary check for pcap.h + * NSEC3 optout flag now correctly printed in string output + * inttypes.h moved to configured inclusion + * fixed NSEC3 type bitmaps for empty nonterminals and unsigned + delegations + + API addition: + * for that last fix, we added a new function + ldns_dname_add_from() that can clone parts of a dname + +1.4.0 + Bug fixes: + * sig chase return code fix (patch from Rafael Justo, bug id 189) + * rdata.c memory leaks on error and allocation checks fixed (patch + from Shane Kerr, bug id 188) + * zone.c memory leaks on error and allocation checks fixed (patch + from Shane Kerr, bug id 189) + * ldns-zplit output and error messages fixed (patch from Shane Kerr, + bug id 190) + * Fixed potential buffer overflow in ldns_str2rdf_dname + * Signing code no longer signs delegation NS rrsets + * Some minor configure/makefile updates + * Fixed a bug in the randomness initialization + * Fixed a bug in the reading of resolv.conf + * Fixed a bug concerning whitespace in zone data (with patch from Ondrej + Sury, bug 213) + * Fixed a small fallback problem in axfr client code + + API CHANGES: + * added 2str convenience functions: + - ldns_rr_type2str + - ldns_rr_class2str + - ldns_rr_type2buffer_str + - ldns_rr_class2buffer_str + * buffer2str() is now called ldns_buffer2str + * base32 and base64 function names are now also prepended with ldns_ + * ldns_rr_new_frm_str() now returns an error on missing RDATA fields. + Since you cannot read QUESTION section RRs with this anymore, + there is now a function called ldns_rr_new_question_frm_str() + + LIBRARY FEATURES: + * DS RRs string representation now add bubblebabble in a comment + (patch from Jakob Schlyter) + * DLV RR type added + * TCP fallback system has been improved + * HMAC-SHA256 TSIG support has been added. + * TTLS are now correcly set in NSEC(3) records when signing zones + + EXAMPLE TOOLS: + * New example: ldns-revoke to revoke DNSKEYs according to RFC5011 + * ldns-testpkts has been fixed and updated + * ldns-signzone now has the option to not add the DNSKEY + * ldns-signzone now has an (full zone only) opt-out option for + NSEC3 + * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys + * ldns-walk output has been fixed + * ldns-compare-zones has been fixed, and now has an option + to show all differences (-a) + * ldns-read-zone now has an option to print DNSSEC records only + +1.3 + Base library: + + * Added a new family of functions based around ldns_dnssec_zone, + which is a new structure that keeps a zone sorted through an + rbtree and links signatures and NSEC(3) records directly to their + RRset. These functions all start with ldns_dnssec_ + + * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but + have been changed to internally use the new + ldns_dnssec_zone_sign(_nsec3) + + * Moved some ldns_buffer functions inline, so a clean rebuild of + applications relying on those is needed (otherwise you'll get + linker errors) + * ldns_dname_label now returns one extra (zero) + byte, so it can be seen as an fqdn. + * NSEC3 type code update for signing algorithms. + * DSA key generation of DNSKEY RRs fixed (one byte too small). + + * Added support for RSA/SHA256 and RSA/SHA512, as specified in + draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not + final, and this feature is not enabled by default. It can be + enabled at compilation time with the flag --with-sha2 + + * Added 2wire_canonical family of functions that lowercase dnames + in rdata fields in resource records of the types in the list in + rfc3597 + + * Added base32 conversion functions. + + * Fixed DSA RRSIG conversion when calling OpenSSL + + Drill: + + * Chase output is completely different, it shows, in ascii, the + relations in the trust hierarchy. + + Examples: + * Added ldns-verify-zone, that can verify the internal DNSSEC records + of a signed BIND-style zone file + + * ldns-keygen now takes an -a argument specifying the algorithm, + instead of -R or -D. -a list show a list of supported algorithms + + * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3 + for RSA key generation + + * ldns-signzone now has support for HSMs + * ldns-signzone uses the new ldns_dnssec_ structures and functions + which improves its speed, and output; RRSIGS are now placed + directly after their RRset, NSEC(3) records directly after the + name they handle + + Contrib: + * new contrib/ dir with user contributions + * added compilation script for solaris (thanks to Jakob Schlyter) + +28 Nov 2007 1.2.2: + * Added support for HMAC-MD5 keys in generator + * Added a new example tool (written by Ondrej Sury): ldns-compare-zones + * ldns-keygen now checks key sizes for rfc conformancy + * ldns-signzone outputs SSL error if present + * Fixed manpages (thanks to Ondrej Sury) + * Fixed Makefile for -j + * Fixed a $ORIGIN error when reading zones + * Fixed another off-by-one error + +03 Oct 2007 1.2.1: + * Fixed an offset error in rr comparison + * Fixed ldns-read-zone exit code + * Added check for availability of SHA256 hashing algorithm + * Fixed ldns-key2ds -2 argument + * Fixed $ORIGIN bug in .key files + * Output algorithms as an integer instead of their mnemonic + * Fixed a memory leak in dnssec code when SHA256 is not available + * Updated fedora .spec file + +11 Apr 2007 1.2.0: + * canonicalization of rdata in DNSSEC functions now adheres to the + rr type list in rfc3597, not rfc4035, which will be updated + (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html) + * ldns-walk now support dnames with maximum label length + * ldnsd now takes an extra argument containing the address to listen on + * signing no longer signs every rrset with KSK's, but only the DNSKEY rrset + * ported to Solaris 10 + * added ldns_send_buffer() function + * added ldns-testpkts fake packet server + * added ldns-notify to send NOTIFY packets + * ldns-dpa can now accurately calculate the number of matches per + second + * libtool is now used for compilation too (still gcc, but not directly) + * Bugfixes: + - TSIG signing buffer size + - resolv.conf reading (comments) + - dname comparison off by one error + - typo in keyfetchers output file name fixed (a . too much) + - fixed zone file parser when comments contain ( or ) + - fixed LOC RR type + - fixed CERT RR type + + Drill: + * drill prints error on failed axfr. + * drill now accepts mangled packets with -f + * old -c option (use tcp) changed to -t + * -c option to specify alternative resolv.conf file added + * feedback of signature chase improved + * chaser now stops at root when no trusted keys are found + instead of looping forever trying to find the DS for . + * Fixed bugs: + - wildcard on multiple labels signature verification + - error in -f packet writing for malformed packets + - made KSK check more resilient + +7 Jul 2006: 1.1.0: ldns-team + * Added tutorials and an introduction to the documentation + * Added include/ and lib/ dirs so that you can compile against ldns + without installing ldns on your system + * Makefile updates + * Starting usage of assert throughout the library to catch illegal calls + * Solaris 9 testing was carried out. Ldns now compiles on that + platform; some gnuism were identified and fixed. + * The ldns_zone structure was stress tested. The current setup + (ie. just a list of rrs) can scale to zone file in order of + megabytes. Sorting such zone is still difficult. + * Reading multiline b64 encoded rdata works. + * OpenSSL was made optional, configure --without-ssl. + Ofcourse all dnssec/tsig related functions are disabled + * Building of examples and drill now happens with the same + defines as the building of ldns itself. + * Preliminary sha-256 support was added. Currently is your + OpenSSL supports it, it is supported in the DS creation. + * ldns_resolver_search was implemented + * Fixed a lot of bugs + + Drill: + * -r was killed in favor of -o
which + allows for a header bits setting (and maybe more in the + future) + * DNSSEC is never automaticaly set, even when you query + for DNSKEY/RRSIG or DS. + * Implement a crude RTT check, it now distinguishes between + reachable and unreachable. + * A form of secure tracing was added + * Secure Chasing has been improved + * -x does a reverse lookup for the given IP address + + Examples: + * ldns-dpa was added to the examples - this is the Dns Packet + Analyzer tool. + * ldnsd - as very, very simple nameserver impl. + * ldns-zsplit - split zones for parrallel signing + * ldns-zcat - cat split zones back together + * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, + non-DNSSEC) anti-spoofing techniques. + * ldns-walk - 'Walks' a DNSSEC signed zone + * Added an all-static target to the makefile so you can use examples + without installing the library + * When building in the source tree or in a direct subdirectory of + the build dir, configure does not need --with-ldns=../ anymore + + Code: + * All networking code was moved to net.c + * rdata.c: added asserts to the rdf set/get functions + * const keyword was added to pointer arguments that + aren't changed + + API: + Changed: + * renamed ldns/dns.h to ldns/ldns.h + * ldns_rr_new_frm_str() is extented with an extra variable which + in common use may be NULL. This trickles through to: + o ldns_rr_new_frm_fp + o ldns_rr_new_frm_fp_l + Which also get an extra variable + Also the function has been changed to return a status message. + The compiled RR is returned in the first argument. + * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are + changed to return a status msg. + * ldns_key_new_frm_fp is changed to return ldns_status and + the actual key list in the first argument + * ldns_rdata_new_frm_fp[_l]() are changed to return a status. + the rdf is return in the first argument + * ldns_resolver_new_frm_fp: same treatment: return status and + the new resolver in the first argument + * ldns_pkt_query_new_frm_str(): same: return status and the + packet in the first arg + * tsig.h: internal used functions are now static: + ldns_digest_name and ldns_tsig_mac_new + * ldns_key_rr2ds has an extra argument to specify the hash to + use. + * ldns_pkt_rcode() is renamed to ldns_pkt_get_rcode, ldns_pkt_rcode + is now the rcode type, like ldns_pkt_opcode + New: + * ldns_resolver_searchlist_count: return the searchlist counter + * ldns_zone_sort: Sort a zone + * ldns_bgsend(): background send, returns a socket. + * ldns_pkt_empty(): check is a packet is empty + * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list + * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list + * ldns_rr_list_compare(): compare 2 ldns_rr_lists + * ldns_pkt_push_rr_list: rr_list equiv for rr + * ldns_pkt_safe_push_rr_list: rr_list equiv for rr + Removed: + * ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now + * ldns_udp_server_connect(): was faulty and isn't really part of + the core ldns idea any how. + * ldns_rr_list_insert_rr(): obsoleted, because not used. + * char *_when was removed from the ldns_pkt structure + +18 Oct 2005: 1.0.0: ldns-team + * Commited a patch from Håkan Olsson + * Added UPDATE support (Jakob Schlyter and Håkan Olsson) + * License change: ldns is now BSD licensed + * ldns now depends on SSL + * Networking code cleanup, added (some) server udp/tcp support + * A zone type is introduced. Currently this is a list + of RRs, so it will not scale well. + * [beta] Zonefile parsing was added + * [tools] Drill was added to ldns - see drill/ + * [tools] experimental signer was added + * [building] better check for ssl + * [building] major revision of build system + * [building] added rpm .spec in packaging/ (thanks to Paul Wouters) + * [building] A lot of cleanup in the build scripts (thanks to Jakob Schlyter + and Paul Wouters) + +28 Jul 2005: 0.70: ldns-team + * [func] ldns_pkt_get_section now returns copies from the rrlists + in the packet. This can be freed by the user program + * [code] added ldns_ prefixes to function from util.h + * [inst] removed documentation from default make install + * Usual fixes in documentation and code + +20 Jun 2005: 0.66: ldns-team + Rel. Focus: drill-pre2 uses some functions which are + not in 0.65 + * dnssec_cd bit function was added + * Zone infrastructure was added + * Usual fixes in documentation and code + +13 Jun 2005: 0.65: ldns-team + * Repository is online at: + http://www.nlnetlabs.nl/ldns/svn/ + * Apply reference copying throuhgout ldns, except in 2 + places in the ldns_resolver structure (._domain and + ._nameservers) + * Usual array of bugfixes + * Documentation added + * keygen.c added as an example for DNSSEC programming + +23 May 2005: 0.60: ldns-team + * Removed config.h from the header installed files + (you're not supposed to include that in a libary) + * Further tweaking + - DNSSEC signing/verification works + - Assorted bug fixes and tweaks (memory management) + +May 2005: 0.50: ldns-team + * First usable release + * Basic DNS functionality works + * DNSSEC validation works diff --git a/contrib/ldns/LICENSE b/contrib/ldns/LICENSE new file mode 100644 index 0000000000..6d4c6be096 --- /dev/null +++ b/contrib/ldns/LICENSE @@ -0,0 +1,26 @@ +Copyright (c) 2005,2006, NLnetLabs +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of NLnetLabs nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/contrib/ldns/README b/contrib/ldns/README new file mode 100644 index 0000000000..3a93c41ece --- /dev/null +++ b/contrib/ldns/README @@ -0,0 +1,103 @@ + +Contents: + REQUIREMENTS + INSTALLATION + libdns + examples + drill + INFORMATION FOR SPECIFIC OPERATING SYSTEMS + Mac OS X + Solaris + +Project page: +http://www.nlnetlabs.nl/ldns/ +On that page you can also subscribe to the ldns mailing list. + +* Development +ldns is mainly developed on Linux and FreeBSD. It is regularly tested to +compile on other systems like Solaris and Mac OS X. + +REQUIREMENTS +- OpenSSL (Optional, but needed for features like DNSSEC) +- libpcap (Optional, but needed for examples/ldns-dpa) +- (GNU) libtool (in OSX, that's glibtool, not libtool) +- GNU make + +INSTALLATION +1. Unpack the tarball +2. cd ldns- +3. ./configure +4. gmake (it needs gnu make to compile, on systems where GNU make is the + default you can just use 'make') +5. sudo gmake install +6. Optional. (cd examples; ./configure; gmake), make example programs included. +7. Optional. (cd drill; ./configure; gmake; gmake install), to build drill. + +You can configure and compile it in a separate build directory. + +* Examples +There are some examples and dns related tools in the examples/ directory. +These can be built with: +1. cd examples/ +2. ./configure [--with-ldns=] +3. gmake + +* Drill +Drill can be built with: +1. cd drill/ +2. ./configure [--with-ldns=] +3. gmake + +Note that you need to set LD_LIBRARY_PATH if you want to run the binaries +and you have not installed the library to a system directory. You can use +the make target all-static for the examples to run them if you don't want to +install the library. + + +* Building from subversion repository + +If you are building from the repository you will need to have (gnu) +autotools like libtool and autoreconf installed. A list of all the commands +needed to build everything can be found in README.svn. Note that the actual +commands may be a little bit different on your machine. Most notable, you'll need to run libtoolize (or glibtoolize), if you skip this step, you'll get an error about missing config.sub. + +* Developers +ldns is developed by the ldns team at NLnet Labs. This team currently +consists of: + o Jelte Jansen + o Wouter Wijngaards + +Former main developers: + o Miek Gieben + +* Credits +We have received patches from the following people, thanks! + o Erik Rozendaal + o Håkan Olsson + o Jakob Schlyter + o Paul Wouters + o Simon Vallet + o Ondřej Surý + + +IFORMATION FOR SPECIFIC OPERATING SYSTEMS + +MAC OS X + +For MACOSX 10.4 and later, it seems that you have to set the +MACOSX_DEPLOYMENT_TARGET environment variable to 10.4 before running +make. Apparently it defaults to 10.1. + +This appears to be a known problem in 10.2 to 10.4, see: +http://developer.apple.com/qa/qa2001/qa1233.html +for more information. + + +SOLARIS + +In Solaris multi-architecture systems (that have both 32-bit and +64-bit support), it can be a bit taxing to convince the system to +compile in 64-bit mode. Jakob Schlyter has kindly contributed a build +script that sets the right build and link options. You can find it in +contrib/build-solaris.sh + diff --git a/contrib/ldns/README.DELETED b/contrib/ldns/README.DELETED new file mode 100644 index 0000000000..142e1587dc --- /dev/null +++ b/contrib/ldns/README.DELETED @@ -0,0 +1,24 @@ +Makefile.in +ac_pkg_swig.m4 +aclocal.m4 +acx_nlnetlabs.m4 +acx_python.m4 +config.guess +config.sub +configure +configure.ac +contrib/ +doc/ +drill/Makefile.in +drill/config.h.in +drill/configure +drill/configure.ac +drill/drill.h.in +drill/install-sh +examples/ +install-sh +ldns_symbols.def +libdns.doxygen +libdns.vim +ltmain.sh +packaging/ diff --git a/contrib/ldns/README.DRAGONFLY b/contrib/ldns/README.DRAGONFLY new file mode 100644 index 0000000000..2d896efac7 --- /dev/null +++ b/contrib/ldns/README.DRAGONFLY @@ -0,0 +1,9 @@ +Original source can be downloaded from: +http://www.nlnetlabs.nl/projects/ldns/ + + MD5 (ldns-1.6.4.tar.gz) = 6747d7bd96552ee5d8943f3abb24815f + SHA1 (ldns-1.6.4.tar.gz) = 9015968ad3ddd015c750c15b60e60b9cccd393ec + +A list of deleted files is in README.DELETED. + +When Upgrading please stick to development(7). diff --git a/contrib/ldns/README.snapshots b/contrib/ldns/README.snapshots new file mode 100644 index 0000000000..891fcca1d6 --- /dev/null +++ b/contrib/ldns/README.snapshots @@ -0,0 +1,8 @@ +ldns - snapshot releases + +Snapshot releases are not official released. They can be released to +interested parties for development. + +Snapshots can be recognized from the date in the the tar file name. + +They should not be used for packaging in distributions. diff --git a/contrib/ldns/README.svn b/contrib/ldns/README.svn new file mode 100644 index 0000000000..10f7cb4163 --- /dev/null +++ b/contrib/ldns/README.svn @@ -0,0 +1,26 @@ + +# The ldns subversion repository can found at: +# www.nlnetlabs.nl/ldns/svn/ + +# small list of commands to build all on a linux system +# libtoolize is needed for most other targets + +# on Solaris, and other systems that may not have +# the default 'automake' and 'aclocal' script aliases, +# the correct versions may need to be set. On those +# systems, the 'autoreconf' line should be changed to: +# AUTOMAKE=automake-1.10 ACLOCAL=aclocal-1.10 autoreconf +# (and these systems probably need gmake instead of make) + +# older versions of libtoolize do not support --install +# so you might need to remove that (with newer versions +# it is needed) +libtoolize -c --install +autoreconf --install +./configure +make +make doc # needs doxygen for the html pages +(cd examples && autoreconf && ./configure && make) +(cd drill && autoreconf && ./configure && make) +(cd pcat && autoreconf && ./configure && make) +(cd examples/nsd-test && autoreconf && ./configure && make) diff --git a/contrib/ldns/buffer.c b/contrib/ldns/buffer.c new file mode 100644 index 0000000000..c6259b4e20 --- /dev/null +++ b/contrib/ldns/buffer.c @@ -0,0 +1,172 @@ +/* + * buffer.c -- generic memory buffer . + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + */ + +#include + +#include +#include + +ldns_buffer * +ldns_buffer_new(size_t capacity) +{ + ldns_buffer *buffer = LDNS_MALLOC(ldns_buffer); + + if (!buffer) { + return NULL; + } + + buffer->_data = (uint8_t *) LDNS_XMALLOC(uint8_t, capacity); + if (!buffer->_data) { + LDNS_FREE(buffer); + return NULL; + } + + buffer->_position = 0; + buffer->_limit = buffer->_capacity = capacity; + buffer->_fixed = 0; + buffer->_status = LDNS_STATUS_OK; + + ldns_buffer_invariant(buffer); + + return buffer; +} + +void +ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size) +{ + assert(data != NULL); + + buffer->_position = 0; + buffer->_limit = buffer->_capacity = size; + buffer->_data = LDNS_XMALLOC(uint8_t, size); + memcpy(buffer->_data, data, size); + buffer->_fixed = 0; + buffer->_status = LDNS_STATUS_OK; + + ldns_buffer_invariant(buffer); +} + +bool +ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity) +{ + void *data; + + ldns_buffer_invariant(buffer); + assert(buffer->_position <= capacity); + + data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity); + if (!data) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return false; + } else { + buffer->_data = data; + buffer->_limit = buffer->_capacity = capacity; + return true; + } +} + +bool +ldns_buffer_reserve(ldns_buffer *buffer, size_t amount) +{ + ldns_buffer_invariant(buffer); + assert(!buffer->_fixed); + if (buffer->_capacity < buffer->_position + amount) { + size_t new_capacity = buffer->_capacity * 3 / 2; + + if (new_capacity < buffer->_position + amount) { + new_capacity = buffer->_position + amount; + } + if (!ldns_buffer_set_capacity(buffer, new_capacity)) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return false; + } + } + buffer->_limit = buffer->_capacity; + return true; +} + +int +ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...) +{ + va_list args; + int written = 0; + size_t remaining; + + if (ldns_buffer_status_ok(buffer)) { + ldns_buffer_invariant(buffer); + assert(buffer->_limit == buffer->_capacity); + + remaining = ldns_buffer_remaining(buffer); + va_start(args, format); + written = vsnprintf((char *) ldns_buffer_current(buffer), remaining, + format, args); + va_end(args); + if (written == -1) { + buffer->_status = LDNS_STATUS_INTERNAL_ERR; + return -1; + } else if ((size_t) written >= remaining) { + if (!ldns_buffer_reserve(buffer, (size_t) written + 1)) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return -1; + } + va_start(args, format); + written = vsnprintf((char *) ldns_buffer_current(buffer), + ldns_buffer_remaining(buffer), format, args); + va_end(args); + if (written == -1) { + buffer->_status = LDNS_STATUS_INTERNAL_ERR; + return -1; + } + } + buffer->_position += written; + } + return written; +} + +void +ldns_buffer_free(ldns_buffer *buffer) +{ + if (!buffer) { + return; + } + + LDNS_FREE(buffer->_data); + + LDNS_FREE(buffer); +} + +void * +ldns_buffer_export(ldns_buffer *buffer) +{ + buffer->_fixed = 1; + return buffer->_data; +} + +int +ldns_bgetc(ldns_buffer *buffer) +{ + if (!ldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) { + ldns_buffer_set_position(buffer, ldns_buffer_limit(buffer)); + /* ldns_buffer_rewind(buffer);*/ + return EOF; + } + return (int)ldns_buffer_read_u8(buffer); +} + +void +ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from) +{ + size_t tocopy = ldns_buffer_limit(from); + + if(tocopy > ldns_buffer_capacity(result)) + tocopy = ldns_buffer_capacity(result); + ldns_buffer_clear(result); + ldns_buffer_write(result, ldns_buffer_begin(from), tocopy); + ldns_buffer_flip(result); +} diff --git a/contrib/ldns/compat/b32_ntop.c b/contrib/ldns/compat/b32_ntop.c new file mode 100644 index 0000000000..ec4104f235 --- /dev/null +++ b/contrib/ldns/compat/b32_ntop.c @@ -0,0 +1,320 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ +#include + +#include + +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#include +#include +#include +#include + +#include + +static const char Base32[] = + "abcdefghijklmnopqrstuvwxyz234567"; +/* "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";*/ +/* 00000000001111111111222222222233 + 01234567890123456789012345678901*/ +static const char Base32_extended_hex[] = +/* "0123456789ABCDEFGHIJKLMNOPQRSTUV";*/ + "0123456789abcdefghijklmnopqrstuv"; +static const char Pad32 = '='; + +/* (From RFC3548 and draft-josefsson-rfc3548bis-00.txt) +5. Base 32 Encoding + + The Base 32 encoding is designed to represent arbitrary sequences of + octets in a form that needs to be case insensitive but need not be + humanly readable. + + A 33-character subset of US-ASCII is used, enabling 5 bits to be + represented per printable character. (The extra 33rd character, "=", + is used to signify a special processing function.) + + The encoding process represents 40-bit groups of input bits as output + strings of 8 encoded characters. Proceeding from left to right, a + 40-bit input group is formed by concatenating 5 8bit input groups. + These 40 bits are then treated as 8 concatenated 5-bit groups, each + of which is translated into a single digit in the base 32 alphabet. + When encoding a bit stream via the base 32 encoding, the bit stream + must be presumed to be ordered with the most-significant-bit first. + That is, the first bit in the stream will be the high-order bit in + the first 8bit byte, and the eighth bit will be the low-order bit in + the first 8bit byte, and so on. + + Each 5-bit group is used as an index into an array of 32 printable + characters. The character referenced by the index is placed in the + output string. These characters, identified in Table 3, below, are + selected from US-ASCII digits and uppercase letters. + + Table 3: The Base 32 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 9 J 18 S 27 3 + 1 B 10 K 19 T 28 4 + 2 C 11 L 20 U 29 5 + 3 D 12 M 21 V 30 6 + 4 E 13 N 22 W 31 7 + 5 F 14 O 23 X + 6 G 15 P 24 Y (pad) = + 7 H 16 Q 25 Z + 8 I 17 R 26 2 + + + Special processing is performed if fewer than 40 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a body. When fewer than 40 input bits + are available in an input group, zero bits are added (on the right) + to form an integral number of 5-bit groups. Padding at the end of + the data is performed using the "=" character. Since all base 32 + input is an integral number of octets, only the following cases can + arise: + + (1) the final quantum of encoding input is an integral multiple of 40 + bits; here, the final unit of encoded output will be an integral + multiple of 8 characters with no "=" padding, + + (2) the final quantum of encoding input is exactly 8 bits; here, the + final unit of encoded output will be two characters followed by six + "=" padding characters, + + (3) the final quantum of encoding input is exactly 16 bits; here, the + final unit of encoded output will be four characters followed by four + "=" padding characters, + + (4) the final quantum of encoding input is exactly 24 bits; here, the + final unit of encoded output will be five characters followed by + three "=" padding characters, or + + (5) the final quantum of encoding input is exactly 32 bits; here, the + final unit of encoded output will be seven characters followed by one + "=" padding character. + + +6. Base 32 Encoding with Extended Hex Alphabet + + The following description of base 32 is due to [7]. This encoding + should not be regarded as the same as the "base32" encoding, and + should not be referred to as only "base32". + + One property with this alphabet, that the base64 and base32 alphabet + lack, is that encoded data maintain its sort order when the encoded + data is compared bit-wise. + + This encoding is identical to the previous one, except for the + alphabet. The new alphabet is found in table 4. + + Table 4: The "Extended Hex" Base 32 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 0 9 9 18 I 27 R + 1 1 10 A 19 J 28 S + 2 2 11 B 20 K 29 T + 3 3 12 C 21 L 30 U + 4 4 13 D 22 M 31 V + 5 5 14 E 23 N + 6 6 15 F 24 O (pad) = + 7 7 16 G 25 P + 8 8 17 H 26 Q + +*/ + + +int +ldns_b32_ntop_ar(uint8_t const *src, size_t srclength, char *target, size_t targsize, const char B32_ar[]) { + size_t datalength = 0; + uint8_t input[5]; + uint8_t output[8]; + size_t i; + memset(output, 0, 8); + + while (4 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + input[3] = *src++; + input[4] = *src++; + srclength -= 5; + + output[0] = (input[0] & 0xf8) >> 3; + output[1] = ((input[0] & 0x07) << 2) + ((input[1] & 0xc0) >> 6); + output[2] = (input[1] & 0x3e) >> 1; + output[3] = ((input[1] & 0x01) << 4) + ((input[2] & 0xf0) >> 4); + output[4] = ((input[2] & 0x0f) << 1) + ((input[3] & 0x80) >> 7); + output[5] = (input[3] & 0x7c) >> 2; + output[6] = ((input[3] & 0x03) << 3) + ((input[4] & 0xe0) >> 5); + output[7] = (input[4] & 0x1f); + + assert(output[0] < 32); + assert(output[1] < 32); + assert(output[2] < 32); + assert(output[3] < 32); + assert(output[4] < 32); + assert(output[5] < 32); + assert(output[6] < 32); + assert(output[7] < 32); + + if (datalength + 8 > targsize) { + return (-1); + } + target[datalength++] = B32_ar[output[0]]; + target[datalength++] = B32_ar[output[1]]; + target[datalength++] = B32_ar[output[2]]; + target[datalength++] = B32_ar[output[3]]; + target[datalength++] = B32_ar[output[4]]; + target[datalength++] = B32_ar[output[5]]; + target[datalength++] = B32_ar[output[6]]; + target[datalength++] = B32_ar[output[7]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = input[3] = input[4] = (uint8_t) '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = (input[0] & 0xf8) >> 3; + assert(output[0] < 32); + if (srclength >= 1) { + output[1] = ((input[0] & 0x07) << 2) + ((input[1] & 0xc0) >> 6); + assert(output[1] < 32); + output[2] = (input[1] & 0x3e) >> 1; + assert(output[2] < 32); + } + if (srclength >= 2) { + output[3] = ((input[1] & 0x01) << 4) + ((input[2] & 0xf0) >> 4); + assert(output[3] < 32); + } + if (srclength >= 3) { + output[4] = ((input[2] & 0x0f) << 1) + ((input[3] & 0x80) >> 7); + assert(output[4] < 32); + output[5] = (input[3] & 0x7c) >> 2; + assert(output[5] < 32); + } + if (srclength >= 4) { + output[6] = ((input[3] & 0x03) << 3) + ((input[4] & 0xe0) >> 5); + assert(output[6] < 32); + } + + + if (datalength + 1 > targsize) { + return (-2); + } + target[datalength++] = B32_ar[output[0]]; + if (srclength >= 1) { + target[datalength++] = B32_ar[output[1]]; + if (srclength == 1 && output[2] == 0) { + target[datalength++] = Pad32; + } else { + target[datalength++] = B32_ar[output[2]]; + } + } else { + target[datalength++] = Pad32; + target[datalength++] = Pad32; + } + if (srclength >= 2) { + target[datalength++] = B32_ar[output[3]]; + } else { + target[datalength++] = Pad32; + } + if (srclength >= 3) { + target[datalength++] = B32_ar[output[4]]; + if (srclength == 3 && output[5] == 0) { + target[datalength++] = Pad32; + } else { + target[datalength++] = B32_ar[output[5]]; + } + } else { + target[datalength++] = Pad32; + target[datalength++] = Pad32; + } + if (srclength >= 4) { + target[datalength++] = B32_ar[output[6]]; + } else { + target[datalength++] = Pad32; + } + target[datalength++] = Pad32; + } + if (datalength > targsize) { + return (-3); + } + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (int) (datalength); +} + +int +ldns_b32_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) { + return ldns_b32_ntop_ar(src, srclength, target, targsize, Base32); +} + +/* deprecated, here for backwards compatibility */ +int +b32_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) { + return ldns_b32_ntop_ar(src, srclength, target, targsize, Base32); +} + +int +ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength, char *target, size_t targsize) { + return ldns_b32_ntop_ar(src, srclength, target, targsize, Base32_extended_hex); +} + +/* deprecated, here for backwards compatibility */ +int +b32_ntop_extended_hex(uint8_t const *src, size_t srclength, char *target, size_t targsize) { + return ldns_b32_ntop_ar(src, srclength, target, targsize, Base32_extended_hex); +} + diff --git a/contrib/ldns/compat/b32_pton.c b/contrib/ldns/compat/b32_pton.c new file mode 100644 index 0000000000..5a3c2ea697 --- /dev/null +++ b/contrib/ldns/compat/b32_pton.c @@ -0,0 +1,389 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ +#include + +#include + +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#include +#include +#include +#include + +/* "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567";*/ +static const char Base32[] = + "abcdefghijklmnopqrstuvwxyz234567"; +/* "0123456789ABCDEFGHIJKLMNOPQRSTUV";*/ +static const char Base32_extended_hex[] = + "0123456789abcdefghijklmnopqrstuv"; +static const char Pad32 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) +5. Base 32 Encoding + + The Base 32 encoding is designed to represent arbitrary sequences of + octets in a form that needs to be case insensitive but need not be + humanly readable. + + A 33-character subset of US-ASCII is used, enabling 5 bits to be + represented per printable character. (The extra 33rd character, "=", + is used to signify a special processing function.) + + The encoding process represents 40-bit groups of input bits as output + strings of 8 encoded characters. Proceeding from left to right, a + 40-bit input group is formed by concatenating 5 8bit input groups. + These 40 bits are then treated as 8 concatenated 5-bit groups, each + of which is translated into a single digit in the base 32 alphabet. + When encoding a bit stream via the base 32 encoding, the bit stream + must be presumed to be ordered with the most-significant-bit first. + That is, the first bit in the stream will be the high-order bit in + the first 8bit byte, and the eighth bit will be the low-order bit in + the first 8bit byte, and so on. + + Each 5-bit group is used as an index into an array of 32 printable + characters. The character referenced by the index is placed in the + output string. These characters, identified in Table 3, below, are + selected from US-ASCII digits and uppercase letters. + + Table 3: The Base 32 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 9 J 18 S 27 3 + 1 B 10 K 19 T 28 4 + 2 C 11 L 20 U 29 5 + 3 D 12 M 21 V 30 6 + 4 E 13 N 22 W 31 7 + 5 F 14 O 23 X + 6 G 15 P 24 Y (pad) = + 7 H 16 Q 25 Z + 8 I 17 R 26 2 + + + Special processing is performed if fewer than 40 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a body. When fewer than 40 input bits + are available in an input group, zero bits are added (on the right) + to form an integral number of 5-bit groups. Padding at the end of + the data is performed using the "=" character. Since all base 32 + input is an integral number of octets, only the following cases can + arise: + + (1) the final quantum of encoding input is an integral multiple of 40 + bits; here, the final unit of encoded output will be an integral + multiple of 8 characters with no "=" padding, + + (2) the final quantum of encoding input is exactly 8 bits; here, the + final unit of encoded output will be two characters followed by six + "=" padding characters, + + (3) the final quantum of encoding input is exactly 16 bits; here, the + final unit of encoded output will be four characters followed by four + "=" padding characters, + + (4) the final quantum of encoding input is exactly 24 bits; here, the + final unit of encoded output will be five characters followed by + three "=" padding characters, or + + (5) the final quantum of encoding input is exactly 32 bits; here, the + final unit of encoded output will be seven characters followed by one + "=" padding character. + + +6. Base 32 Encoding with Extended Hex Alphabet + + The following description of base 32 is due to [7]. This encoding + should not be regarded as the same as the "base32" encoding, and + should not be referred to as only "base32". + + One property with this alphabet, that the base32 and base32 alphabet + lack, is that encoded data maintain its sort order when the encoded + data is compared bit-wise. + + This encoding is identical to the previous one, except for the + alphabet. The new alphabet is found in table 4. + + Table 4: The "Extended Hex" Base 32 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 0 9 9 18 I 27 R + 1 1 10 A 19 J 28 S + 2 2 11 B 20 K 29 T + 3 3 12 C 21 L 30 U + 4 4 13 D 22 M 31 V + 5 5 14 E 23 N + 6 6 15 F 24 O (pad) = + 7 7 16 G 25 P + 8 8 17 H 26 Q + + + + +*/ +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 32 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +ldns_b32_pton_ar(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize, const char B32_ar[]) +{ + int tarindex, state, ch; + char *pos; + int i = 0; + + state = 0; + tarindex = 0; + + while ((ch = *src++) != '\0' && (i == 0 || i < (int) hashed_owner_str_len)) { + i++; + ch = tolower(ch); + if (isspace((unsigned char)ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad32) + break; + + pos = strchr(B32_ar, ch); + if (pos == 0) { + /* A non-base32 character. */ + return (-ch); + } + + switch (state) { + case 0: + if (target) { + if ((size_t)tarindex >= targsize) { + return (-2); + } + target[tarindex] = (pos - B32_ar) << 3; + } + state = 1; + break; + case 1: + if (target) { + if ((size_t)tarindex + 1 >= targsize) { + return (-3); + } + target[tarindex] |= (pos - B32_ar) >> 2; + target[tarindex+1] = ((pos - B32_ar) & 0x03) + << 6 ; + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if ((size_t)tarindex + 1 >= targsize) { + return (-4); + } + target[tarindex] |= (pos - B32_ar) << 1; + } + /*tarindex++;*/ + state = 3; + break; + case 3: + if (target) { + if ((size_t)tarindex + 1 >= targsize) { + return (-5); + } + target[tarindex] |= (pos - B32_ar) >> 4; + target[tarindex+1] = ((pos - B32_ar) & 0x0f) << 4 ; + } + tarindex++; + state = 4; + break; + case 4: + if (target) { + if ((size_t)tarindex + 1 >= targsize) { + return (-6); + } + target[tarindex] |= (pos - B32_ar) >> 1; + target[tarindex+1] = ((pos - B32_ar) & 0x01) + << 7 ; + } + tarindex++; + state = 5; + break; + case 5: + if (target) { + if ((size_t)tarindex + 1 >= targsize) { + return (-7); + } + target[tarindex] |= (pos - B32_ar) << 2; + } + state = 6; + break; + case 6: + if (target) { + if ((size_t)tarindex + 1 >= targsize) { + return (-8); + } + target[tarindex] |= (pos - B32_ar) >> 3; + target[tarindex+1] = ((pos - B32_ar) & 0x07) + << 5 ; + } + tarindex++; + state = 7; + break; + case 7: + if (target) { + if ((size_t)tarindex + 1 >= targsize) { + return (-9); + } + target[tarindex] |= (pos - B32_ar); + } + tarindex++; + state = 0; + break; + default: + abort(); + } + } + + /* + * We are done decoding Base-32 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad32) { /* We got a pad char. */ + ch = *src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-10); + + case 2: /* Valid, means one byte of info */ + case 3: + /* Skip any number of spaces. */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!isspace((unsigned char)ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad32) { + return (-11); + } + ch = *src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 4: /* Valid, means two bytes of info */ + case 5: + case 6: + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!(isspace((unsigned char)ch) || ch == '=')) { + return (-12); + } + + case 7: /* Valid, means three bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!isspace((unsigned char)ch)) { + return (-13); + } + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) { + return (-14); + } + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-15); + } + + return (tarindex); +} + +int +ldns_b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize) +{ + return ldns_b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32); +} + +/* deprecated, here for backwards compatibility */ +int +b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize) +{ + return ldns_b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32); +} + +int +ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize) +{ + return ldns_b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32_extended_hex); +} + +/* deprecated, here for backwards compatibility */ +int +b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize) +{ + return ldns_b32_pton_ar(src, hashed_owner_str_len, target, targsize, Base32_extended_hex); +} diff --git a/contrib/ldns/compat/b64_ntop.c b/contrib/ldns/compat/b64_ntop.c new file mode 100644 index 0000000000..93c209ab07 --- /dev/null +++ b/contrib/ldns/compat/b64_ntop.c @@ -0,0 +1,204 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ +#include + +#include + +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#include +#include +#include +#include + +#define Assert(Cond) if (!(Cond)) abort() + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +int +ldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) { + size_t datalength = 0; + uint8_t input[3]; + uint8_t output[4]; + size_t i; + + if (srclength == 0) { + if (targsize > 0) { + target[0] = '\0'; + return 0; + } else { + return -1; + } + } + + while (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + Assert(output[0] < 64); + Assert(output[1] < 64); + Assert(output[2] < 64); + Assert(output[3] < 64); + + if (datalength + 4 > targsize) { + return (-1); + } + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + target[datalength++] = Base64[output[2]]; + target[datalength++] = Base64[output[3]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = (uint8_t) '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + Assert(output[0] < 64); + Assert(output[1] < 64); + Assert(output[2] < 64); + + if (datalength + 4 > targsize) { + return (-2); + } + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + if (srclength == 1) { + target[datalength++] = Pad64; + } else { + target[datalength++] = Base64[output[2]]; + } + target[datalength++] = Pad64; + } + if (datalength >= targsize) { + return (-3); + } + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (int) (datalength); +} diff --git a/contrib/ldns/compat/b64_pton.c b/contrib/ldns/compat/b64_pton.c new file mode 100644 index 0000000000..a4babea421 --- /dev/null +++ b/contrib/ldns/compat/b64_pton.c @@ -0,0 +1,262 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ +#include + +#include + +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#include +#include +#include +#include + +#define Assert(Cond) if (!(Cond)) abort() + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +ldns_b64_pton(char const *src, uint8_t *target, size_t targsize) +{ + int tarindex, state, ch; + char *pos; + + state = 0; + tarindex = 0; + + if (strlen(src) == 0) { + return 0; + } + + while ((ch = *src++) != '\0') { + if (isspace((unsigned char)ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr(Base64, ch); + if (pos == 0) { + /* A non-base64 character. */ + return (-1); + } + + switch (state) { + case 0: + if (target) { + if ((size_t)tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + if (target) { + if ((size_t)tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + target[tarindex+1] = ((pos - Base64) & 0x0f) + << 4 ; + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if ((size_t)tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + target[tarindex+1] = ((pos - Base64) & 0x03) + << 6; + } + tarindex++; + state = 3; + break; + case 3: + if (target) { + if ((size_t)tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + default: + abort(); + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = *src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!isspace((unsigned char)ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = *src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!isspace((unsigned char)ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} diff --git a/contrib/ldns/compat/ctime_r.c b/contrib/ldns/compat/ctime_r.c new file mode 100644 index 0000000000..4ffd8b7e35 --- /dev/null +++ b/contrib/ldns/compat/ctime_r.c @@ -0,0 +1,16 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_TIME_H +#include +#endif + +char *ctime_r(const time_t *timep, char *buf) +{ + /* no thread safety. */ + char* result = ctime(timep); + if(buf && result) + strcpy(buf, result); + return result; +} diff --git a/contrib/ldns/compat/fake-rfc2553.c b/contrib/ldns/compat/fake-rfc2553.c new file mode 100644 index 0000000000..431e04a215 --- /dev/null +++ b/contrib/ldns/compat/fake-rfc2553.c @@ -0,0 +1,229 @@ +/* From openssh 4.3p2 filename openbsd-compat/fake-rfc2553.h */ +/* + * Copyright (C) 2000-2003 Damien Miller. All rights reserved. + * Copyright (C) 1999 WIDE Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Pseudo-implementation of RFC2553 name / address resolution functions + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For example, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#include +#include +#include +#include +#include +#include +#include "compat/fake-rfc2553.h" + +#ifndef HAVE_GETNAMEINFO +int getnameinfo(const struct sockaddr *sa, size_t ATTR_UNUSED(salen), char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in *sin = (struct sockaddr_in *)sa; + struct hostent *hp; + char tmpserv[16]; + + if (serv != NULL) { + snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); + if (strlcpy(serv, tmpserv, servlen) >= servlen) + return (EAI_MEMORY); + } + + if (host != NULL) { + if (flags & NI_NUMERICHOST) { + if (strlcpy(host, inet_ntoa(sin->sin_addr), + hostlen) >= hostlen) + return (EAI_MEMORY); + else + return (0); + } else { + hp = gethostbyaddr((char *)&sin->sin_addr, + sizeof(struct in_addr), AF_INET); + if (hp == NULL) + return (EAI_NODATA); + + if (strlcpy(host, hp->h_name, hostlen) >= hostlen) + return (EAI_MEMORY); + else + return (0); + } + } + return (0); +} +#endif /* !HAVE_GETNAMEINFO */ + +#ifndef HAVE_GAI_STRERROR +#ifdef HAVE_CONST_GAI_STRERROR_PROTO +const char * +#else +char * +#endif +gai_strerror(int err) +{ + switch (err) { + case EAI_NODATA: + return ("no address associated with name"); + case EAI_MEMORY: + return ("memory allocation failure."); + case EAI_NONAME: + return ("nodename nor servname provided, or not known"); + default: + return ("unknown/invalid error."); + } +} +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +void +freeaddrinfo(struct addrinfo *ai) +{ + struct addrinfo *next; + + for(; ai != NULL;) { + next = ai->ai_next; + free(ai); + ai = next; + } +} +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETADDRINFO +static struct +addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints) +{ + struct addrinfo *ai; + + ai = malloc(sizeof(*ai) + sizeof(struct sockaddr_in)); + if (ai == NULL) + return (NULL); + + memset(ai, '\0', sizeof(*ai) + sizeof(struct sockaddr_in)); + + ai->ai_addr = (struct sockaddr *)(ai + 1); + /* XXX -- ssh doesn't use sa_len */ + ai->ai_addrlen = sizeof(struct sockaddr_in); + ai->ai_addr->sa_family = ai->ai_family = AF_INET; + + ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; + ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; + + /* XXX: the following is not generally correct, but does what we want */ + if (hints->ai_socktype) + ai->ai_socktype = hints->ai_socktype; + else + ai->ai_socktype = SOCK_STREAM; + + if (hints->ai_protocol) + ai->ai_protocol = hints->ai_protocol; + + return (ai); +} + +int +getaddrinfo(const char *hostname, const char *servname, + const struct addrinfo *hints, struct addrinfo **res) +{ + struct hostent *hp; + struct servent *sp; + struct in_addr in; + int i; + long int port; + u_long addr; + + port = 0; + if (servname != NULL) { + char *cp; + + port = strtol(servname, &cp, 10); + if (port > 0 && port <= 65535 && *cp == '\0') + port = htons(port); + else if ((sp = getservbyname(servname, NULL)) != NULL) + port = sp->s_port; + else + port = 0; + } + + if (hints && hints->ai_flags & AI_PASSIVE) { + addr = htonl(0x00000000); + if (hostname && inet_aton(hostname, &in) != 0) + addr = in.s_addr; + *res = malloc_ai(port, addr, hints); + if (*res == NULL) + return (EAI_MEMORY); + return (0); + } + + if (!hostname) { + *res = malloc_ai(port, htonl(0x7f000001), hints); + if (*res == NULL) + return (EAI_MEMORY); + return (0); + } + + if (inet_aton(hostname, &in)) { + *res = malloc_ai(port, in.s_addr, hints); + if (*res == NULL) + return (EAI_MEMORY); + return (0); + } + + /* Don't try DNS if AI_NUMERICHOST is set */ + if (hints && hints->ai_flags & AI_NUMERICHOST) + return (EAI_NONAME); + + hp = gethostbyname(hostname); + if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { + struct addrinfo *cur, *prev; + + cur = prev = *res = NULL; + for (i = 0; hp->h_addr_list[i]; i++) { + struct in_addr *in = (struct in_addr *)hp->h_addr_list[i]; + + cur = malloc_ai(port, in->s_addr, hints); + if (cur == NULL) { + if (*res != NULL) + freeaddrinfo(*res); + return (EAI_MEMORY); + } + if (prev) + prev->ai_next = cur; + else + *res = cur; + + prev = cur; + } + return (0); + } + + return (EAI_NODATA); +} +#endif /* !HAVE_GETADDRINFO */ diff --git a/contrib/ldns/compat/fake-rfc2553.h b/contrib/ldns/compat/fake-rfc2553.h new file mode 100644 index 0000000000..1e9add1eb0 --- /dev/null +++ b/contrib/ldns/compat/fake-rfc2553.h @@ -0,0 +1,175 @@ +/* From openssh 4.3p2 filename openbsd-compat/fake-rfc2553.h */ +/* + * Copyright (C) 2000-2003 Damien Miller. All rights reserved. + * Copyright (C) 1999 WIDE Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Pseudo-implementation of RFC2553 name / address resolution functions + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For example, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#ifndef _FAKE_RFC2553_H +#define _FAKE_RFC2553_H + +#include +#include +#include +#include + +/* + * First, socket and INET6 related definitions + */ +#ifndef HAVE_STRUCT_SOCKADDR_STORAGE +#ifndef _SS_MAXSIZE +# define _SS_MAXSIZE 128 /* Implementation specific max size */ +# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) +struct sockaddr_storage { + struct sockaddr ss_sa; + char __ss_pad2[_SS_PADSIZE]; +}; +# define ss_family ss_sa.sa_family +#endif /* _SS_MAXSIZE */ +#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ + +#ifndef IN6_IS_ADDR_LOOPBACK +# define IN6_IS_ADDR_LOOPBACK(a) \ + (((uint32_t *)(a))[0] == 0 && ((uint32_t *)(a))[1] == 0 && \ + ((uint32_t *)(a))[2] == 0 && ((uint32_t *)(a))[3] == htonl(1)) +#endif /* !IN6_IS_ADDR_LOOPBACK */ + +#ifndef HAVE_STRUCT_IN6_ADDR +struct in6_addr { + uint8_t s6_addr[16]; +}; +#endif /* !HAVE_STRUCT_IN6_ADDR */ + +#ifndef HAVE_STRUCT_SOCKADDR_IN6 +struct sockaddr_in6 { + unsigned short sin6_family; + uint16_t sin6_port; + uint32_t sin6_flowinfo; + struct in6_addr sin6_addr; +}; +#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */ + +#ifndef AF_INET6 +/* Define it to something that should never appear */ +#define AF_INET6 AF_MAX +#endif + +/* + * Next, RFC2553 name / address resolution API + */ + +#ifndef NI_NUMERICHOST +# define NI_NUMERICHOST (1) +#endif +#ifndef NI_NAMEREQD +# define NI_NAMEREQD (1<<1) +#endif +#ifndef NI_NUMERICSERV +# define NI_NUMERICSERV (1<<2) +#endif + +#ifndef AI_PASSIVE +# define AI_PASSIVE (1) +#endif +#ifndef AI_CANONNAME +# define AI_CANONNAME (1<<1) +#endif +#ifndef AI_NUMERICHOST +# define AI_NUMERICHOST (1<<2) +#endif + +#ifndef NI_MAXSERV +# define NI_MAXSERV 32 +#endif /* !NI_MAXSERV */ +#ifndef NI_MAXHOST +# define NI_MAXHOST 1025 +#endif /* !NI_MAXHOST */ + +#ifndef INT_MAX +#define INT_MAX 0xffffffff +#endif + +#ifndef EAI_NODATA +# define EAI_NODATA (INT_MAX - 1) +#endif +#ifndef EAI_MEMORY +# define EAI_MEMORY (INT_MAX - 2) +#endif +#ifndef EAI_NONAME +# define EAI_NONAME (INT_MAX - 3) +#endif +#ifndef EAI_SYSTEM +# define EAI_SYSTEM (INT_MAX - 4) +#endif + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + size_t ai_addrlen; /* length of ai_addr */ + char *ai_canonname; /* canonical name for hostname */ + struct sockaddr *ai_addr; /* binary address */ + struct addrinfo *ai_next; /* next structure in linked list */ +}; +#endif /* !HAVE_STRUCT_ADDRINFO */ + +#ifndef HAVE_GETADDRINFO +#ifdef getaddrinfo +# undef getaddrinfo +#endif +#define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d)) +int getaddrinfo(const char *, const char *, + const struct addrinfo *, struct addrinfo **); +#endif /* !HAVE_GETADDRINFO */ + +#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO) +#define gai_strerror(a) (ssh_gai_strerror(a)) +char *gai_strerror(int); +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +#define freeaddrinfo(a) (ssh_freeaddrinfo(a)) +void freeaddrinfo(struct addrinfo *); +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETNAMEINFO +#define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g)) +int getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +#endif /* !HAVE_GETNAMEINFO */ + +#endif /* !_FAKE_RFC2553_H */ + diff --git a/contrib/ldns/compat/gmtime_r.c b/contrib/ldns/compat/gmtime_r.c new file mode 100644 index 0000000000..7062e7dee3 --- /dev/null +++ b/contrib/ldns/compat/gmtime_r.c @@ -0,0 +1,14 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_TIME_H +#include +#endif + +struct tm *gmtime_r(const time_t *timep, struct tm *result) +{ + /* no thread safety. */ + *result = *gmtime(timep); + return result; +} diff --git a/contrib/ldns/compat/inet_aton.c b/contrib/ldns/compat/inet_aton.c new file mode 100644 index 0000000000..e8c3a57b9a --- /dev/null +++ b/contrib/ldns/compat/inet_aton.c @@ -0,0 +1,182 @@ +/* From openssh4.3p2 compat/inet_aton.c */ +/* + * Copyright (c) 1983, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * - + * Portions Copyright (c) 1993 by Digital Equipment Corporation. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies, and that + * the name of Digital Equipment Corporation not be used in advertising or + * publicity pertaining to distribution of the document or software without + * specific, written prior permission. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT + * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + * - + * --Copyright-- + */ + +/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */ + +#include + +#if !defined(HAVE_INET_ATON) + +#include +#include +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#include + +#if 0 +/* + * Ascii internet address interpretation routine. + * The value returned is in network order. + */ +in_addr_t +inet_addr(const char *cp) +{ + struct in_addr val; + + if (inet_aton(cp, &val)) + return (val.s_addr); + return (INADDR_NONE); +} +#endif + +/* + * Check whether "cp" is a valid ascii representation + * of an Internet address and convert to a binary address. + * Returns 1 if the address is valid, 0 if not. + * This replaces inet_addr, the return value from which + * cannot distinguish between failure and a local broadcast address. + */ +int +inet_aton(const char *cp, struct in_addr *addr) +{ + uint32_t val; + int base, n; + char c; + unsigned int parts[4]; + unsigned int *pp = parts; + + c = *cp; + for (;;) { + /* + * Collect number up to ``.''. + * Values are specified as for C: + * 0x=hex, 0=octal, isdigit=decimal. + */ + if (!isdigit((int) c)) + return (0); + val = 0; base = 10; + if (c == '0') { + c = *++cp; + if (c == 'x' || c == 'X') + base = 16, c = *++cp; + else + base = 8; + } + for (;;) { + if (isascii((int) c) && isdigit((int) c)) { + val = (val * base) + (c - '0'); + c = *++cp; + } else if (base == 16 && isascii((int) c) && isxdigit((int) c)) { + val = (val << 4) | + (c + 10 - (islower((int) c) ? 'a' : 'A')); + c = *++cp; + } else + break; + } + if (c == '.') { + /* + * Internet format: + * a.b.c.d + * a.b.c (with c treated as 16 bits) + * a.b (with b treated as 24 bits) + */ + if (pp >= parts + 3) + return (0); + *pp++ = val; + c = *++cp; + } else + break; + } + /* + * Check for trailing characters. + */ + if (c != '\0' && (!isascii((int) c) || !isspace((int) c))) + return (0); + /* + * Concoct the address according to + * the number of parts specified. + */ + n = pp - parts + 1; + switch (n) { + + case 0: + return (0); /* initial nondigit */ + + case 1: /* a -- 32 bits */ + break; + + case 2: /* a.b -- 8.24 bits */ + if ((val > 0xffffff) || (parts[0] > 0xff)) + return (0); + val |= parts[0] << 24; + break; + + case 3: /* a.b.c -- 8.8.16 bits */ + if ((val > 0xffff) || (parts[0] > 0xff) || (parts[1] > 0xff)) + return (0); + val |= (parts[0] << 24) | (parts[1] << 16); + break; + + case 4: /* a.b.c.d -- 8.8.8.8 bits */ + if ((val > 0xff) || (parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff)) + return (0); + val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); + break; + } + if (addr) + addr->s_addr = htonl(val); + return (1); +} + +#endif /* !defined(HAVE_INET_ATON) */ diff --git a/contrib/ldns/compat/inet_ntop.c b/contrib/ldns/compat/inet_ntop.c new file mode 100644 index 0000000000..57509c7c98 --- /dev/null +++ b/contrib/ldns/compat/inet_ntop.c @@ -0,0 +1,216 @@ +/* From openssh 4.3p2 compat/inet_ntop.c */ +/* Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */ + +#include + +#ifndef HAVE_INET_NTOP + +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#include +#include +#include + +#ifndef IN6ADDRSZ +#define IN6ADDRSZ 16 /* IPv6 T_AAAA */ +#endif + +#ifndef INT16SZ +#define INT16SZ 2 /* for systems without 16-bit ints */ +#endif + +/* + * WARNING: Don't even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + */ + +static const char *inet_ntop4(const u_char *src, char *dst, size_t size); +static const char *inet_ntop6(const u_char *src, char *dst, size_t size); + +/* char * + * inet_ntop(af, src, dst, size) + * convert a network format address to presentation format. + * return: + * pointer to presentation format address (`dst'), or NULL (see errno). + * author: + * Paul Vixie, 1996. + */ +const char * +inet_ntop(int af, const void *src, char *dst, size_t size) +{ + switch (af) { + case AF_INET: + return (inet_ntop4(src, dst, size)); + case AF_INET6: + return (inet_ntop6(src, dst, size)); + default: +#ifdef EAFNOSUPPORT + errno = EAFNOSUPPORT; +#else + errno = ENOSYS; +#endif + return (NULL); + } + /* NOTREACHED */ +} + +/* const char * + * inet_ntop4(src, dst, size) + * format an IPv4 address, more or less like inet_ntoa() + * return: + * `dst' (as a const) + * notes: + * (1) uses no statics + * (2) takes a u_char* not an in_addr as input + * author: + * Paul Vixie, 1996. + */ +static const char * +inet_ntop4(const u_char *src, char *dst, size_t size) +{ + static const char fmt[] = "%u.%u.%u.%u"; + char tmp[sizeof "255.255.255.255"]; + int l; + + l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]); + if (l <= 0 || l >= (int)size) { + errno = ENOSPC; + return (NULL); + } + strlcpy(dst, tmp, size); + return (dst); +} + +/* const char * + * inet_ntop6(src, dst, size) + * convert IPv6 binary address into presentation (printable) format + * author: + * Paul Vixie, 1996. + */ +static const char * +inet_ntop6(const u_char *src, char *dst, size_t size) +{ + /* + * Note that int32_t and int16_t need only be "at least" large enough + * to contain a value of the specified size. On some systems, like + * Crays, there is no such thing as an integer variable with 16 bits. + * Keep this in mind if you think this function should have been coded + * to use pointer overlays. All the world's not a VAX. + */ + char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; + char *tp, *ep; + struct { int base, len; } best, cur; + u_int words[IN6ADDRSZ / INT16SZ]; + int i; + int advance; + + /* + * Preprocess: + * Copy the input (bytewise) array into a wordwise array. + * Find the longest run of 0x00's in src[] for :: shorthanding. + */ + memset(words, '\0', sizeof words); + for (i = 0; i < IN6ADDRSZ; i++) + words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3)); + best.base = -1; + cur.base = -1; + for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) { + if (words[i] == 0) { + if (cur.base == -1) + cur.base = i, cur.len = 1; + else + cur.len++; + } else { + if (cur.base != -1) { + if (best.base == -1 || cur.len > best.len) + best = cur; + cur.base = -1; + } + } + } + if (cur.base != -1) { + if (best.base == -1 || cur.len > best.len) + best = cur; + } + if (best.base != -1 && best.len < 2) + best.base = -1; + + /* + * Format the result. + */ + tp = tmp; + ep = tmp + sizeof(tmp); + for (i = 0; i < (IN6ADDRSZ / INT16SZ) && tp < ep; i++) { + /* Are we inside the best run of 0x00's? */ + if (best.base != -1 && i >= best.base && + i < (best.base + best.len)) { + if (i == best.base) { + if (tp + 1 >= ep) + return (NULL); + *tp++ = ':'; + } + continue; + } + /* Are we following an initial run of 0x00s or any real hex? */ + if (i != 0) { + if (tp + 1 >= ep) + return (NULL); + *tp++ = ':'; + } + /* Is this address an encapsulated IPv4? */ + if (i == 6 && best.base == 0 && + (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { + if (!inet_ntop4(src+12, tp, (size_t)(ep - tp))) + return (NULL); + tp += strlen(tp); + break; + } + advance = snprintf(tp, ep - tp, "%x", words[i]); + if (advance <= 0 || advance >= ep - tp) + return (NULL); + tp += advance; + } + /* Was it a trailing run of 0x00's? */ + if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) { + if (tp + 1 >= ep) + return (NULL); + *tp++ = ':'; + } + if (tp + 1 >= ep) + return (NULL); + *tp++ = '\0'; + + /* + * Check for overflow, copy, and we're done. + */ + if ((size_t)(tp - tmp) > size) { + errno = ENOSPC; + return (NULL); + } + strlcpy(dst, tmp, size); + return (dst); +} + +#endif /* !HAVE_INET_NTOP */ diff --git a/contrib/ldns/compat/inet_pton.c b/contrib/ldns/compat/inet_pton.c new file mode 100644 index 0000000000..7a4f57614f --- /dev/null +++ b/contrib/ldns/compat/inet_pton.c @@ -0,0 +1,230 @@ +/* $KAME: inet_pton.c,v 1.5 2001/08/20 02:32:40 itojun Exp $ */ + +/* Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +#include + +#include +#include +#include + +/* + * WARNING: Don't even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + */ + +static int inet_pton4 (const char *src, uint8_t *dst); +static int inet_pton6 (const char *src, uint8_t *dst); + +/* + * + * The definitions we might miss. + * + */ +#ifndef NS_INT16SZ +#define NS_INT16SZ 2 +#endif + +#ifndef NS_IN6ADDRSZ +#define NS_IN6ADDRSZ 16 +#endif + +#ifndef NS_INADDRSZ +#define NS_INADDRSZ 4 +#endif + +/* int + * inet_pton(af, src, dst) + * convert from presentation format (which usually means ASCII printable) + * to network format (which is usually some kind of binary format). + * return: + * 1 if the address was valid for the specified address family + * 0 if the address wasn't valid (`dst' is untouched in this case) + * -1 if some other error occurred (`dst' is untouched in this case, too) + * author: + * Paul Vixie, 1996. + */ +int +inet_pton(af, src, dst) + int af; + const char *src; + void *dst; +{ + switch (af) { + case AF_INET: + return (inet_pton4(src, dst)); + case AF_INET6: + return (inet_pton6(src, dst)); + default: +#ifdef EAFNOSUPPORT + errno = EAFNOSUPPORT; +#else + errno = ENOSYS; +#endif + return (-1); + } + /* NOTREACHED */ +} + +/* int + * inet_pton4(src, dst) + * like inet_aton() but without all the hexadecimal and shorthand. + * return: + * 1 if `src' is a valid dotted quad, else 0. + * notice: + * does not touch `dst' unless it's returning 1. + * author: + * Paul Vixie, 1996. + */ +static int +inet_pton4(src, dst) + const char *src; + uint8_t *dst; +{ + static const char digits[] = "0123456789"; + int saw_digit, octets, ch; + uint8_t tmp[NS_INADDRSZ], *tp; + + saw_digit = 0; + octets = 0; + *(tp = tmp) = 0; + while ((ch = *src++) != '\0') { + const char *pch; + + if ((pch = strchr(digits, ch)) != NULL) { + uint32_t new = *tp * 10 + (pch - digits); + + if (new > 255) + return (0); + *tp = new; + if (! saw_digit) { + if (++octets > 4) + return (0); + saw_digit = 1; + } + } else if (ch == '.' && saw_digit) { + if (octets == 4) + return (0); + *++tp = 0; + saw_digit = 0; + } else + return (0); + } + if (octets < 4) + return (0); + + memcpy(dst, tmp, NS_INADDRSZ); + return (1); +} + +/* int + * inet_pton6(src, dst) + * convert presentation level address to network order binary form. + * return: + * 1 if `src' is a valid [RFC1884 2.2] address, else 0. + * notice: + * (1) does not touch `dst' unless it's returning 1. + * (2) :: in a full address is silently ignored. + * credit: + * inspired by Mark Andrews. + * author: + * Paul Vixie, 1996. + */ +static int +inet_pton6(src, dst) + const char *src; + uint8_t *dst; +{ + static const char xdigits_l[] = "0123456789abcdef", + xdigits_u[] = "0123456789ABCDEF"; + uint8_t tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; + const char *xdigits, *curtok; + int ch, saw_xdigit; + uint32_t val; + + memset((tp = tmp), '\0', NS_IN6ADDRSZ); + endp = tp + NS_IN6ADDRSZ; + colonp = NULL; + /* Leading :: requires some special handling. */ + if (*src == ':') + if (*++src != ':') + return (0); + curtok = src; + saw_xdigit = 0; + val = 0; + while ((ch = *src++) != '\0') { + const char *pch; + + if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) + pch = strchr((xdigits = xdigits_u), ch); + if (pch != NULL) { + val <<= 4; + val |= (pch - xdigits); + if (val > 0xffff) + return (0); + saw_xdigit = 1; + continue; + } + if (ch == ':') { + curtok = src; + if (!saw_xdigit) { + if (colonp) + return (0); + colonp = tp; + continue; + } + if (tp + NS_INT16SZ > endp) + return (0); + *tp++ = (uint8_t) (val >> 8) & 0xff; + *tp++ = (uint8_t) val & 0xff; + saw_xdigit = 0; + val = 0; + continue; + } + if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && + inet_pton4(curtok, tp) > 0) { + tp += NS_INADDRSZ; + saw_xdigit = 0; + break; /* '\0' was seen by inet_pton4(). */ + } + return (0); + } + if (saw_xdigit) { + if (tp + NS_INT16SZ > endp) + return (0); + *tp++ = (uint8_t) (val >> 8) & 0xff; + *tp++ = (uint8_t) val & 0xff; + } + if (colonp != NULL) { + /* + * Since some memmove()'s erroneously fail to handle + * overlapping regions, we'll do the shift by hand. + */ + const int n = tp - colonp; + int i; + + for (i = 1; i <= n; i++) { + endp[- i] = colonp[n - i]; + colonp[n - i] = 0; + } + tp = endp; + } + if (tp != endp) + return (0); + memcpy(dst, tmp, NS_IN6ADDRSZ); + return (1); +} diff --git a/contrib/ldns/compat/isblank.c b/contrib/ldns/compat/isblank.c new file mode 100644 index 0000000000..3b38154c5f --- /dev/null +++ b/contrib/ldns/compat/isblank.c @@ -0,0 +1,15 @@ +/* Just a replacement, if the original isblank is not + present */ + +#if HAVE_CONFIG_H +#include +#endif + +int isblank(int c); + +/* true if character is a blank (space or tab). C99. */ +int +isblank(int c) +{ + return (c == ' ') || (c == '\t'); +} diff --git a/contrib/ldns/compat/malloc.c b/contrib/ldns/compat/malloc.c new file mode 100644 index 0000000000..bbc632e4f6 --- /dev/null +++ b/contrib/ldns/compat/malloc.c @@ -0,0 +1,22 @@ +/* Just a replacement, if the original malloc is not + GNU-compliant. See autoconf documentation. */ + +#if HAVE_CONFIG_H +#include +#endif +#undef malloc + +#include + +void *malloc (); + +/* Allocate an N-byte block of memory from the heap. + If N is zero, allocate a 1-byte block. */ + +void * +rpl_malloc (size_t n) +{ + if (n == 0) + n = 1; + return malloc (n); +} diff --git a/contrib/ldns/compat/memmove.c b/contrib/ldns/compat/memmove.c new file mode 100644 index 0000000000..e458092c33 --- /dev/null +++ b/contrib/ldns/compat/memmove.c @@ -0,0 +1,43 @@ +/* + * memmove.c: memmove compat implementation. + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. +*/ + +#include +#include + +void *memmove(void *dest, const void *src, size_t n); + +void *memmove(void *dest, const void *src, size_t n) +{ + uint8_t* from = (uint8_t*) src; + uint8_t* to = (uint8_t*) dest; + + if (from == to || n == 0) + return dest; + if (to > from && to-from < (int)n) { + /* to overlaps with from */ + /* */ + /* */ + /* copy in reverse, to avoid overwriting from */ + int i; + for(i=n-1; i>=0; i--) + to[i] = from[i]; + return dest; + } + if (from > to && from-to < (int)n) { + /* to overlaps with from */ + /* */ + /* */ + /* copy forwards, to avoid overwriting from */ + size_t i; + for(i=0; i +#endif +#undef realloc + +#include + +void *realloc (void*, size_t); +void *malloc (size_t); + +/* Changes allocation to new sizes, copies over old data. + * if oldptr is NULL, does a malloc. + * if size is zero, allocate 1-byte block.... + * (does not return NULL and free block) + */ + +void * +rpl_realloc (void* ptr, size_t n) +{ + if (n == 0) + n = 1; + if(ptr == 0) { + return malloc(n); + } + return realloc(ptr, n); +} + diff --git a/contrib/ldns/compat/snprintf.c b/contrib/ldns/compat/snprintf.c new file mode 100644 index 0000000000..c668daea16 --- /dev/null +++ b/contrib/ldns/compat/snprintf.c @@ -0,0 +1,770 @@ +#include + +#ifndef HAVE_SNPRINTF + +#include +#include + +/* Define this as a fall through, HAVE_STDARG_H is probably already set */ + +#define HAVE_VARARGS_H + +/************************************************************** + * Original: + * Patrick Powell Tue Apr 11 09:48:21 PDT 1995 + * A bombproof version of doprnt (dopr) included. + * Sigh. This sort of thing is always nasty do deal with. Note that + * the version here does not include floating point... + * + * snprintf() is used instead of sprintf() as it does limit checks + * for string length. This covers a nasty loophole. + * + * The other functions are there to prevent NULL pointers from + * causing nast effects. + * + * More Recently: + * Brandon Long (blong@fiction.net) 9/15/96 for mutt 0.43 + * This was ugly. It is still ugly. I opted out of floating point + * numbers, but the formatter understands just about everything + * from the normal C string format, at least as far as I can tell from + * the Solaris 2.5 printf(3S) man page. + * + * Brandon Long (blong@fiction.net) 10/22/97 for mutt 0.87.1 + * Ok, added some minimal floating point support, which means this + * probably requires libm on most operating systems. Don't yet + * support the exponent (e,E) and sigfig (g,G). Also, fmtint() + * was pretty badly broken, it just wasn't being exercised in ways + * which showed it, so that's been fixed. Also, formated the code + * to mutt conventions, and removed dead code left over from the + * original. Also, there is now a builtin-test, just compile with: + * gcc -DTEST_SNPRINTF -o snprintf snprintf.c -lm + * and run snprintf for results. + * + **************************************************************/ + + +/* varargs declarations: */ + +#if defined(HAVE_STDARG_H) +# include +# define HAVE_STDARGS /* let's hope that works everywhere (mj) */ +# define VA_LOCAL_DECL va_list ap +# define VA_START(f) va_start(ap, f) +# define VA_SHIFT(v,t) ; /* no-op for ANSI */ +# define VA_END va_end(ap) +#else +# if defined(HAVE_VARARGS_H) +# include +# undef HAVE_STDARGS +# define VA_LOCAL_DECL va_list ap +# define VA_START(f) va_start(ap) /* f is ignored! */ +# define VA_SHIFT(v,t) v = va_arg(ap,t) +# define VA_END va_end(ap) +# else +/*XX ** NO VARARGS ** XX*/ +# endif +#endif + +int snprintf (char *str, size_t count, const char *fmt, ...); +int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); + +static void dopr (char *buffer, size_t maxlen, const char *format, + va_list args); +static void fmtstr (char *buffer, size_t *currlen, size_t maxlen, + char *value, int flags, int min, int max); +static void fmtint (char *buffer, size_t *currlen, size_t maxlen, + long value, int base, int min, int max, int flags); +static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, + long double fvalue, int min, int max, int flags); +static void dopr_outch (char *buffer, size_t *currlen, size_t maxlen, char c ); + +int vsnprintf (char *str, size_t count, const char *fmt, va_list args) +{ + str[0] = 0; + dopr(str, count, fmt, args); + return(strlen(str)); +} + +/* VARARGS3 */ +#ifdef HAVE_STDARGS +int snprintf (char *str,size_t count,const char *fmt,...) +#else +int snprintf (va_alist) va_dcl +#endif +{ +#ifndef HAVE_STDARGS + char *str; + size_t count; + char *fmt; +#endif + VA_LOCAL_DECL; + + VA_START (fmt); + VA_SHIFT (str, char *); + VA_SHIFT (count, size_t ); + VA_SHIFT (fmt, char *); + (void) vsnprintf(str, count, fmt, ap); + VA_END; + return(strlen(str)); +} + +/* + * dopr(): poor man's version of doprintf + */ + +/* format read states */ +#define DP_S_DEFAULT 0 +#define DP_S_FLAGS 1 +#define DP_S_MIN 2 +#define DP_S_DOT 3 +#define DP_S_MAX 4 +#define DP_S_MOD 5 +#define DP_S_CONV 6 +#define DP_S_DONE 7 + +/* format flags - Bits */ +#define DP_F_MINUS 1 +#define DP_F_PLUS 2 +#define DP_F_SPACE 4 +#define DP_F_NUM 8 +#define DP_F_ZERO 16 +#define DP_F_UP 32 + +/* Conversion Flags */ +#define DP_C_SHORT 1 +#define DP_C_LONG 2 +#define DP_C_LDOUBLE 3 + +#define char_to_int(p) (p - '0') +#define MAX(p,q) ((p >= q) ? p : q) + +static void dopr (char *buffer, size_t maxlen, const char *format, va_list args) +{ + char ch; + long value; + long double fvalue; + char *strvalue; + int min; + int max; + int state; + int flags; + int cflags; + size_t currlen; + + state = DP_S_DEFAULT; + currlen = flags = cflags = min = 0; + max = -1; + ch = *format++; + + while (state != DP_S_DONE) + { + if ((ch == '\0') || (currlen >= maxlen)) + state = DP_S_DONE; + + switch(state) + { + case DP_S_DEFAULT: + if (ch == '%') + state = DP_S_FLAGS; + else + dopr_outch (buffer, &currlen, maxlen, ch); + ch = *format++; + break; + case DP_S_FLAGS: + switch (ch) + { + case '-': + flags |= DP_F_MINUS; + ch = *format++; + break; + case '+': + flags |= DP_F_PLUS; + ch = *format++; + break; + case ' ': + flags |= DP_F_SPACE; + ch = *format++; + break; + case '#': + flags |= DP_F_NUM; + ch = *format++; + break; + case '0': + flags |= DP_F_ZERO; + ch = *format++; + break; + default: + state = DP_S_MIN; + break; + } + break; + case DP_S_MIN: + if (isdigit((int) ch)) + { + min = 10*min + char_to_int (ch); + ch = *format++; + } + else if (ch == '*') + { + min = va_arg (args, int); + ch = *format++; + state = DP_S_DOT; + } + else + state = DP_S_DOT; + break; + case DP_S_DOT: + if (ch == '.') + { + state = DP_S_MAX; + ch = *format++; + } + else + state = DP_S_MOD; + break; + case DP_S_MAX: + if (isdigit((int) ch)) + { + if (max < 0) + max = 0; + max = 10*max + char_to_int (ch); + ch = *format++; + } + else if (ch == '*') + { + max = va_arg (args, int); + ch = *format++; + state = DP_S_MOD; + } + else + state = DP_S_MOD; + break; + case DP_S_MOD: + /* Currently, we don't support Long Long, bummer */ + switch (ch) + { + case 'h': + cflags = DP_C_SHORT; + ch = *format++; + break; + case 'l': + cflags = DP_C_LONG; + ch = *format++; + break; + case 'L': + cflags = DP_C_LDOUBLE; + ch = *format++; + break; + default: + break; + } + state = DP_S_CONV; + break; + case DP_S_CONV: + switch (ch) + { + case 'd': + case 'i': + if (cflags == DP_C_SHORT) + value = va_arg (args, int); + else if (cflags == DP_C_LONG) + value = va_arg (args, long int); + else + value = va_arg (args, int); + fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); + break; + case 'o': + flags &= ~DP_F_PLUS; + if (cflags == DP_C_SHORT) + value = va_arg (args, unsigned int); + else if (cflags == DP_C_LONG) + value = va_arg (args, unsigned long int); + else + value = va_arg (args, unsigned int); + fmtint (buffer, &currlen, maxlen, value, 8, min, max, flags); + break; + case 'u': + flags &= ~DP_F_PLUS; + if (cflags == DP_C_SHORT) + value = va_arg (args, unsigned int); + else if (cflags == DP_C_LONG) + value = va_arg (args, unsigned long int); + else + value = va_arg (args, unsigned int); + fmtint (buffer, &currlen, maxlen, value, 10, min, max, flags); + break; + case 'X': + flags |= DP_F_UP; + case 'x': + flags &= ~DP_F_PLUS; + if (cflags == DP_C_SHORT) + value = va_arg (args, unsigned int); + else if (cflags == DP_C_LONG) + value = va_arg (args, unsigned long int); + else + value = va_arg (args, unsigned int); + fmtint (buffer, &currlen, maxlen, value, 16, min, max, flags); + break; + case 'f': + if (cflags == DP_C_LDOUBLE) + fvalue = va_arg (args, long double); + else + fvalue = va_arg (args, double); + /* um, floating point? */ + fmtfp (buffer, &currlen, maxlen, fvalue, min, max, flags); + break; + case 'E': + flags |= DP_F_UP; + case 'e': + if (cflags == DP_C_LDOUBLE) + fvalue = va_arg (args, long double); + else + fvalue = va_arg (args, double); + break; + case 'G': + flags |= DP_F_UP; + case 'g': + if (cflags == DP_C_LDOUBLE) + fvalue = va_arg (args, long double); + else + fvalue = va_arg (args, double); + break; + case 'c': + dopr_outch (buffer, &currlen, maxlen, va_arg (args, int)); + break; + case 's': + strvalue = va_arg (args, char *); + if (max < 0) + max = maxlen; /* ie, no max */ + fmtstr (buffer, &currlen, maxlen, strvalue, flags, min, max); + break; + case 'p': + strvalue = va_arg (args, void *); + fmtint (buffer, &currlen, maxlen, (long) strvalue, 16, min, max, flags); + break; + case 'n': + if (cflags == DP_C_SHORT) + { + short int *num; + num = va_arg (args, short int *); + *num = currlen; + } + else if (cflags == DP_C_LONG) + { + long int *num; + num = va_arg (args, long int *); + *num = currlen; + } + else + { + int *num; + num = va_arg (args, int *); + *num = currlen; + } + break; + case '%': + dopr_outch (buffer, &currlen, maxlen, ch); + break; + case 'w': + /* not supported yet, treat as next char */ + ch = *format++; + break; + default: + /* Unknown, skip */ + break; + } + ch = *format++; + state = DP_S_DEFAULT; + flags = cflags = min = 0; + max = -1; + break; + case DP_S_DONE: + break; + default: + /* hmm? */ + break; /* some picky compilers need this */ + } + } + if (currlen < maxlen - 1) + buffer[currlen] = '\0'; + else + buffer[maxlen - 1] = '\0'; +} + +static void fmtstr (char *buffer, size_t *currlen, size_t maxlen, + char *value, int flags, int min, int max) +{ + int padlen, strln; /* amount to pad */ + int cnt = 0; + + if (value == 0) + { + value = (char *) ""; + } + + for (strln = 0; value[strln]; ++strln); /* strlen */ + padlen = min - strln; + if (padlen < 0) + padlen = 0; + if (flags & DP_F_MINUS) + padlen = -padlen; /* Left Justify */ + + while ((padlen > 0) && (cnt < max)) + { + dopr_outch (buffer, currlen, maxlen, ' '); + --padlen; + ++cnt; + } + while (*value && (cnt < max)) + { + dopr_outch (buffer, currlen, maxlen, *value++); + ++cnt; + } + while ((padlen < 0) && (cnt < max)) + { + dopr_outch (buffer, currlen, maxlen, ' '); + ++padlen; + ++cnt; + } +} + +/* Have to handle DP_F_NUM (ie 0x and 0 alternates) */ + +static void fmtint (char *buffer, size_t *currlen, size_t maxlen, + long value, int base, int min, int max, int flags) +{ + int signvalue = 0; + unsigned long uvalue; + char convert[20]; + int place = 0; + int spadlen = 0; /* amount to space pad */ + int zpadlen = 0; /* amount to zero pad */ + int caps = 0; + + if (max < 0) + max = 0; + + uvalue = value; + if( value < 0 ) { + signvalue = '-'; + uvalue = -value; + } + else + if (flags & DP_F_PLUS) /* Do a sign (+/i) */ + signvalue = '+'; + else + if (flags & DP_F_SPACE) + signvalue = ' '; + + if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ + + do { + convert[place++] = + (caps? "0123456789ABCDEF":"0123456789abcdef") + [uvalue % (unsigned)base ]; + uvalue = (uvalue / (unsigned)base ); + } while(uvalue && (place < 20)); + if (place == 20) place--; + convert[place] = 0; + + zpadlen = max - place; + spadlen = min - MAX (max, place) - (signvalue ? 1 : 0); + if (zpadlen < 0) zpadlen = 0; + if (spadlen < 0) spadlen = 0; + if (flags & DP_F_ZERO) + { + zpadlen = MAX(zpadlen, spadlen); + spadlen = 0; + } + if (flags & DP_F_MINUS) + spadlen = -spadlen; /* Left Justifty */ + +#ifdef DEBUG_SNPRINTF + dprint (1, (debugfile, "zpad: %d, spad: %d, min: %d, max: %d, place: %d\n", + zpadlen, spadlen, min, max, place)); +#endif + + /* Spaces */ + while (spadlen > 0) + { + dopr_outch (buffer, currlen, maxlen, ' '); + --spadlen; + } + + /* Sign */ + if (signvalue) + dopr_outch (buffer, currlen, maxlen, signvalue); + + /* Zeros */ + if (zpadlen > 0) + { + while (zpadlen > 0) + { + dopr_outch (buffer, currlen, maxlen, '0'); + --zpadlen; + } + } + + /* Digits */ + while (place > 0) + dopr_outch (buffer, currlen, maxlen, convert[--place]); + + /* Left Justified spaces */ + while (spadlen < 0) { + dopr_outch (buffer, currlen, maxlen, ' '); + ++spadlen; + } +} + +static long double abs_val (long double value) +{ + long double result = value; + + if (value < 0) + result = -value; + + return result; +} + +static double pow10 (double exp) +{ + long double result = 1; + + while (exp) + { + result *= 10; + exp--; + } + + return result; +} + +static double round (double value) +{ + long intpart; + + intpart = value; + value = value - intpart; + if (value >= 0.5) + intpart++; + + return intpart; +} + +static void fmtfp (char *buffer, size_t *currlen, size_t maxlen, + long double fvalue, int min, int max, int flags) +{ + int signvalue = 0; + long double ufvalue; + char iconvert[20]; + char fconvert[20]; + int iplace = 0; + int fplace = 0; + int padlen = 0; /* amount to pad */ + int zpadlen = 0; + int caps = 0; + long intpart; + long fracpart; + + /* + * AIX manpage says the default is 0, but Solaris says the default + * is 6, and sprintf on AIX defaults to 6 + */ + if (max < 0) + max = 6; + + ufvalue = abs_val (fvalue); + + if (fvalue < 0) + signvalue = '-'; + else + if (flags & DP_F_PLUS) /* Do a sign (+/i) */ + signvalue = '+'; + else + if (flags & DP_F_SPACE) + signvalue = ' '; + +#if 0 + if (flags & DP_F_UP) caps = 1; /* Should characters be upper case? */ +#endif + + intpart = ufvalue; + + /* + * Sorry, we only support 9 digits past the decimal because of our + * conversion method + */ + if (max > 9) + max = 9; + + /* We "cheat" by converting the fractional part to integer by + * multiplying by a factor of 10 + */ + fracpart = round ((pow10 (max)) * (ufvalue - intpart)); + + if (fracpart >= pow10 (max)) + { + intpart++; + fracpart -= pow10 (max); + } + +#ifdef DEBUG_SNPRINTF + dprint (1, (debugfile, "fmtfp: %f =? %d.%d\n", fvalue, intpart, fracpart)); +#endif + + /* Convert integer part */ + do { + iconvert[iplace++] = + (caps? "0123456789ABCDEF":"0123456789abcdef")[intpart % 10]; + intpart = (intpart / 10); + } while(intpart && (iplace < 20)); + if (iplace == 20) iplace--; + iconvert[iplace] = 0; + + /* Convert fractional part */ + do { + fconvert[fplace++] = + (caps? "0123456789ABCDEF":"0123456789abcdef")[fracpart % 10]; + fracpart = (fracpart / 10); + } while(fracpart && (fplace < 20)); + if (fplace == 20) fplace--; + fconvert[fplace] = 0; + + /* -1 for decimal point, another -1 if we are printing a sign */ + padlen = min - iplace - max - 1 - ((signvalue) ? 1 : 0); + zpadlen = max - fplace; + if (zpadlen < 0) + zpadlen = 0; + if (padlen < 0) + padlen = 0; + if (flags & DP_F_MINUS) + padlen = -padlen; /* Left Justifty */ + + if ((flags & DP_F_ZERO) && (padlen > 0)) + { + if (signvalue) + { + dopr_outch (buffer, currlen, maxlen, signvalue); + --padlen; + signvalue = 0; + } + while (padlen > 0) + { + dopr_outch (buffer, currlen, maxlen, '0'); + --padlen; + } + } + while (padlen > 0) + { + dopr_outch (buffer, currlen, maxlen, ' '); + --padlen; + } + if (signvalue) + dopr_outch (buffer, currlen, maxlen, signvalue); + + while (iplace > 0) + dopr_outch (buffer, currlen, maxlen, iconvert[--iplace]); + + /* + * Decimal point. This should probably use locale to find the correct + * char to print out. + */ + dopr_outch (buffer, currlen, maxlen, '.'); + + while (fplace > 0) + dopr_outch (buffer, currlen, maxlen, fconvert[--fplace]); + + while (zpadlen > 0) + { + dopr_outch (buffer, currlen, maxlen, '0'); + --zpadlen; + } + + while (padlen < 0) + { + dopr_outch (buffer, currlen, maxlen, ' '); + ++padlen; + } +} + +static void dopr_outch (char *buffer, size_t *currlen, size_t maxlen, char c) +{ + if (*currlen < maxlen) + buffer[(*currlen)++] = c; +} + +#ifdef TEST_SNPRINTF +#ifndef LONG_STRING +#define LONG_STRING 1024 +#endif +int main (void) +{ + char buf1[LONG_STRING]; + char buf2[LONG_STRING]; + char *fp_fmt[] = { + "%-1.5f", + "%1.5f", + "%123.9f", + "%10.5f", + "% 10.5f", + "%+22.9f", + "%+4.9f", + "%01.3f", + "%4f", + "%3.1f", + "%3.2f", + NULL + }; + double fp_nums[] = { -1.5, 134.21, 91340.2, 341.1234, 0203.9, 0.96, 0.996, + 0.9996, 1.996, 4.136, 0}; + char *int_fmt[] = { + "%-1.5d", + "%1.5d", + "%123.9d", + "%5.5d", + "%10.5d", + "% 10.5d", + "%+22.33d", + "%01.3d", + "%4d", + NULL + }; + long int_nums[] = { -1, 134, 91340, 341, 0203, 0}; + int x, y; + int fail = 0; + int num = 0; + + printf ("Testing snprintf format codes against system sprintf...\n"); + + for (x = 0; fp_fmt[x] != NULL ; x++) + for (y = 0; fp_nums[y] != 0 ; y++) + { + snprintf (buf1, sizeof (buf1), fp_fmt[x], fp_nums[y]); + sprintf (buf2, fp_fmt[x], fp_nums[y]); + if (strcmp (buf1, buf2)) + { + printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", + fp_fmt[x], buf1, buf2); + fail++; + } + num++; + } + + for (x = 0; int_fmt[x] != NULL ; x++) + for (y = 0; int_nums[y] != 0 ; y++) + { + snprintf (buf1, sizeof (buf1), int_fmt[x], int_nums[y]); + sprintf (buf2, int_fmt[x], int_nums[y]); + if (strcmp (buf1, buf2)) + { + printf("snprintf doesn't match Format: %s\n\tsnprintf = %s\n\tsprintf = %s\n", + int_fmt[x], buf1, buf2); + fail++; + } + num++; + } + printf ("%d tests failed out of %d.\n", fail, num); +} +#endif /* SNPRINTF_TEST */ + +#endif /* !HAVE_SNPRINTF */ diff --git a/contrib/ldns/compat/strlcpy.c b/contrib/ldns/compat/strlcpy.c new file mode 100644 index 0000000000..d6c34c1d83 --- /dev/null +++ b/contrib/ldns/compat/strlcpy.c @@ -0,0 +1,57 @@ +/* from openssh 4.3p2 compat/strlcpy.c */ +/* + * Copyright (c) 1998 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ + +#include +#ifndef HAVE_STRLCPY + +#include +#include + +/* + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t +strlcpy(char *dst, const char *src, size_t siz) +{ + char *d = dst; + const char *s = src; + size_t n = siz; + + /* Copy as many bytes as will fit */ + if (n != 0 && --n != 0) { + do { + if ((*d++ = *s++) == 0) + break; + } while (--n != 0); + } + + /* Not enough room in dst, add NUL and traverse rest of src */ + if (n == 0) { + if (siz != 0) + *d = '\0'; /* NUL-terminate dst */ + while (*s++) + ; + } + + return(s - src - 1); /* count does not include NUL */ +} + +#endif /* !HAVE_STRLCPY */ diff --git a/contrib/ldns/compat/timegm.c b/contrib/ldns/compat/timegm.c new file mode 100644 index 0000000000..97e1e54436 --- /dev/null +++ b/contrib/ldns/compat/timegm.c @@ -0,0 +1,31 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#ifdef HAVE_STDLIB_H +#include +#endif + +#include + +time_t +timegm (struct tm *tm) { + time_t ret; + char *tz; + + tz = getenv("TZ"); + putenv((char*)"TZ="); + tzset(); + ret = mktime(tm); + if (tz) { + char buf[256]; + snprintf(buf, sizeof(buf), "TZ=%s", tz); + putenv(tz); + } + else + putenv((char*)"TZ"); + tzset(); + return ret; +} diff --git a/contrib/ldns/dname.c b/contrib/ldns/dname.c new file mode 100644 index 0000000000..e5c80317d1 --- /dev/null +++ b/contrib/ldns/dname.c @@ -0,0 +1,528 @@ +/* + * dname.c + * + * dname specific rdata implementations + * A dname is a rdf structure with type LDNS_RDF_TYPE_DNAME + * It is not a /real/ type! All function must therefor check + * for LDNS_RDF_TYPE_DNAME. + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +ldns_rdf * +ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2) +{ + ldns_rdf *new; + uint16_t new_size; + uint8_t *buf; + uint16_t left_size; + + if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + + /* remove root label if it is present at the end of the left + * rd, by reducing the size with 1 + */ + left_size = ldns_rdf_size(rd1); + if (left_size > 0 &&ldns_rdf_data(rd1)[left_size - 1] == 0) { + left_size--; + } + + /* we overwrite the nullbyte of rd1 */ + new_size = left_size + ldns_rdf_size(rd2); + buf = LDNS_XMALLOC(uint8_t, new_size); + if (!buf) { + return NULL; + } + + /* put the two dname's after each other */ + memcpy(buf, ldns_rdf_data(rd1), left_size); + memcpy(buf + left_size, ldns_rdf_data(rd2), ldns_rdf_size(rd2)); + + new = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, new_size, buf); + + LDNS_FREE(buf); + return new; +} + +ldns_status +ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2) +{ + uint16_t left_size; + uint16_t size; + + if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) { + return LDNS_STATUS_ERR; + } + + /* remove root label if it is present at the end of the left + * rd, by reducing the size with 1 + */ + left_size = ldns_rdf_size(rd1); + if (left_size > 0 &&ldns_rdf_data(rd1)[left_size - 1] == 0) { + left_size--; + } + + size = left_size + ldns_rdf_size(rd2); + + ldns_rdf_set_data(rd1, LDNS_XREALLOC(ldns_rdf_data(rd1), uint8_t, size)); + memcpy(ldns_rdf_data(rd1) + left_size, ldns_rdf_data(rd2), + ldns_rdf_size(rd2)); + ldns_rdf_set_size(rd1, size); + + return LDNS_STATUS_OK; +} + +ldns_rdf * +ldns_dname_reverse(const ldns_rdf *d) +{ + ldns_rdf *new; + ldns_rdf *tmp; + ldns_rdf *d_tmp; + ldns_status status; + + d_tmp = ldns_rdf_clone(d); + + new = ldns_dname_new_frm_str("."); + + while(ldns_dname_label_count(d_tmp) > 0) { + tmp = ldns_dname_label(d_tmp, 0); + status = ldns_dname_cat(tmp, new); + ldns_rdf_deep_free(new); + new = tmp; + tmp = ldns_dname_left_chop(d_tmp); + ldns_rdf_deep_free(d_tmp); + d_tmp = tmp; + } + ldns_rdf_deep_free(d_tmp); + + return new; +} + +ldns_rdf * +ldns_dname_clone_from(const ldns_rdf *d, uint16_t n) +{ + uint8_t *data; + uint8_t label_size; + size_t data_size; + + if (!d || + ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME || + ldns_dname_label_count(d) < n) { + return NULL; + } + + data = ldns_rdf_data(d); + data_size = ldns_rdf_size(d); + while (n > 0) { + label_size = data[0] + 1; + data += label_size; + if (data_size < label_size) { + /* this label is very broken */ + return NULL; + } + data_size -= label_size; + n--; + } + + return ldns_dname_new_frm_data(data_size, data); +} + +ldns_rdf * +ldns_dname_left_chop(const ldns_rdf *d) +{ + uint8_t label_pos; + ldns_rdf *chop; + + if (!d) { + return NULL; + } + + if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + if (ldns_dname_label_count(d) == 0) { + /* root label */ + return NULL; + } + /* 05blaat02nl00 */ + label_pos = ldns_rdf_data(d)[0]; + + chop = ldns_dname_new_frm_data(ldns_rdf_size(d) - label_pos - 1, + ldns_rdf_data(d) + label_pos + 1); + return chop; +} + +uint8_t +ldns_dname_label_count(const ldns_rdf *r) +{ + uint16_t src_pos; + uint16_t len; + uint8_t i; + size_t r_size; + + if (!r) { + return 0; + } + + i = 0; + src_pos = 0; + r_size = ldns_rdf_size(r); + + if (ldns_rdf_get_type(r) != LDNS_RDF_TYPE_DNAME) { + return 0; + } else { + len = ldns_rdf_data(r)[src_pos]; /* start of the label */ + + /* single root label */ + if (1 == r_size) { + return 0; + } else { + while ((len > 0) && src_pos < r_size) { + src_pos++; + src_pos += len; + len = ldns_rdf_data(r)[src_pos]; + i++; + } + } + } + return i; +} + +ldns_rdf * +ldns_dname_new(uint16_t s, void *d) +{ + ldns_rdf *rd; + + rd = LDNS_MALLOC(ldns_rdf); + if (!rd) { + return NULL; + } + ldns_rdf_set_size(rd, s); + ldns_rdf_set_type(rd, LDNS_RDF_TYPE_DNAME); + ldns_rdf_set_data(rd, d); + return rd; +} + +ldns_rdf * +ldns_dname_new_frm_str(const char *str) +{ + return ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, str); +} + +ldns_rdf * +ldns_dname_new_frm_data(uint16_t size, const void *data) +{ + return ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, size, data); +} + +void +ldns_dname2canonical(const ldns_rdf *rd) +{ + uint8_t *rdd; + uint16_t i; + + if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_DNAME) { + return; + } + + rdd = (uint8_t*)ldns_rdf_data(rd); + for (i = 0; i < ldns_rdf_size(rd); i++, rdd++) { + *rdd = (uint8_t)LDNS_DNAME_NORMALIZE((int)*rdd); + } +} + +bool +ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent) +{ + uint8_t sub_lab; + uint8_t par_lab; + int8_t i, j; + ldns_rdf *tmp_sub = NULL; + ldns_rdf *tmp_par = NULL; + ldns_rdf *sub_clone; + ldns_rdf *parent_clone; + bool result = true; + + if (ldns_rdf_get_type(sub) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_compare(sub, parent) == 0) { + return false; + } + + /* would be nicer if we do not have to clone... */ + sub_clone = ldns_dname_clone_from(sub, 0); + parent_clone = ldns_dname_clone_from(parent, 0); + ldns_dname2canonical(sub_clone); + ldns_dname2canonical(parent_clone); + + sub_lab = ldns_dname_label_count(sub_clone); + par_lab = ldns_dname_label_count(parent_clone); + + /* if sub sits above parent, it cannot be a child/sub domain */ + if (sub_lab < par_lab) { + result = false; + } else { + /* check all labels the from the parent labels, from right to left. + * When they /all/ match we have found a subdomain + */ + j = sub_lab - 1; /* we count from zero, thank you */ + for (i = par_lab -1; i >= 0; i--) { + tmp_sub = ldns_dname_label(sub_clone, j); + tmp_par = ldns_dname_label(parent_clone, i); + if (!tmp_sub || !tmp_par) { + /* deep free does null check */ + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + result = false; + break; + } + + if (ldns_rdf_compare(tmp_sub, tmp_par) != 0) { + /* they are not equal */ + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + result = false; + break; + } + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + j--; + } + } + ldns_rdf_deep_free(sub_clone); + ldns_rdf_deep_free(parent_clone); + return result; +} + +int +ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2) +{ + size_t lc1, lc2, lc1f, lc2f; + size_t i; + int result = 0; + uint8_t *lp1, *lp2; + + /* see RFC4034 for this algorithm */ + /* this algorithm assumes the names are normalized to case */ + + /* only when both are not NULL we can say anything about them */ + if (!dname1 && !dname2) { + return 0; + } + if (!dname1 || !dname2) { + return -1; + } + /* asserts must happen later as we are looking in the + * dname, which could be NULL. But this case is handled + * above + */ + assert(ldns_rdf_get_type(dname1) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(dname2) == LDNS_RDF_TYPE_DNAME); + + lc1 = ldns_dname_label_count(dname1); + lc2 = ldns_dname_label_count(dname2); + + if (lc1 == 0 && lc2 == 0) { + return 0; + } + if (lc1 == 0) { + return -1; + } + if (lc2 == 0) { + return 1; + } + lc1--; + lc2--; + /* we start at the last label */ + while (true) { + /* find the label first */ + lc1f = lc1; + lp1 = ldns_rdf_data(dname1); + while (lc1f > 0) { + lp1 += *lp1 + 1; + lc1f--; + } + + /* and find the other one */ + lc2f = lc2; + lp2 = ldns_rdf_data(dname2); + while (lc2f > 0) { + lp2 += *lp2 + 1; + lc2f--; + } + + /* now check the label character for character. */ + for (i = 1; i < (size_t)(*lp1 + 1); i++) { + if (i > *lp2) { + /* apparently label 1 is larger */ + result = 1; + goto done; + } + if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) < + LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) { + result = -1; + goto done; + } else if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) > + LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) { + result = 1; + goto done; + } + } + if (*lp1 < *lp2) { + /* apparently label 2 is larger */ + result = -1; + goto done; + } + if (lc1 == 0 && lc2 > 0) { + result = -1; + goto done; + } else if (lc1 > 0 && lc2 == 0) { + result = 1; + goto done; + } else if (lc1 == 0 && lc2 == 0) { + result = 0; + goto done; + } + lc1--; + lc2--; + } + + done: + return result; +} + +int +ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard) +{ + ldns_rdf *wc_chopped; + int result; + /* check whether it really is a wildcard */ + if (ldns_dname_label_count(wildcard) > 0 && + ldns_rdf_data(wildcard)[0] == 1 && + ldns_rdf_data(wildcard)[1] == '*') { + /* ok, so the dname needs to be a subdomain of the wildcard + * without the * + */ + wc_chopped = ldns_dname_left_chop(wildcard); + result = (int) ldns_dname_is_subdomain(dname, wc_chopped); + ldns_rdf_deep_free(wc_chopped); + } else { + result = (ldns_dname_compare(dname, wildcard) == 0); + } + return result; +} + +/* nsec test: does prev <= middle < next + * -1 = yes + * 0 = error/can't tell + * 1 = no + */ +int +ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, + const ldns_rdf *next) +{ + int prev_check, next_check; + + assert(ldns_rdf_get_type(prev) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(middle) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(next) == LDNS_RDF_TYPE_DNAME); + + prev_check = ldns_dname_compare(prev, middle); + next_check = ldns_dname_compare(middle, next); + /* <= next. This cannot be the case for nsec, because then we would + * have gotten the nsec of next... + */ + if (next_check == 0) { + return 0; + } + + /* <= */ + if ((prev_check == -1 || prev_check == 0) && + /* < */ + next_check == -1) { + return -1; + } else { + return 1; + } +} + + +bool +ldns_dname_str_absolute(const char *dname_str) +{ + if(dname_str && strcmp(dname_str, ".") == 0) + return 1; + return (dname_str && + strlen(dname_str) > 1 && + dname_str[strlen(dname_str) - 1] == '.' && + dname_str[strlen(dname_str) - 2] != '\\'); +} + +ldns_rdf * +ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos) +{ + uint8_t labelcnt; + uint16_t src_pos; + uint16_t len; + ldns_rdf *tmpnew; + size_t s; + + if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + + labelcnt = 0; + src_pos = 0; + s = ldns_rdf_size(rdf); + + len = ldns_rdf_data(rdf)[src_pos]; /* label start */ + while ((len > 0) && src_pos < s) { + if (labelcnt == labelpos) { + /* found our label */ + tmpnew = LDNS_MALLOC(ldns_rdf); + if (!tmpnew) { + return NULL; + } + tmpnew->_type = LDNS_RDF_TYPE_DNAME; + tmpnew->_data = LDNS_XMALLOC(uint8_t, len + 2); + if (!tmpnew->_data) { + LDNS_FREE(tmpnew); + return NULL; + } + memset(tmpnew->_data, 0, len + 2); + memcpy(tmpnew->_data, ldns_rdf_data(rdf) + src_pos, len + 1); + tmpnew->_size = len + 2; + return tmpnew; + } + src_pos++; + src_pos += len; + len = ldns_rdf_data(rdf)[src_pos]; + labelcnt++; + } + return NULL; +} diff --git a/contrib/ldns/dnssec.c b/contrib/ldns/dnssec.c new file mode 100644 index 0000000000..c39985f92a --- /dev/null +++ b/contrib/ldns/dnssec.c @@ -0,0 +1,1578 @@ +/* + * dnssec.c + * + * contains the cryptographic function needed for DNSSEC in ldns + * The crypto library used is openssl + * + * (c) NLnet Labs, 2004-2008 + * + * See the file LICENSE for the license + */ + +#include + +#include +#include + +#include +#include + +#ifdef HAVE_SSL +#include +#include +#include +#include +#include +#endif + +ldns_rr * +ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, + const ldns_rr_type type, + const ldns_rr_list *rrs) +{ + size_t i; + ldns_rr *candidate; + + if (!name || !rrs) { + return NULL; + } + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + candidate = ldns_rr_list_rr(rrs, i); + if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_RRSIG) { + if (ldns_dname_compare(ldns_rr_owner(candidate), + name) == 0 && + ldns_rdf2native_int8(ldns_rr_rrsig_typecovered(candidate)) + == type + ) { + return candidate; + } + } + } + + return NULL; +} + +ldns_rr * +ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, + const ldns_rr_list *rrs) +{ + size_t i; + ldns_rr *candidate; + + if (!rrsig || !rrs) { + return NULL; + } + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + candidate = ldns_rr_list_rr(rrs, i); + if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_dname_compare(ldns_rr_owner(candidate), + ldns_rr_rrsig_signame(rrsig)) == 0 && + ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) == + ldns_calc_keytag(candidate) + ) { + return candidate; + } + } + } + + return NULL; +} + +ldns_rdf * +ldns_nsec_get_bitmap(ldns_rr *nsec) { + if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) { + return ldns_rr_rdf(nsec, 1); + } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) { + return ldns_rr_rdf(nsec, 5); + } else { + return NULL; + } +} + +/*return the owner name of the closest encloser for name from the list of rrs */ +/* this is NOT the hash, but the original name! */ +ldns_rdf * +ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, + ATTR_UNUSED(ldns_rr_type qtype), + ldns_rr_list *nsec3s) +{ + /* remember parameters, they must match */ + uint8_t algorithm; + uint32_t iterations; + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *sname, *hashed_sname, *tmp; + ldns_rr *ce; + bool flag; + + bool exact_match_found; + bool in_range_found; + + ldns_status status; + ldns_rdf *zone_name; + + size_t nsec_i; + ldns_rr *nsec; + ldns_rdf *result = NULL; + qtype = qtype; + + if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { + return NULL; + } + + nsec = ldns_rr_list_rr(nsec3s, 0); + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + + sname = ldns_rdf_clone(qname); + + ce = NULL; + flag = false; + + zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); + + /* algorithm from nsec3-07 8.3 */ + while (ldns_dname_label_count(sname) > 0) { + exact_match_found = false; + in_range_found = false; + + hashed_sname = ldns_nsec3_hash_name(sname, + algorithm, + iterations, + salt_length, + salt); + + status = ldns_dname_cat(hashed_sname, zone_name); + + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) { + nsec = ldns_rr_list_rr(nsec3s, nsec_i); + + /* check values of iterations etc! */ + + /* exact match? */ + if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) { + exact_match_found = true; + } else if (ldns_nsec_covers_name(nsec, hashed_sname)) { + in_range_found = true; + } + + } + if (!exact_match_found && in_range_found) { + flag = true; + } else if (exact_match_found && flag) { + result = ldns_rdf_clone(sname); + /* RFC 5155: 8.3. 2.** "The proof is complete" */ + ldns_rdf_deep_free(hashed_sname); + goto done; + } else if (exact_match_found && !flag) { + /* error! */ + ldns_rdf_deep_free(hashed_sname); + goto done; + } else { + flag = false; + } + + ldns_rdf_deep_free(hashed_sname); + tmp = sname; + sname = ldns_dname_left_chop(sname); + ldns_rdf_deep_free(tmp); + } + + done: + LDNS_FREE(salt); + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + + return result; +} + +bool +ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt) +{ + size_t i; + for (i = 0; i < ldns_pkt_ancount(pkt); i++) { + if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_answer(pkt), i)) == + LDNS_RR_TYPE_RRSIG) { + return true; + } + } + for (i = 0; i < ldns_pkt_nscount(pkt); i++) { + if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_authority(pkt), i)) == + LDNS_RR_TYPE_RRSIG) { + return true; + } + } + return false; +} + +ldns_rr_list * +ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, + ldns_rdf *name, + ldns_rr_type type) +{ + uint16_t t_netorder; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + + sigs = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION + ); + + t_netorder = htons(type); /* rdf are in network order! */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, LDNS_RDF_SIZE_WORD, &t_netorder); + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + + ldns_rdf_free(rdf_t); + ldns_rr_list_deep_free(sigs); + + return sigs_covered; + +} + +ldns_rr_list * +ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type) +{ + uint16_t t_netorder; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + + sigs = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION + ); + + t_netorder = htons(type); /* rdf are in network order! */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, + 2, + &t_netorder); + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + + ldns_rdf_free(rdf_t); + ldns_rr_list_deep_free(sigs); + + return sigs_covered; + +} + +/* used only on the public key RR */ +uint16_t +ldns_calc_keytag(const ldns_rr *key) +{ + uint16_t ac16; + ldns_buffer *keybuf; + size_t keysize; + + if (!key) { + return 0; + } + + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(key) != LDNS_RR_TYPE_KEY + ) { + return 0; + } + + /* rdata to buf - only put the rdata in a buffer */ + keybuf = ldns_buffer_new(LDNS_MIN_BUFLEN); /* grows */ + if (!keybuf) { + return 0; + } + (void)ldns_rr_rdata2buffer_wire(keybuf, key); + /* the current pos in the buffer is the keysize */ + keysize= ldns_buffer_position(keybuf); + + ac16 = ldns_calc_keytag_raw(ldns_buffer_begin(keybuf), keysize); + ldns_buffer_free(keybuf); + return ac16; +} + +uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize) +{ + unsigned int i; + uint32_t ac32; + uint16_t ac16; + + if(keysize < 4) { + return 0; + } + /* look at the algorithm field, copied from 2535bis */ + if (key[3] == LDNS_RSAMD5) { + ac16 = 0; + if (keysize > 4) { + memmove(&ac16, key + keysize - 3, 2); + } + ac16 = ntohs(ac16); + return (uint16_t) ac16; + } else { + ac32 = 0; + for (i = 0; (size_t)i < keysize; ++i) { + ac32 += (i & 1) ? key[i] : key[i] << 8; + } + ac32 += (ac32 >> 16) & 0xFFFF; + return (uint16_t) (ac32 & 0xFFFF); + } +} + +#ifdef HAVE_SSL +DSA * +ldns_key_buf2dsa(ldns_buffer *key) +{ + return ldns_key_buf2dsa_raw((unsigned char*)ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +DSA * +ldns_key_buf2dsa_raw(unsigned char* key, size_t len) +{ + uint8_t T; + uint16_t length; + uint16_t offset; + DSA *dsa; + BIGNUM *Q; BIGNUM *P; + BIGNUM *G; BIGNUM *Y; + + if(len == 0) + return NULL; + T = (uint8_t)key[0]; + length = (64 + T * 8); + offset = 1; + + if (T > 8) { + return NULL; + } + if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length) + return NULL; + + Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL); + offset += SHA_DIGEST_LENGTH; + + P = BN_bin2bn(key+offset, (int)length, NULL); + offset += length; + + G = BN_bin2bn(key+offset, (int)length, NULL); + offset += length; + + Y = BN_bin2bn(key+offset, (int)length, NULL); + offset += length; + + /* create the key and set its properties */ + if(!Q || !P || !G || !Y || !(dsa = DSA_new())) { + BN_free(Q); + BN_free(P); + BN_free(G); + BN_free(Y); + return NULL; + } + dsa->p = P; + dsa->q = Q; + dsa->g = G; + dsa->pub_key = Y; + + return dsa; +} + +RSA * +ldns_key_buf2rsa(ldns_buffer *key) +{ + return ldns_key_buf2rsa_raw((unsigned char*)ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +RSA * +ldns_key_buf2rsa_raw(unsigned char* key, size_t len) +{ + uint16_t offset; + uint16_t exp; + uint16_t int16; + RSA *rsa; + BIGNUM *modulus; + BIGNUM *exponent; + + if (len == 0) + return NULL; + if (key[0] == 0) { + if(len < 3) + return NULL; + /* need some smart comment here XXX*/ + /* the exponent is too large so it's places + * futher...???? */ + memmove(&int16, key+1, 2); + exp = ntohs(int16); + offset = 3; + } else { + exp = key[0]; + offset = 1; + } + + /* key length at least one */ + if(len < (size_t)offset + exp + 1) + return NULL; + + /* Exponent */ + exponent = BN_new(); + if(!exponent) return NULL; + (void) BN_bin2bn(key+offset, (int)exp, exponent); + offset += exp; + + /* Modulus */ + modulus = BN_new(); + if(!modulus) { + BN_free(exponent); + return NULL; + } + /* length of the buffer must match the key length! */ + (void) BN_bin2bn(key+offset, (int)(len - offset), modulus); + + rsa = RSA_new(); + if(!rsa) { + BN_free(exponent); + BN_free(modulus); + return NULL; + } + rsa->n = modulus; + rsa->e = exponent; + + return rsa; +} + +int +ldns_digest_evp(unsigned char* data, unsigned int len, unsigned char* dest, + const EVP_MD* md) +{ + EVP_MD_CTX* ctx; + ctx = EVP_MD_CTX_create(); + if(!ctx) + return false; + if(!EVP_DigestInit_ex(ctx, md, NULL) || + !EVP_DigestUpdate(ctx, data, len) || + !EVP_DigestFinal_ex(ctx, dest, NULL)) { + EVP_MD_CTX_destroy(ctx); + return false; + } + EVP_MD_CTX_destroy(ctx); + return true; +} +#endif /* HAVE_SSL */ + +ldns_rr * +ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) +{ + ldns_rdf *tmp; + ldns_rr *ds; + uint16_t keytag; + uint8_t sha1hash; + uint8_t *digest; + ldns_buffer *data_buf; +#ifdef USE_GOST + const EVP_MD* md = NULL; +#endif + + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) { + return NULL; + } + + ds = ldns_rr_new(); + if (!ds) { + return NULL; + } + ldns_rr_set_type(ds, LDNS_RR_TYPE_DS); + ldns_rr_set_owner(ds, ldns_rdf_clone( + ldns_rr_owner(key))); + ldns_rr_set_ttl(ds, ldns_rr_ttl(key)); + ldns_rr_set_class(ds, ldns_rr_get_class(key)); + + switch(h) { + default: + case LDNS_SHA1: + digest = LDNS_XMALLOC(uint8_t, LDNS_SHA1_DIGEST_LENGTH); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; + case LDNS_SHA256: + digest = LDNS_XMALLOC(uint8_t, LDNS_SHA256_DIGEST_LENGTH); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; + case LDNS_HASH_GOST94: +#ifdef USE_GOST + (void)ldns_key_EVP_load_gost_id(); + md = EVP_get_digestbyname("md_gost94"); + if(!md) { + ldns_rr_free(ds); + return NULL; + } + digest = LDNS_XMALLOC(uint8_t, EVP_MD_size(md)); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } +#else + /* not implemented */ + ldns_rr_free(ds); + return NULL; +#endif + break; + } + + data_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!data_buf) { + LDNS_FREE(digest); + ldns_rr_free(ds); + return NULL; + } + + /* keytag */ + keytag = htons(ldns_calc_keytag((ldns_rr*)key)); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16, + sizeof(uint16_t), + &keytag); + ldns_rr_push_rdf(ds, tmp); + + /* copy the algorithm field */ + ldns_rr_push_rdf(ds, ldns_rdf_clone( ldns_rr_rdf(key, 2))); + + /* digest hash type */ + sha1hash = (uint8_t)h; + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + sizeof(uint8_t), + &sha1hash); + ldns_rr_push_rdf(ds, tmp); + + /* digest */ + /* owner name */ + tmp = ldns_rdf_clone(ldns_rr_owner(key)); + ldns_dname2canonical(tmp); + if (ldns_rdf2buffer_wire(data_buf, tmp) != LDNS_STATUS_OK) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + ldns_rdf_deep_free(tmp); + return NULL; + } + ldns_rdf_deep_free(tmp); + + /* all the rdata's */ + if (ldns_rr_rdata2buffer_wire(data_buf, + (ldns_rr*)key) != LDNS_STATUS_OK) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + return NULL; + } + switch(h) { + case LDNS_SHA1: + (void) ldns_sha1((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest); + + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + LDNS_SHA1_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); + + break; + case LDNS_SHA256: + (void) ldns_sha256((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + LDNS_SHA256_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); + break; + case LDNS_HASH_GOST94: +#ifdef USE_GOST + if(!ldns_digest_evp((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest, md)) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + return NULL; + } + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + EVP_MD_size(md), + digest); + ldns_rr_push_rdf(ds, tmp); +#endif + break; + } + + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + return ds; +} + +ldns_rdf * +ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], + size_t size, + ldns_rr_type nsec_type) +{ + size_t i; + uint8_t *bitmap; + uint16_t bm_len = 0; + uint16_t i_type; + ldns_rdf *bitmap_rdf; + + uint8_t *data = NULL; + uint8_t cur_data[32]; + uint8_t cur_window = 0; + uint8_t cur_window_max = 0; + uint16_t cur_data_size = 0; + + if (nsec_type != LDNS_RR_TYPE_NSEC && + nsec_type != LDNS_RR_TYPE_NSEC3) { + return NULL; + } + + i_type = 0; + for (i = 0; i < size; i++) { + if (i_type < rr_type_list[i]) + i_type = rr_type_list[i]; + } + if (i_type < nsec_type) { + i_type = nsec_type; + } + + bm_len = i_type / 8 + 2; + bitmap = LDNS_XMALLOC(uint8_t, bm_len); + for (i = 0; i < bm_len; i++) { + bitmap[i] = 0; + } + + for (i = 0; i < size; i++) { + i_type = rr_type_list[i]; + ldns_set_bit(bitmap + (int) i_type / 8, + (int) (7 - (i_type % 8)), + true); + } + + /* fold it into windows TODO: can this be done directly? */ + memset(cur_data, 0, 32); + for (i = 0; i < bm_len; i++) { + if (i / 32 > cur_window) { + /* check, copy, new */ + if (cur_window_max > 0) { + /* this window has stuff, add it */ + data = LDNS_XREALLOC(data, + uint8_t, + cur_data_size + cur_window_max + 3); + data[cur_data_size] = cur_window; + data[cur_data_size + 1] = cur_window_max + 1; + memcpy(data + cur_data_size + 2, + cur_data, + cur_window_max+1); + cur_data_size += cur_window_max + 3; + } + cur_window++; + cur_window_max = 0; + memset(cur_data, 0, 32); + } + cur_data[i%32] = bitmap[i]; + if (bitmap[i] > 0) { + cur_window_max = i%32; + } + } + if (cur_window_max > 0 || cur_data[0] != 0) { + /* this window has stuff, add it */ + data = LDNS_XREALLOC(data, + uint8_t, + cur_data_size + cur_window_max + 3); + data[cur_data_size] = cur_window; + data[cur_data_size + 1] = cur_window_max + 1; + memcpy(data + cur_data_size + 2, cur_data, cur_window_max+1); + cur_data_size += cur_window_max + 3; + } + + bitmap_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC, + cur_data_size, + data); + + LDNS_FREE(bitmap); + LDNS_FREE(data); + + return bitmap_rdf; +} + +int +ldns_dnssec_rrsets_contains_type(ldns_dnssec_rrsets *rrsets, + ldns_rr_type type) +{ + ldns_dnssec_rrsets *cur_rrset = rrsets; + while (cur_rrset) { + if (cur_rrset->type == type) { + return 1; + } + cur_rrset = cur_rrset->next; + } + return 0; +} + +/* returns true if the current dnssec_rrset from the given list of rrsets + * is glue */ +static int +is_glue(ldns_dnssec_rrsets *cur_rrsets, ldns_dnssec_rrsets *orig_rrsets) +{ + /* only glue if a or aaaa if there are no ns, unless there is soa */ + return (cur_rrsets->type == LDNS_RR_TYPE_A || + cur_rrsets->type == LDNS_RR_TYPE_AAAA) && + (ldns_dnssec_rrsets_contains_type(orig_rrsets, + LDNS_RR_TYPE_NS) && + !ldns_dnssec_rrsets_contains_type(orig_rrsets, + LDNS_RR_TYPE_SOA)); +} + +ldns_rr * +ldns_dnssec_create_nsec(ldns_dnssec_name *from, + ldns_dnssec_name *to, + ldns_rr_type nsec_type) +{ + ldns_rr *nsec_rr; + ldns_rr_type types[65535]; + size_t type_count = 0; + ldns_dnssec_rrsets *cur_rrsets; + + if (!from || !to || (nsec_type != LDNS_RR_TYPE_NSEC && + nsec_type != LDNS_RR_TYPE_NSEC3)) { + return NULL; + } + + nsec_rr = ldns_rr_new(); + ldns_rr_set_type(nsec_rr, nsec_type); + ldns_rr_set_owner(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(from))); + ldns_rr_push_rdf(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(to))); + + cur_rrsets = from->rrsets; + while (cur_rrsets) { + if (is_glue(cur_rrsets, from->rrsets)) { + cur_rrsets = cur_rrsets->next; + continue; + } + types[type_count] = cur_rrsets->type; + type_count++; + cur_rrsets = cur_rrsets->next; + } + types[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + types[type_count] = LDNS_RR_TYPE_NSEC; + type_count++; + + ldns_rr_push_rdf(nsec_rr, ldns_dnssec_create_nsec_bitmap(types, + type_count, + nsec_type)); + + return nsec_rr; +} + +ldns_rr * +ldns_dnssec_create_nsec3(ldns_dnssec_name *from, + ldns_dnssec_name *to, + ldns_rdf *zone_name, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + ldns_rr *nsec_rr; + ldns_rr_type types[65535]; + size_t type_count = 0; + ldns_dnssec_rrsets *cur_rrsets; + ldns_status status; + + flags = flags; + + if (!from) { + return NULL; + } + + nsec_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3); + ldns_rr_set_owner(nsec_rr, + ldns_nsec3_hash_name(ldns_dnssec_name_name(from), + algorithm, + iterations, + salt_length, + salt)); + status = ldns_dname_cat(ldns_rr_owner(nsec_rr), zone_name); + ldns_nsec3_add_param_rdfs(nsec_rr, + algorithm, + flags, + iterations, + salt_length, + salt); + + cur_rrsets = from->rrsets; + while (cur_rrsets) { + if (is_glue(cur_rrsets, from->rrsets)) { + cur_rrsets = cur_rrsets->next; + continue; + } + types[type_count] = cur_rrsets->type; + type_count++; + cur_rrsets = cur_rrsets->next; + } + /* always add rrsig type if this is not an unsigned + * delegation + */ + if (type_count > 0 && + !(type_count == 1 && types[0] == LDNS_RR_TYPE_NS)) { + types[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + } + + /* leave next rdata empty if they weren't precomputed yet */ + if (to && to->hashed_name) { + (void) ldns_rr_set_rdf(nsec_rr, + ldns_rdf_clone(to->hashed_name), + 4); + } else { + (void) ldns_rr_set_rdf(nsec_rr, NULL, 4); + } + + ldns_rr_push_rdf(nsec_rr, + ldns_dnssec_create_nsec_bitmap(types, + type_count, + LDNS_RR_TYPE_NSEC3)); + + return nsec_rr; +} + +ldns_rr * +ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs) +{ + /* we do not do any check here - garbage in, garbage out */ + + /* the the start and end names - get the type from the + * before rrlist */ + + /* inefficient, just give it a name, a next name, and a list of rrs */ + /* we make 1 big uberbitmap first, then windows */ + /* todo: make something more efficient :) */ + uint16_t i; + ldns_rr *i_rr; + uint16_t i_type; + + ldns_rr *nsec = NULL; + ldns_rr_type i_type_list[65535]; + int type_count = 0; + + nsec = ldns_rr_new(); + ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC); + ldns_rr_set_owner(nsec, ldns_rdf_clone(cur_owner)); + ldns_rr_push_rdf(nsec, ldns_rdf_clone(next_owner)); + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + i_rr = ldns_rr_list_rr(rrs, i); + if (ldns_rdf_compare(cur_owner, + ldns_rr_owner(i_rr)) == 0) { + i_type = ldns_rr_get_type(i_rr); + if (type_count == 0 || i_type_list[type_count-1] != i_type) { + i_type_list[type_count] = i_type; + type_count++; + } + } + } + + i_type_list[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + i_type_list[type_count] = LDNS_RR_TYPE_NSEC; + type_count++; + + ldns_rr_push_rdf(nsec, + ldns_dnssec_create_nsec_bitmap(i_type_list, + type_count, LDNS_RR_TYPE_NSEC)); + + return nsec; +} + +ldns_rdf * +ldns_nsec3_hash_name(ldns_rdf *name, + uint8_t algorithm, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + size_t hashed_owner_str_len; + ldns_rdf *cann; + ldns_rdf *hashed_owner; + unsigned char *hashed_owner_str; + char *hashed_owner_b32; + size_t hashed_owner_b32_len; + uint32_t cur_it; + /* define to contain the largest possible hash, which is + * sha1 at the moment */ + unsigned char hash[LDNS_SHA1_DIGEST_LENGTH]; + ldns_status status; + + /* prepare the owner name according to the draft section bla */ + cann = ldns_rdf_clone(name); + if(!cann) { + fprintf(stderr, "Memory error\n"); + return NULL; + } + ldns_dname2canonical(cann); + + /* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */ + algorithm = algorithm; + + hashed_owner_str_len = salt_length + ldns_rdf_size(cann); + hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len); + memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann)); + memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length); + ldns_rdf_deep_free(cann); + + for (cur_it = iterations + 1; cur_it > 0; cur_it--) { + (void) ldns_sha1((unsigned char *) hashed_owner_str, + (unsigned int) hashed_owner_str_len, hash); + + LDNS_FREE(hashed_owner_str); + hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH; + hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len); + if (!hashed_owner_str) { + fprintf(stderr, "Memory error\n"); + return NULL; + } + memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH); + memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length); + hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH + salt_length; + } + + LDNS_FREE(hashed_owner_str); + hashed_owner_str = hash; + hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH; + + hashed_owner_b32 = LDNS_XMALLOC(char, + ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1); + hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex( + (uint8_t *) hashed_owner_str, + hashed_owner_str_len, + hashed_owner_b32, + ldns_b32_ntop_calculate_size(hashed_owner_str_len)); + if (hashed_owner_b32_len < 1) { + fprintf(stderr, "Error in base32 extended hex encoding "); + fprintf(stderr, "of hashed owner name (name: "); + ldns_rdf_print(stderr, name); + fprintf(stderr, ", return code: %u)\n", + (unsigned int) hashed_owner_b32_len); + LDNS_FREE(hashed_owner_b32); + return NULL; + } + hashed_owner_str_len = hashed_owner_b32_len; + hashed_owner_b32[hashed_owner_b32_len] = '\0'; + + status = ldns_str2rdf_dname(&hashed_owner, hashed_owner_b32); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error creating rdf from %s\n", hashed_owner_b32); + LDNS_FREE(hashed_owner_b32); + return NULL; + } + + LDNS_FREE(hashed_owner_b32); + return hashed_owner; +} + +void +ldns_nsec3_add_param_rdfs(ldns_rr *rr, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + ldns_rdf *salt_rdf = NULL; + uint8_t *salt_data = NULL; + ldns_rdf *old; + + old = ldns_rr_set_rdf(rr, + ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + 1, (void*)&algorithm), + 0); + if (old) ldns_rdf_deep_free(old); + + old = ldns_rr_set_rdf(rr, + ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + 1, (void*)&flags), + 1); + if (old) ldns_rdf_deep_free(old); + + old = ldns_rr_set_rdf(rr, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, + iterations), + 2); + if (old) ldns_rdf_deep_free(old); + + salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1); + salt_data[0] = salt_length; + memcpy(salt_data + 1, salt, salt_length); + salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, + salt_length + 1, + salt_data); + + old = ldns_rr_set_rdf(rr, salt_rdf, 3); + if (old) ldns_rdf_deep_free(old); + LDNS_FREE(salt_data); +} + +static int +rr_list_delegation_only(ldns_rdf *origin, ldns_rr_list *rr_list) +{ + size_t i; + ldns_rr *cur_rr; + if (!origin || !rr_list) return 0; + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + cur_rr = ldns_rr_list_rr(rr_list, i); + if (ldns_dname_compare(ldns_rr_owner(cur_rr), origin) == 0) { + return 0; + } + if (ldns_rr_get_type(cur_rr) != LDNS_RR_TYPE_NS) { + return 0; + } + } + return 1; +} + +/* this will NOT return the NSEC3 completed, you will have to run the + finalize function on the rrlist later! */ +ldns_rr * +ldns_create_nsec3(ldns_rdf *cur_owner, + ldns_rdf *cur_zone, + ldns_rr_list *rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + bool emptynonterminal) +{ + size_t i; + ldns_rr *i_rr; + uint16_t i_type; + + ldns_rr *nsec = NULL; + ldns_rdf *hashed_owner = NULL; + + ldns_status status; + + ldns_rr_type i_type_list[1024]; + int type_count = 0; + + hashed_owner = ldns_nsec3_hash_name(cur_owner, + algorithm, + iterations, + salt_length, + salt); + status = ldns_dname_cat(hashed_owner, cur_zone); + + nsec = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3); + ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC3); + ldns_rr_set_owner(nsec, hashed_owner); + + ldns_nsec3_add_param_rdfs(nsec, + algorithm, + flags, + iterations, + salt_length, + salt); + (void) ldns_rr_set_rdf(nsec, NULL, 4); + + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + i_rr = ldns_rr_list_rr(rrs, i); + if (ldns_rdf_compare(cur_owner, + ldns_rr_owner(i_rr)) == 0) { + i_type = ldns_rr_get_type(i_rr); + if (type_count == 0 || i_type_list[type_count-1] != i_type) { + i_type_list[type_count] = i_type; + type_count++; + } + } + } + + /* add RRSIG anyway, but only if this is not an ENT or + * an unsigned delegation */ + if (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) { + i_type_list[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + } + + /* and SOA if owner == zone */ + if (ldns_dname_compare(cur_zone, cur_owner) == 0) { + i_type_list[type_count] = LDNS_RR_TYPE_SOA; + type_count++; + } + + ldns_rr_push_rdf(nsec, + ldns_dnssec_create_nsec_bitmap(i_type_list, + type_count, LDNS_RR_TYPE_NSEC3)); + + return nsec; +} + +uint8_t +ldns_nsec3_algorithm(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && + ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0 + ) { + return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 0)); + } + return 0; +} + +uint8_t +ldns_nsec3_flags(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && + ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0 + ) { + return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 1)); + } + return 0; +} + +bool +ldns_nsec3_optout(const ldns_rr *nsec3_rr) +{ + return (ldns_nsec3_flags(nsec3_rr) & LDNS_NSEC3_VARS_OPTOUT_MASK); +} + +uint16_t +ldns_nsec3_iterations(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && + ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0 + ) { + return ldns_rdf2native_int16(ldns_rr_rdf(nsec3_rr, 2)); + } + return 0; + +} + +ldns_rdf * +ldns_nsec3_salt(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3) { + return ldns_rr_rdf(nsec3_rr, 3); + } + return NULL; +} + +uint8_t +ldns_nsec3_salt_length(const ldns_rr *nsec3_rr) +{ + ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); + if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { + return (uint8_t) ldns_rdf_data(salt_rdf)[0]; + } + return 0; +} + +/* allocs data, free with LDNS_FREE() */ +uint8_t * +ldns_nsec3_salt_data(const ldns_rr *nsec3_rr) +{ + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); + if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { + salt_length = ldns_rdf_data(salt_rdf)[0]; + salt = LDNS_XMALLOC(uint8_t, salt_length); + memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length); + return salt; + } + return NULL; +} + +ldns_rdf * +ldns_nsec3_next_owner(const ldns_rr *nsec3_rr) +{ + if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) { + return NULL; + } else { + return ldns_rr_rdf(nsec3_rr, 4); + } +} + +ldns_rdf * +ldns_nsec3_bitmap(const ldns_rr *nsec3_rr) +{ + if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) { + return NULL; + } else { + return ldns_rr_rdf(nsec3_rr, 5); + } +} + +ldns_rdf * +ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name) +{ + uint8_t algorithm; + uint16_t iterations; + uint8_t salt_length; + uint8_t *salt = 0; + + ldns_rdf *hashed_owner; + + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + + hashed_owner = ldns_nsec3_hash_name(name, + algorithm, + iterations, + salt_length, + salt); + + LDNS_FREE(salt); + return hashed_owner; +} + +bool +ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type) +{ + uint8_t window_block_nr; + uint8_t bitmap_length; + uint16_t cur_type; + uint16_t pos = 0; + uint16_t bit_pos; + uint8_t *data = ldns_rdf_data(nsec_bitmap); + + while(pos < ldns_rdf_size(nsec_bitmap)) { + window_block_nr = data[pos]; + bitmap_length = data[pos + 1]; + pos += 2; + + for (bit_pos = 0; bit_pos < (bitmap_length) * 8; bit_pos++) { + if (ldns_get_bit(&data[pos], bit_pos)) { + cur_type = 256 * (uint16_t) window_block_nr + bit_pos; + if (cur_type == type) { + return true; + } + } + } + + pos += (uint16_t) bitmap_length; + } + return false; +} + +bool +ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name) +{ + ldns_rdf *nsec_owner = ldns_rr_owner(nsec); + ldns_rdf *hash_next; + char *next_hash_str; + ldns_rdf *nsec_next = NULL; + ldns_status status; + ldns_rdf *chopped_dname; + bool result; + + if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) { + nsec_next = ldns_rdf_clone(ldns_rr_rdf(nsec, 0)); + } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) { + hash_next = ldns_nsec3_next_owner(nsec); + next_hash_str = ldns_rdf2str(hash_next); + nsec_next = ldns_dname_new_frm_str(next_hash_str); + LDNS_FREE(next_hash_str); + chopped_dname = ldns_dname_left_chop(nsec_owner); + status = ldns_dname_cat(nsec_next, chopped_dname); + ldns_rdf_deep_free(chopped_dname); + if (status != LDNS_STATUS_OK) { + printf("error catting: %s\n", ldns_get_errorstr_by_id(status)); + } + } else { + ldns_rdf_deep_free(nsec_next); + return false; + } + + /* in the case of the last nsec */ + if(ldns_dname_compare(nsec_owner, nsec_next) > 0) { + result = (ldns_dname_compare(nsec_owner, name) <= 0 || + ldns_dname_compare(name, nsec_next) < 0); + } else { + result = (ldns_dname_compare(nsec_owner, name) <= 0 && + ldns_dname_compare(name, nsec_next) < 0); + } + + ldns_rdf_deep_free(nsec_next); + return result; +} + +#ifdef HAVE_SSL +/* sig may be null - if so look in the packet */ +ldns_status +ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, + ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys) +{ + ldns_rr_list *rrset; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + ldns_rr_type t_netorder; + + if (!k) { + return LDNS_STATUS_ERR; + /* return LDNS_STATUS_CRYPTO_NO_DNSKEY; */ + } + + if (t == LDNS_RR_TYPE_RRSIG) { + /* we don't have RRSIG(RRSIG) (yet? ;-) ) */ + return LDNS_STATUS_ERR; + } + + if (s) { + /* if s is not NULL, the sigs are given to use */ + sigs = s; + } else { + /* otherwise get them from the packet */ + sigs = ldns_pkt_rr_list_by_name_and_type(p, o, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION); + if (!sigs) { + /* no sigs */ + return LDNS_STATUS_ERR; + /* return LDNS_STATUS_CRYPTO_NO_RRSIG; */ + } + } + + /* rrsig are subtyped, so now we need to find the correct + * sigs for the type t + */ + t_netorder = htons(t); /* rdf are in network order! */ + /* a type identifier is a 16-bit number, so the size is 2 bytes */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, + 2, + &t_netorder); + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + + rrset = ldns_pkt_rr_list_by_name_and_type(p, + o, + t, + LDNS_SECTION_ANY_NOQUESTION); + + if (!rrset) { + return LDNS_STATUS_ERR; + } + + if (!sigs_covered) { + return LDNS_STATUS_ERR; + } + + return ldns_verify(rrset, sigs, k, good_keys); +} +#endif /* HAVE_SSL */ + +ldns_status +ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs) +{ + size_t i; + char *next_nsec_owner_str; + ldns_rdf *next_nsec_owner_label; + ldns_rdf *next_nsec_rdf; + ldns_status status = LDNS_STATUS_OK; + + for (i = 0; i < ldns_rr_list_rr_count(nsec3_rrs); i++) { + if (i == ldns_rr_list_rr_count(nsec3_rrs) - 1) { + next_nsec_owner_label = + ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs, + 0)), 0); + next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label); + if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + == '.') { + next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + = '\0'; + } + status = ldns_str2rdf_b32_ext(&next_nsec_rdf, + next_nsec_owner_str); + if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i), + next_nsec_rdf, 4)) { + /* todo: error */ + } + + ldns_rdf_deep_free(next_nsec_owner_label); + LDNS_FREE(next_nsec_owner_str); + } else { + next_nsec_owner_label = + ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs, + i + 1)), + 0); + next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label); + if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + == '.') { + next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + = '\0'; + } + status = ldns_str2rdf_b32_ext(&next_nsec_rdf, + next_nsec_owner_str); + ldns_rdf_deep_free(next_nsec_owner_label); + LDNS_FREE(next_nsec_owner_str); + if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i), + next_nsec_rdf, 4)) { + /* todo: error */ + } + } + } + return status; +} + +int +qsort_rr_compare_nsec3(const void *a, const void *b) +{ + const ldns_rr *rr1 = * (const ldns_rr **) a; + const ldns_rr *rr2 = * (const ldns_rr **) b; + if (rr1 == NULL && rr2 == NULL) { + return 0; + } + if (rr1 == NULL) { + return -1; + } + if (rr2 == NULL) { + return 1; + } + return ldns_rdf_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)); +} + +void +ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted) +{ + qsort(unsorted->_rrs, + ldns_rr_list_rr_count(unsorted), + sizeof(ldns_rr *), + qsort_rr_compare_nsec3); +} + +int +ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n) +{ + sig = sig; + n = n; + return LDNS_SIGNATURE_LEAVE_ADD_NEW; +} + +int +ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n) +{ + sig = sig; + n = n; + return LDNS_SIGNATURE_LEAVE_NO_ADD; +} + +int +ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n) +{ + sig = sig; + n = n; + return LDNS_SIGNATURE_REMOVE_NO_ADD; +} + +int +ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n) +{ + sig = sig; + n = n; + return LDNS_SIGNATURE_REMOVE_ADD_NEW; +} + +#ifdef HAVE_SSL +ldns_rdf * +ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, + const long sig_len) +{ + ldns_rdf *sigdata_rdf; + DSA_SIG *dsasig; + unsigned char *dsasig_data = (unsigned char*)ldns_buffer_begin(sig); + size_t byte_offset; + + dsasig = d2i_DSA_SIG(NULL, + (const unsigned char **)&dsasig_data, + sig_len); + if (!dsasig) { + return NULL; + } + + dsasig_data = LDNS_XMALLOC(unsigned char, 41); + dsasig_data[0] = 0; + byte_offset = (size_t) (20 - BN_num_bytes(dsasig->r)); + if (byte_offset > 20) { + return NULL; + } + memset(&dsasig_data[1], 0, byte_offset); + BN_bn2bin(dsasig->r, &dsasig_data[1 + byte_offset]); + byte_offset = (size_t) (20 - BN_num_bytes(dsasig->s)); + if (byte_offset > 20) { + return NULL; + } + memset(&dsasig_data[21], 0, byte_offset); + BN_bn2bin(dsasig->s, &dsasig_data[21 + byte_offset]); + + sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data); + DSA_SIG_free(dsasig); + + return sigdata_rdf; +} + +ldns_status +ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, + const ldns_rdf *sig_rdf) +{ + /* the EVP api wants the DER encoding of the signature... */ + uint8_t t; + BIGNUM *R, *S; + DSA_SIG *dsasig; + unsigned char *raw_sig = NULL; + int raw_sig_len; + + /* extract the R and S field from the sig buffer */ + t = ldns_rdf_data(sig_rdf)[0]; + R = BN_new(); + if(!R) return LDNS_STATUS_MEM_ERR; + (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 1, + SHA_DIGEST_LENGTH, R); + S = BN_new(); + if(!S) { + BN_free(R); + return LDNS_STATUS_MEM_ERR; + } + (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 21, + SHA_DIGEST_LENGTH, S); + + dsasig = DSA_SIG_new(); + if (!dsasig) { + BN_free(R); + BN_free(S); + return LDNS_STATUS_MEM_ERR; + } + + dsasig->r = R; + dsasig->s = S; + + raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig); + if (raw_sig_len < 0) { + DSA_SIG_free(dsasig); + free(raw_sig); + return LDNS_STATUS_SSL_ERR; + } + if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) { + ldns_buffer_write(target_buffer, raw_sig, (size_t)raw_sig_len); + } + + DSA_SIG_free(dsasig); + free(raw_sig); + + return ldns_buffer_status(target_buffer); +} +#endif /* HAVE_SSL */ diff --git a/contrib/ldns/dnssec_sign.c b/contrib/ldns/dnssec_sign.c new file mode 100644 index 0000000000..2b5cad9c77 --- /dev/null +++ b/contrib/ldns/dnssec_sign.c @@ -0,0 +1,1170 @@ +#include + +#include + +#include +#include + +#include +#include + +#ifdef HAVE_SSL +/* this entire file is rather useless when you don't have + * crypto... + */ +#include +#include +#include +#include +#include +#endif /* HAVE_SSL */ + +ldns_rr * +ldns_create_empty_rrsig(ldns_rr_list *rrset, + ldns_key *current_key) +{ + uint32_t orig_ttl; + ldns_rr_class orig_class; + time_t now; + ldns_rr *current_sig; + uint8_t label_count; + + label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset, + 0))); + + current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG); + + /* set the type on the new signature */ + orig_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrset, 0)); + orig_class = ldns_rr_get_class(ldns_rr_list_rr(rrset, 0)); + + ldns_rr_set_ttl(current_sig, orig_ttl); + ldns_rr_set_class(current_sig, orig_class); + ldns_rr_set_owner(current_sig, + ldns_rdf_clone( + ldns_rr_owner( + ldns_rr_list_rr(rrset, + 0)))); + + /* fill in what we know of the signature */ + + /* set the orig_ttl */ + (void)ldns_rr_rrsig_set_origttl( + current_sig, + ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, + orig_ttl)); + /* the signers name */ + (void)ldns_rr_rrsig_set_signame( + current_sig, + ldns_rdf_clone(ldns_key_pubkey_owner(current_key))); + /* label count - get it from the first rr in the rr_list */ + (void)ldns_rr_rrsig_set_labels( + current_sig, + ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, + label_count)); + /* inception, expiration */ + now = time(NULL); + if (ldns_key_inception(current_key) != 0) { + (void)ldns_rr_rrsig_set_inception( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + ldns_key_inception(current_key))); + } else { + (void)ldns_rr_rrsig_set_inception( + current_sig, + ldns_native2rdf_int32(LDNS_RDF_TYPE_TIME, now)); + } + if (ldns_key_expiration(current_key) != 0) { + (void)ldns_rr_rrsig_set_expiration( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + ldns_key_expiration(current_key))); + } else { + (void)ldns_rr_rrsig_set_expiration( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + now + LDNS_DEFAULT_EXP_TIME)); + } + + (void)ldns_rr_rrsig_set_keytag( + current_sig, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, + ldns_key_keytag(current_key))); + + (void)ldns_rr_rrsig_set_algorithm( + current_sig, + ldns_native2rdf_int8( + LDNS_RDF_TYPE_ALG, + ldns_key_algorithm(current_key))); + + (void)ldns_rr_rrsig_set_typecovered( + current_sig, + ldns_native2rdf_int16( + LDNS_RDF_TYPE_TYPE, + ldns_rr_get_type(ldns_rr_list_rr(rrset, + 0)))); + return current_sig; +} + +#ifdef HAVE_SSL +ldns_rdf * +ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key) +{ + ldns_rdf *b64rdf = NULL; + + switch(ldns_key_algorithm(current_key)) { + case LDNS_SIGN_DSA: + case LDNS_DSA_NSEC3: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_dss1()); + break; + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha1()); + break; +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha256()); + break; + case LDNS_SIGN_RSASHA512: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha512()); + break; +#endif /* USE_SHA2 */ +#ifdef USE_GOST + case LDNS_SIGN_GOST: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_get_digestbyname("md_gost94")); + break; +#endif /* USE_GOST */ + case LDNS_SIGN_RSAMD5: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_md5()); + break; + default: + /* do _you_ know this alg? */ + printf("unknown algorithm, "); + printf("is the one used available on this system?\n"); + break; + } + + return b64rdf; +} + +/** + * use this function to sign with a public/private key alg + * return the created signatures + */ +ldns_rr_list * +ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) +{ + ldns_rr_list *signatures; + ldns_rr_list *rrset_clone; + ldns_rr *current_sig; + ldns_rdf *b64rdf; + ldns_key *current_key; + size_t key_count; + uint16_t i; + ldns_buffer *sign_buf; + ldns_rdf *new_owner; + + if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) { + return NULL; + } + + new_owner = NULL; + + key_count = 0; + signatures = ldns_rr_list_new(); + + /* prepare a signature and add all the know data + * prepare the rrset. Sign this together. */ + rrset_clone = ldns_rr_list_clone(rrset); + if (!rrset_clone) { + return NULL; + } + + /* make it canonical */ + for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { + ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), + ldns_rr_ttl(ldns_rr_list_rr(rrset, 0))); + ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); + } + /* sort */ + ldns_rr_list_sort(rrset_clone); + + for (key_count = 0; + key_count < ldns_key_list_key_count(keys); + key_count++) { + if (!ldns_key_use(ldns_key_list_key(keys, key_count))) { + continue; + } + sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!sign_buf) { + ldns_rr_list_free(rrset_clone); + ldns_rr_list_free(signatures); + ldns_rdf_free(new_owner); + return NULL; + } + b64rdf = NULL; + + current_key = ldns_key_list_key(keys, key_count); + /* sign all RRs with keys that have ZSKbit, !SEPbit. + sign DNSKEY RRs with keys that have ZSKbit&SEPbit */ + if ( + ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY && + (!(ldns_key_flags(current_key) & LDNS_KEY_SEP_KEY) + || ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)) + == LDNS_RR_TYPE_DNSKEY) + ) { + current_sig = ldns_create_empty_rrsig(rrset_clone, + current_key); + + /* right now, we have: a key, a semi-sig and an rrset. For + * which we can create the sig and base64 encode that and + * add that to the signature */ + + if (ldns_rrsig2buffer_wire(sign_buf, current_sig) + != LDNS_STATUS_OK) { + ldns_buffer_free(sign_buf); + /* ERROR */ + ldns_rr_list_deep_free(rrset_clone); + return NULL; + } + + /* add the rrset in sign_buf */ + if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone) + != LDNS_STATUS_OK) { + ldns_buffer_free(sign_buf); + ldns_rr_list_deep_free(rrset_clone); + return NULL; + } + + b64rdf = ldns_sign_public_buffer(sign_buf, current_key); + + if (!b64rdf) { + /* signing went wrong */ + ldns_rr_list_deep_free(rrset_clone); + return NULL; + } + + ldns_rr_rrsig_set_sig(current_sig, b64rdf); + + /* push the signature to the signatures list */ + ldns_rr_list_push_rr(signatures, current_sig); + } + ldns_buffer_free(sign_buf); /* restart for the next key */ + } + ldns_rr_list_deep_free(rrset_clone); + + return signatures; +} + +/** + * Sign data with DSA + * + * \param[in] to_sign The ldns_buffer containing raw data that is + * to be signed + * \param[in] key The DSA key structure to sign with + * \return ldns_rdf for the RRSIG ldns_rr + */ +ldns_rdf * +ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key) +{ + unsigned char *sha1_hash; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + + DSA_SIG *sig; + uint8_t *data; + size_t pad; + + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), NULL); + if (!sha1_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + + sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key); + + data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH); + + data[0] = 1; + pad = 20 - (size_t) BN_num_bytes(sig->r); + if (pad > 0) { + memset(data + 1, 0, pad); + } + BN_bn2bin(sig->r, (unsigned char *) (data + 1) + pad); + + pad = 20 - (size_t) BN_num_bytes(sig->s); + if (pad > 0) { + memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad); + } + BN_bn2bin(sig->s, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad)); + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, + 1 + 2 * SHA_DIGEST_LENGTH, + data); + + ldns_buffer_free(b64sig); + LDNS_FREE(data); + + return sigdata_rdf; +} + +ldns_rdf * +ldns_sign_public_evp(ldns_buffer *to_sign, + EVP_PKEY *key, + const EVP_MD *digest_type) +{ + unsigned int siglen; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + EVP_MD_CTX ctx; + const EVP_MD *md_type; + int r; + + siglen = 0; + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + /* initializes a signing context */ + md_type = digest_type; + if(!md_type) { + /* unknown message difest */ + ldns_buffer_free(b64sig); + return NULL; + } + + EVP_MD_CTX_init(&ctx); + r = EVP_SignInit(&ctx, md_type); + if(r == 1) { + r = EVP_SignUpdate(&ctx, (unsigned char*) + ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign)); + } else { + ldns_buffer_free(b64sig); + return NULL; + } + if(r == 1) { + r = EVP_SignFinal(&ctx, (unsigned char*) + ldns_buffer_begin(b64sig), &siglen, key); + } else { + ldns_buffer_free(b64sig); + return NULL; + } + if(r != 1) { + ldns_buffer_free(b64sig); + return NULL; + } + + /* unfortunately, OpenSSL output is differenct from DNS DSA format */ + if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) { + sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen); + } else { + /* ok output for other types is the same */ + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + } + ldns_buffer_free(b64sig); + EVP_MD_CTX_cleanup(&ctx); + return sigdata_rdf; +} + +ldns_rdf * +ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key) +{ + unsigned char *sha1_hash; + unsigned int siglen; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + int result; + + siglen = 0; + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), NULL); + if (!sha1_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH, + (unsigned char*)ldns_buffer_begin(b64sig), + &siglen, key); + if (result != 1) { + return NULL; + } + + if (result != 1) { + return NULL; + } + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + ldns_buffer_free(b64sig); /* can't free this buffer ?? */ + return sigdata_rdf; +} + +ldns_rdf * +ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key) +{ + unsigned char *md5_hash; + unsigned int siglen; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + md5_hash = MD5((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), NULL); + if (!md5_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH, + (unsigned char*)ldns_buffer_begin(b64sig), + &siglen, key); + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + ldns_buffer_free(b64sig); + return sigdata_rdf; +} +#endif /* HAVE_SSL */ + +static int +ldns_dnssec_name_has_only_a(ldns_dnssec_name *cur_name) +{ + ldns_dnssec_rrsets *cur_rrset; + cur_rrset = cur_name->rrsets; + while (cur_rrset) { + if (cur_rrset->type != LDNS_RR_TYPE_A && + cur_rrset->type != LDNS_RR_TYPE_AAAA) { + return 0; + } else { + cur_rrset = cur_rrset->next; + } + } + return 1; +} + +ldns_status +ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone) +{ + ldns_rbnode_t *cur_node; + ldns_dnssec_name *cur_name; + ldns_rdf *cur_owner, *cur_parent; + + cur_node = ldns_rbtree_first(zone->names); + while (cur_node != LDNS_RBTREE_NULL) { + cur_name = (ldns_dnssec_name *) cur_node->data; + cur_node = ldns_rbtree_next(cur_node); + if (ldns_dnssec_name_has_only_a(cur_name)) { + /* assume glue XXX check for zone cur */ + cur_owner = ldns_rdf_clone(ldns_rr_owner( + cur_name->rrsets->rrs->rr)); + while (ldns_dname_label_count(cur_owner) > + ldns_dname_label_count(zone->soa->name)) { + if (ldns_dnssec_zone_find_rrset(zone, + cur_owner, + LDNS_RR_TYPE_NS)) { + /* + fprintf(stderr, "[XX] Marking as glue: "); + ldns_rdf_print(stderr, cur_name->name); + fprintf(stderr, "\n"); + */ + cur_name->is_glue = true; + } + cur_parent = ldns_dname_left_chop(cur_owner); + ldns_rdf_deep_free(cur_owner); + cur_owner = cur_parent; + } + ldns_rdf_deep_free(cur_owner); + } + } + return LDNS_STATUS_OK; +} + +ldns_rbnode_t * +ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node) +{ + ldns_rbnode_t *next_node = NULL; + ldns_dnssec_name *next_name = NULL; + bool done = false; + + if (node == LDNS_RBTREE_NULL) { + return NULL; + } + next_node = node; + while (!done) { + if (next_node == LDNS_RBTREE_NULL) { + return NULL; + } else { + next_name = (ldns_dnssec_name *)next_node->data; + if (!next_name->is_glue) { + done = true; + } else { + next_node = ldns_rbtree_next(next_node); + } + } + } + return next_node; +} + +ldns_status +ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs) +{ + + ldns_rbnode_t *first_node, *cur_node, *next_node; + ldns_dnssec_name *cur_name, *next_name; + ldns_rr *nsec_rr; + uint32_t nsec_ttl; + ldns_dnssec_rrsets *soa; + + /* the TTL of NSEC rrs should be set to the minimum TTL of + * the zone SOA (RFC4035 Section 2.3) + */ + soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); + + /* did the caller actually set it? if not, + * fall back to default ttl + */ + if (soa && soa->rrs && soa->rrs->rr) { + nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf( + soa->rrs->rr, 6)); + } else { + nsec_ttl = LDNS_DEFAULT_TTL; + } + + first_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_first(zone->names)); + cur_node = first_node; + if (cur_node) { + next_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(cur_node)); + } else { + next_node = NULL; + } + + while (cur_node && next_node) { + cur_name = (ldns_dnssec_name *)cur_node->data; + next_name = (ldns_dnssec_name *)next_node->data; + nsec_rr = ldns_dnssec_create_nsec(cur_name, + next_name, + LDNS_RR_TYPE_NSEC); + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + ldns_dnssec_name_add_rr(cur_name, nsec_rr); + ldns_rr_list_push_rr(new_rrs, nsec_rr); + cur_node = next_node; + if (cur_node) { + next_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(cur_node)); + } + } + + if (cur_node && !next_node) { + cur_name = (ldns_dnssec_name *)cur_node->data; + next_name = (ldns_dnssec_name *)first_node->data; + nsec_rr = ldns_dnssec_create_nsec(cur_name, + next_name, + LDNS_RR_TYPE_NSEC); + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + ldns_dnssec_name_add_rr(cur_name, nsec_rr); + ldns_rr_list_push_rr(new_rrs, nsec_rr); + } else { + printf("error\n"); + } + + return LDNS_STATUS_OK; +} + +#ifdef HAVE_SSL +ldns_status +ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + ldns_rbnode_t *first_name_node; + ldns_rbnode_t *current_name_node; + ldns_dnssec_name *current_name; + ldns_status result = LDNS_STATUS_OK; + ldns_rr *nsec_rr; + ldns_rr_list *nsec3_list; + uint32_t nsec_ttl; + ldns_dnssec_rrsets *soa; + + if (!zone || !new_rrs || !zone->names) { + return LDNS_STATUS_ERR; + } + + /* the TTL of NSEC rrs should be set to the minimum TTL of + * the zone SOA (RFC4035 Section 2.3) + */ + soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); + + /* did the caller actually set it? if not, + * fall back to default ttl + */ + if (soa && soa->rrs && soa->rrs->rr) { + nsec_ttl = ldns_rdf2native_int32(ldns_rr_rdf( + soa->rrs->rr, 6)); + } else { + nsec_ttl = LDNS_DEFAULT_TTL; + } + + nsec3_list = ldns_rr_list_new(); + + first_name_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_first(zone->names)); + + current_name_node = first_name_node; + + while (current_name_node && + current_name_node != LDNS_RBTREE_NULL) { + current_name = (ldns_dnssec_name *) current_name_node->data; + nsec_rr = ldns_dnssec_create_nsec3(current_name, + NULL, + zone->soa->name, + algorithm, + flags, + iterations, + salt_length, + salt); + /* by default, our nsec based generator adds rrsigs + * remove the bitmap for empty nonterminals */ + if (!current_name->rrsets) { + ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr)); + } + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + ldns_dnssec_name_add_rr(current_name, nsec_rr); + ldns_rr_list_push_rr(new_rrs, nsec_rr); + ldns_rr_list_push_rr(nsec3_list, nsec_rr); + current_name_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(current_name_node)); + } + + ldns_rr_list_sort_nsec3(nsec3_list); + ldns_dnssec_chain_nsec3_list(nsec3_list); + if (result != LDNS_STATUS_OK) { + return result; + } + + ldns_rr_list_free(nsec3_list); + return result; +} +#endif /* HAVE_SSL */ + +ldns_dnssec_rrs * +ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg) +{ + ldns_dnssec_rrs *base_rrs = signatures; + ldns_dnssec_rrs *cur_rr = base_rrs; + ldns_dnssec_rrs *prev_rr = NULL; + ldns_dnssec_rrs *next_rr; + + uint16_t keytag; + size_t i; + int v; + + key_list = key_list; + + if (!cur_rr) { + switch(func(NULL, arg)) { + case LDNS_SIGNATURE_LEAVE_ADD_NEW: + case LDNS_SIGNATURE_REMOVE_ADD_NEW: + break; + case LDNS_SIGNATURE_LEAVE_NO_ADD: + case LDNS_SIGNATURE_REMOVE_NO_ADD: + ldns_key_list_set_use(key_list, false); + break; + default: + fprintf(stderr, "[XX] unknown return value from callback\n"); + break; + } + return NULL; + } + v = func(cur_rr->rr, arg); + + while (cur_rr) { + next_rr = cur_rr->next; + + switch (func(cur_rr->rr, arg)) { + case LDNS_SIGNATURE_LEAVE_ADD_NEW: + prev_rr = cur_rr; + break; + case LDNS_SIGNATURE_LEAVE_NO_ADD: + keytag = ldns_rdf2native_int16( + ldns_rr_rrsig_keytag(cur_rr->rr)); + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + if (ldns_key_keytag(ldns_key_list_key(key_list, i)) == + keytag) { + ldns_key_set_use(ldns_key_list_key(key_list, i), + false); + } + } + prev_rr = cur_rr; + break; + case LDNS_SIGNATURE_REMOVE_NO_ADD: + keytag = ldns_rdf2native_int16( + ldns_rr_rrsig_keytag(cur_rr->rr)); + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + if (ldns_key_keytag(ldns_key_list_key(key_list, i)) + == keytag) { + ldns_key_set_use(ldns_key_list_key(key_list, i), + false); + } + } + if (prev_rr) { + prev_rr->next = next_rr; + } else { + base_rrs = next_rr; + } + LDNS_FREE(cur_rr); + break; + case LDNS_SIGNATURE_REMOVE_ADD_NEW: + if (prev_rr) { + prev_rr->next = next_rr; + } else { + base_rrs = next_rr; + } + LDNS_FREE(cur_rr); + break; + default: + fprintf(stderr, "[XX] unknown return value from callback\n"); + break; + } + cur_rr = next_rr; + } + + return base_rrs; +} + +#ifdef HAVE_SSL +ldns_status +ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void*), + void *arg) +{ + return ldns_dnssec_zone_create_rrsigs_flg(zone, new_rrs, key_list, + func, arg, 0); +} + +/** If there are KSKs use only them and mark ZSKs unused */ +static void +ldns_key_list_filter_for_dnskey(ldns_key_list *key_list) +{ + int saw_ksk = 0; + size_t i; + for(i=0; inames); + while (cur_node != LDNS_RBTREE_NULL) { + cur_name = (ldns_dnssec_name *) cur_node->data; + + if (!cur_name->is_glue) { + cur_rrset = cur_name->rrsets; + while (cur_rrset) { + /* reset keys to use */ + ldns_key_list_set_use(key_list, true); + + /* walk through old sigs, remove the old, + and mark which keys (not) to use) */ + cur_rrset->signatures = + ldns_dnssec_remove_signatures(cur_rrset->signatures, + key_list, + func, + arg); + if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK) && + cur_rrset->type == LDNS_RR_TYPE_DNSKEY) + ldns_key_list_filter_for_dnskey(key_list); + + /* TODO: just set count to zero? */ + rr_list = ldns_rr_list_new(); + + cur_rr = cur_rrset->rrs; + while (cur_rr) { + ldns_rr_list_push_rr(rr_list, cur_rr->rr); + cur_rr = cur_rr->next; + } + + /* only sign non-delegation RRsets */ + /* (glue should have been marked earlier) */ + if ((ldns_rr_list_type(rr_list) != LDNS_RR_TYPE_NS || + ldns_dname_compare(ldns_rr_list_owner(rr_list), + zone->soa->name) == 0) && + /* OK, there is also the possibility that the record + * is glue, but at the same owner name as other records that + * are not NS nor A/AAAA. Bleh, our current data structure + * doesn't really support that... */ + !((ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_A || + ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_AAAA) && + !ldns_dname_compare(ldns_rr_list_owner(rr_list), zone->soa->name) == 0 && + ldns_dnssec_zone_find_rrset(zone, ldns_rr_list_owner(rr_list), LDNS_RR_TYPE_NS) + )) { + + siglist = ldns_sign_public(rr_list, key_list); + for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { + if (cur_rrset->signatures) { + ldns_dnssec_rrs_add_rr(cur_rrset->signatures, + ldns_rr_list_rr(siglist, + i)); + } else { + cur_rrset->signatures = ldns_dnssec_rrs_new(); + cur_rrset->signatures->rr = + ldns_rr_list_rr(siglist, i); + ldns_rr_list_push_rr(new_rrs, + ldns_rr_list_rr(siglist, + i)); + } + } + ldns_rr_list_free(siglist); + } + + ldns_rr_list_free(rr_list); + + cur_rrset = cur_rrset->next; + } + + /* sign the nsec */ + cur_name->nsec_signatures = + ldns_dnssec_remove_signatures(cur_name->nsec_signatures, + key_list, + func, + arg); + + rr_list = ldns_rr_list_new(); + ldns_rr_list_push_rr(rr_list, cur_name->nsec); + siglist = ldns_sign_public(rr_list, key_list); + + for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { + if (cur_name->nsec_signatures) { + ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures, + ldns_rr_list_rr(siglist, i)); + } else { + cur_name->nsec_signatures = ldns_dnssec_rrs_new(); + cur_name->nsec_signatures->rr = + ldns_rr_list_rr(siglist, i); + ldns_rr_list_push_rr(new_rrs, + ldns_rr_list_rr(siglist, i)); + } + } + + ldns_rr_list_free(siglist); + ldns_rr_list_free(rr_list); + } + cur_node = ldns_rbtree_next(cur_node); + } + + ldns_rr_list_deep_free(pubkey_list); + return result; +} + +ldns_status +ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg) +{ + return ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, func, arg, 0); +} + +ldns_status +ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + int flags) +{ + ldns_status result = LDNS_STATUS_OK; + + if (!zone || !new_rrs || !key_list) { + return LDNS_STATUS_ERR; + } + + /* zone is already sorted */ + ldns_dnssec_zone_mark_glue(zone); + + /* check whether we need to add nsecs */ + if (zone->names && !((ldns_dnssec_name *)zone->names->root->data)->nsec) { + result = ldns_dnssec_zone_create_nsecs(zone, new_rrs); + if (result != LDNS_STATUS_OK) { + return result; + } + } + + result = ldns_dnssec_zone_create_rrsigs_flg(zone, + new_rrs, + key_list, + func, + arg, + flags); + + return result; +} + +ldns_status +ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + return ldns_dnssec_zone_sign_nsec3_flg(zone, new_rrs, key_list, + func, arg, algorithm, flags, iterations, salt_length, salt, 0); +} + +ldns_status +ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + int signflags) +{ + ldns_rr *nsec3, *nsec3params; + ldns_status result = LDNS_STATUS_OK; + + /* zone is already sorted */ + ldns_dnssec_zone_mark_glue(zone); + + /* TODO if there are already nsec3s presents and their + * parameters are the same as these, we don't have to recreate + */ + if (zone->names) { + /* add empty nonterminals */ + ldns_dnssec_zone_add_empty_nonterminals(zone); + + nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec; + if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) { + /* no need to recreate */ + } else { + if (!ldns_dnssec_zone_find_rrset(zone, + zone->soa->name, + LDNS_RR_TYPE_NSEC3PARAMS)) { + /* create and add the nsec3params rr */ + nsec3params = + ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS); + ldns_rr_set_owner(nsec3params, + ldns_rdf_clone(zone->soa->name)); + ldns_nsec3_add_param_rdfs(nsec3params, + algorithm, + flags, + iterations, + salt_length, + salt); + /* always set bit 7 of the flags to zero, according to + * rfc5155 section 11 */ + ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3params, 1)), 7, 0); + ldns_dnssec_zone_add_rr(zone, nsec3params); + ldns_rr_list_push_rr(new_rrs, nsec3params); + } + result = ldns_dnssec_zone_create_nsec3s(zone, + new_rrs, + algorithm, + flags, + iterations, + salt_length, + salt); + if (result != LDNS_STATUS_OK) { + return result; + } + } + + result = ldns_dnssec_zone_create_rrsigs_flg(zone, + new_rrs, + key_list, + func, + arg, + signflags); + } + + return result; +} + + +ldns_zone * +ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list) +{ + ldns_dnssec_zone *dnssec_zone; + ldns_zone *signed_zone; + ldns_rr_list *new_rrs; + size_t i; + + signed_zone = ldns_zone_new(); + dnssec_zone = ldns_dnssec_zone_new(); + + (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); + ldns_zone_set_soa(signed_zone, ldns_zone_soa(zone)); + + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + (void) ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_list_rr(ldns_zone_rrs(zone), + i)); + ldns_zone_push_rr(signed_zone, + ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), + i))); + } + + new_rrs = ldns_rr_list_new(); + (void) ldns_dnssec_zone_sign(dnssec_zone, + new_rrs, + key_list, + ldns_dnssec_default_replace_signatures, + NULL); + + for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { + ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), + ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); + } + + ldns_rr_list_deep_free(new_rrs); + ldns_dnssec_zone_free(dnssec_zone); + + return signed_zone; +} + +ldns_zone * +ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) +{ + ldns_dnssec_zone *dnssec_zone; + ldns_zone *signed_zone; + ldns_rr_list *new_rrs; + size_t i; + + signed_zone = ldns_zone_new(); + dnssec_zone = ldns_dnssec_zone_new(); + + (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); + ldns_zone_set_soa(signed_zone, ldns_zone_soa(zone)); + + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + (void) ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_list_rr(ldns_zone_rrs(zone), + i)); + ldns_zone_push_rr(signed_zone, + ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), + i))); + } + + new_rrs = ldns_rr_list_new(); + (void) ldns_dnssec_zone_sign_nsec3(dnssec_zone, + new_rrs, + key_list, + ldns_dnssec_default_replace_signatures, + NULL, + algorithm, + flags, + iterations, + salt_length, + salt); + + for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { + ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), + ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); + } + + ldns_rr_list_deep_free(new_rrs); + ldns_dnssec_zone_free(dnssec_zone); + + return signed_zone; +} +#endif /* HAVE_SSL */ + diff --git a/contrib/ldns/dnssec_verify.c b/contrib/ldns/dnssec_verify.c new file mode 100644 index 0000000000..c7cd268861 --- /dev/null +++ b/contrib/ldns/dnssec_verify.c @@ -0,0 +1,2228 @@ +#include + +#include + +#include +#include + +#ifdef HAVE_SSL +/* this entire file is rather useless when you don't have + * crypto... + */ +#include +#include +#include +#include +#include + +ldns_dnssec_data_chain * +ldns_dnssec_data_chain_new() +{ + ldns_dnssec_data_chain *nc = LDNS_XMALLOC(ldns_dnssec_data_chain, 1); + nc->rrset = NULL; + nc->parent_type = 0; + nc->parent = NULL; + nc->signatures = NULL; + nc->packet_rcode = 0; + nc->packet_qtype = 0; + nc->packet_nodata = false; + return nc; +} + +void +ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain) +{ + LDNS_FREE(chain); +} + +void +ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain) +{ + ldns_rr_list_deep_free(chain->rrset); + ldns_rr_list_deep_free(chain->signatures); + if (chain->parent) { + ldns_dnssec_data_chain_deep_free(chain->parent); + } + LDNS_FREE(chain); +} + +void +ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain) +{ + ldns_lookup_table *rcode; + const ldns_rr_descriptor *rr_descriptor; + if (chain) { + ldns_dnssec_data_chain_print(out, chain->parent); + if (ldns_rr_list_rr_count(chain->rrset) > 0) { + rcode = ldns_lookup_by_id(ldns_rcodes, + (int) chain->packet_rcode); + if (rcode) { + fprintf(out, ";; rcode: %s\n", rcode->name); + } + + rr_descriptor = ldns_rr_descript(chain->packet_qtype); + if (rr_descriptor && rr_descriptor->_name) { + fprintf(out, ";; qtype: %s\n", rr_descriptor->_name); + } else if (chain->packet_qtype != 0) { + fprintf(out, "TYPE%u", + chain->packet_qtype); + } + if (chain->packet_nodata) { + fprintf(out, ";; NODATA response\n"); + } + fprintf(out, "rrset:\n"); + ldns_rr_list_print(out, chain->rrset); + fprintf(out, "sigs:\n"); + ldns_rr_list_print(out, chain->signatures); + fprintf(out, "---\n"); + } else { + fprintf(out, "\n"); + } + } +} + +static void +ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res, + uint16_t qflags, + const ldns_pkt *pkt, + ldns_rr_list *signatures, + ldns_dnssec_data_chain *new_chain, + ldns_rdf *key_name, + ldns_rr_class c) { + ldns_rr_list *keys; + ldns_pkt *my_pkt; + if (signatures && ldns_rr_list_rr_count(signatures) > 0) { + new_chain->signatures = ldns_rr_list_clone(signatures); + new_chain->parent_type = 0; + + keys = ldns_pkt_rr_list_by_name_and_type( + pkt, + key_name, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANY_NOQUESTION + ); + if (!keys) { + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DNSKEY, + c, + qflags); + keys = ldns_pkt_rr_list_by_name_and_type( + my_pkt, + key_name, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANY_NOQUESTION + ); + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + keys, + my_pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY; + ldns_pkt_free(my_pkt); + } else { + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + keys, + pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY; + } + ldns_rr_list_deep_free(keys); + } +} + +static void +ldns_dnssec_build_data_chain_other(ldns_resolver *res, + uint16_t qflags, + ldns_dnssec_data_chain *new_chain, + ldns_rdf *key_name, + ldns_rr_class c, + ldns_rr_list *dss) +{ + /* 'self-signed', parent is a DS */ + + /* okay, either we have other keys signing the current one, + * or the current + * one should have a DS record in the parent zone. + * How do we find this out? Try both? + * + * request DNSKEYS for current zone, + * add all signatures to current level + */ + ldns_pkt *my_pkt; + ldns_rr_list *signatures2; + + new_chain->parent_type = 1; + + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DS, + c, + qflags); + dss = ldns_pkt_rr_list_by_name_and_type(my_pkt, + key_name, + LDNS_RR_TYPE_DS, + LDNS_SECTION_ANY_NOQUESTION + ); + if (dss) { + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + dss, + my_pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS; + ldns_rr_list_deep_free(dss); + } + ldns_pkt_free(my_pkt); + + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DNSKEY, + c, + qflags); + signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt, + key_name, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + if (signatures2) { + if (new_chain->signatures) { + printf("There were already sigs!\n"); + ldns_rr_list_deep_free(new_chain->signatures); + printf("replacing the old sigs\n"); + } + new_chain->signatures = signatures2; + } + ldns_pkt_free(my_pkt); +} + +ldns_dnssec_data_chain * +ldns_dnssec_build_data_chain_nokeyname(ldns_resolver *res, + uint16_t qflags, + ldns_rr *orig_rr, + const ldns_rr_list *rrset, + ldns_dnssec_data_chain *new_chain) +{ + ldns_rdf *possible_parent_name; + ldns_pkt *my_pkt; + /* apparently we were not able to find a signing key, so + we assume the chain ends here + */ + /* try parents for auth denial of DS */ + if (orig_rr) { + possible_parent_name = ldns_rr_owner(orig_rr); + } else if (rrset && ldns_rr_list_rr_count(rrset) > 0) { + possible_parent_name = ldns_rr_owner(ldns_rr_list_rr(rrset, 0)); + } else { + /* no information to go on, give up */ + return new_chain; + } + + my_pkt = ldns_resolver_query(res, + possible_parent_name, + LDNS_RR_TYPE_DS, + LDNS_RR_CLASS_IN, + qflags); + + if (ldns_pkt_ancount(my_pkt) > 0) { + /* add error, no sigs but DS in parent */ + /*ldns_pkt_print(stdout, my_pkt);*/ + ldns_pkt_free(my_pkt); + } else { + /* are there signatures? */ + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + NULL, + my_pkt, + NULL); + + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS; + + } + return new_chain; +} + + +ldns_dnssec_data_chain * +ldns_dnssec_build_data_chain(ldns_resolver *res, + uint16_t qflags, + const ldns_rr_list *rrset, + const ldns_pkt *pkt, + ldns_rr *orig_rr) +{ + ldns_rr_list *signatures = NULL; + ldns_rr_list *dss = NULL; + + ldns_rr_list *my_rrset; + + ldns_pkt *my_pkt; + + ldns_rdf *name = NULL, *key_name = NULL; + ldns_rr_type type = 0; + ldns_rr_class c = 0; + + bool other_rrset = false; + + ldns_dnssec_data_chain *new_chain = ldns_dnssec_data_chain_new(); + + if (!ldns_dnssec_pkt_has_rrsigs(pkt)) { + /* hmm. no dnssec data in the packet. go up to try and deny + * DS? */ + return new_chain; + } + + if (orig_rr) { + new_chain->rrset = ldns_rr_list_new(); + ldns_rr_list_push_rr(new_chain->rrset, orig_rr); + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + rrset, + pkt, + NULL); + new_chain->packet_rcode = ldns_pkt_get_rcode(pkt); + new_chain->packet_qtype = ldns_rr_get_type(orig_rr); + if (ldns_pkt_ancount(pkt) == 0) { + new_chain->packet_nodata = true; + } + return new_chain; + } + + if (!rrset || ldns_rr_list_rr_count(rrset) < 1) { + /* hmm, no data, do we have denial? only works if pkt was given, + otherwise caller has to do the check himself */ + new_chain->packet_nodata = true; + if (pkt) { + my_rrset = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_NSEC, + LDNS_SECTION_ANY_NOQUESTION + ); + if (my_rrset) { + if (ldns_rr_list_rr_count(my_rrset) > 0) { + type = LDNS_RR_TYPE_NSEC; + other_rrset = true; + } else { + ldns_rr_list_deep_free(my_rrset); + my_rrset = NULL; + } + } else { + /* nothing, try nsec3 */ + my_rrset = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_NSEC3, + LDNS_SECTION_ANY_NOQUESTION); + if (my_rrset) { + if (ldns_rr_list_rr_count(my_rrset) > 0) { + type = LDNS_RR_TYPE_NSEC3; + other_rrset = true; + } else { + ldns_rr_list_deep_free(my_rrset); + my_rrset = NULL; + } + } else { + /* nothing, stop */ + /* try parent zone? for denied insecure? */ + return new_chain; + } + } + } else { + return new_chain; + } + } else { + my_rrset = (ldns_rr_list *) rrset; + } + + if (my_rrset && ldns_rr_list_rr_count(my_rrset) > 0) { + new_chain->rrset = ldns_rr_list_clone(my_rrset); + name = ldns_rr_owner(ldns_rr_list_rr(my_rrset, 0)); + type = ldns_rr_get_type(ldns_rr_list_rr(my_rrset, 0)); + c = ldns_rr_get_class(ldns_rr_list_rr(my_rrset, 0)); + } + + if (other_rrset) { + ldns_rr_list_deep_free(my_rrset); + } + + /* normally there will only be 1 signature 'set' + but there can be more than 1 denial (wildcards) + so check for NSEC + */ + if (type == LDNS_RR_TYPE_NSEC || type == LDNS_RR_TYPE_NSEC3) { + /* just throw in all signatures, the tree builder must sort + this out */ + if (pkt) { + signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type); + } else { + my_pkt = ldns_resolver_query(res, name, type, c, qflags); + signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type); + ldns_pkt_free(my_pkt); + } + } else { + if (pkt) { + signatures = + ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt, + name, + type); + } + if (!signatures) { + my_pkt = ldns_resolver_query(res, name, type, c, qflags); + signatures = + ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt, + name, + type); + ldns_pkt_free(my_pkt); + } + } + + if (signatures && ldns_rr_list_rr_count(signatures) > 0) { + key_name = ldns_rr_rdf(ldns_rr_list_rr(signatures, 0), 7); + } + + if (!key_name) { + return ldns_dnssec_build_data_chain_nokeyname(res, + qflags, + orig_rr, + rrset, + new_chain); + } + + if (type != LDNS_RR_TYPE_DNSKEY) { + ldns_dnssec_build_data_chain_dnskey(res, + qflags, + pkt, + signatures, + new_chain, + key_name, + c + ); + } else { + ldns_dnssec_build_data_chain_other(res, + qflags, + new_chain, + key_name, + c, + dss + + ); + } + if (signatures) { + ldns_rr_list_deep_free(signatures); + } + + return new_chain; +} + +ldns_dnssec_trust_tree * +ldns_dnssec_trust_tree_new() +{ + ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree, + 1); + new_tree->rr = NULL; + new_tree->rrset = NULL; + new_tree->parent_count = 0; + + return new_tree; +} + +void +ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree) +{ + size_t i; + if (tree) { + for (i = 0; i < tree->parent_count; i++) { + ldns_dnssec_trust_tree_free(tree->parents[i]); + } + } + LDNS_FREE(tree); +} + +size_t +ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree) +{ + size_t result = 0; + size_t parent = 0; + size_t i; + + for (i = 0; i < tree->parent_count; i++) { + parent = ldns_dnssec_trust_tree_depth(tree->parents[i]); + if (parent > result) { + result = parent; + } + } + return 1 + result; +} + +/* TODO ldns_ */ +static void +print_tabs(FILE *out, size_t nr, uint8_t *map, size_t treedepth) +{ + size_t i; + for (i = 0; i < nr; i++) { + if (i == nr - 1) { + fprintf(out, "|---"); + } else if (map && i < treedepth && map[i] == 1) { + fprintf(out, "| "); + } else { + fprintf(out, " "); + } + } +} + +void +ldns_dnssec_trust_tree_print_sm(FILE *out, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended, + uint8_t *sibmap, + size_t treedepth) +{ + size_t i; + const ldns_rr_descriptor *descriptor; + bool mapset = false; + + if (!sibmap) { + treedepth = ldns_dnssec_trust_tree_depth(tree); + sibmap = malloc(treedepth); + memset(sibmap, 0, treedepth); + mapset = true; + } + + if (tree) { + if (tree->rr) { + print_tabs(out, tabs, sibmap, treedepth); + ldns_rdf_print(out, ldns_rr_owner(tree->rr)); + descriptor = ldns_rr_descript(ldns_rr_get_type(tree->rr)); + + if (descriptor->_name) { + fprintf(out, " (%s", descriptor->_name); + } else { + fprintf(out, " (TYPE%d", + ldns_rr_get_type(tree->rr)); + } + if (tabs > 0) { + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DNSKEY) { + fprintf(out, " keytag: %u", + (unsigned int) ldns_calc_keytag(tree->rr)); + fprintf(out, " alg: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2)); + fprintf(out, " flags: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + } else if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DS) { + fprintf(out, " keytag: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + fprintf(out, " digest type: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2)); + } + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NSEC) { + fprintf(out, " "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + fprintf(out, " "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 1)); + } + } + + fprintf(out, ")\n"); + for (i = 0; i < tree->parent_count; i++) { + if (tree->parent_count > 1 && i < tree->parent_count - 1) { + sibmap[tabs] = 1; + } else { + sibmap[tabs] = 0; + } + /* only print errors */ + if (ldns_rr_get_type(tree->parents[i]->rr) == + LDNS_RR_TYPE_NSEC || + ldns_rr_get_type(tree->parents[i]->rr) == + LDNS_RR_TYPE_NSEC3) { + if (tree->parent_status[i] == LDNS_STATUS_OK) { + print_tabs(out, tabs + 1, sibmap, treedepth); + if (tabs == 0 && + ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS && + ldns_rr_rd_count(tree->rr) > 0) { + fprintf(out, "Existence of DS is denied by:\n"); + } else { + fprintf(out, "Existence is denied by:\n"); + } + } else { + /* NS records aren't signed */ + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS) { + fprintf(out, "Existence of DS is denied by:\n"); + } else { + print_tabs(out, tabs + 1, sibmap, treedepth); + fprintf(out, + "Error in denial of existence: %s\n", + ldns_get_errorstr_by_id( + tree->parent_status[i])); + } + } + } else + if (tree->parent_status[i] != LDNS_STATUS_OK) { + print_tabs(out, tabs + 1, sibmap, treedepth); + fprintf(out, + "%s:\n", + ldns_get_errorstr_by_id( + tree->parent_status[i])); + if (tree->parent_status[i] + == LDNS_STATUS_SSL_ERR) { + printf("; SSL Error: "); + ERR_load_crypto_strings(); + ERR_print_errors_fp(stdout); + printf("\n"); + } + ldns_rr_print(out, tree->parent_signature[i]); + printf("For RRset:\n"); + ldns_rr_list_print(out, tree->rrset); + printf("With key:\n"); + ldns_rr_print(out, tree->parents[i]->rr); + } + ldns_dnssec_trust_tree_print_sm(out, + tree->parents[i], + tabs+1, + extended, + sibmap, + treedepth); + } + } else { + print_tabs(out, tabs, sibmap, treedepth); + fprintf(out, "\n"); + } + } else { + fprintf(out, "\n"); + } + + if (mapset) { + free(sibmap); + } +} + +void +ldns_dnssec_trust_tree_print(FILE *out, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended) +{ + ldns_dnssec_trust_tree_print_sm(out, tree, tabs, extended, NULL, 0); +} + +ldns_status +ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree, + const ldns_dnssec_trust_tree *parent, + const ldns_rr *signature, + const ldns_status parent_status) +{ + if (tree + && parent + && tree->parent_count < LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS) { + /* + printf("Add parent for: "); + ldns_rr_print(stdout, tree->rr); + printf("parent: "); + ldns_rr_print(stdout, parent->rr); + */ + tree->parents[tree->parent_count] = + (ldns_dnssec_trust_tree *) parent; + tree->parent_status[tree->parent_count] = parent_status; + tree->parent_signature[tree->parent_count] = (ldns_rr *) signature; + tree->parent_count++; + return LDNS_STATUS_OK; + } else { + return LDNS_STATUS_ERR; + } +} + +/* if rr is null, take the first from the rrset */ +ldns_dnssec_trust_tree * +ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr) +{ + ldns_rr_list *cur_rrset; + ldns_rr_list *cur_sigs; + ldns_rr *cur_rr = NULL; + ldns_rr *cur_sig_rr; + uint16_t cur_keytag; + size_t i, j; + + ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new(); + + if (data_chain && data_chain->rrset) { + cur_rrset = data_chain->rrset; + + cur_sigs = data_chain->signatures; + + if (rr) { + cur_rr = rr; + } + + if (!cur_rr && ldns_rr_list_rr_count(cur_rrset) > 0) { + cur_rr = ldns_rr_list_rr(cur_rrset, 0); + } + + if (cur_rr) { + new_tree->rr = cur_rr; + new_tree->rrset = cur_rrset; + /* there are three possibilities: + 1 - 'normal' rrset, signed by a key + 2 - dnskey signed by other dnskey + 3 - dnskey proven by higher level DS + (data denied by nsec is a special case that can + occur in multiple places) + + */ + if (cur_sigs) { + for (i = 0; i < ldns_rr_list_rr_count(cur_sigs); i++) { + /* find the appropriate key in the parent list */ + cur_sig_rr = ldns_rr_list_rr(cur_sigs, i); + cur_keytag = + ldns_rdf2native_int16( + ldns_rr_rrsig_keytag(cur_sig_rr)); + + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_NSEC) { + if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr), + ldns_rr_owner(cur_rr))) + { + /* find first that does match */ + + for (j = 0; + j < ldns_rr_list_rr_count(cur_rrset) && + ldns_dname_compare(ldns_rr_owner(cur_sig_rr),ldns_rr_owner(cur_rr)) != 0; + j++) { + cur_rr = ldns_rr_list_rr(cur_rrset, j); + + } + if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr), + ldns_rr_owner(cur_rr))) + { + break; + } + } + + } + /* option 1 */ + if (data_chain->parent) { + ldns_dnssec_derive_trust_tree_normal_rrset( + new_tree, + data_chain, + cur_sig_rr); + } + + /* option 2 */ + ldns_dnssec_derive_trust_tree_dnskey_rrset( + new_tree, + data_chain, + cur_rr, + cur_sig_rr); + } + + ldns_dnssec_derive_trust_tree_ds_rrset(new_tree, + data_chain, + cur_rr); + } else { + /* no signatures? maybe it's nsec data */ + + /* just add every rr from parent as new parent */ + ldns_dnssec_derive_trust_tree_no_sig(new_tree, data_chain); + } + } + } + + return new_tree; +} + +void +ldns_dnssec_derive_trust_tree_normal_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_sig_rr) +{ + size_t i, j; + ldns_rr_list *cur_rrset = ldns_rr_list_clone(data_chain->rrset); + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + uint16_t cur_keytag; + ldns_rr_list *tmp_rrset = NULL; + ldns_status cur_status; + + cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr)); + + for (j = 0; j < ldns_rr_list_rr_count(data_chain->parent->rrset); j++) { + cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j); + if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_calc_keytag(cur_parent_rr) == cur_keytag) { + + /* TODO: check wildcard nsec too */ + if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) { + tmp_rrset = cur_rrset; + if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) + == LDNS_RR_TYPE_NSEC || + ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) + == LDNS_RR_TYPE_NSEC3) { + /* might contain different names! + sort and split */ + ldns_rr_list_sort(cur_rrset); + if (tmp_rrset && tmp_rrset != cur_rrset) { + ldns_rr_list_deep_free(tmp_rrset); + tmp_rrset = NULL; + } + tmp_rrset = ldns_rr_list_pop_rrset(cur_rrset); + + /* with nsecs, this might be the wrong one */ + while (tmp_rrset && + ldns_rr_list_rr_count(cur_rrset) > 0 && + ldns_dname_compare( + ldns_rr_owner(ldns_rr_list_rr( + tmp_rrset, 0)), + ldns_rr_owner(cur_sig_rr)) != 0) { + ldns_rr_list_deep_free(tmp_rrset); + tmp_rrset = + ldns_rr_list_pop_rrset(cur_rrset); + } + } + cur_status = ldns_verify_rrsig(tmp_rrset, + cur_sig_rr, + cur_parent_rr); + /* avoid dupes */ + for (i = 0; i < new_tree->parent_count; i++) { + if (cur_parent_rr == new_tree->parents[i]->rr) { + goto done; + } + } + + cur_parent_tree = + ldns_dnssec_derive_trust_tree(data_chain->parent, + cur_parent_rr); + (void)ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, + cur_sig_rr, + cur_status); + } + } + } + } + done: + if (tmp_rrset && tmp_rrset != cur_rrset) { + ldns_rr_list_deep_free(tmp_rrset); + } + ldns_rr_list_deep_free(cur_rrset); +} + +void +ldns_dnssec_derive_trust_tree_dnskey_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + ldns_rr *cur_sig_rr) +{ + size_t j; + ldns_rr_list *cur_rrset = data_chain->rrset; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + uint16_t cur_keytag; + ldns_status cur_status; + + cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr)); + + for (j = 0; j < ldns_rr_list_rr_count(cur_rrset); j++) { + cur_parent_rr = ldns_rr_list_rr(cur_rrset, j); + if (cur_parent_rr != cur_rr && + ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_calc_keytag(cur_parent_rr) == cur_keytag + ) { + cur_parent_tree = ldns_dnssec_trust_tree_new(); + cur_parent_tree->rr = cur_parent_rr; + cur_parent_tree->rrset = cur_rrset; + cur_status = ldns_verify_rrsig(cur_rrset, + cur_sig_rr, + cur_parent_rr); + (void) ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, cur_sig_rr, cur_status); + } + } + } +} + +void +ldns_dnssec_derive_trust_tree_ds_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr) +{ + size_t j, h; + ldns_rr_list *cur_rrset = data_chain->rrset; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + + /* try the parent to see whether there are DSs there */ + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_DNSKEY && + data_chain->parent && + data_chain->parent->rrset + ) { + for (j = 0; + j < ldns_rr_list_rr_count(data_chain->parent->rrset); + j++) { + cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j); + if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DS) { + for (h = 0; h < ldns_rr_list_rr_count(cur_rrset); h++) { + cur_rr = ldns_rr_list_rr(cur_rrset, h); + if (ldns_rr_compare_ds(cur_rr, cur_parent_rr)) { + cur_parent_tree = + ldns_dnssec_derive_trust_tree( + data_chain->parent, cur_parent_rr); + (void) ldns_dnssec_trust_tree_add_parent( + new_tree, + cur_parent_tree, + NULL, + LDNS_STATUS_OK); + } else { + /*ldns_rr_print(stdout, cur_parent_rr);*/ + } + } + cur_rr = ldns_rr_list_rr(cur_rrset, 0); + } + } + } +} + +void +ldns_dnssec_derive_trust_tree_no_sig(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain) +{ + size_t i; + ldns_rr_list *cur_rrset; + ldns_rr *cur_parent_rr; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_status result; + + if (data_chain->parent && data_chain->parent->rrset) { + cur_rrset = data_chain->parent->rrset; + /* nsec? */ + if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) { + if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) == + LDNS_RR_TYPE_NSEC3) { + result = ldns_dnssec_verify_denial_nsec3( + new_tree->rr, + cur_rrset, + data_chain->parent->signatures, + data_chain->packet_rcode, + data_chain->packet_qtype, + data_chain->packet_nodata); + } else if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) == + LDNS_RR_TYPE_NSEC3) { + result = ldns_dnssec_verify_denial( + new_tree->rr, + cur_rrset, + data_chain->parent->signatures); + } else { + /* unsigned zone, unsigned parent */ + result = LDNS_STATUS_OK; + } + } else { + result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; + } + for (i = 0; i < ldns_rr_list_rr_count(cur_rrset); i++) { + cur_parent_rr = ldns_rr_list_rr(cur_rrset, i); + cur_parent_tree = + ldns_dnssec_derive_trust_tree(data_chain->parent, + cur_parent_rr); + (void) ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, NULL, result); + } + } +} + +/* + * returns OK if there is a path from tree to key with only OK + * the (first) error in between otherwise + * or NOT_FOUND if the key wasn't present at all + */ +ldns_status +ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree, + ldns_rr_list *trusted_keys) +{ + size_t i; + ldns_status result = LDNS_STATUS_CRYPTO_NO_DNSKEY; + bool equal; + ldns_status parent_result; + + if (tree && trusted_keys && ldns_rr_list_rr_count(trusted_keys) > 0) + { if (tree->rr) { + for (i = 0; i < ldns_rr_list_rr_count(trusted_keys); i++) { + equal = ldns_rr_compare_ds( + tree->rr, + ldns_rr_list_rr(trusted_keys, i)); + if (equal) { + result = LDNS_STATUS_OK; + return result; + } + } + } + for (i = 0; i < tree->parent_count; i++) { + parent_result = + ldns_dnssec_trust_tree_contains_keys(tree->parents[i], + trusted_keys); + if (parent_result != LDNS_STATUS_CRYPTO_NO_DNSKEY) { + if (tree->parent_status[i] != LDNS_STATUS_OK) { + result = tree->parent_status[i]; + } else { + if (ldns_rr_get_type(tree->rr) + == LDNS_RR_TYPE_NSEC && + parent_result == LDNS_STATUS_OK + ) { + result = + LDNS_STATUS_DNSSEC_EXISTENCE_DENIED; + } else { + result = parent_result; + } + } + } + } + } else { + result = LDNS_STATUS_ERR; + } + + return result; +} + +ldns_status +ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, const ldns_rr_list *keys, + ldns_rr_list *good_keys) +{ + uint16_t i; + ldns_status verify_result = LDNS_STATUS_ERR; + + if (!rrset || !rrsig || !keys) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrset) < 1) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrsig) < 1) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + + if (ldns_rr_list_rr_count(keys) < 1) { + verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + } else { + for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { + ldns_status s = ldns_verify_rrsig_keylist(rrset, + ldns_rr_list_rr(rrsig, i), keys, good_keys); + /* try a little to get more descriptive error */ + if(s == LDNS_STATUS_OK) { + verify_result = LDNS_STATUS_OK; + } else if(verify_result == LDNS_STATUS_ERR) + verify_result = s; + else if(s != LDNS_STATUS_ERR && verify_result == + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) + verify_result = s; + } + } + return verify_result; +} + +ldns_status +ldns_verify_notime(ldns_rr_list *rrset, ldns_rr_list *rrsig, + const ldns_rr_list *keys, ldns_rr_list *good_keys) +{ + uint16_t i; + ldns_status verify_result = LDNS_STATUS_ERR; + + if (!rrset || !rrsig || !keys) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrset) < 1) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrsig) < 1) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + + if (ldns_rr_list_rr_count(keys) < 1) { + verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + } else { + for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { + ldns_status s = ldns_verify_rrsig_keylist_notime(rrset, + ldns_rr_list_rr(rrsig, i), keys, good_keys); + + /* try a little to get more descriptive error */ + if (s == LDNS_STATUS_OK) { + verify_result = LDNS_STATUS_OK; + } else if (verify_result == LDNS_STATUS_ERR) { + verify_result = s; + } else if (s != LDNS_STATUS_ERR && verify_result == + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) { + verify_result = s; + } + } + } + return verify_result; +} + +ldns_rr_list * +ldns_fetch_valid_domain_keys(const ldns_resolver *res, + const ldns_rdf *domain, + const ldns_rr_list *keys, + ldns_status *status) +{ + ldns_rr_list * trusted_keys = NULL; + ldns_rr_list * ds_keys = NULL; + + if (res && domain && keys) { + + if ((trusted_keys = ldns_validate_domain_dnskey(res, + domain, + keys))) { + *status = LDNS_STATUS_OK; + } else { + /* No trusted keys in this domain, we'll have to find some in the parent domain */ + *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + + if (ldns_rdf_size(domain) > 1) { + /* Fail if we are at the root */ + ldns_rr_list * parent_keys; + ldns_rdf * parent_domain = ldns_dname_left_chop(domain); + + if ((parent_keys = + ldns_fetch_valid_domain_keys(res, + parent_domain, + keys, + status))) { + /* Check DS records */ + if ((ds_keys = + ldns_validate_domain_ds(res, + domain, + parent_keys))) { + trusted_keys = + ldns_fetch_valid_domain_keys(res, + domain, + ds_keys, + status); + ldns_rr_list_deep_free(ds_keys); + } else { + /* No valid DS at the parent -- fail */ + *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DS ; + } + ldns_rr_list_deep_free(parent_keys); + } + ldns_rdf_deep_free(parent_domain); + } + } + } + return trusted_keys; +} + +ldns_rr_list * +ldns_validate_domain_dnskey(const ldns_resolver * res, + const ldns_rdf * domain, + const ldns_rr_list * keys) +{ + ldns_status status; + ldns_pkt * keypkt; + ldns_rr * cur_key; + uint16_t key_i; uint16_t key_j; uint16_t key_k; + uint16_t sig_i; ldns_rr * cur_sig; + + ldns_rr_list * domain_keys = NULL; + ldns_rr_list * domain_sigs = NULL; + ldns_rr_list * trusted_keys = NULL; + + /* Fetch keys for the domain */ + if ((keypkt = ldns_resolver_query(res, + domain, + LDNS_RR_TYPE_DNSKEY, + LDNS_RR_CLASS_IN, + LDNS_RD))) { + + domain_keys = ldns_pkt_rr_list_by_type(keypkt, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANSWER); + domain_sigs = ldns_pkt_rr_list_by_type(keypkt, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + + /* Try to validate the record using our keys */ + for (key_i=0; key_i< ldns_rr_list_rr_count(domain_keys); key_i++) { + + cur_key = ldns_rr_list_rr(domain_keys, key_i); + for (key_j=0; key_j + +#include + +ldns_dnssec_rrs * +ldns_dnssec_rrs_new() +{ + ldns_dnssec_rrs *new_rrs; + new_rrs = LDNS_MALLOC(ldns_dnssec_rrs); + new_rrs->rr = NULL; + new_rrs->next = NULL; + return new_rrs; +} + +INLINE void +ldns_dnssec_rrs_free_internal(ldns_dnssec_rrs *rrs, int deep) +{ + ldns_dnssec_rrs *next; + while (rrs) { + next = rrs->next; + if (deep) { + ldns_rr_free(rrs->rr); + } + LDNS_FREE(rrs); + rrs = next; + } +} + +void +ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs) +{ + ldns_dnssec_rrs_free_internal(rrs, 0); +} + +void +ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs) +{ + ldns_dnssec_rrs_free_internal(rrs, 1); +} + +ldns_status +ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr) +{ + int cmp; + ldns_dnssec_rrs *new_rrs; + if (!rrs || !rr) { + return LDNS_STATUS_ERR; + } + + /* this could be done more efficiently; name and type should already + be equal */ + cmp = ldns_rr_compare(rrs->rr, + rr); + /* should we error on equal? */ + if (cmp <= 0) { + if (rrs->next) { + ldns_dnssec_rrs_add_rr(rrs->next, rr); + } else { + new_rrs = ldns_dnssec_rrs_new(); + new_rrs->rr = rr; + rrs->next = new_rrs; + } + } else if (cmp > 0) { + /* put the current old rr in the new next, put the new + rr in the current container */ + new_rrs = ldns_dnssec_rrs_new(); + new_rrs->rr = rrs->rr; + new_rrs->next = rrs->next; + rrs->rr = rr; + rrs->next = new_rrs; + } + return LDNS_STATUS_OK; +} + +void +ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs) +{ + if (!rrs) { + fprintf(out, ""); + } else { + if (rrs->rr) { + ldns_rr_print(out, rrs->rr); + } + if (rrs->next) { + ldns_dnssec_rrs_print(out, rrs->next); + } + } +} + +ldns_dnssec_rrsets * +ldns_dnssec_rrsets_new() +{ + ldns_dnssec_rrsets *new_rrsets; + new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets); + new_rrsets->rrs = NULL; + new_rrsets->type = 0; + new_rrsets->signatures = NULL; + new_rrsets->next = NULL; + return new_rrsets; +} + +INLINE void +ldns_dnssec_rrsets_free_internal(ldns_dnssec_rrsets *rrsets, int deep) +{ + if (rrsets) { + if (rrsets->rrs) { + ldns_dnssec_rrs_free_internal(rrsets->rrs, deep); + } + if (rrsets->next) { + ldns_dnssec_rrsets_free_internal(rrsets->next, deep); + } + if (rrsets->signatures) { + ldns_dnssec_rrs_free_internal(rrsets->signatures, deep); + } + LDNS_FREE(rrsets); + } +} + +void +ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets) +{ + ldns_dnssec_rrsets_free_internal(rrsets, 0); +} + +void +ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets) +{ + ldns_dnssec_rrsets_free_internal(rrsets, 1); +} + +ldns_rr_type +ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets) +{ + if (rrsets) { + return rrsets->type; + } else { + return 0; + } +} + +ldns_status +ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, + ldns_rr_type type) +{ + if (rrsets) { + rrsets->type = type; + return LDNS_STATUS_OK; + } + return LDNS_STATUS_ERR; +} + +ldns_dnssec_rrsets * +ldns_dnssec_rrsets_new_frm_rr(ldns_rr *rr) +{ + ldns_dnssec_rrsets *new_rrsets; + ldns_rr_type rr_type; + bool rrsig; + + new_rrsets = ldns_dnssec_rrsets_new(); + rr_type = ldns_rr_get_type(rr); + if (rr_type == LDNS_RR_TYPE_RRSIG) { + rrsig = true; + rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } else { + rrsig = false; + } + if (!rrsig) { + new_rrsets->rrs = ldns_dnssec_rrs_new(); + new_rrsets->rrs->rr = rr; + } else { + new_rrsets->signatures = ldns_dnssec_rrs_new(); + new_rrsets->signatures->rr = rr; + } + new_rrsets->type = rr_type; + return new_rrsets; +} + +ldns_status +ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr) +{ + ldns_dnssec_rrsets *new_rrsets; + ldns_rr_type rr_type; + bool rrsig = false; + ldns_status result = LDNS_STATUS_OK; + + if (!rrsets || !rr) { + return LDNS_STATUS_ERR; + } + + rr_type = ldns_rr_get_type(rr); + + if (rr_type == LDNS_RR_TYPE_RRSIG) { + rrsig = true; + rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + + if (!rrsets->rrs && rrsets->type == 0 && !rrsets->signatures) { + if (!rrsig) { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + rrsets->type = rr_type; + } else { + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + rrsets->type = rr_type; + } + return LDNS_STATUS_OK; + } + + if (rr_type > ldns_dnssec_rrsets_type(rrsets)) { + if (rrsets->next) { + result = ldns_dnssec_rrsets_add_rr(rrsets->next, rr); + } else { + new_rrsets = ldns_dnssec_rrsets_new_frm_rr(rr); + rrsets->next = new_rrsets; + } + } else if (rr_type < ldns_dnssec_rrsets_type(rrsets)) { + /* move the current one into the new next, + replace field of current with data from new rr */ + new_rrsets = ldns_dnssec_rrsets_new(); + new_rrsets->rrs = rrsets->rrs; + new_rrsets->type = rrsets->type; + new_rrsets->signatures = rrsets->signatures; + new_rrsets->next = rrsets->next; + if (!rrsig) { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + rrsets->signatures = NULL; + } else { + rrsets->rrs = NULL; + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + } + rrsets->type = rr_type; + rrsets->next = new_rrsets; + } else { + /* equal, add to current rrsets */ + if (rrsig) { + if (rrsets->signatures) { + result = ldns_dnssec_rrs_add_rr(rrsets->signatures, rr); + } else { + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + } + } else { + if (rrsets->rrs) { + result = ldns_dnssec_rrs_add_rr(rrsets->rrs, rr); + } else { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + } + } + } + + return result; +} + +void +ldns_dnssec_rrsets_print_soa(FILE *out, + ldns_dnssec_rrsets *rrsets, + bool follow, + bool show_soa) +{ + if (!rrsets) { + fprintf(out, "\n"); + } else { + if (rrsets->rrs && + (show_soa || + ldns_rr_get_type(rrsets->rrs->rr) != LDNS_RR_TYPE_SOA + ) + ) { + ldns_dnssec_rrs_print(out, rrsets->rrs); + if (rrsets->signatures) { + ldns_dnssec_rrs_print(out, rrsets->signatures); + } + } + if (follow && rrsets->next) { + ldns_dnssec_rrsets_print_soa(out, rrsets->next, follow, show_soa); + } + } +} + +void +ldns_dnssec_rrsets_print(FILE *out, ldns_dnssec_rrsets *rrsets, bool follow) +{ + ldns_dnssec_rrsets_print_soa(out, rrsets, follow, true); +} + +ldns_dnssec_name * +ldns_dnssec_name_new() +{ + ldns_dnssec_name *new_name; + + new_name = LDNS_MALLOC(ldns_dnssec_name); + if (!new_name) { + return NULL; + } + + new_name->name = NULL; + new_name->rrsets = NULL; + new_name->name_alloced = false; + new_name->nsec = NULL; + new_name->nsec_signatures = NULL; + + new_name->is_glue = false; + new_name->hashed_name = NULL; + + return new_name; +} + +ldns_dnssec_name * +ldns_dnssec_name_new_frm_rr(ldns_rr *rr) +{ + ldns_dnssec_name *new_name = ldns_dnssec_name_new(); + + new_name->name = ldns_rr_owner(rr); + ldns_dnssec_name_add_rr(new_name, rr); + + return new_name; +} + +INLINE void +ldns_dnssec_name_free_internal(ldns_dnssec_name *name, + int deep) +{ + if (name) { + if (name->name_alloced) { + ldns_rdf_deep_free(name->name); + } + if (name->rrsets) { + ldns_dnssec_rrsets_free_internal(name->rrsets, deep); + } + if (name->nsec && deep) { + ldns_rr_free(name->nsec); + } + if (name->nsec_signatures) { + ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep); + } + if (name->hashed_name) { + if (deep) { + ldns_rdf_deep_free(name->hashed_name); + } + } + LDNS_FREE(name); + } +} + +void +ldns_dnssec_name_free(ldns_dnssec_name *name) +{ + ldns_dnssec_name_free_internal(name, 0); +} + +void +ldns_dnssec_name_deep_free(ldns_dnssec_name *name) +{ + ldns_dnssec_name_free_internal(name, 1); +} + +ldns_rdf * +ldns_dnssec_name_name(ldns_dnssec_name *name) +{ + if (name) { + return name->name; + } + return NULL; +} + +void +ldns_dnssec_name_set_name(ldns_dnssec_name *rrset, + ldns_rdf *dname) +{ + if (rrset && dname) { + rrset->name = dname; + } +} + +ldns_rr * +ldns_dnssec_name_nsec(ldns_dnssec_name *rrset) +{ + if (rrset) { + return rrset->nsec; + } + return NULL; +} + +void +ldns_dnssec_name_set_nsec(ldns_dnssec_name *rrset, ldns_rr *nsec) +{ + if (rrset && nsec) { + rrset->nsec = nsec; + } +} + +int +ldns_dnssec_name_cmp(const void *a, const void *b) +{ + ldns_dnssec_name *na = (ldns_dnssec_name *) a; + ldns_dnssec_name *nb = (ldns_dnssec_name *) b; + + if (na && nb) { + return ldns_dname_compare(ldns_dnssec_name_name(na), + ldns_dnssec_name_name(nb)); + } else if (na) { + return 1; + } else if (nb) { + return -1; + } else { + return 0; + } +} + +ldns_status +ldns_dnssec_name_add_rr(ldns_dnssec_name *name, + ldns_rr *rr) +{ + ldns_status result = LDNS_STATUS_OK; + ldns_rdf *name_name; + bool hashed_name = false; + ldns_rr_type rr_type = ldns_rr_get_type(rr); + ldns_rr_type typecovered = 0; + + /* special handling for NSEC3 and NSECX covering RRSIGS */ + + if (!name || !rr) { + return LDNS_STATUS_ERR; + } + + rr_type = ldns_rr_get_type(rr); + + if (rr_type == LDNS_RR_TYPE_RRSIG) { + typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + +#ifdef HAVE_SSL + if (rr_type == LDNS_RR_TYPE_NSEC3 || + typecovered == LDNS_RR_TYPE_NSEC3) { + name_name = ldns_nsec3_hash_name_frm_nsec3(rr, + ldns_dnssec_name_name(name)); + hashed_name = true; + } else { + name_name = ldns_dnssec_name_name(name); + } +#else + name_name = ldns_dnssec_name_name(name); +#endif /* HAVE_SSL */ + + if (rr_type == LDNS_RR_TYPE_NSEC || + rr_type == LDNS_RR_TYPE_NSEC3) { + /* XX check if is already set (and error?) */ + name->nsec = rr; + } else if (typecovered == LDNS_RR_TYPE_NSEC || + typecovered == LDNS_RR_TYPE_NSEC3) { + if (name->nsec_signatures) { + ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr); + } else { + name->nsec_signatures = ldns_dnssec_rrs_new(); + name->nsec_signatures->rr = rr; + } + } else { + /* it's a 'normal' RR, add it to the right rrset */ + if (name->rrsets) { + result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); + } else { + name->rrsets = ldns_dnssec_rrsets_new(); + result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); + } + } + + if (hashed_name) { + ldns_rdf_deep_free(name_name); + } + + return result; +} + +ldns_dnssec_rrsets * +ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, + ldns_rr_type type) { + ldns_dnssec_rrsets *result; + + result = name->rrsets; + while (result) { + if (result->type == type) { + return result; + } else { + result = result->next; + } + } + return NULL; +} + +ldns_dnssec_rrsets * +ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, + ldns_rdf *dname, + ldns_rr_type type) +{ + ldns_rbnode_t *node; + + if (!zone || !dname) { + return NULL; + } + + node = ldns_rbtree_search(zone->names, dname); + if (node) { + return ldns_dnssec_name_find_rrset((ldns_dnssec_name *)node->data, + type); + } else { + return NULL; + } +} + +static inline void +print_indent(FILE *out, int c) +{ + int i; + for (i=0; irrsets) { + ldns_dnssec_rrsets_print_soa(out, name->rrsets, true, show_soa); + } else { + fprintf(out, ";; Empty nonterminal: "); + ldns_rdf_print(out, name->name); + fprintf(out, "\n"); + } + if(name->nsec) { + ldns_rr_print(out, name->nsec); + } + if (name->nsec_signatures) { + ldns_dnssec_rrs_print(out, name->nsec_signatures); + } + } else { + fprintf(out, "\n"); + } +} + +void +ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name) +{ + ldns_dnssec_name_print_soa(out, name, true); +} + +ldns_dnssec_zone * +ldns_dnssec_zone_new() +{ + ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone); + zone->soa = NULL; + zone->names = NULL; + + return zone; +} + +void +ldns_dnssec_name_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + ldns_dnssec_name_free((ldns_dnssec_name *)node->data); + free(node); +} + +void +ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + ldns_dnssec_name_deep_free((ldns_dnssec_name *)node->data); + free(node); +} + +void +ldns_dnssec_zone_free(ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->names) { + /* destroy all name structures within the tree */ + ldns_traverse_postorder(zone->names, + ldns_dnssec_name_node_free, + NULL); + free(zone->names); + } + LDNS_FREE(zone); + } +} + +void +ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->names) { + /* destroy all name structures within the tree */ + ldns_traverse_postorder(zone->names, + ldns_dnssec_name_node_deep_free, + NULL); + free(zone->names); + } + LDNS_FREE(zone); + } +} + +/* use for dname comparison in tree */ +int +ldns_dname_compare_v(const void *a, const void *b) { + return ldns_dname_compare((ldns_rdf *)a, (ldns_rdf *)b); +} + +#ifdef HAVE_SSL +ldns_rbnode_t * +ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, + ldns_rr *rr) { + ldns_rbnode_t *current_node = ldns_rbtree_first(zone->names); + ldns_dnssec_name *current_name; + ldns_rdf *hashed_name; + + hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0); + + while (current_node != LDNS_RBTREE_NULL) { + current_name = (ldns_dnssec_name *) current_node->data; + if (!current_name->hashed_name) { + current_name->hashed_name = + ldns_nsec3_hash_name_frm_nsec3(rr, current_name->name); + } + if (ldns_dname_compare(hashed_name, + current_name->hashed_name) + == 0) { + ldns_rdf_deep_free(hashed_name); + return current_node; + } + current_node = ldns_rbtree_next(current_node); + } + ldns_rdf_deep_free(hashed_name); + return NULL; +} + +ldns_status +ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr) +{ + ldns_status result = LDNS_STATUS_OK; + ldns_dnssec_name *cur_name; + ldns_rbnode_t *cur_node; + ldns_rr_type type_covered = 0; + + if (!zone || !rr) { + return LDNS_STATUS_ERR; + } + + if (!zone->names) { + zone->names = ldns_rbtree_create(ldns_dname_compare_v); + } + + /* we need the original of the hashed name if this is + an NSEC3, or an RRSIG that covers an NSEC3 */ + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) { + type_covered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 || + type_covered == LDNS_RR_TYPE_NSEC3) { + cur_node = ldns_dnssec_zone_find_nsec3_original(zone, + rr); + if (!cur_node) { + return LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND; + } + } else { + cur_node = ldns_rbtree_search(zone->names, ldns_rr_owner(rr)); + } + + if (!cur_node) { + /* add */ + cur_name = ldns_dnssec_name_new_frm_rr(rr); + cur_node = LDNS_MALLOC(ldns_rbnode_t); + cur_node->key = ldns_rr_owner(rr); + cur_node->data = cur_name; + ldns_rbtree_insert(zone->names, cur_node); + } else { + cur_name = (ldns_dnssec_name *) cur_node->data; + ldns_dnssec_name_add_rr(cur_name, rr); + } + + if (result != LDNS_STATUS_OK) { + fprintf(stderr, "error adding rr: "); + ldns_rr_print(stderr, rr); + } + + /*TODO ldns_dnssec_name_print_names(stdout, zone->names, 0);*/ + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) { + zone->soa = cur_name; + } + + return result; +} +#endif /* HAVE_SSL */ + +void +ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa) +{ + ldns_rbnode_t *node; + ldns_dnssec_name *name; + + node = ldns_rbtree_first(tree); + while (node != LDNS_RBTREE_NULL) { + name = (ldns_dnssec_name *) node->data; + ldns_dnssec_name_print_soa(out, name, print_soa); + fprintf(out, ";\n"); + node = ldns_rbtree_next(node); + } +} + +void +ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->soa) { + fprintf(out, ";; Zone: "); + ldns_rdf_print(out, ldns_dnssec_name_name(zone->soa)); + fprintf(out, "\n;\n"); + ldns_dnssec_rrsets_print( + out, + ldns_dnssec_name_find_rrset(zone->soa, + LDNS_RR_TYPE_SOA), + false); + fprintf(out, ";\n"); + } + + if (zone->names) { + ldns_dnssec_zone_names_print(out, zone->names, false); + } + } +} + +ldns_status +ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone) +{ + ldns_dnssec_name *new_name; + ldns_rdf *cur_name; + ldns_rdf *next_name; + ldns_rbnode_t *cur_node, *next_node, *new_node; + + /* for the detection */ + uint16_t i, cur_label_count, next_label_count; + uint16_t soa_label_count = 0; + ldns_rdf *l1, *l2; + int lpos; + + if (!zone) { + return LDNS_STATUS_ERR; + } + if (zone->soa && zone->soa->name) { + soa_label_count = ldns_dname_label_count(zone->soa->name); + } + + cur_node = ldns_rbtree_first(zone->names); + while (cur_node != LDNS_RBTREE_NULL) { + next_node = ldns_rbtree_next(cur_node); + + /* skip glue */ + while (next_node != LDNS_RBTREE_NULL && + next_node->data && + ((ldns_dnssec_name *)next_node->data)->is_glue + ) { + next_node = ldns_rbtree_next(next_node); + } + + if (next_node == LDNS_RBTREE_NULL) { + next_node = ldns_rbtree_first(zone->names); + } + + cur_name = ((ldns_dnssec_name *)cur_node->data)->name; + next_name = ((ldns_dnssec_name *)next_node->data)->name; + cur_label_count = ldns_dname_label_count(cur_name); + next_label_count = ldns_dname_label_count(next_name); + + /* Since the names are in canonical order, we can + * recognize empty non-terminals by their labels; + * every label after the first one on the next owner + * name is a non-terminal if it either does not exist + * in the current name or is different from the same + * label in the current name (counting from the end) + */ + for (i = 1; i < next_label_count - soa_label_count; i++) { + lpos = cur_label_count - next_label_count + i; + if (lpos >= 0) { + l1 = ldns_dname_label(cur_name, lpos); + } else { + l1 = NULL; + } + l2 = ldns_dname_label(next_name, i); + + if (!l1 || ldns_dname_compare(l1, l2) != 0) { + /* We have an empty nonterminal, add it to the + * tree + */ + new_name = ldns_dnssec_name_new(); + if (!new_name) { + return LDNS_STATUS_MEM_ERR; + } + new_name->name = ldns_dname_clone_from(next_name, + i); + if (!new_name) { + ldns_dnssec_name_free(new_name); + return LDNS_STATUS_MEM_ERR; + } + new_name->name_alloced = true; + new_node = LDNS_MALLOC(ldns_rbnode_t); + if (!new_node) { + ldns_dnssec_name_free(new_name); + return LDNS_STATUS_MEM_ERR; + } + new_node->key = new_name->name; + new_node->data = new_name; + ldns_rbtree_insert(zone->names, new_node); + } + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + } + + /* we might have inserted a new node after + * the current one so we can't just use next() + */ + if (next_node != ldns_rbtree_first(zone->names)) { + cur_node = next_node; + } else { + cur_node = LDNS_RBTREE_NULL; + } + } + return LDNS_STATUS_OK; +} diff --git a/contrib/ldns/drill/ChangeLog.22-nov-2005 b/contrib/ldns/drill/ChangeLog.22-nov-2005 new file mode 100644 index 0000000000..1ce8b0b7c0 --- /dev/null +++ b/contrib/ldns/drill/ChangeLog.22-nov-2005 @@ -0,0 +1,105 @@ +--------- Drill now is a subdirectory in ldns. To make life easier +--------- we are using ldns' version numbering for drill from now on. +--------- Sadly this means we GO BACKWARDS in the versions +--------- This ChangeLog will not be updated anymore - all changes are +--------- documented in ldns' ChangeLog + +1.0-pre3: to be released: drill-team + * Secure tracing works + * Added section about DNSSEC in the manual page + * Allow the class information to be given to do_chase() + * Lint fixes for the code + * Bugzilla was setup for drill + * Bug #97 (drill); -S crash was fixed + * Add -Q (quiet) flag was added. This supresses output from drill. + +1.0-pre2: 20 Jun 2005: drill-team + * Second prerelease + * Bugs where fix in the chasing functionality + +1.0-pre1: 1 Jun 2005: drill-team + * First drill release based on ldns + * drill's core code is not much more simple, as + all the difficult stuff is moved to ldns. + * Much saner argument parsing + +---------- Above Newer drill based on ldns -------------- +---------- Below Older drill with it's own DNS handling -------------- + +0.9.2: Feb 3 2005: drill-team + * Added two more options (borrowed from dig) + --rd, don't set the RD bit in queries + --fail, don't query the next nameserver on SERVFAIL + * Fixed handling of obscure data types + * Handle classes other the 'IN' when making a query + + * For people using FreeBSD: drill is now in the ports + (Thanks to Jaap Akkerhuis) + +0.9.1: Jan 5 2005: drill-team + * Makefile tweaks + * drill ns . works + * re-check the root in when tracing + * added handling for some lesser known types (including WKS) + +0.9: Dec 6 2004: drill-team + * big configure.ac and Makefile.in updates (made more general) + * escapes in names argument and txt and dname data + * gcc 2(.95) support + * packet wire data is now checked for dangerous elements (like + looping compression etc) + * (Multiple) Octal char representation + * Responses can be saved to file + * 'Answers' can be read from file instead of server + * Lots and lots of bugfixes and improvements + +0.8.1: Oct 27 2004: Miek + * configure.ac updates + * secure resolving updates (still doesn't work) + * printing additions + - CERT RR supported + - LOC RR support + * All non supported RRs are handled as unknown + * If no namservers found in /etc/resolv.conf + default to 127.0.0.1 + * Various bugs fixed + - Close sockets after using them + - Some memory leaks were plugged + +0.8: Oct 26 2004: Miek + * Lots of features added. Drill is almost feature complete + * Unknown RR's are supported + * Numerous smaller updates in documentation + * Numerous code cleanups + * Dig is no longer needed to build drill + +0.7: Oct 21 2004: Miek + * reworked interal code + * DNSSEC is working, except the secure resolving + * build updates + * more sane options parsing + * more sane argument handling + +0.6-alpha: Oct 2004: Jelte + * No log + +0.5-alpha: Sept 22 2004: Miek + * most of the DNS stuff is working + * moved to configure + * tested on Linux/FreeBSD + * fully IPV6 capable + * new DNSSEC types supported + * DNSSEC somewhat working + * gcc => 3 is needed for building + +0.4-alpha: Sept 9 2004: Miek + * moved to autoconf for building + * lots of various updates + * really a workable program now + +0.3-alpha: Sept 6 2004: Miek + * IPv6 support + * automatic secure resolving + * --trace updates + * --chase updates + * more checks diff --git a/contrib/ldns/drill/README b/contrib/ldns/drill/README new file mode 100644 index 0000000000..bbbb816ef4 --- /dev/null +++ b/contrib/ldns/drill/README @@ -0,0 +1,12 @@ +QUICK INSTALL GUIDE + +drill is a subdirectory in ldns. + +To compile drill you need: +autoreconf && ./configure && make + +If ldns is installed in a different location, use --with-ldns=directory +See also ./configure --help + +In the first case you must run drill as: +LD_LIBRARY_PATH=../.libs ./drill diff --git a/contrib/ldns/drill/REGRESSIONS b/contrib/ldns/drill/REGRESSIONS new file mode 100644 index 0000000000..b8f6be9cc9 --- /dev/null +++ b/contrib/ldns/drill/REGRESSIONS @@ -0,0 +1,25 @@ +REGRESSIONS + +This version of drill is based on ldns and as such some things +are slightly changed. This file documents the changes. + +o When tracing (-T option) we use the local resolver (as specified + in /etc/resolv.conf) to lookup names. This increases the speed + dramatically, but you obviously need to be able to reach a recursive + server/cache. + Previously drill would try to resolve the names by itself. + +o Printing of DSs after DNSKEY records. Because we don't parse our + own packets anymore, we cannot print the DS directly after the DNSKEY + record. The DSs are now printed AFTER the packet. + +o The long options are removed. + +o The chase function has a different output, and will be subject to change + in the near future. + +o The useless (for jokes only) -I option was dropped. + +FIXED: +o the argument parsing is much smarter, the order doesn't matter (much) + anymore diff --git a/contrib/ldns/drill/chasetrace.c b/contrib/ldns/drill/chasetrace.c new file mode 100644 index 0000000000..a1dfd44681 --- /dev/null +++ b/contrib/ldns/drill/chasetrace.c @@ -0,0 +1,401 @@ +/* + * chasetrace.c + * Where all the hard work concerning chasing + * and tracing is done + * (c) 2005, 2006 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +/** + * trace down from the root to name + */ + +/* same naive method as in drill0.9 + * We resolver _ALL_ the names, which is ofcourse not needed + * We _do_ use the local resolver to do that, so it still is + * fast, but it can be made to run much faster + */ +ldns_pkt * +do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, + ldns_rr_class c) +{ + ldns_resolver *res; + ldns_pkt *p; + ldns_rr_list *new_nss_a; + ldns_rr_list *new_nss_aaaa; + ldns_rr_list *final_answer; + ldns_rr_list *new_nss; + ldns_rr_list *hostnames; + ldns_rr_list *ns_addr; + uint16_t loop_count; + ldns_rdf *pop; + ldns_status status; + size_t i; + + loop_count = 0; + new_nss_a = NULL; + new_nss_aaaa = NULL; + new_nss = NULL; + ns_addr = NULL; + final_answer = NULL; + p = ldns_pkt_new(); + res = ldns_resolver_new(); + + if (!p || !res) { + error("Memory allocation failed"); + return NULL; + } + + /* transfer some properties of local_res to res, + * because they were given on the commandline */ + ldns_resolver_set_ip6(res, + ldns_resolver_ip6(local_res)); + ldns_resolver_set_port(res, + ldns_resolver_port(local_res)); + ldns_resolver_set_debug(res, + ldns_resolver_debug(local_res)); + ldns_resolver_set_dnssec(res, + ldns_resolver_dnssec(local_res)); + ldns_resolver_set_fail(res, + ldns_resolver_fail(local_res)); + ldns_resolver_set_usevc(res, + ldns_resolver_usevc(local_res)); + ldns_resolver_set_random(res, + ldns_resolver_random(local_res)); + ldns_resolver_set_recursive(res, false); + + /* setup the root nameserver in the new resolver */ + status = ldns_resolver_push_nameserver_rr_list(res, global_dns_root); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error adding root servers to resolver: %s\n", ldns_get_errorstr_by_id(status)); + ldns_rr_list_print(stdout, global_dns_root); + return NULL; + } + + /* this must be a real query to local_res */ + status = ldns_resolver_send(&p, res, ldns_dname_new_frm_str("."), LDNS_RR_TYPE_NS, c, 0); + /* p can still be NULL */ + + + if (ldns_pkt_empty(p)) { + warning("No root server information received"); + } + + if (status == LDNS_STATUS_OK) { + if (!ldns_pkt_empty(p)) { + drill_pkt_print(stdout, local_res, p); + } + } else { + error("cannot use local resolver"); + return NULL; + } + + status = ldns_resolver_send(&p, res, name, t, c, 0); + + while(status == LDNS_STATUS_OK && + ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) { + + if (!p) { + /* some error occurred, bail out */ + return NULL; + } + + new_nss_a = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); + new_nss_aaaa = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL); + new_nss = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY); + + if (verbosity != -1) { + ldns_rr_list_print(stdout, new_nss); + } + /* checks itself for verbosity */ + drill_pkt_print_footer(stdout, local_res, p); + + /* remove the old nameserver from the resolver */ + while((pop = ldns_resolver_pop_nameserver(res))) { /* do it */ } + + /* also check for new_nss emptyness */ + + if (!new_nss_aaaa && !new_nss_a) { + /* + * no nameserver found!!! + * try to resolve the names we do got + */ + for(i = 0; i < ldns_rr_list_rr_count(new_nss); i++) { + /* get the name of the nameserver */ + pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0); + if (!pop) { + break; + } + + ldns_rr_list_print(stdout, new_nss); + ldns_rdf_print(stdout, pop); + /* retrieve it's addresses */ + ns_addr = ldns_rr_list_cat_clone(ns_addr, + ldns_get_rr_list_addr_by_name(local_res, pop, c, 0)); + } + + if (ns_addr) { + if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) != + LDNS_STATUS_OK) { + error("Error adding new nameservers"); + ldns_pkt_free(p); + return NULL; + } + ldns_rr_list_free(ns_addr); + } else { + ldns_rr_list_print(stdout, ns_addr); + error("Could not find the nameserver ip addr; abort"); + ldns_pkt_free(p); + return NULL; + } + } + + /* add the new ones */ + if (new_nss_aaaa) { + if (ldns_resolver_push_nameserver_rr_list(res, new_nss_aaaa) != + LDNS_STATUS_OK) { + error("adding new nameservers"); + ldns_pkt_free(p); + return NULL; + } + } + if (new_nss_a) { + if (ldns_resolver_push_nameserver_rr_list(res, new_nss_a) != + LDNS_STATUS_OK) { + error("adding new nameservers"); + ldns_pkt_free(p); + return NULL; + } + } + + if (loop_count++ > 20) { + /* unlikely that we are doing something usefull */ + error("Looks like we are looping"); + ldns_pkt_free(p); + return NULL; + } + + status = ldns_resolver_send(&p, res, name, t, c, 0); + new_nss_aaaa = NULL; + new_nss_a = NULL; + ns_addr = NULL; + } + + status = ldns_resolver_send(&p, res, name, t, c, 0); + + if (!p) { + return NULL; + } + + hostnames = ldns_get_rr_list_name_by_addr(local_res, + ldns_pkt_answerfrom(p), 0, 0); + + new_nss = ldns_pkt_authority(p); + final_answer = ldns_pkt_answer(p); + + if (verbosity != -1) { + ldns_rr_list_print(stdout, final_answer); + ldns_rr_list_print(stdout, new_nss); + + } + drill_pkt_print_footer(stdout, local_res, p); + ldns_pkt_free(p); + return NULL; +} + + +/** + * Chase the given rr to a known and trusted key + * + * Based on drill 0.9 + * + * the last argument prev_key_list, if not null, and type == DS, then the ds + * rr list we have must all be a ds for the keys in this list + */ +#ifdef HAVE_SSL +ldns_status +do_chase(ldns_resolver *res, + ldns_rdf *name, + ldns_rr_type type, + ldns_rr_class c, + ldns_rr_list *trusted_keys, + ldns_pkt *pkt_o, + uint16_t qflags, + ldns_rr_list *prev_key_list, + int verbosity) +{ + ldns_rr_list *rrset = NULL; + ldns_status result; + ldns_rr *orig_rr = NULL; + + bool cname_followed = false; +/* + ldns_rr_list *sigs; + ldns_rr *cur_sig; + uint16_t sig_i; + ldns_rr_list *keys; +*/ + ldns_pkt *pkt; + ldns_status tree_result; + ldns_dnssec_data_chain *chain; + ldns_dnssec_trust_tree *tree; + + const ldns_rr_descriptor *descriptor; + descriptor = ldns_rr_descript(type); + + ldns_dname2canonical(name); + + pkt = ldns_pkt_clone(pkt_o); + if (!name) { + mesg("No name to chase"); + ldns_pkt_free(pkt); + return LDNS_STATUS_EMPTY_LABEL; + } + if (verbosity != -1) { + printf(";; Chasing: "); + ldns_rdf_print(stdout, name); + if (descriptor && descriptor->_name) { + printf(" %s\n", descriptor->_name); + } else { + printf(" type %d\n", type); + } + } + + if (!trusted_keys || ldns_rr_list_rr_count(trusted_keys) < 1) { + warning("No trusted keys specified"); + } + + if (pkt) { + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + type, + LDNS_SECTION_ANSWER + ); + if (!rrset) { + /* nothing in answer, try authority */ + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + type, + LDNS_SECTION_AUTHORITY + ); + } + /* answer might be a cname, chase that first, then chase + cname target? (TODO) */ + if (!rrset) { + cname_followed = true; + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + LDNS_RR_TYPE_CNAME, + LDNS_SECTION_ANSWER + ); + if (!rrset) { + /* nothing in answer, try authority */ + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + LDNS_RR_TYPE_CNAME, + LDNS_SECTION_AUTHORITY + ); + } + } + } else { + /* no packet? */ + if (verbosity >= 0) { + fprintf(stderr, "%s", ldns_get_errorstr_by_id(LDNS_STATUS_MEM_ERR)); + fprintf(stderr, "\n"); + } + return LDNS_STATUS_MEM_ERR; + } + + if (!rrset) { + /* not found in original packet, try again */ + ldns_pkt_free(pkt); + pkt = NULL; + pkt = ldns_resolver_query(res, name, type, c, qflags); + + if (!pkt) { + if (verbosity >= 0) { + fprintf(stderr, "%s", ldns_get_errorstr_by_id(LDNS_STATUS_NETWORK_ERR)); + fprintf(stderr, "\n"); + } + return LDNS_STATUS_NETWORK_ERR; + } + if (verbosity >= 5) { + ldns_pkt_print(stdout, pkt); + } + + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + type, + LDNS_SECTION_ANSWER + ); + } + + orig_rr = ldns_rr_new(); + +/* if the answer had no answer section, we need to construct our own rr (for instance if + * the rr qe asked for doesn't exist. This rr will be destroyed when the chain is freed */ + if (ldns_pkt_ancount(pkt) < 1) { + ldns_rr_set_type(orig_rr, type); + ldns_rr_set_owner(orig_rr, ldns_rdf_clone(name)); + + chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, ldns_rr_clone(orig_rr)); + } else { + /* chase the first answer */ + chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, NULL); + } + + if (verbosity >= 4) { + printf("\n\nDNSSEC Data Chain:\n"); + ldns_dnssec_data_chain_print(stdout, chain); + } + + result = LDNS_STATUS_OK; + + tree = ldns_dnssec_derive_trust_tree(chain, NULL); + + if (verbosity >= 2) { + printf("\n\nDNSSEC Trust tree:\n"); + ldns_dnssec_trust_tree_print(stdout, tree, 0, true); + } + + if (ldns_rr_list_rr_count(trusted_keys) > 0) { + tree_result = ldns_dnssec_trust_tree_contains_keys(tree, trusted_keys); + + if (tree_result == LDNS_STATUS_DNSSEC_EXISTENCE_DENIED) { + if (verbosity >= 1) { + printf("Existence denied or verifiably insecure\n"); + } + result = LDNS_STATUS_OK; + } else if (tree_result != LDNS_STATUS_OK) { + if (verbosity >= 1) { + printf("No trusted keys found in tree: first error was: %s\n", ldns_get_errorstr_by_id(tree_result)); + } + result = tree_result; + } + + } else { + if (verbosity >= 0) { + printf("You have not provided any trusted keys.\n"); + } + } + + ldns_rr_free(orig_rr); + ldns_dnssec_trust_tree_free(tree); + ldns_dnssec_data_chain_deep_free(chain); + + ldns_rr_list_deep_free(rrset); + ldns_pkt_free(pkt); + /* ldns_rr_free(orig_rr);*/ + + return result; +} +#endif /* HAVE_SSL */ + diff --git a/contrib/ldns/drill/dnssec.c b/contrib/ldns/drill/dnssec.c new file mode 100644 index 0000000000..22019533de --- /dev/null +++ b/contrib/ldns/drill/dnssec.c @@ -0,0 +1,494 @@ +/* + * dnssec.c + * Some DNSSEC helper function are defined here + * and tracing is done + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +/* get rr_type from a server from a server */ +ldns_rr_list * +get_rr(ldns_resolver *res, ldns_rdf *zname, ldns_rr_type t, ldns_rr_class c) +{ + /* query, retrieve, extract and return */ + ldns_pkt *p; + ldns_rr_list *found; + + p = ldns_pkt_new(); + found = NULL; + + if (ldns_resolver_send(&p, res, zname, t, c, 0) != LDNS_STATUS_OK) { + /* oops */ + return NULL; + } else { + found = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANY_NOQUESTION); + } + return found; +} + +void +drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p) +{ + ldns_rr_list *new_nss; + ldns_rr_list *hostnames; + + if (verbosity < 5) { + return; + } + + hostnames = ldns_get_rr_list_name_by_addr(r, ldns_pkt_answerfrom(p), 0, 0); + + new_nss = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER); + ldns_rr_list_print(fd, new_nss); + + /* new_nss can be empty.... */ + + fprintf(fd, ";; Received %d bytes from %s#%d(", + (int) ldns_pkt_size(p), + ldns_rdf2str(ldns_pkt_answerfrom(p)), + (int) ldns_resolver_port(r)); + /* if we can resolve this print it, other print the ip again */ + if (hostnames) { + ldns_rdf_print(fd, + ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0)); + ldns_rr_list_deep_free(hostnames); + } else { + fprintf(fd, "%s", ldns_rdf2str(ldns_pkt_answerfrom(p))); + } + fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p)); +} + +void +drill_pkt_print_footer(FILE *fd, ldns_resolver *r, ldns_pkt *p) +{ + ldns_rr_list *hostnames; + + if (verbosity < 5) { + return; + } + + hostnames = ldns_get_rr_list_name_by_addr(r, ldns_pkt_answerfrom(p), 0, 0); + + fprintf(fd, ";; Received %d bytes from %s#%d(", + (int) ldns_pkt_size(p), + ldns_rdf2str(ldns_pkt_answerfrom(p)), + (int) ldns_resolver_port(r)); + /* if we can resolve this print it, other print the ip again */ + if (hostnames) { + ldns_rdf_print(fd, + ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0)); + ldns_rr_list_deep_free(hostnames); + } else { + fprintf(fd, "%s", ldns_rdf2str(ldns_pkt_answerfrom(p))); + } + fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p)); +} +/* + * generic function to get some RRset from a nameserver + * and possible some signatures too (that would be the day...) + */ +ldns_pkt_type +get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t, + ldns_rr_list **rrlist, ldns_rr_list **sig) +{ + ldns_pkt_type pt = LDNS_PACKET_UNKNOWN; + ldns_rr_list *rr = NULL; + ldns_rr_list *sigs = NULL; + size_t i; + + if (!p) { + if (rrlist) { + *rrlist = NULL; + } + return LDNS_PACKET_UNKNOWN; + } + + pt = ldns_pkt_reply_type(p); + if (name) { + rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_ANSWER); + if (!rr) { + rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_AUTHORITY); + } + sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + if (!sigs) { + sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_AUTHORITY); + } + } else { + /* A DS-referral - get the DS records if they are there */ + rr = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_AUTHORITY); + sigs = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_AUTHORITY); + } + if (sig) { + *sig = ldns_rr_list_new(); + for (i = 0; i < ldns_rr_list_rr_count(sigs); i++) { + /* only add the sigs that cover this type */ + if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(ldns_rr_list_rr(sigs, i))) == + t) { + ldns_rr_list_push_rr(*sig, ldns_rr_clone(ldns_rr_list_rr(sigs, i))); + } + } + } + ldns_rr_list_deep_free(sigs); + if (rrlist) { + *rrlist = rr; + } + + if (pt == LDNS_PACKET_NXDOMAIN || pt == LDNS_PACKET_NODATA) { + return pt; + } else { + return LDNS_PACKET_ANSWER; + } +} + + +ldns_status +ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs) +{ + uint16_t nsec_i; + + ldns_rr_list *nsecs; + ldns_status result; + + if (verbosity >= 5) { + printf("VERIFY DENIAL FROM:\n"); + ldns_pkt_print(stdout, pkt); + } + + result = LDNS_STATUS_CRYPTO_NO_RRSIG; + /* Try to see if there are NSECS in the packet */ + nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC, LDNS_SECTION_ANY_NOQUESTION); + if (nsecs) { + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsecs); nsec_i++) { + /* there are four options: + * - name equals ownername and is covered by the type bitmap + * - name equals ownername but is not covered by the type bitmap + * - name falls within nsec coverage but is not equal to the owner name + * - name falls outside of nsec coverage + */ + if (ldns_dname_compare(ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), name) == 0) { + /* + printf("CHECKING NSEC:\n"); + ldns_rr_print(stdout, ldns_rr_list_rr(nsecs, nsec_i)); + printf("DAWASEM\n"); + */ + if (ldns_nsec_bitmap_covers_type( + ldns_nsec_get_bitmap(ldns_rr_list_rr(nsecs, + nsec_i)), + type)) { + /* Error, according to the nsec this rrset is signed */ + result = LDNS_STATUS_CRYPTO_NO_RRSIG; + } else { + /* ok nsec denies existence */ + if (verbosity >= 3) { + printf(";; Existence of data set with this type denied by NSEC\n"); + } + /*printf(";; Verifiably insecure.\n");*/ + if (nsec_rrs && nsec_rr_sigs) { + (void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, nsec_rrs, nsec_rr_sigs); + } + ldns_rr_list_deep_free(nsecs); + return LDNS_STATUS_OK; + } + } else if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, nsec_i), name)) { + if (verbosity >= 3) { + printf(";; Existence of data set with this name denied by NSEC\n"); + } + if (nsec_rrs && nsec_rr_sigs) { + (void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, nsec_rrs, nsec_rr_sigs); + } + ldns_rr_list_deep_free(nsecs); + return LDNS_STATUS_OK; + } else { + /* nsec has nothing to do with this data */ + } + } + ldns_rr_list_deep_free(nsecs); + } + return result; +} + +/* NSEC3 draft -07 */ +/*return hash name match*/ +ldns_rr * +ldns_nsec3_exact_match(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *nsec3s) { + uint8_t algorithm; + uint32_t iterations; + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *sname, *hashed_sname; + + size_t nsec_i; + ldns_rr *nsec; + ldns_rr *result = NULL; + + ldns_status status; + + const ldns_rr_descriptor *descriptor; + + ldns_rdf *zone_name; + + if (verbosity >= 4) { + printf(";; finding exact match for "); + descriptor = ldns_rr_descript(qtype); + if (descriptor && descriptor->_name) { + printf("%s ", descriptor->_name); + } else { + printf("TYPE%d ", qtype); + } + ldns_rdf_print(stdout, qname); + printf("\n"); + } + + if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { + if (verbosity >= 4) { + printf("no qname, nsec3s or list empty\n"); + } + return NULL; + } + + nsec = ldns_rr_list_rr(nsec3s, 0); + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + + sname = ldns_rdf_clone(qname); + + if (verbosity >= 4) { + printf(";; owner name hashes to: "); + } + hashed_sname = ldns_nsec3_hash_name(sname, algorithm, iterations, salt_length, salt); + + zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); + status = ldns_dname_cat(hashed_sname, zone_name); + + if (verbosity >= 4) { + ldns_rdf_print(stdout, hashed_sname); + printf("\n"); + } + + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) { + nsec = ldns_rr_list_rr(nsec3s, nsec_i); + + /* check values of iterations etc! */ + + /* exact match? */ + if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) { + result = nsec; + goto done; + } + + } + +done: + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + ldns_rdf_deep_free(hashed_sname); + LDNS_FREE(salt); + + if (verbosity >= 4) { + if (result) { + printf(";; Found.\n"); + } else { + printf(";; Not foud.\n"); + } + } + return result; +} + +/*return the owner name of the closest encloser for name from the list of rrs */ +/* this is NOT the hash, but the original name! */ +ldns_rdf * +ldns_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *nsec3s) +{ + /* remember parameters, they must match */ + uint8_t algorithm; + uint32_t iterations; + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *sname, *hashed_sname, *tmp; + ldns_rr *ce; + bool flag; + + bool exact_match_found; + bool in_range_found; + + ldns_status status; + ldns_rdf *zone_name; + + size_t nsec_i; + ldns_rr *nsec; + ldns_rdf *result = NULL; + + if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { + return NULL; + } + + if (verbosity >= 4) { + printf(";; finding closest encloser for type %d ", qtype); + ldns_rdf_print(stdout, qname); + printf("\n"); + } + + nsec = ldns_rr_list_rr(nsec3s, 0); + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + + sname = ldns_rdf_clone(qname); + + ce = NULL; + flag = false; + + zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); + + /* algorithm from nsec3-07 8.3 */ + while (ldns_dname_label_count(sname) > 0) { + exact_match_found = false; + in_range_found = false; + + if (verbosity >= 3) { + printf(";; "); + ldns_rdf_print(stdout, sname); + printf(" hashes to: "); + } + hashed_sname = ldns_nsec3_hash_name(sname, algorithm, iterations, salt_length, salt); + + status = ldns_dname_cat(hashed_sname, zone_name); + + if (verbosity >= 3) { + ldns_rdf_print(stdout, hashed_sname); + printf("\n"); + } + + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) { + nsec = ldns_rr_list_rr(nsec3s, nsec_i); + + /* check values of iterations etc! */ + + /* exact match? */ + if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) { + if (verbosity >= 4) { + printf(";; exact match found\n"); + } + exact_match_found = true; + } else if (ldns_nsec_covers_name(nsec, hashed_sname)) { + if (verbosity >= 4) { + printf(";; in range of an nsec\n"); + } + in_range_found = true; + } + + } + if (!exact_match_found && in_range_found) { + flag = true; + } else if (exact_match_found && flag) { + result = ldns_rdf_clone(sname); + } else if (exact_match_found && !flag) { + // error! + if (verbosity >= 4) { + printf(";; the closest encloser is the same name (ie. this is an exact match, ie there is no closest encloser)\n"); + } + ldns_rdf_deep_free(hashed_sname); + goto done; + } else { + flag = false; + } + + ldns_rdf_deep_free(hashed_sname); + tmp = sname; + sname = ldns_dname_left_chop(sname); + ldns_rdf_deep_free(tmp); + } + + done: + LDNS_FREE(salt); + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + + if (!result) { + if (verbosity >= 4) { + printf(";; no closest encloser found\n"); + } + } + + /* todo checks from end of 6.2. here or in caller? */ + return result; +} + + +/* special case were there was a wildcard expansion match, the exact match must be disproven */ +ldns_status +ldns_verify_denial_wildcard(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs) +{ + ldns_rdf *nsec3_ce = NULL; + ldns_rr *nsec3_ex = NULL; + ldns_rdf *wildcard_name = NULL; + ldns_rdf *nsec3_wc_ce = NULL; + ldns_rr *nsec3_wc_ex = NULL; + ldns_rdf *chopped_dname = NULL; + ldns_rr_list *nsecs; + ldns_status result = LDNS_STATUS_ERR; + + nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC3, LDNS_SECTION_ANY_NOQUESTION); + if (nsecs) { + wildcard_name = ldns_dname_new_frm_str("*"); + chopped_dname = ldns_dname_left_chop(name); + result = ldns_dname_cat(wildcard_name, chopped_dname); + ldns_rdf_deep_free(chopped_dname); + + nsec3_ex = ldns_nsec3_exact_match(name, type, nsecs); + nsec3_ce = ldns_nsec3_closest_encloser(name, type, nsecs); + nsec3_wc_ce = ldns_nsec3_closest_encloser(wildcard_name, type, nsecs); + nsec3_wc_ex = ldns_nsec3_exact_match(wildcard_name, type, nsecs); + + if (nsec3_ex) { + if (verbosity >= 3) { + printf(";; Error, exact match for for name found, but should not exist (draft -07 section 8.8)\n"); + } + result = LDNS_STATUS_NSEC3_ERR; + } else if (!nsec3_ce) { + if (verbosity >= 3) { + printf(";; Error, closest encloser for exact match missing in wildcard response (draft -07 section 8.8)\n"); + } + result = LDNS_STATUS_NSEC3_ERR; +/* + } else if (!nsec3_wc_ex) { + printf(";; Error, no wildcard nsec3 match: "); + ldns_rdf_print(stdout, wildcard_name); + printf(" (draft -07 section 8.8)\n"); + result = LDNS_STATUS_NSEC3_ERR; +*/ +/* } else if (!nsec */ + } else { + if (verbosity >= 3) { + printf(";; wilcard expansion proven\n"); + } + result = LDNS_STATUS_OK; + } + } else { + if (verbosity >= 3) { + printf(";; Error: no NSEC or NSEC3 records in answer\n"); + } + result = LDNS_STATUS_CRYPTO_NO_RRSIG; + } + + if (nsecs && nsec_rrs && nsec_rr_sigs) { + (void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, 0)), LDNS_RR_TYPE_NSEC3, nsec_rrs, nsec_rr_sigs); + } + return result; +} + + diff --git a/contrib/ldns/drill/drill.1 b/contrib/ldns/drill/drill.1 new file mode 100644 index 0000000000..64e850cd48 --- /dev/null +++ b/contrib/ldns/drill/drill.1 @@ -0,0 +1,230 @@ +.\" @(#)drill.1 1.7.0 14-Jul-2004 OF; +.TH drill 1 "28 May 2006" +.SH NAME +drill \- get (debug) information out of DNS(SEC) +.SH SYNOPSIS +.B drill +[ +.IR OPTIONS +] +.IR name +[ +.IR @server +] +[ +.IR type +] +[ +.IR class +] + +.SH DESCRIPTION +\fBdrill\fR is a tool to designed to get all sorts of information out of the +DNS. It is specificly designed to be used with DNSSEC. +.PP +The name \fBdrill\fR is a pun on \fBdig\fR. With \fBdrill\fR you should be able +get even more information than with \fBdig\fR. +.PP +If no arguments are given class defaults to 'IN' and type to 'A'. The +server(s) specified in /etc/resolv.conf are used to query against. + +.PP +\fIname\fR +Ask for this name. + +.PP +\fI@server\fR +Send to query to this server. If not specified use the nameservers from +\fI/etc/resolv.conf\fR. + +.PP +\fItype\fR +Ask for this RR type. If type is not given on the command line it defaults +to 'A'. Except when doing to reverse lookup when it defaults to 'PTR'. + +.PP +\fIclass\fR +Use this class when querying. + +.SH SAMPLE USAGE +\fBdrill mx miek.nl\fR +Show the MX records of the domain miek.nl + +.TP +\fBdrill -S jelte.nlnetlabs.nl\fR +Chase any signatures in the jelte.nlnetlab.nl domain. This option is +only available when ldns has been compiled with openssl-support. + +.TP +\fBdrill -TD www.example.com\fR +Do a DNSSEC (-D) trace (-T) from the rootservers down to www.example.com. +This option only works when ldns has been compiled with openssl support. + +.TP +\fBdrill -s dnskey jelte.nlnetlabs.nl\fR +Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found DNSKEY +record also print the DS record. + +.SH OPTIONS + +.TP +\fB\-D +Enable DNSSEC in the query. When querying for DNSSEC types (DNSKEY, RRSIG, +DS and NSEC) this is \fInot\fR automaticly enabled. + +.TP +\fB\-T +Trace \fIname\fR from the root down. When using this option the @server and +the type arguments are not used. + +.TP +\fB\-S +Chase the signature(s) of 'name' to a known key or as high up in +the tree as possible. + +.TP +\fB\-V \fIlevel\fR +Be more verbose. Set level to 5 to see the actual query that is sent. + +.TP +\fB\-Q +Quiet mode, this overrules -V. + +.TP +\fB\-f \fIfile\fR +Read the query from a file. The query must be dumped with -w. + +.TP +\fB\-i \fIfile\fR +read the answer from the file instead from the network. This aids +in debugging and can be used to check if a query on disk is valid. +If the file contains binary data it is assumed to be a query in +network order. + +.TP +\fB\-w \fIfile\fR +Write an answer packet to file. + +.TP +\fB\-q \fIfile\fR +Write the query packet to file. + +.TP +\fB\-v +Show drill's version. + +.TP +\fB\-h +Show a short help message. + +.SS QUERY OPTIONS + +.TP +\fB\-4 +Stay on ip4. Only send queries to ip4 enabled nameservers. + +.TP +\fB\-6 +Stay on ip6. Only send queries to ip6 enabled nameservers. + +.TP +\fB\-a +Use the resolver structure's fallback mechanism if the answer +is truncated (TC=1). If a truncated packet is received and this +option is set, drill will first send a new query with EDNS0 +buffer size 4096. + +If the EDNS0 buffer size was already set to 512+ bytes, or the +above retry also results in a truncated answer, the resolver +structure will fall back to TCP. + +.TP +\fB\-b \fIsize\fR +Use size as the buffer size in the EDNS0 pseudo RR. + +.TP +\fB\-c \fIfile\fR +Use file instead of /etc/resolv.conf for nameserver configuration. + +.TP +\fB\-d \fIdomain\fR +When tracing (-T), start from this domain instead of the root. + +.TP +\fB\-t +Use TCP/IP when querying a server + +.TP +\fB\-k \fIkeyfile\fR +Use this file to read a (trusted) key from. When this options is +given \fBdrill\fR tries to validate the current answer with this +key. No chasing is done. When \fBdrill\fR is doing a secure trace, this +key will be used as trust anchor. + +.TP +\fB\-o \fImnemonic\fR +Use this option to set or unset specific header bits. A bit is +set by using the bit mnemonic in CAPITAL letters. A bit is unset when +the mnemonic is given in lowercase. The following mnemonics are +understood by \fBdrill\fR: + + QR, qr: set, unset QueRy (default: on) + AA, aa: set, unset Authoritative Answer (default: off) + TC, tc: set, unset TrunCated (default: off) + RD, rd: set, unset Recursion Desired (default: on) + CD, cd: set, unset Checking Disabled (default: off) + RA, ra: set, unset Recursion Available (default: off) + AD, ad: set, unset Authenticated Data (default: off) + +Thus: \fB-o CD\fR, will enable Checking Disabled, which instructs the +cache to not validate the answers it gives out. + +.TP +\fB\-p \fIport\fR +Use this port instead of the default of 53. + +.TP +\fB\-r \fIfile\fR +When tracing (-T), use file as a root servers hint file. + +.TP +\fB\-s +When encountering a DNSKEY print the equivalent DS also. + +.TP +\fB\-u +Use UDP when querying a server. This is the default. + +.TP +\fB\-w \fIfile\fR +write the answer to a file. The file will contain a hexadecimal dump +of the query. This can be used in conjunction with -f. + +.TP +\fB\-x +Do a reverse loopup. The type argument is not used, it is preset to PTR. + +.TP +\fB\-y \fI\fR +specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.sig-alg.reg.int) + +.TP +\fB\-z \fR +don't randomize the nameserver list before sending queries. + + +.SH AUTHOR +Jelte Jansen and Miek Gieben. Both of NLnet Labs. + +.SH REPORTING BUGS +Report bugs to . + +.SH BUGS + +.SH COPYRIGHT +Copyright (c) 2004-2008 NLnet Labs. +Licensed under the revised BSD license. There is NO warranty; not even for MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. + +.SH SEE ALSO +\fBdig\fR(1), \fIRFC403{3,4,5}\fR. diff --git a/contrib/ldns/drill/drill.c b/contrib/ldns/drill/drill.c new file mode 100644 index 0000000000..13d09f7ddc --- /dev/null +++ b/contrib/ldns/drill/drill.c @@ -0,0 +1,932 @@ +/* + * drill.c + * the main file of drill + * (c) 2005-2008 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +#ifdef HAVE_SSL +#include +#endif + +#define IP6_ARPA_MAX_LEN 65 + +/* query debug, 2 hex dumps */ +int verbosity; + +static void +usage(FILE *stream, const char *progname) +{ + fprintf(stream, " Usage: %s name [@server] [type] [class]\n", progname); + fprintf(stream, "\t can be a domain name or an IP address (-x lookups)\n"); + fprintf(stream, "\t defaults to A\n"); + fprintf(stream, "\t defaults to IN\n"); + fprintf(stream, "\n\targuments may be placed in random order\n"); + fprintf(stream, "\n Options:\n"); + fprintf(stream, "\t-D\t\tenable DNSSEC (DO bit)\n"); +#ifdef HAVE_SSL + fprintf(stream, "\t-T\t\ttrace from the root down to \n"); + fprintf(stream, "\t-S\t\tchase signature(s) from to a know key [*]\n"); +#endif /*HAVE_SSL*/ + fprintf(stream, "\t-V \tverbosity (0-5)\n"); + fprintf(stream, "\t-Q\t\tquiet mode (overrules -V)\n"); + fprintf(stream, "\n"); + fprintf(stream, "\t-f file\t\tread packet from file and send it\n"); + fprintf(stream, "\t-i file\t\tread packet from file and print it\n"); + fprintf(stream, "\t-w file\t\twrite answer packet to file\n"); + fprintf(stream, "\t-q file\t\twrite query packet to file\n"); + fprintf(stream, "\t-h\t\tshow this help\n"); + fprintf(stream, "\t-v\t\tshow version\n"); + fprintf(stream, "\n Query options:\n"); + fprintf(stream, "\t-4\t\tstay on ip4\n"); + fprintf(stream, "\t-6\t\tstay on ip6\n"); + fprintf(stream, "\t-a\t\tfallback to EDNS0 and TCP if the answer is truncated\n"); + fprintf(stream, "\t-b \tuse as the buffer size (defaults to 512 b)\n"); + fprintf(stream, "\t-c \t\tuse file for rescursive nameserver configuration (/etc/resolv.conf)\n"); + fprintf(stream, "\t-k \tspecify a file that contains a trusted DNSSEC key [**]\n"); + fprintf(stream, "\t\t\tused to verify any signatures in the current answer\n"); + fprintf(stream, "\t-o \tset flags to: [QR|qr][AA|aa][TC|tc][RD|rd][CD|cd][RA|ra][AD|ad]\n"); + fprintf(stream, "\t\t\tlowercase: unset bit, uppercase: set bit\n"); + fprintf(stream, "\t-p \tuse as remote port number\n"); + fprintf(stream, "\t-s\t\tshow the DS RR for each key in a packet\n"); + fprintf(stream, "\t-u\t\tsend the query with udp (the default)\n"); + fprintf(stream, "\t-x\t\tdo a reverse lookup\n"); + fprintf(stream, "\twhen doing a secure trace:\n"); + fprintf(stream, "\t-r \t\tuse file as root servers hint file\n"); + fprintf(stream, "\t-t\t\tsend the query with tcp (connected)\n"); + fprintf(stream, "\t-d \t\tuse domain as the start point for the trace\n"); + fprintf(stream, "\t-y \tspecify named base64 tsig key, and optional an\n\t\t\talgorithm (defaults to hmac-md5.sig-alg.reg.int)\n"); + fprintf(stream, "\t-z\t\tdon't randomize the nameservers before use\n"); + fprintf(stream, "\n [*] = enables/implies DNSSEC\n"); + fprintf(stream, " [**] = can be given more than once\n"); + fprintf(stream, "\n ldns-team@nlnetlabs.nl | http://www.nlnetlabs.nl/ldns/\n"); +} + +/** + * Prints the drill version to stderr + */ +static void +version(FILE *stream, const char *progname) +{ + fprintf(stream, "%s version %s (ldns version %s)\n", progname, DRILL_VERSION, ldns_version()); + fprintf(stream, "Written by NLnet Labs.\n"); + fprintf(stream, "\nCopyright (c) 2004-2008 NLnet Labs.\n"); + fprintf(stream, "Licensed under the revised BSD license.\n"); + fprintf(stream, "There is NO warranty; not even for MERCHANTABILITY or FITNESS\n"); + fprintf(stream, "FOR A PARTICULAR PURPOSE.\n"); +} + + +/** + * Main function of drill + * parse the arguments and prepare a query + */ +int +main(int argc, char *argv[]) +{ + ldns_resolver *res = NULL; + ldns_resolver *cmdline_res = NULL; /* only used to resolv @name names */ + ldns_rr_list *cmdline_rr_list = NULL; + ldns_rdf *cmdline_dname = NULL; + ldns_rdf *qname, *qname_tmp; + ldns_pkt *pkt; + ldns_pkt *qpkt; + char *serv; + char *name; + char *name2; + char *progname; + char *query_file = NULL; + char *answer_file = NULL; + ldns_buffer *query_buffer = NULL; + ldns_rdf *serv_rdf; + ldns_rr_type type; + ldns_rr_class clas; +#if 0 + ldns_pkt_opcode opcode = LDNS_PACKET_QUERY; +#endif + int i, c; + int int_type; + int int_clas; + int PURPOSE; + char *tsig_name = NULL; + char *tsig_data = NULL; + char *tsig_algorithm = NULL; + size_t tsig_separator; + size_t tsig_separator2; + ldns_rr *axfr_rr; + ldns_status status; + char *type_str; + + /* list of keys used in dnssec operations */ + ldns_rr_list *key_list = ldns_rr_list_new(); + /* what key verify the current answer */ + ldns_rr_list *key_verified; + + /* resolver options */ + uint16_t qflags; + uint16_t qbuf; + uint16_t qport; + uint8_t qfamily; + bool qdnssec; + bool qfallback; + bool qds; + bool qusevc; + bool qrandom; + + char *resolv_conf_file = NULL; + + ldns_rdf *trace_start_name = NULL; + + int result = 0; + +#ifdef USE_WINSOCK + int r; + WSADATA wsa_data; +#endif + + int_type = -1; serv = NULL; type = 0; + int_clas = -1; name = NULL; clas = 0; + qname = NULL; + progname = strdup(argv[0]); + +#ifdef USE_WINSOCK + r = WSAStartup(MAKEWORD(2,2), &wsa_data); + if(r != 0) { + printf("Failed WSAStartup: %d\n", r); + result = EXIT_FAILURE; + goto exit; + } +#endif /* USE_WINSOCK */ + + + PURPOSE = DRILL_QUERY; + qflags = LDNS_RD; + qport = LDNS_PORT; + verbosity = 2; + qdnssec = false; + qfamily = LDNS_RESOLV_INETANY; + qfallback = false; + qds = false; + qbuf = 0; + qusevc = false; + qrandom = true; + key_verified = NULL; + + ldns_init_random(NULL, 0); + + if (argc == 0) { + usage(stdout, progname); + result = EXIT_FAILURE; + goto exit; + } + + /* string from orig drill: "i:w:I46Sk:TNp:b:DsvhVcuaq:f:xr" */ + /* global first, query opt next, option with parm's last + * and sorted */ /* "46DITSVQf:i:w:q:achuvxzy:so:p:b:k:" */ + + while ((c = getopt(argc, argv, "46ab:c:d:Df:hi:Ik:o:p:q:Qr:sStTuvV:w:xy:z")) != -1) { + switch(c) { + /* global options */ + case '4': + qfamily = LDNS_RESOLV_INET; + break; + case '6': + qfamily = LDNS_RESOLV_INET6; + break; + case 'D': + qdnssec = true; + break; + case 'I': + /* reserved for backward compatibility */ + break; + case 'T': + if (PURPOSE == DRILL_CHASE) { + fprintf(stderr, "-T and -S cannot be used at the same time.\n"); + exit(EXIT_FAILURE); + } + PURPOSE = DRILL_TRACE; + break; +#ifdef HAVE_SSL + case 'S': + if (PURPOSE == DRILL_TRACE) { + fprintf(stderr, "-T and -S cannot be used at the same time.\n"); + exit(EXIT_FAILURE); + } + PURPOSE = DRILL_CHASE; + break; +#endif /* HAVE_SSL */ + case 'V': + verbosity = atoi(optarg); + break; + case 'Q': + verbosity = -1; + break; + case 'f': + query_file = optarg; + break; + case 'i': + answer_file = optarg; + PURPOSE = DRILL_AFROMFILE; + break; + case 'w': + answer_file = optarg; + break; + case 'q': + query_file = optarg; + PURPOSE = DRILL_QTOFILE; + break; + case 'r': + if (global_dns_root) { + fprintf(stderr, "There was already a series of root servers set\n"); + exit(EXIT_FAILURE); + } + global_dns_root = read_root_hints(optarg); + if (!global_dns_root) { + fprintf(stderr, "Unable to read root hints file %s, aborting\n", optarg); + exit(EXIT_FAILURE); + } + break; + /* query options */ + case 'a': + qfallback = true; + break; + case 'b': + qbuf = (uint16_t)atoi(optarg); + if (qbuf == 0) { + error("%s", " could not be converted"); + } + break; + case 'c': + resolv_conf_file = optarg; + break; + case 't': + qusevc = true; + break; + case 'k': + status = read_key_file(optarg, key_list); + if (status != LDNS_STATUS_OK) { + error("Could not parse the key file %s: %s", optarg, ldns_get_errorstr_by_id(status)); + } + qdnssec = true; /* enable that too */ + break; + case 'o': + /* only looks at the first hit: capital=ON, lowercase=OFF*/ + if (strstr(optarg, "QR")) { + DRILL_ON(qflags, LDNS_QR); + } + if (strstr(optarg, "qr")) { + DRILL_OFF(qflags, LDNS_QR); + } + if (strstr(optarg, "AA")) { + DRILL_ON(qflags, LDNS_AA); + } + if (strstr(optarg, "aa")) { + DRILL_OFF(qflags, LDNS_AA); + } + if (strstr(optarg, "TC")) { + DRILL_ON(qflags, LDNS_TC); + } + if (strstr(optarg, "tc")) { + DRILL_OFF(qflags, LDNS_TC); + } + if (strstr(optarg, "RD")) { + DRILL_ON(qflags, LDNS_RD); + } + if (strstr(optarg, "rd")) { + DRILL_OFF(qflags, LDNS_RD); + } + if (strstr(optarg, "CD")) { + DRILL_ON(qflags, LDNS_CD); + } + if (strstr(optarg, "cd")) { + DRILL_OFF(qflags, LDNS_CD); + } + if (strstr(optarg, "RA")) { + DRILL_ON(qflags, LDNS_RA); + } + if (strstr(optarg, "ra")) { + DRILL_OFF(qflags, LDNS_RA); + } + if (strstr(optarg, "AD")) { + DRILL_ON(qflags, LDNS_AD); + } + if (strstr(optarg, "ad")) { + DRILL_OFF(qflags, LDNS_AD); + } + break; + case 'p': + qport = (uint16_t)atoi(optarg); + if (qport == 0) { + error("%s", " could not be converted"); + } + break; + case 's': + qds = true; + break; + case 'u': + qusevc = false; + break; + case 'v': + version(stdout, progname); + result = EXIT_SUCCESS; + goto exit; + case 'x': + PURPOSE = DRILL_REVERSE; + break; + case 'y': +#ifdef HAVE_SSL + if (strchr(optarg, ':')) { + tsig_separator = (size_t) (strchr(optarg, ':') - optarg); + if (strchr(optarg + tsig_separator + 1, ':')) { + tsig_separator2 = (size_t) (strchr(optarg + tsig_separator + 1, ':') - optarg); + tsig_algorithm = xmalloc(strlen(optarg) - tsig_separator2); + strncpy(tsig_algorithm, optarg + tsig_separator2 + 1, strlen(optarg) - tsig_separator2); + tsig_algorithm[strlen(optarg) - tsig_separator2 - 1] = '\0'; + } else { + tsig_separator2 = strlen(optarg); + tsig_algorithm = xmalloc(26); + strncpy(tsig_algorithm, "hmac-md5.sig-alg.reg.int.", 25); + tsig_algorithm[25] = '\0'; + } + tsig_name = xmalloc(tsig_separator + 1); + tsig_data = xmalloc(tsig_separator2 - tsig_separator); + strncpy(tsig_name, optarg, tsig_separator); + strncpy(tsig_data, optarg + tsig_separator + 1, tsig_separator2 - tsig_separator - 1); + /* strncpy does not append \0 if source is longer than n */ + tsig_name[tsig_separator] = '\0'; + tsig_data[ tsig_separator2 - tsig_separator - 1] = '\0'; + } +#else + fprintf(stderr, "TSIG requested, but SSL is not supported\n"); + result = EXIT_FAILURE; + goto exit; +#endif /* HAVE_SSL */ + break; + case 'z': + qrandom = false; + break; + case 'd': + trace_start_name = ldns_dname_new_frm_str(optarg); + if (!trace_start_name) { + fprintf(stderr, "Unable to parse argument for -%c\n", c); + result = EXIT_FAILURE; + goto exit; + } + break; + case 'h': + version(stdout, progname); + usage(stdout, progname); + result = EXIT_SUCCESS; + goto exit; + break; + default: + fprintf(stderr, "Unknown argument: -%c, use -h to see usage\n", c); + result = EXIT_FAILURE; + goto exit; + } + } + argc -= optind; + argv += optind; + + /* do a secure trace when requested */ + if (PURPOSE == DRILL_TRACE && qdnssec) { +#ifdef HAVE_SSL + if (ldns_rr_list_rr_count(key_list) == 0) { + warning("%s", "No trusted keys were given. Will not be able to verify authenticity!"); + } + PURPOSE = DRILL_SECTRACE; +#else + fprintf(stderr, "ldns has not been compiled with OpenSSL support. Secure trace not available\n"); + exit(1); +#endif /* HAVE_SSL */ + } + + /* parse the arguments, with multiple arguments, the last argument + * found is used */ + for(i = 0; i < argc; i++) { + + /* if ^@ then it's a server */ + if (argv[i][0] == '@') { + if (strlen(argv[i]) == 1) { + warning("%s", "No nameserver given"); + exit(EXIT_FAILURE); + } + serv = argv[i] + 1; + continue; + } + /* if has a dot, it's a name */ + if (strchr(argv[i], '.')) { + name = argv[i]; + continue; + } + /* if it matches a type, it's a type */ + if (int_type == -1) { + type = ldns_get_rr_type_by_name(argv[i]); + if (type != 0) { + int_type = 0; + continue; + } + } + /* if it matches a class, it's a class */ + if (int_clas == -1) { + clas = ldns_get_rr_class_by_name(argv[i]); + if (clas != 0) { + int_clas = 0; + continue; + } + } + /* it all fails assume it's a name */ + name = argv[i]; + } + /* act like dig and use for . NS */ + if (!name) { + name = "."; + int_type = 0; + type = LDNS_RR_TYPE_NS; + } + + /* defaults if not given */ + if (int_clas == -1) { + clas = LDNS_RR_CLASS_IN; + } + if (int_type == -1) { + if (PURPOSE != DRILL_REVERSE) { + type = LDNS_RR_TYPE_A; + } else { + type = LDNS_RR_TYPE_PTR; + } + } + + /* set the nameserver to use */ + if (!serv) { + /* no server given make a resolver from /etc/resolv.conf */ + status = ldns_resolver_new_frm_file(&res, resolv_conf_file); + if (status != LDNS_STATUS_OK) { + warning("Could not create a resolver structure: %s (%s)\n" + "Try drill @localhost if you have a resolver running on your machine.", + ldns_get_errorstr_by_id(status), resolv_conf_file); + result = EXIT_FAILURE; + goto exit; + } + } else { + res = ldns_resolver_new(); + if (!res || strlen(serv) <= 0) { + warning("Could not create a resolver structure"); + result = EXIT_FAILURE; + goto exit; + } + /* add the nameserver */ + serv_rdf = ldns_rdf_new_addr_frm_str(serv); + if (!serv_rdf) { + /* try to resolv the name if possible */ + status = ldns_resolver_new_frm_file(&cmdline_res, resolv_conf_file); + + if (status != LDNS_STATUS_OK) { + error("%s", "@server ip could not be converted"); + } + ldns_resolver_set_dnssec(cmdline_res, qdnssec); + ldns_resolver_set_ip6(cmdline_res, qfamily); + ldns_resolver_set_fallback(cmdline_res, qfallback); + ldns_resolver_set_usevc(cmdline_res, qusevc); + + cmdline_dname = ldns_dname_new_frm_str(serv); + + cmdline_rr_list = ldns_get_rr_list_addr_by_name( + cmdline_res, + cmdline_dname, + LDNS_RR_CLASS_IN, + qflags); + ldns_rdf_deep_free(cmdline_dname); + if (!cmdline_rr_list) { + /* This error msg is not always accurate */ + error("%s `%s\'", "could not find any address for the name:", serv); + } else { + if (ldns_resolver_push_nameserver_rr_list( + res, + cmdline_rr_list + ) != LDNS_STATUS_OK) { + error("%s", "pushing nameserver"); + } + } + } else { + if (ldns_resolver_push_nameserver(res, serv_rdf) != LDNS_STATUS_OK) { + error("%s", "pushing nameserver"); + } else { + ldns_rdf_deep_free(serv_rdf); + } + } + } + /* set the resolver options */ + ldns_resolver_set_port(res, qport); + if (verbosity >= 5) { + ldns_resolver_set_debug(res, true); + } else { + ldns_resolver_set_debug(res, false); + } + ldns_resolver_set_dnssec(res, qdnssec); +/* ldns_resolver_set_dnssec_cd(res, qdnssec);*/ + ldns_resolver_set_ip6(res, qfamily); + ldns_resolver_set_fallback(res, qfallback); + ldns_resolver_set_usevc(res, qusevc); + ldns_resolver_set_random(res, qrandom); + if (qbuf != 0) { + ldns_resolver_set_edns_udp_size(res, qbuf); + } + + if (!name && + PURPOSE != DRILL_AFROMFILE && + !query_file + ) { + usage(stdout, progname); + result = EXIT_FAILURE; + goto exit; + } + + if (tsig_name && tsig_data) { + ldns_resolver_set_tsig_keyname(res, tsig_name); + ldns_resolver_set_tsig_keydata(res, tsig_data); + ldns_resolver_set_tsig_algorithm(res, tsig_algorithm); + } + + /* main switching part of drill */ + switch(PURPOSE) { + case DRILL_TRACE: + /* do a trace from the root down */ + if (!global_dns_root) { + init_root(); + } + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "parsing query name"); + } + /* don't care about return packet */ + (void)do_trace(res, qname, type, clas); + clear_root(); + break; + case DRILL_SECTRACE: + /* do a secure trace from the root down */ + if (!global_dns_root) { + init_root(); + } + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "making qname"); + } + /* don't care about return packet */ +#ifdef HAVE_SSL + result = do_secure_trace(res, qname, type, clas, key_list, trace_start_name); +#endif /* HAVE_SSL */ + clear_root(); + break; + case DRILL_CHASE: + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "making qname"); + } + + ldns_resolver_set_dnssec(res, true); + ldns_resolver_set_dnssec_cd(res, true); + /* set dnssec implies udp_size of 4096 */ + ldns_resolver_set_edns_udp_size(res, 4096); + pkt = ldns_resolver_query(res, qname, type, clas, qflags); + + if (!pkt) { + error("%s", "error pkt sending"); + result = EXIT_FAILURE; + } else { + if (verbosity >= 3) { + ldns_pkt_print(stdout, pkt); + } + + if (!ldns_pkt_answer(pkt)) { + mesg("No answer in packet"); + } else { +#ifdef HAVE_SSL + ldns_resolver_set_dnssec_anchors(res, ldns_rr_list_clone(key_list)); + result = do_chase(res, qname, type, + clas, key_list, + pkt, qflags, NULL, + verbosity); + if (result == LDNS_STATUS_OK) { + if (verbosity != -1) { + mesg("Chase successful"); + } + result = 0; + } else { + if (verbosity != -1) { + mesg("Chase failed."); + } + } +#endif /* HAVE_SSL */ + } + ldns_pkt_free(pkt); + } + break; + case DRILL_AFROMFILE: + pkt = read_hex_pkt(answer_file); + if (pkt) { + if (verbosity != -1) { + ldns_pkt_print(stdout, pkt); + } + ldns_pkt_free(pkt); + } + + break; + case DRILL_QTOFILE: + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "making qname"); + } + + status = ldns_resolver_prepare_query_pkt(&qpkt, res, qname, type, clas, qflags); + if(status != LDNS_STATUS_OK) { + error("%s", "making query: %s", + ldns_get_errorstr_by_id(status)); + } + dump_hex(qpkt, query_file); + ldns_pkt_free(qpkt); + break; + case DRILL_NSEC: + break; + case DRILL_REVERSE: + /* ipv4 or ipv6 addr? */ + if (strchr(name, ':')) { + if (strchr(name, '.')) { + error("Syntax error: both '.' and ':' seen in address\n"); + } + name2 = malloc(IP6_ARPA_MAX_LEN + 20); + c = 0; + for (i=0; i<(int)strlen(name); i++) { + if (i >= IP6_ARPA_MAX_LEN) { + error("%s", "reverse argument to long"); + } + if (name[i] == ':') { + if (i < (int) strlen(name) && name[i + 1] == ':') { + error("%s", ":: not supported (yet)"); + } else { + if (i + 2 == (int) strlen(name) || name[i + 2] == ':') { + name2[c++] = '0'; + name2[c++] = '.'; + name2[c++] = '0'; + name2[c++] = '.'; + name2[c++] = '0'; + name2[c++] = '.'; + } else if (i + 3 == (int) strlen(name) || name[i + 3] == ':') { + name2[c++] = '0'; + name2[c++] = '.'; + name2[c++] = '0'; + name2[c++] = '.'; + } else if (i + 4 == (int) strlen(name) || name[i + 4] == ':') { + name2[c++] = '0'; + name2[c++] = '.'; + } + } + } else { + name2[c++] = name[i]; + name2[c++] = '.'; + } + } + name2[c++] = '\0'; + + qname = ldns_dname_new_frm_str(name2); + qname_tmp = ldns_dname_reverse(qname); + ldns_rdf_deep_free(qname); + qname = qname_tmp; + qname_tmp = ldns_dname_new_frm_str("ip6.arpa."); + status = ldns_dname_cat(qname, qname_tmp); + if (status != LDNS_STATUS_OK) { + error("%s", "could not create reverse address for ip6: %s\n", ldns_get_errorstr_by_id(status)); + } + ldns_rdf_deep_free(qname_tmp); + + free(name2); + } else { + qname = ldns_dname_new_frm_str(name); + qname_tmp = ldns_dname_reverse(qname); + ldns_rdf_deep_free(qname); + qname = qname_tmp; + qname_tmp = ldns_dname_new_frm_str("in-addr.arpa."); + status = ldns_dname_cat(qname, qname_tmp); + if (status != LDNS_STATUS_OK) { + error("%s", "could not create reverse address for ip4: %s\n", ldns_get_errorstr_by_id(status)); + } + ldns_rdf_deep_free(qname_tmp); + } + if (!qname) { + error("%s", "-x implies an ip address"); + } + + /* create a packet and set the RD flag on it */ + pkt = ldns_resolver_query(res, qname, type, clas, qflags); + if (!pkt) { + error("%s", "pkt sending"); + result = EXIT_FAILURE; + } else { + if (verbosity != -1) { + ldns_pkt_print(stdout, pkt); + } + ldns_pkt_free(pkt); + } + break; + case DRILL_QUERY: + default: + if (query_file) { + /* this old way, the query packet needed + to be parseable, but we want to be able + to send mangled packets, so we need + to do it directly */ + #if 0 + qpkt = read_hex_pkt(query_file); + if (qpkt) { + status = ldns_resolver_send_pkt(&pkt, res, qpkt); + if (status != LDNS_STATUS_OK) { + printf("Error: %s\n", ldns_get_errorstr_by_id(status)); + exit(1); + } + } else { + /* qpkt was bogus, reset pkt */ + pkt = NULL; + } + #endif + query_buffer = read_hex_buffer(query_file); + if (query_buffer) { + status = ldns_send_buffer(&pkt, res, query_buffer, NULL); + ldns_buffer_free(query_buffer); + if (status != LDNS_STATUS_OK) { + printf("Error: %s\n", ldns_get_errorstr_by_id(status)); + exit(1); + } + } else { + printf("NO BUFFER\n"); + pkt = NULL; + } + } else { + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "error in making qname"); + } + + if (type == LDNS_RR_TYPE_AXFR) { + status = ldns_axfr_start(res, qname, clas); + if(status != LDNS_STATUS_OK) { + error("Error starting axfr: %s", + ldns_get_errorstr_by_id(status)); + } + axfr_rr = ldns_axfr_next(res); + if(!axfr_rr) { + fprintf(stderr, "AXFR failed.\n"); + ldns_pkt_print(stdout, + ldns_axfr_last_pkt(res)); + goto exit; + } + while (axfr_rr) { + if (verbosity != -1) { + ldns_rr_print(stdout, axfr_rr); + } + ldns_rr_free(axfr_rr); + axfr_rr = ldns_axfr_next(res); + } + + goto exit; + } else { + /* create a packet and set the RD flag on it */ + pkt = ldns_resolver_query(res, qname, type, clas, qflags); + } + } + + if (!pkt) { + mesg("No packet received"); + result = EXIT_FAILURE; + } else { + if (verbosity != -1) { + ldns_pkt_print(stdout, pkt); + if (ldns_pkt_tc(pkt)) { + fprintf(stdout, + "\n;; WARNING: The answer packet was truncated; you might want to\n"); + fprintf(stdout, + ";; query again with TCP (-t argument), or EDNS0 (-b for buffer size)\n"); + } + } + if (qds) { + if (verbosity != -1) { + print_ds_of_keys(pkt); + printf("\n"); + } + } + + if (ldns_rr_list_rr_count(key_list) > 0) { + /* -k's were given on the cmd line */ + ldns_rr_list *rrset_verified; + uint16_t key_count; + + rrset_verified = ldns_pkt_rr_list_by_name_and_type( + pkt, qname, type, + LDNS_SECTION_ANY_NOQUESTION); + + if (type == LDNS_RR_TYPE_ANY) { + /* don't verify this */ + break; + } + + if (verbosity != -1) { + printf("; "); + ldns_rr_list_print(stdout, rrset_verified); + } + + /* verify */ +#ifdef HAVE_SSL + key_verified = ldns_rr_list_new(); + result = ldns_pkt_verify(pkt, type, qname, key_list, NULL, key_verified); + + if (result == LDNS_STATUS_ERR) { + /* is the existence denied then? */ + result = ldns_verify_denial(pkt, qname, type, NULL, NULL); + if (result == LDNS_STATUS_OK) { + if (verbosity != -1) { + printf("Existence denied for "); + ldns_rdf_print(stdout, qname); + type_str = ldns_rr_type2str(type); + printf("\t%s\n", type_str); + LDNS_FREE(type_str); + } + } else { + if (verbosity != -1) { + printf("Bad data; RR for name and " + "type not found or failed to " + "verify, and denial of " + "existence failed.\n"); + } + } + } else if (result == LDNS_STATUS_OK) { + for(key_count = 0; key_count < ldns_rr_list_rr_count(key_verified); + key_count++) { + if (verbosity != -1) { + printf("; VALIDATED by id = %d, owner = ", + (int)ldns_calc_keytag( + ldns_rr_list_rr(key_verified, key_count))); + ldns_rdf_print(stdout, ldns_rr_owner( + ldns_rr_list_rr(key_list, key_count))); + printf("\n"); + } + } + } else { + for(key_count = 0; key_count < ldns_rr_list_rr_count(key_list); + key_count++) { + if (verbosity != -1) { + printf("; %s for id = %d, owner = ", + ldns_get_errorstr_by_id(result), + (int)ldns_calc_keytag( + ldns_rr_list_rr(key_list, key_count))); + ldns_rdf_print(stdout, ldns_rr_owner( + + ldns_rr_list_rr(key_list, + key_count))); + printf("\n"); + } + } + } + ldns_rr_list_free(key_verified); +#else + (void) key_count; +#endif /* HAVE_SSL */ + } + if (answer_file) { + dump_hex(pkt, answer_file); + } + ldns_pkt_free(pkt); + } + + break; + } + + exit: + ldns_rdf_deep_free(qname); + ldns_resolver_deep_free(res); + ldns_resolver_deep_free(cmdline_res); + ldns_rr_list_deep_free(key_list); + ldns_rr_list_deep_free(cmdline_rr_list); + ldns_rdf_deep_free(trace_start_name); + xfree(progname); +/* + xfree(tsig_name); +*/ + xfree(tsig_data); + xfree(tsig_algorithm); + +#ifdef HAVE_SSL + ERR_remove_state(0); + CRYPTO_cleanup_all_ex_data(); + ERR_free_strings(); + EVP_cleanup(); +#endif +#ifdef USE_WINSOCK + WSACleanup(); +#endif + + return result; +} diff --git a/contrib/ldns/drill/drill_util.c b/contrib/ldns/drill/drill_util.c new file mode 100644 index 0000000000..f75b416adf --- /dev/null +++ b/contrib/ldns/drill/drill_util.c @@ -0,0 +1,294 @@ +/* + * util.c + * some handy function needed in drill and not implemented + * in ldns + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +#include + +static int +read_line(FILE *input, char *line) +{ + int i; + + char c; + for (i = 0; i < LDNS_MAX_PACKETLEN; i++) { + c = getc(input); + if (c == EOF) { + return -1; + } else if (c != '\n') { + line[i] = c; + } else { + break; + } + } + line[i] = '\0'; + return i; +} + +/* key_list must be initialized with ldns_rr_list_new() */ +ldns_status +read_key_file(const char *filename, ldns_rr_list *key_list) +{ + int line_len = 0; + int line_nr = 0; + int key_count = 0; + char line[LDNS_MAX_PACKETLEN]; + ldns_status status; + FILE *input_file; + ldns_rr *rr; + + input_file = fopen(filename, "r"); + if (!input_file) { + fprintf(stderr, "Error opening %s: %s\n", + filename, strerror(errno)); + return LDNS_STATUS_ERR; + } + while (line_len >= 0) { + line_len = read_line(input_file, line); + line_nr++; + if (line_len > 0 && line[0] != ';') { + status = ldns_rr_new_frm_str(&rr, line, 0, NULL, NULL); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, + "Error parsing DNSKEY RR in line %d: %s\n", + line_nr, + ldns_get_errorstr_by_id(status)); + } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY || + ldns_rr_get_type(rr) == LDNS_RR_TYPE_DS) { + ldns_rr_list_push_rr(key_list, rr); + key_count++; + } else { + ldns_rr_free(rr); + } + } + } + printf(";; Number of trusted keys: %d\n", key_count); + if (key_count > 0) { + return LDNS_STATUS_OK; + } else { + /*fprintf(stderr, "No keys read\n");*/ + return LDNS_STATUS_ERR; + } +} + +ldns_rdf * +ldns_rdf_new_addr_frm_str(char *str) +{ + ldns_rdf *a; + + a = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, str); + if (!a) { + /* maybe ip6 */ + a = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, str); + if (!a) { + return NULL; + } + } + return a; +} + +/* + * For all keys in a packet print the DS + */ +void +print_ds_of_keys(ldns_pkt *p) +{ + ldns_rr_list *keys; + uint16_t i; + ldns_rr *ds; + + /* TODO fix the section stuff, here or in ldns */ + keys = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANSWER); + + /* this also returns the question section rr, which does not + * have any data.... and this inturn crashes everything */ + + if (keys) { + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) { + ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA1); + if (ds) { + printf("; "); + ldns_rr_print(stdout, ds); + printf("\n"); + } + } + } +} + +static void +print_class_type(FILE *fp, ldns_rr *r) +{ + ldns_lookup_table *lt; + lt = ldns_lookup_by_id(ldns_rr_classes, ldns_rr_get_class(r)); + if (lt) { + fprintf(fp, " %s", lt->name); + } else { + fprintf(fp, " CLASS%d", ldns_rr_get_class(r)); + } + /* okay not THE way - but the quickest */ + switch (ldns_rr_get_type(r)) { + case LDNS_RR_TYPE_RRSIG: + fprintf(fp, " RRSIG "); + break; + case LDNS_RR_TYPE_DNSKEY: + fprintf(fp, " DNSKEY "); + break; + case LDNS_RR_TYPE_DS: + fprintf(fp, " DS "); + break; + default: + break; + } +} + + +void +print_ds_abbr(FILE *fp, ldns_rr *ds) +{ + if (!ds || (ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS)) { + return; + } + + ldns_rdf_print(fp, ldns_rr_owner(ds)); + fprintf(fp, " %d", (int)ldns_rr_ttl(ds)); + print_class_type(fp, ds); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 0)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 1)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 2)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 3)); fprintf(fp, " "); +} + +/* print some of the elements of a signature */ +void +print_rrsig_abbr(FILE *fp, ldns_rr *sig) { + if (!sig || (ldns_rr_get_type(sig) != LDNS_RR_TYPE_RRSIG)) { + return; + } + + ldns_rdf_print(fp, ldns_rr_owner(sig)); + fprintf(fp, " %d", (int)ldns_rr_ttl(sig)); + print_class_type(fp, sig); + + /* print a number of rdf's */ + /* typecovered */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 0)); fprintf(fp, " "); + /* algo */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 1)); fprintf(fp, " "); + /* labels */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 2)); fprintf(fp, " (\n\t\t\t"); + /* expir */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 4)); fprintf(fp, " "); + /* incep */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 5)); fprintf(fp, " "); + /* key-id */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 6)); fprintf(fp, " "); + /* key owner */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 7)); fprintf(fp, ")"); +} + +void +print_dnskey_abbr(FILE *fp, ldns_rr *key) +{ + if (!key || (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY)) { + return; + } + + ldns_rdf_print(fp, ldns_rr_owner(key)); + fprintf(fp, " %d", (int)ldns_rr_ttl(key)); + print_class_type(fp, key); + + /* print a number of rdf's */ + /* flags */ + ldns_rdf_print(fp, ldns_rr_rdf(key, 0)); fprintf(fp, " "); + /* proto */ + ldns_rdf_print(fp, ldns_rr_rdf(key, 1)); fprintf(fp, " "); + /* algo */ + ldns_rdf_print(fp, ldns_rr_rdf(key, 2)); + + if (ldns_rdf2native_int16(ldns_rr_rdf(key, 0)) == 256) { + fprintf(fp, " ;{id = %d (zsk), size = %db}", (int)ldns_calc_keytag(key), + (int)ldns_rr_dnskey_key_size(key)); + return; + } + if (ldns_rdf2native_int16(ldns_rr_rdf(key, 0)) == 257) { + fprintf(fp, " ;{id = %d (ksk), size = %db}", (int)ldns_calc_keytag(key), + (int)ldns_rr_dnskey_key_size(key)); + return; + } + fprintf(fp, " ;{id = %d, size = %db}", (int)ldns_calc_keytag(key), + (int)ldns_rr_dnskey_key_size(key)); +} + +void +print_rr_list_abbr(FILE *fp, ldns_rr_list *rrlist, char *usr) +{ + size_t i; + ldns_rr_type tp; + + for(i = 0; i < ldns_rr_list_rr_count(rrlist); i++) { + tp = ldns_rr_get_type(ldns_rr_list_rr(rrlist, i)); + if (i == 0 && tp != LDNS_RR_TYPE_RRSIG) { + if (usr) { + fprintf(fp, "%s ", usr); + } + } + switch(tp) { + case LDNS_RR_TYPE_DNSKEY: + print_dnskey_abbr(fp, ldns_rr_list_rr(rrlist, i)); + break; + case LDNS_RR_TYPE_RRSIG: + print_rrsig_abbr(fp, ldns_rr_list_rr(rrlist, i)); + break; + case LDNS_RR_TYPE_DS: + print_ds_abbr(fp, ldns_rr_list_rr(rrlist, i)); + break; + default: + /* not handled */ + break; + } + fputs("\n", fp); + } +} + +void * +xmalloc(size_t s) +{ + void *p; + + p = malloc(s); + if (!p) { + printf("Mem failure\n"); + exit(EXIT_FAILURE); + } + return p; +} + +void * +xrealloc(void *p, size_t size) +{ + void *q; + + q = realloc(p, size); + if (!q) { + printf("Mem failure\n"); + exit(EXIT_FAILURE); + } + return q; +} + +void +xfree(void *p) +{ + if (p) { + free(p); + } +} diff --git a/contrib/ldns/drill/drill_util.h b/contrib/ldns/drill/drill_util.h new file mode 100644 index 0000000000..db3a57436a --- /dev/null +++ b/contrib/ldns/drill/drill_util.h @@ -0,0 +1,58 @@ +/* + * util.h + * util.c header file + * in ldns + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#ifndef _DRILL_UTIL_H_ +#define _DRILL_UTIL_H_ +#include + +/** + * return a address rdf, either A or AAAA + * NULL if anything goes wrong + */ +ldns_rdf * ldns_rdf_new_addr_frm_str(char *); + +/** + * print all the ds of the keys in the packet + */ +void print_ds_of_keys(ldns_pkt *p); + +/** + * print some rdfs of a signature + */ +void print_rrsig_abbr(FILE *fp, ldns_rr *sig); +/** + * print some rdfs of a dnskey + */ +void print_dnskey_abbr(FILE *fp, ldns_rr *key); +/** + * print some rdfs of a ds + */ +void print_ds_abbr(FILE *fp, ldns_rr *ds); + +/** + * print some rdfs of a rr in a rr_list + */ +void print_rr_list_abbr(FILE *fp, ldns_rr_list *sig, char *usr); + +/** + * Alloc some memory, with error checking + */ +void *xmalloc(size_t s); + +/** + * Realloc some memory, with error checking + */ +void *xrealloc(void *p, size_t s); + +/** + * Free the data + */ +void xfree(void *q); +#endif /* _DRILL_UTIL_H_ */ diff --git a/contrib/ldns/drill/error.c b/contrib/ldns/drill/error.c new file mode 100644 index 0000000000..e67b7fca02 --- /dev/null +++ b/contrib/ldns/drill/error.c @@ -0,0 +1,115 @@ +/** + * error.c + * + * error reporting routines + * basicly wrappers around printf + * + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +static void +warning_va_list(const char *fmt, va_list args) +{ + fprintf(stderr, "Warning: "); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); +} + +void +warning(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + warning_va_list(fmt, args); + va_end(args); +} + +static void +error_va_list(const char *fmt, va_list args) +{ + fprintf(stderr, "Error: "); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); +} + +void +error(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + error_va_list(fmt, args); + va_end(args); + exit(EXIT_FAILURE); +} + +static void +verbose_va_list(const char *fmt, va_list args) +{ + vfprintf(stdout, fmt, args); + fprintf(stdout, "\n"); +} + +/* print stuff */ +void +mesg(const char *fmt, ...) +{ + va_list args; + if (verbosity == -1) { + return; + } + fprintf(stdout, ";; "); + va_start(args, fmt); + verbose_va_list(fmt, args); + va_end(args); +} + +/* print stuff when in verbose mode (1) */ +void +verbose(const char *fmt, ...) +{ + va_list args; + if (verbosity < 1) { + return; + } + + va_start(args, fmt); + verbose_va_list(fmt, args); + va_end(args); +} + +/* print stuff when in vverbose mode (2) */ +void +vverbose(const char *fmt, ...) +{ + va_list args; + if (verbosity < 2) { + return; + } + + va_start(args, fmt); + verbose_va_list(fmt, args); + va_end(args); +} + +static void +debug_va_list(const char *fmt, va_list args) +{ + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); +} + +void +debug(const char *fmt, ...) +{ + va_list args; + fprintf(stderr, "[DEBUG] "); + va_start(args, fmt); + debug_va_list(fmt, args); + va_end(args); +} diff --git a/contrib/ldns/drill/root.c b/contrib/ldns/drill/root.c new file mode 100644 index 0000000000..a829935cd5 --- /dev/null +++ b/contrib/ldns/drill/root.c @@ -0,0 +1,122 @@ +/* + * root.c + * Function to handle to the rootservers + * and to update and prime them + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include +#include + +/* a global list of the root-servers */ +ldns_rr_list *global_dns_root = NULL; + +/* put a hardcoded list in the root and + * init the root rrlist structure */ +void +init_root(void) +{ + ldns_rr *r; + + global_dns_root = ldns_rr_list_new(); + + (void)ldns_rr_new_frm_str(&r, "A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "B.ROOT-SERVERS.NET. 3600000 A 192.228.79.201", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "D.ROOT-SERVERS.NET. 3600000 A 128.8.10.90", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "H.ROOT-SERVERS.NET. 3600000 A 128.63.2.53", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::803F:235", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 ", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:3::42 ", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); +} + +/* + * Read a hints file as root + * + * The file with the given path should contain a list of NS RRs + * for the root zone and A records for those NS RRs. + * Read them, check them, and append the a records to the rr list given. + */ +ldns_rr_list * +read_root_hints(const char *filename) +{ + FILE *fp = NULL; + int line_nr = 0; + ldns_zone *z; + ldns_status status; + ldns_rr_list *addresses = NULL; + ldns_rr *rr; + size_t i; + + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s for reading: %s\n", filename, strerror(errno)); + return NULL; + } + + status = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, 0, &line_nr); + fclose(fp); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error reading root hints file: %s\n", ldns_get_errorstr_by_id(status)); + return NULL; + } else { + addresses = ldns_rr_list_new(); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { + rr = ldns_rr_list_rr(ldns_zone_rrs(z), i); + /*if ((address_family == 0 || address_family == 1) && + */ + if ( ldns_rr_get_type(rr) == LDNS_RR_TYPE_A ) { + ldns_rr_list_push_rr(addresses, ldns_rr_clone(rr)); + } + /*if ((address_family == 0 || address_family == 2) &&*/ + if ( ldns_rr_get_type(rr) == LDNS_RR_TYPE_AAAA) { + ldns_rr_list_push_rr(addresses, ldns_rr_clone(rr)); + } + } + ldns_zone_deep_free(z); + return addresses; + } +} + + +void +clear_root(void) +{ + ldns_rr_list_deep_free(global_dns_root); +} diff --git a/contrib/ldns/drill/securetrace.c b/contrib/ldns/drill/securetrace.c new file mode 100644 index 0000000000..b05e2da71c --- /dev/null +++ b/contrib/ldns/drill/securetrace.c @@ -0,0 +1,754 @@ +/* + * securechasetrace.c + * Where all the hard work concerning secure tracing is done + * + * (c) 2005, 2006 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +#define SELF "[S]" /* self sig ok */ +#define TRUST "[T]" /* chain from parent */ +#define BOGUS "[B]" /* bogus */ +#define UNSIGNED "[U]" /* no relevant dnssec data found */ + +#if 0 +/* See if there is a key/ds in trusted that matches + * a ds in *ds. + */ +static ldns_rr_list * +ds_key_match(ldns_rr_list *ds, ldns_rr_list *trusted) +{ + size_t i, j; + bool match; + ldns_rr *rr_i, *rr_j; + ldns_rr_list *keys; + + if (!trusted || !ds) { + return NULL; + } + + match = false; + keys = ldns_rr_list_new(); + if (!keys) { + return NULL; + } + + if (!ds || !trusted) { + return NULL; + } + + for (i = 0; i < ldns_rr_list_rr_count(trusted); i++) { + rr_i = ldns_rr_list_rr(trusted, i); + for (j = 0; j < ldns_rr_list_rr_count(ds); j++) { + + rr_j = ldns_rr_list_rr(ds, j); + if (ldns_rr_compare_ds(rr_i, rr_j)) { + match = true; + /* only allow unique RRs to match */ + ldns_rr_set_push_rr(keys, rr_i); + } + } + } + if (match) { + return keys; + } else { + return NULL; + } +} +#endif + +ldns_pkt * +get_dnssec_pkt(ldns_resolver *r, ldns_rdf *name, ldns_rr_type t) +{ + ldns_pkt *p = NULL; + p = ldns_resolver_query(r, name, t, LDNS_RR_CLASS_IN, 0); + if (!p) { + return NULL; + } else { + if (verbosity >= 5) { + ldns_pkt_print(stdout, p); + } + return p; + } +} + +#ifdef HAVE_SSL +/* + * retrieve keys for this zone + */ +static ldns_pkt_type +get_key(ldns_pkt *p, ldns_rdf *apexname, ldns_rr_list **rrlist, ldns_rr_list **opt_sig) +{ + return get_dnssec_rr(p, apexname, LDNS_RR_TYPE_DNSKEY, rrlist, opt_sig); +} + +/* + * check to see if we can find a DS rrset here which we can then follow + */ +static ldns_pkt_type +get_ds(ldns_pkt *p, ldns_rdf *ownername, ldns_rr_list **rrlist, ldns_rr_list **opt_sig) +{ + return get_dnssec_rr(p, ownername, LDNS_RR_TYPE_DS, rrlist, opt_sig); +} +#endif /* HAVE_SSL */ + +void +remove_resolver_nameservers(ldns_resolver *res) +{ + ldns_rdf *pop; + + /* remove the old nameserver from the resolver */ + while((pop = ldns_resolver_pop_nameserver(res))) { + ldns_rdf_deep_free(pop); + } + +} + +void +show_current_nameservers(FILE *out, ldns_resolver *res) +{ + size_t i; + fprintf(out, "Current nameservers for resolver object:\n"); + for (i = 0; i < ldns_resolver_nameserver_count(res); i++) { + ldns_rdf_print(out, ldns_resolver_nameservers(res)[i]); + fprintf(out, "\n"); + } +} + +/*ldns_pkt **/ +#ifdef HAVE_SSL +int +do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, + ldns_rr_class c, ldns_rr_list *trusted_keys, ldns_rdf *start_name + ) +{ + ldns_resolver *res; + ldns_pkt *p, *local_p; + ldns_rr_list *new_nss_a; + ldns_rr_list *new_nss_aaaa; + ldns_rr_list *new_nss; + ldns_rr_list *ns_addr; + uint16_t loop_count; + ldns_rdf *pop; + ldns_rdf **labels = NULL; + ldns_status status, st; + ssize_t i; + size_t j; + size_t k; + size_t l; + uint8_t labels_count; + ldns_pkt_type pt; + + /* dnssec */ + ldns_rr_list *key_list; + ldns_rr_list *key_sig_list; + ldns_rr_list *ds_list; + ldns_rr_list *ds_sig_list; + ldns_rr_list *correct_key_list; + ldns_rr_list *trusted_ds_rrs; + bool new_keys_trusted = false; + ldns_rr_list *current_correct_keys; + ldns_rr_list *dataset; + + ldns_rr_list *nsec_rrs = NULL; + ldns_rr_list *nsec_rr_sigs = NULL; + + /* empty non-terminal check */ + bool ent; + + /* glue handling */ + ldns_rr_list *new_ns_addr; + ldns_rr_list *old_ns_addr; + ldns_rr *ns_rr; + + int result = 0; + + /* printing niceness */ + const ldns_rr_descriptor *descriptor; + + descriptor = ldns_rr_descript(t); + + loop_count = 0; + new_nss_a = NULL; + new_nss_aaaa = NULL; + new_nss = NULL; + ns_addr = NULL; + key_list = NULL; + ds_list = NULL; + pt = LDNS_PACKET_UNKNOWN; + + p = NULL; + local_p = NULL; + res = ldns_resolver_new(); + key_sig_list = NULL; + ds_sig_list = NULL; + + if (!res) { + error("Memory allocation failed"); + result = -1; + return result; + } + + correct_key_list = ldns_rr_list_new(); + if (!correct_key_list) { + error("Memory allocation failed"); + result = -1; + return result; + } + + trusted_ds_rrs = ldns_rr_list_new(); + + if (!trusted_ds_rrs) { + error("Memory allocation failed"); + result = -1; + return result; + } + + /* transfer some properties of local_res to res */ + ldns_resolver_set_ip6(res, + ldns_resolver_ip6(local_res)); + ldns_resolver_set_port(res, + ldns_resolver_port(local_res)); + ldns_resolver_set_debug(res, + ldns_resolver_debug(local_res)); + ldns_resolver_set_fail(res, + ldns_resolver_fail(local_res)); + ldns_resolver_set_usevc(res, + ldns_resolver_usevc(local_res)); + ldns_resolver_set_random(res, + ldns_resolver_random(local_res)); + ldns_resolver_set_recursive(local_res, true); + + ldns_resolver_set_recursive(res, false); + ldns_resolver_set_dnssec_cd(res, false); + ldns_resolver_set_dnssec(res, true); + + /* setup the root nameserver in the new resolver */ + status = ldns_resolver_push_nameserver_rr_list(res, global_dns_root); + if (status != LDNS_STATUS_OK) { + printf("ERRRRR: %s\n", ldns_get_errorstr_by_id(status)); + ldns_rr_list_print(stdout, global_dns_root); + return status; + } + labels_count = ldns_dname_label_count(name); + if (start_name) { + if (ldns_dname_is_subdomain(name, start_name)) { + labels_count -= ldns_dname_label_count(start_name); + } else { + fprintf(stderr, "Error; "); + ldns_rdf_print(stderr, name); + fprintf(stderr, " is not a subdomain of "); + ldns_rdf_print(stderr, start_name); + fprintf(stderr, "\n"); + goto done; + } + } + labels = LDNS_XMALLOC(ldns_rdf*, labels_count + 2); + if (!labels) { + goto done; + } + labels[0] = ldns_dname_new_frm_str(LDNS_ROOT_LABEL_STR); + labels[1] = ldns_rdf_clone(name); + for(i = 2 ; i < (ssize_t)labels_count + 2; i++) { + labels[i] = ldns_dname_left_chop(labels[i - 1]); + } + /* if no servers is given with @, start by asking local resolver */ + /* first part todo :) */ + for (i = 0; i < (ssize_t) ldns_resolver_nameserver_count(local_res); i++) { + (void) ldns_resolver_push_nameserver(res, ldns_resolver_nameservers(local_res)[i]); + } + + /* get the nameserver for the label + * ask: dnskey and ds for the label + */ + for(i = (ssize_t)labels_count + 1; i > 0; i--) { + status = ldns_resolver_send(&local_p, res, labels[i], LDNS_RR_TYPE_NS, c, 0); + + if (verbosity >= 5) { + ldns_pkt_print(stdout, local_p); + } + + new_nss = ldns_pkt_rr_list_by_type(local_p, + LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER); + if (!new_nss) { + /* if it's a delegation, servers put them in the auth section */ + new_nss = ldns_pkt_rr_list_by_type(local_p, + LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY); + } + + /* if this is the final step there might not be nameserver records + of course if the data is in the apex, there are, so cover both + cases */ + if (new_nss || i > 1) { + for(j = 0; j < ldns_rr_list_rr_count(new_nss); j++) { + ns_rr = ldns_rr_list_rr(new_nss, j); + pop = ldns_rr_rdf(ns_rr, 0); + if (!pop) { + printf("nopo\n"); + break; + } + /* retrieve it's addresses */ + /* trust glue? */ + new_ns_addr = NULL; + if (ldns_dname_is_subdomain(pop, labels[i])) { + new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); + } + if (!new_ns_addr || ldns_rr_list_rr_count(new_ns_addr) == 0) { + new_ns_addr = ldns_get_rr_list_addr_by_name(res, pop, c, 0); + } + if (!new_ns_addr || ldns_rr_list_rr_count(new_ns_addr) == 0) { + new_ns_addr = ldns_get_rr_list_addr_by_name(local_res, pop, c, 0); + } + + if (new_ns_addr) { + old_ns_addr = ns_addr; + ns_addr = ldns_rr_list_cat_clone(ns_addr, new_ns_addr); + ldns_rr_list_deep_free(old_ns_addr); + } + ldns_rr_list_deep_free(new_ns_addr); + } + ldns_rr_list_deep_free(new_nss); + + if (ns_addr) { + remove_resolver_nameservers(res); + + if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) != + LDNS_STATUS_OK) { + error("Error adding new nameservers"); + ldns_pkt_free(local_p); + goto done; + } + ldns_rr_list_deep_free(ns_addr); + } else { + status = ldns_verify_denial(local_p, labels[i], LDNS_RR_TYPE_NS, &nsec_rrs, &nsec_rr_sigs); + + /* verify the nsec3 themselves*/ + if (verbosity >= 4) { + printf("NSEC(3) Records to verify:\n"); + ldns_rr_list_print(stdout, nsec_rrs); + printf("With signatures:\n"); + ldns_rr_list_print(stdout, nsec_rr_sigs); + printf("correct keys:\n"); + ldns_rr_list_print(stdout, correct_key_list); + } + + if (status == LDNS_STATUS_OK) { + if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, trusted_keys, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", TRUST); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, labels[i]); + /* + if (descriptor && descriptor->_name) { + printf(" %s", descriptor->_name); + } else { + printf(" TYPE%u", t); + } + */ fprintf(stdout, " NS\n"); + } else if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, correct_key_list, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", SELF); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, labels[i]); + /* + if (descriptor && descriptor->_name) { + printf(" %s", descriptor->_name); + } else { + printf(" TYPE%u", t); + } + */ + fprintf(stdout, " NS\n"); + } else { + fprintf(stdout, "%s ", BOGUS); + result = 1; + printf(";; Error verifying denial of existence for name "); + ldns_rdf_print(stdout, labels[i]); + /* + printf(" type "); + if (descriptor && descriptor->_name) { + printf("%s", descriptor->_name); + } else { + printf("TYPE%u", t); + } + */ printf("NS: %s\n", ldns_get_errorstr_by_id(st)); + } + } else { + fprintf(stdout, "%s ", BOGUS); + result = 1; + printf(";; Error verifying denial of existence for name "); + ldns_rdf_print(stdout, labels[i]); + printf("NS: %s\n", ldns_get_errorstr_by_id(status)); + } + + /* there might be an empty non-terminal, in which case we need to continue */ + ent = false; + for (j = 0; j < ldns_rr_list_rr_count(nsec_rrs); j++) { + if (ldns_dname_is_subdomain(ldns_rr_rdf(ldns_rr_list_rr(nsec_rrs, j), 0), labels[i])) { + ent = true; + } + } + if (!ent) { + ldns_rr_list_deep_free(nsec_rrs); + ldns_rr_list_deep_free(nsec_rr_sigs); + ldns_pkt_free(local_p); + goto done; + } else { + printf(";; There is an empty non-terminal here, continue\n"); + } + goto done; + } + + if (ldns_resolver_nameserver_count(res) == 0) { + error("No nameservers found for this node"); + goto done; + } + } + ldns_pkt_free(local_p); + + fprintf(stdout, ";; Domain: "); + ldns_rdf_print(stdout, labels[i]); + fprintf(stdout, "\n"); + + /* retrieve keys for current domain, and verify them + if they match an already trusted DS, or if one of the + keys used to sign these is trusted, add the keys to + the trusted list */ + p = get_dnssec_pkt(res, labels[i], LDNS_RR_TYPE_DNSKEY); + pt = get_key(p, labels[i], &key_list, &key_sig_list); + if (key_sig_list) { + if (key_list) { + current_correct_keys = ldns_rr_list_new(); + if ((st = ldns_verify(key_list, key_sig_list, key_list, current_correct_keys)) == + LDNS_STATUS_OK) { + /* add all signed keys (don't just add current_correct, you'd miss + * the zsk's then */ + for (j = 0; j < ldns_rr_list_rr_count(key_list); j++) { + ldns_rr_list_push_rr(correct_key_list, ldns_rr_clone(ldns_rr_list_rr(key_list, j))); + } + + /* check whether these keys were signed + * by a trusted keys. if so, these + * keys are also trusted */ + new_keys_trusted = false; + for (k = 0; k < ldns_rr_list_rr_count(current_correct_keys); k++) { + for (j = 0; j < ldns_rr_list_rr_count(trusted_ds_rrs); j++) { + if (ldns_rr_compare_ds(ldns_rr_list_rr(current_correct_keys, k), + ldns_rr_list_rr(trusted_ds_rrs, j))) { + new_keys_trusted = true; + } + } + } + + /* also all keys are trusted if one of the current correct keys is trusted */ + for (k = 0; k < ldns_rr_list_rr_count(current_correct_keys); k++) { + for (j = 0; j < ldns_rr_list_rr_count(trusted_keys); j++) { + if (ldns_rr_compare(ldns_rr_list_rr(current_correct_keys, k), + ldns_rr_list_rr(trusted_keys, j)) == 0) { + new_keys_trusted = true; + } + } + } + + + if (new_keys_trusted) { + ldns_rr_list_push_rr_list(trusted_keys, key_list); + print_rr_list_abbr(stdout, key_list, TRUST); + ldns_rr_list_free(key_list); + key_list = NULL; + } else { + if (verbosity >= 2) { + printf(";; Signature ok but no chain to a trusted key or ds record\n"); + } + print_rr_list_abbr(stdout, key_list, SELF); + ldns_rr_list_deep_free(key_list); + key_list = NULL; + } + } else { + print_rr_list_abbr(stdout, key_list, BOGUS); + result = 2; + ldns_rr_list_deep_free(key_list); + key_list = NULL; + } + ldns_rr_list_free(current_correct_keys); + current_correct_keys = NULL; + } else { + printf(";; No DNSKEY record found for "); + ldns_rdf_print(stdout, labels[i]); + printf("\n"); + } + } + + ldns_pkt_free(p); + ldns_rr_list_deep_free(key_sig_list); + key_sig_list = NULL; + + /* check the DS records for the next child domain */ + if (i > 1) { + p = get_dnssec_pkt(res, labels[i-1], LDNS_RR_TYPE_DS); + pt = get_ds(p, labels[i-1], &ds_list, &ds_sig_list); + if (!ds_list) { + ldns_pkt_free(p); + if (ds_sig_list) { + ldns_rr_list_deep_free(ds_sig_list); + } + p = get_dnssec_pkt(res, name, LDNS_RR_TYPE_DNSKEY); + pt = get_ds(p, NULL, &ds_list, &ds_sig_list); + } + if (ds_sig_list) { + if (ds_list) { + if (verbosity >= 4) { + printf("VERIFYING:\n"); + printf("DS LIST:\n"); + ldns_rr_list_print(stdout, ds_list); + printf("SIGS:\n"); + ldns_rr_list_print(stdout, ds_sig_list); + printf("KEYS:\n"); + ldns_rr_list_print(stdout, correct_key_list); + } + + current_correct_keys = ldns_rr_list_new(); + + if ((st = ldns_verify(ds_list, ds_sig_list, correct_key_list, current_correct_keys)) == + LDNS_STATUS_OK) { + /* if the ds is signed by a trusted key and a key from correct keys + matches that ds, add that key to the trusted keys */ + new_keys_trusted = false; + if (verbosity >= 2) { + printf("Checking if signing key is trusted:\n"); + } + for (j = 0; j < ldns_rr_list_rr_count(current_correct_keys); j++) { + if (verbosity >= 2) { + printf("New key: "); + ldns_rr_print(stdout, ldns_rr_list_rr(current_correct_keys, j)); + } + for (k = 0; k < ldns_rr_list_rr_count(trusted_keys); k++) { + if (verbosity >= 2) { + printf("\tTrusted key: "); + ldns_rr_print(stdout, ldns_rr_list_rr(trusted_keys, k)); + } + if (ldns_rr_compare(ldns_rr_list_rr(current_correct_keys, j), + ldns_rr_list_rr(trusted_keys, k)) == 0) { + if (verbosity >= 2) { + printf("Key is now trusted!\n"); + } + for (l = 0; l < ldns_rr_list_rr_count(ds_list); l++) { + ldns_rr_list_push_rr(trusted_ds_rrs, ldns_rr_clone(ldns_rr_list_rr(ds_list, l))); + new_keys_trusted = true; + } + } + } + } + if (new_keys_trusted) { + print_rr_list_abbr(stdout, ds_list, TRUST); + } else { + print_rr_list_abbr(stdout, ds_list, SELF); + } + } else { + result = 3; + print_rr_list_abbr(stdout, ds_list, BOGUS); + } + + ldns_rr_list_free(current_correct_keys); + current_correct_keys = NULL; + } else { + /* wait apparently there were no keys either, go back to the ds packet */ + ldns_pkt_free(p); + ldns_rr_list_deep_free(ds_sig_list); + p = get_dnssec_pkt(res, labels[i-1], LDNS_RR_TYPE_DS); + pt = get_ds(p, labels[i-1], &ds_list, &ds_sig_list); + + status = ldns_verify_denial(p, labels[i-1], LDNS_RR_TYPE_DS, &nsec_rrs, &nsec_rr_sigs); + + if (verbosity >= 4) { + printf("NSEC(3) Records to verify:\n"); + ldns_rr_list_print(stdout, nsec_rrs); + printf("With signatures:\n"); + ldns_rr_list_print(stdout, nsec_rr_sigs); + printf("correct keys:\n"); + ldns_rr_list_print(stdout, correct_key_list); + } + + if (status == LDNS_STATUS_OK) { + if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, trusted_keys, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", TRUST); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, labels[i-1]); + printf(" DS"); + fprintf(stdout, "\n"); + } else if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, correct_key_list, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", SELF); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, labels[i-1]); + printf(" DS"); + fprintf(stdout, "\n"); + } else { + result = 4; + fprintf(stdout, "%s ", BOGUS); + printf("Error verifying denial of existence for "); + ldns_rdf_print(stdout, labels[i-1]); + printf(" DS"); + printf(": %s\n", ldns_get_errorstr_by_id(st)); + } + + + } else { + if (status == LDNS_STATUS_CRYPTO_NO_RRSIG) { + printf(";; No DS for "); + ldns_rdf_print(stdout, labels[i - 1]); + } else { + printf("[B] Unable to verify denial of existence for "); + ldns_rdf_print(stdout, labels[i - 1]); + printf(" DS: %s\n", ldns_get_errorstr_by_id(status)); + } + } + if (verbosity >= 2) { + printf(";; No ds record for delegation\n"); + } + } + } + ldns_rr_list_deep_free(ds_list); + ldns_pkt_free(p); + } else { + /* if this is the last label, just verify the data and stop */ + p = get_dnssec_pkt(res, labels[i], t); + pt = get_dnssec_rr(p, labels[i], t, &dataset, &key_sig_list); + if (dataset && ldns_rr_list_rr_count(dataset) > 0) { + if (key_sig_list && ldns_rr_list_rr_count(key_sig_list) > 0) { + + /* If this is a wildcard, you must be able to deny exact match */ + if ((st = ldns_verify(dataset, key_sig_list, trusted_keys, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", TRUST); + ldns_rr_list_print(stdout, dataset); + } else if ((st = ldns_verify(dataset, key_sig_list, correct_key_list, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", SELF); + ldns_rr_list_print(stdout, dataset); + } else { + result = 5; + fprintf(stdout, "%s ", BOGUS); + ldns_rr_list_print(stdout, dataset); + printf(";; Error: %s\n", ldns_get_errorstr_by_id(st)); + } + } else { + fprintf(stdout, "%s ", UNSIGNED); + ldns_rr_list_print(stdout, dataset); + } + ldns_rr_list_deep_free(dataset); + } else { + status = ldns_verify_denial(p, name, t, &nsec_rrs, &nsec_rr_sigs); + if (status == LDNS_STATUS_OK) { + /* verify the nsec3 themselves*/ + if (verbosity >= 5) { + printf("NSEC(3) Records to verify:\n"); + ldns_rr_list_print(stdout, nsec_rrs); + printf("With signatures:\n"); + ldns_rr_list_print(stdout, nsec_rr_sigs); + printf("correct keys:\n"); + ldns_rr_list_print(stdout, correct_key_list); +/* + printf("trusted keys at %p:\n", trusted_keys); + ldns_rr_list_print(stdout, trusted_keys); +*/ } + + if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, trusted_keys, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", TRUST); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, name); + if (descriptor && descriptor->_name) { + printf(" %s", descriptor->_name); + } else { + printf(" TYPE%u", t); + } + fprintf(stdout, "\n"); + } else if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, correct_key_list, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", SELF); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, name); + if (descriptor && descriptor->_name) { + printf(" %s", descriptor->_name); + } else { + printf(" TYPE%u", t); + } + fprintf(stdout, "\n"); + } else { + result = 6; + fprintf(stdout, "%s ", BOGUS); + printf("Error verifying denial of existence for "); + ldns_rdf_print(stdout, name); + printf(" type "); + if (descriptor && descriptor->_name) { + printf("%s", descriptor->_name); + } else { + printf("TYPE%u", t); + } + printf(": %s\n", ldns_get_errorstr_by_id(st)); + } + + ldns_rr_list_deep_free(nsec_rrs); + ldns_rr_list_deep_free(nsec_rr_sigs); + } else { +/* +*/ + if (status == LDNS_STATUS_CRYPTO_NO_RRSIG) { + printf("%s ", UNSIGNED); + printf("No data found for: "); + ldns_rdf_print(stdout, name); + printf(" type "); + if (descriptor && descriptor->_name) { + printf("%s", descriptor->_name); + } else { + printf("TYPE%u", t); + } + printf("\n"); + } else { + printf("[B] Unable to verify denial of existence for "); + ldns_rdf_print(stdout, name); + printf(" type "); + if (descriptor && descriptor->_name) { + printf("%s", descriptor->_name); + } else { + printf("TYPE%u", t); + } + printf("\n"); + } + + } + } + ldns_pkt_free(p); + } + + new_nss_aaaa = NULL; + new_nss_a = NULL; + new_nss = NULL; + ns_addr = NULL; + ldns_rr_list_deep_free(key_list); + key_list = NULL; + ldns_rr_list_deep_free(key_sig_list); + key_sig_list = NULL; + ds_list = NULL; + ldns_rr_list_deep_free(ds_sig_list); + ds_sig_list = NULL; + } + printf(";;" SELF " self sig OK; " BOGUS " bogus; " TRUST " trusted\n"); + /* verbose mode? + printf("Trusted keys:\n"); + ldns_rr_list_print(stdout, trusted_keys); + printf("trusted dss:\n"); + ldns_rr_list_print(stdout, trusted_ds_rrs); + */ + + done: + ldns_rr_list_deep_free(trusted_ds_rrs); + ldns_rr_list_deep_free(correct_key_list); + ldns_resolver_deep_free(res); + if (labels) { + for(i = 0 ; i < (ssize_t)labels_count + 2; i++) { + ldns_rdf_deep_free(labels[i]); + } + LDNS_FREE(labels); + } + return result; +} +#endif /* HAVE_SSL */ diff --git a/contrib/ldns/drill/work.c b/contrib/ldns/drill/work.c new file mode 100644 index 0000000000..3a9cb5855d --- /dev/null +++ b/contrib/ldns/drill/work.c @@ -0,0 +1,276 @@ +/* + * work.c + * Where all the hard work is done + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +/** + * Converts a hex string to binary data + * len is the length of the string + * buf is the buffer to store the result in + * offset is the starting position in the result buffer + * + * This function returns the length of the result + */ +size_t +hexstr2bin(char *hexstr, int len, uint8_t *buf, size_t offset, size_t buf_len) +{ + char c; + int i; + uint8_t int8 = 0; + int sec = 0; + size_t bufpos = 0; + + if (len % 2 != 0) { + return 0; + } + + for (i=0; i= '0' && c <= '9') { + int8 += c & 0x0f; + } else if (c >= 'a' && c <= 'z') { + int8 += (c & 0x0f) + 9; + } else if (c >= 'A' && c <= 'Z') { + int8 += (c & 0x0f) + 9; + } else { + return 0; + } + + if (sec == 0) { + int8 = int8 << 4; + sec = 1; + } else { + if (bufpos + offset + 1 <= buf_len) { + buf[bufpos+offset] = int8; + int8 = 0; + sec = 0; + bufpos++; + } else { + error("Buffer too small in hexstr2bin"); + } + } + } + } + return bufpos; +} + +size_t +packetbuffromfile(char *filename, uint8_t *wire) +{ + FILE *fp = NULL; + int c; + + /* stat hack + * 0 = normal + * 1 = comment (skip to end of line) + * 2 = unprintable character found, read binary data directly + */ + int state = 0; + uint8_t *hexbuf = xmalloc(LDNS_MAX_PACKETLEN); + int hexbufpos = 0; + size_t wirelen; + + if (strncmp(filename, "-", 2) == 0) { + fp = stdin; + } else { + fp = fopen(filename, "r"); + } + if (fp == NULL) { + perror("Unable to open file for reading"); + xfree(hexbuf); + return 0; + } + + /*verbose("Opened %s\n", filename);*/ + + c = fgetc(fp); + while (c != EOF && hexbufpos < LDNS_MAX_PACKETLEN) { + if (state < 2 && !isascii(c)) { + /*verbose("non ascii character found in file: (%d) switching to raw mode\n", c);*/ + state = 2; + } + switch (state) { + case 0: + if ( (c >= '0' && c <= '9') || + (c >= 'a' && c <= 'f') || + (c >= 'A' && c <= 'F') ) + { + hexbuf[hexbufpos] = (uint8_t) c; + hexbufpos++; + } else if (c == ';') { + state = 1; + } else if (c == ' ' || c == '\t' || c == '\n') { + /* skip whitespace */ + } + break; + case 1: + if (c == '\n' || c == EOF) { + state = 0; + } + break; + case 2: + hexbuf[hexbufpos] = (uint8_t) c; + hexbufpos++; + break; + default: + warning("unknown state while reading %s", filename); + xfree(hexbuf); + return 0; + break; + } + c = fgetc(fp); + } + + if (c == EOF) { + /* + if (have_drill_opt && drill_opt->verbose) { + verbose("END OF FILE REACHED\n"); + if (state < 2) { + verbose("read:\n"); + verbose("%s\n", hexbuf); + } else { + verbose("Not printing wire because it contains non ascii data\n"); + } + } + */ + } + if (hexbufpos >= LDNS_MAX_PACKETLEN) { + /*verbose("packet size reached\n");*/ + } + + /* lenient mode: length must be multiple of 2 */ + if (hexbufpos % 2 != 0) { + hexbuf[hexbufpos] = (uint8_t) '0'; + hexbufpos++; + } + + if (state < 2) { + wirelen = hexstr2bin((char *) hexbuf, + hexbufpos, + wire, + 0, + LDNS_MAX_PACKETLEN); + } else { + memcpy(wire, hexbuf, (size_t) hexbufpos); + wirelen = (size_t) hexbufpos; + } + if (fp != stdin) { + fclose(fp); + } + xfree(hexbuf); + return wirelen; +} + +ldns_buffer * +read_hex_buffer(char *filename) +{ + uint8_t *wire; + size_t wiresize; + ldns_buffer *result_buffer = NULL; + + FILE *fp = NULL; + + if (strncmp(filename, "-", 2) != 0) { + fp = fopen(filename, "r"); + } else { + fp = stdin; + } + + if (fp == NULL) { + perror(""); + warning("Unable to open %s", filename); + return NULL; + } + + wire = xmalloc(LDNS_MAX_PACKETLEN); + + wiresize = packetbuffromfile(filename, wire); + + result_buffer = LDNS_MALLOC(ldns_buffer); + ldns_buffer_new_frm_data(result_buffer, wire, wiresize); + ldns_buffer_set_position(result_buffer, ldns_buffer_capacity(result_buffer)); + + xfree(wire); + return result_buffer; +} + +ldns_pkt * +read_hex_pkt(char *filename) +{ + uint8_t *wire; + size_t wiresize; + + ldns_pkt *pkt = NULL; + + ldns_status status = LDNS_STATUS_ERR; + + wire = xmalloc(LDNS_MAX_PACKETLEN); + + wiresize = packetbuffromfile(filename, wire); + + if (wiresize > 0) { + status = ldns_wire2pkt(&pkt, wire, wiresize); + } + + xfree(wire); + + if (status == LDNS_STATUS_OK) { + return pkt; + } else { + fprintf(stderr, "Error parsing hex file: %s\n", + ldns_get_errorstr_by_id(status)); + return NULL; + } +} + +void +dump_hex(const ldns_pkt *pkt, const char *filename) +{ + uint8_t *wire; + size_t size, i; + FILE *fp; + ldns_status status; + + fp = fopen(filename, "w"); + + if (fp == NULL) { + error("Unable to open %s for writing", filename); + return; + } + + status = ldns_pkt2wire(&wire, pkt, &size); + + if (status != LDNS_STATUS_OK) { + error("Unable to convert packet: error code %u", status); + return; + } + + fprintf(fp, "; 0"); + for (i = 1; i < 20; i++) { + fprintf(fp, " %2u", (unsigned int) i); + } + fprintf(fp, "\n"); + fprintf(fp, ";--"); + for (i = 1; i < 20; i++) { + fprintf(fp, " --"); + } + fprintf(fp, "\n"); + for (i = 0; i < size; i++) { + if (i % 20 == 0 && i > 0) { + fprintf(fp, "\t;\t%4u-%4u\n", (unsigned int) i-19, (unsigned int) i); + } + fprintf(fp, " %02x", (unsigned int)wire[i]); + } + fprintf(fp, "\n"); + fclose(fp); +} diff --git a/contrib/ldns/error.c b/contrib/ldns/error.c new file mode 100644 index 0000000000..7867c2a615 --- /dev/null +++ b/contrib/ldns/error.c @@ -0,0 +1,103 @@ +/* + * a error2str function to make sense of all the + * error codes we have laying ardoun + * + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ + +#include + +#include + +ldns_lookup_table ldns_error_str[] = { + { LDNS_STATUS_OK, "All OK" }, + { LDNS_STATUS_EMPTY_LABEL, "Empty label" }, + { LDNS_STATUS_LABEL_OVERFLOW, "Label length overflow" }, + { LDNS_STATUS_DOMAINNAME_OVERFLOW, "Domainname length overflow" }, + { LDNS_STATUS_DOMAINNAME_UNDERFLOW, "Domainname length underflow (zero length)" }, + { LDNS_STATUS_DDD_OVERFLOW, "\\DDD sequence overflow (>255)" }, + { LDNS_STATUS_PACKET_OVERFLOW, "Packet size overflow" }, + { LDNS_STATUS_INVALID_POINTER, "Invalid compression pointer" }, + { LDNS_STATUS_MEM_ERR, "General memory error" }, + { LDNS_STATUS_INTERNAL_ERR, "Internal error, this should not happen" }, + { LDNS_STATUS_SSL_ERR, "Error in SSL library" }, + { LDNS_STATUS_ERR, "General LDNS error" }, + { LDNS_STATUS_INVALID_INT, "Conversion error, integer expected" }, + { LDNS_STATUS_INVALID_IP4, "Conversion error, ip4 addr expected" }, + { LDNS_STATUS_INVALID_IP6, "Conversion error, ip6 addr expected" }, + { LDNS_STATUS_INVALID_STR, "Conversion error, string expected" }, + { LDNS_STATUS_INVALID_B64, "Conversion error, b64 encoding expected" }, + { LDNS_STATUS_INVALID_HEX, "Conversion error, hex encoding expected" }, + { LDNS_STATUS_INVALID_TIME, "Conversion error, time encoding expected" }, + { LDNS_STATUS_NETWORK_ERR, "Could not send or receive, because of network error" }, + { LDNS_STATUS_ADDRESS_ERR, "Could not start AXFR, because of address error" }, + { LDNS_STATUS_FILE_ERR, "Could not open the files" }, + { LDNS_STATUS_UNKNOWN_INET, "Uknown address family" }, + { LDNS_STATUS_NOT_IMPL, "This function is not implemented (yet), please notify the developers - or not..." }, + { LDNS_STATUS_NULL, "Supplied value pointer null" }, + { LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, "Unknown cryptographic algorithm" }, + { LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, "Cryptographic algorithm not implemented" }, + { LDNS_STATUS_CRYPTO_NO_RRSIG, "No DNSSEC signature(s)" }, + { LDNS_STATUS_CRYPTO_NO_DNSKEY, "No DNSSEC public key(s)" }, + { LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, "The signature does not cover this RRset" }, + { LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, "No signatures found for trusted DNSSEC public key(s)" }, + { LDNS_STATUS_CRYPTO_NO_DS, "No DS record(s)" }, + { LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, "Could not validate DS record(s)" }, + { LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, "No keys with the keytag and algorithm from the RRSIG found" }, + { LDNS_STATUS_CRYPTO_VALIDATED, "Valid DNSSEC signature" }, + { LDNS_STATUS_CRYPTO_BOGUS, "Bogus DNSSEC signature" }, + { LDNS_STATUS_CRYPTO_SIG_EXPIRED, "DNSSEC signature has expired" }, + { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, "DNSSEC signature not incepted yet" }, + { LDNS_STATUS_CRYPTO_TSIG_BOGUS, "Bogus TSIG signature" }, + { LDNS_STATUS_CRYPTO_TSIG_ERR, "Could not create TSIG signature" }, + { LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, "DNSSEC signature has expiration date earlier than inception date" }, + { LDNS_STATUS_ENGINE_KEY_NOT_LOADED, "Unable to load private key from engine" }, + { LDNS_STATUS_NSEC3_ERR, "Error in NSEC3 denial of existence proof" }, + { LDNS_STATUS_RES_NO_NS, "No nameservers defined in the resolver" }, + { LDNS_STATUS_RES_QUERY, "No correct query given to resolver" }, + { LDNS_STATUS_WIRE_INCOMPLETE_HEADER, "header section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, "question section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, "answer section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, "authority section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, "additional section incomplete" }, + { LDNS_STATUS_NO_DATA, "No data" }, + { LDNS_STATUS_CERT_BAD_ALGORITHM, "Bad algorithm type for CERT record" }, + { LDNS_STATUS_SYNTAX_TYPE_ERR, "Syntax error, could not parse the RR's type" }, + { LDNS_STATUS_SYNTAX_CLASS_ERR, "Syntax error, could not parse the RR's class" }, + { LDNS_STATUS_SYNTAX_TTL_ERR, "Syntax error, could not parse the RR's TTL" }, + { LDNS_STATUS_SYNTAX_RDATA_ERR, "Syntax error, could not parse the RR's rdata" }, + { LDNS_STATUS_SYNTAX_DNAME_ERR, "Syntax error, could not parse the RR's dname(s)" }, + { LDNS_STATUS_SYNTAX_VERSION_ERR, "Syntax error, version mismatch" }, + { LDNS_STATUS_SYNTAX_ALG_ERR, "Syntax error, algorithm unknown or non parseable" }, + { LDNS_STATUS_SYNTAX_KEYWORD_ERR, "Syntax error, unknown keyword in input" }, + { LDNS_STATUS_SYNTAX_ERR, "Syntax error, could not parse the RR" }, + { LDNS_STATUS_SYNTAX_EMPTY, "Empty line was returned" }, + { LDNS_STATUS_SYNTAX_TTL, "$TTL directive was seen in the zone" }, + { LDNS_STATUS_SYNTAX_ORIGIN, "$ORIGIN directive was seen in the zone" }, + { LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, "Iterations count for NSEC3 record higher than maximum" }, + { LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, "Syntax error, value expected" }, + { LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer value too large" }, + { LDNS_STATUS_SYNTAX_BAD_ESCAPE, "Syntax error, bad escape sequence" }, + { LDNS_STATUS_SOCKET_ERROR, "Error creating socket" }, + { LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, "Existence denied by NSEC" }, + { LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, "RR not covered by the given NSEC RRs" }, + { LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, "wildcard not covered by the given NSEC RRs" }, + { LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, "original of NSEC3 hashed name could not be found" }, + { 0, NULL } +}; + +const char * +ldns_get_errorstr_by_id(ldns_status err) +{ + ldns_lookup_table *lt; + + lt = ldns_lookup_by_id(ldns_error_str, err); + + if (lt) { + return lt->name; + } + return NULL; +} diff --git a/contrib/ldns/higher.c b/contrib/ldns/higher.c new file mode 100644 index 0000000000..de1523ffd4 --- /dev/null +++ b/contrib/ldns/higher.c @@ -0,0 +1,340 @@ +/* + * higher.c + * + * Specify some higher level functions that would + * be usefull to would be developers + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_SSL +#include +#include +#endif /* HAVE_SSL */ + +ldns_rr_list * +ldns_get_rr_list_addr_by_name(ldns_resolver *res, ldns_rdf *name, ldns_rr_class c, + uint16_t flags) +{ + ldns_pkt *pkt; + ldns_rr_list *aaaa; + ldns_rr_list *a; + ldns_rr_list *result = NULL; + ldns_rr_list *hostsfilenames; + size_t i; + uint8_t ip6; + + a = NULL; + aaaa = NULL; + result = NULL; + + if (!res) { + return NULL; + } + if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + + ip6 = ldns_resolver_ip6(res); /* we use INET_ANY here, save + what was there */ + + ldns_resolver_set_ip6(res, LDNS_RESOLV_INETANY); + + hostsfilenames = ldns_get_rr_list_hosts_frm_file(NULL); + for (i = 0; i < ldns_rr_list_rr_count(hostsfilenames); i++) { + if (ldns_rdf_compare(name, + ldns_rr_owner(ldns_rr_list_rr(hostsfilenames, + i))) == 0) { + if (!result) { + result = ldns_rr_list_new(); + } + ldns_rr_list_push_rr(result, + ldns_rr_clone(ldns_rr_list_rr(hostsfilenames, i))); + } + } + ldns_rr_list_deep_free(hostsfilenames); + + if (result) { + return result; + } + + /* add the RD flags, because we want an answer */ + pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_AAAA, c, flags | LDNS_RD); + if (pkt) { + /* extract the data we need */ + aaaa = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_AAAA, + LDNS_SECTION_ANSWER); + ldns_pkt_free(pkt); + } + + pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_A, c, flags | LDNS_RD); + if (pkt) { + /* extract the data we need */ + a = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_A, LDNS_SECTION_ANSWER); + ldns_pkt_free(pkt); + } + ldns_resolver_set_ip6(res, ip6); + + if (aaaa && a) { + result = ldns_rr_list_cat_clone(aaaa, a); + ldns_rr_list_deep_free(aaaa); + ldns_rr_list_deep_free(a); + return result; + } + + if (aaaa) { + result = ldns_rr_list_clone(aaaa); + } + + if (a) { + result = ldns_rr_list_clone(a); + } + + ldns_rr_list_deep_free(aaaa); + ldns_rr_list_deep_free(a); + return result; +} + +ldns_rr_list * +ldns_get_rr_list_name_by_addr(ldns_resolver *res, ldns_rdf *addr, ldns_rr_class c, + uint16_t flags) +{ + ldns_pkt *pkt; + ldns_rr_list *names; + ldns_rdf *name; + size_t i; + + i = 0; + names = NULL; + + if (!res || !addr) { + return NULL; + } + + if (ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_A && + ldns_rdf_get_type(addr) != LDNS_RDF_TYPE_AAAA) { + return NULL; + } + + name = ldns_rdf_address_reverse(addr); + + /* add the RD flags, because we want an answer */ + pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_PTR, c, flags | LDNS_RD); + if (pkt) { + /* extract the data we need */ + names = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_PTR, LDNS_SECTION_ANSWER); + } + return names; +} + +/* read a line, put it in a buffer, parse the buffer */ +ldns_rr_list * +ldns_get_rr_list_hosts_frm_fp(FILE *fp) +{ + return ldns_get_rr_list_hosts_frm_fp_l(fp, NULL); +} + +ldns_rr_list * +ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr) +{ + ssize_t i, j; + size_t cnt; + char *line; + char *word; + char *addr; + char *rr_str; + ldns_buffer *linebuf; + ldns_rr *rr; + ldns_rr_list *list; + ldns_rdf *tmp; + bool ip6; + ldns_status parse_result; + + line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + word = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + addr = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + rr_str = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + ip6 = false; + list = ldns_rr_list_new(); + rr = NULL; + + for(i = ldns_fget_token_l(fp, line, "\n", 0, line_nr); + i > 0; i = ldns_fget_token_l(fp, line, "\n", 0, line_nr)) { + /* # is comment */ + if (line[0] == '#') { + continue; + } + /* put it in a buffer for further processing */ + linebuf = LDNS_MALLOC(ldns_buffer); + + ldns_buffer_new_frm_data(linebuf, line, (size_t) i); + for(cnt = 0, j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, 0); + j > 0; + j = ldns_bget_token(linebuf, word, LDNS_PARSE_NO_NL, 0), cnt++) { + if (cnt == 0) { + /* the address */ + if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, + word))) { + /* ip6 */ + ldns_rdf_deep_free(tmp); + ip6 = true; + } else { + if ((tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, + word))) { + /* ip4 */ + ldns_rdf_deep_free(tmp); + ip6 = false; + } else { + /* kaput */ + break; + } + } + strlcpy(addr, word, LDNS_MAX_LINELEN+1); + } else { + /* la al la la */ + if (ip6) { + snprintf(rr_str, LDNS_MAX_LINELEN, + "%s IN AAAA %s", word, addr); + } else { + snprintf(rr_str, LDNS_MAX_LINELEN, + "%s IN A %s", word, addr); + } + parse_result = ldns_rr_new_frm_str(&rr, rr_str, 0, NULL, NULL); + if (parse_result == LDNS_STATUS_OK && ldns_rr_owner(rr) && ldns_rr_rd_count(rr) > 0) { + ldns_rr_list_push_rr(list, ldns_rr_clone(rr)); + } + ldns_rr_free(rr); + } + } + ldns_buffer_free(linebuf); + } + LDNS_FREE(line); + LDNS_FREE(word); + LDNS_FREE(addr); + LDNS_FREE(rr_str); + return list; +} + +ldns_rr_list * +ldns_get_rr_list_hosts_frm_file(char *filename) +{ + ldns_rr_list *names; + FILE *fp; + + if (!filename) { + fp = fopen(LDNS_RESOLV_HOSTS, "r"); + + } else { + fp = fopen(filename, "r"); + } + if (!fp) { + return NULL; + } + + names = ldns_get_rr_list_hosts_frm_fp(fp); + fclose(fp); + return names; +} + +uint16_t +ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, + ldns_rr_list **ret) +{ + ldns_rdf_type t; + uint16_t names_found; + ldns_resolver *r; + ldns_status s; + + t = ldns_rdf_get_type(node); + names_found = 0; + r = res; + + if (res == NULL) { + /* prepare a new resolver, using /etc/resolv.conf as a guide */ + s = ldns_resolver_new_frm_file(&r, NULL); + if (s != LDNS_STATUS_OK) { + return 0; + } + } + + if (t == LDNS_RDF_TYPE_DNAME) { + /* we're asked to query for a name */ + *ret = ldns_get_rr_list_addr_by_name(r, node, c, 0); + names_found = ldns_rr_list_rr_count(*ret); + } + + if (t == LDNS_RDF_TYPE_A || t == LDNS_RDF_TYPE_AAAA) { + /* an address */ + *ret = ldns_get_rr_list_name_by_addr(r, node, c, 0); + names_found = ldns_rr_list_rr_count(*ret); + } + + if (res == NULL) { + ldns_resolver_deep_free(r); + } + + return names_found; +} + +bool +ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t) +{ + /* does the nsec cover the t given? */ + /* copied from host2str.c line 465: ldns_rdf2buffer_str_nsec */ + uint8_t window_block_nr; + uint8_t bitmap_length; + uint16_t type; + uint16_t pos = 0; + uint16_t bit_pos; + ldns_rdf *nsec_type_list = ldns_rr_rdf(nsec, 1); + uint8_t *data = ldns_rdf_data(nsec_type_list); + + while(pos < ldns_rdf_size(nsec_type_list)) { + window_block_nr = data[pos]; + bitmap_length = data[pos + 1]; + pos += 2; + + for (bit_pos = 0; bit_pos < (bitmap_length) * 8; bit_pos++) { + if (ldns_get_bit(&data[pos], bit_pos)) { + type = 256 * (uint16_t) window_block_nr + bit_pos; + + if ((ldns_rr_type)type == t) { + /* we have a winner */ + return true; + } + } + } + pos += (uint16_t) bitmap_length; + } + return false; +} + +void +ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...) +{ + int16_t rdf; + ldns_rdf *rd; + va_list va_rdf; + va_start(va_rdf, rdfnum); + + for (rdf = (int16_t)rdfnum; rdf != -1; rdf = (int16_t)va_arg(va_rdf, int)) + { + rd = ldns_rr_rdf(r, rdf); + if (!rd) { + continue; + } else { + ldns_rdf_print(fp, rd); + fprintf(fp, " "); /* not sure if we want to do this */ + } + } + va_end(va_rdf); +} diff --git a/contrib/ldns/host2str.c b/contrib/ldns/host2str.c new file mode 100644 index 0000000000..7ef5e39118 --- /dev/null +++ b/contrib/ldns/host2str.c @@ -0,0 +1,1949 @@ +/* + * host2str.c + * + * conversion routines from the host format + * to the presentation format (strings) + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ +#include + +#include + +#include + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#include +#include + +#ifndef INET_ADDRSTRLEN +#define INET_ADDRSTRLEN 16 +#endif +#ifndef INET6_ADDRSTRLEN +#define INET6_ADDRSTRLEN 46 +#endif + +/* lookup tables for standard DNS stuff */ + +/* Taken from RFC 2535, section 7. */ +ldns_lookup_table ldns_algorithms[] = { + { LDNS_RSAMD5, "RSAMD5" }, + { LDNS_DH, "DH" }, + { LDNS_DSA, "DSA" }, + { LDNS_ECC, "ECC" }, + { LDNS_RSASHA1, "RSASHA1" }, + { LDNS_DSA_NSEC3, "DSA-NSEC3-SHA1" }, + { LDNS_RSASHA1_NSEC3, "RSASHA1-NSEC3-SHA1" }, +#ifdef USE_SHA2 + { LDNS_RSASHA256, "RSASHA256"}, + { LDNS_RSASHA512, "RSASHA512"}, +#endif +#ifdef USE_GOST + { LDNS_GOST, "GOST"}, +#endif + { LDNS_INDIRECT, "INDIRECT" }, + { LDNS_PRIVATEDNS, "PRIVATEDNS" }, + { LDNS_PRIVATEOID, "PRIVATEOID" }, + { 0, NULL } +}; + +/* Taken from RFC 2538 */ +ldns_lookup_table ldns_cert_algorithms[] = { + { LDNS_CERT_PKIX, "PKIX" }, + { LDNS_CERT_SPKI, "SPKI" }, + { LDNS_CERT_PGP, "PGP" }, + { LDNS_CERT_URI, "URI" }, + { LDNS_CERT_OID, "OID" }, + { 0, NULL } +}; + +/* classes */ +ldns_lookup_table ldns_rr_classes[] = { + { LDNS_RR_CLASS_IN, "IN" }, + { LDNS_RR_CLASS_CH, "CH" }, + { LDNS_RR_CLASS_HS, "HS" }, + { LDNS_RR_CLASS_NONE, "NONE" }, + { LDNS_RR_CLASS_ANY, "ANY" }, + { 0, NULL } +}; + +/* if these are used elsewhere */ +ldns_lookup_table ldns_rcodes[] = { + { LDNS_RCODE_NOERROR, "NOERROR" }, + { LDNS_RCODE_FORMERR, "FORMERR" }, + { LDNS_RCODE_SERVFAIL, "SERVFAIL" }, + { LDNS_RCODE_NXDOMAIN, "NXDOMAIN" }, + { LDNS_RCODE_NOTIMPL, "NOTIMPL" }, + { LDNS_RCODE_REFUSED, "REFUSED" }, + { LDNS_RCODE_YXDOMAIN, "YXDOMAIN" }, + { LDNS_RCODE_YXRRSET, "YXRRSET" }, + { LDNS_RCODE_NXRRSET, "NXRRSET" }, + { LDNS_RCODE_NOTAUTH, "NOTAUTH" }, + { LDNS_RCODE_NOTZONE, "NOTZONE" }, + { 0, NULL } +}; + +ldns_lookup_table ldns_opcodes[] = { + { LDNS_PACKET_QUERY, "QUERY" }, + { LDNS_PACKET_IQUERY, "IQUERY" }, + { LDNS_PACKET_STATUS, "STATUS" }, + { LDNS_PACKET_NOTIFY, "NOTIFY" }, + { LDNS_PACKET_UPDATE, "UPDATE" }, + { 0, NULL } +}; + +ldns_status +ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode) +{ + ldns_lookup_table *lt = ldns_lookup_by_id(ldns_opcodes, opcode); + if (lt && lt->name) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "OPCODE%u", opcode); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode) +{ + ldns_lookup_table *lt = ldns_lookup_by_id(ldns_rcodes, rcode); + if (lt && lt->name) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "RCODE%u", rcode); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_algorithm2buffer_str(ldns_buffer *output, + ldns_algorithm algorithm) +{ + ldns_lookup_table *lt = ldns_lookup_by_id(ldns_algorithms, + algorithm); + if (lt && lt->name) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "ALG%u", algorithm); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_cert_algorithm2buffer_str(ldns_buffer *output, + ldns_cert_algorithm cert_algorithm) +{ + ldns_lookup_table *lt = ldns_lookup_by_id(ldns_cert_algorithms, + cert_algorithm); + if (lt && lt->name) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "CERT_ALG%u", + cert_algorithm); + } + return ldns_buffer_status(output); +} + +char * +ldns_pkt_opcode2str(ldns_pkt_opcode opcode) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(12); + str = NULL; + + if (ldns_pkt_opcode2buffer_str(buf, opcode) == LDNS_STATUS_OK) { + str = ldns_buffer2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + +char * +ldns_pkt_rcode2str(ldns_pkt_rcode rcode) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(10); + str = NULL; + + if (ldns_pkt_rcode2buffer_str(buf, rcode) == LDNS_STATUS_OK) { + str = ldns_buffer2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + +char * +ldns_pkt_algorithm2str(ldns_algorithm algorithm) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(10); + str = NULL; + + if (ldns_algorithm2buffer_str(buf, algorithm) + == LDNS_STATUS_OK) { + str = ldns_buffer2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + +char * +ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(10); + str = NULL; + + if (ldns_cert_algorithm2buffer_str(buf, cert_algorithm) + == LDNS_STATUS_OK) { + str = ldns_buffer2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + + +/* do NOT pass compressed data here :p */ +ldns_status +ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname) +{ + /* can we do with 1 pos var? or without at all? */ + uint8_t src_pos = 0; + uint8_t len; + uint8_t *data; + uint8_t i; + + data = (uint8_t*)ldns_rdf_data(dname); + len = data[src_pos]; + + if (ldns_rdf_size(dname) > LDNS_MAX_DOMAINLEN) { + /* too large, return */ + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + + /* special case: root label */ + if (1 == ldns_rdf_size(dname)) { + ldns_buffer_printf(output, "."); + } else { + while ((len > 0) && src_pos < ldns_rdf_size(dname)) { + src_pos++; + for(i = 0; i < len; i++) { + /* paranoia check for various 'strange' + characters in dnames + */ + if(data[src_pos]=='.' || data[src_pos]==';' || + data[src_pos]=='(' || data[src_pos]==')' || + data[src_pos]=='\\') { + ldns_buffer_printf(output, "\\%c", + data[src_pos]); + } else if (!isgraph((int) data[src_pos])) { + ldns_buffer_printf(output, "\\%03u", + data[src_pos]); + } else { + ldns_buffer_printf(output, "%c", data[src_pos]); + } + src_pos++; + } + + len = data[src_pos]; + ldns_buffer_printf(output, "."); + } + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_int8(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint8_t data = ldns_rdf_data(rdf)[0]; + ldns_buffer_printf(output, "%lu", (unsigned long) data); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); + ldns_buffer_printf(output, "%lu", (unsigned long) data); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_int32(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint32_t data = ldns_read_uint32(ldns_rdf_data(rdf)); + ldns_buffer_printf(output, "%lu", (unsigned long) data); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* create a YYYYMMDDHHMMSS string if possible */ + uint32_t data = ldns_read_uint32(ldns_rdf_data(rdf)); + time_t data_time; + struct tm tm; + char date_buf[16]; + + data_time = 0; + memcpy(&data_time, &data, sizeof(uint32_t)); + + memset(&tm, 0, sizeof(tm)); + + if (gmtime_r(&data_time, &tm) && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { + ldns_buffer_printf(output, "%s", date_buf); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf) +{ + char str[INET_ADDRSTRLEN]; + + if (inet_ntop(AF_INET, ldns_rdf_data(rdf), str, INET_ADDRSTRLEN)) { + ldns_buffer_printf(output, "%s", str); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf) +{ + char str[INET6_ADDRSTRLEN]; + + if (inet_ntop(AF_INET6, ldns_rdf_data(rdf), str, INET6_ADDRSTRLEN)) { + ldns_buffer_printf(output, "%s", str); + } + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf) +{ + const uint8_t *data = ldns_rdf_data(rdf); + uint8_t length = data[0]; + size_t i; + + ldns_buffer_printf(output, "\""); + for (i = 1; i <= length; ++i) { + char ch = (char) data[i]; + if (isprint((int)ch) || ch=='\t') { + if (ch=='\"'||ch=='\\') + ldns_buffer_printf(output, "\\%c", ch); + else + ldns_buffer_printf(output, "%c", ch); + } else { + ldns_buffer_printf(output, "\\%03u", (unsigned) ch); + } + } + ldns_buffer_printf(output, "\""); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf)); + char *b64 = LDNS_XMALLOC(char, size); + if (ldns_b64_ntop(ldns_rdf_data(rdf), ldns_rdf_size(rdf), b64, size)) { + ldns_buffer_printf(output, "%s", b64); + } + LDNS_FREE(b64); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_b32_ext(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t size = ldns_b32_ntop_calculate_size(ldns_rdf_size(rdf) - 1); + char *b32 = LDNS_XMALLOC(char, size + 1); + size = (size_t) ldns_b32_ntop_extended_hex(ldns_rdf_data(rdf) + 1, + ldns_rdf_size(rdf) - 1, + b32, size); + if (size > 0) { + ldns_buffer_printf(output, "%s", b32); + } + LDNS_FREE(b32); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf) +{ + size_t i; + for (i = 0; i < ldns_rdf_size(rdf); i++) { + ldns_buffer_printf(output, "%02x", ldns_rdf_data(rdf)[i]); + } + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); + const ldns_rr_descriptor *descriptor; + + descriptor = ldns_rr_descript(data); + if (descriptor && descriptor->_name) { + ldns_buffer_printf(output, "%s", descriptor->_name); + } else { + ldns_buffer_printf(output, "TYPE%u", data); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); + ldns_lookup_table *lt; + + lt = ldns_lookup_by_id(ldns_rr_classes, (int) data); + if (lt) { + ldns_buffer_printf(output, "\t%s", lt->name); + } else { + ldns_buffer_printf(output, "\tCLASS%d", data); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint16_t data = ldns_read_uint16(ldns_rdf_data(rdf)); + ldns_lookup_table *lt; + lt = ldns_lookup_by_id(ldns_cert_algorithms, (int) data); + if (lt) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "%d", data); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* don't use algorithm mnemonics in the presentation format + this kind of got sneaked into the rfc's */ + uint8_t data = ldns_rdf_data(rdf)[0]; +/* + + ldns_lookup_table *lt; + + lt = ldns_lookup_by_id(ldns_algorithms, (int) data); + if (lt) { + ldns_buffer_printf(output, "%s", lt->name); + } else { +*/ + ldns_buffer_printf(output, "%d", data); +/* + } +*/ + return ldns_buffer_status(output); +} + +static void +loc_cm_print(ldns_buffer *output, uint8_t mantissa, uint8_t exponent) +{ + uint8_t i; + /* is it 0. ? */ + if(exponent < 2) { + if(exponent == 1) + mantissa *= 10; + ldns_buffer_printf(output, "0.%02ld", (long)mantissa); + return; + } + /* always */ + ldns_buffer_printf(output, "%d", (int)mantissa); + for(i=0; i_name) { + ldns_buffer_printf(output, "%s", descriptor->_name); + } else { + /* exceptions for pseudotypes */ + switch (type) { + case LDNS_RR_TYPE_IXFR: + ldns_buffer_printf(output, "IXFR"); + break; + case LDNS_RR_TYPE_AXFR: + ldns_buffer_printf(output, "AXFR"); + break; + case LDNS_RR_TYPE_MAILA: + ldns_buffer_printf(output, "MAILA"); + break; + case LDNS_RR_TYPE_MAILB: + ldns_buffer_printf(output, "MAILB"); + break; + case LDNS_RR_TYPE_ANY: + ldns_buffer_printf(output, "ANY"); + break; + default: + ldns_buffer_printf(output, "TYPE%u", type); + } + } + return ldns_buffer_status(output); +} + +char * +ldns_rr_type2str(const ldns_rr_type type) +{ + char *str; + ldns_buffer *buf; + + buf = ldns_buffer_new(10); + str = NULL; + + if (ldns_rr_type2buffer_str(buf, type) == LDNS_STATUS_OK) { + str = ldns_buffer2str(buf); + } + + ldns_buffer_free(buf); + return str; +} + + +ldns_status +ldns_rr_class2buffer_str(ldns_buffer *output, + const ldns_rr_class klass) +{ + ldns_lookup_table *lt; + + lt = ldns_lookup_by_id(ldns_rr_classes, klass); + if (lt) { + ldns_buffer_printf(output, "%s", lt->name); + } else { + ldns_buffer_printf(output, "CLASS%d", klass); + } + return ldns_buffer_status(output); +} + +char * +ldns_rr_class2str(const ldns_rr_class klass) +{ + ldns_buffer *buf; + char *str; + + str = NULL; + buf = ldns_buffer_new(10); + if (ldns_rr_class2buffer_str(buf, klass) == LDNS_STATUS_OK) { + str = ldns_buffer2str(buf); + } + ldns_buffer_free(buf); + return str; +} + +ldns_status +ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* we could do checking (ie degrees < 90 etc)? */ + uint8_t version = ldns_rdf_data(rdf)[0]; + uint8_t size; + uint8_t horizontal_precision; + uint8_t vertical_precision; + uint32_t longitude; + uint32_t latitude; + uint32_t altitude; + char northerness; + char easterness; + uint32_t h; + uint32_t m; + double s; + + uint32_t equator = (uint32_t) ldns_power(2, 31); + + if (version == 0) { + size = ldns_rdf_data(rdf)[1]; + horizontal_precision = ldns_rdf_data(rdf)[2]; + vertical_precision = ldns_rdf_data(rdf)[3]; + + latitude = ldns_read_uint32(&ldns_rdf_data(rdf)[4]); + longitude = ldns_read_uint32(&ldns_rdf_data(rdf)[8]); + altitude = ldns_read_uint32(&ldns_rdf_data(rdf)[12]); + + if (latitude > equator) { + northerness = 'N'; + latitude = latitude - equator; + } else { + northerness = 'S'; + latitude = equator - latitude; + } + h = latitude / (1000 * 60 * 60); + latitude = latitude % (1000 * 60 * 60); + m = latitude / (1000 * 60); + latitude = latitude % (1000 * 60); + s = (double) latitude / 1000.0; + ldns_buffer_printf(output, "%02u %02u %0.3f %c ", + h, m, s, northerness); + + if (longitude > equator) { + easterness = 'E'; + longitude = longitude - equator; + } else { + easterness = 'W'; + longitude = equator - longitude; + } + h = longitude / (1000 * 60 * 60); + longitude = longitude % (1000 * 60 * 60); + m = longitude / (1000 * 60); + longitude = longitude % (1000 * 60); + s = (double) longitude / (1000.0); + ldns_buffer_printf(output, "%02u %02u %0.3f %c ", + h, m, s, easterness); + + + s = ((double) altitude) / 100; + s -= 100000; + + if(altitude%100 != 0) + ldns_buffer_printf(output, "%.2f", s); + else + ldns_buffer_printf(output, "%.0f", s); + + ldns_buffer_printf(output, "m "); + + loc_cm_print(output, (size & 0xf0) >> 4, size & 0x0f); + ldns_buffer_printf(output, "m "); + + loc_cm_print(output, (horizontal_precision & 0xf0) >> 4, + horizontal_precision & 0x0f); + ldns_buffer_printf(output, "m "); + + loc_cm_print(output, (vertical_precision & 0xf0) >> 4, + vertical_precision & 0x0f); + ldns_buffer_printf(output, "m "); + + return ldns_buffer_status(output); + } else { + return ldns_rdf2buffer_str_hex(output, rdf); + } +} + +ldns_status +ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf) +{ + ldns_buffer_printf(output, "\\# %u ", ldns_rdf_size(rdf)); + return ldns_rdf2buffer_str_hex(output, rdf); +} + +ldns_status +ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf) +{ + ldns_buffer_printf(output, "0x"); + return ldns_rdf2buffer_str_hex(output, rdf); +} + +ldns_status +ldns_rdf2buffer_str_atma(ldns_buffer *output, const ldns_rdf *rdf) +{ + return ldns_rdf2buffer_str_hex(output, rdf); +} + +ldns_status +ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* protocol, followed by bitmap of services */ + struct protoent *protocol; + char *proto_name = NULL; + uint8_t protocol_nr; + struct servent *service; + uint16_t current_service; + + protocol_nr = ldns_rdf_data(rdf)[0]; + protocol = getprotobynumber((int) protocol_nr); + if (protocol && (protocol->p_name != NULL)) { + proto_name = protocol->p_name; + ldns_buffer_printf(output, "%s ", protocol->p_name); + } else { + ldns_buffer_printf(output, "%u ", protocol_nr); + } + +#ifdef HAVE_ENDPROTOENT + endprotoent(); +#endif + + for (current_service = 0; + current_service < ldns_rdf_size(rdf) * 7; current_service++) { + if (ldns_get_bit(&(ldns_rdf_data(rdf)[1]), current_service)) { + service = getservbyport((int) htons(current_service), + proto_name); + if (service && service->s_name) { + ldns_buffer_printf(output, "%s ", service->s_name); + } else { + ldns_buffer_printf(output, "%u ", current_service); + } +#ifdef HAVE_ENDSERVENT + endservent(); +#endif + } + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* Note: this code is duplicated in higher.c in + * ldns_nsec_type_check() function + */ + uint8_t window_block_nr; + uint8_t bitmap_length; + uint16_t type; + uint16_t pos = 0; + uint16_t bit_pos; + uint8_t *data = ldns_rdf_data(rdf); + const ldns_rr_descriptor *descriptor; + + while(pos < ldns_rdf_size(rdf)) { + window_block_nr = data[pos]; + bitmap_length = data[pos + 1]; + pos += 2; + + for (bit_pos = 0; bit_pos < (bitmap_length) * 8; bit_pos++) { + if (ldns_get_bit(&data[pos], bit_pos)) { + type = 256 * (uint16_t) window_block_nr + bit_pos; + descriptor = ldns_rr_descript(type); + + if (descriptor && descriptor->_name) { + ldns_buffer_printf(output, "%s ", + descriptor->_name); + } else { + ldns_buffer_printf(output, "TYPE%u ", type); + } + } + } + + pos += (uint16_t) bitmap_length; + } + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_nsec3_salt(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint8_t salt_length; + uint8_t salt_pos; + + uint8_t *data = ldns_rdf_data(rdf); + size_t pos; + + salt_length = data[0]; + /* todo: length check needed/possible? */ + /* from now there are variable length entries so remember pos */ + pos = 1; + if (salt_length == 0) { + ldns_buffer_printf(output, "- "); + } else { + for (salt_pos = 0; salt_pos < salt_length; salt_pos++) { + ldns_buffer_printf(output, "%02x", data[1 + salt_pos]); + pos++; + } + ldns_buffer_printf(output, " "); + } + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* period is the number of seconds */ + uint32_t p = ldns_read_uint32(ldns_rdf_data(rdf)); + ldns_buffer_printf(output, "%u", p); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_tsigtime(ldns_buffer *output,const ldns_rdf *rdf) +{ + /* tsigtime is 48 bits network order unsigned integer */ + uint64_t tsigtime = 0; + uint8_t *data = ldns_rdf_data(rdf); + + if (ldns_rdf_size(rdf) != 6) { + return LDNS_STATUS_ERR; + } + + tsigtime = ldns_read_uint16(data); + tsigtime *= 65536; + tsigtime += ldns_read_uint16(data+2); + tsigtime *= 65536; + + ldns_buffer_printf(output, "%llu ", tsigtime); + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf) +{ + uint8_t *data = ldns_rdf_data(rdf); + uint16_t address_family = ldns_read_uint16(data); + uint8_t prefix = data[2]; + bool negation; + uint8_t adf_length; + unsigned short i; + unsigned int pos = 0; + + while (pos < (unsigned int) ldns_rdf_size(rdf)) { + address_family = ldns_read_uint16(&data[pos]); + prefix = data[pos + 2]; + negation = data[pos + 3] & LDNS_APL_NEGATION; + adf_length = data[pos + 3] & LDNS_APL_MASK; + if (address_family == LDNS_APL_IP4) { + /* check if prefix < 32? */ + if (negation) { + ldns_buffer_printf(output, "!"); + } + ldns_buffer_printf(output, "%u:", address_family); + /* address is variable length 0 - 4 */ + for (i = 0; i < 4; i++) { + if (i > 0) { + ldns_buffer_printf(output, "."); + } + if (i < (unsigned short) adf_length) { + ldns_buffer_printf(output, "%d", + data[pos + i + 4]); + } else { + ldns_buffer_printf(output, "0"); + } + } + ldns_buffer_printf(output, "/%u ", prefix); + } else if (address_family == LDNS_APL_IP6) { + /* check if prefix < 128? */ + if (negation) { + ldns_buffer_printf(output, "!"); + } + ldns_buffer_printf(output, "%u:", address_family); + /* address is variable length 0 - 16 */ + for (i = 0; i < 16; i++) { + if (i % 2 == 0 && i > 0) { + ldns_buffer_printf(output, ":"); + } + if (i < (unsigned short) adf_length) { + ldns_buffer_printf(output, "%02x", + data[pos + i + 4]); + } else { + ldns_buffer_printf(output, "00"); + } + } + ldns_buffer_printf(output, "/%u ", prefix); + + } else { + /* unknown address family */ + ldns_buffer_printf(output, "Unknown address family: %u data: ", + address_family); + for (i = 1; i < (unsigned short) (4 + adf_length); i++) { + ldns_buffer_printf(output, "%02x", data[i]); + } + } + pos += 4 + adf_length; + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* Subtract the size (2) of the number that specifies the length */ + size_t size = ldns_b64_ntop_calculate_size(ldns_rdf_size(rdf) - 2); + char *b64 = LDNS_XMALLOC(char, size); + + ldns_buffer_printf(output, "%u ", ldns_rdf_size(rdf) - 2); + + if (ldns_rdf_size(rdf) > 2 && + ldns_b64_ntop(ldns_rdf_data(rdf) + 2, + ldns_rdf_size(rdf) - 2, + b64, size)) { + ldns_buffer_printf(output, "%s", b64); + } + LDNS_FREE(b64); + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* wire format from + http://www.ietf.org/internet-drafts/draft-ietf-ipseckey-rr-12.txt + */ + uint8_t *data = ldns_rdf_data(rdf); + uint8_t precedence; + uint8_t gateway_type; + uint8_t algorithm; + + ldns_rdf *gateway = NULL; + uint8_t *gateway_data; + + size_t public_key_size; + uint8_t *public_key_data; + ldns_rdf *public_key; + + size_t offset = 0; + ldns_status status; + + precedence = data[0]; + gateway_type = data[1]; + algorithm = data[2]; + offset = 3; + + switch (gateway_type) { + case 0: + /* no gateway */ + break; + case 1: + gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP4ADDRLEN); + memcpy(gateway_data, &data[offset], LDNS_IP4ADDRLEN); + gateway = ldns_rdf_new(LDNS_RDF_TYPE_A, LDNS_IP4ADDRLEN , gateway_data); + offset += LDNS_IP4ADDRLEN; + break; + case 2: + gateway_data = LDNS_XMALLOC(uint8_t, LDNS_IP6ADDRLEN); + memcpy(gateway_data, &data[offset], LDNS_IP6ADDRLEN); + offset += LDNS_IP6ADDRLEN; + gateway = + ldns_rdf_new(LDNS_RDF_TYPE_AAAA, LDNS_IP6ADDRLEN, gateway_data); + break; + case 3: + status = ldns_wire2dname(&gateway, data, ldns_rdf_size(rdf), &offset); + break; + default: + /* error? */ + break; + } + + public_key_size = ldns_rdf_size(rdf) - offset; + public_key_data = LDNS_XMALLOC(uint8_t, public_key_size); + memcpy(public_key_data, &data[offset], public_key_size); + public_key = ldns_rdf_new(LDNS_RDF_TYPE_B64, public_key_size, public_key_data); + + ldns_buffer_printf(output, "%u %u %u ", precedence, gateway_type, algorithm); + if (gateway) + (void) ldns_rdf2buffer_str(output, gateway); + else + ldns_buffer_printf(output, "."); + ldns_buffer_printf(output, " "); + (void) ldns_rdf2buffer_str(output, public_key); + + ldns_rdf_free(gateway); + ldns_rdf_free(public_key); + + return ldns_buffer_status(output); +} + +ldns_status +ldns_rdf2buffer_str_tsig(ldns_buffer *output, const ldns_rdf *rdf) +{ + /* TSIG RRs have no presentation format, make them #size */ + return ldns_rdf2buffer_str_unknown(output, rdf); +} + + +ldns_status +ldns_rdf2buffer_str(ldns_buffer *buffer, const ldns_rdf *rdf) +{ + ldns_status res; + + /*ldns_buffer_printf(buffer, "%u:", ldns_rdf_get_type(rdf));*/ + if (rdf) { + switch(ldns_rdf_get_type(rdf)) { + case LDNS_RDF_TYPE_NONE: + break; + case LDNS_RDF_TYPE_DNAME: + res = ldns_rdf2buffer_str_dname(buffer, rdf); + break; + case LDNS_RDF_TYPE_INT8: + res = ldns_rdf2buffer_str_int8(buffer, rdf); + break; + case LDNS_RDF_TYPE_INT16: + res = ldns_rdf2buffer_str_int16(buffer, rdf); + break; + case LDNS_RDF_TYPE_INT32: + res = ldns_rdf2buffer_str_int32(buffer, rdf); + break; + case LDNS_RDF_TYPE_PERIOD: + res = ldns_rdf2buffer_str_period(buffer, rdf); + break; + case LDNS_RDF_TYPE_TSIGTIME: + res = ldns_rdf2buffer_str_tsigtime(buffer, rdf); + break; + case LDNS_RDF_TYPE_A: + res = ldns_rdf2buffer_str_a(buffer, rdf); + break; + case LDNS_RDF_TYPE_AAAA: + res = ldns_rdf2buffer_str_aaaa(buffer, rdf); + break; + case LDNS_RDF_TYPE_STR: + res = ldns_rdf2buffer_str_str(buffer, rdf); + break; + case LDNS_RDF_TYPE_APL: + res = ldns_rdf2buffer_str_apl(buffer, rdf); + break; + case LDNS_RDF_TYPE_B32_EXT: + res = ldns_rdf2buffer_str_b32_ext(buffer, rdf); + break; + case LDNS_RDF_TYPE_B64: + res = ldns_rdf2buffer_str_b64(buffer, rdf); + break; + case LDNS_RDF_TYPE_HEX: + res = ldns_rdf2buffer_str_hex(buffer, rdf); + break; + case LDNS_RDF_TYPE_NSEC: + res = ldns_rdf2buffer_str_nsec(buffer, rdf); + break; + case LDNS_RDF_TYPE_NSEC3_SALT: + res = ldns_rdf2buffer_str_nsec3_salt(buffer, rdf); + break; + case LDNS_RDF_TYPE_TYPE: + res = ldns_rdf2buffer_str_type(buffer, rdf); + break; + case LDNS_RDF_TYPE_CLASS: + res = ldns_rdf2buffer_str_class(buffer, rdf); + break; + case LDNS_RDF_TYPE_CERT_ALG: + res = ldns_rdf2buffer_str_cert_alg(buffer, rdf); + break; + case LDNS_RDF_TYPE_ALG: + res = ldns_rdf2buffer_str_alg(buffer, rdf); + break; + case LDNS_RDF_TYPE_UNKNOWN: + res = ldns_rdf2buffer_str_unknown(buffer, rdf); + break; + case LDNS_RDF_TYPE_TIME: + res = ldns_rdf2buffer_str_time(buffer, rdf); + break; + case LDNS_RDF_TYPE_LOC: + res = ldns_rdf2buffer_str_loc(buffer, rdf); + break; + case LDNS_RDF_TYPE_WKS: + case LDNS_RDF_TYPE_SERVICE: + res = ldns_rdf2buffer_str_wks(buffer, rdf); + break; + case LDNS_RDF_TYPE_NSAP: + res = ldns_rdf2buffer_str_nsap(buffer, rdf); + break; + case LDNS_RDF_TYPE_ATMA: + res = ldns_rdf2buffer_str_atma(buffer, rdf); + break; + case LDNS_RDF_TYPE_IPSECKEY: + res = ldns_rdf2buffer_str_ipseckey(buffer, rdf); + break; + case LDNS_RDF_TYPE_TSIG: + res = ldns_rdf2buffer_str_tsig(buffer, rdf); + break; + case LDNS_RDF_TYPE_INT16_DATA: + res = ldns_rdf2buffer_str_int16_data(buffer, rdf); + break; + case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: + res = ldns_rdf2buffer_str_b32_ext(buffer, rdf); + break; + } + } else { + ldns_buffer_printf(buffer, "(null) "); + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr) +{ + uint16_t i, flags; + ldns_status status = LDNS_STATUS_OK; + if (!rr) { + ldns_buffer_printf(output, "(null)\n"); + } else { + if (ldns_rr_owner(rr)) { + status = ldns_rdf2buffer_str_dname(output, ldns_rr_owner(rr)); + } + if (status != LDNS_STATUS_OK) { + return status; + } + + /* TTL should NOT be printed if it is a question */ + if (!ldns_rr_is_question(rr)) { + ldns_buffer_printf(output, "\t%d", ldns_rr_ttl(rr)); + } + + ldns_buffer_printf(output, "\t"); + status = ldns_rr_class2buffer_str(output, ldns_rr_get_class(rr)); + if (status != LDNS_STATUS_OK) { + return status; + } + ldns_buffer_printf(output, "\t"); + + status = ldns_rr_type2buffer_str(output, ldns_rr_get_type(rr)); + if (status != LDNS_STATUS_OK) { + return status; + } + + if (ldns_rr_rd_count(rr) > 0) { + ldns_buffer_printf(output, "\t"); + } else if (!ldns_rr_is_question(rr)) { + ldns_buffer_printf(output, "\t\\# 0"); + } + + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + status = ldns_rdf2buffer_str(output, ldns_rr_rdf(rr, i)); + if (i < ldns_rr_rd_count(rr) - 1) { + ldns_buffer_printf(output, " "); + } + } + /* per RR special comments - handy for DNSSEC types */ + /* check to prevent question sec. rr from + * getting here */ + if (ldns_rr_rd_count(rr) > 0) { + switch (ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_DNSKEY: + if (ldns_rr_rdf(rr, 0)) { + flags = ldns_rdf2native_int16(ldns_rr_rdf(rr, 0)); + if (flags == 256 || flags == 384) { + ldns_buffer_printf(output, + " ;{id = %d (zsk), size = %db}", + ldns_calc_keytag(rr), + ldns_rr_dnskey_key_size(rr)); + break; + } + if (flags == 257 || flags == 385) { + ldns_buffer_printf(output, + " ;{id = %d (ksk), size = %db}", + ldns_calc_keytag(rr), + ldns_rr_dnskey_key_size(rr)); + break; + } + ldns_buffer_printf(output, " ;{id = %d, size = %db}", + ldns_calc_keytag(rr), + ldns_rr_dnskey_key_size(rr)); + } + break; + case LDNS_RR_TYPE_RRSIG: + ldns_buffer_printf(output, " ;{id = %d}", + ldns_rdf2native_int16(ldns_rr_rdf(rr, 6))); + break; + case LDNS_RR_TYPE_DS: + { + uint8_t *data = ldns_rdf_data(ldns_rr_rdf(rr, 3)); + size_t len = ldns_rdf_size(ldns_rr_rdf(rr, 3)); + char *babble = ldns_bubblebabble(data, len); + ldns_buffer_printf(output, " ; %s", babble); + LDNS_FREE(babble); + } + break; + case LDNS_RR_TYPE_NSEC3: + if (ldns_nsec3_optout(rr)) { + ldns_buffer_printf(output, " ; flags: optout"); + } + break; + default: + break; + + } + } + /* last */ + ldns_buffer_printf(output, "\n"); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list) +{ + uint16_t i; + + for(i = 0; i < ldns_rr_list_rr_count(list); i++) { + (void) ldns_rr2buffer_str(output, ldns_rr_list_rr(list, i)); + } + return ldns_buffer_status(output); +} + +ldns_status +ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt) +{ + ldns_lookup_table *opcode = ldns_lookup_by_id(ldns_opcodes, + (int) ldns_pkt_get_opcode(pkt)); + ldns_lookup_table *rcode = ldns_lookup_by_id(ldns_rcodes, + (int) ldns_pkt_get_rcode(pkt)); + + ldns_buffer_printf(output, ";; ->>HEADER<<- "); + if (opcode) { + ldns_buffer_printf(output, "opcode: %s, ", opcode->name); + } else { + ldns_buffer_printf(output, "opcode: ?? (%u), ", + ldns_pkt_get_opcode(pkt)); + } + if (rcode) { + ldns_buffer_printf(output, "rcode: %s, ", rcode->name); + } else { + ldns_buffer_printf(output, "rcode: ?? (%u), ", ldns_pkt_get_rcode(pkt)); + } + ldns_buffer_printf(output, "id: %d\n", ldns_pkt_id(pkt)); + ldns_buffer_printf(output, ";; flags: "); + + if (ldns_pkt_qr(pkt)) { + ldns_buffer_printf(output, "qr "); + } + if (ldns_pkt_aa(pkt)) { + ldns_buffer_printf(output, "aa "); + } + if (ldns_pkt_tc(pkt)) { + ldns_buffer_printf(output, "tc "); + } + if (ldns_pkt_rd(pkt)) { + ldns_buffer_printf(output, "rd "); + } + if (ldns_pkt_cd(pkt)) { + ldns_buffer_printf(output, "cd "); + } + if (ldns_pkt_ra(pkt)) { + ldns_buffer_printf(output, "ra "); + } + if (ldns_pkt_ad(pkt)) { + ldns_buffer_printf(output, "ad "); + } + ldns_buffer_printf(output, "; "); + ldns_buffer_printf(output, "QUERY: %u, ", ldns_pkt_qdcount(pkt)); + ldns_buffer_printf(output, "ANSWER: %u, ", ldns_pkt_ancount(pkt)); + ldns_buffer_printf(output, "AUTHORITY: %u, ", ldns_pkt_nscount(pkt)); + ldns_buffer_printf(output, "ADDITIONAL: %u ", ldns_pkt_arcount(pkt)); + return ldns_buffer_status(output); +} + +ldns_status +ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt) +{ + uint16_t i; + ldns_status status = LDNS_STATUS_OK; + char *tmp; + struct timeval time; + time_t time_tt; + + if (!pkt) { + ldns_buffer_printf(output, "null"); + return LDNS_STATUS_OK; + } + + if (ldns_buffer_status_ok(output)) { + status = ldns_pktheader2buffer_str(output, pkt); + if (status != LDNS_STATUS_OK) { + return status; + } + + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, ";; QUESTION SECTION:\n;; "); + + + for (i = 0; i < ldns_pkt_qdcount(pkt); i++) { + status = ldns_rr2buffer_str(output, + ldns_rr_list_rr(ldns_pkt_question(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; + } + } + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, ";; ANSWER SECTION:\n"); + for (i = 0; i < ldns_pkt_ancount(pkt); i++) { + status = ldns_rr2buffer_str(output, + ldns_rr_list_rr(ldns_pkt_answer(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; + } + + } + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, ";; AUTHORITY SECTION:\n"); + + for (i = 0; i < ldns_pkt_nscount(pkt); i++) { + status = ldns_rr2buffer_str(output, + ldns_rr_list_rr(ldns_pkt_authority(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; + } + } + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, ";; ADDITIONAL SECTION:\n"); + for (i = 0; i < ldns_pkt_arcount(pkt); i++) { + status = ldns_rr2buffer_str(output, + ldns_rr_list_rr(ldns_pkt_additional(pkt), i)); + if (status != LDNS_STATUS_OK) { + return status; + } + + } + ldns_buffer_printf(output, "\n"); + /* add some futher fields */ + ldns_buffer_printf(output, ";; Query time: %d msec\n", + ldns_pkt_querytime(pkt)); + if (ldns_pkt_edns(pkt)) { + ldns_buffer_printf(output, + ";; EDNS: version %u; flags:", + ldns_pkt_edns_version(pkt)); + if (ldns_pkt_edns_do(pkt)) { + ldns_buffer_printf(output, " do"); + } + /* the extended rcode is the value set, shifted four bits, + * and or'd with the original rcode */ + if (ldns_pkt_edns_extended_rcode(pkt)) { + ldns_buffer_printf(output, " ; ext-rcode: %d", + (ldns_pkt_edns_extended_rcode(pkt) << 4 | ldns_pkt_get_rcode(pkt))); + } + ldns_buffer_printf(output, " ; udp: %u\n", + ldns_pkt_edns_udp_size(pkt)); + + if (ldns_pkt_edns_data(pkt)) { + ldns_buffer_printf(output, ";; Data: "); + (void)ldns_rdf2buffer_str(output, + ldns_pkt_edns_data(pkt)); + ldns_buffer_printf(output, "\n"); + } + } + if (ldns_pkt_tsig(pkt)) { + ldns_buffer_printf(output, ";; TSIG:\n;; "); + (void) ldns_rr2buffer_str(output, ldns_pkt_tsig(pkt)); + ldns_buffer_printf(output, "\n"); + } + if (ldns_pkt_answerfrom(pkt)) { + tmp = ldns_rdf2str(ldns_pkt_answerfrom(pkt)); + ldns_buffer_printf(output, ";; SERVER: %s\n", tmp); + LDNS_FREE(tmp); + } + time = ldns_pkt_timestamp(pkt); + time_tt = (time_t)time.tv_sec; + ldns_buffer_printf(output, ";; WHEN: %s", + (char*)ctime(&time_tt)); + + ldns_buffer_printf(output, ";; MSG SIZE rcvd: %d\n", + (int)ldns_pkt_size(pkt)); + } else { + return ldns_buffer_status(output); + } + return status; +} + +#ifdef HAVE_SSL +static ldns_status +ldns_hmac_key2buffer_str(ldns_buffer *output, const ldns_key *k) +{ + ldns_status status; + size_t i; + ldns_rdf *b64_bignum; + + ldns_buffer_printf(output, "Key: "); + + i = ldns_key_hmac_size(k); + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, ldns_key_hmac_key(k)); + status = ldns_rdf2buffer_str(output, b64_bignum); + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + return status; +} +#endif + +#if defined(HAVE_SSL) && defined(USE_GOST) +static ldns_status +ldns_gost_key2buffer_str(ldns_buffer *output, EVP_PKEY *p) +{ + unsigned char* pp = NULL; + int ret; + ldns_rdf *b64_bignum; + ldns_status status; + + ldns_buffer_printf(output, "GostAsn1: "); + + ret = i2d_PrivateKey(p, &pp); + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, ret, pp); + status = ldns_rdf2buffer_str(output, b64_bignum); + + ldns_rdf_deep_free(b64_bignum); + OPENSSL_free(pp); + ldns_buffer_printf(output, "\n"); + return status; +} +#endif + +ldns_status +ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k) +{ + ldns_status status = LDNS_STATUS_OK; + unsigned char *bignum; + +#ifdef HAVE_SSL + /* not used when ssl is not defined */ + ldns_rdf *b64_bignum = NULL; + uint16_t i; + + RSA *rsa; + DSA *dsa; +#endif /* HAVE_SSL */ + + if (!k) { + return LDNS_STATUS_ERR; + } + + bignum = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bignum) { + return LDNS_STATUS_ERR; + } + + if (ldns_buffer_status_ok(output)) { +#ifdef HAVE_SSL + switch(ldns_key_algorithm(k)) { + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: + case LDNS_SIGN_RSAMD5: + /* copied by looking at dnssec-keygen output */ + /* header */ + rsa = ldns_key_rsa_key(k); + + ldns_buffer_printf(output,"Private-key-format: v1.2\n"); + switch(ldns_key_algorithm(k)) { + case LDNS_SIGN_RSAMD5: + ldns_buffer_printf(output, + "Algorithm: %u (RSA)\n", + LDNS_RSAMD5); + break; + case LDNS_SIGN_RSASHA1: + ldns_buffer_printf(output, + "Algorithm: %u (RSASHA1)\n", + LDNS_RSASHA1); + break; + case LDNS_SIGN_RSASHA1_NSEC3: + ldns_buffer_printf(output, + "Algorithm: %u (RSASHA1_NSEC3)\n", + LDNS_RSASHA1_NSEC3); + break; +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + ldns_buffer_printf(output, + "Algorithm: %u (RSASHA256)\n", + LDNS_RSASHA256); + break; + case LDNS_SIGN_RSASHA512: + ldns_buffer_printf(output, + "Algorithm: %u (RSASHA512)\n", + LDNS_RSASHA512); + break; +#endif + default: + fprintf(stderr, "Warning: unknown signature "); + fprintf(stderr, + "algorithm type %u\n", + ldns_key_algorithm(k)); + ldns_buffer_printf(output, + "Algorithm: %u (Unknown)\n", + ldns_key_algorithm(k)); + break; + } + + /* print to buf, convert to bin, convert to b64, + * print to buf */ + ldns_buffer_printf(output, "Modulus: "); + i = (uint16_t)BN_bn2bin(rsa->n, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + ldns_buffer_printf(output, "PublicExponent: "); + i = (uint16_t)BN_bn2bin(rsa->e, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + + ldns_buffer_printf(output, "PrivateExponent: "); + if (rsa->d) { + i = (uint16_t)BN_bn2bin(rsa->d, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Prime1: "); + if (rsa->p) { + i = (uint16_t)BN_bn2bin(rsa->p, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Prime2: "); + if (rsa->q) { + i = (uint16_t)BN_bn2bin(rsa->q, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Exponent1: "); + if (rsa->dmp1) { + i = (uint16_t)BN_bn2bin(rsa->dmp1, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Exponent2: "); + if (rsa->dmq1) { + i = (uint16_t)BN_bn2bin(rsa->dmq1, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + ldns_buffer_printf(output, "Coefficient: "); + if (rsa->iqmp) { + i = (uint16_t)BN_bn2bin(rsa->iqmp, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + ldns_buffer_printf(output, "(Not available)\n"); + } + + RSA_free(rsa); + break; + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: + dsa = ldns_key_dsa_key(k); + + ldns_buffer_printf(output,"Private-key-format: v1.2\n"); + if (ldns_key_algorithm(k) == LDNS_SIGN_DSA) { + ldns_buffer_printf(output,"Algorithm: 3 (DSA)\n"); + } else if (ldns_key_algorithm(k) == LDNS_SIGN_DSA_NSEC3) { + ldns_buffer_printf(output,"Algorithm: 6 (DSA_NSEC3)\n"); + } + + /* print to buf, convert to bin, convert to b64, + * print to buf */ + ldns_buffer_printf(output, "Prime(p): "); + if (dsa->p) { + i = (uint16_t)BN_bn2bin(dsa->p, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + + ldns_buffer_printf(output, "Subprime(q): "); + if (dsa->q) { + i = (uint16_t)BN_bn2bin(dsa->q, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + + ldns_buffer_printf(output, "Base(g): "); + if (dsa->g) { + i = (uint16_t)BN_bn2bin(dsa->g, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + + ldns_buffer_printf(output, "Private_value(x): "); + if (dsa->priv_key) { + i = (uint16_t)BN_bn2bin(dsa->priv_key, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + + ldns_buffer_printf(output, "Public_value(y): "); + if (dsa->pub_key) { + i = (uint16_t)BN_bn2bin(dsa->pub_key, bignum); + if (i > LDNS_MAX_KEYLEN) { + goto error; + } + b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum); + if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) { + goto error; + } + ldns_rdf_deep_free(b64_bignum); + ldns_buffer_printf(output, "\n"); + } else { + printf("(Not available)\n"); + } + break; + case LDNS_SIGN_GOST: + /* no format defined, use blob */ +#if defined(HAVE_SSL) && defined(USE_GOST) + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: %d (GOST)\n", LDNS_SIGN_GOST); + status = ldns_gost_key2buffer_str(output, k->_key.key); +#endif + break; + case LDNS_SIGN_HMACMD5: + /* there's not much of a format defined for TSIG */ + /* It's just a binary blob, Same for all algorithms */ + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: 157 (HMAC_MD5)\n"); + status = ldns_hmac_key2buffer_str(output, k); + break; + case LDNS_SIGN_HMACSHA1: + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: 158 (HMAC_SHA1)\n"); + status = ldns_hmac_key2buffer_str(output, k); + break; + case LDNS_SIGN_HMACSHA256: + ldns_buffer_printf(output, "Private-key-format: v1.2\n"); + ldns_buffer_printf(output, "Algorithm: 159 (HMAC_SHA256)\n"); + status = ldns_hmac_key2buffer_str(output, k); + break; + } +#endif /* HAVE_SSL */ + } else { +#ifdef HAVE_SSL + LDNS_FREE(b64_bignum); +#endif + LDNS_FREE(bignum); + return ldns_buffer_status(output); + } + LDNS_FREE(bignum); + return status; + +#ifdef HAVE_SSL + /* compiles warn the label isn't used */ +error: + LDNS_FREE(bignum); + return LDNS_STATUS_ERR; +#endif /* HAVE_SSL */ + +} + +/* + * Zero terminate the buffer and fix it to the size of the string. + */ +char * +ldns_buffer2str(ldns_buffer *buffer) +{ + char *tmp_str; + char *str; + + /* check if buffer ends with \0, if not, and + if there is space, add it */ + if (*(ldns_buffer_at(buffer, ldns_buffer_position(buffer))) != 0) { + if (!ldns_buffer_reserve(buffer, 1)) { + return NULL; + } + ldns_buffer_write_u8(buffer, (uint8_t) '\0'); + if (!ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer))) { + return NULL; + } + } + + tmp_str = ldns_buffer_export(buffer); + str = LDNS_XMALLOC(char, strlen(tmp_str) + 1); + memcpy(str, tmp_str, strlen(tmp_str) + 1); + + return str; +} + +char * +ldns_rdf2str(const ldns_rdf *rdf) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MIN_BUFLEN); + + if (ldns_rdf2buffer_str(tmp_buffer, rdf) == LDNS_STATUS_OK) { + /* export and return string, destroy rest */ + result = ldns_buffer2str(tmp_buffer); + } + + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_rr2str(const ldns_rr *rr) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MIN_BUFLEN); + + if (ldns_rr2buffer_str(tmp_buffer, rr) == LDNS_STATUS_OK) { + /* export and return string, destroy rest */ + result = ldns_buffer2str(tmp_buffer); + } + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_pkt2str(const ldns_pkt *pkt) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + if (ldns_pkt2buffer_str(tmp_buffer, pkt) == LDNS_STATUS_OK) { + /* export and return string, destroy rest */ + result = ldns_buffer2str(tmp_buffer); + } + + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_key2str(const ldns_key *k) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MIN_BUFLEN); + if (ldns_key2buffer_str(tmp_buffer, k) == LDNS_STATUS_OK) { + /* export and return string, destroy rest */ + result = ldns_buffer2str(tmp_buffer); + } + ldns_buffer_free(tmp_buffer); + return result; +} + +char * +ldns_rr_list2str(const ldns_rr_list *list) +{ + char *result = NULL; + ldns_buffer *tmp_buffer = ldns_buffer_new(LDNS_MIN_BUFLEN); + + if (list) { + if (ldns_rr_list2buffer_str(tmp_buffer, list) == LDNS_STATUS_OK) { + } + } else { + ldns_buffer_printf(tmp_buffer, "(null)\n"); + } + + /* export and return string, destroy rest */ + result = ldns_buffer2str(tmp_buffer); + ldns_buffer_free(tmp_buffer); + return result; +} + +void +ldns_rdf_print(FILE *output, const ldns_rdf *rdf) +{ + char *str = ldns_rdf2str(rdf); + if (str) { + fprintf(output, "%s", str); + } else { + fprintf(output, "Unable to convert rdf to string\n"); + } + LDNS_FREE(str); +} + +void +ldns_rr_print(FILE *output, const ldns_rr *rr) +{ + char *str = ldns_rr2str(rr); + if (str) { + fprintf(output, "%s", str); + } else { + fprintf(output, "Unable to convert rr to string\n"); + } + LDNS_FREE(str); +} + +void +ldns_pkt_print(FILE *output, const ldns_pkt *pkt) +{ + char *str = ldns_pkt2str(pkt); + if (str) { + fprintf(output, "%s", str); + } else { + fprintf(output, "Unable to convert packet to string\n"); + } + LDNS_FREE(str); +} + +void +ldns_rr_list_print(FILE *output, const ldns_rr_list *lst) +{ + size_t i; + for (i = 0; i < ldns_rr_list_rr_count(lst); i++) { + ldns_rr_print(output, ldns_rr_list_rr(lst, i)); + } +} + +void +ldns_resolver_print(FILE *output, const ldns_resolver *r) +{ + uint16_t i; + ldns_rdf **n; + ldns_rdf **s; + size_t *rtt; + if (!r) { + return; + } + n = ldns_resolver_nameservers(r); + s = ldns_resolver_searchlist(r); + rtt = ldns_resolver_rtt(r); + + fprintf(output, "port: %d\n", (int)ldns_resolver_port(r)); + fprintf(output, "edns0 size: %d\n", (int)ldns_resolver_edns_udp_size(r)); + fprintf(output, "use ip6: %d\n", (int)ldns_resolver_ip6(r)); + + fprintf(output, "recursive: %d\n", ldns_resolver_recursive(r)); + fprintf(output, "usevc: %d\n", ldns_resolver_usevc(r)); + fprintf(output, "igntc: %d\n", ldns_resolver_igntc(r)); + fprintf(output, "fail: %d\n", ldns_resolver_fail(r)); + fprintf(output, "retry: %d\n", (int)ldns_resolver_retry(r)); + fprintf(output, "timeout: %d\n", (int)ldns_resolver_timeout(r).tv_sec); + + fprintf(output, "default domain: "); + ldns_rdf_print(output, ldns_resolver_domain(r)); + fprintf(output, "\n"); + + fprintf(output, "searchlist:\n"); + for (i = 0; i < ldns_resolver_searchlist_count(r); i++) { + fprintf(output, "\t"); + ldns_rdf_print(output, s[i]); + fprintf(output, "\n"); + } + + fprintf(output, "nameservers:\n"); + for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { + fprintf(output, "\t"); + ldns_rdf_print(output, n[i]); + + switch ((int)rtt[i]) { + case LDNS_RESOLV_RTT_MIN: + fprintf(output, " - reachable\n"); + break; + case LDNS_RESOLV_RTT_INF: + fprintf(output, " - unreachable\n"); + break; + } + } +} + +void +ldns_zone_print(FILE *output, const ldns_zone *z) +{ + if(ldns_zone_soa(z)) + ldns_rr_print(output, ldns_zone_soa(z)); + ldns_rr_list_print(output, ldns_zone_rrs(z)); +} diff --git a/contrib/ldns/host2wire.c b/contrib/ldns/host2wire.c new file mode 100644 index 0000000000..c1f0f0dc5d --- /dev/null +++ b/contrib/ldns/host2wire.c @@ -0,0 +1,414 @@ +/* + * host2wire.c + * + * conversion routines from the host to the wire format. + * This will usually just a re-ordering of the + * data (as we store it in network format) + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +/* TODO Jelte + add a pointer to a 'possiblecompression' structure + to all the needed functions? + something like an array of name, pointer values? + every dname part could be added to it +*/ + +ldns_status +ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name) +{ + if (ldns_buffer_reserve(buffer, ldns_rdf_size(name))) { + ldns_buffer_write(buffer, ldns_rdf_data(name), ldns_rdf_size(name)); + } + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rdf2buffer_wire(ldns_buffer *buffer, const ldns_rdf *rdf) +{ + if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { + ldns_buffer_write(buffer, ldns_rdf_data(rdf), ldns_rdf_size(rdf)); + } + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rdf2buffer_wire_canonical(ldns_buffer *buffer, const ldns_rdf *rdf) +{ + size_t i; + uint8_t *rdf_data; + + if (ldns_rdf_get_type(rdf) == LDNS_RDF_TYPE_DNAME) { + if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { + rdf_data = ldns_rdf_data(rdf); + for (i = 0; i < ldns_rdf_size(rdf); i++) { + ldns_buffer_write_u8(buffer, + (uint8_t) LDNS_DNAME_NORMALIZE((int)rdf_data[i])); + } + } + } else { + /* direct copy for all other types */ + if (ldns_buffer_reserve(buffer, ldns_rdf_size(rdf))) { + ldns_buffer_write(buffer, + ldns_rdf_data(rdf), + ldns_rdf_size(rdf)); + } + } + return ldns_buffer_status(buffer); +} + +/* convert a rr list to wireformat */ +ldns_status +ldns_rr_list2buffer_wire(ldns_buffer *buffer,const ldns_rr_list *rr_list) +{ + uint16_t rr_count; + uint16_t i; + + rr_count = ldns_rr_list_rr_count(rr_list); + for(i = 0; i < rr_count; i++) { + (void)ldns_rr2buffer_wire(buffer, ldns_rr_list_rr(rr_list, i), + LDNS_SECTION_ANY); + } + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rr2buffer_wire_canonical(ldns_buffer *buffer, + const ldns_rr *rr, + int section) +{ + uint16_t i; + uint16_t rdl_pos = 0; + bool pre_rfc3597 = false; + switch (ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_NS: + case LDNS_RR_TYPE_MD: + case LDNS_RR_TYPE_MF: + case LDNS_RR_TYPE_CNAME: + case LDNS_RR_TYPE_SOA: + case LDNS_RR_TYPE_MB: + case LDNS_RR_TYPE_MG: + case LDNS_RR_TYPE_MR: + case LDNS_RR_TYPE_PTR: + case LDNS_RR_TYPE_HINFO: + case LDNS_RR_TYPE_MINFO: + case LDNS_RR_TYPE_MX: + case LDNS_RR_TYPE_RP: + case LDNS_RR_TYPE_AFSDB: + case LDNS_RR_TYPE_RT: + case LDNS_RR_TYPE_SIG: + case LDNS_RR_TYPE_PX: + case LDNS_RR_TYPE_NXT: + case LDNS_RR_TYPE_NAPTR: + case LDNS_RR_TYPE_KX: + case LDNS_RR_TYPE_SRV: + case LDNS_RR_TYPE_DNAME: + case LDNS_RR_TYPE_A6: + pre_rfc3597 = true; + break; + default: + break; + } + + if (ldns_rr_owner(rr)) { + (void) ldns_rdf2buffer_wire_canonical(buffer, ldns_rr_owner(rr)); + } + + if (ldns_buffer_reserve(buffer, 4)) { + (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr)); + (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr)); + } + + if (section != LDNS_SECTION_QUESTION) { + if (ldns_buffer_reserve(buffer, 6)) { + ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr)); + /* remember pos for later */ + rdl_pos = ldns_buffer_position(buffer); + ldns_buffer_write_u16(buffer, 0); + } + + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + if (pre_rfc3597) { + (void) ldns_rdf2buffer_wire_canonical(buffer, + ldns_rr_rdf(rr, i)); + } else { + (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i)); + } + } + + if (rdl_pos != 0) { + ldns_buffer_write_u16_at(buffer, rdl_pos, + ldns_buffer_position(buffer) + - rdl_pos - 2); + } + } + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section) +{ + uint16_t i; + uint16_t rdl_pos = 0; + + if (ldns_rr_owner(rr)) { + (void) ldns_dname2buffer_wire(buffer, ldns_rr_owner(rr)); + } + + if (ldns_buffer_reserve(buffer, 4)) { + (void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr)); + (void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr)); + } + + if (section != LDNS_SECTION_QUESTION) { + if (ldns_buffer_reserve(buffer, 6)) { + ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr)); + /* remember pos for later */ + rdl_pos = ldns_buffer_position(buffer); + ldns_buffer_write_u16(buffer, 0); + } + + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i)); + } + + if (rdl_pos != 0) { + ldns_buffer_write_u16_at(buffer, rdl_pos, + ldns_buffer_position(buffer) + - rdl_pos - 2); + } + } + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rrsig2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr) +{ + uint16_t i; + + /* it must be a sig RR */ + if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) { + return LDNS_STATUS_ERR; + } + + /* Convert all the rdfs, except the actual signature data + * rdf number 8 - the last, hence: -1 */ + for (i = 0; i < ldns_rr_rd_count(rr) - 1; i++) { + if (ldns_rr_rdf(rr, i)) { + (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i)); + } + } + + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_rr_rdata2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr) +{ + uint16_t i; + /* convert all the rdf's */ + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + (void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i)); + } + + return ldns_buffer_status(buffer); +} + +/* + * Copies the packet header data to the buffer in wire format + */ +static ldns_status +ldns_hdr2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet) +{ + uint8_t flags; + uint16_t arcount; + + if (ldns_buffer_reserve(buffer, 12)) { + ldns_buffer_write_u16(buffer, ldns_pkt_id(packet)); + + flags = ldns_pkt_qr(packet) << 7 + | ldns_pkt_get_opcode(packet) << 3 + | ldns_pkt_aa(packet) << 2 + | ldns_pkt_tc(packet) << 1 | ldns_pkt_rd(packet); + ldns_buffer_write_u8(buffer, flags); + + flags = ldns_pkt_ra(packet) << 7 + /*| ldns_pkt_z(packet) << 6*/ + | ldns_pkt_ad(packet) << 5 + | ldns_pkt_cd(packet) << 4 | ldns_pkt_get_rcode(packet); + ldns_buffer_write_u8(buffer, flags); + + ldns_buffer_write_u16(buffer, ldns_pkt_qdcount(packet)); + ldns_buffer_write_u16(buffer, ldns_pkt_ancount(packet)); + ldns_buffer_write_u16(buffer, ldns_pkt_nscount(packet)); + /* add EDNS0 and TSIG to additional if they are there */ + arcount = ldns_pkt_arcount(packet); + if (ldns_pkt_tsig(packet)) { + arcount++; + } + if (ldns_pkt_edns(packet)) { + arcount++; + } + ldns_buffer_write_u16(buffer, arcount); + } + + return ldns_buffer_status(buffer); +} + +ldns_status +ldns_pkt2buffer_wire(ldns_buffer *buffer, const ldns_pkt *packet) +{ + ldns_rr_list *rr_list; + uint16_t i; + + /* edns tmp vars */ + ldns_rr *edns_rr; + uint8_t edata[4]; + + (void) ldns_hdr2buffer_wire(buffer, packet); + + rr_list = ldns_pkt_question(packet); + if (rr_list) { + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + (void) ldns_rr2buffer_wire(buffer, + ldns_rr_list_rr(rr_list, i), LDNS_SECTION_QUESTION); + } + } + rr_list = ldns_pkt_answer(packet); + if (rr_list) { + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + (void) ldns_rr2buffer_wire(buffer, + ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ANSWER); + } + } + rr_list = ldns_pkt_authority(packet); + if (rr_list) { + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + (void) ldns_rr2buffer_wire(buffer, + ldns_rr_list_rr(rr_list, i), LDNS_SECTION_AUTHORITY); + } + } + rr_list = ldns_pkt_additional(packet); + if (rr_list) { + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + (void) ldns_rr2buffer_wire(buffer, + ldns_rr_list_rr(rr_list, i), LDNS_SECTION_ADDITIONAL); + } + } + + /* add EDNS to additional if it is needed */ + if (ldns_pkt_edns(packet)) { + edns_rr = ldns_rr_new(); + ldns_rr_set_owner(edns_rr, + ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, ".")); + ldns_rr_set_type(edns_rr, LDNS_RR_TYPE_OPT); + ldns_rr_set_class(edns_rr, ldns_pkt_edns_udp_size(packet)); + edata[0] = ldns_pkt_edns_extended_rcode(packet); + edata[1] = ldns_pkt_edns_version(packet); + ldns_write_uint16(&edata[2], ldns_pkt_edns_z(packet)); + ldns_rr_set_ttl(edns_rr, ldns_read_uint32(edata)); + /* don't forget to add the edns rdata (if any) */ + if (packet->_edns_data) + ldns_rr_push_rdf (edns_rr, packet->_edns_data); + (void)ldns_rr2buffer_wire(buffer, edns_rr, LDNS_SECTION_ADDITIONAL); + /* take the edns rdata back out of the rr before we free rr */ + if (packet->_edns_data) + ldns_rr_pop_rdf (edns_rr); + ldns_rr_free(edns_rr); + } + + /* add TSIG to additional if it is there */ + if (ldns_pkt_tsig(packet)) { + (void) ldns_rr2buffer_wire(buffer, + ldns_pkt_tsig(packet), LDNS_SECTION_ADDITIONAL); + } + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *result_size) +{ + ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + uint8_t *result = NULL; + ldns_status status; + *result_size = 0; + *dest = NULL; + + status = ldns_rdf2buffer_wire(buffer, rdf); + if (status == LDNS_STATUS_OK) { + *result_size = ldns_buffer_position(buffer); + result = (uint8_t *) ldns_buffer_export(buffer); + } else { + return status; + } + + if (result) { + *dest = LDNS_XMALLOC(uint8_t, ldns_buffer_position(buffer)); + memcpy(*dest, result, ldns_buffer_position(buffer)); + } + + ldns_buffer_free(buffer); + return status; +} + +ldns_status +ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *result_size) +{ + ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + uint8_t *result = NULL; + ldns_status status; + *result_size = 0; + *dest = NULL; + + status = ldns_rr2buffer_wire(buffer, rr, section); + if (status == LDNS_STATUS_OK) { + *result_size = ldns_buffer_position(buffer); + result = (uint8_t *) ldns_buffer_export(buffer); + } else { + return status; + } + + if (result) { + *dest = LDNS_XMALLOC(uint8_t, ldns_buffer_position(buffer)); + memcpy(*dest, result, ldns_buffer_position(buffer)); + } + + ldns_buffer_free(buffer); + return status; +} + +ldns_status +ldns_pkt2wire(uint8_t **dest, const ldns_pkt *packet, size_t *result_size) +{ + ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + uint8_t *result = NULL; + ldns_status status; + *result_size = 0; + *dest = NULL; + + status = ldns_pkt2buffer_wire(buffer, packet); + if (status == LDNS_STATUS_OK) { + *result_size = ldns_buffer_position(buffer); + result = (uint8_t *) ldns_buffer_export(buffer); + } else { + return status; + } + + if (result) { + *dest = LDNS_XMALLOC(uint8_t, ldns_buffer_position(buffer)); + memcpy(*dest, result, ldns_buffer_position(buffer)); + } + + ldns_buffer_free(buffer); + return status; +} diff --git a/contrib/ldns/keys.c b/contrib/ldns/keys.c new file mode 100644 index 0000000000..4d03542460 --- /dev/null +++ b/contrib/ldns/keys.c @@ -0,0 +1,1373 @@ +/* + * keys.c handle private keys for use in DNSSEC + * + * This module should hide some of the openSSL complexities + * and give a general interface for private keys and hmac + * handling + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_SSL +#include +#include +#include +#endif /* HAVE_SSL */ + +ldns_lookup_table ldns_signing_algorithms[] = { + { LDNS_SIGN_RSAMD5, "RSAMD5" }, + { LDNS_SIGN_RSASHA1, "RSASHA1" }, + { LDNS_SIGN_RSASHA1_NSEC3, "RSASHA1_NSEC3" }, +#ifdef USE_SHA2 + { LDNS_SIGN_RSASHA256, "RSASHA256" }, + { LDNS_SIGN_RSASHA512, "RSASHA512" }, +#endif +#ifdef USE_GOST + { LDNS_SIGN_GOST, "GOST" }, +#endif + { LDNS_SIGN_DSA, "DSA" }, + { LDNS_SIGN_DSA_NSEC3, "DSA_NSEC3" }, + { LDNS_SIGN_HMACMD5, "hmac-md5.sig-alg.reg.int" }, + { LDNS_SIGN_HMACSHA1, "hmac-sha1" }, + { LDNS_SIGN_HMACSHA256, "hmac-sha256" }, + { 0, NULL } +}; + +ldns_key_list * +ldns_key_list_new() +{ + ldns_key_list *key_list = LDNS_MALLOC(ldns_key_list); + if (!key_list) { + return NULL; + } else { + key_list->_key_count = 0; + key_list->_keys = NULL; + return key_list; + } +} + +ldns_key * +ldns_key_new() +{ + ldns_key *newkey; + + newkey = LDNS_MALLOC(ldns_key); + if (!newkey) { + return NULL; + } else { + /* some defaults - not sure wether to do this */ + ldns_key_set_use(newkey, true); + ldns_key_set_flags(newkey, LDNS_KEY_ZONE_KEY); + ldns_key_set_origttl(newkey, 0); + ldns_key_set_keytag(newkey, 0); + ldns_key_set_inception(newkey, 0); + ldns_key_set_expiration(newkey, 0); + ldns_key_set_pubkey_owner(newkey, NULL); +#ifdef HAVE_SSL + ldns_key_set_evp_key(newkey, NULL); +#endif /* HAVE_SSL */ + ldns_key_set_hmac_key(newkey, NULL); + ldns_key_set_external_key(newkey, NULL); + return newkey; + } +} + +ldns_status +ldns_key_new_frm_fp(ldns_key **k, FILE *fp) +{ + return ldns_key_new_frm_fp_l(k, fp, NULL); +} + +#ifdef HAVE_SSL +ldns_status +ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm alg) +{ + ldns_key *k; + + k = ldns_key_new(); + k->_key.key = ENGINE_load_private_key(e, key_id, UI_OpenSSL(), NULL); + ldns_key_set_algorithm(k, (ldns_signing_algorithm) alg); + if (!k->_key.key) { + return LDNS_STATUS_ENGINE_KEY_NOT_LOADED; + } else { + *key = k; + return LDNS_STATUS_OK; + } +} +#endif + +#ifdef USE_GOST +int +ldns_key_EVP_load_gost_id(void) +{ + static int gost_id = 0; + const EVP_PKEY_ASN1_METHOD* meth; + ENGINE* e; + + if(gost_id) return gost_id; + + /* see if configuration loaded gost implementation from other engine*/ + meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); + if(meth) { + EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); + return gost_id; + } + + /* see if engine can be loaded already */ + e = ENGINE_by_id("gost"); + if(!e) { + /* load it ourself, in case statically linked */ + ENGINE_load_builtin_engines(); + ENGINE_load_dynamic(); + e = ENGINE_by_id("gost"); + } + if(!e) { + /* no gost engine in openssl */ + return 0; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + ENGINE_finish(e); + ENGINE_free(e); + return 0; + } + + meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); + ENGINE_finish(e); + ENGINE_free(e); + if(!meth) { + /* algo not found */ + return 0; + } + + EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); + return gost_id; +} + +/** read GOST private key */ +static EVP_PKEY* +ldns_key_new_frm_fp_gost_l(FILE* fp, int* line_nr) +{ + char token[16384]; + const unsigned char* pp; + int gost_id; + EVP_PKEY* pkey; + ldns_rdf* b64rdf = NULL; + + gost_id = ldns_key_EVP_load_gost_id(); + if(!gost_id) + return NULL; + + if (ldns_fget_keyword_data_l(fp, "GostAsn1", ": ", token, "\n", + sizeof(token), line_nr) == -1) + return NULL; + while(strlen(token) < 96) { + /* read more b64 from the file, b64 split on multiple lines */ + if(ldns_fget_token_l(fp, token+strlen(token), "\n", + sizeof(token)-strlen(token), line_nr) == -1) + return NULL; + } + if(ldns_str2rdf_b64(&b64rdf, token) != LDNS_STATUS_OK) + return NULL; + pp = (unsigned char*)ldns_rdf_data(b64rdf); + pkey = d2i_PrivateKey(gost_id, NULL, &pp, ldns_rdf_size(b64rdf)); + ldns_rdf_deep_free(b64rdf); + return pkey; +} +#endif + +ldns_status +ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr) +{ + ldns_key *k; + char *d; + ldns_signing_algorithm alg; + ldns_rr *key_rr; +#ifdef HAVE_SSL + RSA *rsa; + DSA *dsa; + unsigned char *hmac; + size_t hmac_size; +#endif /* HAVE_SSL */ + + k = ldns_key_new(); + + d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); + if (!k || !d) { + return LDNS_STATUS_MEM_ERR; + } + + alg = 0; + + /* the file is highly structured. Do this in sequence */ + /* RSA: + * Private-key-format: v1.2 + * Algorithm: 1 (RSA) + + */ + /* get the key format version number */ + if (ldns_fget_keyword_data_l(fp, "Private-key-format", ": ", d, "\n", + LDNS_MAX_LINELEN, line_nr) == -1) { + /* no version information */ + return LDNS_STATUS_SYNTAX_ERR; + } + if (strncmp(d, "v1.2", strlen(d)) != 0) { + return LDNS_STATUS_SYNTAX_VERSION_ERR; + } + + /* get the algorithm type, our file function strip ( ) so there are + * not in the return string! */ + if (ldns_fget_keyword_data_l(fp, "Algorithm", ": ", d, "\n", + LDNS_MAX_LINELEN, line_nr) == -1) { + /* no alg information */ + return LDNS_STATUS_SYNTAX_ALG_ERR; + } + + if (strncmp(d, "1 RSA", 2) == 0) { + alg = LDNS_SIGN_RSAMD5; + } + if (strncmp(d, "2 DH", 2) == 0) { + alg = (ldns_signing_algorithm)LDNS_DH; + } + if (strncmp(d, "3 DSA", 2) == 0) { + alg = LDNS_SIGN_DSA; + } + if (strncmp(d, "4 ECC", 2) == 0) { + alg = (ldns_signing_algorithm)LDNS_ECC; + } + if (strncmp(d, "5 RSASHA1", 2) == 0) { + alg = LDNS_SIGN_RSASHA1; + } + if (strncmp(d, "6 DSA", 2) == 0) { + alg = LDNS_SIGN_DSA_NSEC3; + } + if (strncmp(d, "7 RSASHA1", 2) == 0) { + alg = LDNS_SIGN_RSASHA1_NSEC3; + } + + if (strncmp(d, "8 RSASHA256", 2) == 0) { +#ifdef USE_SHA2 + alg = LDNS_SIGN_RSASHA256; +#else + fprintf(stderr, "Warning: SHA256 not compiled into this "); + fprintf(stderr, "version of ldns\n"); +#endif + } + if (strncmp(d, "10 RSASHA512", 3) == 0) { +#ifdef USE_SHA2 + alg = LDNS_SIGN_RSASHA512; +#else + fprintf(stderr, "Warning: SHA512 not compiled into this "); + fprintf(stderr, "version of ldns\n"); +#endif + } + if (strncmp(d, "249 GOST", 4) == 0) { +#ifdef USE_GOST + alg = LDNS_SIGN_GOST; +#else + fprintf(stderr, "Warning: GOST not compiled into this "); + fprintf(stderr, "version of ldns\n"); +#endif + } + if (strncmp(d, "157 HMAC-MD5", 4) == 0) { + alg = LDNS_SIGN_HMACMD5; + } + if (strncmp(d, "158 HMAC-SHA1", 4) == 0) { + alg = LDNS_SIGN_HMACSHA1; + } + if (strncmp(d, "159 HMAC-SHA256", 4) == 0) { + alg = LDNS_SIGN_HMACSHA256; + } + + LDNS_FREE(d); + + switch(alg) { + case LDNS_SIGN_RSAMD5: + case LDNS_SIGN_RSASHA1: + case LDNS_RSASHA1_NSEC3: +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: +#endif + ldns_key_set_algorithm(k, alg); +#ifdef HAVE_SSL + rsa = ldns_key_new_frm_fp_rsa_l(fp, line_nr); + if (!rsa) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } + ldns_key_set_rsa_key(k, rsa); + RSA_free(rsa); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_DSA: + case LDNS_DSA_NSEC3: + ldns_key_set_algorithm(k, alg); +#ifdef HAVE_SSL + dsa = ldns_key_new_frm_fp_dsa_l(fp, line_nr); + if (!dsa) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } + ldns_key_set_dsa_key(k, dsa); + DSA_free(dsa); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_HMACMD5: + case LDNS_SIGN_HMACSHA1: + case LDNS_SIGN_HMACSHA256: + ldns_key_set_algorithm(k, alg); +#ifdef HAVE_SSL + hmac = ldns_key_new_frm_fp_hmac_l(fp, line_nr, &hmac_size); + if (!hmac) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } + ldns_key_set_hmac_size(k, hmac_size); + ldns_key_set_hmac_key(k, hmac); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_GOST: + ldns_key_set_algorithm(k, alg); +#if defined(HAVE_SSL) && defined(USE_GOST) + ldns_key_set_evp_key(k, + ldns_key_new_frm_fp_gost_l(fp, line_nr)); + if(!k->_key.key) { + ldns_key_free(k); + return LDNS_STATUS_ERR; + } +#endif + break; + case 0: + default: + return LDNS_STATUS_SYNTAX_ALG_ERR; + break; + } + key_rr = ldns_key2rr(k); + ldns_key_set_keytag(k, ldns_calc_keytag(key_rr)); + ldns_rr_free(key_rr); + + if (key) { + *key = k; + return LDNS_STATUS_OK; + } + return LDNS_STATUS_ERR; +} + +#ifdef HAVE_SSL +RSA * +ldns_key_new_frm_fp_rsa(FILE *f) +{ + return ldns_key_new_frm_fp_rsa_l(f, NULL); +} + +RSA * +ldns_key_new_frm_fp_rsa_l(FILE *f, int *line_nr) +{ + /* we parse + * Modulus: + * PublicExponent: + * PrivateExponent: + * Prime1: + * Prime2: + * Exponent1: + * Exponent2: + * Coefficient: + * + * man 3 RSA: + * + * struct + * { + * BIGNUM *n; // public modulus + * BIGNUM *e; // public exponent + * BIGNUM *d; // private exponent + * BIGNUM *p; // secret prime factor + * BIGNUM *q; // secret prime factor + * BIGNUM *dmp1; // d mod (p-1) + * BIGNUM *dmq1; // d mod (q-1) + * BIGNUM *iqmp; // q^-1 mod p + * // ... + * + */ + char *d; + RSA *rsa; + uint8_t *buf; + int i; + + d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); + buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN); + rsa = RSA_new(); + if (!d || !rsa || !buf) { + return NULL; + } + + /* I could use functions again, but that seems an overkill, + * allthough this also looks tedious + */ + + /* Modules, rsa->n */ + if (ldns_fget_keyword_data_l(f, "Modulus", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->n = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->n) { + goto error; + } + + /* PublicExponent, rsa->e */ + if (ldns_fget_keyword_data_l(f, "PublicExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->e = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->e) { + goto error; + } + + /* PrivateExponent, rsa->d */ + if (ldns_fget_keyword_data_l(f, "PrivateExponent", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->d = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->d) { + goto error; + } + + /* Prime1, rsa->p */ + if (ldns_fget_keyword_data_l(f, "Prime1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->p) { + goto error; + } + + /* Prime2, rsa->q */ + if (ldns_fget_keyword_data_l(f, "Prime2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->q) { + goto error; + } + + /* Exponent1, rsa->dmp1 */ + if (ldns_fget_keyword_data_l(f, "Exponent1", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->dmp1 = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->dmp1) { + goto error; + } + + /* Exponent2, rsa->dmq1 */ + if (ldns_fget_keyword_data_l(f, "Exponent2", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->dmq1 = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->dmq1) { + goto error; + } + + /* Coefficient, rsa->iqmp */ + if (ldns_fget_keyword_data_l(f, "Coefficient", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + rsa->iqmp = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!rsa->iqmp) { + goto error; + } + + LDNS_FREE(buf); + LDNS_FREE(d); + return rsa; + +error: + RSA_free(rsa); + LDNS_FREE(d); + LDNS_FREE(buf); + return NULL; +} + +DSA * +ldns_key_new_frm_fp_dsa(FILE *f) +{ + return ldns_key_new_frm_fp_dsa_l(f, NULL); +} + +DSA * +ldns_key_new_frm_fp_dsa_l(FILE *f, int *line_nr) +{ + int i; + char *d; + DSA *dsa; + uint8_t *buf; + + line_nr = line_nr; + + d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); + buf = LDNS_XMALLOC(uint8_t, LDNS_MAX_LINELEN); + dsa = DSA_new(); + if (!d || !dsa) { + return NULL; + } + + /* the line parser removes the () from the input... */ + + /* Prime, dsa->p */ + if (ldns_fget_keyword_data_l(f, "Primep", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->p = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->p) { + goto error; + } + + /* Subprime, dsa->q */ + if (ldns_fget_keyword_data_l(f, "Subprimeq", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->q = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->q) { + goto error; + } + + /* Base, dsa->g */ + if (ldns_fget_keyword_data_l(f, "Baseg", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->g = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->g) { + goto error; + } + + /* Private key, dsa->priv_key */ + if (ldns_fget_keyword_data_l(f, "Private_valuex", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->priv_key = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->priv_key) { + goto error; + } + + /* Public key, dsa->priv_key */ + if (ldns_fget_keyword_data_l(f, "Public_valuey", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = ldns_b64_pton((const char*)d, buf, ldns_b64_ntop_calculate_size(strlen(d))); + dsa->pub_key = BN_bin2bn((const char unsigned*)buf, i, NULL); + if (!dsa->pub_key) { + goto error; + } + + LDNS_FREE(buf); + LDNS_FREE(d); + + return dsa; + +error: + LDNS_FREE(d); + LDNS_FREE(buf); + return NULL; +} + +unsigned char * +ldns_key_new_frm_fp_hmac(FILE *f, size_t *hmac_size) +{ + return ldns_key_new_frm_fp_hmac_l(f, NULL, hmac_size); +} + +unsigned char * +ldns_key_new_frm_fp_hmac_l(FILE *f, int *line_nr, size_t *hmac_size) +{ + size_t i; + char *d; + unsigned char *buf; + + line_nr = line_nr; + + d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN); + buf = LDNS_XMALLOC(unsigned char, LDNS_MAX_LINELEN); + + if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) { + goto error; + } + i = (size_t) ldns_b64_pton((const char*)d, + buf, + ldns_b64_ntop_calculate_size(strlen(d))); + + *hmac_size = i; + return buf; + + error: + LDNS_FREE(d); + LDNS_FREE(buf); + *hmac_size = 0; + return NULL; +} +#endif /* HAVE_SSL */ + +#ifdef USE_GOST +static EVP_PKEY* +ldns_gen_gost_key(void) +{ + EVP_PKEY_CTX* ctx; + EVP_PKEY* p = NULL; + int gost_id = ldns_key_EVP_load_gost_id(); + if(!gost_id) + return NULL; + ctx = EVP_PKEY_CTX_new_id(gost_id, NULL); + if(!ctx) { + /* the id should be available now */ + return NULL; + } + if(EVP_PKEY_CTX_ctrl_str(ctx, "paramset", "A") <= 0) { + /* cannot set paramset */ + EVP_PKEY_CTX_free(ctx); + return NULL; + } + + if(EVP_PKEY_keygen_init(ctx) <= 0) { + EVP_PKEY_CTX_free(ctx); + return NULL; + } + if(EVP_PKEY_keygen(ctx, &p) <= 0) { + EVP_PKEY_free(p); + EVP_PKEY_CTX_free(ctx); + return NULL; + } + EVP_PKEY_CTX_free(ctx); + return p; +} +#endif + +ldns_key * +ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size) +{ + ldns_key *k; +#ifdef HAVE_SSL + DSA *d; + RSA *r; +#else + int i; + uint16_t offset = 0; +#endif + unsigned char *hmac; + + k = ldns_key_new(); + if (!k) { + return NULL; + } + switch(alg) { + case LDNS_SIGN_RSAMD5: + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: +#ifdef HAVE_SSL + r = RSA_generate_key((int)size, RSA_F4, NULL, NULL); + if (RSA_check_key(r) != 1) { + return NULL; + } + + ldns_key_set_rsa_key(k, r); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: +#ifdef HAVE_SSL + d = DSA_generate_parameters((int)size, NULL, 0, NULL, NULL, NULL, NULL); + if (!d) { + return NULL; + } + if (DSA_generate_key(d) != 1) { + return NULL; + } + ldns_key_set_dsa_key(k, d); +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_HMACMD5: + case LDNS_SIGN_HMACSHA1: + case LDNS_SIGN_HMACSHA256: +#ifdef HAVE_SSL + k->_key.key = NULL; +#endif /* HAVE_SSL */ + size = size / 8; + ldns_key_set_hmac_size(k, size); + + hmac = LDNS_XMALLOC(unsigned char, size); +#ifdef HAVE_SSL + if (RAND_bytes(hmac, (int) size) != 1) { + LDNS_FREE(hmac); + ldns_key_free(k); + return NULL; + } +#else + while (offset + sizeof(i) < size) { + i = random(); + memcpy(&hmac[offset], &i, sizeof(i)); + offset += sizeof(i); + } + if (offset < size) { + i = random(); + memcpy(&hmac[offset], &i, size - offset); + } +#endif /* HAVE_SSL */ + ldns_key_set_hmac_key(k, hmac); + + ldns_key_set_flags(k, 0); + break; + case LDNS_SIGN_GOST: +#if defined(HAVE_SSL) && defined(USE_GOST) + ldns_key_set_evp_key(k, ldns_gen_gost_key()); +#endif /* HAVE_SSL and USE_GOST */ + break; + } + ldns_key_set_algorithm(k, alg); + return k; +} + +void +ldns_key_print(FILE *output, const ldns_key *k) +{ + char *str = ldns_key2str(k); + if (str) { + fprintf(output, "%s", str); + } else { + fprintf(output, "Unable to convert private key to string\n"); + } + LDNS_FREE(str); +} + + +void +ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l) +{ + k->_alg = l; +} + +void +ldns_key_set_flags(ldns_key *k, uint16_t f) +{ + k->_extra.dnssec.flags = f; +} + +#ifdef HAVE_SSL +void +ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e) +{ + k->_key.key = e; +} + +void +ldns_key_set_rsa_key(ldns_key *k, RSA *r) +{ + EVP_PKEY *key = EVP_PKEY_new(); + EVP_PKEY_set1_RSA(key, r); + k->_key.key = key; +} + +void +ldns_key_set_dsa_key(ldns_key *k, DSA *d) +{ + EVP_PKEY *key = EVP_PKEY_new(); + EVP_PKEY_set1_DSA(key, d); + k->_key.key = key; +} +#endif /* HAVE_SSL */ + +void +ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac) +{ + k->_key.hmac.key = hmac; +} + +void +ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size) +{ + k->_key.hmac.size = hmac_size; +} + +void +ldns_key_set_external_key(ldns_key *k, void *external_key) +{ + k->_key.external_key = external_key; +} + +void +ldns_key_set_origttl(ldns_key *k, uint32_t t) +{ + k->_extra.dnssec.orig_ttl = t; +} + +void +ldns_key_set_inception(ldns_key *k, uint32_t i) +{ + k->_extra.dnssec.inception = i; +} + +void +ldns_key_set_expiration(ldns_key *k, uint32_t e) +{ + k->_extra.dnssec.expiration = e; +} + +void +ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r) +{ + k->_pubkey_owner = r; +} + +void +ldns_key_set_keytag(ldns_key *k, uint16_t tag) +{ + k->_extra.dnssec.keytag = tag; +} + +/* read */ +size_t +ldns_key_list_key_count(const ldns_key_list *key_list) +{ + return key_list->_key_count; +} + +ldns_key * +ldns_key_list_key(const ldns_key_list *key, size_t nr) +{ + if (nr < ldns_key_list_key_count(key)) { + return key->_keys[nr]; + } else { + return NULL; + } +} + +ldns_signing_algorithm +ldns_key_algorithm(const ldns_key *k) +{ + return k->_alg; +} + +void +ldns_key_set_use(ldns_key *k, bool v) +{ + if (k) { + k->_use = v; + } +} + +bool +ldns_key_use(const ldns_key *k) +{ + if (k) { + return k->_use; + } + return false; +} + +#ifdef HAVE_SSL +EVP_PKEY * +ldns_key_evp_key(const ldns_key *k) +{ + return k->_key.key; +} + +RSA * +ldns_key_rsa_key(const ldns_key *k) +{ + if (k->_key.key) { + return EVP_PKEY_get1_RSA(k->_key.key); + } else { + return NULL; + } +} + +DSA * +ldns_key_dsa_key(const ldns_key *k) +{ + if (k->_key.key) { + return EVP_PKEY_get1_DSA(k->_key.key); + } else { + return NULL; + } +} +#endif /* HAVE_SSL */ + +unsigned char * +ldns_key_hmac_key(const ldns_key *k) +{ + if (k->_key.hmac.key) { + return k->_key.hmac.key; + } else { + return NULL; + } +} + +size_t +ldns_key_hmac_size(const ldns_key *k) +{ + if (k->_key.hmac.size) { + return k->_key.hmac.size; + } else { + return 0; + } +} + +void * +ldns_key_external_key(const ldns_key *k) +{ + return k->_key.external_key; +} + +uint32_t +ldns_key_origttl(const ldns_key *k) +{ + return k->_extra.dnssec.orig_ttl; +} + +uint16_t +ldns_key_flags(const ldns_key *k) +{ + return k->_extra.dnssec.flags; +} + +uint32_t +ldns_key_inception(const ldns_key *k) +{ + return k->_extra.dnssec.inception; +} + +uint32_t +ldns_key_expiration(const ldns_key *k) +{ + return k->_extra.dnssec.expiration; +} + +uint16_t +ldns_key_keytag(const ldns_key *k) +{ + return k->_extra.dnssec.keytag; +} + +ldns_rdf * +ldns_key_pubkey_owner(const ldns_key *k) +{ + return k->_pubkey_owner; +} + +/* write */ +void +ldns_key_list_set_use(ldns_key_list *keys, bool v) +{ + size_t i; + + for (i = 0; i < ldns_key_list_key_count(keys); i++) { + ldns_key_set_use(ldns_key_list_key(keys, i), v); + } +} + +void +ldns_key_list_set_key_count(ldns_key_list *key, size_t count) +{ + key->_key_count = count; +} + +bool +ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key) +{ + size_t key_count; + ldns_key **keys; + + key_count = ldns_key_list_key_count(key_list); + keys = key_list->_keys; + + /* grow the array */ + keys = LDNS_XREALLOC( + key_list->_keys, ldns_key *, key_count + 1); + if (!keys) { + return false; + } + + /* add the new member */ + key_list->_keys = keys; + key_list->_keys[key_count] = key; + + ldns_key_list_set_key_count(key_list, key_count + 1); + return true; +} + +ldns_key * +ldns_key_list_pop_key(ldns_key_list *key_list) +{ + size_t key_count; + ldns_key *pop; + + if (!key_list) { + return NULL; + } + + key_count = ldns_key_list_key_count(key_list); + if (key_count == 0) { + return NULL; + } + + pop = ldns_key_list_key(key_list, key_count); + + /* shrink the array */ + key_list->_keys = LDNS_XREALLOC( + key_list->_keys, ldns_key *, key_count - 1); + + ldns_key_list_set_key_count(key_list, key_count - 1); + + return pop; +} + +#ifdef HAVE_SSL +static bool +ldns_key_rsa2bin(unsigned char *data, RSA *k, uint16_t *size) +{ + int i,j; + + if (!k) { + return false; + } + + if (BN_num_bytes(k->e) <= 256) { + /* normally only this path is executed (small factors are + * more common + */ + data[0] = (unsigned char) BN_num_bytes(k->e); + i = BN_bn2bin(k->e, data + 1); + j = BN_bn2bin(k->n, data + i + 1); + *size = (uint16_t) i + j; + } else if (BN_num_bytes(k->e) <= 65536) { + data[0] = 0; + /* BN_bn2bin does bigendian, _uint16 also */ + ldns_write_uint16(data + 1, (uint16_t) BN_num_bytes(k->e)); + + BN_bn2bin(k->e, data + 3); + BN_bn2bin(k->n, data + 4 + BN_num_bytes(k->e)); + *size = (uint16_t) BN_num_bytes(k->n) + 6; + } else { + return false; + } + return true; +} + +static bool +ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size) +{ + uint8_t T; + + if (!k) { + return false; + } + + /* See RFC2536 */ + *size = (uint16_t)BN_num_bytes(k->g); + T = (*size - 64) / 8; + memcpy(data, &T, 1); + + if (T > 8) { + fprintf(stderr, "DSA key with T > 8 (ie. > 1024 bits)"); + fprintf(stderr, " not implemented\n"); + return false; + } + + /* size = 64 + (T * 8); */ + data[0] = (unsigned char)T; + BN_bn2bin(k->q, data + 1 ); /* 20 octects */ + BN_bn2bin(k->p, data + 21 ); /* offset octects */ + BN_bn2bin(k->g, data + 21 + *size); /* offset octets */ + BN_bn2bin(k->pub_key, data + 21 + *size + *size); /* offset octets */ + *size = 21 + (*size * 3); + return true; +} + +#ifdef USE_GOST +static bool +ldns_key_gost2bin(unsigned char* data, EVP_PKEY* k, uint16_t* size) +{ + int i; + unsigned char* pp = NULL; + if(i2d_PUBKEY(k, &pp) != 37 + 64) { + /* expect 37 byte(ASN header) and 64 byte(X and Y) */ + CRYPTO_free(pp); + return false; + } + /* omit ASN header */ + /* insert parameters */ + data[0] = 0; + data[1] = 0; + for(i=0; i<64; i++) + data[i+2] = pp[i+37]; + CRYPTO_free(pp); + *size = 66; + return true; +} +#endif /* USE_GOST */ +#endif /* HAVE_SSL */ + +ldns_rr * +ldns_key2rr(const ldns_key *k) +{ + /* this function will convert a the keydata contained in + * rsa/dsa pointers to a DNSKEY rr. It will fill in as + * much as it can, but it does not know about key-flags + * for instance + */ + ldns_rr *pubkey; + ldns_rdf *keybin; + unsigned char *bin = NULL; + uint16_t size = 0; +#ifdef HAVE_SSL + RSA *rsa = NULL; + DSA *dsa = NULL; +#endif /* HAVE_SSL */ + int internal_data = 0; + + pubkey = ldns_rr_new(); + if (!k) { + return NULL; + } + + switch (ldns_key_algorithm(k)) { + case LDNS_SIGN_HMACMD5: + case LDNS_SIGN_HMACSHA1: + case LDNS_SIGN_HMACSHA256: + ldns_rr_set_type(pubkey, LDNS_RR_TYPE_KEY); + break; + default: + ldns_rr_set_type(pubkey, LDNS_RR_TYPE_DNSKEY); + break; + } + /* zero-th rdf - flags */ + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, + ldns_key_flags(k))); + /* first - proto */ + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, LDNS_DNSSEC_KEYPROTO)); + + if (ldns_key_pubkey_owner(k)) { + ldns_rr_set_owner(pubkey, ldns_rdf_clone(ldns_key_pubkey_owner(k))); + } + + /* third - da algorithm */ + switch(ldns_key_algorithm(k)) { + case LDNS_RSAMD5: + case LDNS_RSASHA1: + case LDNS_RSASHA1_NSEC3: + case LDNS_RSASHA256: + case LDNS_RSASHA512: + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); +#ifdef HAVE_SSL + rsa = ldns_key_rsa_key(k); + if (rsa) { + bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bin) { + return NULL; + } + if (!ldns_key_rsa2bin(bin, rsa, &size)) { + return NULL; + } + RSA_free(rsa); + internal_data = 1; + } +#endif + size++; + break; + case LDNS_SIGN_DSA: + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA)); +#ifdef HAVE_SSL + dsa = ldns_key_dsa_key(k); + if (dsa) { + bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bin) { + return NULL; + } + if (!ldns_key_dsa2bin(bin, dsa, &size)) { + return NULL; + } + DSA_free(dsa); + internal_data = 1; + } +#endif /* HAVE_SSL */ + break; + case LDNS_DSA_NSEC3: + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, LDNS_DSA_NSEC3)); +#ifdef HAVE_SSL + dsa = ldns_key_dsa_key(k); + if (dsa) { + bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bin) { + return NULL; + } + if (!ldns_key_dsa2bin(bin, dsa, &size)) { + return NULL; + } + DSA_free(dsa); + internal_data = 1; + } +#endif /* HAVE_SSL */ + break; + case LDNS_SIGN_GOST: + ldns_rr_push_rdf(pubkey, ldns_native2rdf_int8( + LDNS_RDF_TYPE_ALG, ldns_key_algorithm(k))); +#if defined(HAVE_SSL) && defined(USE_GOST) + bin = LDNS_XMALLOC(unsigned char, LDNS_MAX_KEYLEN); + if (!bin) + return NULL; + if (!ldns_key_gost2bin(bin, k->_key.key, &size)) { + return NULL; + } + internal_data = 1; + break; +#endif /* HAVE_SSL and USE_GOST */ + case LDNS_SIGN_HMACMD5: + case LDNS_SIGN_HMACSHA1: + case LDNS_SIGN_HMACSHA256: + bin = LDNS_XMALLOC(unsigned char, ldns_key_hmac_size(k)); + if (!bin) { + return NULL; + } + ldns_rr_push_rdf(pubkey, + ldns_native2rdf_int8(LDNS_RDF_TYPE_ALG, + ldns_key_algorithm(k))); + size = ldns_key_hmac_size(k); + memcpy(bin, ldns_key_hmac_key(k), size); + internal_data = 1; + break; + } + /* fourth the key bin material */ + if (internal_data) { + keybin = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, size, bin); + LDNS_FREE(bin); + ldns_rr_push_rdf(pubkey, keybin); + } + return pubkey; +} + +void +ldns_key_free(ldns_key *key) +{ + LDNS_FREE(key); +} + +void +ldns_key_deep_free(ldns_key *key) +{ + if (ldns_key_pubkey_owner(key)) { + ldns_rdf_deep_free(ldns_key_pubkey_owner(key)); + } +#ifdef HAVE_SSL + if (ldns_key_evp_key(key)) { + EVP_PKEY_free(ldns_key_evp_key(key)); + } +#endif /* HAVE_SSL */ + if (ldns_key_hmac_key(key)) { + free(ldns_key_hmac_key(key)); + } + LDNS_FREE(key); +} + +void +ldns_key_list_free(ldns_key_list *key_list) +{ + size_t i; + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + ldns_key_deep_free(ldns_key_list_key(key_list, i)); + } + LDNS_FREE(key_list->_keys); + LDNS_FREE(key_list); +} + +ldns_rr * +ldns_read_anchor_file(const char *filename) +{ + FILE *fp; + /*char line[LDNS_MAX_PACKETLEN];*/ + char *line = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN); + int c; + size_t i = 0; + ldns_rr *r; + ldns_status status; + + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); + LDNS_FREE(line); + return NULL; + } + + while ((c = fgetc(fp)) && i < LDNS_MAX_PACKETLEN && c != EOF) { + line[i] = c; + i++; + } + line[i] = '\0'; + + fclose(fp); + + if (i <= 0) { + fprintf(stderr, "nothing read from %s", filename); + LDNS_FREE(line); + return NULL; + } else { + status = ldns_rr_new_frm_str(&r, line, 0, NULL, NULL); + if (status == LDNS_STATUS_OK && (ldns_rr_get_type(r) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(r) == LDNS_RR_TYPE_DS)) { + LDNS_FREE(line); + return r; + } else { + fprintf(stderr, "Error creating DNSKEY or DS rr from %s: %s\n", filename, ldns_get_errorstr_by_id(status)); + LDNS_FREE(line); + return NULL; + } + } +} + +char * +ldns_key_get_file_base_name(ldns_key *key) +{ + ldns_buffer *buffer; + char *file_base_name; + + buffer = ldns_buffer_new(255); + ldns_buffer_printf(buffer, "K"); + (void)ldns_rdf2buffer_str_dname(buffer, ldns_key_pubkey_owner(key)); + ldns_buffer_printf(buffer, + "+%03u+%05u", + ldns_key_algorithm(key), + ldns_key_keytag(key)); + file_base_name = strdup(ldns_buffer_export(buffer)); + ldns_buffer_free(buffer); + return file_base_name; +} + +int ldns_key_algo_supported(int algo) +{ + ldns_lookup_table *lt = ldns_signing_algorithms; + while(lt->name) { + if(lt->id == algo) + return 1; + lt++; + } + return 0; +} diff --git a/contrib/ldns/ldns/buffer.h b/contrib/ldns/ldns/buffer.h new file mode 100644 index 0000000000..4e5f9feb65 --- /dev/null +++ b/contrib/ldns/ldns/buffer.h @@ -0,0 +1,636 @@ +/* + * buffer.h -- generic memory buffer. + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + * + * The buffer module implements a generic buffer. The API is based on + * the java.nio.Buffer interface. + */ + +#ifndef LDNS_BUFFER_H +#define LDNS_BUFFER_H + +#include +#include +#include + +#include +#include + +#include "ldns/util.h" + +/** + * number of initial bytes in buffer of + * which we cannot tell the size before hand + */ +#define LDNS_MIN_BUFLEN 512 + +/** + * \file buffer.h + * + * This file contains the definition of ldns_buffer, and functions to manipulate those. + */ + +/** + * implementation of buffers to ease operations + * + * ldns_buffers can contain arbitrary information, per octet. You can write + * to the current end of a buffer, read from the current position, and + * access any data within it. + * + * Example use of buffers is in the source code of \ref host2str.c + */ +struct ldns_struct_buffer +{ + /** The current position used for reading/writing */ + size_t _position; + + /** The read/write limit */ + size_t _limit; + + /** The amount of data the buffer can contain */ + size_t _capacity; + + /** The data contained in the buffer */ + uint8_t *_data; + + /** If the buffer is fixed it cannot be resized */ + unsigned _fixed : 1; + + /** The current state of the buffer. If writing to the buffer fails + * for any reason, this value is changed. This way, you can perform + * multiple writes in sequence and check for success afterwards. */ + ldns_status _status; +}; +typedef struct ldns_struct_buffer ldns_buffer; + + +#ifdef NDEBUG +INLINE void +ldns_buffer_invariant(ldns_buffer *ATTR_UNUSED(buffer)) +{ +} +#else +INLINE void +ldns_buffer_invariant(ldns_buffer *buffer) +{ + assert(buffer != NULL); + assert(buffer->_position <= buffer->_limit); + assert(buffer->_limit <= buffer->_capacity); + assert(buffer->_data != NULL); +} +#endif + +/** + * creates a new buffer with the specified capacity. + * + * \param[in] capacity the size (in bytes) to allocate for the buffer + * \return the created buffer + */ +ldns_buffer *ldns_buffer_new(size_t capacity); + +/** + * creates a buffer with the specified data. The data IS copied + * and MEMORY allocations are done. The buffer is not fixed and can + * be resized using buffer_reserve(). + * + * \param[in] buffer pointer to the buffer to put the data in + * \param[in] data the data to encapsulate in the buffer + * \param[in] size the size of the data + */ +void ldns_buffer_new_frm_data(ldns_buffer *buffer, void *data, size_t size); + +/** + * clears the buffer and make it ready for writing. The buffer's limit + * is set to the capacity and the position is set to 0. + * \param[in] buffer the buffer to clear + */ +INLINE void ldns_buffer_clear(ldns_buffer *buffer) +{ + ldns_buffer_invariant(buffer); + + /* reset status here? */ + + buffer->_position = 0; + buffer->_limit = buffer->_capacity; +} + +/** + * makes the buffer ready for reading the data that has been written to + * the buffer. The buffer's limit is set to the current position and + * the position is set to 0. + * + * \param[in] buffer the buffer to flip + * \return void + */ +INLINE void ldns_buffer_flip(ldns_buffer *buffer) +{ + ldns_buffer_invariant(buffer); + + buffer->_limit = buffer->_position; + buffer->_position = 0; +} + +/** + * make the buffer ready for re-reading the data. The buffer's + * position is reset to 0. + * \param[in] buffer the buffer to rewind + */ +INLINE void ldns_buffer_rewind(ldns_buffer *buffer) +{ + ldns_buffer_invariant(buffer); + + buffer->_position = 0; +} + +/** + * returns the current position in the buffer (as a number of bytes) + * \param[in] buffer the buffer + * \return the current position + */ +INLINE size_t +ldns_buffer_position(ldns_buffer *buffer) +{ + return buffer->_position; +} + +/** + * sets the buffer's position to MARK. The position must be less than + * or equal to the buffer's limit. + * \param[in] buffer the buffer + * \param[in] mark the mark to use + */ +INLINE void +ldns_buffer_set_position(ldns_buffer *buffer, size_t mark) +{ + assert(mark <= buffer->_limit); + buffer->_position = mark; +} + +/** + * changes the buffer's position by COUNT bytes. The position must not + * be moved behind the buffer's limit or before the beginning of the + * buffer. + * \param[in] buffer the buffer + * \param[in] count the count to use + */ +INLINE void +ldns_buffer_skip(ldns_buffer *buffer, ssize_t count) +{ + assert(buffer->_position + count <= buffer->_limit); + buffer->_position += count; +} + +/** + * returns the maximum size of the buffer + * \param[in] buffer + * \return the size + */ +INLINE size_t +ldns_buffer_limit(ldns_buffer *buffer) +{ + return buffer->_limit; +} + +/** + * changes the buffer's limit. If the buffer's position is greater + * than the new limit the position is set to the limit. + * \param[in] buffer the buffer + * \param[in] limit the new limit + */ +INLINE void +ldns_buffer_set_limit(ldns_buffer *buffer, size_t limit) +{ + assert(limit <= buffer->_capacity); + buffer->_limit = limit; + if (buffer->_position > buffer->_limit) + buffer->_position = buffer->_limit; +} + +/** + * returns the number of bytes the buffer can hold. + * \param[in] buffer the buffer + * \return the number of bytes + */ +INLINE size_t +ldns_buffer_capacity(ldns_buffer *buffer) +{ + return buffer->_capacity; +} + +/** + * changes the buffer's capacity. The data is reallocated so any + * pointers to the data may become invalid. The buffer's limit is set + * to the buffer's new capacity. + * \param[in] buffer the buffer + * \param[in] capacity the capacity to use + * \return whether this failed or succeeded + */ +bool ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity); + +/** + * ensures BUFFER can contain at least AMOUNT more bytes. The buffer's + * capacity is increased if necessary using buffer_set_capacity(). + * + * The buffer's limit is always set to the (possibly increased) + * capacity. + * \param[in] buffer the buffer + * \param[in] amount amount to use + * \return whether this failed or succeeded + */ +bool ldns_buffer_reserve(ldns_buffer *buffer, size_t amount); + +/** + * returns a pointer to the data at the indicated position. + * \param[in] buffer the buffer + * \param[in] at position + * \return the pointer to the data + */ +INLINE uint8_t * +ldns_buffer_at(const ldns_buffer *buffer, size_t at) +{ + assert(at <= buffer->_limit); + return buffer->_data + at; +} + +/** + * returns a pointer to the beginning of the buffer (the data at + * position 0). + * \param[in] buffer the buffer + * \return the pointer + */ +INLINE uint8_t * +ldns_buffer_begin(const ldns_buffer *buffer) +{ + return ldns_buffer_at(buffer, 0); +} + +/** + * returns a pointer to the end of the buffer (the data at the buffer's + * limit). + * \param[in] buffer the buffer + * \return the pointer + */ +INLINE uint8_t * +ldns_buffer_end(ldns_buffer *buffer) +{ + return ldns_buffer_at(buffer, buffer->_limit); +} + +/** + * returns a pointer to the data at the buffer's current position. + * \param[in] buffer the buffer + * \return the pointer + */ +INLINE uint8_t * +ldns_buffer_current(ldns_buffer *buffer) +{ + return ldns_buffer_at(buffer, buffer->_position); +} + +/** + * returns the number of bytes remaining between the indicated position and + * the limit. + * \param[in] buffer the buffer + * \param[in] at indicated position + * \return number of bytes + */ +INLINE size_t +ldns_buffer_remaining_at(ldns_buffer *buffer, size_t at) +{ + ldns_buffer_invariant(buffer); + assert(at <= buffer->_limit); + return buffer->_limit - at; +} + +/** + * returns the number of bytes remaining between the buffer's position and + * limit. + * \param[in] buffer the buffer + * \return the number of bytes + */ +INLINE size_t +ldns_buffer_remaining(ldns_buffer *buffer) +{ + return ldns_buffer_remaining_at(buffer, buffer->_position); +} + +/** + * checks if the buffer has at least COUNT more bytes available. + * Before reading or writing the caller needs to ensure enough space + * is available! + * \param[in] buffer the buffer + * \param[in] at indicated position + * \param[in] count how much is available + * \return true or false (as int?) + */ +INLINE int +ldns_buffer_available_at(ldns_buffer *buffer, size_t at, size_t count) +{ + return count <= ldns_buffer_remaining_at(buffer, at); +} + +/** + * checks if the buffer has count bytes available at the current position + * \param[in] buffer the buffer + * \param[in] count how much is available + * \return true or false (as int?) + */ +INLINE int +ldns_buffer_available(ldns_buffer *buffer, size_t count) +{ + return ldns_buffer_available_at(buffer, buffer->_position, count); +} + +/** + * writes the given data to the buffer at the specified position + * \param[in] buffer the buffer + * \param[in] at the position (in number of bytes) to write the data at + * \param[in] data pointer to the data to write to the buffer + * \param[in] count the number of bytes of data to write + */ +INLINE void +ldns_buffer_write_at(ldns_buffer *buffer, size_t at, const void *data, size_t count) +{ + assert(ldns_buffer_available_at(buffer, at, count)); + memcpy(buffer->_data + at, data, count); +} + +/** + * writes count bytes of data to the current position of the buffer + * \param[in] buffer the buffer + * \param[in] data the data to write + * \param[in] count the lenght of the data to write + */ +INLINE void +ldns_buffer_write(ldns_buffer *buffer, const void *data, size_t count) +{ + ldns_buffer_write_at(buffer, buffer->_position, data, count); + buffer->_position += count; +} + +/** + * copies the given (null-delimited) string to the specified position at the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] str the string to write + */ +INLINE void +ldns_buffer_write_string_at(ldns_buffer *buffer, size_t at, const char *str) +{ + ldns_buffer_write_at(buffer, at, str, strlen(str)); +} + +/** + * copies the given (null-delimited) string to the current position at the buffer + * \param[in] buffer the buffer + * \param[in] str the string to write + */ +INLINE void +ldns_buffer_write_string(ldns_buffer *buffer, const char *str) +{ + ldns_buffer_write(buffer, str, strlen(str)); +} + +/** + * writes the given byte of data at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] data the 8 bits to write + */ +INLINE void +ldns_buffer_write_u8_at(ldns_buffer *buffer, size_t at, uint8_t data) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(data))); + buffer->_data[at] = data; +} + +/** + * writes the given byte of data at the current position in the buffer + * \param[in] buffer the buffer + * \param[in] data the 8 bits to write + */ +INLINE void +ldns_buffer_write_u8(ldns_buffer *buffer, uint8_t data) +{ + ldns_buffer_write_u8_at(buffer, buffer->_position, data); + buffer->_position += sizeof(data); +} + +/** + * writes the given 2 byte integer at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] data the 16 bits to write + */ +INLINE void +ldns_buffer_write_u16_at(ldns_buffer *buffer, size_t at, uint16_t data) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(data))); + ldns_write_uint16(buffer->_data + at, data); +} + +/** + * writes the given 2 byte integer at the current position in the buffer + * \param[in] buffer the buffer + * \param[in] data the 16 bits to write + */ +INLINE void +ldns_buffer_write_u16(ldns_buffer *buffer, uint16_t data) +{ + ldns_buffer_write_u16_at(buffer, buffer->_position, data); + buffer->_position += sizeof(data); +} + +/** + * writes the given 4 byte integer at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \param[in] data the 32 bits to write + */ +INLINE void +ldns_buffer_write_u32_at(ldns_buffer *buffer, size_t at, uint32_t data) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(data))); + ldns_write_uint32(buffer->_data + at, data); +} + +/** + * writes the given 4 byte integer at the current position in the buffer + * \param[in] buffer the buffer + * \param[in] data the 32 bits to write + */ +INLINE void +ldns_buffer_write_u32(ldns_buffer *buffer, uint32_t data) +{ + ldns_buffer_write_u32_at(buffer, buffer->_position, data); + buffer->_position += sizeof(data); +} + +/** + * copies count bytes of data at the given position to the given data-array + * \param[in] buffer the buffer + * \param[in] at the position in the buffer to start + * \param[out] data buffer to copy to + * \param[in] count the length of the data to copy + */ +INLINE void +ldns_buffer_read_at(ldns_buffer *buffer, size_t at, void *data, size_t count) +{ + assert(ldns_buffer_available_at(buffer, at, count)); + memcpy(data, buffer->_data + at, count); +} + +/** + * copies count bytes of data at the current position to the given data-array + * \param[in] buffer the buffer + * \param[out] data buffer to copy to + * \param[in] count the length of the data to copy + */ +INLINE void +ldns_buffer_read(ldns_buffer *buffer, void *data, size_t count) +{ + ldns_buffer_read_at(buffer, buffer->_position, data, count); + buffer->_position += count; +} + +/** + * returns the byte value at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at the position in the buffer + * \return 1 byte integer + */ +INLINE uint8_t +ldns_buffer_read_u8_at(ldns_buffer *buffer, size_t at) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(uint8_t))); + return buffer->_data[at]; +} + +/** + * returns the byte value at the current position in the buffer + * \param[in] buffer the buffer + * \return 1 byte integer + */ +INLINE uint8_t +ldns_buffer_read_u8(ldns_buffer *buffer) +{ + uint8_t result = ldns_buffer_read_u8_at(buffer, buffer->_position); + buffer->_position += sizeof(uint8_t); + return result; +} + +/** + * returns the 2-byte integer value at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at position in the buffer + * \return 2 byte integer + */ +INLINE uint16_t +ldns_buffer_read_u16_at(ldns_buffer *buffer, size_t at) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(uint16_t))); + return ldns_read_uint16(buffer->_data + at); +} + +/** + * returns the 2-byte integer value at the current position in the buffer + * \param[in] buffer the buffer + * \return 2 byte integer + */ +INLINE uint16_t +ldns_buffer_read_u16(ldns_buffer *buffer) +{ + uint16_t result = ldns_buffer_read_u16_at(buffer, buffer->_position); + buffer->_position += sizeof(uint16_t); + return result; +} + +/** + * returns the 4-byte integer value at the given position in the buffer + * \param[in] buffer the buffer + * \param[in] at position in the buffer + * \return 4 byte integer + */ +INLINE uint32_t +ldns_buffer_read_u32_at(ldns_buffer *buffer, size_t at) +{ + assert(ldns_buffer_available_at(buffer, at, sizeof(uint32_t))); + return ldns_read_uint32(buffer->_data + at); +} + +/** + * returns the 4-byte integer value at the current position in the buffer + * \param[in] buffer the buffer + * \return 4 byte integer + */ +INLINE uint32_t +ldns_buffer_read_u32(ldns_buffer *buffer) +{ + uint32_t result = ldns_buffer_read_u32_at(buffer, buffer->_position); + buffer->_position += sizeof(uint32_t); + return result; +} + +/** + * returns the status of the buffer + * \param[in] buffer + * \return the status + */ +INLINE ldns_status +ldns_buffer_status(ldns_buffer *buffer) +{ + return buffer->_status; +} + +/** + * returns true if the status of the buffer is LDNS_STATUS_OK, false otherwise + * \param[in] buffer the buffer + * \return true or false + */ +INLINE bool +ldns_buffer_status_ok(ldns_buffer *buffer) +{ + if (buffer) { + return ldns_buffer_status(buffer) == LDNS_STATUS_OK; + } else { + return false; + } +} + +/** + * prints to the buffer, increasing the capacity if required using + * buffer_reserve(). The buffer's position is set to the terminating + * '\\0'. Returns the number of characters written (not including the + * terminating '\\0') or -1 on failure. + */ +int ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...); +/* ATTR_FORMAT(printf, 2, 3);*/ + +/** + * frees the buffer. + * \param[in] *buffer the buffer to be freed + * \return void + */ +void ldns_buffer_free(ldns_buffer *buffer); + +/** + * Makes the buffer fixed and returns a pointer to the data. The + * caller is responsible for free'ing the result. + * \param[in] *buffer the buffer to be exported + * \return void + */ +void *ldns_buffer_export(ldns_buffer *buffer); + +/** + * Copy contents of the other buffer to this buffer. Silently truncated + * if this buffer is too small. + * \param[out] *result resulting buffer which is copied to. + * \param[in] *from what to copy to result. + */ +void ldns_buffer_copy(ldns_buffer* result, ldns_buffer* from); + +#endif /* LDNS_BUFFER_H */ diff --git a/contrib/ldns/ldns/common.h b/contrib/ldns/ldns/common.h new file mode 100644 index 0000000000..8e09f3b008 --- /dev/null +++ b/contrib/ldns/ldns/common.h @@ -0,0 +1,52 @@ +/** + * \file common.h + * + * Common definitions for LDNS + */ + +/** + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_COMMON_H +#define LDNS_COMMON_H + +#if !defined(__cplusplus) && !defined(__bool_true_false_are_defined) + +#if defined(HAVE_STDBOOL_H) +#include +#else + +/*@ignore@*/ +/* splint barfs on this construct */ +typedef unsigned char bool; +#define bool bool +#define false 0 +#define true 1 +#define __bool_true_false_are_defined 1 +/*@end@*/ + +#endif + +#endif + +#ifdef HAVE_ATTR_FORMAT +#define ATTR_FORMAT(archetype, string_index, first_to_check) \ + __attribute__ ((format (archetype, string_index, first_to_check))) +#else /* !HAVE_ATTR_FORMAT */ +#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ +#endif /* !HAVE_ATTR_FORMAT */ + +#if defined(__cplusplus) +#define ATTR_UNUSED(x) +#elif defined(HAVE_ATTR_UNUSED) +#define ATTR_UNUSED(x) x __attribute__((unused)) +#else /* !HAVE_ATTR_UNUSED */ +#define ATTR_UNUSED(x) x +#endif /* !HAVE_ATTR_UNUSED */ + +#endif /* LDNS_COMMON_H */ diff --git a/contrib/ldns/ldns/config.h.in b/contrib/ldns/ldns/config.h.in new file mode 100644 index 0000000000..9db78432a6 --- /dev/null +++ b/contrib/ldns/ldns/config.h.in @@ -0,0 +1,443 @@ +/* ldns/config.h.in. Generated from configure.ac by autoheader. */ + +/* Define if building universal (internal helper macro) */ +#undef AC_APPLE_UNIVERSAL_BUILD + +/* Define to 1 if you have the header file. */ +#undef HAVE_ARPA_INET_H + +/* Whether the C compiler accepts the "format" attribute */ +#undef HAVE_ATTR_FORMAT + +/* Whether the C compiler accepts the "unused" attribute */ +#undef HAVE_ATTR_UNUSED + +/* Define to 1 if you have the `b32_ntop' function. */ +#undef HAVE_B32_NTOP + +/* Define to 1 if you have the `b32_pton' function. */ +#undef HAVE_B32_PTON + +/* Define to 1 if you have the `b64_ntop' function. */ +#undef HAVE_B64_NTOP + +/* Define to 1 if you have the `b64_pton' function. */ +#undef HAVE_B64_PTON + +/* Define to 1 if you have the `ctime_r' function. */ +#undef HAVE_CTIME_R + +/* Define to 1 if you have the header file. */ +#undef HAVE_DLFCN_H + +/* Define to 1 if you have the `endprotoent' function. */ +#undef HAVE_ENDPROTOENT + +/* Define to 1 if you have the `endservent' function. */ +#undef HAVE_ENDSERVENT + +/* Define to 1 if you have the `EVP_sha256' function. */ +#undef HAVE_EVP_SHA256 + +/* Define to 1 if you have the `fcntl' function. */ +#undef HAVE_FCNTL + +/* Whether getaddrinfo is available */ +#undef HAVE_GETADDRINFO + +/* Define to 1 if you have the header file. */ +#undef HAVE_GETOPT_H + +/* Define to 1 if you have the `gmtime_r' function. */ +#undef HAVE_GMTIME_R + +/* If you have HMAC_CTX_init */ +#undef HAVE_HMAC_CTX_INIT + +/* Define to 1 if you have the `inet_aton' function. */ +#undef HAVE_INET_ATON + +/* Define to 1 if you have the `inet_ntop' function. */ +#undef HAVE_INET_NTOP + +/* Define to 1 if you have the `inet_pton' function. */ +#undef HAVE_INET_PTON + +/* define if you have inttypes.h */ +#undef HAVE_INTTYPES_H + +/* if the function 'ioctlsocket' is available */ +#undef HAVE_IOCTLSOCKET + +/* Define to 1 if you have the `isblank' function. */ +#undef HAVE_ISBLANK + +/* Define to 1 if you have the `crypto' library (-lcrypto). */ +#undef HAVE_LIBCRYPTO + +/* Define to 1 if you have the `nsl' library (-lnsl). */ +#undef HAVE_LIBNSL + +/* Define to 1 if you have the `socket' library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the `memmove' function. */ +#undef HAVE_MEMMOVE + +/* Define to 1 if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETDB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_NETINET_IN_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_ERR_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_RAND_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_OPENSSL_SSL_H + +/* Define if you have Python libraries and header files. */ +#undef HAVE_PYTHON + +/* Define to 1 if you have the `random' function. */ +#undef HAVE_RANDOM + +/* Define to 1 if your system has a GNU libc compatible `realloc' function, + and to 0 otherwise. */ +#undef HAVE_REALLOC + +/* Define to 1 if you have the `sleep' function. */ +#undef HAVE_SLEEP + +/* Define to 1 if you have the `snprintf' function. */ +#undef HAVE_SNPRINTF + +/* Define if you have the SSL libraries installed. */ +#undef HAVE_SSL + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDARG_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDBOOL_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the `strlcpy' function. */ +#undef HAVE_STRLCPY + +/* Define if you have Swig libraries and header files. */ +#undef HAVE_SWIG + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_MOUNT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_PARAM_H + +/* define if you have sys/socket.h */ +#undef HAVE_SYS_SOCKET_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the `timegm' function. */ +#undef HAVE_TIMEGM + +/* Define to 1 if you have the header file. */ +#undef HAVE_TIME_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_WINSOCK2_H + +/* Define to 1 if you have the header file. */ +#undef HAVE_WS2TCPIP_H + +/* Define to the sub-directory in which libtool stores uninstalled libraries. + */ +#undef LT_OBJDIR + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* System configuration dir */ +#undef SYSCONFDIR + +/* Define this to enable GOST support. */ +#undef USE_GOST + +/* Define this to enable SHA256 and SHA512 support. */ +#undef USE_SHA2 + +/* Enable extensions on AIX 3, Interix. */ +#ifndef _ALL_SOURCE +# undef _ALL_SOURCE +#endif +/* Enable GNU extensions on systems that have them. */ +#ifndef _GNU_SOURCE +# undef _GNU_SOURCE +#endif +/* Enable threading extensions on Solaris. */ +#ifndef _POSIX_PTHREAD_SEMANTICS +# undef _POSIX_PTHREAD_SEMANTICS +#endif +/* Enable extensions on HP NonStop. */ +#ifndef _TANDEM_SOURCE +# undef _TANDEM_SOURCE +#endif +/* Enable general extensions on Solaris. */ +#ifndef __EXTENSIONS__ +# undef __EXTENSIONS__ +#endif + + +/* Whether the windows socket API is used */ +#undef USE_WINSOCK + +/* the version of the windows API enabled */ +#undef WINVER + +/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ +#if defined AC_APPLE_UNIVERSAL_BUILD +# if defined __BIG_ENDIAN__ +# define WORDS_BIGENDIAN 1 +# endif +#else +# ifndef WORDS_BIGENDIAN +# undef WORDS_BIGENDIAN +# endif +#endif + +/* Define to 1 if on MINIX. */ +#undef _MINIX + +/* Define to 2 if the system does not provide POSIX.1 features except with + this defined. */ +#undef _POSIX_1_SOURCE + +/* Define to 1 if you need to in order for `stat' and other things to work. */ +#undef _POSIX_SOURCE + +/* Define to empty if `const' does not conform to ANSI C. */ +#undef const + +/* in_addr_t */ +#undef in_addr_t + +/* in_port_t */ +#undef in_port_t + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* Define to `short' if does not define. */ +#undef int16_t + +/* Define to `int' if does not define. */ +#undef int32_t + +/* Define to `long long' if does not define. */ +#undef int64_t + +/* Define to `char' if does not define. */ +#undef int8_t + +/* Define to rpl_malloc if the replacement function should be used. */ +#undef malloc + +/* Define to rpl_realloc if the replacement function should be used. */ +#undef realloc + +/* Define to 'int' if not defined */ +#undef socklen_t + +/* Define to `int' if does not define. */ +#undef ssize_t + +/* Define to `unsigned short' if does not define. */ +#undef uint16_t + +/* Define to `unsigned int' if does not define. */ +#undef uint32_t + +/* Define to `unsigned long long' if does not define. */ +#undef uint64_t + +/* Define to `unsigned char' if does not define. */ +#undef uint8_t + + +#include +#include +#include +#include + +#ifndef LITTLE_ENDIAN +#define LITTLE_ENDIAN 1234 +#endif + +#ifndef BIG_ENDIAN +#define BIG_ENDIAN 4321 +#endif + +#ifndef BYTE_ORDER +#ifdef WORDS_BIGENDIAN +#define BYTE_ORDER BIG_ENDIAN +#else +#define BYTE_ORDER LITTLE_ENDIAN +#endif /* WORDS_BIGENDIAN */ +#endif /* BYTE_ORDER */ + +#if STDC_HEADERS +#include +#include +#endif + +#ifdef HAVE_STDINT_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#ifdef HAVE_WINSOCK2_H +#include +#endif + +#ifdef HAVE_WS2TCPIP_H +#include +#endif + + +/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */ +#ifdef HAVE_WINSOCK2_H +#define FD_SET_T (u_int) +#else +#define FD_SET_T +#endif + + + + +#ifndef B64_PTON +int ldns_b64_ntop(uint8_t const *src, size_t srclength, + char *target, size_t targsize); +/** + * calculates the size needed to store the result of b64_ntop + */ +/*@unused@*/ +static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize) +{ + return ((((srcsize + 2) / 3) * 4) + 1); +} +#endif /* !B64_PTON */ +#ifndef B64_NTOP +int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize); +/** + * calculates the size needed to store the result of ldns_b64_pton + */ +/*@unused@*/ +static inline size_t ldns_b64_pton_calculate_size(size_t srcsize) +{ + return ((((srcsize / 4) * 3) - 2) + 2); +} +#endif /* !B64_NTOP */ + +#ifndef HAVE_SLEEP +/* use windows sleep, in millisecs, instead */ +#define sleep(x) Sleep((x)*1000) +#endif + +#ifndef HAVE_RANDOM +#define srandom(x) srand(x) +#define random(x) rand(x) +#endif + +#ifndef HAVE_TIMEGM +#include +time_t timegm (struct tm *tm); +#endif /* !TIMEGM */ +#ifndef HAVE_GMTIME_R +struct tm *gmtime_r(const time_t *timep, struct tm *result); +#endif +#ifndef HAVE_ISBLANK +int isblank(int c); +#endif /* !HAVE_ISBLANK */ +#ifndef HAVE_SNPRINTF +#include +int snprintf (char *str, size_t count, const char *fmt, ...); +int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); +#endif /* HAVE_SNPRINTF */ +#ifndef HAVE_INET_PTON +int inet_pton(int af, const char* src, void* dst); +#endif /* HAVE_INET_PTON */ +#ifndef HAVE_INET_NTOP +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif +#ifndef HAVE_INET_ATON +int inet_aton(const char *cp, struct in_addr *addr); +#endif +#ifndef HAVE_MEMMOVE +void *memmove(void *dest, const void *src, size_t n); +#endif +#ifndef HAVE_STRLCPY +size_t strlcpy(char *dst, const char *src, size_t siz); +#endif +#ifndef HAVE_GETADDRINFO +#include "compat/fake-rfc2553.h" +#endif + diff --git a/contrib/ldns/ldns/dname.h b/contrib/ldns/ldns/dname.h new file mode 100644 index 0000000000..b144b4c78c --- /dev/null +++ b/contrib/ldns/ldns/dname.h @@ -0,0 +1,186 @@ +/* + * dname.h + * + * dname definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file dname.h + * + * dname contains function to read and manipulate domain names. + * + * Example domain names are "www.nlnetlabs.nl." and "." (the root) + * + * If a domain name ends with a dot ("."), it is called a Fully Qualified + * Domain Name (FQDN). In certain places (for instance when reading a zone + * file), an origin (which is just another domain name) non-FQDNs will be + * placed after the current. For instance, if i have a zone file where the + * origin has been set to "nl.", and my file contains the name + * "www.nlnetlabs", it will result in "www.nlnetlabs.nl.". Internally, dnames are + * always absolute (the dot is added when it is missing and there is no origin). + * + * An FQDN is also + * known as an absolute domain name, therefore the function to check this is + * called \ref ldns_dname_str_absolute + * + * Domain names are stored in \ref ldns_rdf structures, with the type + * \ref LDNS_RDF_TYPE_DNAME + * + * This module is *NOT* about the RR type called DNAME. + */ + + +#ifndef LDNS_DNAME_H +#define LDNS_DNAME_H + +#include +#include + +#define LDNS_DNAME_NORMALIZE tolower + +/** + * concatenates two dnames together + * \param[in] rd1 the leftside + * \param[in] rd2 the rightside + * \return a new rdf with leftside/rightside + */ +ldns_rdf *ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2); + +/** + * concatenates rd2 after rd1 (rd2 is copied, rd1 is modified) + * \param[in] rd1 the leftside + * \param[in] rd2 the rightside + * \return LDNS_STATUS_OK on success + */ +ldns_status ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2); + +/** + * Returns a clone of the given dname with the labels + * reversed + * \param[in] d the dname to reverse + * \return clone of the dname with the labels reversed. + */ +ldns_rdf *ldns_dname_reverse(const ldns_rdf *d); + +/** + * Clones the given dname from the nth label on + * \param[in] d The dname to clone + * \param[in] n the label nr to clone from, if this is 0, the complete + * dname is cloned + * \return A newly allocated *rdf structure, containing the cloned dname, + * or NULL if either d was NULL, not a dname, or if n >= + * label_count + */ +ldns_rdf * +ldns_dname_clone_from(const ldns_rdf *d, uint16_t n); + +/** + * chop one label off the left side of a dname. so + * wwww.nlnetlabs.nl, becomes nlnetlabs.nl + * This new name is a clone and must be freed with ldns_deep_free() + * \param[in] d the dname to chop + * \return the remaining dname + */ +ldns_rdf *ldns_dname_left_chop(const ldns_rdf *d); + +/** + * count the number of labels inside a LDNS_RDF_DNAME type rdf. + * \param[in] *r the rdf + * \return the number of labels + */ +uint8_t ldns_dname_label_count(const ldns_rdf *r); + +/** + * creates a new dname rdf from a string. + * \param[in] str string to use + * \return ldns_rdf* or NULL in case of an error + */ +ldns_rdf *ldns_dname_new_frm_str(const char *str); + +/** + * Create a new dname rdf from a string + * \param[in] s the size of the new dname + * \param[in] *data pointer to the actual data + * \return ldns_rdf* + */ +ldns_rdf *ldns_dname_new(uint16_t s, void *data); + +/** + * Create a new dname rdf from data (the data is copied) + * \param[in] size the size of the data + * \param[in] *data pointer to the actual data + * \return ldns_rdf* + */ +ldns_rdf *ldns_dname_new_frm_data(uint16_t size, const void *data); + +/** + * Put a dname into canonical fmt - ie. lowercase it + * \param[in] rdf the dname to lowercase + * \return void + */ +void ldns_dname2canonical(const ldns_rdf *rdf); + +/** + * test wether the name sub falls under parent (i.e. is a subdomain + * of parent). This function will return false if the given dnames are + * equal. + * \param[in] sub the name to test + * \param[in] parent the parent's name + * \return true if sub falls under parent, otherwise false + */ +bool ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent); + +/** + * Compares the two dname rdf's according to the algorithm for ordering + * in RFC4034 Section 6. + * \param[in] dname1 First dname rdf to compare + * \param[in] dname2 Second dname rdf to compare + * \return -1 if dname1 comes before dname2, 1 if dname1 comes after dname2, and 0 if they are equal. + */ +int ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2); + +/** + * Checks whether the dname matches the given wildcard + * \param[in] dname The dname to check + * \param[in] wildcard The wildcard to check with + * \return 1 If the wildcard matches, OR if 'wildcard' is not a wildcard and + * the names are *exactly* the same + * 0 If the wildcard does not match, or if it is not a wildcard and + * the names are not the same + */ +int ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard); + +/** + * check if middle lays in the interval defined by prev and next + * prev <= middle < next. This is usefull for nsec checking + * \param[in] prev the previous dname + * \param[in] middle the dname to check + * \param[in] next the next dname + * return 0 on error or unknown, -1 when middle is in the interval, +1 when not + */ +int ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, const ldns_rdf *next); + +/** + * Checks whether the given dname string is absolute (i.e. ends with a '.') + * \param[in] *dname_str a string representing the dname + * \return true or false + */ +bool ldns_dname_str_absolute(const char *dname_str); + +/** + * look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME + * try and retrieve a specific label. The labels are numbered + * starting from 0 (left most). + * \param[in] rdf the rdf to look in + * \param[in] labelpos return the label with this number + * \return a ldns_rdf* with the label as name or NULL on error + */ +ldns_rdf * ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos); + +#endif /* LDNS_DNAME_H */ diff --git a/contrib/ldns/ldns/dnssec.h b/contrib/ldns/ldns/dnssec.h new file mode 100644 index 0000000000..c95b32b6f6 --- /dev/null +++ b/contrib/ldns/ldns/dnssec.h @@ -0,0 +1,454 @@ +/* + * dnssec.h -- defines for the Domain Name System (SEC) (DNSSEC) + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + * A bunch of defines that are used in the DNS + */ + +/** + * \file dnssec.h + * + * This module contains base functions for DNSSEC operations + * (RFC4033 t/m RFC4035). + * + * Since those functions heavily rely op cryptographic operations, + * this module is dependent on openssl. + * + */ + + +#ifndef LDNS_DNSSEC_H +#define LDNS_DNSSEC_H + +#ifdef HAVE_SSL +#include +#include +#endif /* HAVE_SSL */ +#include +#include +#include +#include +#include +#include + +#define LDNS_MAX_KEYLEN 2048 +#define LDNS_DNSSEC_KEYPROTO 3 +/* default time before sigs expire */ +#define LDNS_DEFAULT_EXP_TIME 2419200 /* 4 weeks */ + +/** return values for the old-signature callback */ +#define LDNS_SIGNATURE_LEAVE_ADD_NEW 0 +#define LDNS_SIGNATURE_LEAVE_NO_ADD 1 +#define LDNS_SIGNATURE_REMOVE_ADD_NEW 2 +#define LDNS_SIGNATURE_REMOVE_NO_ADD 3 + +/** + * Returns the first RRSIG rr that corresponds to the rrset + * with the given name and type + * + * \param[in] name The dname of the RRset covered by the RRSIG to find + * \param[in] type The type of the RRset covered by the RRSIG to find + * \param[in] rrs List of rrs to search in + * \returns Pointer to the first RRsig ldns_rr found, or NULL if it is + * not present + */ +ldns_rr *ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, + const ldns_rr_type type, + const ldns_rr_list *rrs); + +/** + * Returns the DNSKEY that corresponds to the given RRSIG rr from the list, if + * any + * + * \param[in] rrsig The rrsig to find the DNSKEY for + * \param[in] rrs The rr list to find the key in + * \return The DNSKEY that corresponds to the given RRSIG, or NULL if it was + * not found. + */ +ldns_rr *ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, const ldns_rr_list *rrs); + +/** + * Returns the rdata field that contains the bitmap of the covered types of + * the given NSEC record + * + * \param[in] nsec The nsec to get the covered type bitmap of + * \return An ldns_rdf containing the bitmap, or NULL on error + */ +ldns_rdf *ldns_nsec_get_bitmap(ldns_rr *nsec); + + +#define LDNS_NSEC3_MAX_ITERATIONS 65535 + +/** + * Returns the dname of the closest (provable) encloser + */ +ldns_rdf * +ldns_dnssec_nsec3_closest_encloser(ldns_rdf *qname, + ldns_rr_type qtype, + ldns_rr_list *nsec3s); + +/** + * Checks whether the packet contains rrsigs + */ +bool +ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt); + +/** + * Returns a ldns_rr_list containing the signatures covering the given name + * and type + */ +ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type); + +/** + * Returns a ldns_rr_list containing the signatures covering the given type + */ +ldns_rr_list *ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type); + +/** + * calculates a keytag of a key for use in DNSSEC. + * + * \param[in] key the key as an RR to use for the calc. + * \return the keytag + */ +uint16_t ldns_calc_keytag(const ldns_rr *key); + +/** + * Calculates keytag of DNSSEC key, operates on wireformat rdata. + * \param[in] key the key as uncompressed wireformat rdata. + * \param[in] keysize length of key data. + * \return the keytag + */ +uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize); + +#ifdef HAVE_SSL +/** + * converts a buffer holding key material to a DSA key in openssl. + * + * \param[in] key the key to convert + * \return a DSA * structure with the key material + */ +DSA *ldns_key_buf2dsa(ldns_buffer *key); +/** + * Like ldns_key_buf2dsa, but uses raw buffer. + * \param[in] key the uncompressed wireformat of the key. + * \param[in] len length of key data + * \return a DSA * structure with the key material + */ +DSA *ldns_key_buf2dsa_raw(unsigned char* key, size_t len); + +/** + * Utility function to calculate hash using generic EVP_MD pointer. + * \param[in] data the data to hash. + * \param[in] len length of data. + * \param[out] dest the destination of the hash, must be large enough. + * \param[in] md the message digest to use. + * \return true if worked, false on failure. + */ +int ldns_digest_evp(unsigned char* data, unsigned int len, + unsigned char* dest, const EVP_MD* md); + +/** + * Converts a holding buffer with key material to EVP PKEY in openssl. + * Only available if ldns was compiled with GOST. + * \param[in] key data to convert + * \param[in] keylen length of the key data + * \return the key or NULL on error. + */ +EVP_PKEY* ldns_gost2pkey_raw(unsigned char* key, size_t keylen); + +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** + * converts a buffer holding key material to a RSA key in openssl. + * + * \param[in] key the key to convert + * \return a RSA * structure with the key material + */ +RSA *ldns_key_buf2rsa(ldns_buffer *key); + +/** + * Like ldns_key_buf2rsa, but uses raw buffer. + * \param[in] key the uncompressed wireformat of the key. + * \param[in] len length of key data + * \return a RSA * structure with the key material + */ +RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len); +#endif /* HAVE_SSL */ + +/** + * returns a new DS rr that represents the given key rr. + * + * \param[in] *key the key to convert + * \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256 + * \return ldns_rr* a new rr pointer to a DS + */ +ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h); + +/** + * Create the type bitmap for an NSEC(3) record + */ +ldns_rdf * +ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], + size_t size, + ldns_rr_type nsec_type); + +/** + * Creates NSEC + */ +ldns_rr * +ldns_dnssec_create_nsec(ldns_dnssec_name *from, + ldns_dnssec_name *to, + ldns_rr_type nsec_type); + + +/** + * Creates NSEC3 + */ +ldns_rr * +ldns_dnssec_create_nsec3(ldns_dnssec_name *from, + ldns_dnssec_name *to, + ldns_rdf *zone_name, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt); + +/** + * Create a NSEC record + * \param[in] cur_owner the current owner which should be taken as the starting point + * \param[in] next_owner the rrlist which the nsec rr should point to + * \param[in] rrs all rrs from the zone, to find all RR types of cur_owner in + * \return a ldns_rr with the nsec record in it + */ +ldns_rr * ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs); + +/** + * Calculates the hashed name using the given parameters + * \param[in] *name The owner name to calculate the hash for + * \param[in] algorithm The hash algorithm to use + * \param[in] iterations The number of hash iterations to use + * \param[in] salt_length The length of the salt in bytes + * \param[in] salt The salt to use + * \return The hashed owner name rdf, without the domain name + */ +ldns_rdf *ldns_nsec3_hash_name(ldns_rdf *name, uint8_t algorithm, uint16_t iterations, uint8_t salt_length, uint8_t *salt); + +/** + * Sets all the NSEC3 options. The rr to set them in must be initialized with _new() and + * type LDNS_RR_TYPE_NSEC3 + * \param[in] *rr The RR to set the values in + * \param[in] algorithm The NSEC3 hash algorithm + * \param[in] flags The flags field + * \param[in] iterations The number of hash iterations + * \param[in] salt_length The length of the salt in bytes + * \param[in] salt The salt bytes + */ +void ldns_nsec3_add_param_rdfs(ldns_rr *rr, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt); + +/* this will NOT return the NSEC3 completed, you will have to run the + finalize function on the rrlist later! */ +ldns_rr * +ldns_create_nsec3(ldns_rdf *cur_owner, + ldns_rdf *cur_zone, + ldns_rr_list *rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + bool emptynonterminal); + +/** + * Returns the hash algorithm used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The algorithm identifier, or 0 on error + */ +uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr); + +/** + * Returns flags field + */ +uint8_t +ldns_nsec3_flags(const ldns_rr *nsec3_rr); + +/** + * Returns true if the opt-out flag has been set in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return true if the RR has type NSEC3 and the opt-out bit has been set, false otherwise + */ +bool ldns_nsec3_optout(const ldns_rr *nsec3_rr); + +/** + * Returns the number of hash iterations used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The number of iterations + */ +uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr); + +/** + * Returns the salt used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The salt rdf, or NULL on error + */ +ldns_rdf *ldns_nsec3_salt(const ldns_rr *nsec3_rr); + +/** + * Returns the length of the salt used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The length of the salt in bytes + */ +uint8_t ldns_nsec3_salt_length(const ldns_rr *nsec3_rr); + +/** + * Returns the salt bytes used in the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The salt in bytes, this is alloced, so you need to free it + */ +uint8_t *ldns_nsec3_salt_data(const ldns_rr *nsec3_rr); + +/** + * Returns the first label of the next ownername in the NSEC3 chain (ie. without the domain) + * \param[in] nsec3_rr The RR to read from + * \return The first label of the next owner name in the NSEC3 chain, or NULL on error + */ +ldns_rdf *ldns_nsec3_next_owner(const ldns_rr *nsec3_rr); + +/** + * Returns the bitmap specifying the covered types of the given NSEC3 RR + * \param[in] *nsec3_rr The RR to read from + * \return The covered type bitmap rdf + */ +ldns_rdf *ldns_nsec3_bitmap(const ldns_rr *nsec3_rr); + +/** + * Calculates the hashed name using the parameters of the given NSEC3 RR + * \param[in] *nsec The RR to use the parameters from + * \param[in] *name The owner name to calculate the hash for + * \return The hashed owner name rdf, without the domain name + */ +ldns_rdf *ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, ldns_rdf *name); + +/** + * Checks coverage of NSEC RR type bitmap + * \param[in] nsec_bitmap The NSEC bitmap rdata field to check + * \param[in] type The type to check + * \return true if the NSEC RR covers the type + */ +bool ldns_nsec_bitmap_covers_type(const ldns_rdf *nsec_bitmap, ldns_rr_type type); + +/** + * Checks coverage of NSEC(3) RR name span + * Remember that nsec and name must both be in canonical form (ie use + * \ref ldns_rr2canonical and \ref ldns_dname2canonical prior to calling this + * function) + * + * \param[in] nsec The NSEC RR to check + * \param[in] name The owner dname to check, if the nsec record is a NSEC3 record, this should be the hashed name + * \return true if the NSEC RR covers the owner name + */ +bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name); + +#ifdef HAVE_SSL +/** + * verify a packet + * \param[in] p the packet + * \param[in] t the rr set type to check + * \param[in] o the rr set name to ckeck + * \param[in] k list of keys + * \param[in] s list of sigs (may be null) + * \param[out] good_keys keys which validated the packet + * \return status + * + */ +ldns_status ldns_pkt_verify(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o, ldns_rr_list *k, ldns_rr_list *s, ldns_rr_list *good_keys); +#endif + +/** + * chains nsec3 list + */ +ldns_status +ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs); + +/** + * compare for nsec3 sort + */ +int +qsort_rr_compare_nsec3(const void *a, const void *b); + +/** + * sort nsec3 list + */ +void +ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted); + +/** + * Default callback function to always leave present signatures, and + * add new ones + * \param[in] sig The signature to check for removal (unused) + * \param[in] n Optional argument (unused) + * \return LDNS_SIGNATURE_LEAVE_ADD_NEW + */ +int ldns_dnssec_default_add_to_signatures(ldns_rr *sig, void *n); +/** + * Default callback function to always leave present signatures, and + * add no new ones for the keys of these signatures + * \param[in] sig The signature to check for removal (unused) + * \param[in] n Optional argument (unused) + * \return LDNS_SIGNATURE_LEAVE_NO_ADD + */ +int ldns_dnssec_default_leave_signatures(ldns_rr *sig, void *n); +/** + * Default callback function to always remove present signatures, but + * add no new ones + * \param[in] sig The signature to check for removal (unused) + * \param[in] n Optional argument (unused) + * \return LDNS_SIGNATURE_REMOVE_NO_ADD + */ +int ldns_dnssec_default_delete_signatures(ldns_rr *sig, void *n); +/** + * Default callback function to always leave present signatures, and + * add new ones + * \param[in] sig The signature to check for removal (unused) + * \param[in] n Optional argument (unused) + * \return LDNS_SIGNATURE_REMOVE_ADD_NEW + */ +int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n); + +#ifdef HAVE_SSL +/** + * Converts the DSA signature from ASN1 representation (RFC2459, as + * used by OpenSSL) to raw signature data as used in DNS (rfc2536) + * + * \param[in] sig The signature in RFC2459 format + * \param[in] sig_len The length of the signature + * \return a new rdf with the signature + */ +ldns_rdf * +ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, + const long sig_len); + +/** + * Converts the RRSIG signature RDF (in rfc2536 format) to a buffer + * with the signature in rfc2459 format + * + * \param[out] target_buffer buffer to place the signature data + * \param[in] sig_rdf The signature rdf to convert + * \return LDNS_STATUS_OK on success, error code otherwise + */ +ldns_status +ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, + const ldns_rdf *sig_rdf); + +#endif /* HAVE_SSL */ + +#endif /* LDNS_DNSSEC_H */ diff --git a/contrib/ldns/ldns/dnssec_sign.h b/contrib/ldns/ldns/dnssec_sign.h new file mode 100644 index 0000000000..64683c0649 --- /dev/null +++ b/contrib/ldns/ldns/dnssec_sign.h @@ -0,0 +1,312 @@ +/** dnssec_verify */ + +#ifndef LDNS_DNSSEC_SIGN_H +#define LDNS_DNSSEC_SIGN_H + +#include + +/* sign functions */ + +/** Sign flag that makes DNSKEY type signed by all keys, not only by SEP keys*/ +#define LDNS_SIGN_DNSKEY_WITH_ZSK 1 + +/** + * Create an empty RRSIG RR (i.e. without the actual signature data) + * \param[in] rrset The RRset to create the signature for + * \param[in] key The key that will create the signature + * \return signature rr + */ +ldns_rr * +ldns_create_empty_rrsig(ldns_rr_list *rrset, + ldns_key *key); + +/** + * Sign the buffer which contains the wiredata of an rrset, and the + * corresponding empty rrsig rr with the given key + * \param[in] sign_buf the buffer with data to sign + * \param[in] key the key to sign with + * \return an rdata field with the signature data + */ +ldns_rdf * +ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *key); + +/** + * Sign an rrset + * \param[in] rrset the rrset + * \param[in] keys the keys to use + * \return a rr_list with the signatures + */ +ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys); + +#ifdef HAVE_SSL +/** + * Sign a buffer with the DSA key (hash with SHA1) + * \param[in] to_sign buffer with the data + * \param[in] key the key to use + * \return a ldns_rdf with the signed data + */ +ldns_rdf *ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key); + +/** + * Sign data with EVP (general method for different algorithms) + * + * \param[in] to_sign The ldns_buffer containing raw data that is + * to be signed + * \param[in] key The EVP_PKEY key structure to sign with + * \param[in] digest_type The digest algorithm to use in the creation of + * the signature + * \return ldns_rdf for the RRSIG ldns_rr + */ +ldns_rdf *ldns_sign_public_evp(ldns_buffer *to_sign, + EVP_PKEY *key, + const EVP_MD *digest_type); + +/** + * Sign a buffer with the RSA key (hash with SHA1) + * \param[in] to_sign buffer with the data + * \param[in] key the key to use + * \return a ldns_rdf with the signed data + */ +ldns_rdf *ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key); + +/** + * Sign a buffer with the RSA key (hash with MD5) + * \param[in] to_sign buffer with the data + * \param[in] key the key to use + * \return a ldns_rdf with the signed data + */ +ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key); +#endif /* HAVE_SSL */ + +/** + * Finds the first dnssec_name node in the rbtree that has not been marked + * as glue, starting at the given node + * + * \param[in] node the first node to check + * \return the first node that has not been marked as glue, or NULL + * if not found (TODO: make that LDNS_RBTREE_NULL?) + */ +ldns_rbnode_t *ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node); + +/** + * Adds NSEC records to the given dnssec_zone + * + * \param[in] zone the zone to add the records to + * \param[in] new_rrs ldns_rr's created by this function are + * added to this rr list, so the caller can free them later + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs); + +/** + * Adds NSEC3 records to the zone + */ +ldns_status +ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt); + +/** + * remove signatures if callback function tells to + * + * \param[in] signatures list of signatures to check, and + * possibly remove, depending on the value of the + * callback + * \param[in] key_list these are marked to be used or not, + * on the return value of the callback + * \param[in] func this function is called to specify what to + * do with each signature (and corresponding key) + * \param[in] arg Optional argument for the callback function + * \returns pointer to the new signatures rrs (the original + * passed to this function may have been removed) + */ +ldns_dnssec_rrs *ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg); + +/** + * Adds signatures to the zone + * + * \param[in] zone the zone to add RRSIG Resource Records to + * \param[in] new_rrs the RRSIG RRs that are created are also + * added to this list, so the caller can free them + * later + * \param[in] key_list list of keys to sign with. + * \param[in] func Callback function to decide what keys to + * use and what to do with old signatures + * \param[in] arg Optional argument for the callback function + * \param[in] flags option flags for signing process. 0 makes DNSKEY + * RRset signed with the minimal key set, that is only SEP keys are used + * for signing. If there are no SEP keys available, non-SEP keys will + * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all + * keys. 0 is the default. + * \return LDNS_STATUS_OK on success, error otherwise + */ +ldns_status ldns_dnssec_zone_create_rrsigs_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void*), + void *arg, + int flags); + +/** + * Adds signatures to the zone + * + * \param[in] zone the zone to add RRSIG Resource Records to + * \param[in] new_rrs the RRSIG RRs that are created are also + * added to this list, so the caller can free them + * later + * \param[in] key_list list of keys to sign with. + * \param[in] func Callback function to decide what keys to + * use and what to do with old signatures + * \param[in] arg Optional argument for the callback function + * \return LDNS_STATUS_OK on success, error otherwise + */ +ldns_status ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void*), + void *arg); + +/** + * signs the given zone with the given keys + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: + * LDNS_SIGNATURE_LEAVE_ADD_NEW: + * leave the signature and add a new one for the corresponding key + * LDNS_SIGNATURE_REMOVE_ADD_NEW: + * remove the signature and replace is with a new one from the same key + * LDNS_SIGNATURE_LEAVE_NO_ADD: + * leave the signature and do not add a new one with the corresponding key + * LDNS_SIGNATURE_REMOVE_NO_ADD: + * remove the signature and do not replace + * + * \param[in] arg optional argument for the callback function + * \param[in] flags option flags for signing process. 0 makes DNSKEY + * RRset signed with the minimal key set, that is only SEP keys are used + * for signing. If there are no SEP keys available, non-SEP keys will + * be used. LDNS_SIGN_DNSKEY_WITH_ZSK makes DNSKEY type signed with all + * keys. 0 is the default. + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + int flags); + +/** + * signs the given zone with the given new zone, with NSEC3 + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * \param[in] arg optional argument for the callback function + * \param[in] algorithm the NSEC3 hashing algorithm to use + * \param[in] flags NSEC3 flags + * \param[in] iterations the number of NSEC3 hash iterations to use + * \param[in] salt_length the length (in octets) of the NSEC3 salt + * \param[in] salt the NSEC3 salt data + * \param[in] signflags option flags for signing process. 0 is the default. + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + int signflags); + +/** + * signs the given zone with the given keys + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * This function takes an ldns_rr* and an optional void *arg argument, and returns one of four values: + * LDNS_SIGNATURE_LEAVE_ADD_NEW: + * leave the signature and add a new one for the corresponding key + * LDNS_SIGNATURE_REMOVE_ADD_NEW: + * remove the signature and replace is with a new one from the same key + * LDNS_SIGNATURE_LEAVE_NO_ADD: + * leave the signature and do not add a new one with the corresponding key + * LDNS_SIGNATURE_REMOVE_NO_ADD: + * remove the signature and do not replace + * + * \param[in] arg optional argument for the callback function + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg); + +/** + * signs the given zone with the given new zone, with NSEC3 + * + * \param[in] zone the zone to sign + * \param[in] key_list the list of keys to sign the zone with + * \param[in] new_rrs newly created resource records are added to this list, to free them later + * \param[in] func callback function that decides what to do with old signatures + * \param[in] arg optional argument for the callback function + * \param[in] algorithm the NSEC3 hashing algorithm to use + * \param[in] flags NSEC3 flags + * \param[in] iterations the number of NSEC3 hash iterations to use + * \param[in] salt_length the length (in octets) of the NSEC3 salt + * \param[in] salt the NSEC3 salt data + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt); + +/** + * Signs the zone, and returns a newly allocated signed zone + * \param[in] zone the zone to sign + * \param[in] key_list list of keys to sign with + * \return signed zone + */ +ldns_zone *ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list); + +/** + * Signs the zone with NSEC3, and returns a newly allocated signed zone + * \param[in] zone the zone to sign + * \param[in] key_list list of keys to sign with + * \param[in] algorithm the NSEC3 hashing algorithm to use + * \param[in] flags NSEC3 flags + * \param[in] iterations the number of NSEC3 hash iterations to use + * \param[in] salt_length the length (in octets) of the NSEC3 salt + * \param[in] salt the NSEC3 salt data + * \return signed zone + */ +ldns_zone *ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt); + + + +#endif diff --git a/contrib/ldns/ldns/dnssec_verify.h b/contrib/ldns/ldns/dnssec_verify.h new file mode 100644 index 0000000000..58e74678b5 --- /dev/null +++ b/contrib/ldns/ldns/dnssec_verify.h @@ -0,0 +1,604 @@ +/** dnssec_verify */ + +#ifndef LDNS_DNSSEC_VERIFY_H +#define LDNS_DNSSEC_VERIFY_H + +#define LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS 10 + +#include + +/** + * Chain structure that contains all DNSSEC data needed to + * verify an rrset + */ +typedef struct ldns_dnssec_data_chain_struct ldns_dnssec_data_chain; +struct ldns_dnssec_data_chain_struct +{ + ldns_rr_list *rrset; + ldns_rr_list *signatures; + ldns_rr_type parent_type; + ldns_dnssec_data_chain *parent; + ldns_pkt_rcode packet_rcode; + ldns_rr_type packet_qtype; + bool packet_nodata; +}; + +/** + * Creates a new dnssec_chain structure + * \return ldns_dnssec_data_chain * + */ +ldns_dnssec_data_chain *ldns_dnssec_data_chain_new(); + +/** + * Frees a dnssec_data_chain structure + * + * \param[in] *chain The chain to free + */ +void ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain); + +/** + * Frees a dnssec_data_chain structure, and all data + * contained therein + * + * \param[in] *chain The dnssec_data_chain to free + */ +void ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain); + +/** + * Prints the dnssec_data_chain to the given file stream + * + * \param[in] *out The file stream to print to + * \param[in] *chain The dnssec_data_chain to print + */ +void ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain); + +/** + * Build an ldns_dnssec_data_chain, which contains all + * DNSSEC data that is needed to derive the trust tree later + * + * The data_set will be cloned + * + * \param[in] *res resolver structure for further needed queries + * \param[in] qflags resolution flags + * \param[in] *data_set The original rrset where the chain ends + * \param[in] *pkt optional, can contain the original packet + * (and hence the sigs and maybe the key) + * \param[in] *orig_rr The original Resource Record + * + * \return the DNSSEC data chain + */ +ldns_dnssec_data_chain *ldns_dnssec_build_data_chain(ldns_resolver *res, + const uint16_t qflags, + const ldns_rr_list *data_set, + const ldns_pkt *pkt, + ldns_rr *orig_rr); + +/** + * Tree structure that contains the relation of DNSSEC data, + * and their cryptographic status. + * + * This tree is derived from a data_chain, and can be used + * to look whether there is a connection between an RRSET + * and a trusted key. The tree only contains pointers to the + * data_chain, and therefore one should *never* free() the + * data_chain when there is still a trust tree derived from + * that chain. + * + * Example tree: + * key key key + * \ | / + * \ | / + * \ | / + * ds + * | + * key + * | + * key + * | + * rr + * + * For each signature there is a parent; if the parent + * pointer is null, it couldn't be found and there was no + * denial; otherwise is a tree which contains either a + * DNSKEY, a DS, or a NSEC rr + */ +typedef struct ldns_dnssec_trust_tree_struct ldns_dnssec_trust_tree; +struct ldns_dnssec_trust_tree_struct +{ + ldns_rr *rr; + /* the complete rrset this rr was in */ + ldns_rr_list *rrset; + ldns_dnssec_trust_tree *parents[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; + ldns_status parent_status[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; + /** for debugging, add signatures too (you might want + those if they contain errors) */ + ldns_rr *parent_signature[LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS]; + size_t parent_count; +}; + +/** + * Creates a new (empty) dnssec_trust_tree structure + * + * \return ldns_dnssec_trust_tree * + */ +ldns_dnssec_trust_tree *ldns_dnssec_trust_tree_new(); + +/** + * Frees the dnssec_trust_tree recursively + * + * There is no deep free; all data in the trust tree + * consists of pointers to a data_chain + * + * \param[in] tree The tree to free + */ +void ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree); + +/** + * returns the depth of the trust tree + * + * \param[in] tree tree to calculate the depth of + * \return The depth of the tree + */ +size_t ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree); + +/** + * Prints the dnssec_trust_tree structure to the given file + * stream. + * + * If a link status is not LDNS_STATUS_OK; the status and + * relevant signatures are printed too + * + * \param[in] *out The file stream to print to + * \param[in] tree The trust tree to print + * \param[in] tabs Prepend each line with tabs*2 spaces + * \param[in] extended If true, add little explanation lines to the output + */ +void ldns_dnssec_trust_tree_print(FILE *out, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended); + +/** + * Adds a trust tree as a parent for the given trust tree + * + * \param[in] *tree The tree to add the parent to + * \param[in] *parent The parent tree to add + * \param[in] *parent_signature The RRSIG relevant to this parent/child + * connection + * \param[in] parent_status The DNSSEC status for this parent, child and RRSIG + * \return LDNS_STATUS_OK if the addition succeeds, error otherwise + */ +ldns_status ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree, + const ldns_dnssec_trust_tree *parent, + const ldns_rr *parent_signature, + const ldns_status parent_status); + +/** + * Generates a dnssec_trust_ttree for the given rr from the + * given data_chain + * + * This does not clone the actual data; Don't free the + * data_chain before you are done with this tree + * + * \param[in] *data_chain The chain to derive the trust tree from + * \param[in] *rr The RR this tree will be about + * \return ldns_dnssec_trust_tree * + */ +ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree( + ldns_dnssec_data_chain *data_chain, + ldns_rr *rr); + +/** + * Sub function for derive_trust_tree that is used for a + * 'normal' rrset + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_sig_rr The currently relevant signature + */ +void ldns_dnssec_derive_trust_tree_normal_rrset( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_sig_rr); + +/** + * Sub function for derive_trust_tree that is used for DNSKEY rrsets + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_rr The currently relevant DNSKEY RR + * \param[in] cur_sig_rr The currently relevant signature + */ +void ldns_dnssec_derive_trust_tree_dnskey_rrset( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + ldns_rr *cur_sig_rr); + +/** + * Sub function for derive_trust_tree that is used for DS rrsets + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + * \param[in] cur_rr The currently relevant DS RR + */ +void ldns_dnssec_derive_trust_tree_ds_rrset( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr); + +/** + * Sub function for derive_trust_tree that is used when there are no + * signatures + * + * \param[in] new_tree The trust tree that we are building + * \param[in] data_chain The data chain containing the data for the trust tree + */ +void ldns_dnssec_derive_trust_tree_no_sig( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain); + +/** + * Returns OK if there is a trusted path in the tree to one of + * the DNSKEY or DS RRs in the given list + * + * \param *tree The trust tree so search + * \param *keys A ldns_rr_list of DNSKEY and DS rrs to look for + * \return LDNS_STATUS_OK if there is a trusted path to one of + * the keys, or the *first* error encountered + * if there were no paths + */ +ldns_status ldns_dnssec_trust_tree_contains_keys( + ldns_dnssec_trust_tree *tree, + ldns_rr_list *keys); + +/** + * Verifies a list of signatures for one rrset. + * + * \param[in] rrset the rrset to verify + * \param[in] rrsig a list of signatures to check + * \param[in] keys a list of keys to check with + * \param[out] good_keys if this is a (initialized) list, the keys + * from keys that validate one of the signatures + * are added to it + * \return status LDNS_STATUS_OK if there is at least one correct key + */ +ldns_status ldns_verify(ldns_rr_list *rrset, + ldns_rr_list *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys); + +/** + * Verifies a list of signatures for one rrset, but disregard the time. + * Inception and Expiration are not checked. + * + * \param[in] rrset the rrset to verify + * \param[in] rrsig a list of signatures to check + * \param[in] keys a list of keys to check with + * \param[out] good_keys if this is a (initialized) list, the keys + * from keys that validate one of the signatures + * are added to it + * \return status LDNS_STATUS_OK if there is at least one correct key + */ +ldns_status ldns_verify_notime(ldns_rr_list *rrset, + ldns_rr_list *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys); + +/** + * Tries to build an authentication chain from the given + * keys down to the queried domain. + * + * If we find a valid trust path, return the valid keys for the domain. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \param[out] status pointer to the status variable where the result + * code will be stored + * \return the set of trusted keys for the domain, or NULL if no + * trust path could be built. + */ +ldns_rr_list *ldns_fetch_valid_domain_keys(const ldns_resolver * res, + const ldns_rdf * domain, + const ldns_rr_list * keys, + ldns_status *status); + +/** + * Validates the DNSKEY RRset for the given domain using the provided + * trusted keys. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \return the set of trusted keys for the domain, or NULL if the RRSET + * could not be validated + */ +ldns_rr_list *ldns_validate_domain_dnskey (const ldns_resolver *res, + const ldns_rdf *domain, + const ldns_rr_list *keys); + +/** + * Validates the DS RRset for the given domain using the provided trusted keys. + * + * \param[in] res the current resolver + * \param[in] domain the domain we want valid keys for + * \param[in] keys the current set of trusted keys + * \return the set of trusted keys for the domain, or NULL if the RRSET could not be validated + */ +ldns_rr_list *ldns_validate_domain_ds(const ldns_resolver *res, + const ldns_rdf * + domain, + const ldns_rr_list * keys); + +/** + * Verifies a list of signatures for one RRset using a valid trust path. + * + * \param[in] res the current resolver + * \param[in] rrset the rrset to verify + * \param[in] rrsigs a list of signatures to check + * \param[out] validating_keys if this is a (initialized) list, the + * keys from keys that validate one of + * the signatures are added to it + * \return status LDNS_STATUS_OK if there is at least one correct key + */ +ldns_status ldns_verify_trusted(ldns_resolver *res, + ldns_rr_list *rrset, + ldns_rr_list *rrsigs, + ldns_rr_list *validating_keys); + +/** + * denial is not just a river in egypt + * + * \param[in] rr The (query) RR to check the denial of existence for + * \param[in] nsecs The list of NSEC RRs that are supposed to deny the + * existence of the RR + * \param[in] rrsigs The RRSIG RR covering the NSEC RRs + * \return LDNS_STATUS_OK if the NSEC RRs deny the existence, error code + * containing the reason they do not otherwise + */ +ldns_status ldns_dnssec_verify_denial(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs); + +/** + * Denial of existence using NSEC3 records + * Since NSEC3 is a bit more complicated than normal denial, some + * context arguments are needed + * + * \param[in] rr The (query) RR to check the denial of existence for + * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the + * existence of the RR + * \param[in] rrsigs The RRSIG rr covering the NSEC RRs + * \param[in] packet_rcode The RCODE value of the packet that provided the + * NSEC3 RRs + * \param[in] packet_qtype The original query RR type + * \param[in] packet_nodata True if the providing packet had an empty ANSWER + * section + * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code + * containing the reason they do not otherwise + */ +ldns_status ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata); + +/** + * Verifies the already processed data in the buffers + * This function should probably not be used directly. + * + * \param[in] rawsig_buf Buffer containing signature data to use + * \param[in] verify_buf Buffer containing data to verify + * \param[in] key_buf Buffer containing key data to use + * \param[in] algo Signing algorithm + * \return status LDNS_STATUS_OK if the data verifies. Error if not. + */ +ldns_status ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, + ldns_buffer *verify_buf, + ldns_buffer *key_buf, + uint8_t algo); + +/** + * Like ldns_verify_rrsig_buffers, but uses raw data. + * + * \param[in] sig signature data to use + * \param[in] siglen length of signature data to use + * \param[in] verify_buf Buffer containing data to verify + * \param[in] key key data to use + * \param[in] keylen length of key data to use + * \param[in] algo Signing algorithm + * \return status LDNS_STATUS_OK if the data verifies. Error if not. + */ +ldns_status ldns_verify_rrsig_buffers_raw(unsigned char* sig, + size_t siglen, + ldns_buffer *verify_buf, + unsigned char* key, + size_t keylen, + uint8_t algo); + +/** + * Verifies an rrsig. All keys in the keyset are tried. + * \param[in] rrset the rrset to check + * \param[in] rrsig the signature of the rrset + * \param[in] keys the keys to try + * \param[out] good_keys if this is a (initialized) list, the keys + * from keys that validate one of the signatures + * are added to it + * \return a list of keys which validate the rrsig + rrset. Returns + * status LDNS_STATUS_OK if at least one key matched. Else an error. + */ +ldns_status ldns_verify_rrsig_keylist(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys); + +/** + * Verifies an rrsig. All keys in the keyset are tried. Time is not checked. + * \param[in] rrset the rrset to check + * \param[in] rrsig the signature of the rrset + * \param[in] keys the keys to try + * \param[out] good_keys if this is a (initialized) list, the keys + * from keys that validate one of the signatures + * are added to it + * \return a list of keys which validate the rrsig + rrset. Returns + * status LDNS_STATUS_OK if at least one key matched. Else an error. + */ +ldns_status ldns_verify_rrsig_keylist_notime(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys); + +/** + * verify an rrsig with 1 key + * \param[in] rrset the rrset + * \param[in] rrsig the rrsig to verify + * \param[in] key the key to use + * \return status message wether verification succeeded. + */ +ldns_status ldns_verify_rrsig(ldns_rr_list *rrset, + ldns_rr *rrsig, + ldns_rr *key); + +/** + * verifies a buffer with signature data for a buffer with rrset data + * with an EVP_PKEY + * + * \param[in] sig the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the EVP key structure + * \param[in] digest_type The digest type of the signature + */ +#ifdef HAVE_SSL +ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig, + ldns_buffer *rrset, + EVP_PKEY *key, + const EVP_MD *digest_type); +#endif + +/** + * Like ldns_verify_rrsig_evp, but uses raw signature data. + * \param[in] sig the signature data, wireformat uncompressed + * \param[in] siglen length of the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the EVP key structure + * \param[in] digest_type The digest type of the signature + */ +#ifdef HAVE_SSL +ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig, + size_t siglen, + ldns_buffer *rrset, + EVP_PKEY *key, + const EVP_MD *digest_type); +#endif + +/** + * verifies a buffer with signature data (DSA) for a buffer with rrset data + * with a buffer with key data. + * + * \param[in] sig the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the key data + */ +ldns_status ldns_verify_rrsig_dsa(ldns_buffer *sig, + ldns_buffer *rrset, + ldns_buffer *key); + +/** + * verifies a buffer with signature data (RSASHA1) for a buffer with rrset data + * with a buffer with key data. + * + * \param[in] sig the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the key data + */ +ldns_status ldns_verify_rrsig_rsasha1(ldns_buffer *sig, + ldns_buffer *rrset, + ldns_buffer *key); + +/** + * verifies a buffer with signature data (RSAMD5) for a buffer with rrset data + * with a buffer with key data. + * + * \param[in] sig the signature data + * \param[in] rrset the rrset data, sorted and processed for verification + * \param[in] key the key data + */ +ldns_status ldns_verify_rrsig_rsamd5(ldns_buffer *sig, + ldns_buffer *rrset, + ldns_buffer *key); + +/** + * Like ldns_verify_rrsig_dsa, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ +ldns_status ldns_verify_rrsig_dsa_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +/** + * Like ldns_verify_rrsig_rsasha1, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ +ldns_status ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +/** + * Like ldns_verify_rrsig_rsasha256, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ + +ldns_status ldns_verify_rrsig_rsasha256_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +/** + * Like ldns_verify_rrsig_rsasha512, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ +ldns_status ldns_verify_rrsig_rsasha512_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +/** + * Like ldns_verify_rrsig_rsamd5, but uses raw signature and key data. + * \param[in] sig raw uncompressed wireformat signature data + * \param[in] siglen length of signature data + * \param[in] rrset ldns buffer with prepared rrset data. + * \param[in] key raw uncompressed wireformat key data + * \param[in] keylen length of key data + */ +ldns_status ldns_verify_rrsig_rsamd5_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen); + +#endif + diff --git a/contrib/ldns/ldns/dnssec_zone.h b/contrib/ldns/ldns/dnssec_zone.h new file mode 100644 index 0000000000..196f1931b7 --- /dev/null +++ b/contrib/ldns/ldns/dnssec_zone.h @@ -0,0 +1,358 @@ +/* + * special zone file structures and functions for better dnssec handling + * + * A zone contains a SOA dnssec_zone_rrset, and an AVL tree of 'normal' + * dnssec_zone_rrsets, indexed by name and type + */ + +#ifndef LDNS_DNSSEC_ZONE_H +#define LDNS_DNSSEC_ZONE_H + +#include +#include + +/** + * Singly linked list of rrs + */ +typedef struct ldns_struct_dnssec_rrs ldns_dnssec_rrs; +struct ldns_struct_dnssec_rrs +{ + ldns_rr *rr; + ldns_dnssec_rrs *next; +}; + +/** + * Singly linked list of RRsets + */ +typedef struct ldns_struct_dnssec_rrsets ldns_dnssec_rrsets; +struct ldns_struct_dnssec_rrsets +{ + ldns_dnssec_rrs *rrs; + ldns_rr_type type; + ldns_dnssec_rrs *signatures; + ldns_dnssec_rrsets *next; +}; + +/** + * Structure containing all resource records for a domain name + * Including the derived NSEC3, if present + */ +typedef struct ldns_struct_dnssec_name ldns_dnssec_name; +struct ldns_struct_dnssec_name +{ + /** + * pointer to a dname containing the name. + * Usually points to the owner name of the first RR of the first RRset + */ + ldns_rdf *name; + /** + * Usually, the name is a pointer to the owner name of the first rr for + * this name, but sometimes there is no actual data to point to, + * for instance in + * names representing empty nonterminals. If so, set alloced to true to + * indicate that this data must also be freed when the name is freed + */ + bool name_alloced; + /** + * The rrsets for this name + */ + ldns_dnssec_rrsets *rrsets; + /** + * NSEC pointing to the next name (or NSEC3 pointing to the next NSEC3) + */ + ldns_rr *nsec; + /** + * signatures for the NSEC record + */ + ldns_dnssec_rrs *nsec_signatures; + /** + * Set to true if this name is glue + * (as marked by ldns_dnssec_zone_mark_glue()) + */ + bool is_glue; + /** + * pointer to store the hashed name (only used when in an NSEC3 zone + */ + ldns_rdf *hashed_name; +}; + +/** + * Structure containing a dnssec zone + */ +struct ldns_struct_dnssec_zone { + /** points to the name containing the SOA RR */ + ldns_dnssec_name *soa; + /** tree of ldns_dnssec_names */ + ldns_rbtree_t *names; +}; +typedef struct ldns_struct_dnssec_zone ldns_dnssec_zone; + +/** + * Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs + * \return the allocated data + */ +ldns_dnssec_rrs *ldns_dnssec_rrs_new(); + +/** + * Frees the list of rrs, but *not* the individual ldns_rr records + * contained in the list + * + * \param[in] rrs the data structure to free + */ +void ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs); + +/** + * Frees the list of rrs, and the individual ldns_rr records + * contained in the list + * + * \param[in] rrs the data structure to free + */ +void ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs); + +/** + * Adds an RR to the list of RRs. The list will remain ordered + * + * \param[in] rrs the list to add to + * \param[in] rr the RR to add + * \return LDNS_STATUS_OK on success + */ +ldns_status ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr); + +/** + * Prints the given rrs to the file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] rrs the list of RRs to print + */ +void ldns_dnssec_rrs_print(FILE *out, ldns_dnssec_rrs *rrs); + +/** + * Creates a new list (entry) of RRsets + * \return the newly allocated structure + */ +ldns_dnssec_rrsets *ldns_dnssec_rrsets_new(); + +/** + * Frees the list of rrsets and their rrs, but *not* the ldns_rr + * records in the sets + * + * \param[in] rrsets the data structure to free + */ +void ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets); + +/** + * Frees the list of rrsets and their rrs, and the ldns_rr + * records in the sets + * + * \param[in] rrsets the data structure to free + */ +void ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets); + +/** + * Returns the rr type of the rrset (that is head of the given list) + * + * \param[in] rrsets the rrset to get the type of + * \return the rr type + */ +ldns_rr_type ldns_dnssec_rrsets_type(ldns_dnssec_rrsets *rrsets); + +/** + * Sets the RR type of the rrset (that is head of the given list) + * + * \param[in] rrsets the rrset to set the type of + * \param[in] type the type to set + * \return LDNS_STATUS_OK on success + */ +ldns_status ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, + ldns_rr_type type); + +/** + * Add an ldns_rr to the corresponding RRset in the given list of RRsets. + * If it is not present, add it as a new RRset with 1 record. + * + * \param[in] rrsets the list of rrsets to add the RR to + * \param[in] rr the rr to add to the list of rrsets + * \return LDNS_STATUS_OK on success + */ +ldns_status ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr); + +/** + * Print the given list of rrsets to the fiven file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] rrsets the list of RRsets to print + * \param[in] follow if set to false, only print the first RRset + */ +void ldns_dnssec_rrsets_print(FILE *out, + ldns_dnssec_rrsets *rrsets, + bool follow); + +/** + * Create a new data structure for a dnssec name + * \return the allocated structure + */ +ldns_dnssec_name *ldns_dnssec_name_new(); + +/** + * Create a new data structure for a dnssec name for the given RR + * + * \param[in] rr the RR to derive properties from, and to add to the name + */ +ldns_dnssec_name *ldns_dnssec_name_new_frm_rr(ldns_rr *rr); + +/** + * Frees the name structure and its rrs and rrsets. + * Individual ldns_rr records therein are not freed + * + * \param[in] name the structure to free + */ +void ldns_dnssec_name_free(ldns_dnssec_name *name); + +/** + * Frees the name structure and its rrs and rrsets. + * Individual ldns_rr records contained in the name are also freed + * + * \param[in] name the structure to free + */ +void ldns_dnssec_name_deep_free(ldns_dnssec_name *name); + +/** + * Returns the domain name of the given dnssec_name structure + * + * \param[in] name the dnssec name to get the domain name from + * \return the domain name + */ +ldns_rdf *ldns_dnssec_name_name(ldns_dnssec_name *name); + + +/** + * Sets the domain name of the given dnssec_name structure + * + * \param[in] name the dnssec name to set the domain name of + * \param[in] dname the domain name to set it to. This data is *not* copied. + */ +void ldns_dnssec_name_set_name(ldns_dnssec_name *name, + ldns_rdf *dname); + +/** + * Sets the NSEC(3) RR of the given dnssec_name structure + * + * \param[in] name the dnssec name to set the domain name of + * \param[in] nsec the nsec rr to set it to. This data is *not* copied. + */ +void ldns_dnssec_name_set_nsec(ldns_dnssec_name *name, ldns_rr *nsec); + +/** + * Compares the domain names of the two arguments in their + * canonical ordening. + * + * \param[in] a The first dnssec_name to compare + * \param[in] b The second dnssec_name to compare + * \return -1 if the domain name of a comes before that of b in canonical + * ordening, 1 if it is the other way around, and 0 if they are + * equal + */ +int ldns_dnssec_name_cmp(const void *a, const void *b); + +/** + * Inserts the given rr at the right place in the current dnssec_name + * No checking is done whether the name matches + * + * \param[in] name The ldns_dnssec_name to add the RR to + * \param[in] rr The RR to add + * \return LDNS_STATUS_OK on success, error code otherwise + */ +ldns_status ldns_dnssec_name_add_rr(ldns_dnssec_name *name, + ldns_rr *rr); + +/** + * Find the RRset with the given type in within this name structure + * + * \param[in] name the name to find the RRset in + * \param[in] type the type of the RRset to find + * \return the RRset, or NULL if not present + */ +ldns_dnssec_rrsets *ldns_dnssec_name_find_rrset(ldns_dnssec_name *name, + ldns_rr_type type); + +/** + * Find the RRset with the given name and type in the zone + * + * \param[in] zone the zone structure to find the RRset in + * \param[in] dname the domain name of the RRset to find + * \param[in] type the type of the RRset to find + * \return the RRset, or NULL if not present + */ +ldns_dnssec_rrsets *ldns_dnssec_zone_find_rrset(ldns_dnssec_zone *zone, + ldns_rdf *dname, + ldns_rr_type type); + +/** + * Prints the RRs in the dnssec name structure to the given + * file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] name the name structure to print the contents of + */ +void ldns_dnssec_name_print(FILE *out, ldns_dnssec_name *name); + +/** + * Creates a new dnssec_zone structure + * \return the allocated structure + */ +ldns_dnssec_zone *ldns_dnssec_zone_new(); + +/** + * Frees the given zone structure, and its rbtree of dnssec_names + * Individual ldns_rr RRs within those names are *not* freed + * \param[in] *zone the zone to free + */ +void ldns_dnssec_zone_free(ldns_dnssec_zone *zone); + +/** + * Frees the given zone structure, and its rbtree of dnssec_names + * Individual ldns_rr RRs within those names are also freed + * \param[in] *zone the zone to free + */ +void ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone); + +/** + * Adds the given RR to the zone. + * It find whether there is a dnssec_name with that name present. + * If so, add it to that, if not create a new one. + * Special handling of NSEC and RRSIG provided + * + * \param[in] zone the zone to add the RR to + * \param[in] rr The RR to add + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, + ldns_rr *rr); + +/** + * Prints the rbtree of ldns_dnssec_name structures to the file descriptor + * + * \param[in] out the file descriptor to print the names to + * \param[in] tree the tree of ldns_dnssec_name structures to print + * \param[in] print_soa if true, print SOA records, if false, skip them + */ +void ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa); + +/** + * Prints the complete zone to the given file descriptor + * + * \param[in] out the file descriptor to print to + * \param[in] zone the dnssec_zone to print + */ +void ldns_dnssec_zone_print(FILE *out, ldns_dnssec_zone *zone); + +/** + * Adds explicit dnssec_name structures for the empty nonterminals + * in this zone. (this is needed for NSEC3 generation) + * + * \param[in] zone the zone to check for empty nonterminals + * return LDNS_STATUS_OK on success. + */ +ldns_status ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone); + +#endif diff --git a/contrib/ldns/ldns/error.h b/contrib/ldns/ldns/error.h new file mode 100644 index 0000000000..73dbb2b0cb --- /dev/null +++ b/contrib/ldns/ldns/error.h @@ -0,0 +1,109 @@ +/** + * \file error.h + * + * Defines error numbers and functions to translate those to a readable string. + * + */ + +/** + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_ERROR_H +#define LDNS_ERROR_H + +#include + +enum ldns_enum_status { + LDNS_STATUS_OK, + LDNS_STATUS_EMPTY_LABEL, + LDNS_STATUS_LABEL_OVERFLOW, + LDNS_STATUS_DOMAINNAME_OVERFLOW, + LDNS_STATUS_DOMAINNAME_UNDERFLOW, + LDNS_STATUS_DDD_OVERFLOW, + LDNS_STATUS_PACKET_OVERFLOW, + LDNS_STATUS_INVALID_POINTER, + LDNS_STATUS_MEM_ERR, + LDNS_STATUS_INTERNAL_ERR, + LDNS_STATUS_SSL_ERR, + LDNS_STATUS_ERR, + LDNS_STATUS_INVALID_INT, + LDNS_STATUS_INVALID_IP4, + LDNS_STATUS_INVALID_IP6, + LDNS_STATUS_INVALID_STR, + LDNS_STATUS_INVALID_B32_EXT, + LDNS_STATUS_INVALID_B64, + LDNS_STATUS_INVALID_HEX, + LDNS_STATUS_INVALID_TIME, + LDNS_STATUS_NETWORK_ERR, + LDNS_STATUS_ADDRESS_ERR, + LDNS_STATUS_FILE_ERR, + LDNS_STATUS_UNKNOWN_INET, + LDNS_STATUS_NOT_IMPL, + LDNS_STATUS_NULL, + LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, + LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, + LDNS_STATUS_CRYPTO_NO_RRSIG, + LDNS_STATUS_CRYPTO_NO_DNSKEY, + LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, + LDNS_STATUS_CRYPTO_NO_DS, + LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, + LDNS_STATUS_CRYPTO_VALIDATED, + LDNS_STATUS_CRYPTO_BOGUS, + LDNS_STATUS_CRYPTO_SIG_EXPIRED, + LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, + LDNS_STATUS_CRYPTO_TSIG_BOGUS, + LDNS_STATUS_CRYPTO_TSIG_ERR, + LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, + LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, + LDNS_STATUS_ENGINE_KEY_NOT_LOADED, + LDNS_STATUS_NSEC3_ERR, + LDNS_STATUS_RES_NO_NS, + LDNS_STATUS_RES_QUERY, + LDNS_STATUS_WIRE_INCOMPLETE_HEADER, + LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, + LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, + LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, + LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, + LDNS_STATUS_NO_DATA, + LDNS_STATUS_CERT_BAD_ALGORITHM, + LDNS_STATUS_SYNTAX_TYPE_ERR, + LDNS_STATUS_SYNTAX_CLASS_ERR, + LDNS_STATUS_SYNTAX_TTL_ERR, + LDNS_STATUS_SYNTAX_RDATA_ERR, + LDNS_STATUS_SYNTAX_DNAME_ERR, + LDNS_STATUS_SYNTAX_VERSION_ERR, + LDNS_STATUS_SYNTAX_ALG_ERR, + LDNS_STATUS_SYNTAX_KEYWORD_ERR, + LDNS_STATUS_SYNTAX_TTL, + LDNS_STATUS_SYNTAX_ORIGIN, + LDNS_STATUS_SYNTAX_EMPTY, + LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, + LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, + LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, + LDNS_STATUS_SYNTAX_BAD_ESCAPE, + LDNS_STATUS_SOCKET_ERROR, + LDNS_STATUS_SYNTAX_ERR, + LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, + LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, + LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND +}; +typedef enum ldns_enum_status ldns_status; + +extern ldns_lookup_table ldns_error_str[]; + +/** + * look up a descriptive text by each error. This function + * could use a better name + * \param[in] err ldns_status number + * \return the string for that error + */ +const char *ldns_get_errorstr_by_id(ldns_status err); + +#endif /* LDNS_ERROR_H */ diff --git a/contrib/ldns/ldns/higher.h b/contrib/ldns/ldns/higher.h new file mode 100644 index 0000000000..c98d013bb7 --- /dev/null +++ b/contrib/ldns/ldns/higher.h @@ -0,0 +1,105 @@ +/** + * \file higher.h + * + * Specifies some higher level functions that could + * be useful for certain applications + */ + +/* + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_HIGHER_H +#define LDNS_HIGHER_H + +#include +#include +#include +#include +#include + +/** + * Ask the resolver about name + * and return all address records + * \param[in] r the resolver to use + * \param[in] name the name to look for + * \param[in] c the class to use + * \param[in] flags give some optional flags to the query + */ +ldns_rr_list *ldns_get_rr_list_addr_by_name(ldns_resolver *r, ldns_rdf *name, ldns_rr_class c, uint16_t flags); + +/** + * ask the resolver about the address + * and return the name + * \param[in] r the resolver to use + * \param[in] addr the addr to look for + * \param[in] c the class to use + * \param[in] flags give some optional flags to the query + */ +ldns_rr_list *ldns_get_rr_list_name_by_addr(ldns_resolver *r, ldns_rdf *addr, ldns_rr_class c, uint16_t flags); + +/** + * wade through fp (a /etc/hosts like file) + * and return a rr_list containing all the + * defined hosts in there + * \param[in] fp the file pointer to use + * \return ldns_rr_list * with the names + */ +ldns_rr_list *ldns_get_rr_list_hosts_frm_fp(FILE *fp); + +/** + * wade through fp (a /etc/hosts like file) + * and return a rr_list containing all the + * defined hosts in there + * \param[in] fp the file pointer to use + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return ldns_rr_list * with the names + */ +ldns_rr_list *ldns_get_rr_list_hosts_frm_fp_l(FILE *fp, int *line_nr); + +/** + * wade through fp (a /etc/hosts like file) + * and return a rr_list containing all the + * defined hosts in there + * \param[in] filename the filename to use (NULL for /etc/hosts) + * \return ldns_rr_list * with the names + */ +ldns_rr_list *ldns_get_rr_list_hosts_frm_file(char *filename); + +/** + * This function is a wrapper function for ldns_get_rr_list_name_by_addr + * and ldns_get_rr_list_addr_by_name. It's name is from the getaddrinfo() + * library call. It tries to mimic that call, but without the lowlevel + * stuff. + * \param[in] res The resolver. If this value is NULL then a resolver will + * be created by ldns_getaddrinfo. + * \param[in] node the name or ip address to look up + * \param[in] c the class to look in + * \param[out] list put the found RR's in this list + * \return the number of RR found. + */ +uint16_t ldns_getaddrinfo(ldns_resolver *res, ldns_rdf *node, ldns_rr_class c, ldns_rr_list **list); + +/** + * Check if t is enumerated in the nsec type rdata + * \param[in] nsec the NSEC Record to look in + * \param[in] t the type to check for + * \return true when t is found, otherwise return false + */ +bool ldns_nsec_type_check(ldns_rr *nsec, ldns_rr_type t); + +/** + * Print a number of rdf's of the RR. The rdfnum-list must + * be ended by -1, otherwise unpredictable things might happen. + * rdfs may be printed multiple times + * \param[in] fp FILE * to write to + * \param[in] r RR to write + * \param[in] rdfnum a list of rdf to print. + */ +void ldns_print_rr_rdf(FILE *fp, ldns_rr *r, int rdfnum, ...); + +#endif /* LDNS_HIGHER_H */ diff --git a/contrib/ldns/ldns/host2str.h b/contrib/ldns/ldns/host2str.h new file mode 100644 index 0000000000..727ab05e91 --- /dev/null +++ b/contrib/ldns/ldns/host2str.h @@ -0,0 +1,512 @@ +/** + * host2str.h - txt presentation of RRs + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains functions to translate the main structures to their text + * representation, as well as functions to print them. + */ + +#ifndef LDNS_HOST2STR_H +#define LDNS_HOST2STR_H + +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#include "ldns/util.h" + +#define LDNS_APL_IP4 1 +#define LDNS_APL_IP6 2 +#define LDNS_APL_MASK 0x7f +#define LDNS_APL_NEGATION 0x80 + +/** + * Converts an ldns packet opcode value to its mnemonic, and adds that + * to the output buffer + * \param[in] *output the buffer to add the data to + * \param[in] opcode to find the string representation of + * \return LDNS_STATUS_OK on success, or a buffer failure mode on error + */ +ldns_status +ldns_pkt_opcode2buffer_str(ldns_buffer *output, ldns_pkt_opcode opcode); + +/** + * Converts an ldns packet rcode value to its mnemonic, and adds that + * to the output buffer + * \param[in] *output the buffer to add the data to + * \param[in] rcode to find the string representation of + * \return LDNS_STATUS_OK on success, or a buffer failure mode on error + */ +ldns_status +ldns_pkt_rcode2buffer_str(ldns_buffer *output, ldns_pkt_rcode rcode); + +/** + * Converts an ldns algorithm type to its mnemonic, and adds that + * to the output buffer + * \param[in] *output the buffer to add the data to + * \param[in] algorithm to find the string representation of + * \return LDNS_STATUS_OK on success, or a buffer failure mode on error + */ +ldns_status +ldns_algorithm2buffer_str(ldns_buffer *output, + ldns_algorithm algorithm); + +/** + * Converts an ldns certificate algorithm type to its mnemonic, + * and adds that to the output buffer + * \param[in] *output the buffer to add the data to + * \param[in] cert_algorithm to find the string representation of + * \return LDNS_STATUS_OK on success, or a buffer failure mode on error + */ +ldns_status +ldns_cert_algorithm2buffer_str(ldns_buffer *output, + ldns_cert_algorithm cert_algorithm); + + +/** + * Converts a packet opcode to its mnemonic and returns that as + * an allocated null-terminated string. + * Remember to free it. + * + * \param[in] opcode the opcode to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt_opcode2str(ldns_pkt_opcode opcode); + +/** + * Converts a packet rcode to its mnemonic and returns that as + * an allocated null-terminated string. + * Remember to free it. + * + * \param[in] rcode the rcode to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt_rcode2str(ldns_pkt_rcode rcode); + +/** + * Converts a signing algorithms to its mnemonic and returns that as + * an allocated null-terminated string. + * Remember to free it. + * + * \param[in] algorithm the algorithm to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt_algorithm2str(ldns_algorithm algorithm); + +/** + * Converts a cert algorithm to its mnemonic and returns that as + * an allocated null-terminated string. + * Remember to free it. + * + * \param[in] cert_algorithm to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm); + +/** + * Converts an LDNS_RDF_TYPE_A rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_a(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_AAAA rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_aaaa(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_STR rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_str(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_B64 rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_b64(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_HEX rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_hex(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_TYPE rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_type(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_CLASS rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_class(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_ALG rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_alg(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an ldns_rr_type value to its string representation, + * and places it in the given buffer + * \param[in] *output The buffer to add the data to + * \param[in] type the ldns_rr_type to convert + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rr_type2buffer_str(ldns_buffer *output, + const ldns_rr_type type); + +/** + * Converts an ldns_rr_type value to its string representation, + * and returns that string. For unknown types, the string + * "TYPE" is returned. This function allocates data that must be + * freed by the caller + * \param[in] type the ldns_rr_type to convert + * \return a newly allocated string + */ +char *ldns_rr_type2str(const ldns_rr_type type); + +/** + * Converts an ldns_rr_class value to its string representation, + * and places it in the given buffer + * \param[in] *output The buffer to add the data to + * \param[in] klass the ldns_rr_class to convert + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rr_class2buffer_str(ldns_buffer *output, + const ldns_rr_class klass); + +/** + * Converts an ldns_rr_class value to its string representation, + * and returns that string. For unknown types, the string + * "CLASS" is returned. This function allocates data that must be + * freed by the caller + * \param[in] klass the ldns_rr_class to convert + * \return a newly allocated string + */ +char *ldns_rr_class2str(const ldns_rr_class klass); + + +/** + * Converts an LDNS_RDF_TYPE_CERT rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_cert_alg(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_LOC rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_loc(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_UNKNOWN rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_unknown(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_NSAP rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_nsap(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_WKS rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_wks(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_NSEC rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_nsec(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_PERIOD rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_period(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_TSIGTIME rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_tsigtime(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_APL rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_apl(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_INT16_DATA rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_int16_data(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_IPSECKEY rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_ipseckey(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts an LDNS_RDF_TYPE_TSIG rdata element to string format and adds it to the output buffer + * \param[in] *rdf The rdata to convert + * \param[in] *output The buffer to add the data to + * \return LDNS_STATUS_OK on success, and error status on failure + */ +ldns_status ldns_rdf2buffer_str_tsig(ldns_buffer *output, const ldns_rdf *rdf); + + +/** + * Converts the data in the rdata field to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] rdf the pointer to the rdafa field containing the data + * \return status + */ +ldns_status ldns_rdf2buffer_str(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts the data in the resource record to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] rr the pointer to the rr field to convert + * \return status + */ +ldns_status ldns_rr2buffer_str(ldns_buffer *output, const ldns_rr *rr); + +/** + * Converts the data in the DNS packet to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] pkt the pointer to the packet to convert + * \return status + */ +ldns_status ldns_pkt2buffer_str(ldns_buffer *output, const ldns_pkt *pkt); + +/** + * Converts the data in the DNS packet to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] k the pointer to the private key to convert + * \return status + */ +ldns_status ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k); + +/** + * Converts the data in the int16 typed rdata field to presentation + * format (as char *) and appends it to the given buffer + * + * \param[in] output pointer to the buffer to append the data to + * \param[in] rdf the pointer to the rdafa field containing the data + * \return status + */ +ldns_status ldns_rdf2buffer_str_int16(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Converts the data in the rdata field to presentation format and + * returns that as a char *. + * Remember to free it. + * + * \param[in] rdf The rdata field to convert + * \return null terminated char * data, or NULL on error + */ +char *ldns_rdf2str(const ldns_rdf *rdf); + +/** + * Converts the data in the resource record to presentation format and + * returns that as a char *. + * Remember to free it. + * + * \param[in] rr The rdata field to convert + * \return null terminated char * data, or NULL on error + */ +char *ldns_rr2str(const ldns_rr *rr); + +/** + * Converts the data in the DNS packet to presentation format and + * returns that as a char *. + * Remember to free it. + * + * \param[in] pkt The rdata field to convert + * \return null terminated char * data, or NULL on error + */ +char *ldns_pkt2str(const ldns_pkt *pkt); + +/** + * Converts a private key to the test presentation fmt and + * returns that as a char *. + * Remember to free it. + * + * \param[in] k the key to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_key2str(const ldns_key *k); + +/** + * Converts a list of resource records to presentation format + * and returns that as a char *. + * Remember to free it. + * + * \param[in] rr_list the rr_list to convert to text + * \return null terminated char * data, or NULL on error + */ +char *ldns_rr_list2str(const ldns_rr_list *rr_list); + +/** + * Returns the data in the buffer as a null terminated char * string + * Buffer data must be char * type, and must be freed by the caller + * + * \param[in] buffer buffer containing char * data + * \return null terminated char * data, or NULL on error + */ +char *ldns_buffer2str(ldns_buffer *buffer); + +/** + * Prints the data in the rdata field to the given file stream + * (in presentation format) + * + * \param[in] output the file stream to print to + * \param[in] rdf the rdata field to print + * \return void + */ +void ldns_rdf_print(FILE *output, const ldns_rdf *rdf); + +/** + * Prints the data in the resource record to the given file stream + * (in presentation format) + * + * \param[in] output the file stream to print to + * \param[in] rr the resource record to print + * \return void + */ +void ldns_rr_print(FILE *output, const ldns_rr *rr); + +/** + * Prints the data in the DNS packet to the given file stream + * (in presentation format) + * + * \param[in] output the file stream to print to + * \param[in] pkt the packet to print + * \return void + */ +void ldns_pkt_print(FILE *output, const ldns_pkt *pkt); + +/** + * Converts a rr_list to presentation format and appends it to + * the output buffer + * \param[in] output the buffer to append output to + * \param[in] list the ldns_rr_list to print + * \return ldns_status + */ +ldns_status ldns_rr_list2buffer_str(ldns_buffer *output, const ldns_rr_list *list); + +/** + * Converts the header of a packet to presentation format and appends it to + * the output buffer + * \param[in] output the buffer to append output to + * \param[in] pkt the packet to convert the header of + * \return ldns_status + */ +ldns_status ldns_pktheader2buffer_str(ldns_buffer *output, const ldns_pkt *pkt); + +/** + * print a rr_list to output + * param[in] output the fd to print to + * param[in] list the rr_list to print + */ +void ldns_rr_list_print(FILE *output, const ldns_rr_list *list); + +/** + * Print a resolver (in sofar that is possible) state + * to output. + * \param[in] output the fd to print to + * \param[in] r the resolver to print + */ +void ldns_resolver_print(FILE *output, const ldns_resolver *r); + +/** + * Print a zone structure * to output. Note the SOA record + * is included in this output + * \param[in] output the fd to print to + * \param[in] z the zone to print + */ +void ldns_zone_print(FILE *output, const ldns_zone *z); + +/** + * Print the ldns_rdf containing a dname to the buffer + * \param[in] output the buffer to print to + * \param[in] dname the dname to print + * \return ldns_status message if the printing succeeded + */ +ldns_status ldns_rdf2buffer_str_dname(ldns_buffer *output, const ldns_rdf *dname); + + +#endif /* LDNS_HOST2STR_H */ diff --git a/contrib/ldns/ldns/host2wire.h b/contrib/ldns/ldns/host2wire.h new file mode 100644 index 0000000000..51011118a4 --- /dev/null +++ b/contrib/ldns/ldns/host2wire.h @@ -0,0 +1,156 @@ +/* + * host2wire.h - 2wire conversion routines + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains all functions to translate the main structures to wire format + */ + +#ifndef LDNS_HOST2WIRE_H +#define LDNS_HOST2WIRE_H + +#include +#include +#include +#include +#include +#include +#include + +#include "ldns/util.h" + +/** + * Copies the dname data to the buffer in wire format + * \param[out] *buffer buffer to append the result to + * \param[in] *name rdata dname to convert + * \return ldns_status + */ +ldns_status ldns_dname2buffer_wire(ldns_buffer *buffer, const ldns_rdf *name); + +/** + * Copies the rdata data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *rdf rdata to convert + * \return ldns_status + */ +ldns_status ldns_rdf2buffer_wire(ldns_buffer *output, const ldns_rdf *rdf); + +/** + * Copies the rdata data to the buffer in wire format + * If the rdata is a dname, the letters will be lowercased + * during the conversion + * \param[out] *output buffer to append the result to + * \param[in] *rdf rdata to convert + * \return ldns_status + */ +ldns_status ldns_rdf2buffer_wire_canonical(ldns_buffer *output, + const ldns_rdf *rdf); + +/** + * Copies the rr data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *rr resource record to convert + * \param[in] section the section in the packet this rr is supposed to be in + * (to determine whether to add rdata or not) + * \return ldns_status + */ +ldns_status ldns_rr2buffer_wire(ldns_buffer *output, + const ldns_rr *rr, + int section); + +/** + * Copies the rr data to the buffer in wire format, in canonical format + * according to RFC3597 (every dname in rdata fields of RR's mentioned in + * that RFC will be lowercased) + * \param[out] *output buffer to append the result to + * \param[in] *rr resource record to convert + * \param[in] section the section in the packet this rr is supposed to be in + * (to determine whether to add rdata or not) + * \return ldns_status + */ +ldns_status ldns_rr2buffer_wire_canonical(ldns_buffer *output, + const ldns_rr *rr, + int section); + + +/** + * Converts a rrsig to wireformat BUT EXCLUDE the rrsig rdata + * This is needed in DNSSEC verification + * \param[out] output buffer to append the result to + * \param[in] sigrr signature rr to operate on + * \return ldns_status + */ +ldns_status ldns_rrsig2buffer_wire(ldns_buffer *output, const ldns_rr *sigrr); + +/** + * Converts an rr's rdata to wireformat, while excluding + * the ownername and all the stuff before the rdata. + * This is needed in DNSSEC keytag calculation, the ds + * calcalution from the key and maybe elsewhere. + * + * \param[out] *output buffer where to put the result + * \param[in] *rr rr to operate on + * \return ldns_status + */ +ldns_status ldns_rr_rdata2buffer_wire(ldns_buffer *output, const ldns_rr *rr); + +/** + * Copies the packet data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *pkt packet to convert + * \return ldns_status + */ +ldns_status ldns_pkt2buffer_wire(ldns_buffer *output, const ldns_pkt *pkt); + +/** + * Copies the rr_list data to the buffer in wire format + * \param[out] *output buffer to append the result to + * \param[in] *rrlist rr_list to to convert + * \return ldns_status + */ +ldns_status ldns_rr_list2buffer_wire(ldns_buffer *output, const ldns_rr_list *rrlist); + +/** + * Allocates an array of uint8_t at dest, and puts the wireformat of the + * given rdf in that array. The result_size value contains the + * length of the array, if it succeeds, and 0 otherwise (in which case + * the function also returns NULL) + * + * \param[out] dest pointer to the array of bytes to be created + * \param[in] rdf the rdata field to convert + * \param[out] size the size of the converted result + */ +ldns_status ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *size); + +/** + * Allocates an array of uint8_t at dest, and puts the wireformat of the + * given rr in that array. The result_size value contains the + * length of the array, if it succeeds, and 0 otherwise (in which case + * the function also returns NULL) + * + * If the section argument is LDNS_SECTION_QUESTION, data like ttl and rdata + * are not put into the result + * + * \param[out] dest pointer to the array of bytes to be created + * \param[in] rr the rr to convert + * \param[out] size the size of the converted result + */ +ldns_status ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int, size_t *size); + +/** + * Allocates an array of uint8_t at dest, and puts the wireformat of the + * given packet in that array. The result_size value contains the + * length of the array, if it succeeds, and 0 otherwise (in which case + * the function also returns NULL) + */ +ldns_status ldns_pkt2wire(uint8_t **dest, const ldns_pkt *p, size_t *size); + +#endif /* LDNS_HOST2WIRE_H */ diff --git a/contrib/ldns/ldns/keys.h b/contrib/ldns/ldns/keys.h new file mode 100644 index 0000000000..a84f503404 --- /dev/null +++ b/contrib/ldns/ldns/keys.h @@ -0,0 +1,579 @@ +/* + * + * keys.h + * + * priv key definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Addendum to \ref dnssec.h, this module contains key and algorithm definitions and functions. + */ + + +#ifndef LDNS_KEYS_H +#define LDNS_KEYS_H + +#ifdef HAVE_SSL +#include +#endif /* HAVE_SSL */ +#include +#include +#include + +extern ldns_lookup_table ldns_signing_algorithms[]; + +#define LDNS_KEY_ZONE_KEY 0x0100 /* rfc 4034 */ +#define LDNS_KEY_SEP_KEY 0x0001 /* rfc 4034 */ +#define LDNS_KEY_REVOKE_KEY 0x0080 /* rfc 5011 */ + +/** + * Algorithms used in dns + */ +enum ldns_enum_algorithm +{ + LDNS_RSAMD5 = 1, /* RFC 4034,4035 */ + LDNS_DH = 2, + LDNS_DSA = 3, + LDNS_ECC = 4, + LDNS_RSASHA1 = 5, + LDNS_DSA_NSEC3 = 6, + LDNS_RSASHA1_NSEC3 = 7, + LDNS_RSASHA256 = 8, /* RFC 5702 */ + LDNS_RSASHA512 = 10, /* RFC 5702 */ + LDNS_GOST = 249, /* not official */ + LDNS_INDIRECT = 252, + LDNS_PRIVATEDNS = 253, + LDNS_PRIVATEOID = 254 +}; +typedef enum ldns_enum_algorithm ldns_algorithm; + +/** + * Hashing algorithms used in the DS record + */ +enum ldns_enum_hash +{ + LDNS_SHA1 = 1, /* RFC 4034 */ + LDNS_SHA256 = 2, /* RFC 4509 */ + LDNS_HASH_GOST94 = 203 /* not official */ +}; +typedef enum ldns_enum_hash ldns_hash; + +/** + * Algorithms used in dns for signing + */ +enum ldns_enum_signing_algorithm +{ + LDNS_SIGN_RSAMD5 = LDNS_RSAMD5, + LDNS_SIGN_RSASHA1 = LDNS_RSASHA1, + LDNS_SIGN_DSA = LDNS_DSA, + LDNS_SIGN_RSASHA1_NSEC3 = LDNS_RSASHA1_NSEC3, + LDNS_SIGN_RSASHA256 = LDNS_RSASHA256, + LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, + LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, + LDNS_SIGN_GOST = LDNS_GOST, + LDNS_SIGN_HMACMD5 = 157, /* not official! This type is for TSIG, not DNSSEC */ + LDNS_SIGN_HMACSHA1 = 158, /* not official! This type is for TSIG, not DNSSEC */ + LDNS_SIGN_HMACSHA256 = 159 /* ditto */ +}; +typedef enum ldns_enum_signing_algorithm ldns_signing_algorithm; + +/** + * General key structure, can contain all types of keys that + * are used in DNSSEC. Mostly used to store private keys, since + * public keys can also be stored in a \ref ldns_rr with type + * \ref LDNS_RR_TYPE_DNSKEY. + * + * This structure can also store some variables that influence the + * signatures generated by signing with this key, for instance the + * inception date. + */ +struct ldns_struct_key { + ldns_signing_algorithm _alg; + /** Whether to use this key when signing */ + bool _use; + /** Storage pointers for the types of keys supported */ + /* TODO remove unions? */ + struct { +#ifdef HAVE_SSL +#ifndef S_SPLINT_S + /* The key can be an OpenSSL EVP Key + */ + EVP_PKEY *key; +#endif +#endif /* HAVE_SSL */ + /** + * The key can be an HMAC key + */ + struct { + unsigned char *key; + size_t size; + } hmac; + /** the key structure can also just point to some external + * key data + */ + void *external_key; + } _key; + /** Depending on the key we can have extra data */ + union { + /** Some values that influence generated signatures */ + struct { + /** The TTL of the rrset that is currently signed */ + uint32_t orig_ttl; + /** The inception date of signatures made with this key. */ + uint32_t inception; + /** The expiration date of signatures made with this key. */ + uint32_t expiration; + /** The keytag of this key. */ + uint16_t keytag; + /** The dnssec key flags as specified in RFC4035, like ZSK and KSK */ + uint16_t flags; + } dnssec; + } _extra; + /** Owner name of the key */ + ldns_rdf *_pubkey_owner; +}; +typedef struct ldns_struct_key ldns_key; + +/** + * Same as rr_list, but now for keys + */ +struct ldns_struct_key_list +{ + size_t _key_count; + ldns_key **_keys; +}; +typedef struct ldns_struct_key_list ldns_key_list; + + +/** + * Creates a new empty key list + * \return a new ldns_key_list structure pointer + */ +ldns_key_list *ldns_key_list_new(); + +/** + * Creates a new empty key structure + * \return a new ldns_key * structure + */ +ldns_key *ldns_key_new(); + +/** + * Creates a new key based on the algorithm + * + * \param[in] a The algorithm to use + * \param[in] size the number of bytes for the keysize + * \return a new ldns_key structure with the key + */ +ldns_key *ldns_key_new_frm_algorithm(ldns_signing_algorithm a, uint16_t size); + +/** + * Creates a new priv key based on the + * contents of the file pointed by fp. + * + * The file should be in Private-key-format v1.2. + * + * \param[out] k the new ldns_key structure + * \param[in] fp the file pointer to use + * \return an error or LDNS_STATUS_OK + */ +ldns_status ldns_key_new_frm_fp(ldns_key **k, FILE *fp); + +/** + * Creates a new private key based on the + * contents of the file pointed by fp + * + * The file should be in Private-key-format v1.2. + * + * \param[out] k the new ldns_key structure + * \param[in] fp the file pointer to use + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return an error or LDNS_STATUS_OK + */ +ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr); + +#ifdef HAVE_SSL +/** + * Read the key with the given id from the given engine and store it + * in the given ldns_key structure. The algorithm type is set + */ +ldns_status ldns_key_new_frm_engine(ldns_key **key, ENGINE *e, char *key_id, ldns_algorithm); + + +/** + * frm_fp helper function. This function parses the + * remainder of the (RSA) priv. key file generated from bind9 + * \param[in] fp the file to parse + * \return NULL on failure otherwise a RSA structure + */ +RSA *ldns_key_new_frm_fp_rsa(FILE *fp); +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (RSA) priv. key file generated from bind9 + * \param[in] fp the file to parse + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return NULL on failure otherwise a RSA structure + */ +RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (DSA) priv. key file + * \param[in] fp the file to parse + * \return NULL on failure otherwise a RSA structure + */ +DSA *ldns_key_new_frm_fp_dsa(FILE *fp); +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (DSA) priv. key file + * \param[in] fp the file to parse + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return NULL on failure otherwise a RSA structure + */ +DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (HMAC-MD5) key file + * This function allocated a buffer that needs to be freed + * \param[in] fp the file to parse + * \param[out] hmac_size the number of bits in the resulting buffer + * \return NULL on failure otherwise a newly allocated char buffer + */ +unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); +#endif + +#ifdef HAVE_SSL +/** + * frm_fp helper function. This function parses the + * remainder of the (HMAC-MD5) key file + * This function allocated a buffer that needs to be freed + * \param[in] fp the file to parse + * \param[in] line_nr pointer to an integer containing the current line number (for error reporting purposes) + * \param[out] hmac_size the number of bits in the resulting buffer + * \return NULL on failure otherwise a newly allocated char buffer + */ +unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); +#endif /* HAVE_SSL */ + +/* acces write functions */ +/** + * Set the key's algorithm + * \param[in] k the key + * \param[in] l the algorithm + */ +void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); +#ifdef HAVE_SSL +/** + * Set the key's evp key + * \param[in] k the key + * \param[in] e the evp key + */ +void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e); + +/** + * Set the key's rsa data + * \param[in] k the key + * \param[in] r the rsa data + */ +void ldns_key_set_rsa_key(ldns_key *k, RSA *r); +/** + * Set the key's dsa data + * \param[in] k the key + * \param[in] d the dsa data + */ +void ldns_key_set_dsa_key(ldns_key *k, DSA *d); + +/** + * Get the PKEY id for GOST, loads GOST into openssl as a side effect. + * Only available if GOST is compiled into the library and openssl. + * \return the gost id for EVP_CTX creation. + */ +int ldns_key_EVP_load_gost_id(void); +#endif /* HAVE_SSL */ + +/** + * Set the key's hmac data + * \param[in] k the key + * \param[in] hmac the raw key data + */ +void ldns_key_set_hmac_key(ldns_key *k, unsigned char *hmac); + +/** + * Set the key id data. This is used if the key points to + * some externally stored key data + * + * Only the pointer is set, the data there is not copied, + * and must be freed manually; ldns_key_deep_free() does + * *not* free this data + * \param[in] key the key + * \param[in] external_key key id data + */ +void ldns_key_set_external_key(ldns_key *key, void *external_key); + +/** + * Set the key's hmac size + * \param[in] k the key + * \param[in] hmac_size the size of the hmac data + */ +void ldns_key_set_hmac_size(ldns_key *k, size_t hmac_size); +/** + * Set the key's original ttl + * \param[in] k the key + * \param[in] t the ttl + */ +void ldns_key_set_origttl(ldns_key *k, uint32_t t); +/** + * Set the key's inception date (seconds after epoch) + * \param[in] k the key + * \param[in] i the inception + */ +void ldns_key_set_inception(ldns_key *k, uint32_t i); +/** + * Set the key's expiration date (seconds after epoch) + * \param[in] k the key + * \param[in] e the expiration + */ +void ldns_key_set_expiration(ldns_key *k, uint32_t e); +/** + * Set the key's pubkey owner + * \param[in] k the key + * \param[in] r the owner + */ +void ldns_key_set_pubkey_owner(ldns_key *k, ldns_rdf *r); +/** + * Set the key's key tag + * \param[in] k the key + * \param[in] tag the keytag + */ +void ldns_key_set_keytag(ldns_key *k, uint16_t tag); +/** + * Set the key's flags + * \param[in] k the key + * \param[in] flags the flags + */ +void ldns_key_set_flags(ldns_key *k, uint16_t flags); +/** + * Set the keylist's key count to count + * \param[in] key the key + * \param[in] count the cuont + */ +void ldns_key_list_set_key_count(ldns_key_list *key, size_t count); + +/** + * pushes a key to a keylist + * \param[in] key_list the key_list to push to + * \param[in] key the key to push + * \return false on error, otherwise true + */ +bool ldns_key_list_push_key(ldns_key_list *key_list, ldns_key *key); + +/** + * returns the number of keys in the key list + * \param[in] key_list the key_list + * \return the numbers of keys in the list + */ +size_t ldns_key_list_key_count(const ldns_key_list *key_list); + +/** + * returns a pointer to the key in the list at the given position + * \param[in] key the key + * \param[in] nr the position in the list + * \return the key + */ +ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr); + +#ifdef HAVE_SSL +/** + * returns the (openssl) RSA struct contained in the key + * \param[in] k the key to look in + * \return the RSA * structure in the key + */ +RSA *ldns_key_rsa_key(const ldns_key *k); +/** + * returns the (openssl) EVP struct contained in the key + * \param[in] k the key to look in + * \return the RSA * structure in the key + */ +EVP_PKEY *ldns_key_evp_key(const ldns_key *k); +#endif /* HAVE_SSL */ + +/** + * returns the (openssl) DSA struct contained in the key + */ +#ifdef HAVE_SSL +DSA *ldns_key_dsa_key(const ldns_key *k); +#endif /* HAVE_SSL */ + +/** + * return the signing alg of the key + * \param[in] k the key + * \return the algorithm + */ +ldns_signing_algorithm ldns_key_algorithm(const ldns_key *k); +/** + * set the use flag + * \param[in] k the key + * \param[in] v the boolean value to set the _use field to + */ +void ldns_key_set_use(ldns_key *k, bool v); +/** + * return the use flag + * \param[in] k the key + * \return the boolean value of the _use field + */ +bool ldns_key_use(const ldns_key *k); +/** + * return the hmac key data + * \param[in] k the key + * \return the hmac key data + */ +unsigned char *ldns_key_hmac_key(const ldns_key *k); +/** + * return the key id key data + * \param[in] k the key + * \return the key id data + */ +void *ldns_key_external_key(const ldns_key *k); +/** + * return the hmac key size + * \param[in] k the key + * \return the hmac key size + */ +size_t ldns_key_hmac_size(const ldns_key *k); +/** + * return the original ttl of the key + * \param[in] k the key + * \return the original ttl + */ +uint32_t ldns_key_origttl(const ldns_key *k); +/** + * return the key's inception date + * \param[in] k the key + * \return the inception date + */ +uint32_t ldns_key_inception(const ldns_key *k); +/** + * return the key's expiration date + * \param[in] k the key + * \return the experiration date + */ +uint32_t ldns_key_expiration(const ldns_key *k); +/** + * return the keytag + * \param[in] k the key + * \return the keytag + */ +uint16_t ldns_key_keytag(const ldns_key *k); +/** + * return the public key's owner + * \param[in] k the key + * \return the owner + */ +ldns_rdf *ldns_key_pubkey_owner(const ldns_key *k); +/** + * Set the 'use' flag for all keys in the list + * \param[in] keys The key_list + * \param[in] v The value to set the use flags to + */ +void +ldns_key_list_set_use(ldns_key_list *keys, bool v); + +/** + * return the flag of the key + * \param[in] k the key + * \return the flag + */ +uint16_t ldns_key_flags(const ldns_key *k); + +/** + * pops the last rr from a keylist + * \param[in] key_list the rr_list to pop from + * \return NULL if nothing to pop. Otherwise the popped RR + */ +ldns_key *ldns_key_list_pop_key(ldns_key_list *key_list); + +/** + * converts a ldns_key to a public key rr + * If the key data exists at an external point, the corresponding + * rdata field must still be added with ldns_rr_rdf_push() to the + * result rr of this function + * + * \param[in] k the ldns_key to convert + * \return ldns_rr representation of the key + */ +ldns_rr *ldns_key2rr(const ldns_key *k); + +/** + * print a private key to the file ouput + * + * \param[in] output the FILE descriptor where to print to + * \param[in] k the ldns_key to print + */ +void ldns_key_print(FILE *output, const ldns_key *k); + +/** + * frees a key structure, but not its internal data structures + * + * \param[in] key the key object to free + */ +void ldns_key_free(ldns_key *key); + +/** + * frees a key structure and all its internal data structures, except + * the data set by ldns_key_set_external_key() + * + * \param[in] key the key object to free + */ +void ldns_key_deep_free(ldns_key *key); + +/** + * Frees a key list structure + * \param[in] key_list the key list object to free + */ +void ldns_key_list_free(ldns_key_list *key_list); + +/** + * Instantiates a DNSKEY or DS RR from file. + * \param[in] filename the file to read the record from + * \return the corresponding RR, or NULL if the parsing failed + */ +ldns_rr * ldns_read_anchor_file(const char *filename); + +/** + * Returns the 'default base name' for key files; + * IE. K\+\+\ + * (without the .key or .private) + * The memory for this is allocated by this function, + * and should be freed by the caller + * + * \param[in] key the key to get the file name from + * \returns A string containing the file base name + */ +char *ldns_key_get_file_base_name(ldns_key *key); + +/** + * See if a key algorithm is supported + * \param[in] algo the signing algorithm number. + * \returns true if supported. + */ +int ldns_key_algo_supported(int algo); + +#endif /* LDNS_KEYS_H */ diff --git a/contrib/ldns/ldns/ldns.h b/contrib/ldns/ldns/ldns.h new file mode 100644 index 0000000000..b403392fc3 --- /dev/null +++ b/contrib/ldns/ldns/ldns.h @@ -0,0 +1,147 @@ +/* + * dns.h -- defines for the Domain Name System + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + * This library was created by: + * Jelte Jansen, Erik Rozendaal and Miek Gieben + * + * A bunch of defines that are used in the DNS. + */ + + +/** +\mainpage LDNS Documentation + +\section introduction Introduction + +The goal of ldns is to simplify DNS programming, it supports recent RFCs +like the DNSSEC documents, and allow developers to easily create software +conforming to current RFCs, and experimental software for current Internet +drafts. A secondary benefit of using ldns is speed, because ldns is written +in C, and although it is not optimized for performance, it should be a lot +faster than Perl. + +The first main tool to use ldns is Drill, from which part of the library was +derived. From version 1.0.0 on, drill is included in the ldns release +and will not be distributed seperately anymore. The library also includes some +other examples and tools to show how it can be used. These can be found in the +examples/ directory in the tarball. + +ldns depends on OpenSSL for it's cryptographic functions. +Feature list + + - Transparent IPv4 and IPv6 support (overridable if necessary), + - TSIG support, + - DNSSEC support; signing and verification, + - small size, + - online documentation as well as manual pages. + +If you want to send us patches please use the code from subversion (trunk). + +\section using_ldns Using ldns + +Almost all interaction between an application and ldns goes through the ldns +data structures (\ref ldns_rr, \ref ldns_pkt, etc.). These are input or +output to the functions of ldns. For example, \ref ldns_zone_new_frm_fp +reads a zone from a \c FILE pointer, and returns an \ref ldns_zone +structure. + + +Let's use Drill as an example. Drill is a tool much like dig, whose most +basic function is to send 1 query to a nameserver and print the response. + +To be able to do this, drill uses the resolver module of ldns, which acts as +a stub resolver. The resolver module uses the net module to actually send +the query that drill requested. It then uses the wire2host module to +translate the response and place it in ldns' internal structures. These are +passed back to drill, which then uses the host2str module to print the +response in presentation format. + +\section gettingstarted Getting Started + +See the \ref design page for a very high level description of the design +choices made for ldns. + +For an overview of the functions and types ldns provides, you can check out +the \ref ldns ldns header file descriptions. + +If you want to see some libdns action, you can read our tutorials: + - \ref tutorial1_mx + - \ref tutorial2_zone + - \ref tutorial3_signzone + +Or you can just use the menu above to browse through the API docs. + +
+\image html LogoInGradientBar2-y100.png +
+*/ + +/** + * \file ldns.h + * + * Including this file will include all ldns files, and define some lookup tables. + */ + +#ifndef LDNS_DNS_H +#define LDNS_DNS_H + +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +#define LDNS_IP4ADDRLEN (32/8) +#define LDNS_IP6ADDRLEN (128/8) +#define LDNS_PORT 53 +#define LDNS_ROOT_LABEL_STR "." +#define LDNS_DEFAULT_TTL 3600 + +/* lookup tables for standard DNS stuff */ + +/** Taken from RFC 2538, section 2.1. */ +extern ldns_lookup_table ldns_certificate_types[]; +/** Taken from RFC 2535, section 7. */ +extern ldns_lookup_table ldns_algorithms[]; +/** Taken from RFC 2538. */ +extern ldns_lookup_table ldns_cert_algorithms[]; +/** rr types */ +extern ldns_lookup_table ldns_rr_classes[]; +/** Response codes */ +extern ldns_lookup_table ldns_rcodes[]; +/** Operation codes */ +extern ldns_lookup_table ldns_opcodes[]; +/** EDNS flags */ +extern ldns_lookup_table ldns_edns_flags[]; + +#endif /* LDNS_DNS_H */ diff --git a/contrib/ldns/ldns/net.h.in b/contrib/ldns/ldns/net.h.in new file mode 100644 index 0000000000..d4beb7d992 --- /dev/null +++ b/contrib/ldns/ldns/net.h.in @@ -0,0 +1,200 @@ +/* + * net.h + * + * DNS Resolver definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_NET_H +#define LDNS_NET_H + +#include +@include_sys_socket_h@ + +#define LDNS_DEFAULT_TIMEOUT_SEC 2 +#define LDNS_DEFAULT_TIMEOUT_USEC 0 + +/** + * \file + * + * Contains functions to send and receive packets over a network. + */ + +/** + * Sends a buffer to an ip using udp and return the respons as a ldns_pkt + * \param[in] qbin the ldns_buffer to be send + * \param[in] to the ip addr to send to + * \param[in] tolen length of the ip addr + * \param[in] timeout the timeout value for the network + * \param[out] answersize size of the packet + * \param[out] result packet with the answer + * \return status + */ +ldns_status ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize); + +/** + * Send an udp query and don't wait for an answer but return + * the socket + * \param[in] qbin the ldns_buffer to be send + * \param[in] to the ip addr to send to + * \param[in] tolen length of the ip addr + * \param[in] timeout *unused*, was the timeout value for the network + * \return the socket used + */ + +int ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); + +/** + * Send an tcp query and don't wait for an answer but return + * the socket + * \param[in] qbin the ldns_buffer to be send + * \param[in] to the ip addr to send to + * \param[in] tolen length of the ip addr + * \param[in] timeout the timeout value for the connect attempt + * \return the socket used + */ +int ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); + +/** + * Sends a buffer to an ip using tcp and return the respons as a ldns_pkt + * \param[in] qbin the ldns_buffer to be send + * \param[in] qbin the ldns_buffer to be send + * \param[in] to the ip addr to send to + * \param[in] tolen length of the ip addr + * \param[in] timeout the timeout value for the network + * \param[out] answersize size of the packet + * \param[out] result packet with the answer + * \return status + */ +ldns_status ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout, size_t *answersize); + +/** + * Sends ptk to the nameserver at the resolver object. Returns the data + * as a ldns_pkt + * + * \param[out] pkt packet received from the nameserver + * \param[in] r the resolver to use + * \param[in] query_pkt the query to send + * \return status + */ +ldns_status ldns_send(ldns_pkt **pkt, ldns_resolver *r, const ldns_pkt *query_pkt); + +/** + * Sends and ldns_buffer (presumably containing a packet to the nameserver at the resolver object. Returns the data + * as a ldns_pkt + * + * \param[out] pkt packet received from the nameserver + * \param[in] r the resolver to use + * \param[in] qb the buffer to send + * \param[in] tsig_mac the tsig MAC to authenticate the response with (NULL to do no TSIG authentication) + * \return status + */ +ldns_status ldns_send_buffer(ldns_pkt **pkt, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac); + +/** + * Create a tcp socket to the specified address + * \param[in] to ip and family + * \param[in] tolen length of to + * \param[in] timeout timeout for the connect attempt + * \return a socket descriptor + */ +int ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, struct timeval timeout); + +/** + * Create a udp socket to the specified address + * \param[in] to ip and family + * \param[in] timeout *unused*, was timeout for the socket + * \return a socket descriptor + */ +int ldns_udp_connect(const struct sockaddr_storage *to, struct timeval timeout); + +/** + * send a query via tcp to a server. Don't want for the answer + * + * \param[in] qbin the buffer to send + * \param[in] sockfd the socket to use + * \param[in] to which ip to send it + * \param[in] tolen socketlen + * \return number of bytes sent + */ +ssize_t ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen); + +/** + * send a query via udp to a server. Don;t want for the answer + * + * \param[in] qbin the buffer to send + * \param[in] sockfd the socket to use + * \param[in] to which ip to send it + * \param[in] tolen socketlen + * \return number of bytes sent + */ +ssize_t ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, socklen_t tolen); + +/** + * Gives back a raw packet from the wire and reads the header data from the given + * socket. Allocates the data (of size size) itself, so don't forget to free + * + * \param[in] sockfd the socket to read from + * \param[out] size the number of bytes that are read + * \param[in] timeout the time allowed between packets. + * \return the data read + */ +uint8_t *ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout); + +/** + * This routine may block. Use ldns_tcp_read_wire_timeout, it checks timeouts. + * Gives back a raw packet from the wire and reads the header data from the given + * socket. Allocates the data (of size size) itself, so don't forget to free + * + * \param[in] sockfd the socket to read from + * \param[out] size the number of bytes that are read + * \return the data read + */ +uint8_t *ldns_tcp_read_wire(int sockfd, size_t *size); + +/** + * Gives back a raw packet from the wire and reads the header data from the given + * socket. Allocates the data (of size size) itself, so don't forget to free + * + * \param[in] sockfd the socket to read from + * \param[in] fr the address of the client (if applicable) + * \param[in] *frlen the lenght of the client's addr (if applicable) + * \param[out] size the number of bytes that are read + * \return the data read + */ +uint8_t *ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *fr, socklen_t *frlen); + +/** + * returns the native sockaddr representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \param[in] port what port to use. 0 means; use default (53) + * \param[out] size what is the size of the sockaddr_storage + * \return struct sockaddr* the address in the format so other + * functions can use it (sendto) + */ +struct sockaddr_storage * ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size); + +/** + * returns an rdf with the sockaddr info. works for ip4 and ip6 + * \param[in] sock the struct sockaddr_storage to convert + * \param[in] port what port was used. When NULL this is not set + * \return ldns_rdf* wth the address + */ +ldns_rdf * ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port); + +/** + * Prepares the resolver for an axfr query + * The query is sent and the answers can be read with ldns_axfr_next + * \param[in] resolver the resolver to use + * \param[in] domain the domain to exfr + * \param[in] c the class to use + * \return ldns_status the status of the transfer + */ +ldns_status ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c); + +#endif /* LDNS_NET_H */ diff --git a/contrib/ldns/ldns/packet.h b/contrib/ldns/ldns/packet.h new file mode 100644 index 0000000000..45f80b8b8c --- /dev/null +++ b/contrib/ldns/ldns/packet.h @@ -0,0 +1,847 @@ +/* + * packet.h + * + * DNS packet definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains the definition of ldns_pkt and its parts, as well + * as functions to manipulate those. + */ + + +#ifndef LDNS_PACKET_H +#define LDNS_PACKET_H + +#define LDNS_MAX_PACKETLEN 65535 + +/* allow flags to be given to mk_query */ +#define LDNS_QR 1 /* QueRy - query flag */ +#define LDNS_AA 2 /* Authoritative Answer - server flag */ +#define LDNS_TC 4 /* TrunCated - server flag */ +#define LDNS_RD 8 /* Recursion Desired - query flag */ +#define LDNS_CD 16 /* Checking Disabled - query flag */ +#define LDNS_RA 32 /* Recursion Available - server flag */ +#define LDNS_AD 64 /* Authenticated Data - server flag */ + +#include +#include +#include +#include + +/* opcodes for pkt's */ +enum ldns_enum_pkt_opcode { + LDNS_PACKET_QUERY = 0, + LDNS_PACKET_IQUERY = 1, + LDNS_PACKET_STATUS = 2, /* there is no 3?? DNS is weird */ + LDNS_PACKET_NOTIFY = 4, + LDNS_PACKET_UPDATE = 5 +}; +typedef enum ldns_enum_pkt_opcode ldns_pkt_opcode; + +/* rcodes for pkts */ +enum ldns_enum_pkt_rcode { + LDNS_RCODE_NOERROR = 0, + LDNS_RCODE_FORMERR = 1, + LDNS_RCODE_SERVFAIL = 2, + LDNS_RCODE_NXDOMAIN = 3, + LDNS_RCODE_NOTIMPL = 4, + LDNS_RCODE_REFUSED = 5, + LDNS_RCODE_YXDOMAIN = 6, + LDNS_RCODE_YXRRSET = 7, + LDNS_RCODE_NXRRSET = 8, + LDNS_RCODE_NOTAUTH = 9, + LDNS_RCODE_NOTZONE = 10 +}; +typedef enum ldns_enum_pkt_rcode ldns_pkt_rcode; + +/** + * Header of a dns packet + * + * Contains the information about the packet itself, as specified in RFC1035 +
+4.1.1. Header section format
+
+The header contains the following fields:
+
+                                    1  1  1  1  1  1
+      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      ID                       |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |QR|   Opcode  |AA|TC|RD|RA|   Z    |   RCODE   |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    QDCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    ANCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    NSCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                    ARCOUNT                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+ID              A 16 bit identifier assigned by the program that
+                generates any kind of query.  This identifier is copied
+                the corresponding reply and can be used by the requester
+                to match up replies to outstanding queries.
+
+QR              A one bit field that specifies whether this message is a
+                query (0), or a response (1).
+
+OPCODE          A four bit field that specifies kind of query in this
+                message.  This value is set by the originator of a query
+                and copied into the response.  The values are:
+
+                0               a standard query (QUERY)
+
+                1               an inverse query (IQUERY)
+
+                2               a server status request (STATUS)
+
+                3-15            reserved for future use
+
+AA              Authoritative Answer - this bit is valid in responses,
+                and specifies that the responding name server is an
+                authority for the domain name in question section.
+
+                Note that the contents of the answer section may have
+                multiple owner names because of aliases.  The AA bit
+
+                corresponds to the name which matches the query name, or
+                the first owner name in the answer section.
+
+TC              TrunCation - specifies that this message was truncated
+                due to length greater than that permitted on the
+                transmission channel.
+
+RD              Recursion Desired - this bit may be set in a query and
+                is copied into the response.  If RD is set, it directs
+                the name server to pursue the query recursively.
+                Recursive query support is optional.
+
+RA              Recursion Available - this be is set or cleared in a
+                response, and denotes whether recursive query support is
+                available in the name server.
+
+Z               Reserved for future use.  Must be zero in all queries
+                and responses.
+
+RCODE           Response code - this 4 bit field is set as part of
+                responses.  The values have the following
+                interpretation:
+
+                0               No error condition
+
+                1               Format error - The name server was
+                                unable to interpret the query.
+
+                2               Server failure - The name server was
+                                unable to process this query due to a
+                                problem with the name server.
+
+                3               Name Error - Meaningful only for
+                                responses from an authoritative name
+                                server, this code signifies that the
+                                domain name referenced in the query does
+                                not exist.
+
+                4               Not Implemented - The name server does
+                                not support the requested kind of query.
+
+                5               Refused - The name server refuses to
+                                perform the specified operation for
+                                policy reasons.  For example, a name
+                                server may not wish to provide the
+                                information to the particular requester,
+                                or a name server may not wish to perform
+                                a particular operation (e.g., zone
+
+                                transfer) for particular data.
+
+                6-15            Reserved for future use.
+
+QDCOUNT         an unsigned 16 bit integer specifying the number of
+                entries in the question section.
+
+ANCOUNT         an unsigned 16 bit integer specifying the number of
+                resource records in the answer section.
+
+NSCOUNT         an unsigned 16 bit integer specifying the number of name
+                server resource records in the authority records
+                section.
+
+ARCOUNT         an unsigned 16 bit integer specifying the number of
+                resource records in the additional records section.
+
+
+ */ +struct ldns_struct_hdr +{ + /** Id of a packet */ + uint16_t _id; + /** Query bit (0=query, 1=answer) */ + bool _qr; + /** Authoritative answer */ + bool _aa; + /** Packet truncated */ + bool _tc; + /** Recursion desired */ + bool _rd; + /** Checking disabled */ + bool _cd; + /** Recursion available */ + bool _ra; + /** Authentic data */ + bool _ad; + /** Query type */ + ldns_pkt_opcode _opcode; /* XXX 8 bits? */ + /** Response code */ + uint8_t _rcode; + /** question sec */ + uint16_t _qdcount; + /** answer sec */ + uint16_t _ancount; + /** auth sec */ + uint16_t _nscount; + /** add sec */ + uint16_t _arcount; +}; +typedef struct ldns_struct_hdr ldns_hdr; + +/** + * DNS packet + * + * This structure contains a complete DNS packet (either a query or an answer) + * + * It is the complete representation of what you actually send to a + * nameserver, and what it sends back (assuming you are the client here). + */ +struct ldns_struct_pkt +{ + /** Header section */ + ldns_hdr *_header; + /* extra items needed in a packet */ + /** The size of the wire format of the packet in octets */ + ldns_rdf *_answerfrom; + /** Timestamp of the time the packet was sent or created */ + struct timeval timestamp; + /** The duration of the query this packet is an answer to */ + uint32_t _querytime; + /** The size of the wire format of the packet in octets */ + size_t _size; + /** Optional tsig rr */ + ldns_rr *_tsig_rr; + /** EDNS0 available buffer size, see RFC2671 */ + uint16_t _edns_udp_size; + /** EDNS0 Extended rcode */ + uint8_t _edns_extended_rcode; + /** EDNS Version */ + uint8_t _edns_version; + /** Reserved EDNS data bits */ + uint16_t _edns_z; + /** Arbitrary EDNS rdata */ + ldns_rdf *_edns_data; + /** Question section */ + ldns_rr_list *_question; + /** Answer section */ + ldns_rr_list *_answer; + /** Authority section */ + ldns_rr_list *_authority; + /** Additional section */ + ldns_rr_list *_additional; +}; +typedef struct ldns_struct_pkt ldns_pkt; + +/** + * The sections of a packet + */ +enum ldns_enum_pkt_section { + LDNS_SECTION_QUESTION = 0, + LDNS_SECTION_ANSWER = 1, + LDNS_SECTION_AUTHORITY = 2, + LDNS_SECTION_ADDITIONAL = 3, + /** bogus section, if not interested */ + LDNS_SECTION_ANY = 4, + /** used to get all non-question rrs from a packet */ + LDNS_SECTION_ANY_NOQUESTION = 5 +}; +typedef enum ldns_enum_pkt_section ldns_pkt_section; + +/** + * The different types of packets + */ +enum ldns_enum_pkt_type { + LDNS_PACKET_QUESTION, + LDNS_PACKET_REFERRAL, + LDNS_PACKET_ANSWER, + LDNS_PACKET_NXDOMAIN, + LDNS_PACKET_NODATA, + LDNS_PACKET_UNKNOWN +}; +typedef enum ldns_enum_pkt_type ldns_pkt_type; + +/* prototypes */ + +/* read */ + +/** + * Read the packet id + * \param[in] p the packet + * \return the packet id + */ +uint16_t ldns_pkt_id(const ldns_pkt *p); +/** + * Read the packet's qr bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_qr(const ldns_pkt *p); +/** + * Read the packet's aa bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_aa(const ldns_pkt *p); +/** + * Read the packet's tc bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_tc(const ldns_pkt *p); +/** + * Read the packet's rd bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_rd(const ldns_pkt *p); +/** + * Read the packet's cd bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_cd(const ldns_pkt *p); +/** + * Read the packet's ra bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_ra(const ldns_pkt *p); +/** + * Read the packet's ad bit + * \param[in] p the packet + * \return value of the bit + */ +bool ldns_pkt_ad(const ldns_pkt *p); +/** + * Read the packet's code + * \param[in] p the packet + * \return the opcode + */ +ldns_pkt_opcode ldns_pkt_get_opcode(const ldns_pkt *p); +/** + * Return the packet's respons code + * \param[in] p the packet + * \return the respons code + */ +ldns_pkt_rcode ldns_pkt_get_rcode(const ldns_pkt *p); +/** + * Return the packet's qd count + * \param[in] p the packet + * \return the qd count + */ +uint16_t ldns_pkt_qdcount(const ldns_pkt *p); +/** + * Return the packet's an count + * \param[in] p the packet + * \return the an count + */ +uint16_t ldns_pkt_ancount(const ldns_pkt *p); +/** + * Return the packet's ns count + * \param[in] p the packet + * \return the ns count + */ +uint16_t ldns_pkt_nscount(const ldns_pkt *p); +/** + * Return the packet's ar count + * \param[in] p the packet + * \return the ar count + */ +uint16_t ldns_pkt_arcount(const ldns_pkt *p); + +/** + * Return the packet's answerfrom + * \param[in] p packet + * \return the name of the server + */ +ldns_rdf *ldns_pkt_answerfrom(const ldns_pkt *p); + +/** + * Return the packet's timestamp + * \param[in] p the packet + * \return the timestamp + */ +struct timeval ldns_pkt_timestamp(const ldns_pkt *p); +/** + * Return the packet's querytime + * \param[in] p the packet + * \return the querytime + */ +uint32_t ldns_pkt_querytime(const ldns_pkt *p); + +/** + * Return the packet's size in bytes + * \param[in] p the packet + * \return the size + */ +size_t ldns_pkt_size(const ldns_pkt *p); + +/** + * Return the packet's tsig pseudo rr's + * \param[in] p the packet + * \return the tsig rr + */ +ldns_rr *ldns_pkt_tsig(const ldns_pkt *p); + +/** + * Return the packet's question section + * \param[in] p the packet + * \return the section + */ +ldns_rr_list *ldns_pkt_question(const ldns_pkt *p); +/** + * Return the packet's answer section + * \param[in] p the packet + * \return the section + */ +ldns_rr_list *ldns_pkt_answer(const ldns_pkt *p); +/** + * Return the packet's authority section + * \param[in] p the packet + * \return the section + */ +ldns_rr_list *ldns_pkt_authority(const ldns_pkt *p); +/** + * Return the packet's additional section + * \param[in] p the packet + * \return the section + */ +ldns_rr_list *ldns_pkt_additional(const ldns_pkt *p); +/** + * Return the packet's question, answer, authority and additional sections + * concatenated, in a new rr_list clone. + * \param[in] p the packet + * \return the rrs + */ +ldns_rr_list *ldns_pkt_all(const ldns_pkt *p); +/** + * Return the packet's answer, authority and additional sections concatenated, + * in a new rr_list clone. Like ldns_pkt_all but without the questions. + * \param[in] p the packet + * \return the rrs except the question rrs + */ +ldns_rr_list *ldns_pkt_all_noquestion(const ldns_pkt *p); + +/** + * return all the rr_list's in the packet. Clone the lists, instead + * of returning pointers. + * \param[in] p the packet to look in + * \param[in] s what section(s) to return + * \return ldns_rr_list with the rr's or NULL if none were found + */ +ldns_rr_list *ldns_pkt_get_section_clone(const ldns_pkt *p, ldns_pkt_section s); + +/** + * return all the rr with a specific name from a packet. Optionally + * specify from which section in the packet + * \param[in] p the packet + * \param[in] r the name + * \param[in] s the packet's section + * \return a list with the rr's or NULL if none were found + */ +ldns_rr_list *ldns_pkt_rr_list_by_name(ldns_pkt *p, ldns_rdf *r, ldns_pkt_section s); +/** + * return all the rr with a specific type from a packet. Optionally + * specify from which section in the packet + * \param[in] p the packet + * \param[in] t the type + * \param[in] s the packet's section + * \return a list with the rr's or NULL if none were found + */ +ldns_rr_list *ldns_pkt_rr_list_by_type(const ldns_pkt *p, ldns_rr_type t, ldns_pkt_section s); +/** + * return all the rr with a specific type and type from a packet. Optionally + * specify from which section in the packet + * \param[in] packet the packet + * \param[in] ownername the name + * \param[in] type the type + * \param[in] sec the packet's section + * \return a list with the rr's or NULL if none were found + */ +ldns_rr_list *ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, const ldns_rdf *ownername, ldns_rr_type type, ldns_pkt_section sec); + + +/** + * check to see if an rr exist in the packet + * \param[in] pkt the packet to examine + * \param[in] sec in which section to look + * \param[in] rr the rr to look for + */ +bool ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr); + + +/** + * sets the flags in a packet. + * \param[in] pkt the packet to operate on + * \param[in] flags ORed values: LDNS_QR| LDNS_AR for instance + * \return true on success otherwise false + */ +bool ldns_pkt_set_flags(ldns_pkt *pkt, uint16_t flags); + +/** + * Set the packet's id + * \param[in] p the packet + * \param[in] id the id to set + */ +void ldns_pkt_set_id(ldns_pkt *p, uint16_t id); +/** + * Set the packet's id to a random value + * \param[in] p the packet + */ +void ldns_pkt_set_random_id(ldns_pkt *p); +/** + * Set the packet's qr bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_qr(ldns_pkt *p, bool b); +/** + * Set the packet's aa bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_aa(ldns_pkt *p, bool b); +/** + * Set the packet's tc bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_tc(ldns_pkt *p, bool b); +/** + * Set the packet's rd bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_rd(ldns_pkt *p, bool b); +/** + * Set the packet's cd bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_cd(ldns_pkt *p, bool b); +/** + * Set the packet's ra bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_ra(ldns_pkt *p, bool b); +/** + * Set the packet's ad bit + * \param[in] p the packet + * \param[in] b the value to set (boolean) + */ +void ldns_pkt_set_ad(ldns_pkt *p, bool b); + +/** + * Set the packet's opcode + * \param[in] p the packet + * \param[in] c the opcode + */ +void ldns_pkt_set_opcode(ldns_pkt *p, ldns_pkt_opcode c); +/** + * Set the packet's respons code + * \param[in] p the packet + * \param[in] c the rcode + */ +void ldns_pkt_set_rcode(ldns_pkt *p, uint8_t c); +/** + * Set the packet's qd count + * \param[in] p the packet + * \param[in] c the count + */ +void ldns_pkt_set_qdcount(ldns_pkt *p, uint16_t c); +/** + * Set the packet's an count + * \param[in] p the packet + * \param[in] c the count + */ +void ldns_pkt_set_ancount(ldns_pkt *p, uint16_t c); +/** + * Set the packet's ns count + * \param[in] p the packet + * \param[in] c the count + */ +void ldns_pkt_set_nscount(ldns_pkt *p, uint16_t c); +/** + * Set the packet's arcount + * \param[in] p the packet + * \param[in] c the count + */ +void ldns_pkt_set_arcount(ldns_pkt *p, uint16_t c); +/** + * Set the packet's answering server + * \param[in] p the packet + * \param[in] r the address + */ +void ldns_pkt_set_answerfrom(ldns_pkt *p, ldns_rdf *r); +/** + * Set the packet's query time + * \param[in] p the packet + * \param[in] t the querytime in msec + */ +void ldns_pkt_set_querytime(ldns_pkt *p, uint32_t t); +/** + * Set the packet's size + * \param[in] p the packet + * \param[in] s the size + */ +void ldns_pkt_set_size(ldns_pkt *p, size_t s); + +/** + * Set the packet's timestamp + * \param[in] p the packet + * \param[in] timeval the timestamp + */ +void ldns_pkt_set_timestamp(ldns_pkt *p, struct timeval); +/** + * Set a packet's section count to x + * \param[in] p the packet + * \param[in] s the section + * \param[in] x the section count + */ +void ldns_pkt_set_section_count(ldns_pkt *p, ldns_pkt_section s, uint16_t x); +/** + * Set the packet's tsig rr + * \param[in] p the packet + * \param[in] t the tsig rr + */ +void ldns_pkt_set_tsig(ldns_pkt *p, ldns_rr *t); + +/** + * looks inside the packet to determine + * what kind of packet it is, AUTH, NXDOMAIN, REFERRAL, etc. + * \param[in] p the packet to examine + * \return the type of packet + */ +ldns_pkt_type ldns_pkt_reply_type(ldns_pkt *p); + +/** + * return the packet's edns udp size + * \param[in] packet the packet + * \return the size + */ +uint16_t ldns_pkt_edns_udp_size(const ldns_pkt *packet); +/** + * return the packet's edns extended rcode + * \param[in] packet the packet + * \return the rcode + */ +uint8_t ldns_pkt_edns_extended_rcode(const ldns_pkt *packet); +/** + * return the packet's edns version + * \param[in] packet the packet + * \return the version + */ +uint8_t ldns_pkt_edns_version(const ldns_pkt *packet); +/** + * return the packet's edns z value + * \param[in] packet the packet + * \return the z value + */ +uint16_t ldns_pkt_edns_z(const ldns_pkt *packet); +/** + * return the packet's edns data + * \param[in] packet the packet + * \return the data + */ +ldns_rdf *ldns_pkt_edns_data(const ldns_pkt *packet); + +/** + * return the packet's edns do bit + * \param[in] packet the packet + * \return the bit's value + */ +bool ldns_pkt_edns_do(const ldns_pkt *packet); +/** + * Set the packet's edns do bit + * \param[in] packet the packet + * \param[in] value the bit's new value + */ +void ldns_pkt_set_edns_do(ldns_pkt *packet, bool value); + +/** + * returns true if this packet needs and EDNS rr to be sent. + * At the moment the only reason is an expected packet + * size larger than 512 bytes, but for instance dnssec would + * be a good reason too. + * + * \param[in] packet the packet to check + * \return true if packet needs edns rr + */ +bool ldns_pkt_edns(const ldns_pkt *packet); + +/** + * Set the packet's edns udp size + * \param[in] packet the packet + * \param[in] s the size + */ +void ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s); +/** + * Set the packet's edns extended rcode + * \param[in] packet the packet + * \param[in] c the code + */ +void ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c); +/** + * Set the packet's edns version + * \param[in] packet the packet + * \param[in] v the version + */ +void ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v); +/** + * Set the packet's edns z value + * \param[in] packet the packet + * \param[in] z the value + */ +void ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z); +/** + * Set the packet's edns data + * \param[in] packet the packet + * \param[in] data the data + */ +void ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data); + +/** + * allocates and initializes a ldns_pkt structure. + * \return pointer to the new packet + */ +ldns_pkt *ldns_pkt_new(); + +/** + * frees the packet structure and all data that it contains. + * \param[in] packet The packet structure to free + * \return void + */ +void ldns_pkt_free(ldns_pkt *packet); + +/** + * creates a query packet for the given name, type, class. + * \param[out] p the packet to be returned + * \param[in] rr_name the name to query for (as string) + * \param[in] rr_type the type to query for + * \param[in] rr_class the class to query for + * \param[in] flags packet flags + * \return LDNS_STATUS_OK or a ldns_status mesg with the error + */ +ldns_status ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class , uint16_t flags); + +/** + * creates a packet with a query in it for the given name, type and class. + * \param[in] rr_name the name to query for + * \param[in] rr_type the type to query for + * \param[in] rr_class the class to query for + * \param[in] flags packet flags + * \return ldns_pkt* a pointer to the new pkt + */ +ldns_pkt *ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class, uint16_t flags); + +/** + * clones the given packet, creating a fully allocated copy + * + * \param[in] pkt the packet to clone + * \return ldns_pkt* pointer to the new packet + */ +ldns_pkt *ldns_pkt_clone(ldns_pkt *pkt); + +/** + * directly set the additional section + * \param[in] p packet to operate on + * \param[in] rr rrlist to set + */ +void ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr); + +/** + * directly set the answer section + * \param[in] p packet to operate on + * \param[in] rr rrlist to set + */ +void ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr); + +/** + * directly set the question section + * \param[in] p packet to operate on + * \param[in] rr rrlist to set + */ +void ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr); + +/** + * directly set the auhority section + * \param[in] p packet to operate on + * \param[in] rr rrlist to set + */ +void ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr); + +/** + * push an rr on a packet + * \param[in] packet packet to operate on + * \param[in] section where to put it + * \param[in] rr rr to push + * \return a boolean which is true when the rr was added + */ +bool ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr); + +/** + * push an rr on a packet, provided the RR is not there. + * \param[in] pkt packet to operate on + * \param[in] sec where to put it + * \param[in] rr rr to push + * \return a boolean which is true when the rr was added + */ +bool ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr); + +/** + * push a rr_list on a packet + * \param[in] packet packet to operate on + * \param[in] section where to put it + * \param[in] list the rr_list to push + * \return a boolean which is true when the rr was added + */ +bool ldns_pkt_push_rr_list(ldns_pkt *packet, ldns_pkt_section section, ldns_rr_list *list); + +/** + * push an rr_list to a packet, provided the RRs are not already there. + * \param[in] pkt packet to operate on + * \param[in] sec where to put it + * \param[in] list the rr_list to push + * \return a boolean which is true when the rr was added + */ +bool ldns_pkt_safe_push_rr_list(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr_list *list); + +/** + * check if a packet is empty + * \param[in] p packet + * \return true: empty, false: empty + */ +bool ldns_pkt_empty(ldns_pkt *p); + +#endif /* LDNS_PACKET_H */ diff --git a/contrib/ldns/ldns/parse.h b/contrib/ldns/ldns/parse.h new file mode 100644 index 0000000000..5d3dfd42bc --- /dev/null +++ b/contrib/ldns/ldns/parse.h @@ -0,0 +1,159 @@ +/* + * parse.h + * + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ + +#ifndef LDNS_PARSE_H +#define LDNS_PARSE_H + +#include +#include + +#define LDNS_PARSE_SKIP_SPACE "\f\n\r\v" +#define LDNS_PARSE_NORMAL " \f\n\r\t\v" +#define LDNS_PARSE_NO_NL " \t" +#define LDNS_MAX_LINELEN 10230 +#define LDNS_MAX_KEYWORDLEN 32 + + +/** + * \file + * + * Contains some low-level parsing functions, mostly used in the _frm_str + * family of functions. + */ + +/** + * different type of directives in zone files + * We now deal with $TTL, $ORIGIN and $INCLUDE. + * The latter is not implemented in ldns (yet) + */ +enum ldns_enum_directive +{ + LDNS_DIR_TTL, + LDNS_DIR_ORIGIN, + LDNS_DIR_INCLUDE +}; +typedef enum ldns_enum_directive ldns_directive; + +/** + * returns a token/char from the stream F. + * This function deals with ( and ) in the stream, + * and ignores them when encountered + * \param[in] *f the file to read from + * \param[out] *token the read token is put here + * \param[in] *delim chars at which the parsing should stop + * \param[in] *limit how much to read. If 0 the builtin maximum is used + * \return 0 on error of EOF of the stream F. Otherwise return the length of what is read + */ +ssize_t ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit); + +/** + * returns a token/char from the stream F. + * This function deals with ( and ) in the stream, + * and ignores when it finds them. + * \param[in] *f the file to read from + * \param[out] *token the token is put here + * \param[in] *delim chars at which the parsing should stop + * \param[in] *limit how much to read. If 0 use builtin maximum + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return 0 on error of EOF of F otherwise return the length of what is read + */ +ssize_t ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr); + +/** + * returns a token/char from the buffer b. + * This function deals with ( and ) in the buffer, + * and ignores when it finds them. + * \param[in] *b the buffer to read from + * \param[out] *token the token is put here + * \param[in] *delim chars at which the parsing should stop + * \param[in] *limit how much to read. If 0 the builtin maximum is used + * \returns 0 on error of EOF of b. Otherwise return the length of what is read + */ +ssize_t ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit); + +/* + * searches for keyword and delim in a file. Gives everything back + * after the keyword + k_del until we hit d_del + * \param[in] f file pointer to read from + * \param[in] keyword keyword to look for + * \param[in] k_del keyword delimeter + * \param[out] data the data found + * \param[in] d_del the data delimeter + * \param[in] data_limit maximum size the the data buffer + * \return the number of character read + */ +ssize_t ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); + +/* + * searches for keyword and delim. Gives everything back + * after the keyword + k_del until we hit d_del + * \param[in] f file pointer to read from + * \param[in] keyword keyword to look for + * \param[in] k_del keyword delimeter + * \param[out] data the data found + * \param[in] d_del the data delimeter + * \param[in] data_limit maximum size the the data buffer + * \param[in] line_nr pointer to an integer containing the current line number (for +debugging purposes) + * \return the number of character read + */ +ssize_t ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit, int *line_nr); + +/* + * searches for keyword and delim in a buffer. Gives everything back + * after the keyword + k_del until we hit d_del + * \param[in] b buffer pointer to read from + * \param[in] keyword keyword to look for + * \param[in] k_del keyword delimeter + * \param[out] data the data found + * \param[in] d_del the data delimeter + * \param[in] data_limit maximum size the the data buffer + * \return the number of character read + */ +ssize_t ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char *data, const char *d_del, size_t data_limit); + +/** + * returns the next character from a buffer. Advances the position pointer with 1. + * When end of buffer is reached returns EOF. This is the buffer's equivalent + * for getc(). + * \param[in] *buffer buffer to read from + * \return EOF on failure otherwise return the character + */ +int ldns_bgetc(ldns_buffer *buffer); + +/** + * skips all of the characters in the given string in the buffer, moving + * the position to the first character that is not in *s. + * \param[in] *buffer buffer to use + * \param[in] *s characters to skip + * \return void + */ +void ldns_bskipcs(ldns_buffer *buffer, const char *s); + +/** + * skips all of the characters in the given string in the fp, moving + * the position to the first character that is not in *s. + * \param[in] *fp file to use + * \param[in] *s characters to skip + * \return void + */ +void ldns_fskipcs(FILE *fp, const char *s); + + +/** + * skips all of the characters in the given string in the fp, moving + * the position to the first character that is not in *s. + * \param[in] *fp file to use + * \param[in] *s characters to skip + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return void + */ +void ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr); + +#endif /* LDNS_PARSE_H */ diff --git a/contrib/ldns/ldns/rbtree.h b/contrib/ldns/ldns/rbtree.h new file mode 100644 index 0000000000..ac20dde17e --- /dev/null +++ b/contrib/ldns/ldns/rbtree.h @@ -0,0 +1,221 @@ +/* + * rbtree.h -- generic red-black tree + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * Red black tree. Implementation taken from NSD 3.0.5, adjusted for use + * in unbound (memory allocation, logging and so on). + */ + +#ifndef LDNS_RBTREE_H_ +#define LDNS_RBTREE_H_ + +/** + * This structure must be the first member of the data structure in + * the rbtree. This allows easy casting between an rbnode_t and the + * user data (poor man's inheritance). + */ +typedef struct ldns_rbnode_t ldns_rbnode_t; +/** + * The rbnode_t struct definition. + */ +struct ldns_rbnode_t { + /** parent in rbtree, RBTREE_NULL for root */ + ldns_rbnode_t *parent; + /** left node (smaller items) */ + ldns_rbnode_t *left; + /** right node (larger items) */ + ldns_rbnode_t *right; + /** pointer to sorting key */ + const void *key; + /** pointer to data */ + const void *data; + /** colour of this node */ + uint8_t color; +}; + +/** The nullpointer, points to empty node */ +#define LDNS_RBTREE_NULL &ldns_rbtree_null_node +/** the global empty node */ +extern ldns_rbnode_t ldns_rbtree_null_node; + +/** An entire red black tree */ +typedef struct ldns_rbtree_t ldns_rbtree_t; +/** definition for tree struct */ +struct ldns_rbtree_t { + /** The root of the red-black tree */ + ldns_rbnode_t *root; + + /** The number of the nodes in the tree */ + size_t count; + + /** + * Key compare function. <0,0,>0 like strcmp. + * Return 0 on two NULL ptrs. + */ + int (*cmp) (const void *, const void *); +}; + +/** + * Create new tree (malloced) with given key compare function. + * @param cmpf: compare function (like strcmp) takes pointers to two keys. + * @return: new tree, empty. + */ +ldns_rbtree_t *ldns_rbtree_create(int (*cmpf)(const void *, const void *)); + +/** + * Free the complete tree (but not its keys) + * @param rbtree The tree to free + */ +void ldns_rbtree_free(ldns_rbtree_t *rbtree); + +/** + * Init a new tree (malloced by caller) with given key compare function. + * @param rbtree: uninitialised memory for new tree, returned empty. + * @param cmpf: compare function (like strcmp) takes pointers to two keys. + */ +void ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *)); + +/** + * Insert data into the tree. + * @param rbtree: tree to insert to. + * @param data: element to insert. + * @return: data ptr or NULL if key already present. + */ +ldns_rbnode_t *ldns_rbtree_insert(ldns_rbtree_t *rbtree, ldns_rbnode_t *data); + +/** + * Insert data into the tree (reversed arguments, for use as callback) + * \param[in] data element to insert + * \param[out] rbtree tree to insert in to + * \return data ptr or NULL if key is already present + */ +void ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree); + +/** + * Delete element from tree. + * @param rbtree: tree to delete from. + * @param key: key of item to delete. + * @return: node that is now unlinked from the tree. User to delete it. + * returns 0 if node not present + */ +ldns_rbnode_t *ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key); + +/** + * Find key in tree. Returns NULL if not found. + * @param rbtree: tree to find in. + * @param key: key that must match. + * @return: node that fits or NULL. + */ +ldns_rbnode_t *ldns_rbtree_search(ldns_rbtree_t *rbtree, const void *key); + +/** + * Find, but match does not have to be exact. + * @param rbtree: tree to find in. + * @param key: key to find position of. + * @param result: set to the exact node if present, otherwise to element that + * precedes the position of key in the tree. NULL if no smaller element. + * @return: true if exact match in result. Else result points to <= element, + * or NULL if key is smaller than the smallest key. + */ +int ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, + ldns_rbnode_t **result); + +/** + * Returns first (smallest) node in the tree + * @param rbtree: tree + * @return: smallest element or NULL if tree empty. + */ +ldns_rbnode_t *ldns_rbtree_first(ldns_rbtree_t *rbtree); + +/** + * Returns last (largest) node in the tree + * @param rbtree: tree + * @return: largest element or NULL if tree empty. + */ +ldns_rbnode_t *ldns_rbtree_last(ldns_rbtree_t *rbtree); + +/** + * Returns next larger node in the tree + * @param rbtree: tree + * @return: next larger element or NULL if no larger in tree. + */ +ldns_rbnode_t *ldns_rbtree_next(ldns_rbnode_t *rbtree); + +/** + * Returns previous smaller node in the tree + * @param rbtree: tree + * @return: previous smaller element or NULL if no previous in tree. + */ +ldns_rbnode_t *ldns_rbtree_previous(ldns_rbnode_t *rbtree); + +/** + * split off 'elements' number of elements from the start + * of the name tree and return a new tree containing those + * elements + */ +ldns_rbtree_t *ldns_rbtree_split(ldns_rbtree_t *tree, size_t elements); + +/** + * add all node from the second tree to the first (removing them from the + * second), and fix up nsec(3)s if present + */ +void ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2); + +/** + * Call with node=variable of struct* with rbnode_t as first element. + * with type is the type of a pointer to that struct. + */ +#define LDNS_RBTREE_FOR(node, type, rbtree) \ + for(node=(type)ldns_rbtree_first(rbtree); \ + (ldns_rbnode_t*)node != LDNS_RBTREE_NULL; \ + node = (type)ldns_rbtree_next((ldns_rbnode_t*)node)) + +/** + * Call function for all elements in the redblack tree, such that + * leaf elements are called before parent elements. So that all + * elements can be safely free()d. + * Note that your function must not remove the nodes from the tree. + * Since that may trigger rebalances of the rbtree. + * @param tree: the tree + * @param func: function called with element and user arg. + * The function must not alter the rbtree. + * @param arg: user argument. + */ +void ldns_traverse_postorder(ldns_rbtree_t* tree, + void (*func)(ldns_rbnode_t*, void*), void* arg); + +#endif /* UTIL_RBTREE_H_ */ diff --git a/contrib/ldns/ldns/rdata.h b/contrib/ldns/ldns/rdata.h new file mode 100644 index 0000000000..dc90270a18 --- /dev/null +++ b/contrib/ldns/ldns/rdata.h @@ -0,0 +1,372 @@ +/* + * rdata.h + * + * rdata definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + + +/** + * \file + * + * Defines ldns_rdf and functions to manipulate those. + */ + + +#ifndef LDNS_RDATA_H +#define LDNS_RDATA_H + +#include +#include + +#define LDNS_MAX_RDFLEN 8192 + +#define LDNS_RDF_SIZE_BYTE 1 +#define LDNS_RDF_SIZE_WORD 2 +#define LDNS_RDF_SIZE_DOUBLEWORD 4 +#define LDNS_RDF_SIZE_6BYTES 6 +#define LDNS_RDF_SIZE_16BYTES 16 + +#define LDNS_NSEC3_VARS_OPTOUT_MASK 0x01 + +/** + * The different types of RDATA fields. + */ +enum ldns_enum_rdf_type +{ + /** none */ + LDNS_RDF_TYPE_NONE, + /** domain name */ + LDNS_RDF_TYPE_DNAME, + /** 8 bits */ + LDNS_RDF_TYPE_INT8, + /** 16 bits */ + LDNS_RDF_TYPE_INT16, + /** 32 bits */ + LDNS_RDF_TYPE_INT32, + /** A record */ + LDNS_RDF_TYPE_A, + /** AAAA record */ + LDNS_RDF_TYPE_AAAA, + /** txt string */ + LDNS_RDF_TYPE_STR, + /** apl data */ + LDNS_RDF_TYPE_APL, + /** b32 string */ + LDNS_RDF_TYPE_B32_EXT, + /** b64 string */ + LDNS_RDF_TYPE_B64, + /** hex string */ + LDNS_RDF_TYPE_HEX, + /** nsec type codes */ + LDNS_RDF_TYPE_NSEC, + /** a RR type */ + LDNS_RDF_TYPE_TYPE, + /** a class */ + LDNS_RDF_TYPE_CLASS, + /** certificate algorithm */ + LDNS_RDF_TYPE_CERT_ALG, + /** a key algorithm */ + LDNS_RDF_TYPE_ALG, + /** unknown types */ + LDNS_RDF_TYPE_UNKNOWN, + /** time (32 bits) */ + LDNS_RDF_TYPE_TIME, + /** period */ + LDNS_RDF_TYPE_PERIOD, + /** tsig time 48 bits */ + LDNS_RDF_TYPE_TSIGTIME, + LDNS_RDF_TYPE_TSIG, + /** variable length any type rdata where the length + is specified by the first 2 bytes */ + LDNS_RDF_TYPE_INT16_DATA, + /** protocol and port bitmaps */ + LDNS_RDF_TYPE_SERVICE, + /** location data */ + LDNS_RDF_TYPE_LOC, + /** well known services */ + LDNS_RDF_TYPE_WKS, + /** NSAP */ + LDNS_RDF_TYPE_NSAP, + /** ATMA */ + LDNS_RDF_TYPE_ATMA, + /** IPSECKEY */ + LDNS_RDF_TYPE_IPSECKEY, + /** nsec3 hash salt */ + LDNS_RDF_TYPE_NSEC3_SALT, + /** nsec3 base32 string (with length byte on wire */ + LDNS_RDF_TYPE_NSEC3_NEXT_OWNER +}; +typedef enum ldns_enum_rdf_type ldns_rdf_type; + +/** + * algorithms used in CERT rrs + */ +enum ldns_enum_cert_algorithm +{ + LDNS_CERT_PKIX = 1, + LDNS_CERT_SPKI = 2, + LDNS_CERT_PGP = 3, + LDNS_CERT_URI = 253, + LDNS_CERT_OID = 254 +}; +typedef enum ldns_enum_cert_algorithm ldns_cert_algorithm; + + + +/** + * Resource record data field. + * + * The data is a network ordered array of bytes, which size is specified by + * the (16-bit) size field. To correctly parse it, use the type + * specified in the (16-bit) type field with a value from \ref ldns_rdf_type. + */ +struct ldns_struct_rdf +{ + /** The size of the data (in octets) */ + size_t _size; + /** The type of the data */ + ldns_rdf_type _type; + /** Pointer to the data (raw octets) */ + void *_data; +}; +typedef struct ldns_struct_rdf ldns_rdf; + +/* prototypes */ + +/* write access functions */ + +/** + * sets the size of the rdf. + * \param[in] *rd the rdf to operate on + * \param[in] size the new size + * \return void + */ +void ldns_rdf_set_size(ldns_rdf *rd, size_t size); + +/** + * sets the size of the rdf. + * \param[in] *rd the rdf to operate on + * \param[in] type the new type + * \return void + */ +void ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type); + +/** + * sets the size of the rdf. + * \param[in] *rd the rdf to operate on + * \param[in] *data pointer to the new data + * \return void + */ +void ldns_rdf_set_data(ldns_rdf *rd, void *data); + +/* read access */ + +/** + * returns the size of the rdf. + * \param[in] *rd the rdf to read from + * \return uint16_t with the size + */ +size_t ldns_rdf_size(const ldns_rdf *rd); + +/** + * returns the type of the rdf. We need to insert _get_ + * here to prevent conflict the the rdf_type TYPE. + * \param[in] *rd the rdf to read from + * \return ldns_rdf_type with the type + */ +ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd); + +/** + * returns the data of the rdf. + * \param[in] *rd the rdf to read from + * \return uint8_t* pointer to the rdf's data + */ +uint8_t *ldns_rdf_data(const ldns_rdf *rd); + +/* creator functions */ + +/** + * allocates a new rdf structure and fills it. + * This function DOES NOT copy the contents from + * the buffer, unlinke ldns_rdf_new_frm_data() + * \param[in] type type of the rdf + * \param[in] size size of the buffer + * \param[in] data pointer to the buffer to be copied + * \return the new rdf structure or NULL on failure + */ +ldns_rdf *ldns_rdf_new(ldns_rdf_type type, size_t size, void *data); + +/** + * allocates a new rdf structure and fills it. + * This function _does_ copy the contents from + * the buffer, unlinke ldns_rdf_new() + * \param[in] type type of the rdf + * \param[in] size size of the buffer + * \param[in] data pointer to the buffer to be copied + * \return the new rdf structure or NULL on failure + */ +ldns_rdf *ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data); + +/** + * creates a new rdf from a string. + * \param[in] type type to use + * \param[in] str string to use + * \return ldns_rdf* or NULL in case of an error + */ +ldns_rdf *ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str); + +/** + * creates a new rdf from a file containing a string. + * \param[out] r the new rdf + * \param[in] type type to use + * \param[in] fp the file pointer to use + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_rdf_new_frm_fp(ldns_rdf **r, ldns_rdf_type type, FILE *fp); + +/** + * creates a new rdf from a file containing a string. + * \param[out] r the new rdf + * \param[in] type type to use + * \param[in] fp the file pointer to use + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_rdf_new_frm_fp_l(ldns_rdf **r, ldns_rdf_type type, FILE *fp, int *line_nr); + +/* destroy functions */ + +/** + * frees a rdf structure, leaving the + * data pointer intact. + * \param[in] rd the pointer to be freed + * \return void + */ +void ldns_rdf_free(ldns_rdf *rd); + +/** + * frees a rdf structure _and_ frees the + * data. rdf should be created with _new_frm_data + * \param[in] rd the rdf structure to be freed + * \return void + */ +void ldns_rdf_deep_free(ldns_rdf *rd); + +/* conversion functions */ + +/** + * returns the rdf containing the native uint8_t repr. + * \param[in] type the ldns_rdf type to use + * \param[in] value the uint8_t to use + * \return ldns_rdf* with the converted value + */ +ldns_rdf *ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value); + +/** + * returns the rdf containing the native uint16_t representation. + * \param[in] type the ldns_rdf type to use + * \param[in] value the uint16_t to use + * \return ldns_rdf* with the converted value + */ +ldns_rdf *ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value); + +/** + * returns an rdf that contains the given int32 value. + * + * Because multiple rdf types can contain an int32, the + * type must be specified + * \param[in] type the ldns_rdf type to use + * \param[in] value the uint32_t to use + * \return ldns_rdf* with the converted value + */ +ldns_rdf *ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value); + +/** + * returns an int16_data rdf that contains the data in the + * given array, preceded by an int16 specifying the length. + * + * The memory is copied, and an LDNS_RDF_TYPE_INT16DATA is returned + * \param[in] size the size of the data + * \param[in] *data pointer to the actual data + * \return ldns_rd* the rdf with the data + */ +ldns_rdf *ldns_native2rdf_int16_data(size_t size, uint8_t *data); + +/** + * reverses an rdf, only actually useful for AAAA and A records. + * The returned rdf has the type LDNS_RDF_TYPE_DNAME! + * \param[in] *rd rdf to be reversed + * \return the reversed rdf (a newly created rdf) + */ +ldns_rdf *ldns_rdf_address_reverse(ldns_rdf *rd); + +/** + * returns the native uint8_t representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \return uint8_t the value extracted + */ +uint8_t ldns_rdf2native_int8(const ldns_rdf *rd); + +/** + * returns the native uint16_t representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \return uint16_t the value extracted + */ +uint16_t ldns_rdf2native_int16(const ldns_rdf *rd); + +/** + * returns the native uint32_t representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \return uint32_t the value extracted + */ +uint32_t ldns_rdf2native_int32(const ldns_rdf *rd); + +/** + * returns the native time_t representation from the rdf. + * \param[in] rd the ldns_rdf to operate on + * \return time_t the value extracted (32 bits currently) + */ +time_t ldns_rdf2native_time_t(const ldns_rdf *rd); + +/** + * converts a ttl value (like 5d2h) to a long. + * \param[in] nptr the start of the string + * \param[out] endptr points to the last char in case of error + * \return the convert duration value + */ +uint32_t ldns_str2period(const char *nptr, const char **endptr); + +/** + * removes \\DDD, \\[space] and other escapes from the input. + * See RFC 1035, section 5.1. + * \param[in] word what to check + * \param[in] length the string + * \return ldns_status mesg + */ +ldns_status ldns_octet(char *word, size_t *length); + +/** + * clones a rdf structure. The data is copied. + * \param[in] rd rdf to be copied + * \return a new rdf structure + */ +ldns_rdf *ldns_rdf_clone(const ldns_rdf *rd); + +/** + * compares two rdf's on their wire formats. + * (To order dnames according to rfc4034, use ldns_dname_compare) + * \param[in] rd1 the first one + * \param[in] rd2 the second one + * \return 0 if equal + * \return -1 if rd1 comes before rd2 + * \return +1 if rd2 comes before rd1 + */ +int ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2); + +#endif /* LDNS_RDATA_H */ diff --git a/contrib/ldns/ldns/resolver.h b/contrib/ldns/ldns/resolver.h new file mode 100644 index 0000000000..80b853e1c3 --- /dev/null +++ b/contrib/ldns/ldns/resolver.h @@ -0,0 +1,699 @@ +/* + * resolver.h + * + * DNS Resolver definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Defines the ldns_resolver structure, a stub resolver that can send queries and parse answers. + * + */ + +#ifndef LDNS_RESOLVER_H +#define LDNS_RESOLVER_H + +#include +#include +#include +#include +#include +#include +#include + +/** Default location of the resolv.conf file */ +#define LDNS_RESOLV_CONF "/etc/resolv.conf" +/** Default location of the hosts file */ +#define LDNS_RESOLV_HOSTS "/etc/hosts" + +#define LDNS_RESOLV_KEYWORD -1 +#define LDNS_RESOLV_DEFDOMAIN 0 +#define LDNS_RESOLV_NAMESERVER 1 +#define LDNS_RESOLV_SEARCH 2 +#define LDNS_RESOLV_SORTLIST 3 +#define LDNS_RESOLV_OPTIONS 4 +#define LDNS_RESOLV_ANCHOR 5 +#define LDNS_RESOLV_KEYWORDS 6 + +#define LDNS_RESOLV_INETANY 0 +#define LDNS_RESOLV_INET 1 +#define LDNS_RESOLV_INET6 2 + +#define LDNS_RESOLV_RTT_INF 0 /* infinity */ +#define LDNS_RESOLV_RTT_MIN 1 /* reachable */ + +/** + * DNS stub resolver structure + */ +struct ldns_struct_resolver +{ + /** Port to send queries to */ + uint16_t _port; + + /** Array of nameservers to query (IP addresses or dnames) */ + ldns_rdf **_nameservers; + /** Number of nameservers in \c _nameservers */ + size_t _nameserver_count; /* how many do we have */ + + /** Round trip time; 0 -> infinity. Unit: ms? */ + size_t *_rtt; + + /** Wether or not to be recursive */ + bool _recursive; + + /** Print debug information */ + bool _debug; + + /** Default domain to add to non fully qualified domain names */ + ldns_rdf *_domain; + + /** Searchlist array, add the names in this array if a query cannot be found */ + ldns_rdf **_searchlist; + + /** Number of entries in the searchlist array */ + size_t _searchlist_count; + + /** Number of times to retry before giving up */ + uint8_t _retry; + /** Time to wait before retrying */ + uint8_t _retrans; + /** Use new fallback mechanism (try EDNS, then do TCP) */ + bool _fallback; + + /** Whether to do DNSSEC */ + bool _dnssec; + /** Whether to set the CD bit on DNSSEC requests */ + bool _dnssec_cd; + /** Optional trust anchors for complete DNSSEC validation */ + ldns_rr_list * _dnssec_anchors; + /** Whether to use tcp or udp (tcp if the value is true)*/ + bool _usevc; + /** Whether to ignore the tc bit */ + bool _igntc; + /** Whether to use ip6, 0->does not matter, 1 is IPv4, 2 is IPv6 */ + uint8_t _ip6; + /** If true append the default domain */ + bool _defnames; + /** If true apply the search list */ + bool _dnsrch; + /** Timeout for socket connections */ + struct timeval _timeout; + /** Only try the first nameserver, and return with an error directly if it fails */ + bool _fail; + /** Randomly choose a nameserver */ + bool _random; + /** Keep some things to make AXFR possible */ + int _socket; + /** Count the number of LDNS_RR_TYPE_SOA RRs we have seen so far + * (the second one signifies the end of the AXFR) + */ + int _axfr_soa_count; + /* when axfring we get complete packets from the server + but we want to give the caller 1 rr at a time, so + keep the current pkt */ + /** Packet currently handled when doing part of an AXFR */ + ldns_pkt *_cur_axfr_pkt; + /** Counter for within the AXFR packets */ + uint16_t _axfr_i; + /* EDNS0 available buffer size */ + uint16_t _edns_udp_size; + + /* Optional tsig key for signing queries, + outgoing messages are signed if and only if both are set + */ + /** Name of the key to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */ + char *_tsig_keyname; + /** Secret key data to use with TSIG, if _tsig_keyname and _tsig_keydata both contain values, outgoing messages are automatically signed with TSIG. */ + char *_tsig_keydata; + /** TSIG signing algorithm */ + char *_tsig_algorithm; +}; +typedef struct ldns_struct_resolver ldns_resolver; + +/* prototypes */ +/* read access functions */ + +/** + * Get the port the resolver should use + * \param[in] r the resolver + * \return the port number + */ +uint16_t ldns_resolver_port(const ldns_resolver *r); + +/** + * Is the resolver set to recurse + * \param[in] r the resolver + * \return true if so, otherwise false + */ +bool ldns_resolver_recursive(const ldns_resolver *r); + +/** + * Get the debug status of the resolver + * \param[in] r the resolver + * \return true if so, otherwise false + */ +bool ldns_resolver_debug(const ldns_resolver *r); + +/** + * Get the number of retries + * \param[in] r the resolver + * \return the number of retries + */ +uint8_t ldns_resolver_retry(const ldns_resolver *r); + +/** + * Get the retransmit interval + * \param[in] r the resolver + * \return the retransmit interval + */ +uint8_t ldns_resolver_retrans(const ldns_resolver *r); + +/** + * Get the truncation fallback status + * \param[in] r the resolver + * \return whether the truncation fallback mechanism is used + */ +bool ldns_resolver_fallback(const ldns_resolver *r); + +/** + * Does the resolver use ip6 or ip4 + * \param[in] r the resolver + * \return 0: both, 1: ip4, 2:ip6 + */ +uint8_t ldns_resolver_ip6(const ldns_resolver *r); + +/** + * Get the resolver's udp size + * \param[in] r the resolver + * \return the udp mesg size + */ +uint16_t ldns_resolver_edns_udp_size(const ldns_resolver *r); +/** + * Does the resolver use tcp or udp + * \param[in] r the resolver + * \return true: tcp, false: udp + */ +bool ldns_resolver_usevc(const ldns_resolver *r); +/** + * Does the resolver only try the first nameserver + * \param[in] r the resolver + * \return true: yes, fail, false: no, try the others + */ +bool ldns_resolver_fail(const ldns_resolver *r); +/** + * Does the resolver do DNSSEC + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_dnssec(const ldns_resolver *r); +/** + * Does the resolver set the CD bit + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_dnssec_cd(const ldns_resolver *r); +/** + * Get the resolver's DNSSEC anchors + * \param[in] r the resolver + * \return an rr_list containg trusted DNSSEC anchors + */ +ldns_rr_list * ldns_resolver_dnssec_anchors(const ldns_resolver *r); +/** + * Does the resolver ignore the TC bit (truncated) + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_igntc(const ldns_resolver *r); +/** + * Does the resolver randomize the nameserver before usage + * \param[in] r the resolver + * \return true: yes, false: no + */ +bool ldns_resolver_random(const ldns_resolver *r); +/** + * How many nameserver are configured in the resolver + * \param[in] r the resolver + * \return number of nameservers + */ +size_t ldns_resolver_nameserver_count(const ldns_resolver *r); +/** + * What is the default dname to add to relative queries + * \param[in] r the resolver + * \return the dname which is added + */ +ldns_rdf *ldns_resolver_domain(const ldns_resolver *r); +/** + * What is the timeout on socket connections + * \param[in] r the resolver + * \return the timeout as struct timeval + */ +struct timeval ldns_resolver_timeout(const ldns_resolver *r); +/** + * What is the searchlist as used by the resolver + * \param[in] r the resolver + * \return a ldns_rdf pointer to a list of the addresses + */ +ldns_rdf** ldns_resolver_searchlist(const ldns_resolver *r); +/** + * Return the configured nameserver ip address + * \param[in] r the resolver + * \return a ldns_rdf pointer to a list of the addresses + */ +ldns_rdf** ldns_resolver_nameservers(const ldns_resolver *r); +/** + * Return the used round trip times for the nameservers + * \param[in] r the resolver + * \return a size_t* pointer to the list. + * yet) + */ +size_t * ldns_resolver_rtt(const ldns_resolver *r); +/** + * Return the used round trip time for a specific nameserver + * \param[in] r the resolver + * \param[in] pos the index to the nameserver + * \return the rrt, 0: infinite, >0: undefined (as of * yet) + */ +size_t ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos); +/** + * Return the tsig keyname as used by the nameserver + * \param[in] r the resolver + * \return the name used. + */ +char *ldns_resolver_tsig_keyname(const ldns_resolver *r); +/** + * Return the tsig algorithm as used by the nameserver + * \param[in] r the resolver + * \return the algorithm used. + */ +char *ldns_resolver_tsig_algorithm(const ldns_resolver *r); +/** + * Return the tsig keydata as used by the nameserver + * \param[in] r the resolver + * \return the keydata used. + */ +char *ldns_resolver_tsig_keydata(const ldns_resolver *r); +/** + * pop the last nameserver from the resolver. + * \param[in] r the resolver + * \return the popped address or NULL if empty + */ +ldns_rdf* ldns_resolver_pop_nameserver(ldns_resolver *r); + +/** + * Return the resolver's searchlist count + * \param[in] r the resolver + * \return the searchlist count + */ +size_t ldns_resolver_searchlist_count(const ldns_resolver *r); + +/* write access function */ +/** + * Set the port the resolver should use + * \param[in] r the resolver + * \param[in] p the port number + */ +void ldns_resolver_set_port(ldns_resolver *r, uint16_t p); + +/** + * Set the resolver recursion + * \param[in] r the resolver + * \param[in] b true: set to recurse, false: unset + */ +void ldns_resolver_set_recursive(ldns_resolver *r, bool b); + +/** + * Set the resolver debugging + * \param[in] r the resolver + * \param[in] b true: debug on: false debug off + */ +void ldns_resolver_set_debug(ldns_resolver *r, bool b); + +/** + * Incremental the resolver's nameserver count. + * \param[in] r the resolver + */ +void ldns_resolver_incr_nameserver_count(ldns_resolver *r); + +/** + * Decrement the resolver's nameserver count. + * \param[in] r the resolver + */ +void ldns_resolver_dec_nameserver_count(ldns_resolver *r); + +/** + * Set the resolver's nameserver count directly. + * \param[in] r the resolver + * \param[in] c the nameserver count + */ +void ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c); + +/** + * Set the resolver's nameserver count directly by using an rdf list + * \param[in] r the resolver + * \param[in] rd the resolver addresses + */ +void ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **rd); + +/** + * Set the resolver's default domain. This gets appended when no + * absolute name is given + * \param[in] r the resolver + * \param[in] rd the name to append + */ +void ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *rd); + +/** + * Set the resolver's socket time out when talking to remote hosts + * \param[in] r the resolver + * \param[in] timeout the timeout to use + */ +void ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout); + +/** + * Push a new rd to the resolver's searchlist + * \param[in] r the resolver + * \param[in] rd to push + */ +void ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *rd); + +/** + * Whether the resolver uses the name set with _set_domain + * \param[in] r the resolver + * \param[in] b true: use the defaults, false: don't use them + */ +void ldns_resolver_set_defnames(ldns_resolver *r, bool b); + +/** + * Whether the resolver uses a virtual circuit (TCP) + * \param[in] r the resolver + * \param[in] b true: use TCP, false: don't use TCP + */ +void ldns_resolver_set_usevc(ldns_resolver *r, bool b); + +/** + * Whether the resolver uses the searchlist + * \param[in] r the resolver + * \param[in] b true: use the list, false: don't use the list + */ +void ldns_resolver_set_dnsrch(ldns_resolver *r, bool b); + +/** + * Whether the resolver uses DNSSEC + * \param[in] r the resolver + * \param[in] b true: use DNSSEC, false: don't use DNSSEC + */ +void ldns_resolver_set_dnssec(ldns_resolver *r, bool b); + +/** + * Whether the resolver uses the checking disable bit + * \param[in] r the resolver + * \param[in] b true: enable , false: don't use TCP + */ +void ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool b); +/** + * Set the resolver's DNSSEC anchor list directly. RRs should be of type DS or DNSKEY. + * \param[in] r the resolver + * \param[in] l the list of RRs to use as trust anchors + */ +void ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l); + +/** + * Push a new trust anchor to the resolver. It must be a DS or DNSKEY rr + * \param[in] r the resolver. + * \param[in] rr the RR to add as a trust anchor. + * \return a status + */ +ldns_status ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr); + +/** + * Set the resolver retrans timeout (in seconds) + * \param[in] r the resolver + * \param[in] re the retransmission interval in seconds + */ +void ldns_resolver_set_retrans(ldns_resolver *r, uint8_t re); + +/** + * Set whether the resolvers truncation fallback mechanism is used + * when ldns_resolver_query() is called. + * \param[in] r the resolver + * \param[in] fallback whether to use the fallback mechanism + */ +void ldns_resolver_set_fallback(ldns_resolver *r, bool fallback); + +/** + * Set the resolver retry interval (in seconds) + * \param[in] r the resolver + * \param[in] re the retry interval + */ +void ldns_resolver_set_retry(ldns_resolver *r, uint8_t re); + +/** + * Whether the resolver uses ip6 + * \param[in] r the resolver + * \param[in] i 0: no pref, 1: ip4, 2: ip6 + */ +void ldns_resolver_set_ip6(ldns_resolver *r, uint8_t i); + +/** + * Whether or not to fail after one failed query + * \param[in] r the resolver + * \param[in] b true: yes fail, false: continue with next nameserver + */ +void ldns_resolver_set_fail(ldns_resolver *r, bool b); + +/** + * Whether or not to ignore the TC bit + * \param[in] r the resolver + * \param[in] b true: yes ignore, false: don't ignore + */ +void ldns_resolver_set_igntc(ldns_resolver *r, bool b); + +/** + * Set maximum udp size + * \param[in] r the resolver + * \param[in] s the udp max size + */ +void ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s); + +/** + * Set the tsig key name + * \param[in] r the resolver + * \param[in] tsig_keyname the tsig key name + */ +void ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname); + +/** + * Set the tsig algorithm + * \param[in] r the resolver + * \param[in] tsig_algorithm the tsig algorithm + */ +void ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm); + +/** + * Set the tsig key data + * \param[in] r the resolver + * \param[in] tsig_keydata the key data + */ +void ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata); + +/** + * Set round trip time for all nameservers. Note this currently + * differentiates between: unreachable and reachable. + * \param[in] r the resolver + * \param[in] rtt a list with the times + */ +void ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt); + +/** + * Set round trip time for a specific nameserver. Note this + * currently differentiates between: unreachable and reachable. + * \param[in] r the resolver + * \param[in] pos the nameserver position + * \param[in] value the rtt + */ +void ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value); + +/** + * Should the nameserver list be randomized before each use + * \param[in] r the resolver + * \param[in] b: true: randomize, false: don't + */ +void ldns_resolver_set_random(ldns_resolver *r, bool b); + +/** + * push a new nameserver to the resolver. It must be an IP + * address v4 or v6. + * \param[in] r the resolver + * \param[in] n the ip address + * \return ldns_status a status + */ +ldns_status ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n); + +/** + * push a new nameserver to the resolver. It must be an + * A or AAAA RR record type + * \param[in] r the resolver + * \param[in] rr the resource record + * \return ldns_status a status + */ +ldns_status ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr); + +/** + * push a new nameserver rr_list to the resolver. + * \param[in] r the resolver + * \param[in] rrlist the rr_list to push + * \return ldns_status a status + */ +ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist); + +/** + * Send the query for using the resolver and take the search list into account + * The search algorithm is as follows: + * If the name is absolute, try it as-is, otherwise apply the search list + * \param[in] *r operate using this resolver + * \param[in] *rdf query for this name + * \param[in] t query for this type (may be 0, defaults to A) + * \param[in] c query for this class (may be 0, default to IN) + * \param[in] flags the query flags + * \return ldns_pkt* a packet with the reply from the nameserver + */ +ldns_pkt* ldns_resolver_search(const ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags); + +/** + * Form a query packet from a resolver and name/type/class combo + * \param[out] **q a pointer to a ldns_pkt pointer (initialized by this function) + * \param[in] *r operate using this resolver + * \param[in] *name query for this name + * \param[in] t query for this type (may be 0, defaults to A) + * \param[in] c query for this class (may be 0, default to IN) + * \param[in] f the query flags + * \return ldns_pkt* a packet with the reply from the nameserver + */ +ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t f); + +/** + * Send the query for name as-is + * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function) + * \param[in] *r operate using this resolver + * \param[in] *name query for this name + * \param[in] t query for this type (may be 0, defaults to A) + * \param[in] c query for this class (may be 0, default to IN) + * \param[in] flags the query flags + * \return ldns_pkt* a packet with the reply from the nameserver + */ +ldns_status ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags); + +/** + * Send the given packet to a nameserver + * \param[out] **answer a pointer to a ldns_pkt pointer (initialized by this function) + * \param[in] *r operate using this resolver + * \param[in] *query_pkt query + */ +ldns_status ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, ldns_pkt *query_pkt); + +/** + * Send a query to a nameserver + * \param[in] *r operate using this resolver + * \param[in] *name query for this name + * \param[in] *t query for this type (may be 0, defaults to A) + * \param[in] *c query for this class (may be 0, default to IN) + * \param[in] flags the query flags + * \return ldns_pkt* a packet with the reply from the nameserver + * if _defnames is true the default domain will be added + */ +ldns_pkt* ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags); + + +/** + * Create a new resolver structure + * \return ldns_resolver* pointer to new strcture + */ +ldns_resolver* ldns_resolver_new(void); + +/** + * Create a resolver structure from a file like /etc/resolv.conf + * \param[out] r the new resolver + * \param[in] fp file pointer to create new resolver from + * if NULL use /etc/resolv.conf + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_resolver_new_frm_fp(ldns_resolver **r, FILE *fp); + +/** + * Create a resolver structure from a file like /etc/resolv.conf + * \param[out] r the new resolver + * \param[in] fp file pointer to create new resolver from + * if NULL use /etc/resolv.conf + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_resolver_new_frm_fp_l(ldns_resolver **r, FILE *fp, int *line_nr); + +/** + * configure a resolver by means of a resolv.conf file + * The file may be NULL in which case there will be + * looked the RESOLV_CONF (defaults to /etc/resolv.conf + * \param[out] r the new resolver + * \param[in] filename the filename to use + * \return LDNS_STATUS_OK or the error + */ +ldns_status ldns_resolver_new_frm_file(ldns_resolver **r, const char *filename); + +/** + * Frees the allocated space for this resolver. Only frees the resolver pionter! You should probably be using _deep_free. + * \param res resolver to free + */ +void ldns_resolver_free(ldns_resolver *res); + +/** + * Frees the allocated space for this resolver and all it's data + * \param res resolver to free + */ +void ldns_resolver_deep_free(ldns_resolver *res); + +/** + * get the next stream of RRs in a AXFR + * \param[in] resolver the resolver to use. First ldns_axfr_start() must be + * called + * \return ldns_rr the next RR from the AXFR stream + */ +ldns_rr* ldns_axfr_next(ldns_resolver *resolver); + +/** + * returns true if the axfr transfer has completed (i.e. 2 SOA RRs and no errors were encountered + * \param[in] resolver the resolver that is used + * \return bool true if axfr transfer was completed without error + */ +bool ldns_axfr_complete(const ldns_resolver *resolver); + +/** + * returns a pointer to the last ldns_pkt that was sent by the server in the AXFR transfer + * uasable for instance to get the error code on failure + * \param[in] res the resolver that was used in the axfr transfer + * \return ldns_pkt the last packet sent + */ +ldns_pkt *ldns_axfr_last_pkt(const ldns_resolver *res); + +/** + * randomize the nameserver list in the resolver + * \param[in] r the resolver + */ +void ldns_resolver_nameservers_randomize(ldns_resolver *r); + +/** + * Returns true if at least one of the provided keys is a trust anchor + * \param[in] r the current resolver + * \param[in] keys the keyset to check + * \param[out] trusted_keys the subset of trusted keys in the 'keys' rrset + * \return true if at least one of the provided keys is a configured trust anchor + */ +bool ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys); + +#endif /* LDNS_RESOLVER_H */ diff --git a/contrib/ldns/ldns/rr.h b/contrib/ldns/ldns/rr.h new file mode 100644 index 0000000000..f9ae0c18fc --- /dev/null +++ b/contrib/ldns/ldns/rr.h @@ -0,0 +1,874 @@ +/* + * rr.h - resource record definitions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains the definition of ldns_rr and functions to manipulate those. + */ + + +#ifndef LDNS_RR_H +#define LDNS_RR_H + +#include +#include +#include +#include + +/** Maximum length of a dname label */ +#define LDNS_MAX_LABELLEN 63 +/** Maximum length of a complete dname */ +#define LDNS_MAX_DOMAINLEN 255 +/** Maximum number of pointers in 1 dname */ +#define LDNS_MAX_POINTERS 65535 +/** The bytes TTL, CLASS and length use up in an rr */ +#define LDNS_RR_OVERHEAD 10 + +/* The first fields are 'common' and can be referenced instantly */ +#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 51 + + + +/** + * The different RR classes. + */ +enum ldns_enum_rr_class +{ + /** the Internet */ + LDNS_RR_CLASS_IN = 1, + /** Chaos class */ + LDNS_RR_CLASS_CH = 3, + /** Hesiod (Dyer 87) */ + LDNS_RR_CLASS_HS = 4, + /** None class, dynamic update */ + LDNS_RR_CLASS_NONE = 254, + /** Any class */ + LDNS_RR_CLASS_ANY = 255, + + LDNS_RR_CLASS_FIRST = 0, + LDNS_RR_CLASS_LAST = 65535, + LDNS_RR_CLASS_COUNT = LDNS_RR_CLASS_LAST - LDNS_RR_CLASS_FIRST + 1 +}; +typedef enum ldns_enum_rr_class ldns_rr_class; + +/** + * Used to specify whether compression is allowed. + */ +enum ldns_enum_rr_compress +{ + /** compression is allowed */ + LDNS_RR_COMPRESS, + LDNS_RR_NO_COMPRESS +}; +typedef enum ldns_enum_rr_compress ldns_rr_compress; + +/** + * The different RR types. + */ +enum ldns_enum_rr_type +{ + /** a host address */ + LDNS_RR_TYPE_A = 1, + /** an authoritative name server */ + LDNS_RR_TYPE_NS = 2, + /** a mail destination (Obsolete - use MX) */ + LDNS_RR_TYPE_MD = 3, + /** a mail forwarder (Obsolete - use MX) */ + LDNS_RR_TYPE_MF = 4, + /** the canonical name for an alias */ + LDNS_RR_TYPE_CNAME = 5, + /** marks the start of a zone of authority */ + LDNS_RR_TYPE_SOA = 6, + /** a mailbox domain name (EXPERIMENTAL) */ + LDNS_RR_TYPE_MB = 7, + /** a mail group member (EXPERIMENTAL) */ + LDNS_RR_TYPE_MG = 8, + /** a mail rename domain name (EXPERIMENTAL) */ + LDNS_RR_TYPE_MR = 9, + /** a null RR (EXPERIMENTAL) */ + LDNS_RR_TYPE_NULL = 10, + /** a well known service description */ + LDNS_RR_TYPE_WKS = 11, + /** a domain name pointer */ + LDNS_RR_TYPE_PTR = 12, + /** host information */ + LDNS_RR_TYPE_HINFO = 13, + /** mailbox or mail list information */ + LDNS_RR_TYPE_MINFO = 14, + /** mail exchange */ + LDNS_RR_TYPE_MX = 15, + /** text strings */ + LDNS_RR_TYPE_TXT = 16, + /** RFC1183 */ + LDNS_RR_TYPE_RP = 17, + /** RFC1183 */ + LDNS_RR_TYPE_AFSDB = 18, + /** RFC1183 */ + LDNS_RR_TYPE_X25 = 19, + /** RFC1183 */ + LDNS_RR_TYPE_ISDN = 20, + /** RFC1183 */ + LDNS_RR_TYPE_RT = 21, + /** RFC1706 */ + LDNS_RR_TYPE_NSAP = 22, + /** RFC1348 */ + LDNS_RR_TYPE_NSAP_PTR = 23, + /** 2535typecode */ + LDNS_RR_TYPE_SIG = 24, + /** 2535typecode */ + LDNS_RR_TYPE_KEY = 25, + /** RFC2163 */ + LDNS_RR_TYPE_PX = 26, + /** RFC1712 */ + LDNS_RR_TYPE_GPOS = 27, + /** ipv6 address */ + LDNS_RR_TYPE_AAAA = 28, + /** LOC record RFC1876 */ + LDNS_RR_TYPE_LOC = 29, + /** 2535typecode */ + LDNS_RR_TYPE_NXT = 30, + /** draft-ietf-nimrod-dns-01.txt */ + LDNS_RR_TYPE_EID = 31, + /** draft-ietf-nimrod-dns-01.txt */ + LDNS_RR_TYPE_NIMLOC = 32, + /** SRV record RFC2782 */ + LDNS_RR_TYPE_SRV = 33, + /** http://www.jhsoft.com/rfc/af-saa-0069.000.rtf */ + LDNS_RR_TYPE_ATMA = 34, + /** RFC2915 */ + LDNS_RR_TYPE_NAPTR = 35, + /** RFC2230 */ + LDNS_RR_TYPE_KX = 36, + /** RFC2538 */ + LDNS_RR_TYPE_CERT = 37, + /** RFC2874 */ + LDNS_RR_TYPE_A6 = 38, + /** RFC2672 */ + LDNS_RR_TYPE_DNAME = 39, + /** dnsind-kitchen-sink-02.txt */ + LDNS_RR_TYPE_SINK = 40, + /** Pseudo OPT record... */ + LDNS_RR_TYPE_OPT = 41, + /** RFC3123 */ + LDNS_RR_TYPE_APL = 42, + /** draft-ietf-dnsext-delegation */ + LDNS_RR_TYPE_DS = 43, + /** SSH Key Fingerprint */ + LDNS_RR_TYPE_SSHFP = 44, + /** draft-richardson-ipseckey-rr-11.txt */ + LDNS_RR_TYPE_IPSECKEY = 45, + /** draft-ietf-dnsext-dnssec-25 */ + LDNS_RR_TYPE_RRSIG = 46, + LDNS_RR_TYPE_NSEC = 47, + LDNS_RR_TYPE_DNSKEY = 48, + LDNS_RR_TYPE_DHCID = 49, + + LDNS_RR_TYPE_NSEC3 = 50, + LDNS_RR_TYPE_NSEC3PARAMS = 51, + + LDNS_RR_TYPE_SPF = 99, + + LDNS_RR_TYPE_UINFO = 100, + LDNS_RR_TYPE_UID = 101, + LDNS_RR_TYPE_GID = 102, + LDNS_RR_TYPE_UNSPEC = 103, + + LDNS_RR_TYPE_TSIG = 250, + LDNS_RR_TYPE_IXFR = 251, + LDNS_RR_TYPE_AXFR = 252, + /** A request for mailbox-related records (MB, MG or MR) */ + LDNS_RR_TYPE_MAILB = 253, + /** A request for mail agent RRs (Obsolete - see MX) */ + LDNS_RR_TYPE_MAILA = 254, + /** any type (wildcard) */ + LDNS_RR_TYPE_ANY = 255, + + /* RFC 4431, 5074, DNSSEC Lookaside Validation */ + LDNS_RR_TYPE_DLV = 32769, + + /* type codes from nsec3 experimental phase + LDNS_RR_TYPE_NSEC3 = 65324, + LDNS_RR_TYPE_NSEC3PARAMS = 65325, */ + LDNS_RR_TYPE_FIRST = 0, + LDNS_RR_TYPE_LAST = 65535, + LDNS_RR_TYPE_COUNT = LDNS_RR_TYPE_LAST - LDNS_RR_TYPE_FIRST + 1 +}; +typedef enum ldns_enum_rr_type ldns_rr_type; + +/** + * Resource Record + * + * This is the basic DNS element that contains actual data + * + * From RFC1035: + * 
+3.2.1. Format
+
+All RRs have the same top level format shown below:
+
+                                    1  1  1  1  1  1
+      0  1  2  3  4  5  6  7  8  9  0  1  2  3  4  5
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                                               |
+    /                                               /
+    /                      NAME                     /
+    |                                               |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      TYPE                     |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                     CLASS                     |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                      TTL                      |
+    |                                               |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+    |                   RDLENGTH                    |
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--|
+    /                     RDATA                     /
+    /                                               /
+    +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
+
+where:
+
+NAME            an owner name, i.e., the name of the node to which this
+                resource record pertains.
+
+TYPE            two octets containing one of the RR TYPE codes.
+
+CLASS           two octets containing one of the RR CLASS codes.
+
+TTL             a 32 bit signed integer that specifies the time interval
+                that the resource record may be cached before the source
+                of the information should again be consulted.  Zero
+                values are interpreted to mean that the RR can only be
+                used for the transaction in progress, and should not be
+                cached.  For example, SOA records are always distributed
+                with a zero TTL to prohibit caching.  Zero values can
+                also be used for extremely volatile data.
+
+RDLENGTH        an unsigned 16 bit integer that specifies the length in
+                octets of the RDATA field.
+
+RDATA           a variable length string of octets that describes the
+                resource.  The format of this information varies
+                according to the TYPE and CLASS of the resource record.
+ *
+ * + * The actual amount and type of rdata fields depend on the RR type of the + * RR, and can be found by using \ref ldns_rr_descriptor functions. + */ +struct ldns_struct_rr +{ + /** Owner name, uncompressed */ + ldns_rdf *_owner; + /** Time to live */ + uint32_t _ttl; + /** Number of data fields */ + size_t _rd_count; + /** the type of the RR. A, MX etc. */ + ldns_rr_type _rr_type; + /** Class of the resource record. */ + ldns_rr_class _rr_class; + /* everything in the rdata is in network order */ + /** The array of rdata's */ + ldns_rdf **_rdata_fields; + /** question rr [it would be nicer if thous is after _rd_count] + ABI change: Fix this in next major release + */ + bool _rr_question; +}; +typedef struct ldns_struct_rr ldns_rr; + +/** + * List or Set of Resource Records + * + * Contains a list of rr's
+ * No official RFC-like checks are made + */ +struct ldns_struct_rr_list +{ + size_t _rr_count; + size_t _rr_capacity; + ldns_rr **_rrs; +}; +typedef struct ldns_struct_rr_list ldns_rr_list; + +/** + * Contains all information about resource record types. + * + * This structure contains, for all rr types, the rdata fields that are defined. + */ +struct ldns_struct_rr_descriptor +{ + /** Type of the RR that is described here */ + ldns_rr_type _type; + /** Textual name of the RR type. */ + const char *_name; + /** Minimum number of rdata fields in the RRs of this type. */ + uint8_t _minimum; + /** Maximum number of rdata fields in the RRs of this type. */ + uint8_t _maximum; + /** Wireformat specification for the rr, i.e. the types of rdata fields in their respective order. */ + const ldns_rdf_type *_wireformat; + /** Special rdf types */ + ldns_rdf_type _variable; + /** Specifies whether compression can be used for dnames in this RR type. */ + ldns_rr_compress _compress; + /** The number of DNAMEs in the _wireformat string, for parsing. */ + uint8_t _dname_count; +}; +typedef struct ldns_struct_rr_descriptor ldns_rr_descriptor; + +/** + * creates a new rr structure. + * \return ldns_rr * + */ +ldns_rr* ldns_rr_new(void); + +/** + * creates a new rr structure, based on the given type. + * alloc enough space to hold all the rdf's + */ +ldns_rr* ldns_rr_new_frm_type(ldns_rr_type t); + +/** + * frees an RR structure + * \param[in] *rr the RR to be freed + * \return void + */ +void ldns_rr_free(ldns_rr *rr); + +/** + * creates an rr from a string. + * The string should be a fully filled-in rr, like + * ownername <space> TTL <space> CLASS <space> + * TYPE <space> RDATA. + * \param[out] n the rr to return + * \param[in] str the string to convert + * \param[in] default_ttl default ttl value for the rr. + * If 0 DEF_TTL will be used + * \param[in] origin when the owner is relative add this. + * The caller must ldns_rdf_deep_free it. + * \param[out] prev the previous ownername. if this value is not NULL, + * the function overwrites this with the ownername found in this + * string. The caller must then ldns_rdf_deep_free it. + * \return a status msg describing an error or LDNS_STATUS_OK + */ +ldns_status ldns_rr_new_frm_str(ldns_rr **n, const char *str, + uint32_t default_ttl, ldns_rdf *origin, + ldns_rdf **prev); + +/** + * creates an rr for the question section from a string, i.e. + * without RDATA fields + * Origin and previous RR functionality are the same as in + * ldns_rr_new_frm_str() + * \param[out] n the rr to return + * \param[in] str the string to convert + * \param[in] origin when the owner is relative add this. + * The caller must ldns_rdf_deep_free it. + * \param prev the previous ownername. the function overwrite this with + * the current found ownername. The caller must ldns_rdf_deep_free it. + * \return a status msg describing an error or LDNS_STATUS_OK + */ +ldns_status ldns_rr_new_question_frm_str(ldns_rr **n, const char *str, + ldns_rdf *origin, ldns_rdf **prev); + +/** + * creates a new rr from a file containing a string. + * \param[out] rr the new rr + * \param[in] fp the file pointer to use + * \param[in] default_ttl pointer to a default ttl for the rr. If NULL DEF_TTL will be used + * the pointer will be updated if the file contains a $TTL directive + * \param[in] origin when the owner is relative add this + * the pointer will be updated if the file contains a $ORIGIN directive + * The caller must ldns_rdf_deep_free it. + * \param[in] prev when the owner is whitespaces use this as the * ownername + * the pointer will be updated after the call + * The caller must ldns_rdf_deep_free it. + * \return a ldns_status with an error or LDNS_STATUS_OK + */ +ldns_status ldns_rr_new_frm_fp(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev); + +/** + * creates a new rr from a file containing a string. + * \param[out] rr the new rr + * \param[in] fp the file pointer to use + * \param[in] default_ttl a default ttl for the rr. If NULL DEF_TTL will be used + * the pointer will be updated if the file contains a $TTL directive + * \param[in] origin when the owner is relative add this + * the pointer will be updated if the file contains a $ORIGIN directive + * The caller must ldns_rdf_deep_free it. + * \param[in] line_nr pointer to an integer containing the current line number (for debugging purposes) + * \param[in] prev when the owner is whitespaces use this as the * ownername + * the pointer will be updated after the call + * The caller must ldns_rdf_deep_free it. + * \return a ldns_status with an error or LDNS_STATUS_OK + */ +ldns_status ldns_rr_new_frm_fp_l(ldns_rr **rr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr); + +/** + * sets the owner in the rr structure. + * \param[in] *rr rr to operate on + * \param[in] *owner set to this owner + * \return void + */ +void ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner); + +/** + * sets the question flag in the rr structure. + * \param[in] *rr rr to operate on + * \param[in] question question flag + * \return void + */ +void ldns_rr_set_question(ldns_rr *rr, bool question); + +/** + * sets the ttl in the rr structure. + * \param[in] *rr rr to operate on + * \param[in] ttl set to this ttl + * \return void + */ +void ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl); + +/** + * sets the rd_count in the rr. + * \param[in] *rr rr to operate on + * \param[in] count set to this count + * \return void + */ +void ldns_rr_set_rd_count(ldns_rr *rr, size_t count); + +/** + * sets the type in the rr. + * \param[in] *rr rr to operate on + * \param[in] rr_type set to this type + * \return void + */ +void ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type); + +/** + * sets the class in the rr. + * \param[in] *rr rr to operate on + * \param[in] rr_class set to this class + * \return void + */ +void ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class); + +/** + * sets a rdf member, it will be set on the + * position given. The old value is returned, like pop. + * \param[in] *rr the rr to operate on + * \param[in] *f the rdf to set + * \param[in] position the position the set the rdf + * \return the old value in the rr, NULL on failyre + */ +ldns_rdf* ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position); + +/** + * sets rd_field member, it will be + * placed in the next available spot. + * \param[in] *rr rr to operate on + * \param[in] *f the data field member to set + * \return bool + */ +bool ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f); + +/** + * removes a rd_field member, it will be + * popped from the last position. + * \param[in] *rr rr to operate on + * \return rdf which was popped (null if nothing) + */ +ldns_rdf* ldns_rr_pop_rdf(ldns_rr *rr); + +/** + * returns the rdata field member counter. + * \param[in] *rr rr to operate on + * \param[in] nr the number of the rdf to return + * \return ldns_rdf * + */ +ldns_rdf* ldns_rr_rdf(const ldns_rr *rr, size_t nr); + +/** + * returns the owner name of an rr structure. + * \param[in] *rr rr to operate on + * \return ldns_rdf * + */ +ldns_rdf* ldns_rr_owner(const ldns_rr *rr); + +/** + * returns the question flag of an rr structure. + * \param[in] *rr rr to operate on + * \return bool true if question + */ +bool ldns_rr_is_question(const ldns_rr *rr); + +/** + * returns the ttl of an rr structure. + * \param[in] *rr the rr to read from + * \return the ttl of the rr + */ +uint32_t ldns_rr_ttl(const ldns_rr *rr); + +/** + * returns the rd_count of an rr structure. + * \param[in] *rr the rr to read from + * \return the rd count of the rr + */ +size_t ldns_rr_rd_count(const ldns_rr *rr); + +/** + * returns the type of the rr. + * \param[in] *rr the rr to read from + * \return the type of the rr + */ +ldns_rr_type ldns_rr_get_type(const ldns_rr *rr); + +/** + * returns the class of the rr. + * \param[in] *rr the rr to read from + * \return the class of the rr + */ +ldns_rr_class ldns_rr_get_class(const ldns_rr *rr); + +/* rr_lists */ + +/** + * returns the number of rr's in an rr_list. + * \param[in] rr_list the rr_list to read from + * \return the number of rr's + */ +size_t ldns_rr_list_rr_count(const ldns_rr_list *rr_list); + +/** + * sets the number of rr's in an rr_list. + * \param[in] rr_list the rr_list to set the count on + * \param[in] count the number of rr in this list + * \return void + */ +void ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count); + +/** + * set a rr on a specific index in a ldns_rr_list + * \param[in] rr_list the rr_list to use + * \param[in] r the rr to set + * \param[in] count index into the rr_list + * \return the old rr which was stored in the rr_list, or + * NULL is the index was too large + * set a specific rr */ +ldns_rr * ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count); + +/** + * returns a specific rr of an rrlist. + * \param[in] rr_list the rr_list to read from + * \param[in] nr return this rr + * \return the rr at position nr + */ +ldns_rr* ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr); + +/** + * creates a new rr_list structure. + * \return a new rr_list structure + */ +ldns_rr_list* ldns_rr_list_new(); + +/** + * frees an rr_list structure. + * \param[in] rr_list the list to free + */ +void ldns_rr_list_free(ldns_rr_list *rr_list); + +/** + * frees an rr_list structure and all rrs contained therein. + * \param[in] rr_list the list to free + */ +void ldns_rr_list_deep_free(ldns_rr_list *rr_list); + +/** + * concatenates two ldns_rr_lists together. This modifies + * *left (to extend it and add the pointers from *right). + * \param[in] left the leftside + * \param[in] right the rightside + * \return a left with right concatenated to it + */ +bool ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right); + +/** + * concatenates two ldns_rr_lists together, but makes clones of the rr's + * (instead of pointer copying). + * \param[in] left the leftside + * \param[in] right the rightside + * \return a new rr_list with leftside/rightside concatenated + */ +ldns_rr_list* ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right); + +/** + * pushes an rr to an rrlist. + * \param[in] rr_list the rr_list to push to + * \param[in] rr the rr to push + * \return false on error, otherwise true + */ +bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr); + +/** + * pushes an rr_list to an rrlist. + * \param[in] rr_list the rr_list to push to + * \param[in] push_list the rr_list to push + * \return false on error, otherwise true + */ +bool ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list); + +/** + * pops the last rr from an rrlist. + * \param[in] rr_list the rr_list to pop from + * \return NULL if nothing to pop. Otherwise the popped RR + */ +ldns_rr* ldns_rr_list_pop_rr(ldns_rr_list *rr_list); + +/** + * pops an rr_list of size s from an rrlist. + * \param[in] rr_list the rr_list to pop from + * \param[in] size the number of rr's to pop + * \return NULL if nothing to pop. Otherwise the popped rr_list + */ +ldns_rr_list* ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t size); + +/** + * returns true if the given rr is one of the rrs in the + * list, or if it is equal to one + * \param[in] rr_list the rr_list to check + * \param[in] rr the rr to check + * \return true if rr_list contains rr, false otherwise + */ +bool ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr); + +/** + * checks if an rr_list is a rrset. + * \param[in] rr_list the rr_list to check + * \return true if it is an rrset otherwise false + */ +bool ldns_is_rrset(ldns_rr_list *rr_list); + +/** + * pushes an rr to an rrset (which really are rr_list's). + * \param[in] *rr_list the rrset to push the rr to + * \param[in] *rr the rr to push + * \return true if the push succeeded otherwise false + */ +bool ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr); + +/** + * pops the last rr from an rrset. This function is there only + * for the symmetry. + * \param[in] rr_list the rr_list to pop from + * \return NULL if nothing to pop. Otherwise the popped RR + * + */ +ldns_rr* ldns_rr_set_pop_rr(ldns_rr_list *rr_list); + +/** + * pops the first rrset from the list, + * the list must be sorted, so that all rr's from each rrset + * are next to each other + */ +ldns_rr_list *ldns_rr_list_pop_rrset(ldns_rr_list *rr_list); + + +/** + * retrieves a rrtype by looking up its name. + * \param[in] name a string with the name + * \return the type which corresponds with the name + */ +ldns_rr_type ldns_get_rr_type_by_name(const char *name); + +/** + * retrieves a class by looking up its name. + * \param[in] name string with the name + * \return the cass which corresponds with the name + */ +ldns_rr_class ldns_get_rr_class_by_name(const char *name); + +/** + * clones a rr and all its data + * \param[in] rr the rr to clone + * \return the new rr or NULL on failure + */ +ldns_rr* ldns_rr_clone(const ldns_rr *rr); + +/** + * clones an rrlist. + * \param[in] rrlist the rrlist to clone + * \return the cloned rr list + */ +ldns_rr_list* ldns_rr_list_clone(const ldns_rr_list *rrlist); + +/** + * sorts an rr_list (canonical wire format). the sorting is done inband. + * \param[in] unsorted the rr_list to be sorted + * \return void + */ +void ldns_rr_list_sort(ldns_rr_list *unsorted); + +/** + * compares two rrs. The TTL is not looked at. + * \param[in] rr1 the first one + * \param[in] rr2 the second one + * \return 0 if equal + * -1 if rr1 comes before rr2 + * +1 if rr2 comes before rr1 + */ +int ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2); + +/** + * compares two rrs, up to the rdata. + * \param[in] rr1 the first one + * \param[in] rr2 the second one + * \return 0 if equal + * -1 if rr1 comes before rr2 + * +1 if rr2 comes before rr1 + */ +int ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2); + +/** + * compares the wireformat of two rrs, contained in the given buffers. + * \param[in] rr1_buf the first one + * \param[in] rr2_buf the second one + * \return 0 if equal + * -1 if rr1_buf comes before rr2_buf + * +1 if rr2_buf comes before rr1_buf + */ +int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf); + +/** + * returns true of the given rr's are equal. + * Also returns true if one record is a DS that represents the + * same DNSKEY record as the other record + * \param[in] rr1 the first rr + * \param[in] rr2 the second rr + * \return true if equal otherwise false + */ +bool ldns_rr_compare_ds(const ldns_rr *rr1, const ldns_rr *rr2); + +/** + * compares two rr listss. + * \param[in] rrl1 the first one + * \param[in] rrl2 the second one + * \return 0 if equal + * -1 if rrl1 comes before rrl2 + * +1 if rrl2 comes before rrl1 + */ +int ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2); + +/** + * calculates the uncompressed size of an RR. + * \param[in] r the rr to operate on + * \return size of the rr + */ +size_t ldns_rr_uncompressed_size(const ldns_rr *r); + +/** + * converts each dname in a rr to its canonical form. + * \param[in] rr the rr to work on + * \return void + */ +void ldns_rr2canonical(ldns_rr *rr); + +/** + * converts each dname in each rr in a rr_list to its canonical form. + * \param[in] rr_list the rr_list to work on + * \return void + */ +void ldns_rr_list2canonical(ldns_rr_list *rr_list); + +/** + * counts the number of labels of the ownername. + * \param[in] rr count the labels of this rr + * \return the number of labels + */ +uint8_t ldns_rr_label_count(ldns_rr *rr); + +/** + * returns the resource record descriptor for the given rr type. + * + * \param[in] type the type value of the rr type + *\return the ldns_rr_descriptor for this type + */ +const ldns_rr_descriptor *ldns_rr_descript(uint16_t type); + +/** + * returns the minimum number of rdata fields of the rr type this descriptor describes. + * + * \param[in] descriptor for an rr type + * \return the minimum number of rdata fields + */ +size_t ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor); + +/** + * returns the maximum number of rdata fields of the rr type this descriptor describes. + * + * \param[in] descriptor for an rr type + * \return the maximum number of rdata fields + */ +size_t ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor); + +/** + * returns the rdf type for the given rdata field number of the rr type for the given descriptor. + * + * \param[in] descriptor for an rr type + * \param[in] field the field number + * \return the rdf type for the field + */ +ldns_rdf_type ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, size_t field); + +/** + * Return the rr_list which matches the rdf at position field. Think + * type-covered stuff for RRSIG + * + * \param[in] l the rr_list to look in + * \param[in] r the rdf to use for the comparison + * \param[in] pos at which position can we find the rdf + * + * \return a new rr list with only the RRs that match + * + */ +ldns_rr_list *ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos); + +/** + * convert an rdf of type LDNS_RDF_TYPE_TYPE to an actual + * LDNS_RR_TYPE. This is usefull in the case when inspecting + * the rrtype covered field of an RRSIG. + * \param[in] rd the rdf to look at + * \return a ldns_rr_type with equivalent LDNS_RR_TYPE + * + */ +ldns_rr_type ldns_rdf2rr_type(const ldns_rdf *rd); + +/** + * Returns the type of the first element of the RR + * If there are no elements present, 0 is returned + * + * \param[in] rr_list The rr list + * \return rr_type of the first element, or 0 if the list is empty + */ +ldns_rr_type +ldns_rr_list_type(const ldns_rr_list *rr_list); + +/** + * Returns the owner domain name rdf of the first element of the RR + * If there are no elements present, NULL is returned + * + * \param[in] rr_list The rr list + * \return dname of the first element, or NULL if the list is empty + */ +ldns_rdf * +ldns_rr_list_owner(const ldns_rr_list *rr_list); + +#endif /* LDNS_RR_H */ diff --git a/contrib/ldns/ldns/rr_functions.h b/contrib/ldns/ldns/rr_functions.h new file mode 100644 index 0000000000..617e9429ae --- /dev/null +++ b/contrib/ldns/ldns/rr_functions.h @@ -0,0 +1,251 @@ +/* + * rr_functions.h + * + * the .h file with defs for the per rr + * functions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ +#ifndef LDNS_RR_FUNCTIONS_H +#define LDNS_RR_FUNCTIONS_H + +/** + * \file + * + * Defines some extra convenience functions for ldns_rr structures + */ + +/* A / AAAA */ +/** + * returns the address of a LDNS_RR_TYPE_A rr + * \param[in] r the resource record + * \return a ldns_rdf* with the address or NULL on failure + */ +ldns_rdf* ldns_rr_a_address(const ldns_rr *r); + +/** + * sets the address of a LDNS_RR_TYPE_A rr + * \param[in] r the rr to use + * \param[in] f the address to set + * \return true on success, false otherwise + */ +bool ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f); + +/* NS */ +/** + * returns the name of a LDNS_RR_TYPE_NS rr + * \param[in] r the resource record + * \return a ldns_rdf* with the name or NULL on failure + */ +ldns_rdf* ldns_rr_ns_nsdname(const ldns_rr *r); + +/* MX */ +/** + * returns the mx pref. of a LDNS_RR_TYPE_MX rr + * \param[in] r the resource record + * \return a ldns_rdf* with the preference or NULL on failure + */ +ldns_rdf* ldns_rr_mx_preference(const ldns_rr *r); +/** + * returns the mx host of a LDNS_RR_TYPE_MX rr + * \param[in] r the resource record + * \return a ldns_rdf* with the name of the MX host or NULL on failure + */ +ldns_rdf* ldns_rr_mx_exchange(const ldns_rr *r); + +/* RRSIG */ +/** + * returns the type covered of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the resource record + * \return a ldns_rdf* with the type covered or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_typecovered(const ldns_rr *r); +/** + * sets the typecovered of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the typecovered to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f); +/** + * returns the algorithm of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the algorithm or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_algorithm(const ldns_rr *r); +/** + * sets the algorithm of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the algorithm to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f); +/** + * returns the number of labels of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the number of labels or NULL on failure + */ +ldns_rdf *ldns_rr_rrsig_labels(const ldns_rr *r); +/** + * sets the number of labels of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the number of labels to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f); +/** + * returns the original TTL of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the original TTL or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_origttl(const ldns_rr *r); +/** + * sets the original TTL of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the original TTL to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f); +/** + * returns the expiration time of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the expiration time or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_expiration(const ldns_rr *r); +/** + * sets the expireation date of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the expireation date to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f); +/** + * returns the inception time of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the inception time or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_inception(const ldns_rr *r); +/** + * sets the inception date of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the inception date to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f); +/** + * returns the keytag of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the keytag or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_keytag(const ldns_rr *r); +/** + * sets the keytag of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the keytag to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f); +/** + * returns the signers name of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the signers name or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_signame(const ldns_rr *r); +/** + * sets the signers name of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the signers name to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f); +/** + * returns the signature data of a LDNS_RR_TYPE_RRSIG RR + * \param[in] r the resource record + * \return a ldns_rdf* with the signature data or NULL on failure + */ +ldns_rdf* ldns_rr_rrsig_sig(const ldns_rr *r); +/** + * sets the signature data of a LDNS_RR_TYPE_RRSIG rr + * \param[in] r the rr to use + * \param[in] f the signature data to set + * \return true on success, false otherwise + */ +bool ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f); + +/* DNSKEY */ +/** + * returns the flags of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the resource record + * \return a ldns_rdf* with the flags or NULL on failure + */ +ldns_rdf* ldns_rr_dnskey_flags(const ldns_rr *r); +/** + * sets the flags of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the rr to use + * \param[in] f the flags to set + * \return true on success, false otherwise + */ +bool ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f); +/** + * returns the protocol of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the resource record + * \return a ldns_rdf* with the protocol or NULL on failure + */ +ldns_rdf* ldns_rr_dnskey_protocol(const ldns_rr *r); +/** + * sets the protocol of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the rr to use + * \param[in] f the protocol to set + * \return true on success, false otherwise + */ +bool ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f); +/** + * returns the algorithm of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the resource record + * \return a ldns_rdf* with the algorithm or NULL on failure + */ +ldns_rdf* ldns_rr_dnskey_algorithm(const ldns_rr *r); +/** + * sets the algorithm of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the rr to use + * \param[in] f the algorithm to set + * \return true on success, false otherwise + */ +bool ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f); +/** + * returns the key data of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the resource record + * \return a ldns_rdf* with the key data or NULL on failure + */ +ldns_rdf* ldns_rr_dnskey_key(const ldns_rr *r); +/** + * sets the key data of a LDNS_RR_TYPE_DNSKEY rr + * \param[in] r the rr to use + * \param[in] f the key data to set + * \return true on success, false otherwise + */ +bool ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f); + +/** + * get the length of the keydata in bits + * \param[in] keydata the raw key data + * \param[in] len the length of the keydata + * \param[in] alg the cryptographic algorithm this is a key for + * \return the keysize in bits, or 0 on error + */ +size_t ldns_rr_dnskey_key_size_raw(const unsigned char *keydata, + const size_t len, + const ldns_algorithm alg); + +/** + * get the length of the keydata in bits + * \param[in] key the key rr to use + * \return the keysize in bits + */ +size_t ldns_rr_dnskey_key_size(const ldns_rr *key); + +#endif /* LDNS_RR_FUNCTIONS_H */ diff --git a/contrib/ldns/ldns/sha1.h b/contrib/ldns/ldns/sha1.h new file mode 100644 index 0000000000..7ff62d26c7 --- /dev/null +++ b/contrib/ldns/ldns/sha1.h @@ -0,0 +1,29 @@ +#ifndef LDNS_SHA1_H +#define LDNS_SHA1_H + +#define LDNS_SHA1_BLOCK_LENGTH 64 +#define LDNS_SHA1_DIGEST_LENGTH 20 + +typedef struct { + uint32_t state[5]; + uint64_t count; + unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]; +} ldns_sha1_ctx; + +void ldns_sha1_init(ldns_sha1_ctx * context); +void ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]); +void ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len); +void ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context); + +/** + * Convenience function to digest a fixed block of data at once. + * + * \param[in] data the data to digest + * \param[in] data_len the length of data in bytes + * \param[out] digest the length of data in bytes + * This pointer MUST have LDNS_SHA1_DIGEST_LENGTH bytes + * available + * \return the SHA1 digest of the given data + */ +unsigned char *ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest); +#endif /* LDNS_SHA1_H */ diff --git a/contrib/ldns/ldns/sha2.h b/contrib/ldns/ldns/sha2.h new file mode 100644 index 0000000000..beb0b6f368 --- /dev/null +++ b/contrib/ldns/ldns/sha2.h @@ -0,0 +1,152 @@ +/* + * FILE: sha2.h + * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/ + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Modified by Jelte Jansen to fit in ldns, and not clash with any + * system-defined SHA code. + * Changes: + * - Renamed (external) functions and constants to fit ldns style + * - Removed uintXX vs. u_intXX smartness, since ldns needs uintXX + * anyway + * - BYTE ORDER check replaced by simple ifdef as defined or not by + * configure.ac + * - Removed _End and _Data functions + * - Added ldns_shaX(data, len, digest) functions + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: sha2.h,v 1.1 2001/11/08 00:02:01 adg Exp adg $ + */ + +#ifndef __LDNS_SHA2_H__ +#define __LDNS_SHA2_H__ + +#ifdef __cplusplus +extern "C" { +#endif + + +/* + * Import u_intXX_t size_t type definitions from system headers. You + * may need to change this, or define these things yourself in this + * file. + * + * (include ldns/config.h so HAVE_INTTYPES is defined (or not, depending + * on the system)) + */ +#include + +#ifdef HAVE_INTTYPES_H + +#include + +#endif /* HAVE_INTTYPES_H */ + + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +#define LDNS_SHA256_BLOCK_LENGTH 64 +#define LDNS_SHA256_DIGEST_LENGTH 32 +#define LDNS_SHA256_DIGEST_STRING_LENGTH (LDNS_SHA256_DIGEST_LENGTH * 2 + 1) +#define LDNS_SHA384_BLOCK_LENGTH 128 +#define LDNS_SHA384_DIGEST_LENGTH 48 +#define LDNS_SHA384_DIGEST_STRING_LENGTH (LDNS_SHA384_DIGEST_LENGTH * 2 + 1) +#define LDNS_SHA512_BLOCK_LENGTH 128 +#define LDNS_SHA512_DIGEST_LENGTH 64 +#define LDNS_SHA512_DIGEST_STRING_LENGTH (LDNS_SHA512_DIGEST_LENGTH * 2 + 1) + + +/*** SHA-256/384/512 Context Structures *******************************/ + +typedef struct _ldns_sha256_CTX { + uint32_t state[8]; + uint64_t bitcount; + uint8_t buffer[LDNS_SHA256_BLOCK_LENGTH]; +} ldns_sha256_CTX; +typedef struct _ldns_sha512_CTX { + uint64_t state[8]; + uint64_t bitcount[2]; + uint8_t buffer[LDNS_SHA512_BLOCK_LENGTH]; +} ldns_sha512_CTX; + +typedef ldns_sha512_CTX ldns_sha384_CTX; + + +/*** SHA-256/384/512 Function Prototypes ******************************/ +void ldns_sha256_init(ldns_sha256_CTX *); +void ldns_sha256_update(ldns_sha256_CTX*, const uint8_t*, size_t); +void ldns_sha256_final(uint8_t[LDNS_SHA256_DIGEST_LENGTH], ldns_sha256_CTX*); + +void ldns_sha384_init(ldns_sha384_CTX*); +void ldns_sha384_update(ldns_sha384_CTX*, const uint8_t*, size_t); +void ldns_sha384_final(uint8_t[LDNS_SHA384_DIGEST_LENGTH], ldns_sha384_CTX*); + +void ldns_sha512_init(ldns_sha512_CTX*); +void ldns_sha512_update(ldns_sha512_CTX*, const uint8_t*, size_t); +void ldns_sha512_final(uint8_t[LDNS_SHA512_DIGEST_LENGTH], ldns_sha512_CTX*); + +/** + * Convenience function to digest a fixed block of data at once. + * + * \param[in] data the data to digest + * \param[in] data_len the length of data in bytes + * \param[out] digest the length of data in bytes + * This pointer MUST have LDNS_SHA256_DIGEST_LENGTH bytes + * available + * \return the SHA1 digest of the given data + */ +unsigned char *ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest); + +/** + * Convenience function to digest a fixed block of data at once. + * + * \param[in] data the data to digest + * \param[in] data_len the length of data in bytes + * \param[out] digest the length of data in bytes + * This pointer MUST have LDNS_SHA384_DIGEST_LENGTH bytes + * available + * \return the SHA1 digest of the given data + */ +unsigned char *ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest); + +/** + * Convenience function to digest a fixed block of data at once. + * + * \param[in] data the data to digest + * \param[in] data_len the length of data in bytes + * \param[out] digest the length of data in bytes + * This pointer MUST have LDNS_SHA512_DIGEST_LENGTH bytes + * available + * \return the SHA1 digest of the given data + */ +unsigned char *ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest); + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __LDNS_SHA2_H__ */ diff --git a/contrib/ldns/ldns/str2host.h b/contrib/ldns/ldns/str2host.h new file mode 100644 index 0000000000..cccad01b38 --- /dev/null +++ b/contrib/ldns/ldns/str2host.h @@ -0,0 +1,243 @@ +/** + * str2host.h - conversion from str to the host fmt + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_2HOST_H +#define LDNS_2HOST_H + +#include +#include +#include +#include +#include +#include +#include + +/** + * \file + * + * Defines functions to convert dns data in presentation format or text files + * to internal structures. + */ + +/** + * convert a byte into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] bytestr the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr); + +/** + * convert a string to a int16 in wireformat + * \param[in] rd the rdf where to put the data + * \param[in] shortstr the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr); + +/** + * convert a strings into a 4 byte int in wireformat + * \param[in] rd the rdf where to put the data + * \param[in] longstr the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr); + +/** + * convert a time string to a time value in wireformat + * \param[in] rd the rdf where to put the data + * \param[in] time the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_time(ldns_rdf **rd, const char *time); + +/* convert string with NSEC3 salt to wireformat) + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * return ldns_status + */ +ldns_status ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *nsec3_salt); + +/* convert a time period (think TTL's) to wireformat) + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * return ldns_status + */ +ldns_status ldns_str2rdf_period(ldns_rdf **rd, const char *str); + +/** + * convert str with an A record into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_a(ldns_rdf **rd, const char *str); + +/** + * convert the str with an AAAA record into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str); + +/** + * convert a string into wireformat (think txt record) + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted (NULL terminated) + * \return ldns_status + */ +ldns_status ldns_str2rdf_str(ldns_rdf **rd, const char *str); + +/** + * convert str with the apl record into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_apl(ldns_rdf **rd, const char *str); + +/** + * convert the string with the b64 data into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_b64(ldns_rdf **rd, const char *str); + +/** + * convert the string with the b32 ext hex data into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str); + +/** + * convert a hex value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_hex(ldns_rdf **rd, const char *str); + +/** + * convert string with nsec into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_nsec(ldns_rdf **rd, const char *str); + +/** + * convert a rrtype into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_type(ldns_rdf **rd, const char *str); + +/** + * convert string with a classname into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_class(ldns_rdf **rd, const char *str); + +/** + * convert an certificate algorithm value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str); + +/** + * convert and algorithm value into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_alg(ldns_rdf **rd, const char *str); + +/** + * convert a string with a unknown RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_unknown(ldns_rdf **rd, const char *str); + +/** + * convert string with a tsig? RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_tsig(ldns_rdf **rd, const char *str); + +/** + * convert string with a protocol service into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_service(ldns_rdf **rd, const char *str); + +/** + * convert a string with a LOC RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_loc(ldns_rdf **rd, const char *str); + +/** + * convert string with a WKS RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_wks(ldns_rdf **rd, const char *str); + +/** + * convert a str with a NSAP RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_nsap(ldns_rdf **rd, const char *str); + +/** + * convert a str with a ATMA RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_atma(ldns_rdf **rd, const char *str); + +/** + * convert a str with a IPSECKEY RR into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str); + +/** + * convert a dname string into wireformat + * \param[in] rd the rdf where to put the data + * \param[in] str the string to be converted + * \return ldns_status + */ +ldns_status ldns_str2rdf_dname(ldns_rdf **rd, const char *str); + +#endif /* LDNS_2HOST_H */ diff --git a/contrib/ldns/ldns/tsig.h b/contrib/ldns/ldns/tsig.h new file mode 100644 index 0000000000..c3a10a6a0f --- /dev/null +++ b/contrib/ldns/ldns/tsig.h @@ -0,0 +1,56 @@ +/* + * tsig.h -- defines for TSIG [RFC2845] + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + */ + +#ifndef LDNS_TSIG_H +#define LDNS_TSIG_H + +/** + * \file + * + * Defines functions for TSIG usage + */ + + +/** + * Contains credentials for TSIG +*/ +typedef struct ldns_tsig_credentials_struct +{ + char *algorithm; + char *keyname; + char *keydata; + /* XXX More eventually. */ +} ldns_tsig_credentials; + +char *ldns_tsig_algorithm(ldns_tsig_credentials *); +char *ldns_tsig_keyname(ldns_tsig_credentials *); +char *ldns_tsig_keydata(ldns_tsig_credentials *); +char *ldns_tsig_keyname_clone(ldns_tsig_credentials *); +char *ldns_tsig_keydata_clone(ldns_tsig_credentials *); + +/** + * verifies the tsig rr for the given packet and key. + * The wire must be given too because tsig does not sign normalized packets. + * + * \return true if tsig is correct, false if not, or if tsig is not set + */ +bool ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wire_size, const char *key_name, const char *key_data, ldns_rdf *mac); + +/** + * creates a tsig rr for the given packet and key. + * \param[in] pkt the packet to sign + * \param[in] key_name the name of the shared key + * \param[in] key_data the key in base 64 format + * \param[in] fudge seconds of error permitted in time signed + * \param[in] algorithm_name the name of the algorithm used + * \param[in] query_mac is added to the digest if not NULL (so NULL is for signing queries, not NULL is for signing answers) + * \return status (OK if success) + */ +ldns_status ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac); + +#endif /* LDNS_TSIG_H */ diff --git a/contrib/ldns/ldns/update.h b/contrib/ldns/ldns/update.h new file mode 100644 index 0000000000..1d0d8f8ef2 --- /dev/null +++ b/contrib/ldns/ldns/update.h @@ -0,0 +1,107 @@ +/* + * update.h + * + * Functions for RFC 2136 Dynamic Update + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + */ + +/** + * \file + * + * Defines functions to perform UPDATE queries + */ + + +#ifndef LDNS_UPDATE_H +#define LDNS_UPDATE_H + +#include + +/** + * create an update packet from zone name, class and the rr lists + * \param[in] zone_rdf name of the zone + * \param[in] clas zone class + * \param[in] pr_rrlist list of Prerequisite Section RRs + * \param[in] up_rrlist list of Updates Section RRs + * \param[in] ad_rrlist list of Additional Data Section RRs (currently unused) + * \return the new packet + */ +ldns_pkt *ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class clas, ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist); + +/** + * add tsig credentials to + * a packet from a resolver + * \param[in] p packet to copy to + * \param[in] r resolver to copy from + * + * \return status wether successfull or not + */ +ldns_status ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r); + +/* access functions */ + +/** + * Get the zo count + * \param[in] p the packet + * \return the zo count + */ +uint16_t ldns_update_zocount(const ldns_pkt *p); +/** + * Get the zo count + * \param[in] p the packet + * \return the pr count + */ +uint16_t ldns_update_prcount(const ldns_pkt *p); +/** + * Get the zo count + * \param[in] p the packet + * \return the up count + */ +uint16_t ldns_update_upcount(const ldns_pkt *p); +/** + * Get the zo count + * \param[in] p the packet + * \return the ad count + */ +uint16_t ldns_update_ad(const ldns_pkt *p); +/** + * Set the zo count + * \param[in] p the packet + * \param[in] c the zo count to set + */ +void ldns_update_set_zo(ldns_pkt *p, uint16_t c); +/** + * Set the pr count + * \param[in] p the packet + * \param[in] c the pr count to set + */ +void ldns_update_set_prcount(ldns_pkt *p, uint16_t c); +/** + * Set the up count + * \param[in] p the packet + * \param[in] c the up count to set + */ +void ldns_update_set_upcount(ldns_pkt *p, uint16_t c); +/** + * Set the ad count + * \param[in] p the packet + * \param[in] c the ad count to set + */ +void ldns_update_set_adcount(ldns_pkt *p, uint16_t c); + +/* soa functions that need to be configured */ +/* + * Not sure if we want to keep these like this, therefore + * not documented + */ +ldns_status ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, ldns_rr_class c, ldns_rdf **mname); +/* + * Not sure if we want to keep these like this, therefore + * not documented + */ +ldns_status ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf); + +#endif /* LDNS_UPDATE_H */ diff --git a/contrib/ldns/ldns/util.h.in b/contrib/ldns/ldns/util.h.in new file mode 100644 index 0000000000..d63d617f8a --- /dev/null +++ b/contrib/ldns/ldns/util.h.in @@ -0,0 +1,331 @@ +/* + * util.h + * + * helper function header file + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004 + * + * See the file LICENSE for the license + */ + +#ifndef _UTIL_H +#define _UTIL_H + +@include_inttypes_h@ +#include +#include +#include + +#define dprintf(X,Y) fprintf(stderr, (X), (Y)) +/* #define dprintf(X, Y) */ + +#define LDNS_VERSION "@PACKAGE_VERSION@" +#define LDNS_REVISION @PACKAGE_REVISION@ + +/** + * splint static inline workaround + */ +#ifdef S_SPLINT_S +# define INLINE +#else +# ifdef SWIG +# define INLINE static +# else +# define INLINE static inline +# endif +#endif + +/** + * Memory management macros + */ +#define LDNS_MALLOC(type) LDNS_XMALLOC(type, 1) + +#define LDNS_XMALLOC(type, count) ((type *) malloc((count) * sizeof(type))) + +#define LDNS_REALLOC(ptr, type) LDNS_XREALLOC((ptr), type, 1) + +#define LDNS_XREALLOC(ptr, type, count) \ + ((type *) realloc((ptr), (count) * sizeof(type))) + +#define LDNS_FREE(ptr) \ + do { free((ptr)); (ptr) = NULL; } while (0) + +#define LDNS_DEP printf("DEPRECATED FUNCTION!\n"); + +/* + * Copy data allowing for unaligned accesses in network byte order + * (big endian). + */ +INLINE uint16_t +ldns_read_uint16(const void *src) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + return ntohs(*(uint16_t *) src); +#else + uint8_t *p = (uint8_t *) src; + return ((uint16_t) p[0] << 8) | (uint16_t) p[1]; +#endif +} + +INLINE uint32_t +ldns_read_uint32(const void *src) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + return ntohl(*(uint32_t *) src); +#else + uint8_t *p = (uint8_t *) src; + return ( ((uint32_t) p[0] << 24) + | ((uint32_t) p[1] << 16) + | ((uint32_t) p[2] << 8) + | (uint32_t) p[3]); +#endif +} + +/* + * Copy data allowing for unaligned accesses in network byte order + * (big endian). + */ +INLINE void +ldns_write_uint16(void *dst, uint16_t data) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + * (uint16_t *) dst = htons(data); +#else + uint8_t *p = (uint8_t *) dst; + p[0] = (uint8_t) ((data >> 8) & 0xff); + p[1] = (uint8_t) (data & 0xff); +#endif +} + +INLINE void +ldns_write_uint32(void *dst, uint32_t data) +{ +#ifdef ALLOW_UNALIGNED_ACCESSES + * (uint32_t *) dst = htonl(data); +#else + uint8_t *p = (uint8_t *) dst; + p[0] = (uint8_t) ((data >> 24) & 0xff); + p[1] = (uint8_t) ((data >> 16) & 0xff); + p[2] = (uint8_t) ((data >> 8) & 0xff); + p[3] = (uint8_t) (data & 0xff); +#endif +} + +/* warning. */ +INLINE void +ldns_write_uint64_as_uint48(void *dst, uint64_t data) +{ + uint8_t *p = (uint8_t *) dst; + p[0] = (uint8_t) ((data >> 40) & 0xff); + p[1] = (uint8_t) ((data >> 32) & 0xff); + p[2] = (uint8_t) ((data >> 24) & 0xff); + p[3] = (uint8_t) ((data >> 16) & 0xff); + p[4] = (uint8_t) ((data >> 8) & 0xff); + p[5] = (uint8_t) (data & 0xff); +} + + +/** + * Structure to do a Schwartzian-like transformation, for instance when + * sorting. If you need a transformation on the objects that are sorted, + * you can sue this to store the transformed values, so you do not + * need to do the transformation again for each comparison + */ +struct ldns_schwartzian_compare_struct { + void *original_object; + void *transformed_object; +}; + +/** A general purpose lookup table + * + * Lookup tables are arrays of (id, name) pairs, + * So you can for instance lookup the RCODE 3, which is "NXDOMAIN", + * and vice versa. The lookup tables themselves are defined wherever needed, + * for instance in \ref host2str.c + */ +struct ldns_struct_lookup_table { + int id; + const char *name; +}; +typedef struct ldns_struct_lookup_table ldns_lookup_table; + +/** + * Looks up the table entry by name, returns NULL if not found. + * \param[in] table the lookup table to search in + * \param[in] name what to search for + * \return the item found + */ +ldns_lookup_table *ldns_lookup_by_name(ldns_lookup_table table[], + const char *name); + +/** + * Looks up the table entry by id, returns NULL if not found. + * \param[in] table the lookup table to search in + * \param[in] id what to search for + * \return the item found + */ +ldns_lookup_table *ldns_lookup_by_id(ldns_lookup_table table[], int id); + +/** + * Returns the value of the specified bit + * The bits are counted from left to right, so bit #0 is the + * left most bit. + * \param[in] bits array holding the bits + * \param[in] index to the wanted bit + * \return + */ +int ldns_get_bit(uint8_t bits[], size_t index); + + +/** + * Returns the value of the specified bit + * The bits are counted from right to left, so bit #0 is the + * right most bit. + * \param[in] bits array holding the bits + * \param[in] index to the wanted bit + * \return 1 or 0 depending no the bit state + */ +int ldns_get_bit_r(uint8_t bits[], size_t index); + +/** + * sets the specified bit in the specified byte to + * 1 if value is true, 0 if false + * The bits are counted from right to left, so bit #0 is the + * right most bit. + * \param[in] byte the bit to set the bit in + * \param[in] bit_nr the bit to set (0 <= n <= 7) + * \param[in] value whether to set the bit to 1 or 0 + * \return 1 or 0 depending no the bit state + */ +void ldns_set_bit(uint8_t *byte, int bit_nr, bool value); + +/** + * Returns the value of a to the power of b + * (or 1 of b < 1) + */ +/*@unused@*/ +INLINE long +ldns_power(long a, long b) { + long result = 1; + while (b > 0) { + if (b & 1) { + result *= a; + if (b == 1) { + return result; + } + } + a *= a; + b /= 2; + } + return result; +} + +/** + * Returns the int value of the given (hex) digit + * \param[in] ch the hex char to convert + * \return the converted decimal value + */ +int ldns_hexdigit_to_int(char ch); + +/** + * Returns the char (hex) representation of the given int + * \param[in] ch the int to convert + * \return the converted hex char + */ +char ldns_int_to_hexdigit(int ch); + +/** + * Converts a hex string to binary data + * + * \param[out] data The binary result is placed here. + * At least strlen(str)/2 bytes should be allocated + * \param[in] str The hex string to convert. + * This string should not contain spaces + * \return The number of bytes of converted data, or -1 if one of the arguments * is NULL, or -2 if the string length is not an even number + */ +int +ldns_hexstring_to_data(uint8_t *data, const char *str); + +/** + * Show the internal library version + * \return a string with the version in it + */ +const char * ldns_version(void); + +/** + * Convert TM to seconds since epoch (midnight, January 1st, 1970). + * Like timegm(3), which is not always available. + * \param[in] tm a struct tm* with the date + * \return the seconds since epoch + */ +time_t mktime_from_utc(const struct tm *tm); + +/** + * Seed the random function. + * If the file descriptor is specified, the random generator is seeded with + * data from that file. If not, /dev/urandom is used. + * + * applications should call this if they need entropy data within ldns + * If openSSL is available, it is automatically seeded from /dev/urandom + * or /dev/random. + * + * If you need more entropy, or have no openssl available, this function + * MUST be called at the start of the program + * + * If openssl *is* available, this function just adds more entropy + * + * \param[in] fd a file providing entropy data for the seed + * \param[in] size the number of bytes to use as entropy data. If this is 0, + * only the minimal amount is taken (usually 4 bytes) + * \return 0 if seeding succeeds, 1 if it fails + */ +int ldns_init_random(FILE *fd, unsigned int size); + + +/** + * Encode data as BubbleBabble + * + * \param[in] data a pointer to data to be encoded + * \param[in] len size the number of bytes of data + * \return a string of BubbleBabble + */ +char *ldns_bubblebabble(uint8_t *data, size_t len); + +#ifndef B32_NTOP +int ldns_b32_ntop(uint8_t const *src, size_t srclength, + char *target, size_t targsize); +int b32_ntop(uint8_t const *src, size_t srclength, + char *target, size_t targsize); +int ldns_b32_ntop_extended_hex(uint8_t const *src, size_t srclength, + char *target, size_t targsize); +int b32_ntop_extended_hex(uint8_t const *src, size_t srclength, + char *target, size_t targsize); +/** + * calculates the size needed to store the result of b32_ntop + */ +/*@unused@*/ +INLINE size_t ldns_b32_ntop_calculate_size(size_t srcsize) +{ + size_t result = ((((srcsize / 5) * 8) - 2) + 2); + return result; +} +#endif /* !B32_NTOP */ +#ifndef B32_PTON +int ldns_b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize); +int b32_pton(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize); +int ldns_b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize); +int b32_pton_extended_hex(char const *src, size_t hashed_owner_str_len, uint8_t *target, size_t targsize); +/** + * calculates the size needed to store the result of b32_pton + */ +/*@unused@*/ +INLINE size_t ldns_b32_pton_calculate_size(size_t srcsize) +{ + size_t result = ((((srcsize) / 8) * 5)); + return result; +} +#endif /* !B32_PTON */ + +#endif /* !_UTIL_H */ diff --git a/contrib/ldns/ldns/wire2host.h b/contrib/ldns/ldns/wire2host.h new file mode 100644 index 0000000000..5c4941cc97 --- /dev/null +++ b/contrib/ldns/ldns/wire2host.h @@ -0,0 +1,189 @@ +/* + * wire2host.h - from wire conversion routines + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Contains functions that translate dns data from the wire format (as sent + * by servers and clients) to the internal structures. + */ + +#ifndef LDNS_WIRE2HOST_H +#define LDNS_WIRE2HOST_H + +#include +#include +#include +#include +#include + +/* The length of the header */ +#define LDNS_HEADER_SIZE 12 + +/* First octet of flags */ +#define LDNS_RD_MASK 0x01U +#define LDNS_RD_SHIFT 0 +#define LDNS_RD_WIRE(wirebuf) (*(wirebuf+2) & LDNS_RD_MASK) +#define LDNS_RD_SET(wirebuf) (*(wirebuf+2) |= LDNS_RD_MASK) +#define LDNS_RD_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_RD_MASK) + +#define LDNS_TC_MASK 0x02U +#define LDNS_TC_SHIFT 1 +#define LDNS_TC_WIRE(wirebuf) (*(wirebuf+2) & LDNS_TC_MASK) +#define LDNS_TC_SET(wirebuf) (*(wirebuf+2) |= LDNS_TC_MASK) +#define LDNS_TC_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_TC_MASK) + +#define LDNS_AA_MASK 0x04U +#define LDNS_AA_SHIFT 2 +#define LDNS_AA_WIRE(wirebuf) (*(wirebuf+2) & LDNS_AA_MASK) +#define LDNS_AA_SET(wirebuf) (*(wirebuf+2) |= LDNS_AA_MASK) +#define LDNS_AA_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_AA_MASK) + +#define LDNS_OPCODE_MASK 0x78U +#define LDNS_OPCODE_SHIFT 3 +#define LDNS_OPCODE_WIRE(wirebuf) ((*(wirebuf+2) & LDNS_OPCODE_MASK) >> LDNS_OPCODE_SHIFT) +#define LDNS_OPCODE_SET(wirebuf, opcode) \ + (*(wirebuf+2) = ((*(wirebuf+2)) & ~LDNS_OPCODE_MASK) | ((opcode) << LDNS_OPCODE_SHIFT)) + +#define LDNS_QR_MASK 0x80U +#define LDNS_QR_SHIFT 7 +#define LDNS_QR_WIRE(wirebuf) (*(wirebuf+2) & LDNS_QR_MASK) +#define LDNS_QR_SET(wirebuf) (*(wirebuf+2) |= LDNS_QR_MASK) +#define LDNS_QR_CLR(wirebuf) (*(wirebuf+2) &= ~LDNS_QR_MASK) + +/* Second octet of flags */ +#define LDNS_RCODE_MASK 0x0fU +#define LDNS_RCODE_SHIFT 0 +#define LDNS_RCODE_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RCODE_MASK) +#define LDNS_RCODE_SET(wirebuf, rcode) \ + (*(wirebuf+3) = ((*(wirebuf+3)) & ~LDNS_RCODE_MASK) | (rcode)) + +#define LDNS_CD_MASK 0x10U +#define LDNS_CD_SHIFT 4 +#define LDNS_CD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_CD_MASK) +#define LDNS_CD_SET(wirebuf) (*(wirebuf+3) |= LDNS_CD_MASK) +#define LDNS_CD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_CD_MASK) + +#define LDNS_AD_MASK 0x20U +#define LDNS_AD_SHIFT 5 +#define LDNS_AD_WIRE(wirebuf) (*(wirebuf+3) & LDNS_AD_MASK) +#define LDNS_AD_SET(wirebuf) (*(wirebuf+3) |= LDNS_AD_MASK) +#define LDNS_AD_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_AD_MASK) + +#define LDNS_Z_MASK 0x40U +#define LDNS_Z_SHIFT 6 +#define LDNS_Z_WIRE(wirebuf) (*(wirebuf+3) & LDNS_Z_MASK) +#define LDNS_Z_SET(wirebuf) (*(wirebuf+3) |= LDNS_Z_MASK) +#define LDNS_Z_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_Z_MASK) + +#define LDNS_RA_MASK 0x80U +#define LDNS_RA_SHIFT 7 +#define LDNS_RA_WIRE(wirebuf) (*(wirebuf+3) & LDNS_RA_MASK) +#define LDNS_RA_SET(wirebuf) (*(wirebuf+3) |= LDNS_RA_MASK) +#define LDNS_RA_CLR(wirebuf) (*(wirebuf+3) &= ~LDNS_RA_MASK) + +/* Query ID */ +#define LDNS_ID_WIRE(wirebuf) (ldns_read_uint16(wirebuf)) +#define LDNS_ID_SET(wirebuf, id) (ldns_write_uint16(wirebuf, id)) + +/* Counter of the question section */ +#define LDNS_QDCOUNT_OFF 4 +/* +#define QDCOUNT(wirebuf) (ntohs(*(uint16_t *)(wirebuf+QDCOUNT_OFF))) +*/ +#define LDNS_QDCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_QDCOUNT_OFF)) + +/* Counter of the answer section */ +#define LDNS_ANCOUNT_OFF 6 +#define LDNS_ANCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ANCOUNT_OFF)) + +/* Counter of the authority section */ +#define LDNS_NSCOUNT_OFF 8 +#define LDNS_NSCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_NSCOUNT_OFF)) + +/* Counter of the additional section */ +#define LDNS_ARCOUNT_OFF 10 +#define LDNS_ARCOUNT(wirebuf) (ldns_read_uint16(wirebuf+LDNS_ARCOUNT_OFF)) + +/** + * converts the data on the uint8_t bytearray (in wire format) to a DNS packet. + * This function will initialize and allocate memory space for the packet + * structure. + * + * \param[in] packet pointer to the structure to hold the packet + * \param[in] data pointer to the buffer with the data + * \param[in] len the length of the data buffer (in bytes) + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_wire2pkt(ldns_pkt **packet, const uint8_t *data, size_t len); + +/** + * converts the data on the uint8_t bytearray (in wire format) to a DNS packet. + * This function will initialize and allocate memory space for the packet + * structure. + * + * \param[in] packet pointer to the structure to hold the packet + * \param[in] buffer the buffer with the data + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer); + +/** + * converts the data on the uint8_t bytearray (in wire format) to a DNS + * dname rdata field. This function will initialize and allocate memory + * space for the dname structure. The length of the wiredata of this rdf + * is added to the *pos value. + * + * \param[in] dname pointer to the structure to hold the rdata value + * \param[in] wire pointer to the buffer with the data + * \param[in] max the length of the data buffer (in bytes) + * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes + * from the start of the buffer) + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos); + +/** + * converts the data on the uint8_t bytearray (in wire format) to DNS + * rdata fields, and adds them to the list of rdfs of the given rr. + * This function will initialize and allocate memory space for the dname + * structures. + * The length of the wiredata of these rdfs is added to the *pos value. + * + * All rdfs belonging to the RR are read; the rr should have no rdfs + * yet. An error is returned if the format cannot be parsed. + * + * \param[in] rr pointer to the ldns_rr structure to hold the rdata value + * \param[in] wire pointer to the buffer with the data + * \param[in] max the length of the data buffer (in bytes) + * \param[in] pos the position of the rdf in the buffer (ie. the number of bytes + * from the start of the buffer) + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos); + +/** + * converts the data on the uint8_t bytearray (in wire format) to a DNS + * resource record. + * This function will initialize and allocate memory space for the rr + * structure. + * The length of the wiredata of this rr is added to the *pos value. + * + * \param[in] rr pointer to the structure to hold the rdata value + * \param[in] wire pointer to the buffer with the data + * \param[in] max the length of the data buffer (in bytes) + * \param[in] pos the position of the rr in the buffer (ie. the number of bytes + * from the start of the buffer) + * \param[in] section the section in the packet the rr is meant for + * \return LDNS_STATUS_OK if everything succeeds, error otherwise + */ +ldns_status ldns_wire2rr(ldns_rr **rr, const uint8_t *wire, size_t max, size_t *pos, ldns_pkt_section section); + +#endif /* LDNS_WIRE2HOST_H */ diff --git a/contrib/ldns/ldns/zone.h b/contrib/ldns/ldns/zone.h new file mode 100644 index 0000000000..e8c29c8f38 --- /dev/null +++ b/contrib/ldns/ldns/zone.h @@ -0,0 +1,167 @@ +/** + * zone.h + * + * zone definitions + * - what is it + * - get_glue function + * - search etc + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * + * See the file LICENSE for the license + */ + +/** + * \file + * + * Defines the ldns_zone structure and functions to manipulate it. + */ + + +#ifndef LDNS_ZONE_H +#define LDNS_ZONE_H + +#include +#include +#include +#include + +/** + * DNS Zone + * + * A list of RR's with some + * extra information which comes from the SOA RR + * Note: nothing has been done to make this efficient (yet). + */ +struct ldns_struct_zone +{ + /** the soa defines a zone */ + ldns_rr *_soa; + /* basicly a zone is a list of rr's */ + ldns_rr_list *_rrs; + /* we could change this to be a b-tree etc etc todo */ +}; +typedef struct ldns_struct_zone ldns_zone; + +/** + * create a new ldns_zone structure + * \return a pointer to a ldns_zone structure + */ +ldns_zone * ldns_zone_new(void); + +/** + * Return the soa record of a zone + * \param[in] z the zone to read from + * \return the soa record in the zone + */ +ldns_rr * ldns_zone_soa(const ldns_zone *z); + +/** + * Returns the number of resource records in the zone, NOT counting the SOA record + * \param[in] z the zone to read from + * \return the number of rr's in the zone + */ +size_t ldns_zone_rr_count(const ldns_zone *z); + +/** + * Set the zone's soa record + * \param[in] z the zone to put the new soa in + * \param[in] soa the soa to set + */ +void ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa); + +/** + * Get a list of a zone's content. Note that the SOA + * isn't included in this list. You need to get the + * with ldns_zone_soa. + * \param[in] z the zone to read from + * \return the rrs from this zone + */ +ldns_rr_list * ldns_zone_rrs(const ldns_zone *z); + +/** + * Set the zone's contents + * \param[in] z the zone to put the new soa in + * \param[in] rrlist the rrlist to use + */ +void ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist); + +/** + * push an rrlist to a zone structure. This function use pointer + * copying, so the rr_list structure inside z is modified! + * \param[in] z the zone to add to + * \param[in] list the list to add + * \return a true on succes otherwise falsed + */ +bool ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list); + +/** + * push an single rr to a zone structure. This function use pointer + * copying, so the rr_list structure inside z is modified! + * \param[in] z the zone to add to + * \param[in] rr the rr to add + * \return a true on succes otherwise falsed + */ +bool ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr); + +/** + * Retrieve all resource records from the zone that are glue + * records. The resulting list does are pointer references + * to the zone's data. + * + * Due to the current zone implementation (as a list of rr's), this + * function is extremely slow. Another (probably better) way to do this + * is to use an ldns_dnssec_zone structure and the mark_glue function + * + * \param[in] z the zone to look for glue + * \return the rr_list with the glue + */ +ldns_rr_list *ldns_zone_glue_rr_list(const ldns_zone *z); + +/** + * Create a new zone from a file + * \param[out] z the new zone + * \param[in] *fp the filepointer to use + * \param[in] *origin the zones' origin + * \param[in] ttl default ttl to use + * \param[in] c default class to use (IN) + * + * \return ldns_status mesg with an error or LDNS_STATUS_OK + */ +ldns_status ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c); + +/** + * Create a new zone from a file, keep track of the line numbering + * \param[out] z the new zone + * \param[in] *fp the filepointer to use + * \param[in] *origin the zones' origin + * \param[in] ttl default ttl to use + * \param[in] c default class to use (IN) + * \param[out] line_nr used for error msg, to get to the line number + * + * \return ldns_status mesg with an error or LDNS_STATUS_OK + */ +ldns_status ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, int *line_nr); + +/** + * Frees the allocated memory for the zone, and the rr_list structure in it + * \param[in] zone the zone to free + */ +void ldns_zone_free(ldns_zone *zone); + +/** + * Frees the allocated memory for the zone, the soa rr in it, + * and the rr_list structure in it, including the rr's in that. etc. + * \param[in] zone the zone to free + */ +void ldns_zone_deep_free(ldns_zone *zone); + +/** + * Sort the rrs in a zone, with the current impl. this is slow + * \param[in] zone the zone to sort + */ +void ldns_zone_sort(ldns_zone *zone); + +#endif /* LDNS_ZONE_H */ diff --git a/contrib/ldns/linktest.c b/contrib/ldns/linktest.c new file mode 100644 index 0000000000..c21753a53f --- /dev/null +++ b/contrib/ldns/linktest.c @@ -0,0 +1,13 @@ + +#include "ldns/config.h" +#include + +int +main(void) +{ + ldns_rr *rr = ldns_rr_new(); + + ldns_rr_free(rr); + return 0; +} + diff --git a/contrib/ldns/net.c b/contrib/ldns/net.c new file mode 100644 index 0000000000..cdc69c5bf5 --- /dev/null +++ b/contrib/ldns/net.c @@ -0,0 +1,796 @@ +/* + * net.c + * + * Network implementation + * All network related functions are grouped here + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#include +#include +#include + +ldns_status +ldns_send(ldns_pkt **result_packet, ldns_resolver *r, const ldns_pkt *query_pkt) +{ + ldns_buffer *qb; + ldns_status result; + ldns_rdf *tsig_mac = NULL; + + qb = ldns_buffer_new(LDNS_MIN_BUFLEN); + + if (query_pkt && ldns_pkt_tsig(query_pkt)) { + tsig_mac = ldns_rr_rdf(ldns_pkt_tsig(query_pkt), 3); + } + + + if (!query_pkt || + ldns_pkt2buffer_wire(qb, query_pkt) != LDNS_STATUS_OK) { + result = LDNS_STATUS_ERR; + } else { + result = ldns_send_buffer(result_packet, r, qb, tsig_mac); + } + + ldns_buffer_free(qb); + + return result; +} + +ldns_status +ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf *tsig_mac) +{ + uint8_t i; + + struct sockaddr_storage *ns; + size_t ns_len; + struct timeval tv_s; + struct timeval tv_e; + + ldns_rdf **ns_array; + size_t *rtt; + ldns_pkt *reply; + bool all_servers_rtt_inf; + uint8_t retries; + + uint8_t *reply_bytes = NULL; + size_t reply_size = 0; + ldns_status status, send_status; + + assert(r != NULL); + + status = LDNS_STATUS_OK; + rtt = ldns_resolver_rtt(r); + ns_array = ldns_resolver_nameservers(r); + reply = NULL; + ns_len = 0; + + all_servers_rtt_inf = true; + + if (ldns_resolver_random(r)) { + ldns_resolver_nameservers_randomize(r); + } + + /* loop through all defined nameservers */ + for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { + if (rtt[i] == LDNS_RESOLV_RTT_INF) { + /* not reachable nameserver! */ + continue; + } + all_servers_rtt_inf = false; + + /* maybe verbosity setting? + printf("Sending to "); + ldns_rdf_print(stdout, ns_array[i]); + printf("\n"); + */ + ns = ldns_rdf2native_sockaddr_storage(ns_array[i], + ldns_resolver_port(r), &ns_len); + + if ((ns->ss_family == AF_INET) && + (ldns_resolver_ip6(r) == LDNS_RESOLV_INET6)) { + continue; + } + + if ((ns->ss_family == AF_INET6) && + (ldns_resolver_ip6(r) == LDNS_RESOLV_INET)) { + continue; + } + + gettimeofday(&tv_s, NULL); + + send_status = LDNS_STATUS_ERR; + + /* reply_bytes implicitly handles our error */ + if (1 == ldns_resolver_usevc(r)) { + for (retries = ldns_resolver_retry(r); retries > 0; retries--) { + send_status = + ldns_tcp_send(&reply_bytes, qb, ns, + (socklen_t)ns_len, ldns_resolver_timeout(r), + &reply_size); + if (send_status == LDNS_STATUS_OK) { + break; + } + } + } else { + for (retries = ldns_resolver_retry(r); retries > 0; retries--) { + /* ldns_rdf_print(stdout, ns_array[i]); */ + send_status = + ldns_udp_send(&reply_bytes, qb, ns, + (socklen_t)ns_len, ldns_resolver_timeout(r), + &reply_size); + + if (send_status == LDNS_STATUS_OK) { + break; + } + } + } + + if (send_status != LDNS_STATUS_OK) { + ldns_resolver_set_nameserver_rtt(r, i, LDNS_RESOLV_RTT_INF); + status = send_status; + } + + /* obey the fail directive */ + if (!reply_bytes) { + /* the current nameserver seems to have a problem, blacklist it */ + if (ldns_resolver_fail(r)) { + LDNS_FREE(ns); + return LDNS_STATUS_ERR; + } else { + LDNS_FREE(ns); + continue; + } + } + + status = ldns_wire2pkt(&reply, reply_bytes, reply_size); + if (status != LDNS_STATUS_OK) { + LDNS_FREE(reply_bytes); + LDNS_FREE(ns); + return status; + } + + LDNS_FREE(ns); + gettimeofday(&tv_e, NULL); + + if (reply) { + ldns_pkt_set_querytime(reply, (uint32_t) + ((tv_e.tv_sec - tv_s.tv_sec) * 1000) + + (tv_e.tv_usec - tv_s.tv_usec) / 1000); + ldns_pkt_set_answerfrom(reply, ns_array[i]); + ldns_pkt_set_timestamp(reply, tv_s); + ldns_pkt_set_size(reply, reply_size); + break; + } else { + if (ldns_resolver_fail(r)) { + /* if fail is set bail out, after the first + * one */ + break; + } + } + + /* wait retrans seconds... */ + sleep((unsigned int) ldns_resolver_retrans(r)); + } + + if (all_servers_rtt_inf) { + LDNS_FREE(reply_bytes); + return LDNS_STATUS_RES_NO_NS; + } +#ifdef HAVE_SSL + if (tsig_mac && reply_bytes) { + if (!ldns_pkt_tsig_verify(reply, + reply_bytes, + reply_size, + ldns_resolver_tsig_keyname(r), + ldns_resolver_tsig_keydata(r), tsig_mac)) { + status = LDNS_STATUS_CRYPTO_TSIG_BOGUS; + } + } +#else + (void)tsig_mac; +#endif /* HAVE_SSL */ + + LDNS_FREE(reply_bytes); + if (result) { + *result = reply; + } + + return status; +} + +/** best effort to set nonblocking */ +static void +ldns_sock_nonblock(int sockfd) +{ +#ifdef HAVE_FCNTL + int flag; + if((flag = fcntl(sockfd, F_GETFL)) != -1) { + flag |= O_NONBLOCK; + if(fcntl(sockfd, F_SETFL, flag) == -1) { + /* ignore error, continue blockingly */ + } + } +#elif defined(HAVE_IOCTLSOCKET) + unsigned long on = 1; + if(ioctlsocket(sockfd, FIONBIO, &on) != 0) { + /* ignore error, continue blockingly */ + } +#endif +} + +/** best effort to set blocking */ +static void +ldns_sock_block(int sockfd) +{ +#ifdef HAVE_FCNTL + int flag; + if((flag = fcntl(sockfd, F_GETFL)) != -1) { + flag &= ~O_NONBLOCK; + if(fcntl(sockfd, F_SETFL, flag) == -1) { + /* ignore error, continue */ + } + } +#elif defined(HAVE_IOCTLSOCKET) + unsigned long off = 0; + if(ioctlsocket(sockfd, FIONBIO, &off) != 0) { + /* ignore error, continue */ + } +#endif +} + +/** wait for a socket to become ready */ +static int +ldns_sock_wait(int sockfd, struct timeval timeout, int write) +{ + fd_set fds; + int ret; + FD_ZERO(&fds); + FD_SET(FD_SET_T sockfd, &fds); + if(write) + ret = select(sockfd+1, NULL, &fds, NULL, &timeout); + else + ret = select(sockfd+1, &fds, NULL, NULL, &timeout); + if(ret == 0) + /* timeout expired */ + return 0; + else if(ret == -1) + /* error */ + return 0; + return 1; +} + +ldns_status +ldns_udp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, + socklen_t tolen, struct timeval timeout, size_t *answer_size) +{ + int sockfd; + uint8_t *answer; + + sockfd = ldns_udp_bgsend(qbin, to, tolen, timeout); + + if (sockfd == 0) { + return LDNS_STATUS_SOCKET_ERROR; + } + + /* wait for an response*/ + if(!ldns_sock_wait(sockfd, timeout, 0)) { + close(sockfd); + return LDNS_STATUS_NETWORK_ERR; + } + + answer = ldns_udp_read_wire(sockfd, answer_size, NULL, NULL); + close(sockfd); + + if (*answer_size == 0) { + /* oops */ + return LDNS_STATUS_NETWORK_ERR; + } + + *result = answer; + return LDNS_STATUS_OK; +} + +int +ldns_udp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, + struct timeval timeout) +{ + int sockfd; + + sockfd = ldns_udp_connect(to, timeout); + + if (sockfd == 0) { + return 0; + } + + if (ldns_udp_send_query(qbin, sockfd, to, tolen) == 0) { + return 0; + } + return sockfd; +} + +int +ldns_udp_connect(const struct sockaddr_storage *to, struct timeval ATTR_UNUSED(timeout)) +{ + int sockfd; + + if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_DGRAM, + IPPROTO_UDP)) + == -1) { + return 0; + } + return sockfd; +} + +int +ldns_tcp_connect(const struct sockaddr_storage *to, socklen_t tolen, + struct timeval timeout) +{ + int sockfd; + + if ((sockfd = socket((int)((struct sockaddr*)to)->sa_family, SOCK_STREAM, + IPPROTO_TCP)) == -1) { + return 0; + } + + /* perform nonblocking connect, to be able to wait with select() */ + ldns_sock_nonblock(sockfd); + if (connect(sockfd, (struct sockaddr*)to, tolen) == -1) { +#ifndef USE_WINSOCK +#ifdef EINPROGRESS + if(errno != EINPROGRESS) { +#else + if(1) { +#endif + close(sockfd); + return 0; + } +#else /* USE_WINSOCK */ + if(WSAGetLastError() != WSAEINPROGRESS && + WSAGetLastError() != WSAEWOULDBLOCK) { + closesocket(sockfd); + return 0; + } +#endif + /* error was only telling us that it would block */ + } + + /* wait(write) until connected or error */ + while(1) { + int error = 0; + socklen_t len = (socklen_t)sizeof(error); + + if(!ldns_sock_wait(sockfd, timeout, 1)) { + close(sockfd); + return 0; + } + + /* check if there is a pending error for nonblocking connect */ + if(getsockopt(sockfd, SOL_SOCKET, SO_ERROR, (void*)&error, + &len) < 0) { +#ifndef USE_WINSOCK + error = errno; /* on solaris errno is error */ +#else + error = WSAGetLastError(); +#endif + } +#ifndef USE_WINSOCK +#if defined(EINPROGRESS) && defined(EWOULDBLOCK) + if(error == EINPROGRESS || error == EWOULDBLOCK) + continue; /* try again */ +#endif + else if(error != 0) { + close(sockfd); + /* error in errno for our user */ + errno = error; + return 0; + } +#else /* USE_WINSOCK */ + if(error == WSAEINPROGRESS) + continue; + else if(error == WSAEWOULDBLOCK) + continue; + else if(error != 0) { + closesocket(sockfd); + errno = error; + return 0; + } +#endif /* USE_WINSOCK */ + /* connected */ + break; + } + + /* set the socket blocking again */ + ldns_sock_block(sockfd); + + return sockfd; +} + +ssize_t +ldns_tcp_send_query(ldns_buffer *qbin, int sockfd, + const struct sockaddr_storage *to, socklen_t tolen) +{ + uint8_t *sendbuf; + ssize_t bytes; + + /* add length of packet */ + sendbuf = LDNS_XMALLOC(uint8_t, ldns_buffer_position(qbin) + 2); + ldns_write_uint16(sendbuf, ldns_buffer_position(qbin)); + memcpy(sendbuf + 2, ldns_buffer_export(qbin), ldns_buffer_position(qbin)); + + bytes = sendto(sockfd, (void*)sendbuf, + ldns_buffer_position(qbin) + 2, 0, (struct sockaddr *)to, tolen); + + LDNS_FREE(sendbuf); + + if (bytes == -1 || (size_t) bytes != ldns_buffer_position(qbin) + 2 ) { + return 0; + } + return bytes; +} + +/* don't wait for an answer */ +ssize_t +ldns_udp_send_query(ldns_buffer *qbin, int sockfd, const struct sockaddr_storage *to, + socklen_t tolen) +{ + ssize_t bytes; + + bytes = sendto(sockfd, (void*)ldns_buffer_begin(qbin), + ldns_buffer_position(qbin), 0, (struct sockaddr *)to, tolen); + + if (bytes == -1 || (size_t)bytes != ldns_buffer_position(qbin)) { + return 0; + } + if ((size_t) bytes != ldns_buffer_position(qbin)) { + return 0; + } + return bytes; +} + +uint8_t * +ldns_udp_read_wire(int sockfd, size_t *size, struct sockaddr_storage *from, + socklen_t *fromlen) +{ + uint8_t *wire; + ssize_t wire_size; + + wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN); + if (!wire) { + *size = 0; + return NULL; + } + + wire_size = recvfrom(sockfd, (void*)wire, LDNS_MAX_PACKETLEN, 0, + (struct sockaddr *)from, fromlen); + + /* recvfrom can also return 0 */ + if (wire_size == -1 || wire_size == 0) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + + *size = (size_t)wire_size; + wire = LDNS_XREALLOC(wire, uint8_t, (size_t)wire_size); + + return wire; +} + +uint8_t * +ldns_tcp_read_wire_timeout(int sockfd, size_t *size, struct timeval timeout) +{ + uint8_t *wire; + uint16_t wire_size; + ssize_t bytes = 0; + + wire = LDNS_XMALLOC(uint8_t, 2); + if (!wire) { + *size = 0; + return NULL; + } + + while (bytes < 2) { + if(!ldns_sock_wait(sockfd, timeout, 0)) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + bytes = recv(sockfd, (void*)wire, 2, 0); + if (bytes == -1 || bytes == 0) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + } + + wire_size = ldns_read_uint16(wire); + + LDNS_FREE(wire); + wire = LDNS_XMALLOC(uint8_t, wire_size); + bytes = 0; + + while (bytes < (ssize_t) wire_size) { + if(!ldns_sock_wait(sockfd, timeout, 0)) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + bytes += recv(sockfd, (void*) (wire + bytes), + (size_t) (wire_size - bytes), 0); + if (bytes == -1 || bytes == 0) { + LDNS_FREE(wire); + *size = 0; + return NULL; + } + } + + *size = (size_t) bytes; + return wire; +} + +uint8_t * +ldns_tcp_read_wire(int sockfd, size_t *size) +{ + uint8_t *wire; + uint16_t wire_size; + ssize_t bytes = 0; + + wire = LDNS_XMALLOC(uint8_t, 2); + if (!wire) { + *size = 0; + return NULL; + } + + while (bytes < 2) { + bytes = recv(sockfd, (void*)wire, 2, 0); + if (bytes == -1 || bytes == 0) { + *size = 0; + LDNS_FREE(wire); + return NULL; + } + } + + wire_size = ldns_read_uint16(wire); + + LDNS_FREE(wire); + wire = LDNS_XMALLOC(uint8_t, wire_size); + bytes = 0; + + while (bytes < (ssize_t) wire_size) { + bytes += recv(sockfd, (void*) (wire + bytes), + (size_t) (wire_size - bytes), 0); + if (bytes == -1 || bytes == 0) { + LDNS_FREE(wire); + *size = 0; + return NULL; + } + } + + *size = (size_t) bytes; + return wire; +} + +/* keep in mind that in DNS tcp messages the first 2 bytes signal the + * amount data to expect + */ +ldns_status +ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storage *to, + socklen_t tolen, struct timeval timeout, size_t *answer_size) +{ + int sockfd; + uint8_t *answer; + + sockfd = ldns_tcp_bgsend(qbin, to, tolen, timeout); + + if (sockfd == 0) { + return LDNS_STATUS_ERR; + } + + answer = ldns_tcp_read_wire_timeout(sockfd, answer_size, timeout); + close(sockfd); + + if (*answer_size == 0) { + /* oops */ + return LDNS_STATUS_NETWORK_ERR; + } + + /* resize accordingly */ + answer = (uint8_t*)LDNS_XREALLOC(answer, uint8_t *, (size_t)*answer_size); + *result = answer; + return LDNS_STATUS_OK; +} + +int +ldns_tcp_bgsend(ldns_buffer *qbin, const struct sockaddr_storage *to, socklen_t tolen, + struct timeval timeout) +{ + int sockfd; + + sockfd = ldns_tcp_connect(to, tolen, timeout); + + if (sockfd == 0) { + return 0; + } + + if (ldns_tcp_send_query(qbin, sockfd, to, tolen) == 0) { + return 0; + } + + return sockfd; +} + +/* code from rdata.c */ +struct sockaddr_storage * +ldns_rdf2native_sockaddr_storage(const ldns_rdf *rd, uint16_t port, size_t *size) +{ + struct sockaddr_storage *data; + struct sockaddr_in *data_in; + struct sockaddr_in6 *data_in6; + + data = LDNS_MALLOC(struct sockaddr_storage); + if (!data) { + return NULL; + } + /* zero the structure for portability */ + memset(data, 0, sizeof(struct sockaddr_storage)); + if (port == 0) { + port = LDNS_PORT; + } + + switch(ldns_rdf_get_type(rd)) { + case LDNS_RDF_TYPE_A: + data->ss_family = AF_INET; + data_in = (struct sockaddr_in*) data; + data_in->sin_port = (in_port_t)htons(port); + memcpy(&(data_in->sin_addr), ldns_rdf_data(rd), ldns_rdf_size(rd)); + *size = sizeof(struct sockaddr_in); + return data; + case LDNS_RDF_TYPE_AAAA: + data->ss_family = AF_INET6; + data_in6 = (struct sockaddr_in6*) data; + data_in6->sin6_port = (in_port_t)htons(port); + memcpy(&data_in6->sin6_addr, ldns_rdf_data(rd), ldns_rdf_size(rd)); + *size = sizeof(struct sockaddr_in6); + return data; + default: + LDNS_FREE(data); + return NULL; + } +} + +ldns_rdf * +ldns_sockaddr_storage2rdf(struct sockaddr_storage *sock, uint16_t *port) +{ + ldns_rdf *addr; + struct sockaddr_in *data_in; + struct sockaddr_in6 *data_in6; + + switch(sock->ss_family) { + case AF_INET: + data_in = (struct sockaddr_in*)sock; + if (port) { + *port = ntohs((uint16_t)data_in->sin_port); + } + addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_A, + LDNS_IP4ADDRLEN, &data_in->sin_addr); + break; + case AF_INET6: + data_in6 = (struct sockaddr_in6*)sock; + if (port) { + *port = ntohs((uint16_t)data_in6->sin6_port); + } + addr = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_AAAA, + LDNS_IP6ADDRLEN, &data_in6->sin6_addr); + break; + default: + if (port) { + *port = 0; + } + return NULL; + } + return addr; +} + +/* code from resolver.c */ +ldns_status +ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class) +{ + ldns_pkt *query; + ldns_buffer *query_wire; + + struct sockaddr_storage *ns = NULL; + size_t ns_len = 0; + size_t ns_i; + ldns_status status; + + if (!resolver || ldns_resolver_nameserver_count(resolver) < 1) { + return LDNS_STATUS_ERR; + } + + query = ldns_pkt_query_new(ldns_rdf_clone(domain), LDNS_RR_TYPE_AXFR, class, 0); + + if (!query) { + return LDNS_STATUS_ADDRESS_ERR; + } + /* For AXFR, we have to make the connection ourselves */ + /* try all nameservers (which usually would mean v4 fallback if + * @hostname is used */ + for (ns_i = 0; + ns_i < ldns_resolver_nameserver_count(resolver) && + resolver->_socket == 0; + ns_i++) { + ns = ldns_rdf2native_sockaddr_storage( + resolver->_nameservers[ns_i], + ldns_resolver_port(resolver), &ns_len); + + resolver->_socket = ldns_tcp_connect(ns, (socklen_t)ns_len, + ldns_resolver_timeout(resolver)); + } + + if (resolver->_socket == 0) { + ldns_pkt_free(query); + LDNS_FREE(ns); + return LDNS_STATUS_NETWORK_ERR; + } + +#ifdef HAVE_SSL + if (ldns_resolver_tsig_keyname(resolver) && ldns_resolver_tsig_keydata(resolver)) { + status = ldns_pkt_tsig_sign(query, + ldns_resolver_tsig_keyname(resolver), + ldns_resolver_tsig_keydata(resolver), + 300, ldns_resolver_tsig_algorithm(resolver), NULL); + if (status != LDNS_STATUS_OK) { + return LDNS_STATUS_CRYPTO_TSIG_ERR; + } + } +#endif /* HAVE_SSL */ + + /* Convert the query to a buffer * Is this necessary? + */ + query_wire = ldns_buffer_new(LDNS_MAX_PACKETLEN); + status = ldns_pkt2buffer_wire(query_wire, query); + if (status != LDNS_STATUS_OK) { + ldns_pkt_free(query); + LDNS_FREE(ns); + return status; + } + /* Send the query */ + if (ldns_tcp_send_query(query_wire, resolver->_socket, ns, + (socklen_t)ns_len) == 0) { + ldns_pkt_free(query); + ldns_buffer_free(query_wire); + LDNS_FREE(ns); + return LDNS_STATUS_NETWORK_ERR; + } + + ldns_pkt_free(query); + ldns_buffer_free(query_wire); + LDNS_FREE(ns); + + /* + * The AXFR is done once the second SOA record is sent + */ + resolver->_axfr_soa_count = 0; + return LDNS_STATUS_OK; +} diff --git a/contrib/ldns/packet.c b/contrib/ldns/packet.c new file mode 100644 index 0000000000..32d5a2a09c --- /dev/null +++ b/contrib/ldns/packet.c @@ -0,0 +1,1013 @@ +/* + * packet.c + * + * dns packet implementation + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#include +#include + +#ifdef HAVE_SSL +#include +#endif + +/* Access functions + * do this as functions to get type checking + */ + +#define LDNS_EDNS_MASK_DO_BIT 0x8000 + +/* TODO defines for 3600 */ +/* convert to and from numerical flag values */ +ldns_lookup_table ldns_edns_flags[] = { + { 3600, "do"}, + { 0, NULL} +}; + +/* read */ +uint16_t +ldns_pkt_id(const ldns_pkt *packet) +{ + return packet->_header->_id; +} + +bool +ldns_pkt_qr(const ldns_pkt *packet) +{ + return packet->_header->_qr; +} + +bool +ldns_pkt_aa(const ldns_pkt *packet) +{ + return packet->_header->_aa; +} + +bool +ldns_pkt_tc(const ldns_pkt *packet) +{ + return packet->_header->_tc; +} + +bool +ldns_pkt_rd(const ldns_pkt *packet) +{ + return packet->_header->_rd; +} + +bool +ldns_pkt_cd(const ldns_pkt *packet) +{ + return packet->_header->_cd; +} + +bool +ldns_pkt_ra(const ldns_pkt *packet) +{ + return packet->_header->_ra; +} + +bool +ldns_pkt_ad(const ldns_pkt *packet) +{ + return packet->_header->_ad; +} + +ldns_pkt_opcode +ldns_pkt_get_opcode(const ldns_pkt *packet) +{ + return packet->_header->_opcode; +} + +ldns_pkt_rcode +ldns_pkt_get_rcode(const ldns_pkt *packet) +{ + return packet->_header->_rcode; +} + +uint16_t +ldns_pkt_qdcount(const ldns_pkt *packet) +{ + return packet->_header->_qdcount; +} + +uint16_t +ldns_pkt_ancount(const ldns_pkt *packet) +{ + return packet->_header->_ancount; +} + +uint16_t +ldns_pkt_nscount(const ldns_pkt *packet) +{ + return packet->_header->_nscount; +} + +uint16_t +ldns_pkt_arcount(const ldns_pkt *packet) +{ + return packet->_header->_arcount; +} + +ldns_rr_list * +ldns_pkt_question(const ldns_pkt *packet) +{ + return packet->_question; +} + +ldns_rr_list * +ldns_pkt_answer(const ldns_pkt *packet) +{ + return packet->_answer; +} + +ldns_rr_list * +ldns_pkt_authority(const ldns_pkt *packet) +{ + return packet->_authority; +} + +ldns_rr_list * +ldns_pkt_additional(const ldns_pkt *packet) +{ + return packet->_additional; +} + +/* return ALL section concatenated */ +ldns_rr_list * +ldns_pkt_all(const ldns_pkt *packet) +{ + ldns_rr_list *all, *prev_all; + + all = ldns_rr_list_cat_clone( + ldns_pkt_question(packet), + ldns_pkt_answer(packet)); + prev_all = all; + all = ldns_rr_list_cat_clone(all, + ldns_pkt_authority(packet)); + ldns_rr_list_deep_free(prev_all); + prev_all = all; + all = ldns_rr_list_cat_clone(all, + ldns_pkt_additional(packet)); + ldns_rr_list_deep_free(prev_all); + return all; +} + +ldns_rr_list * +ldns_pkt_all_noquestion(const ldns_pkt *packet) +{ + ldns_rr_list *all, *all2; + + all = ldns_rr_list_cat_clone( + ldns_pkt_answer(packet), + ldns_pkt_authority(packet)); + all2 = ldns_rr_list_cat_clone(all, + ldns_pkt_additional(packet)); + + ldns_rr_list_deep_free(all); + return all2; +} + +size_t +ldns_pkt_size(const ldns_pkt *packet) +{ + return packet->_size; +} + +uint32_t +ldns_pkt_querytime(const ldns_pkt *packet) +{ + return packet->_querytime; +} + +ldns_rdf * +ldns_pkt_answerfrom(const ldns_pkt *packet) +{ + return packet->_answerfrom; +} + +struct timeval +ldns_pkt_timestamp(const ldns_pkt *packet) +{ + return packet->timestamp; +} + +uint16_t +ldns_pkt_edns_udp_size(const ldns_pkt *packet) +{ + return packet->_edns_udp_size; +} + +uint8_t +ldns_pkt_edns_extended_rcode(const ldns_pkt *packet) +{ + return packet->_edns_extended_rcode; +} + +uint8_t +ldns_pkt_edns_version(const ldns_pkt *packet) +{ + return packet->_edns_version; +} + +uint16_t +ldns_pkt_edns_z(const ldns_pkt *packet) +{ + return packet->_edns_z; +} + +bool +ldns_pkt_edns_do(const ldns_pkt *packet) +{ + return (packet->_edns_z & LDNS_EDNS_MASK_DO_BIT); +} + +void +ldns_pkt_set_edns_do(ldns_pkt *packet, bool value) +{ + if (value) { + packet->_edns_z = packet->_edns_z | LDNS_EDNS_MASK_DO_BIT; + } else { + packet->_edns_z = packet->_edns_z & ~LDNS_EDNS_MASK_DO_BIT; + } +} + +ldns_rdf * +ldns_pkt_edns_data(const ldns_pkt *packet) +{ + return packet->_edns_data; +} + +/* return only those rr that share the ownername */ +ldns_rr_list * +ldns_pkt_rr_list_by_name(ldns_pkt *packet, + ldns_rdf *ownername, + ldns_pkt_section sec) +{ + ldns_rr_list *rrs; + ldns_rr_list *new; + ldns_rr_list *ret; + uint16_t i; + + if (!packet) { + return NULL; + } + + rrs = ldns_pkt_get_section_clone(packet, sec); + new = ldns_rr_list_new(); + ret = NULL; + + for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + if (ldns_rdf_compare(ldns_rr_owner( + ldns_rr_list_rr(rrs, i)), + ownername) == 0) { + /* owner names match */ + ldns_rr_list_push_rr(new, ldns_rr_list_rr(rrs, i)); + ret = new; + } + } + return ret; +} + +/* return only those rr that share a type */ +ldns_rr_list * +ldns_pkt_rr_list_by_type(const ldns_pkt *packet, + ldns_rr_type type, + ldns_pkt_section sec) +{ + ldns_rr_list *rrs; + ldns_rr_list *new; + uint16_t i; + + if(!packet) { + return NULL; + } + + rrs = ldns_pkt_get_section_clone(packet, sec); + new = ldns_rr_list_new(); + + for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i))) { + /* types match */ + ldns_rr_list_push_rr(new, + ldns_rr_clone( + ldns_rr_list_rr(rrs, i)) + ); + } + } + ldns_rr_list_deep_free(rrs); + + if (ldns_rr_list_rr_count(new) == 0) { + ldns_rr_list_free(new); + return NULL; + } else { + return new; + } +} + +/* return only those rrs that share name and type */ +ldns_rr_list * +ldns_pkt_rr_list_by_name_and_type(const ldns_pkt *packet, + const ldns_rdf *ownername, + ldns_rr_type type, + ldns_pkt_section sec) +{ + ldns_rr_list *rrs; + ldns_rr_list *new; + ldns_rr_list *ret; + uint16_t i; + + if(!packet) { + return NULL; + } + + rrs = ldns_pkt_get_section_clone(packet, sec); + new = ldns_rr_list_new(); + ret = NULL; + + for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + if (type == ldns_rr_get_type(ldns_rr_list_rr(rrs, i)) && + ldns_rdf_compare(ldns_rr_owner(ldns_rr_list_rr(rrs, i)), + ownername + ) == 0 + ) { + /* types match */ + ldns_rr_list_push_rr(new, ldns_rr_clone(ldns_rr_list_rr(rrs, i))); + ret = new; + } + } + ldns_rr_list_deep_free(rrs); + if (!ret) { + ldns_rr_list_free(new); + } + return ret; +} + +bool +ldns_pkt_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr) +{ + bool result = false; + + switch (sec) { + case LDNS_SECTION_QUESTION: + return ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr); + case LDNS_SECTION_ANSWER: + return ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr); + case LDNS_SECTION_AUTHORITY: + return ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr); + case LDNS_SECTION_ADDITIONAL: + return ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr); + case LDNS_SECTION_ANY: + result = ldns_rr_list_contains_rr(ldns_pkt_question(pkt), rr); + case LDNS_SECTION_ANY_NOQUESTION: + result = result + || ldns_rr_list_contains_rr(ldns_pkt_answer(pkt), rr) + || ldns_rr_list_contains_rr(ldns_pkt_authority(pkt), rr) + || ldns_rr_list_contains_rr(ldns_pkt_additional(pkt), rr); + } + + return result; +} + +uint16_t +ldns_pkt_section_count(const ldns_pkt *packet, ldns_pkt_section s) +{ + switch(s) { + case LDNS_SECTION_QUESTION: + return ldns_pkt_qdcount(packet); + case LDNS_SECTION_ANSWER: + return ldns_pkt_ancount(packet); + case LDNS_SECTION_AUTHORITY: + return ldns_pkt_nscount(packet); + case LDNS_SECTION_ADDITIONAL: + return ldns_pkt_arcount(packet); + case LDNS_SECTION_ANY: + return ldns_pkt_qdcount(packet) + + ldns_pkt_ancount(packet) + + ldns_pkt_nscount(packet) + + ldns_pkt_arcount(packet); + case LDNS_SECTION_ANY_NOQUESTION: + return ldns_pkt_ancount(packet) + + ldns_pkt_nscount(packet) + + ldns_pkt_arcount(packet); + default: + return 0; + } +} + +bool +ldns_pkt_empty(ldns_pkt *p) +{ + if (!p) { + return true; /* NULL is empty? */ + } + if (ldns_pkt_section_count(p, LDNS_SECTION_ANY) > 0) { + return true; + } else + return false; +} + + +ldns_rr_list * +ldns_pkt_get_section_clone(const ldns_pkt *packet, ldns_pkt_section s) +{ + switch(s) { + case LDNS_SECTION_QUESTION: + return ldns_rr_list_clone(ldns_pkt_question(packet)); + case LDNS_SECTION_ANSWER: + return ldns_rr_list_clone(ldns_pkt_answer(packet)); + case LDNS_SECTION_AUTHORITY: + return ldns_rr_list_clone(ldns_pkt_authority(packet)); + case LDNS_SECTION_ADDITIONAL: + return ldns_rr_list_clone(ldns_pkt_additional(packet)); + case LDNS_SECTION_ANY: + /* these are already clones */ + return ldns_pkt_all(packet); + case LDNS_SECTION_ANY_NOQUESTION: + return ldns_pkt_all_noquestion(packet); + default: + return NULL; + } +} + +ldns_rr *ldns_pkt_tsig(const ldns_pkt *pkt) { + return pkt->_tsig_rr; +} + +/* write */ +void +ldns_pkt_set_id(ldns_pkt *packet, uint16_t id) +{ + packet->_header->_id = id; +} + +void +ldns_pkt_set_random_id(ldns_pkt *packet) +{ + uint16_t rid = 0; +#ifdef HAVE_SSL + if (RAND_bytes((unsigned char*)&rid, 2) != 1) { + rid = (uint16_t) random(); + } +#else + rid = (uint16_t) random(); +#endif + ldns_pkt_set_id(packet, rid); +} + + +void +ldns_pkt_set_qr(ldns_pkt *packet, bool qr) +{ + packet->_header->_qr = qr; +} + +void +ldns_pkt_set_aa(ldns_pkt *packet, bool aa) +{ + packet->_header->_aa = aa; +} + +void +ldns_pkt_set_tc(ldns_pkt *packet, bool tc) +{ + packet->_header->_tc = tc; +} + +void +ldns_pkt_set_rd(ldns_pkt *packet, bool rd) +{ + packet->_header->_rd = rd; +} + +void +ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rr) +{ + p->_additional = rr; +} + +void +ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rr) +{ + p->_question = rr; +} + +void +ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rr) +{ + p->_answer = rr; +} + +void +ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rr) +{ + p->_authority = rr; +} + +void +ldns_pkt_set_cd(ldns_pkt *packet, bool cd) +{ + packet->_header->_cd = cd; +} + +void +ldns_pkt_set_ra(ldns_pkt *packet, bool ra) +{ + packet->_header->_ra = ra; +} + +void +ldns_pkt_set_ad(ldns_pkt *packet, bool ad) +{ + packet->_header->_ad = ad; +} + +void +ldns_pkt_set_opcode(ldns_pkt *packet, ldns_pkt_opcode opcode) +{ + packet->_header->_opcode = opcode; +} + +void +ldns_pkt_set_rcode(ldns_pkt *packet, uint8_t rcode) +{ + packet->_header->_rcode = rcode; +} + +void +ldns_pkt_set_qdcount(ldns_pkt *packet, uint16_t qdcount) +{ + packet->_header->_qdcount = qdcount; +} + +void +ldns_pkt_set_ancount(ldns_pkt *packet, uint16_t ancount) +{ + packet->_header->_ancount = ancount; +} + +void +ldns_pkt_set_nscount(ldns_pkt *packet, uint16_t nscount) +{ + packet->_header->_nscount = nscount; +} + +void +ldns_pkt_set_arcount(ldns_pkt *packet, uint16_t arcount) +{ + packet->_header->_arcount = arcount; +} + +void +ldns_pkt_set_querytime(ldns_pkt *packet, uint32_t time) +{ + packet->_querytime = time; +} + +void +ldns_pkt_set_answerfrom(ldns_pkt *packet, ldns_rdf *answerfrom) +{ + packet->_answerfrom = answerfrom; +} + +void +ldns_pkt_set_timestamp(ldns_pkt *packet, struct timeval timeval) +{ + packet->timestamp.tv_sec = timeval.tv_sec; + packet->timestamp.tv_usec = timeval.tv_usec; +} + +void +ldns_pkt_set_size(ldns_pkt *packet, size_t s) +{ + packet->_size = s; +} + +void +ldns_pkt_set_edns_udp_size(ldns_pkt *packet, uint16_t s) +{ + packet->_edns_udp_size = s; +} + +void +ldns_pkt_set_edns_extended_rcode(ldns_pkt *packet, uint8_t c) +{ + packet->_edns_extended_rcode = c; +} + +void +ldns_pkt_set_edns_version(ldns_pkt *packet, uint8_t v) +{ + packet->_edns_version = v; +} + +void +ldns_pkt_set_edns_z(ldns_pkt *packet, uint16_t z) +{ + packet->_edns_z = z; +} + +void +ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *data) +{ + packet->_edns_data = data; +} + +void +ldns_pkt_set_section_count(ldns_pkt *packet, ldns_pkt_section s, uint16_t count) +{ + switch(s) { + case LDNS_SECTION_QUESTION: + ldns_pkt_set_qdcount(packet, count); + break; + case LDNS_SECTION_ANSWER: + ldns_pkt_set_ancount(packet, count); + break; + case LDNS_SECTION_AUTHORITY: + ldns_pkt_set_nscount(packet, count); + break; + case LDNS_SECTION_ADDITIONAL: + ldns_pkt_set_arcount(packet, count); + break; + case LDNS_SECTION_ANY: + case LDNS_SECTION_ANY_NOQUESTION: + break; + } +} + +void ldns_pkt_set_tsig(ldns_pkt *pkt, ldns_rr *rr) +{ + pkt->_tsig_rr = rr; +} + +bool +ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr) +{ + switch(section) { + case LDNS_SECTION_QUESTION: + ldns_rr_list_push_rr(ldns_pkt_question(packet), rr); + ldns_pkt_set_qdcount(packet, ldns_pkt_qdcount(packet) + 1); + break; + case LDNS_SECTION_ANSWER: + ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr); + ldns_pkt_set_ancount(packet, ldns_pkt_ancount(packet) + 1); + break; + case LDNS_SECTION_AUTHORITY: + ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr); + ldns_pkt_set_nscount(packet, ldns_pkt_nscount(packet) + 1); + break; + case LDNS_SECTION_ADDITIONAL: + ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr); + ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) + 1); + break; + case LDNS_SECTION_ANY: + case LDNS_SECTION_ANY_NOQUESTION: + /* shouldn't this error? */ + break; + } + return true; +} + +bool +ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, ldns_rr *rr) +{ + + /* check to see if its there */ + if (ldns_pkt_rr(pkt, sec, rr)) { + /* already there */ + return false; + } + return ldns_pkt_push_rr(pkt, sec, rr); +} + +bool +ldns_pkt_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list) +{ + size_t i; + for(i = 0; i < ldns_rr_list_rr_count(list); i++) { + if (!ldns_pkt_push_rr(p, s, ldns_rr_list_rr(list, i))) { + return false; + } + } + return true; +} + +bool +ldns_pkt_safe_push_rr_list(ldns_pkt *p, ldns_pkt_section s, ldns_rr_list *list) +{ + size_t i; + for(i = 0; i < ldns_rr_list_rr_count(list); i++) { + if (!ldns_pkt_safe_push_rr(p, s, ldns_rr_list_rr(list, i))) { + return false; + } + } + return true; +} + +bool +ldns_pkt_edns(const ldns_pkt *pkt) { + return (ldns_pkt_edns_udp_size(pkt) > 0 || + ldns_pkt_edns_extended_rcode(pkt) > 0 || + ldns_pkt_edns_data(pkt) || + ldns_pkt_edns_do(pkt) + ); +} + + +/* Create/destroy/convert functions + */ +ldns_pkt * +ldns_pkt_new() +{ + ldns_pkt *packet; + packet = LDNS_MALLOC(ldns_pkt); + if (!packet) { + return NULL; + } + + packet->_header = LDNS_MALLOC(ldns_hdr); + if (!packet->_header) { + LDNS_FREE(packet); + return NULL; + } + + packet->_question = ldns_rr_list_new(); + packet->_answer = ldns_rr_list_new(); + packet->_authority = ldns_rr_list_new(); + packet->_additional = ldns_rr_list_new(); + + /* default everything to false */ + ldns_pkt_set_qr(packet, false); + ldns_pkt_set_aa(packet, false); + ldns_pkt_set_tc(packet, false); + ldns_pkt_set_rd(packet, false); + ldns_pkt_set_ra(packet, false); + ldns_pkt_set_ad(packet, false); + ldns_pkt_set_cd(packet, false); + + ldns_pkt_set_opcode(packet, LDNS_PACKET_QUERY); + ldns_pkt_set_rcode(packet, 0); + ldns_pkt_set_id(packet, 0); + ldns_pkt_set_size(packet, 0); + ldns_pkt_set_querytime(packet, 0); + memset(&packet->timestamp, 0, sizeof(packet->timestamp)); + ldns_pkt_set_answerfrom(packet, NULL); + ldns_pkt_set_section_count(packet, LDNS_SECTION_QUESTION, 0); + ldns_pkt_set_section_count(packet, LDNS_SECTION_ANSWER, 0); + ldns_pkt_set_section_count(packet, LDNS_SECTION_AUTHORITY, 0); + ldns_pkt_set_section_count(packet, LDNS_SECTION_ADDITIONAL, 0); + + ldns_pkt_set_edns_udp_size(packet, 0); + ldns_pkt_set_edns_extended_rcode(packet, 0); + ldns_pkt_set_edns_version(packet, 0); + ldns_pkt_set_edns_z(packet, 0); + ldns_pkt_set_edns_data(packet, NULL); + + ldns_pkt_set_tsig(packet, NULL); + + return packet; +} + +void +ldns_pkt_free(ldns_pkt *packet) +{ + if (packet) { + LDNS_FREE(packet->_header); + ldns_rr_list_deep_free(packet->_question); + ldns_rr_list_deep_free(packet->_answer); + ldns_rr_list_deep_free(packet->_authority); + ldns_rr_list_deep_free(packet->_additional); + ldns_rr_free(packet->_tsig_rr); + ldns_rdf_deep_free(packet->_edns_data); + LDNS_FREE(packet); + } +} + +bool +ldns_pkt_set_flags(ldns_pkt *packet, uint16_t flags) +{ + if (!packet) { + return false; + } + if ((flags & LDNS_QR) == LDNS_QR) { + ldns_pkt_set_qr(packet, true); + } + if ((flags & LDNS_AA) == LDNS_AA) { + ldns_pkt_set_aa(packet, true); + } + if ((flags & LDNS_RD) == LDNS_RD) { + ldns_pkt_set_rd(packet, true); + } + if ((flags & LDNS_TC) == LDNS_TC) { + ldns_pkt_set_tc(packet, true); + } + if ((flags & LDNS_CD) == LDNS_CD) { + ldns_pkt_set_cd(packet, true); + } + if ((flags & LDNS_RA) == LDNS_RA) { + ldns_pkt_set_ra(packet, true); + } + if ((flags & LDNS_AD) == LDNS_AD) { + ldns_pkt_set_ad(packet, true); + } + return true; +} + +ldns_status +ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *name, ldns_rr_type rr_type, + ldns_rr_class rr_class, uint16_t flags) +{ + ldns_pkt *packet; + ldns_rr *question_rr; + ldns_rdf *name_rdf; + + packet = ldns_pkt_new(); + if (!packet) { + return LDNS_STATUS_MEM_ERR; + } + + if (!ldns_pkt_set_flags(packet, flags)) { + return LDNS_STATUS_ERR; + } + + question_rr = ldns_rr_new(); + if (!question_rr) { + return LDNS_STATUS_MEM_ERR; + } + + if (rr_type == 0) { + rr_type = LDNS_RR_TYPE_A; + } + if (rr_class == 0) { + rr_class = LDNS_RR_CLASS_IN; + } + + if (ldns_str2rdf_dname(&name_rdf, name) == LDNS_STATUS_OK) { + ldns_rr_set_owner(question_rr, name_rdf); + ldns_rr_set_type(question_rr, rr_type); + ldns_rr_set_class(question_rr, rr_class); + ldns_rr_set_question(question_rr, true); + + ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr); + } else { + ldns_rr_free(question_rr); + ldns_pkt_free(packet); + return LDNS_STATUS_ERR; + } + + packet->_tsig_rr = NULL; + + ldns_pkt_set_answerfrom(packet, NULL); + if (p) { + *p = packet; + return LDNS_STATUS_OK; + } else { + return LDNS_STATUS_NULL; + } +} + +ldns_pkt * +ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_class, + uint16_t flags) +{ + ldns_pkt *packet; + ldns_rr *question_rr; + + packet = ldns_pkt_new(); + if (!packet) { + return NULL; + } + + if (!ldns_pkt_set_flags(packet, flags)) { + return NULL; + } + + question_rr = ldns_rr_new(); + if (!question_rr) { + return NULL; + } + + if (rr_type == 0) { + rr_type = LDNS_RR_TYPE_A; + } + if (rr_class == 0) { + rr_class = LDNS_RR_CLASS_IN; + } + + ldns_rr_set_owner(question_rr, rr_name); + ldns_rr_set_type(question_rr, rr_type); + ldns_rr_set_class(question_rr, rr_class); + ldns_rr_set_question(question_rr, true); + + packet->_tsig_rr = NULL; + + ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr); + + return packet; +} + +ldns_pkt_type +ldns_pkt_reply_type(ldns_pkt *p) +{ + ldns_rr_list *tmp; + + if (!p) { + return LDNS_PACKET_UNKNOWN; + } + + if (ldns_pkt_get_rcode(p) == LDNS_RCODE_NXDOMAIN) { + return LDNS_PACKET_NXDOMAIN; + } + + if (ldns_pkt_ancount(p) == 0 && ldns_pkt_arcount(p) == 0 + && ldns_pkt_nscount(p) == 1) { + + /* check for SOA */ + tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_SOA, + LDNS_SECTION_AUTHORITY); + if (tmp) { + ldns_rr_list_deep_free(tmp); + return LDNS_PACKET_NODATA; + } else { + /* I have no idea ... */ + } + } + + if (ldns_pkt_ancount(p) == 0 && ldns_pkt_nscount(p) > 0) { + tmp = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS, + LDNS_SECTION_AUTHORITY); + if (tmp) { + /* there are nameservers here */ + ldns_rr_list_deep_free(tmp); + return LDNS_PACKET_REFERRAL; + } else { + /* I have no idea */ + } + ldns_rr_list_deep_free(tmp); + } + + /* if we cannot determine the packet type, we say it's an + * answer... + */ + return LDNS_PACKET_ANSWER; +} + +ldns_pkt * +ldns_pkt_clone(ldns_pkt *pkt) +{ + ldns_pkt *new_pkt; + + if (!pkt) { + return NULL; + } + new_pkt = ldns_pkt_new(); + + ldns_pkt_set_id(new_pkt, ldns_pkt_id(pkt)); + ldns_pkt_set_qr(new_pkt, ldns_pkt_qr(pkt)); + ldns_pkt_set_aa(new_pkt, ldns_pkt_aa(pkt)); + ldns_pkt_set_tc(new_pkt, ldns_pkt_tc(pkt)); + ldns_pkt_set_rd(new_pkt, ldns_pkt_rd(pkt)); + ldns_pkt_set_cd(new_pkt, ldns_pkt_cd(pkt)); + ldns_pkt_set_ra(new_pkt, ldns_pkt_ra(pkt)); + ldns_pkt_set_ad(new_pkt, ldns_pkt_ad(pkt)); + ldns_pkt_set_opcode(new_pkt, ldns_pkt_get_opcode(pkt)); + ldns_pkt_set_rcode(new_pkt, ldns_pkt_get_rcode(pkt)); + ldns_pkt_set_qdcount(new_pkt, ldns_pkt_qdcount(pkt)); + ldns_pkt_set_ancount(new_pkt, ldns_pkt_ancount(pkt)); + ldns_pkt_set_nscount(new_pkt, ldns_pkt_nscount(pkt)); + ldns_pkt_set_arcount(new_pkt, ldns_pkt_arcount(pkt)); + ldns_pkt_set_answerfrom(new_pkt, ldns_pkt_answerfrom(pkt)); + ldns_pkt_set_querytime(new_pkt, ldns_pkt_querytime(pkt)); + ldns_pkt_set_size(new_pkt, ldns_pkt_size(pkt)); + ldns_pkt_set_tsig(new_pkt, ldns_pkt_tsig(pkt)); + + ldns_pkt_set_edns_udp_size(new_pkt, ldns_pkt_edns_udp_size(pkt)); + ldns_pkt_set_edns_extended_rcode(new_pkt, + ldns_pkt_edns_extended_rcode(pkt)); + ldns_pkt_set_edns_version(new_pkt, ldns_pkt_edns_version(pkt)); + ldns_pkt_set_edns_z(new_pkt, ldns_pkt_edns_z(pkt)); + if(ldns_pkt_edns_data(pkt)) + ldns_pkt_set_edns_data(new_pkt, + ldns_rdf_clone(ldns_pkt_edns_data(pkt))); + ldns_pkt_set_edns_do(new_pkt, ldns_pkt_edns_do(pkt)); + + ldns_rr_list_deep_free(new_pkt->_question); + ldns_rr_list_deep_free(new_pkt->_answer); + ldns_rr_list_deep_free(new_pkt->_authority); + ldns_rr_list_deep_free(new_pkt->_additional); + new_pkt->_question = ldns_rr_list_clone(ldns_pkt_question(pkt)); + new_pkt->_answer = ldns_rr_list_clone(ldns_pkt_answer(pkt)); + new_pkt->_authority = ldns_rr_list_clone(ldns_pkt_authority(pkt)); + new_pkt->_additional = ldns_rr_list_clone(ldns_pkt_additional(pkt)); + return new_pkt; +} diff --git a/contrib/ldns/parse.c b/contrib/ldns/parse.c new file mode 100644 index 0000000000..03b31b0a34 --- /dev/null +++ b/contrib/ldns/parse.c @@ -0,0 +1,428 @@ +/* + * a generic (simple) parser. Use to parse rr's, private key + * information and /etc/resolv.conf files + * + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ +#include +#include + +#include +#include + +ldns_lookup_table ldns_directive_types[] = { + { LDNS_DIR_TTL, "$TTL" }, + { LDNS_DIR_ORIGIN, "$ORIGIN" }, + { LDNS_DIR_INCLUDE, "$INCLUDE" }, + { 0, NULL } +}; + +/* add max_limit here? */ +ssize_t +ldns_fget_token(FILE *f, char *token, const char *delim, size_t limit) +{ + return ldns_fget_token_l(f, token, delim, limit, NULL); +} + +ssize_t +ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *line_nr) +{ + int c, prev_c; + int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ + int com, quoted; + char *t; + size_t i; + const char *d; + const char *del; + + /* standard delimeters */ + if (!delim) { + /* from isspace(3) */ + del = LDNS_PARSE_NORMAL; + } else { + del = delim; + } + + p = 0; + i = 0; + com = 0; + quoted = 0; + prev_c = 0; + t = token; + if (del[0] == '"') { + quoted = 1; + } + while ((c = getc(f)) != EOF) { + if (c == '(' && prev_c != '\\' && !quoted) { + /* this only counts for non-comments */ + if (com == 0) { + p++; + } + prev_c = c; + continue; + } + + if (c == ')' && prev_c != '\\' && !quoted) { + /* this only counts for non-comments */ + if (com == 0) { + p--; + } + prev_c = c; + continue; + } + + if (p < 0) { + /* more ) then ( - close off the string */ + *t = '\0'; + return 0; + } + + /* do something with comments ; */ + if (c == ';' && quoted == 0) { + if (prev_c != '\\') { + com = 1; + } + } + if (c == '\"' && com == 0 && prev_c != '\\') { + quoted = 1 - quoted; + } + + if (c == '\n' && com != 0) { + /* comments */ + com = 0; + *t = ' '; + if (line_nr) { + *line_nr = *line_nr + 1; + } + if (p == 0 && i > 0) { + goto tokenread; + } else { + prev_c = c; + continue; + } + } + + if (com == 1) { + *t = ' '; + prev_c = c; + continue; + } + + + if (c == '\n' && p != 0 && t > token) { + /* in parentheses */ + if (line_nr) { + *line_nr = *line_nr + 1; + } + prev_c = c; + continue; + } + + /* check if we hit the delim */ + for (d = del; *d; d++) { + if (c == *d && i > 0 && prev_c != '\\') { + if (c == '\n' && line_nr) { + *line_nr = *line_nr + 1; + } + goto tokenread; + } + } + if (c != '\0' && c != '\n') { + *t++ = c; + i++; + } + if (limit > 0 && i >= limit) { + *t = '\0'; + return -1; + } + if (c == '\\' && prev_c == '\\') + prev_c = 0; + else prev_c = c; + } + *t = '\0'; + if (c == EOF) { + return (ssize_t)i; + } + + if (i == 0) { + /* nothing read */ + return -1; + } + if (p != 0) { + return -1; + } + return (ssize_t)i; + +tokenread: + ldns_fskipcs_l(f, delim, line_nr); + *t = '\0'; + if (p != 0) { + return -1; + } + + return (ssize_t)i; +} + +ssize_t +ldns_fget_keyword_data(FILE *f, const char *keyword, const char *k_del, char *data, + const char *d_del, size_t data_limit) +{ + return ldns_fget_keyword_data_l(f, keyword, k_del, data, d_del, + data_limit, NULL); +} + +ssize_t +ldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char *data, + const char *d_del, size_t data_limit, int *line_nr) +{ + /* we assume: keyword|sep|data */ + char *fkeyword; + ssize_t i; + + fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN); + i = 0; + + i = ldns_fget_token(f, fkeyword, k_del, LDNS_MAX_KEYWORDLEN); + + /* case??? i instead of strlen? */ + if (strncmp(fkeyword, keyword, LDNS_MAX_KEYWORDLEN - 1) == 0) { + /* whee! */ + /* printf("%s\n%s\n", "Matching keyword", fkeyword); */ + i = ldns_fget_token_l(f, data, d_del, data_limit, line_nr); + LDNS_FREE(fkeyword); + return i; + } else { + /*printf("no match for %s (read: %s)\n", keyword, fkeyword);*/ + LDNS_FREE(fkeyword); + return -1; + } +} + + +ssize_t +ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit) +{ + int c, lc; + int p; /* 0 -> no parenthese seen, >0 nr of ( seen */ + int com, quoted; + char *t; + size_t i; + const char *d; + const char *del; + + /* standard delimiters */ + if (!delim) { + /* from isspace(3) */ + del = LDNS_PARSE_NORMAL; + } else { + del = delim; + } + + p = 0; + i = 0; + com = 0; + quoted = 0; + t = token; + lc = 0; + if (delim[0] == '"') { + quoted = 1; + } + + while ((c = ldns_bgetc(b)) != EOF) { + if (c == '(' && lc != '\\' && !quoted) { + /* this only counts for non-comments */ + if (com == 0) { + p++; + } + lc = c; + continue; + } + + if (c == ')' && lc != '\\' && !quoted) { + /* this only counts for non-comments */ + if (com == 0) { + p--; + } + lc = c; + continue; + } + + if (p < 0) { + /* more ) then ( */ + *t = '\0'; + lc = c; + return 0; + } + + /* do something with comments ; */ + if (c == ';' && quoted == 0) { + if (lc != '\\') { + com = 1; + } + } + if (c == '"' && com == 0 && lc != '\\') { + quoted = 1 - quoted; + } + + if (c == '\n' && com != 0) { + /* comments */ + com = 0; + *t = ' '; + lc = c; + continue; + } + + if (com == 1) { + *t = ' '; + lc = c; + continue; + } + + if (c == '\n' && p != 0) { + /* in parentheses */ + lc = c; + continue; + } + + /* check if we hit the delim */ + for (d = del; *d; d++) { + if (c == *d && lc != '\\') { + goto tokenread; + } + } + + *t++ = c; + i++; + if (limit > 0 && i >= limit - 1) { + *t = '\0'; + return -1; + } + + if (c == '\\' && lc == '\\') { + lc = 0; + } else { + lc = c; + } + } + *t = '\0'; + if (i == 0) { + /* nothing read */ + return -1; + } + if (p != 0) { + return -1; + } + return (ssize_t)i; + +tokenread: + ldns_bskipcs(b, delim); + *t = '\0'; + + if (p != 0) { + return -1; + } + return (ssize_t)i; +} + +void +ldns_bskipc(ldns_buffer *buffer, char c) +{ + while (c == (char) ldns_buffer_read_u8_at(buffer, ldns_buffer_position(buffer))) { + if (ldns_buffer_available_at(buffer, + buffer->_position + sizeof(char), sizeof(char))) { + buffer->_position += sizeof(char); + } else { + return; + } + } +} + +void +ldns_bskipcs(ldns_buffer *buffer, const char *s) +{ + bool found; + char c; + const char *d; + + while(ldns_buffer_available_at(buffer, buffer->_position, sizeof(char))) { + c = (char) ldns_buffer_read_u8_at(buffer, buffer->_position); + found = false; + for (d = s; *d; d++) { + if (*d == c) { + found = true; + } + } + if (found && buffer->_limit > buffer->_position) { + buffer->_position += sizeof(char); + } else { + return; + } + } +} + +void +ldns_fskipc(FILE *fp, char c) +{ + fp = fp; + c = c; +} + + +void +ldns_fskipcs(FILE *fp, const char *s) +{ + ldns_fskipcs_l(fp, s, NULL); +} + +void +ldns_fskipcs_l(FILE *fp, const char *s, int *line_nr) +{ + bool found; + int c; + const char *d; + + while ((c = fgetc(fp)) != EOF) { + if (line_nr && c == '\n') { + *line_nr = *line_nr + 1; + } + found = false; + for (d = s; *d; d++) { + if (*d == c) { + found = true; + } + } + if (!found) { + /* with getc, we've read too far */ + ungetc(c, fp); + return; + } + } +} + +ssize_t +ldns_bget_keyword_data(ldns_buffer *b, const char *keyword, const char *k_del, char +*data, const char *d_del, size_t data_limit) +{ + /* we assume: keyword|sep|data */ + char *fkeyword; + ssize_t i; + + fkeyword = LDNS_XMALLOC(char, LDNS_MAX_KEYWORDLEN); + i = 0; + + i = ldns_bget_token(b, fkeyword, k_del, data_limit); + + /* case??? */ + if (strncmp(fkeyword, keyword, strlen(keyword)) == 0) { + /* whee, the match! */ + /* retrieve it's data */ + i = ldns_bget_token(b, data, d_del, 0); + return i; + } else { + return -1; + } +} + diff --git a/contrib/ldns/rbtree.c b/contrib/ldns/rbtree.c new file mode 100644 index 0000000000..465bdc5b1d --- /dev/null +++ b/contrib/ldns/rbtree.c @@ -0,0 +1,665 @@ +/* + * rbtree.c -- generic red black tree + * + * Taken from Unbound, modified for ldns + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * \file + * Implementation of a redblack tree. + */ + +#include +#include +#include + +/** Node colour black */ +#define BLACK 0 +/** Node colour red */ +#define RED 1 + +/** the NULL node, global alloc */ +ldns_rbnode_t ldns_rbtree_null_node = { + LDNS_RBTREE_NULL, /* Parent. */ + LDNS_RBTREE_NULL, /* Left. */ + LDNS_RBTREE_NULL, /* Right. */ + NULL, /* Key. */ + NULL, /* Data. */ + BLACK /* Color. */ +}; + +/** rotate subtree left (to preserve redblack property) */ +static void ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); +/** rotate subtree right (to preserve redblack property) */ +static void ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); +/** Fixup node colours when insert happened */ +static void ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node); +/** Fixup node colours when delete happened */ +static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent); + +/* + * Creates a new red black tree, intializes and returns a pointer to it. + * + * Return NULL on failure. + * + */ +ldns_rbtree_t * +ldns_rbtree_create (int (*cmpf)(const void *, const void *)) +{ + ldns_rbtree_t *rbtree; + + /* Allocate memory for it */ + rbtree = (ldns_rbtree_t *) malloc(sizeof(ldns_rbtree_t)); + if (!rbtree) { + return NULL; + } + + /* Initialize it */ + ldns_rbtree_init(rbtree, cmpf); + + return rbtree; +} + +void +ldns_rbtree_init(ldns_rbtree_t *rbtree, int (*cmpf)(const void *, const void *)) +{ + /* Initialize it */ + rbtree->root = LDNS_RBTREE_NULL; + rbtree->count = 0; + rbtree->cmp = cmpf; +} + +void +ldns_rbtree_free(ldns_rbtree_t *rbtree) +{ + free(rbtree); +} + +/* + * Rotates the node to the left. + * + */ +static void +ldns_rbtree_rotate_left(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) +{ + ldns_rbnode_t *right = node->right; + node->right = right->left; + if (right->left != LDNS_RBTREE_NULL) + right->left->parent = node; + + right->parent = node->parent; + + if (node->parent != LDNS_RBTREE_NULL) { + if (node == node->parent->left) { + node->parent->left = right; + } else { + node->parent->right = right; + } + } else { + rbtree->root = right; + } + right->left = node; + node->parent = right; +} + +/* + * Rotates the node to the right. + * + */ +static void +ldns_rbtree_rotate_right(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) +{ + ldns_rbnode_t *left = node->left; + node->left = left->right; + if (left->right != LDNS_RBTREE_NULL) + left->right->parent = node; + + left->parent = node->parent; + + if (node->parent != LDNS_RBTREE_NULL) { + if (node == node->parent->right) { + node->parent->right = left; + } else { + node->parent->left = left; + } + } else { + rbtree->root = left; + } + left->right = node; + node->parent = left; +} + +static void +ldns_rbtree_insert_fixup(ldns_rbtree_t *rbtree, ldns_rbnode_t *node) +{ + ldns_rbnode_t *uncle; + + /* While not at the root and need fixing... */ + while (node != rbtree->root && node->parent->color == RED) { + /* If our parent is left child of our grandparent... */ + if (node->parent == node->parent->parent->left) { + uncle = node->parent->parent->right; + + /* If our uncle is red... */ + if (uncle->color == RED) { + /* Paint the parent and the uncle black... */ + node->parent->color = BLACK; + uncle->color = BLACK; + + /* And the grandparent red... */ + node->parent->parent->color = RED; + + /* And continue fixing the grandparent */ + node = node->parent->parent; + } else { /* Our uncle is black... */ + /* Are we the right child? */ + if (node == node->parent->right) { + node = node->parent; + ldns_rbtree_rotate_left(rbtree, node); + } + /* Now we're the left child, repaint and rotate... */ + node->parent->color = BLACK; + node->parent->parent->color = RED; + ldns_rbtree_rotate_right(rbtree, node->parent->parent); + } + } else { + uncle = node->parent->parent->left; + + /* If our uncle is red... */ + if (uncle->color == RED) { + /* Paint the parent and the uncle black... */ + node->parent->color = BLACK; + uncle->color = BLACK; + + /* And the grandparent red... */ + node->parent->parent->color = RED; + + /* And continue fixing the grandparent */ + node = node->parent->parent; + } else { /* Our uncle is black... */ + /* Are we the right child? */ + if (node == node->parent->left) { + node = node->parent; + ldns_rbtree_rotate_right(rbtree, node); + } + /* Now we're the right child, repaint and rotate... */ + node->parent->color = BLACK; + node->parent->parent->color = RED; + ldns_rbtree_rotate_left(rbtree, node->parent->parent); + } + } + } + rbtree->root->color = BLACK; +} + +void +ldns_rbtree_insert_vref(ldns_rbnode_t *data, void *rbtree) +{ + (void) ldns_rbtree_insert((ldns_rbtree_t *) rbtree, + data); +} + +/* + * Inserts a node into a red black tree. + * + * Returns NULL on failure or the pointer to the newly added node + * otherwise. + */ +ldns_rbnode_t * +ldns_rbtree_insert (ldns_rbtree_t *rbtree, ldns_rbnode_t *data) +{ + /* XXX Not necessary, but keeps compiler quiet... */ + int r = 0; + + /* We start at the root of the tree */ + ldns_rbnode_t *node = rbtree->root; + ldns_rbnode_t *parent = LDNS_RBTREE_NULL; + + /* Lets find the new parent... */ + while (node != LDNS_RBTREE_NULL) { + /* Compare two keys, do we have a duplicate? */ + if ((r = rbtree->cmp(data->key, node->key)) == 0) { + return NULL; + } + parent = node; + + if (r < 0) { + node = node->left; + } else { + node = node->right; + } + } + + /* Initialize the new node */ + data->parent = parent; + data->left = data->right = LDNS_RBTREE_NULL; + data->color = RED; + rbtree->count++; + + /* Insert it into the tree... */ + if (parent != LDNS_RBTREE_NULL) { + if (r < 0) { + parent->left = data; + } else { + parent->right = data; + } + } else { + rbtree->root = data; + } + + /* Fix up the red-black properties... */ + ldns_rbtree_insert_fixup(rbtree, data); + + return data; +} + +/* + * Searches the red black tree, returns the data if key is found or NULL otherwise. + * + */ +ldns_rbnode_t * +ldns_rbtree_search (ldns_rbtree_t *rbtree, const void *key) +{ + ldns_rbnode_t *node; + + if (ldns_rbtree_find_less_equal(rbtree, key, &node)) { + return node; + } else { + return NULL; + } +} + +/** helpers for delete: swap node colours */ +static void swap_int8(uint8_t* x, uint8_t* y) +{ + uint8_t t = *x; *x = *y; *y = t; +} + +/** helpers for delete: swap node pointers */ +static void swap_np(ldns_rbnode_t** x, ldns_rbnode_t** y) +{ + ldns_rbnode_t* t = *x; *x = *y; *y = t; +} + +/** Update parent pointers of child trees of 'parent' */ +static void change_parent_ptr(ldns_rbtree_t* rbtree, ldns_rbnode_t* parent, ldns_rbnode_t* old, ldns_rbnode_t* new) +{ + if(parent == LDNS_RBTREE_NULL) + { + if(rbtree->root == old) rbtree->root = new; + return; + } + if(parent->left == old) parent->left = new; + if(parent->right == old) parent->right = new; +} +/** Update parent pointer of a node 'child' */ +static void change_child_ptr(ldns_rbnode_t* child, ldns_rbnode_t* old, ldns_rbnode_t* new) +{ + if(child == LDNS_RBTREE_NULL) return; + if(child->parent == old) child->parent = new; +} + +ldns_rbnode_t* +ldns_rbtree_delete(ldns_rbtree_t *rbtree, const void *key) +{ + ldns_rbnode_t *to_delete; + ldns_rbnode_t *child; + if((to_delete = ldns_rbtree_search(rbtree, key)) == 0) return 0; + rbtree->count--; + + /* make sure we have at most one non-leaf child */ + if(to_delete->left != LDNS_RBTREE_NULL && + to_delete->right != LDNS_RBTREE_NULL) + { + /* swap with smallest from right subtree (or largest from left) */ + ldns_rbnode_t *smright = to_delete->right; + while(smright->left != LDNS_RBTREE_NULL) + smright = smright->left; + /* swap the smright and to_delete elements in the tree, + * but the ldns_rbnode_t is first part of user data struct + * so cannot just swap the keys and data pointers. Instead + * readjust the pointers left,right,parent */ + + /* swap colors - colors are tied to the position in the tree */ + swap_int8(&to_delete->color, &smright->color); + + /* swap child pointers in parents of smright/to_delete */ + change_parent_ptr(rbtree, to_delete->parent, to_delete, smright); + if(to_delete->right != smright) + change_parent_ptr(rbtree, smright->parent, smright, to_delete); + + /* swap parent pointers in children of smright/to_delete */ + change_child_ptr(smright->left, smright, to_delete); + change_child_ptr(smright->left, smright, to_delete); + change_child_ptr(smright->right, smright, to_delete); + change_child_ptr(smright->right, smright, to_delete); + change_child_ptr(to_delete->left, to_delete, smright); + if(to_delete->right != smright) + change_child_ptr(to_delete->right, to_delete, smright); + if(to_delete->right == smright) + { + /* set up so after swap they work */ + to_delete->right = to_delete; + smright->parent = smright; + } + + /* swap pointers in to_delete/smright nodes */ + swap_np(&to_delete->parent, &smright->parent); + swap_np(&to_delete->left, &smright->left); + swap_np(&to_delete->right, &smright->right); + + /* now delete to_delete (which is at the location where the smright previously was) */ + } + + if(to_delete->left != LDNS_RBTREE_NULL) child = to_delete->left; + else child = to_delete->right; + + /* unlink to_delete from the tree, replace to_delete with child */ + change_parent_ptr(rbtree, to_delete->parent, to_delete, child); + change_child_ptr(child, to_delete, to_delete->parent); + + if(to_delete->color == RED) + { + /* if node is red then the child (black) can be swapped in */ + } + else if(child->color == RED) + { + /* change child to BLACK, removing a RED node is no problem */ + if(child!=LDNS_RBTREE_NULL) child->color = BLACK; + } + else ldns_rbtree_delete_fixup(rbtree, child, to_delete->parent); + + /* unlink completely */ + to_delete->parent = LDNS_RBTREE_NULL; + to_delete->left = LDNS_RBTREE_NULL; + to_delete->right = LDNS_RBTREE_NULL; + to_delete->color = BLACK; + return to_delete; +} + +static void ldns_rbtree_delete_fixup(ldns_rbtree_t* rbtree, ldns_rbnode_t* child, ldns_rbnode_t* child_parent) +{ + ldns_rbnode_t* sibling; + int go_up = 1; + + /* determine sibling to the node that is one-black short */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + + while(go_up) + { + if(child_parent == LDNS_RBTREE_NULL) + { + /* removed parent==black from root, every path, so ok */ + return; + } + + if(sibling->color == RED) + { /* rotate to get a black sibling */ + child_parent->color = RED; + sibling->color = BLACK; + if(child_parent->right == child) + ldns_rbtree_rotate_right(rbtree, child_parent); + else ldns_rbtree_rotate_left(rbtree, child_parent); + /* new sibling after rotation */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + } + + if(child_parent->color == BLACK + && sibling->color == BLACK + && sibling->left->color == BLACK + && sibling->right->color == BLACK) + { /* fixup local with recolor of sibling */ + if(sibling != LDNS_RBTREE_NULL) + sibling->color = RED; + + child = child_parent; + child_parent = child_parent->parent; + /* prepare to go up, new sibling */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + } + else go_up = 0; + } + + if(child_parent->color == RED + && sibling->color == BLACK + && sibling->left->color == BLACK + && sibling->right->color == BLACK) + { + /* move red to sibling to rebalance */ + if(sibling != LDNS_RBTREE_NULL) + sibling->color = RED; + child_parent->color = BLACK; + return; + } + + /* get a new sibling, by rotating at sibling. See which child + of sibling is red */ + if(child_parent->right == child + && sibling->color == BLACK + && sibling->right->color == RED + && sibling->left->color == BLACK) + { + sibling->color = RED; + sibling->right->color = BLACK; + ldns_rbtree_rotate_left(rbtree, sibling); + /* new sibling after rotation */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + } + else if(child_parent->left == child + && sibling->color == BLACK + && sibling->left->color == RED + && sibling->right->color == BLACK) + { + sibling->color = RED; + sibling->left->color = BLACK; + ldns_rbtree_rotate_right(rbtree, sibling); + /* new sibling after rotation */ + if(child_parent->right == child) sibling = child_parent->left; + else sibling = child_parent->right; + } + + /* now we have a black sibling with a red child. rotate and exchange colors. */ + sibling->color = child_parent->color; + child_parent->color = BLACK; + if(child_parent->right == child) + { + sibling->left->color = BLACK; + ldns_rbtree_rotate_right(rbtree, child_parent); + } + else + { + sibling->right->color = BLACK; + ldns_rbtree_rotate_left(rbtree, child_parent); + } +} + +int +ldns_rbtree_find_less_equal(ldns_rbtree_t *rbtree, const void *key, ldns_rbnode_t **result) +{ + int r; + ldns_rbnode_t *node; + + /* We start at root... */ + node = rbtree->root; + + *result = NULL; + + /* While there are children... */ + while (node != LDNS_RBTREE_NULL) { + r = rbtree->cmp(key, node->key); + if (r == 0) { + /* Exact match */ + *result = node; + return 1; + } + if (r < 0) { + node = node->left; + } else { + /* Temporary match */ + *result = node; + node = node->right; + } + } + return 0; +} + +/* + * Finds the first element in the red black tree + * + */ +ldns_rbnode_t * +ldns_rbtree_first (ldns_rbtree_t *rbtree) +{ + ldns_rbnode_t *node; + + for (node = rbtree->root; node->left != LDNS_RBTREE_NULL; node = node->left); + return node; +} + +ldns_rbnode_t * +ldns_rbtree_last (ldns_rbtree_t *rbtree) +{ + ldns_rbnode_t *node; + + for (node = rbtree->root; node->right != LDNS_RBTREE_NULL; node = node->right); + return node; +} + +/* + * Returns the next node... + * + */ +ldns_rbnode_t * +ldns_rbtree_next (ldns_rbnode_t *node) +{ + ldns_rbnode_t *parent; + + if (node->right != LDNS_RBTREE_NULL) { + /* One right, then keep on going left... */ + for (node = node->right; + node->left != LDNS_RBTREE_NULL; + node = node->left); + } else { + parent = node->parent; + while (parent != LDNS_RBTREE_NULL && node == parent->right) { + node = parent; + parent = parent->parent; + } + node = parent; + } + return node; +} + +ldns_rbnode_t * +ldns_rbtree_previous(ldns_rbnode_t *node) +{ + ldns_rbnode_t *parent; + + if (node->left != LDNS_RBTREE_NULL) { + /* One left, then keep on going right... */ + for (node = node->left; + node->right != LDNS_RBTREE_NULL; + node = node->right); + } else { + parent = node->parent; + while (parent != LDNS_RBTREE_NULL && node == parent->left) { + node = parent; + parent = parent->parent; + } + node = parent; + } + return node; +} + +/** + * split off elements number of elements from the start + * of the name tree and return a new tree + */ +ldns_rbtree_t * +ldns_rbtree_split(ldns_rbtree_t *tree, + size_t elements) +{ + ldns_rbtree_t *new_tree; + ldns_rbnode_t *cur_node; + ldns_rbnode_t *move_node; + size_t count = 0; + + new_tree = ldns_rbtree_create(tree->cmp); + + cur_node = ldns_rbtree_first(tree); + while (count < elements && cur_node != LDNS_RBTREE_NULL) { + move_node = ldns_rbtree_delete(tree, cur_node->key); + ldns_rbtree_insert(new_tree, move_node); + cur_node = ldns_rbtree_first(tree); + count++; + } + + return new_tree; +} + +/* + * add all node from the second tree to the first (removing them from the + * second), and fix up nsec(3)s if present + */ +void +ldns_rbtree_join(ldns_rbtree_t *tree1, ldns_rbtree_t *tree2) +{ + ldns_traverse_postorder(tree2, ldns_rbtree_insert_vref, tree1); +} + +/** recursive descent traverse */ +static void +traverse_post(void (*func)(ldns_rbnode_t*, void*), void* arg, + ldns_rbnode_t* node) +{ + if(!node || node == LDNS_RBTREE_NULL) + return; + /* recurse */ + traverse_post(func, arg, node->left); + traverse_post(func, arg, node->right); + /* call user func */ + (*func)(node, arg); +} + +void +ldns_traverse_postorder(ldns_rbtree_t* tree, + void (*func)(ldns_rbnode_t*, void*), void* arg) +{ + traverse_post(func, arg, tree->root); +} diff --git a/contrib/ldns/rdata.c b/contrib/ldns/rdata.c new file mode 100644 index 0000000000..05f9122b73 --- /dev/null +++ b/contrib/ldns/rdata.c @@ -0,0 +1,663 @@ +/* + * rdata.c + * + * rdata implementation + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +/* + * Access functions + * do this as functions to get type checking + */ + +/* read */ +size_t +ldns_rdf_size(const ldns_rdf *rd) +{ + assert(rd != NULL); + return rd->_size; +} + +ldns_rdf_type +ldns_rdf_get_type(const ldns_rdf *rd) +{ + assert(rd != NULL); + return rd->_type; +} + +uint8_t * +ldns_rdf_data(const ldns_rdf *rd) +{ + assert(rd != NULL); + return rd->_data; +} + +/* write */ +void +ldns_rdf_set_size(ldns_rdf *rd, size_t size) +{ + assert(rd != NULL); + rd->_size = size; +} + +void +ldns_rdf_set_type(ldns_rdf *rd, ldns_rdf_type type) +{ + assert(rd != NULL); + rd->_type = type; +} + +void +ldns_rdf_set_data(ldns_rdf *rd, void *data) +{ + /* only copy the pointer */ + assert(rd != NULL); + rd->_data = data; +} + +/* for types that allow it, return + * the native/host order type */ +uint8_t +ldns_rdf2native_int8(const ldns_rdf *rd) +{ + uint8_t data; + + /* only allow 8 bit rdfs */ + if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_BYTE) { + return 0; + } + + memcpy(&data, ldns_rdf_data(rd), sizeof(data)); + return data; +} + +uint16_t +ldns_rdf2native_int16(const ldns_rdf *rd) +{ + uint16_t data; + + /* only allow 16 bit rdfs */ + if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_WORD) { + return 0; + } + + memcpy(&data, ldns_rdf_data(rd), sizeof(data)); + return ntohs(data); +} + +uint32_t +ldns_rdf2native_int32(const ldns_rdf *rd) +{ + uint32_t data; + + /* only allow 32 bit rdfs */ + if (ldns_rdf_size(rd) != LDNS_RDF_SIZE_DOUBLEWORD) { + return 0; + } + + memcpy(&data, ldns_rdf_data(rd), sizeof(data)); + return ntohl(data); +} + +time_t +ldns_rdf2native_time_t(const ldns_rdf *rd) +{ + uint32_t data; + + switch(ldns_rdf_get_type(rd)) { + case LDNS_RDF_TYPE_TIME: + memcpy(&data, ldns_rdf_data(rd), sizeof(data)); + return (time_t)ntohl(data); + default: + return 0; + } +} + +ldns_rdf * +ldns_native2rdf_int8(ldns_rdf_type type, uint8_t value) +{ + return ldns_rdf_new_frm_data(type, LDNS_RDF_SIZE_BYTE, &value); +} + +ldns_rdf * +ldns_native2rdf_int16(ldns_rdf_type type, uint16_t value) +{ + uint16_t *rdf_data = LDNS_XMALLOC(uint16_t, 1); + if (!rdf_data) { + return NULL; + } + ldns_write_uint16(rdf_data, value); + return ldns_rdf_new(type, LDNS_RDF_SIZE_WORD, rdf_data); +} + +ldns_rdf * +ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value) +{ + uint32_t *rdf_data = LDNS_XMALLOC(uint32_t, 1); + if (!rdf_data) { + return NULL; + } + ldns_write_uint32(rdf_data, value); + return ldns_rdf_new(type, LDNS_RDF_SIZE_DOUBLEWORD, rdf_data); +} + +ldns_rdf * +ldns_native2rdf_int16_data(size_t size, uint8_t *data) +{ + uint8_t *rdf_data = LDNS_XMALLOC(uint8_t, size + 2); + if (!rdf_data) { + return NULL; + } + ldns_write_uint16(rdf_data, size); + memcpy(rdf_data + 2, data, size); + return ldns_rdf_new(LDNS_RDF_TYPE_INT16_DATA, size + 2, rdf_data); +} + +/* note: data must be allocated memory */ +ldns_rdf * +ldns_rdf_new(ldns_rdf_type type, size_t size, void *data) +{ + ldns_rdf *rd; + rd = LDNS_MALLOC(ldns_rdf); + if (!rd) { + return NULL; + } + ldns_rdf_set_size(rd, size); + ldns_rdf_set_type(rd, type); + ldns_rdf_set_data(rd, data); + return rd; +} + +ldns_rdf * +ldns_rdf_new_frm_data(ldns_rdf_type type, size_t size, const void *data) +{ + ldns_rdf *rdf; + + /* if the size is too big, fail */ + if (size > LDNS_MAX_RDFLEN) { + return NULL; + } + + /* allocate space */ + rdf = LDNS_MALLOC(ldns_rdf); + if (!rdf) { + return NULL; + } + rdf->_data = LDNS_XMALLOC(uint8_t, size); + if (!rdf->_data) { + LDNS_FREE(rdf); + return NULL; + } + + /* set the values */ + ldns_rdf_set_type(rdf, type); + ldns_rdf_set_size(rdf, size); + memcpy(rdf->_data, data, size); + + return rdf; +} + +ldns_rdf * +ldns_rdf_clone(const ldns_rdf *rd) +{ + assert(rd != NULL); + return (ldns_rdf_new_frm_data( ldns_rdf_get_type(rd), + ldns_rdf_size(rd), ldns_rdf_data(rd))); +} + +void +ldns_rdf_deep_free(ldns_rdf *rd) +{ + if (rd) { + if (rd->_data) { + LDNS_FREE(rd->_data); + } + LDNS_FREE(rd); + } +} + +void +ldns_rdf_free(ldns_rdf *rd) +{ + if (rd) { + LDNS_FREE(rd); + } +} + +ldns_rdf * +ldns_rdf_new_frm_str(ldns_rdf_type type, const char *str) +{ + ldns_rdf *rdf = NULL; + ldns_status status; + + switch (type) { + case LDNS_RDF_TYPE_DNAME: + status = ldns_str2rdf_dname(&rdf, str); + break; + case LDNS_RDF_TYPE_INT8: + status = ldns_str2rdf_int8(&rdf, str); + break; + case LDNS_RDF_TYPE_INT16: + status = ldns_str2rdf_int16(&rdf, str); + break; + case LDNS_RDF_TYPE_INT32: + status = ldns_str2rdf_int32(&rdf, str); + break; + case LDNS_RDF_TYPE_A: + status = ldns_str2rdf_a(&rdf, str); + break; + case LDNS_RDF_TYPE_AAAA: + status = ldns_str2rdf_aaaa(&rdf, str); + break; + case LDNS_RDF_TYPE_STR: + status = ldns_str2rdf_str(&rdf, str); + break; + case LDNS_RDF_TYPE_APL: + status = ldns_str2rdf_apl(&rdf, str); + break; + case LDNS_RDF_TYPE_B64: + status = ldns_str2rdf_b64(&rdf, str); + break; + case LDNS_RDF_TYPE_B32_EXT: + status = ldns_str2rdf_b32_ext(&rdf, str); + break; + case LDNS_RDF_TYPE_HEX: + status = ldns_str2rdf_hex(&rdf, str); + break; + case LDNS_RDF_TYPE_NSEC: + status = ldns_str2rdf_nsec(&rdf, str); + break; + case LDNS_RDF_TYPE_TYPE: + status = ldns_str2rdf_type(&rdf, str); + break; + case LDNS_RDF_TYPE_CLASS: + status = ldns_str2rdf_class(&rdf, str); + break; + case LDNS_RDF_TYPE_CERT_ALG: + status = ldns_str2rdf_cert_alg(&rdf, str); + break; + case LDNS_RDF_TYPE_ALG: + status = ldns_str2rdf_alg(&rdf, str); + break; + case LDNS_RDF_TYPE_UNKNOWN: + status = ldns_str2rdf_unknown(&rdf, str); + break; + case LDNS_RDF_TYPE_TIME: + status = ldns_str2rdf_time(&rdf, str); + break; + case LDNS_RDF_TYPE_PERIOD: + status = ldns_str2rdf_period(&rdf, str); + break; + case LDNS_RDF_TYPE_TSIG: + status = ldns_str2rdf_tsig(&rdf, str); + break; + case LDNS_RDF_TYPE_SERVICE: + status = ldns_str2rdf_service(&rdf, str); + break; + case LDNS_RDF_TYPE_LOC: + status = ldns_str2rdf_loc(&rdf, str); + break; + case LDNS_RDF_TYPE_WKS: + status = ldns_str2rdf_wks(&rdf, str); + break; + case LDNS_RDF_TYPE_NSAP: + status = ldns_str2rdf_nsap(&rdf, str); + break; + case LDNS_RDF_TYPE_ATMA: + status = ldns_str2rdf_atma(&rdf, str); + break; + case LDNS_RDF_TYPE_IPSECKEY: + status = ldns_str2rdf_ipseckey(&rdf, str); + break; + case LDNS_RDF_TYPE_NSEC3_SALT: + status = ldns_str2rdf_nsec3_salt(&rdf, str); + break; + case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: + status = ldns_str2rdf_b32_ext(&rdf, str); + break; + case LDNS_RDF_TYPE_NONE: + default: + /* default default ??? */ + status = LDNS_STATUS_ERR; + break; + } + if (LDNS_STATUS_OK == status) { + ldns_rdf_set_type(rdf, type); + return rdf; + } + if (rdf) { + LDNS_FREE(rdf); + } + return NULL; +} + +ldns_status +ldns_rdf_new_frm_fp(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp) +{ + return ldns_rdf_new_frm_fp_l(rdf, type, fp, NULL); +} + +ldns_status +ldns_rdf_new_frm_fp_l(ldns_rdf **rdf, ldns_rdf_type type, FILE *fp, int *line_nr) +{ + char *line; + ldns_rdf *r; + ssize_t t; + + line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + if (!line) { + return LDNS_STATUS_MEM_ERR; + } + + /* read an entire line in from the file */ + if ((t = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, 0, line_nr)) == -1) { + LDNS_FREE(line); + return LDNS_STATUS_SYNTAX_RDATA_ERR; + } + r = ldns_rdf_new_frm_str(type, (const char*) line); + LDNS_FREE(line); + if (rdf) { + *rdf = r; + return LDNS_STATUS_OK; + } else { + return LDNS_STATUS_NULL; + } +} + +ldns_rdf * +ldns_rdf_address_reverse(ldns_rdf *rd) +{ + uint8_t buf_4[LDNS_IP4ADDRLEN]; + uint8_t buf_6[LDNS_IP6ADDRLEN * 2]; + ldns_rdf *rev; + ldns_rdf *in_addr; + ldns_rdf *ret_dname; + uint8_t octet; + uint8_t nnibble; + uint8_t nibble; + uint8_t i, j; + + char *char_dname; + int nbit; + + if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_A && + ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_AAAA) { + return NULL; + } + + in_addr = NULL; + ret_dname = NULL; + + switch(ldns_rdf_get_type(rd)) { + case LDNS_RDF_TYPE_A: + /* the length of the buffer is 4 */ + buf_4[3] = ldns_rdf_data(rd)[0]; + buf_4[2] = ldns_rdf_data(rd)[1]; + buf_4[1] = ldns_rdf_data(rd)[2]; + buf_4[0] = ldns_rdf_data(rd)[3]; + in_addr = ldns_dname_new_frm_str("in-addr.arpa."); + if (!in_addr) { + return NULL; + } + /* make a new rdf and convert that back */ + rev = ldns_rdf_new_frm_data( LDNS_RDF_TYPE_A, + LDNS_IP4ADDRLEN, (void*)&buf_4); + if (!rev) { + LDNS_FREE(in_addr); + return NULL; + } + + /* convert rev to a string */ + char_dname = ldns_rdf2str(rev); + if (!char_dname) { + LDNS_FREE(in_addr); + ldns_rdf_deep_free(rev); + return NULL; + } + /* transform back to rdf with type dname */ + ret_dname = ldns_dname_new_frm_str(char_dname); + if (!ret_dname) { + LDNS_FREE(in_addr); + ldns_rdf_deep_free(rev); + LDNS_FREE(char_dname); + return NULL; + } + /* not needed anymore */ + ldns_rdf_deep_free(rev); + LDNS_FREE(char_dname); + break; + case LDNS_RDF_TYPE_AAAA: + /* some foo magic to reverse the nibbles ... */ + + for (nbit = 127; nbit >= 0; nbit = nbit - 4) { + /* calculate octett (8 bit) */ + octet = ( ((unsigned int) nbit) & 0x78) >> 3; + /* calculate nibble */ + nnibble = ( ((unsigned int) nbit) & 0x04) >> 2; + /* extract nibble */ + nibble = (ldns_rdf_data(rd)[octet] & ( 0xf << (4 * (1 - + nnibble)) ) ) >> ( 4 * (1 - + nnibble)); + + buf_6[(LDNS_IP6ADDRLEN * 2 - 1) - + (octet * 2 + nnibble)] = + (uint8_t)ldns_int_to_hexdigit((int)nibble); + } + + char_dname = LDNS_XMALLOC(char, (LDNS_IP6ADDRLEN * 4)); + if (!char_dname) { + return NULL; + } + char_dname[LDNS_IP6ADDRLEN * 4 - 1] = '\0'; /* closure */ + + /* walk the string and add . 's */ + for (i = 0, j = 0; i < LDNS_IP6ADDRLEN * 2; i++, j = j + 2) { + char_dname[j] = (char)buf_6[i]; + if (i != LDNS_IP6ADDRLEN * 2 - 1) { + char_dname[j + 1] = '.'; + } + } + in_addr = ldns_dname_new_frm_str("ip6.arpa."); + if (!in_addr) { + LDNS_FREE(char_dname); + return NULL; + } + + /* convert rev to a string */ + ret_dname = ldns_dname_new_frm_str(char_dname); + LDNS_FREE(char_dname); + if (!ret_dname) { + ldns_rdf_deep_free(in_addr); + return NULL; + } + break; + default: + break; + } + /* add the suffix */ + rev = ldns_dname_cat_clone(ret_dname, in_addr); + + ldns_rdf_deep_free(ret_dname); + ldns_rdf_deep_free(in_addr); + return rev; +} + +ldns_status +ldns_octet(char *word, size_t *length) +{ + char *s; + char *p; + *length = 0; + + for (s = p = word; *s != '\0'; s++,p++) { + switch (*s) { + case '.': + if (s[1] == '.') { + return LDNS_STATUS_EMPTY_LABEL; + } + *p = *s; + (*length)++; + break; + case '\\': + if ('0' <= s[1] && s[1] <= '9' && + '0' <= s[2] && s[2] <= '9' && + '0' <= s[3] && s[3] <= '9') { + /* \DDD seen */ + int val = ((s[1] - '0') * 100 + + (s[2] - '0') * 10 + (s[3] - '0')); + + if (0 <= val && val <= 255) { + /* this also handles \0 */ + s += 3; + *p = val; + (*length)++; + } else { + return LDNS_STATUS_DDD_OVERFLOW; + } + } else { + /* an espaced character, like \ ? + * remove the '\' keep the rest */ + *p = *++s; + (*length)++; + } + break; + case '\"': + /* non quoted " Is either first or the last character in + * the string */ + + *p = *++s; /* skip it */ + (*length)++; + /* I'm not sure if this is needed in libdns... MG */ + if ( *s == '\0' ) { + /* ok, it was the last one */ + *p = '\0'; + return LDNS_STATUS_OK; + } + break; + default: + *p = *s; + (*length)++; + break; + } + } + *p = '\0'; + return LDNS_STATUS_OK; +} + +int +ldns_rdf_compare(const ldns_rdf *rd1, const ldns_rdf *rd2) +{ + uint16_t i1, i2, i; + uint8_t *d1, *d2; + + /* only when both are not NULL we can say anything about them */ + if (!rd1 && !rd2) { + return 0; + } + if (!rd1 || !rd2) { + return -1; + } + i1 = ldns_rdf_size(rd1); + i2 = ldns_rdf_size(rd2); + + if (i1 < i2) { + return -1; + } else if (i1 > i2) { + return +1; + } else { + d1 = (uint8_t*)ldns_rdf_data(rd1); + d2 = (uint8_t*)ldns_rdf_data(rd2); + for(i = 0; i < i1; i++) { + if (d1[i] < d2[i]) { + return -1; + } else if (d1[i] > d2[i]) { + return +1; + } + } + } + return 0; +} + +uint32_t +ldns_str2period(const char *nptr, const char **endptr) +{ + int sign = 0; + uint32_t i = 0; + uint32_t seconds = 0; + + for(*endptr = nptr; **endptr; (*endptr)++) { + switch (**endptr) { + case ' ': + case '\t': + break; + case '-': + if(sign == 0) { + sign = -1; + } else { + return seconds; + } + break; + case '+': + if(sign == 0) { + sign = 1; + } else { + return seconds; + } + break; + case 's': + case 'S': + seconds += i; + i = 0; + break; + case 'm': + case 'M': + seconds += i * 60; + i = 0; + break; + case 'h': + case 'H': + seconds += i * 60 * 60; + i = 0; + break; + case 'd': + case 'D': + seconds += i * 60 * 60 * 24; + i = 0; + break; + case 'w': + case 'W': + seconds += i * 60 * 60 * 24 * 7; + i = 0; + break; + case '0': + case '1': + case '2': + case '3': + case '4': + case '5': + case '6': + case '7': + case '8': + case '9': + i *= 10; + i += (**endptr - '0'); + break; + default: + seconds += i; + /* disregard signedness */ + return seconds; + } + } + seconds += i; + /* disregard signedness */ + return seconds; +} diff --git a/contrib/ldns/resolver.c b/contrib/ldns/resolver.c new file mode 100644 index 0000000000..2b01b4229b --- /dev/null +++ b/contrib/ldns/resolver.c @@ -0,0 +1,1193 @@ +/* + * resolver.c + * + * resolver implementation + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include +#include + +/* Access function for reading + * and setting the different Resolver + * options */ + +/* read */ +uint16_t +ldns_resolver_port(const ldns_resolver *r) +{ + return r->_port; +} + +uint16_t +ldns_resolver_edns_udp_size(const ldns_resolver *r) +{ + return r->_edns_udp_size; +} + +uint8_t +ldns_resolver_retry(const ldns_resolver *r) +{ + return r->_retry; +} + +uint8_t +ldns_resolver_retrans(const ldns_resolver *r) +{ + return r->_retrans; +} + +bool +ldns_resolver_fallback(const ldns_resolver *r) +{ + return r->_fallback; +} + +uint8_t +ldns_resolver_ip6(const ldns_resolver *r) +{ + return r->_ip6; +} + +bool +ldns_resolver_recursive(const ldns_resolver *r) +{ + return r->_recursive; +} + +bool +ldns_resolver_debug(const ldns_resolver *r) +{ + return r->_debug; +} + +bool +ldns_resolver_dnsrch(const ldns_resolver *r) +{ + return r->_dnsrch; +} + +bool +ldns_resolver_fail(const ldns_resolver *r) +{ + return r->_fail; +} + +bool +ldns_resolver_defnames(const ldns_resolver *r) +{ + return r->_defnames; +} + +ldns_rdf * +ldns_resolver_domain(const ldns_resolver *r) +{ + return r->_domain; +} + +ldns_rdf ** +ldns_resolver_searchlist(const ldns_resolver *r) +{ + return r->_searchlist; +} + +ldns_rdf ** +ldns_resolver_nameservers(const ldns_resolver *r) +{ + return r->_nameservers; +} + +size_t +ldns_resolver_nameserver_count(const ldns_resolver *r) +{ + return r->_nameserver_count; +} + +bool +ldns_resolver_dnssec(const ldns_resolver *r) +{ + return r->_dnssec; +} + +bool +ldns_resolver_dnssec_cd(const ldns_resolver *r) +{ + return r->_dnssec_cd; +} + +ldns_rr_list * +ldns_resolver_dnssec_anchors(const ldns_resolver *r) +{ + return r->_dnssec_anchors; +} + +bool +ldns_resolver_trusted_key(const ldns_resolver *r, ldns_rr_list * keys, ldns_rr_list * trusted_keys) +{ + size_t i; + bool result = false; + + ldns_rr_list * trust_anchors; + ldns_rr * cur_rr; + + if (!r || !keys) { return false; } + + trust_anchors = ldns_resolver_dnssec_anchors(r); + + if (!trust_anchors) { return false; } + + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) { + + cur_rr = ldns_rr_list_rr(keys, i); + if (ldns_rr_list_contains_rr(trust_anchors, cur_rr)) { + if (trusted_keys) { ldns_rr_list_push_rr(trusted_keys, cur_rr); } + result = true; + } + } + + return result; +} + +bool +ldns_resolver_igntc(const ldns_resolver *r) +{ + return r->_igntc; +} + +bool +ldns_resolver_usevc(const ldns_resolver *r) +{ + return r->_usevc; +} + +size_t * +ldns_resolver_rtt(const ldns_resolver *r) +{ + return r->_rtt; +} + +size_t +ldns_resolver_nameserver_rtt(const ldns_resolver *r, size_t pos) +{ + size_t *rtt; + + assert(r != NULL); + + rtt = ldns_resolver_rtt(r); + + if (pos >= ldns_resolver_nameserver_count(r)) { + /* error ?*/ + return 0; + } else { + return rtt[pos]; + } + +} + +struct timeval +ldns_resolver_timeout(const ldns_resolver *r) +{ + return r->_timeout; +} + +char * +ldns_resolver_tsig_keyname(const ldns_resolver *r) +{ + return r->_tsig_keyname; +} + +char * +ldns_resolver_tsig_algorithm(const ldns_resolver *r) +{ + return r->_tsig_algorithm; +} + +char * +ldns_resolver_tsig_keydata(const ldns_resolver *r) +{ + return r->_tsig_keydata; +} + +bool +ldns_resolver_random(const ldns_resolver *r) +{ + return r->_random; +} + +size_t +ldns_resolver_searchlist_count(const ldns_resolver *r) +{ + return r->_searchlist_count; +} + +/* write */ +void +ldns_resolver_set_port(ldns_resolver *r, uint16_t p) +{ + r->_port = p; +} + +ldns_rdf * +ldns_resolver_pop_nameserver(ldns_resolver *r) +{ + ldns_rdf **nameservers; + ldns_rdf *pop; + size_t ns_count; + size_t *rtt; + + assert(r != NULL); + + ns_count = ldns_resolver_nameserver_count(r); + nameservers = ldns_resolver_nameservers(r); + rtt = ldns_resolver_rtt(r); + if (ns_count == 0 || !nameservers) { + return NULL; + } + + pop = nameservers[ns_count - 1]; + + nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count - 1)); + rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1)); + + ldns_resolver_set_nameservers(r, nameservers); + ldns_resolver_set_rtt(r, rtt); + /* decr the count */ + ldns_resolver_dec_nameserver_count(r); + return pop; +} + +ldns_status +ldns_resolver_push_nameserver(ldns_resolver *r, ldns_rdf *n) +{ + ldns_rdf **nameservers; + size_t ns_count; + size_t *rtt; + + if (ldns_rdf_get_type(n) != LDNS_RDF_TYPE_A && + ldns_rdf_get_type(n) != LDNS_RDF_TYPE_AAAA) { + return LDNS_STATUS_ERR; + } + + ns_count = ldns_resolver_nameserver_count(r); + nameservers = ldns_resolver_nameservers(r); + rtt = ldns_resolver_rtt(r); + + /* make room for the next one */ + nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count + 1)); + /* don't forget the rtt */ + rtt = LDNS_XREALLOC(rtt, size_t, (ns_count + 1)); + + /* set the new value in the resolver */ + ldns_resolver_set_nameservers(r, nameservers); + + /* slide n in its slot. */ + /* we clone it here, because then we can free the original + * rr's where it stood */ + nameservers[ns_count] = ldns_rdf_clone(n); + rtt[ns_count] = LDNS_RESOLV_RTT_MIN; + ldns_resolver_incr_nameserver_count(r); + ldns_resolver_set_rtt(r, rtt); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_resolver_push_nameserver_rr(ldns_resolver *r, ldns_rr *rr) +{ + ldns_rdf *address; + if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_A && + ldns_rr_get_type(rr) != LDNS_RR_TYPE_AAAA)) { + return LDNS_STATUS_ERR; + } + address = ldns_rr_rdf(rr, 0); /* extract the ip number */ + if (address) { + return ldns_resolver_push_nameserver(r, address); + } else { + return LDNS_STATUS_ERR; + } +} + +ldns_status +ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list *rrlist) +{ + ldns_rr *rr; + ldns_status stat; + size_t i; + + stat = LDNS_STATUS_OK; + if (rrlist) { + for(i = 0; i < ldns_rr_list_rr_count(rrlist); i++) { + rr = ldns_rr_list_rr(rrlist, i); + if (ldns_resolver_push_nameserver_rr(r, rr) != LDNS_STATUS_OK) { + stat = LDNS_STATUS_ERR; + } + } + return stat; + } else { + return LDNS_STATUS_ERR; + } +} + +void +ldns_resolver_set_edns_udp_size(ldns_resolver *r, uint16_t s) +{ + r->_edns_udp_size = s; +} + +void +ldns_resolver_set_recursive(ldns_resolver *r, bool re) +{ + r->_recursive = re; +} + +void +ldns_resolver_set_dnssec(ldns_resolver *r, bool d) +{ + r->_dnssec = d; +} + +void +ldns_resolver_set_dnssec_cd(ldns_resolver *r, bool d) +{ + r->_dnssec_cd = d; +} + +void +ldns_resolver_set_dnssec_anchors(ldns_resolver *r, ldns_rr_list * l) +{ + r->_dnssec_anchors = l; +} + +ldns_status +ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr) +{ + ldns_rr_list * trust_anchors; + + if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY)) { + return LDNS_STATUS_ERR; + } + + if (!(trust_anchors = ldns_resolver_dnssec_anchors(r))) { /* Initialize */ + trust_anchors = ldns_rr_list_new(); + ldns_resolver_set_dnssec_anchors(r, trust_anchors); + } + + return (ldns_rr_list_push_rr(trust_anchors, ldns_rr_clone(rr))) ? LDNS_STATUS_OK : LDNS_STATUS_ERR; +} + +void +ldns_resolver_set_igntc(ldns_resolver *r, bool i) +{ + r->_igntc = i; +} + +void +ldns_resolver_set_usevc(ldns_resolver *r, bool vc) +{ + r->_usevc = vc; +} + +void +ldns_resolver_set_debug(ldns_resolver *r, bool d) +{ + r->_debug = d; +} + +void +ldns_resolver_set_ip6(ldns_resolver *r, uint8_t ip6) +{ + r->_ip6 = ip6; +} + +void +ldns_resolver_set_fail(ldns_resolver *r, bool f) +{ + r->_fail =f; +} + +void +ldns_resolver_set_searchlist_count(ldns_resolver *r, size_t c) +{ + r->_searchlist_count = c; +} + +void +ldns_resolver_set_nameserver_count(ldns_resolver *r, size_t c) +{ + r->_nameserver_count = c; +} + +void +ldns_resolver_set_dnsrch(ldns_resolver *r, bool d) +{ + r->_dnsrch = d; +} + +void +ldns_resolver_set_retry(ldns_resolver *r, uint8_t retry) +{ + r->_retry = retry; +} + +void +ldns_resolver_set_retrans(ldns_resolver *r, uint8_t retrans) +{ + r->_retrans = retrans; +} + +void +ldns_resolver_set_fallback(ldns_resolver *r, bool fallback) +{ + r->_fallback = fallback; +} + +void +ldns_resolver_set_nameservers(ldns_resolver *r, ldns_rdf **n) +{ + r->_nameservers = n; +} + +void +ldns_resolver_set_defnames(ldns_resolver *r, bool d) +{ + r->_defnames = d; +} + +void +ldns_resolver_set_rtt(ldns_resolver *r, size_t *rtt) +{ + r->_rtt = rtt; +} + +void +ldns_resolver_set_nameserver_rtt(ldns_resolver *r, size_t pos, size_t value) +{ + size_t *rtt; + + assert(r != NULL); + + rtt = ldns_resolver_rtt(r); + + if (pos >= ldns_resolver_nameserver_count(r)) { + /* error ?*/ + } else { + rtt[pos] = value; + } + +} + +void +ldns_resolver_incr_nameserver_count(ldns_resolver *r) +{ + size_t c; + + c = ldns_resolver_nameserver_count(r); + ldns_resolver_set_nameserver_count(r, ++c); +} + +void +ldns_resolver_dec_nameserver_count(ldns_resolver *r) +{ + size_t c; + + c = ldns_resolver_nameserver_count(r); + if (c == 0) { + return; + } else { + ldns_resolver_set_nameserver_count(r, --c); + } +} + +void +ldns_resolver_set_domain(ldns_resolver *r, ldns_rdf *d) +{ + r->_domain = d; +} + +void +ldns_resolver_set_timeout(ldns_resolver *r, struct timeval timeout) +{ + r->_timeout.tv_sec = timeout.tv_sec; + r->_timeout.tv_usec = timeout.tv_usec; +} + +void +ldns_resolver_push_searchlist(ldns_resolver *r, ldns_rdf *d) +{ + ldns_rdf **searchlist; + size_t list_count; + + if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) { + return; + } + + list_count = ldns_resolver_searchlist_count(r); + searchlist = ldns_resolver_searchlist(r); + + searchlist = LDNS_XREALLOC(searchlist, ldns_rdf *, (list_count + 1)); + if (searchlist) { + r->_searchlist = searchlist; + + searchlist[list_count] = ldns_rdf_clone(d); + ldns_resolver_set_searchlist_count(r, list_count + 1); + } +} + +void +ldns_resolver_set_tsig_keyname(ldns_resolver *r, char *tsig_keyname) +{ + r->_tsig_keyname = tsig_keyname; +} + +void +ldns_resolver_set_tsig_algorithm(ldns_resolver *r, char *tsig_algorithm) +{ + r->_tsig_algorithm = tsig_algorithm; +} + +void +ldns_resolver_set_tsig_keydata(ldns_resolver *r, char *tsig_keydata) +{ + r->_tsig_keydata = tsig_keydata; +} + +void +ldns_resolver_set_random(ldns_resolver *r, bool b) +{ + r->_random = b; +} + +/* more sophisticated functions */ +ldns_resolver * +ldns_resolver_new(void) +{ + ldns_resolver *r; + + r = LDNS_MALLOC(ldns_resolver); + if (!r) { + return NULL; + } + + r->_searchlist = NULL; + r->_nameservers = NULL; + r->_rtt = NULL; + + /* defaults are filled out */ + ldns_resolver_set_searchlist_count(r, 0); + ldns_resolver_set_nameserver_count(r, 0); + ldns_resolver_set_usevc(r, 0); + ldns_resolver_set_port(r, LDNS_PORT); + ldns_resolver_set_domain(r, NULL); + ldns_resolver_set_defnames(r, false); + ldns_resolver_set_retry(r, 3); + ldns_resolver_set_retrans(r, 2); + ldns_resolver_set_fallback(r, true); + ldns_resolver_set_fail(r, false); + ldns_resolver_set_edns_udp_size(r, 0); + ldns_resolver_set_dnssec(r, false); + ldns_resolver_set_dnssec_cd(r, false); + ldns_resolver_set_dnssec_anchors(r, NULL); + ldns_resolver_set_ip6(r, LDNS_RESOLV_INETANY); + + /* randomize the nameserver to be queried + * when there are multiple + */ + ldns_resolver_set_random(r, true); + + ldns_resolver_set_debug(r, 0); + + r->_timeout.tv_sec = LDNS_DEFAULT_TIMEOUT_SEC; + r->_timeout.tv_usec = LDNS_DEFAULT_TIMEOUT_USEC; + + r->_socket = 0; + r->_axfr_soa_count = 0; + r->_axfr_i = 0; + r->_cur_axfr_pkt = NULL; + + r->_tsig_keyname = NULL; + r->_tsig_keydata = NULL; + r->_tsig_algorithm = NULL; + return r; +} + +ldns_status +ldns_resolver_new_frm_fp(ldns_resolver **res, FILE *fp) +{ + return ldns_resolver_new_frm_fp_l(res, fp, NULL); +} + +ldns_status +ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr) +{ + ldns_resolver *r; + const char *keyword[LDNS_RESOLV_KEYWORDS]; + char word[LDNS_MAX_LINELEN + 1]; + int8_t expect; + uint8_t i; + ldns_rdf *tmp; +#ifdef HAVE_SSL + ldns_rr *tmp_rr; +#endif + ssize_t gtr; + ldns_buffer *b; + + /* do this better + * expect = + * 0: keyword + * 1: default domain dname + * 2: NS aaaa or a record + */ + + /* recognized keywords */ + keyword[LDNS_RESOLV_NAMESERVER] = "nameserver"; + keyword[LDNS_RESOLV_DEFDOMAIN] = "domain"; + keyword[LDNS_RESOLV_SEARCH] = "search"; + /* these two are read but not used atm TODO */ + keyword[LDNS_RESOLV_SORTLIST] = "sortlist"; + keyword[LDNS_RESOLV_OPTIONS] = "options"; + keyword[LDNS_RESOLV_ANCHOR] = "anchor"; + expect = LDNS_RESOLV_KEYWORD; + + r = ldns_resolver_new(); + if (!r) { + return LDNS_STATUS_MEM_ERR; + } + + gtr = 1; + word[0] = 0; + while (gtr > 0) { + /* check comments */ + if (word[0] == '#') { + /* read the rest of the line, should be 1 word */ + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr); + /* prepare the next string for further parsing */ + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr); + continue; + } + switch(expect) { + case LDNS_RESOLV_KEYWORD: + /* keyword */ + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr != 0) { + for(i = 0; i < LDNS_RESOLV_KEYWORDS; i++) { + if (strcasecmp(keyword[i], word) == 0) { + /* chosen the keyword and + * expect values carefully + */ + expect = i; + break; + } + } + /* no keyword recognized */ + if (expect == LDNS_RESOLV_KEYWORD) { + /* skip line */ + /* + ldns_resolver_deep_free(r); + return LDNS_STATUS_SYNTAX_KEYWORD_ERR; + */ + } + } + break; + case LDNS_RESOLV_DEFDOMAIN: + /* default domain dname */ + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word); + if (!tmp) { + ldns_resolver_deep_free(r); + return LDNS_STATUS_SYNTAX_DNAME_ERR; + } + + /* DOn't free, because we copy the pointer */ + ldns_resolver_set_domain(r, tmp); + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_NAMESERVER: + /* NS aaaa or a record */ + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, word); + if (!tmp) { + /* try ip4 */ + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, word); + } + /* could not parse it, exit */ + if (!tmp) { + ldns_resolver_deep_free(r); + return LDNS_STATUS_SYNTAX_ERR; + } + (void)ldns_resolver_push_nameserver(r, tmp); + ldns_rdf_deep_free(tmp); + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_SEARCH: + /* search list domain dname */ + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + b = LDNS_MALLOC(ldns_buffer); + ldns_buffer_new_frm_data(b, word, (size_t) gtr); + + gtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr); + while (gtr > 0) { + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word); + if (!tmp) { + ldns_resolver_deep_free(r); + return LDNS_STATUS_SYNTAX_DNAME_ERR; + } + + ldns_resolver_push_searchlist(r, tmp); + + ldns_rdf_deep_free(tmp); + gtr = ldns_bget_token(b, word, LDNS_PARSE_NORMAL, (size_t) gtr); + } + ldns_buffer_free(b); + gtr = 1; + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_SORTLIST: + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + /* sortlist not implemented atm */ + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_OPTIONS: + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr); + /* options not implemented atm */ + expect = LDNS_RESOLV_KEYWORD; + break; + case LDNS_RESOLV_ANCHOR: + /* a file containing a DNSSEC trust anchor */ + gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_NORMAL, 0, line_nr); + if (gtr == 0) { + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } + +#ifdef HAVE_SSL + tmp_rr = ldns_read_anchor_file(word); + (void) ldns_resolver_push_dnssec_anchor(r, tmp_rr); + ldns_rr_free(tmp_rr); +#endif + expect = LDNS_RESOLV_KEYWORD; + break; + } + } + + if (res) { + *res = r; + return LDNS_STATUS_OK; + } else { + return LDNS_STATUS_NULL; + } +} + +ldns_status +ldns_resolver_new_frm_file(ldns_resolver **res, const char *filename) +{ + ldns_resolver *r; + FILE *fp; + ldns_status s; + + if (!filename) { + fp = fopen(LDNS_RESOLV_CONF, "r"); + + } else { + fp = fopen(filename, "r"); + } + if (!fp) { + return LDNS_STATUS_FILE_ERR; + } + + s = ldns_resolver_new_frm_fp(&r, fp); + fclose(fp); + if (s == LDNS_STATUS_OK) { + if (res) { + *res = r; + return LDNS_STATUS_OK; + } else { + return LDNS_STATUS_NULL; + } + } + return s; +} + +void +ldns_resolver_free(ldns_resolver *res) +{ + LDNS_FREE(res); +} + +void +ldns_resolver_deep_free(ldns_resolver *res) +{ + size_t i; + + if (res) { + if (res->_searchlist) { + for (i = 0; i < ldns_resolver_searchlist_count(res); i++) { + ldns_rdf_deep_free(res->_searchlist[i]); + } + LDNS_FREE(res->_searchlist); + } + if (res->_nameservers) { + for (i = 0; i < res->_nameserver_count; i++) { + ldns_rdf_deep_free(res->_nameservers[i]); + } + LDNS_FREE(res->_nameservers); + } + if (ldns_resolver_domain(res)) { + ldns_rdf_deep_free(ldns_resolver_domain(res)); + } + if (ldns_resolver_tsig_keyname(res)) { + LDNS_FREE(res->_tsig_keyname); + } + + if (res->_cur_axfr_pkt) { + ldns_pkt_free(res->_cur_axfr_pkt); + } + + if (res->_rtt) { + LDNS_FREE(res->_rtt); + } + if (res->_dnssec_anchors) { + ldns_rr_list_deep_free(res->_dnssec_anchors); + } + LDNS_FREE(res); + } +} + +ldns_pkt * +ldns_resolver_search(const ldns_resolver *r,const ldns_rdf *name, + ldns_rr_type t, ldns_rr_class c, uint16_t flags) +{ + + char *str_dname; + ldns_rdf *new_name; + ldns_rdf **search_list; + size_t i; + ldns_pkt *p; + + str_dname = ldns_rdf2str(name); + + if (ldns_dname_str_absolute(str_dname)) { + /* query as-is */ + return ldns_resolver_query(r, name, t, c, flags); + } else { + search_list = ldns_resolver_searchlist(r); + for (i = 0; i < ldns_resolver_searchlist_count(r); i++) { + new_name = ldns_dname_cat_clone(name, search_list[i]); + + p = ldns_resolver_query(r, new_name, t, c, flags); + ldns_rdf_free(new_name); + if (p) { + return p; + } + } + } + return NULL; +} + +ldns_pkt * +ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name, + ldns_rr_type t, ldns_rr_class c, uint16_t flags) +{ + ldns_rdf *newname; + ldns_pkt *pkt; + ldns_status status; + + pkt = NULL; + + if (!ldns_resolver_defnames(r)) { + status = ldns_resolver_send(&pkt, (ldns_resolver *)r, name, + t, c, flags); + if (status == LDNS_STATUS_OK) { + return pkt; + } else { + if (pkt) { + ldns_pkt_free(pkt); + } + fprintf(stderr, "error: %s\n", ldns_get_errorstr_by_id(status)); + return NULL; + } + } + + if (!ldns_resolver_domain(r)) { + /* _defnames is set, but the domain is not....?? */ + status = ldns_resolver_send(&pkt, (ldns_resolver *)r, name, + t, c, flags); + if (status == LDNS_STATUS_OK) { + return pkt; + } else { + if (pkt) { + ldns_pkt_free(pkt); + } + return NULL; + } + } + + newname = ldns_dname_cat_clone((const ldns_rdf*)name, ldns_resolver_domain(r)); + if (!newname) { + if (pkt) { + ldns_pkt_free(pkt); + } + return NULL; + } + status = ldns_resolver_send(&pkt, (ldns_resolver *)r, newname, t, c, + flags); + + ldns_rdf_free(newname); + + return pkt; +} + +ldns_status +ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, + ldns_pkt *query_pkt) +{ + ldns_pkt *answer_pkt = NULL; + ldns_status stat = LDNS_STATUS_OK; + + stat = ldns_send(&answer_pkt, (ldns_resolver *)r, query_pkt); + if (stat != LDNS_STATUS_OK) { + if(answer_pkt) { + ldns_pkt_free(answer_pkt); + answer_pkt = NULL; + } + } else { + + /* if tc=1 fall back to EDNS and/or TCP */ + /* check for tcp first (otherwise we don't care about tc=1) */ + if (!ldns_resolver_usevc(r) && ldns_resolver_fallback(r)) { + if (ldns_pkt_tc(answer_pkt)) { + /* was EDNS0 set? */ + if (ldns_pkt_edns_udp_size(query_pkt) == 0) { + ldns_pkt_set_edns_udp_size(query_pkt, 4096); + ldns_pkt_free(answer_pkt); + stat = ldns_send(&answer_pkt, r, query_pkt); + } + /* either way, if it is still truncated, use TCP */ + if (stat != LDNS_STATUS_OK || + ldns_pkt_tc(answer_pkt)) { + ldns_resolver_set_usevc(r, true); + ldns_pkt_free(answer_pkt); + stat = ldns_send(&answer_pkt, r, query_pkt); + ldns_resolver_set_usevc(r, false); + } + } + } + } + + + if (answer) { + *answer = answer_pkt; + } + + return stat; +} + +ldns_status +ldns_resolver_prepare_query_pkt(ldns_pkt **query_pkt, ldns_resolver *r, + const ldns_rdf *name, ldns_rr_type t, + ldns_rr_class c, uint16_t flags) +{ + /* prepare a question pkt from the parameters + * and then send this */ + *query_pkt = ldns_pkt_query_new(ldns_rdf_clone(name), t, c, flags); + if (!*query_pkt) { + return LDNS_STATUS_ERR; + } + + /* set DO bit if necessary */ + if (ldns_resolver_dnssec(r)) { + if (ldns_resolver_edns_udp_size(r) == 0) { + ldns_resolver_set_edns_udp_size(r, 4096); + } + ldns_pkt_set_edns_do(*query_pkt, true); + if (ldns_resolver_dnssec_cd(r) || (flags & LDNS_CD)) { + ldns_pkt_set_cd(*query_pkt, true); + } + } + + /* transfer the udp_edns_size from the resolver to the packet */ + if (ldns_resolver_edns_udp_size(r) != 0) { + ldns_pkt_set_edns_udp_size(*query_pkt, ldns_resolver_edns_udp_size(r)); + } + + if (ldns_resolver_debug(r)) { + ldns_pkt_print(stdout, *query_pkt); + } + + /* only set the id if it is not set yet */ + if (ldns_pkt_id(*query_pkt) == 0) { + ldns_pkt_set_random_id(*query_pkt); + } + + return LDNS_STATUS_OK; +} + + +ldns_status +ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, + ldns_rr_type t, ldns_rr_class c, uint16_t flags) +{ + ldns_pkt *query_pkt; + ldns_pkt *answer_pkt; + ldns_status status; + + assert(r != NULL); + assert(name != NULL); + + answer_pkt = NULL; + + /* do all the preprocessing here, then fire of an query to + * the network */ + + if (0 == t) { + t= LDNS_RR_TYPE_A; + } + if (0 == c) { + c= LDNS_RR_CLASS_IN; + } + if (0 == ldns_resolver_nameserver_count(r)) { + return LDNS_STATUS_RES_NO_NS; + } + if (ldns_rdf_get_type(name) != LDNS_RDF_TYPE_DNAME) { + return LDNS_STATUS_RES_QUERY; + } + + status = ldns_resolver_prepare_query_pkt(&query_pkt, r, name, + t, c, flags); + if (status != LDNS_STATUS_OK) { + return status; + } + + /* if tsig values are set, tsign it */ + /* TODO: make last 3 arguments optional too? maybe make complete + rr instead of seperate values in resolver (and packet) + Jelte + should this go in pkt_prepare? + */ +#ifdef HAVE_SSL + if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) { + status = ldns_pkt_tsig_sign(query_pkt, + ldns_resolver_tsig_keyname(r), + ldns_resolver_tsig_keydata(r), + 300, ldns_resolver_tsig_algorithm(r), NULL); + if (status != LDNS_STATUS_OK) { + return LDNS_STATUS_CRYPTO_TSIG_ERR; + } + } +#else + return LDNS_STATUS_CRYPTO_TSIG_ERR; +#endif /* HAVE_SSL */ + status = ldns_resolver_send_pkt(&answer_pkt, r, query_pkt); + ldns_pkt_free(query_pkt); + + /* allows answer to be NULL when not interested in return value */ + if (answer) { + *answer = answer_pkt; + } + return status; +} + +ldns_rr * +ldns_axfr_next(ldns_resolver *resolver) +{ + ldns_rr *cur_rr; + uint8_t *packet_wire; + size_t packet_wire_size; + ldns_lookup_table *rcode; + ldns_status status; + + /* check if start() has been called */ + if (!resolver || resolver->_socket == 0) { + return NULL; + } + + if (resolver->_cur_axfr_pkt) { + if (resolver->_axfr_i == ldns_pkt_ancount(resolver->_cur_axfr_pkt)) { + ldns_pkt_free(resolver->_cur_axfr_pkt); + resolver->_cur_axfr_pkt = NULL; + return ldns_axfr_next(resolver); + } + cur_rr = ldns_rr_clone(ldns_rr_list_rr( + ldns_pkt_answer(resolver->_cur_axfr_pkt), + resolver->_axfr_i)); + resolver->_axfr_i++; + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) { + resolver->_axfr_soa_count++; + if (resolver->_axfr_soa_count >= 2) { + close(resolver->_socket); + resolver->_socket = 0; + ldns_pkt_free(resolver->_cur_axfr_pkt); + resolver->_cur_axfr_pkt = NULL; + } + } + return cur_rr; + } else { + packet_wire = ldns_tcp_read_wire(resolver->_socket, &packet_wire_size); + if(!packet_wire) + return NULL; + + status = ldns_wire2pkt(&resolver->_cur_axfr_pkt, packet_wire, + packet_wire_size); + free(packet_wire); + + resolver->_axfr_i = 0; + if (status != LDNS_STATUS_OK) { + /* TODO: make status return type of this function (...api change) */ + fprintf(stderr, "Error parsing rr during AXFR: %s\n", ldns_get_errorstr_by_id(status)); + return NULL; + } else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) { + rcode = ldns_lookup_by_id(ldns_rcodes, (int) ldns_pkt_get_rcode(resolver->_cur_axfr_pkt)); + fprintf(stderr, "Error in AXFR: %s\n", rcode->name); + return NULL; + } else { + return ldns_axfr_next(resolver); + } + + } + +} + +bool +ldns_axfr_complete(const ldns_resolver *res) +{ + /* complete when soa count is 2? */ + return res->_axfr_soa_count == 2; +} + +ldns_pkt * +ldns_axfr_last_pkt(const ldns_resolver *res) +{ + return res->_cur_axfr_pkt; +} + +/* random isn't really that good */ +void +ldns_resolver_nameservers_randomize(ldns_resolver *r) +{ + uint8_t i, j; + ldns_rdf **ns, *tmp; + + /* should I check for ldns_resolver_random?? */ + assert(r != NULL); + + ns = ldns_resolver_nameservers(r); + + for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { + j = random() % ldns_resolver_nameserver_count(r); + tmp = ns[i]; + ns[i] = ns[j]; + ns[j] = tmp; + } + ldns_resolver_set_nameservers(r, ns); +} + diff --git a/contrib/ldns/rr.c b/contrib/ldns/rr.c new file mode 100644 index 0000000000..a8aad56667 --- /dev/null +++ b/contrib/ldns/rr.c @@ -0,0 +1,2310 @@ +/* rr.c + * + * access functions for ldns_rr - + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * + * (c) NLnet Labs, 2004-2006 + * See the file LICENSE for the license + */ +#include + +#include + +#include +#include + +#include + +#define LDNS_SYNTAX_DATALEN 16 +#define LDNS_TTL_DATALEN 21 +#define LDNS_RRLIST_INIT 8 + +ldns_rr * +ldns_rr_new(void) +{ + ldns_rr *rr; + rr = LDNS_MALLOC(ldns_rr); + if (!rr) { + return NULL; + } + + ldns_rr_set_owner(rr, NULL); + ldns_rr_set_question(rr, false); + ldns_rr_set_rd_count(rr, 0); + rr->_rdata_fields = NULL; + ldns_rr_set_class(rr, LDNS_RR_CLASS_IN); + ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL); + return rr; +} + +ldns_rr * +ldns_rr_new_frm_type(ldns_rr_type t) +{ + ldns_rr *rr; + const ldns_rr_descriptor *desc; + size_t i; + + rr = LDNS_MALLOC(ldns_rr); + if (!rr) { + return NULL; + } + + desc = ldns_rr_descript(t); + + rr->_rdata_fields = LDNS_XMALLOC(ldns_rdf *, ldns_rr_descriptor_minimum(desc)); + for (i = 0; i < ldns_rr_descriptor_minimum(desc); i++) { + rr->_rdata_fields[i] = NULL; + } + + ldns_rr_set_owner(rr, NULL); + ldns_rr_set_question(rr, false); + /* set the count to minimum */ + ldns_rr_set_rd_count(rr, ldns_rr_descriptor_minimum(desc)); + ldns_rr_set_class(rr, LDNS_RR_CLASS_IN); + ldns_rr_set_ttl(rr, LDNS_DEFAULT_TTL); + ldns_rr_set_type(rr, t); + return rr; +} + +void +ldns_rr_free(ldns_rr *rr) +{ + size_t i; + if (rr) { + if (ldns_rr_owner(rr)) { + ldns_rdf_deep_free(ldns_rr_owner(rr)); + } + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + ldns_rdf_deep_free(ldns_rr_rdf(rr, i)); + } + LDNS_FREE(rr->_rdata_fields); + LDNS_FREE(rr); + } +} + +/* + * trailing spaces are allowed + * leading spaces are not allowed + * allow ttl to be optional + * class is optional too + * if ttl is missing, and default_ttl is 0, use DEF_TTL + * allow ttl to be written as 1d3h + * So the RR should look like. e.g. + * miek.nl. 3600 IN MX 10 elektron.atoom.net + * or + * miek.nl. 1h IN MX 10 elektron.atoom.net + * or + * miek.nl. IN MX 10 elektron.atoom.net + */ +static ldns_status +ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str, + uint32_t default_ttl, ldns_rdf *origin, + ldns_rdf **prev, bool question) +{ + ldns_rr *new; + const ldns_rr_descriptor *desc; + ldns_rr_type rr_type; + ldns_buffer *rr_buf; + ldns_buffer *rd_buf; + uint32_t ttl_val; + char *owner; + char *ttl; + ldns_rr_class clas_val; + char *clas; + char *type = NULL; + char *rdata; + char *rd; + char *b64; + size_t rd_strlen; + const char *delimiters; + ssize_t c; + ldns_rdf *owner_dname; + const char* endptr; + + /* used for types with unknown number of rdatas */ + bool done; + bool quoted; + + ldns_rdf *r = NULL; + uint16_t r_cnt; + uint16_t r_min; + uint16_t r_max; + + uint16_t hex_data_size; + char *hex_data_str; + uint16_t cur_hex_data_size; + uint8_t *hex_data; + size_t hex_pos; + + new = ldns_rr_new(); + + owner = LDNS_XMALLOC(char, LDNS_MAX_DOMAINLEN + 1); + ttl = LDNS_XMALLOC(char, LDNS_TTL_DATALEN); + clas = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN); + rdata = LDNS_XMALLOC(char, LDNS_MAX_PACKETLEN + 1); + rr_buf = LDNS_MALLOC(ldns_buffer); + rd_buf = LDNS_MALLOC(ldns_buffer); + rd = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); + b64 = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); + if (!new || !owner || !ttl || !clas || !rdata || !rr_buf || !rd_buf || !rd || !b64 ) { + return LDNS_STATUS_MEM_ERR; + } + r_cnt = 0; + ttl_val = 0; + clas_val = 0; + + ldns_buffer_new_frm_data(rr_buf, (char*)str, strlen(str)); + + /* split the rr in its parts -1 signals trouble */ + if (ldns_bget_token(rr_buf, owner, "\t\n ", LDNS_MAX_DOMAINLEN) == -1) { + LDNS_FREE(owner); + LDNS_FREE(ttl); + LDNS_FREE(clas); + LDNS_FREE(rdata); + LDNS_FREE(rd); + LDNS_FREE(rd_buf); + LDNS_FREE(b64); + ldns_buffer_free(rr_buf); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_ERR; + } + + if (ldns_bget_token(rr_buf, ttl, "\t\n ", LDNS_TTL_DATALEN) == -1) { + LDNS_FREE(owner); + LDNS_FREE(ttl); + LDNS_FREE(clas); + LDNS_FREE(rdata); + LDNS_FREE(rd); + LDNS_FREE(rd_buf); + LDNS_FREE(b64); + ldns_buffer_free(rr_buf); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_TTL_ERR; + } + ttl_val = (uint32_t) ldns_str2period(ttl, &endptr); + + if (strlen(ttl) > 0 && !isdigit((int) ttl[0])) { + /* ah, it's not there or something */ + if (default_ttl == 0) { + ttl_val = LDNS_DEFAULT_TTL; + } else { + ttl_val = default_ttl; + } + /* we not ASSUMING the TTL is missing and that + * the rest of the RR is still there. That is + * CLASS TYPE RDATA + * so ttl value we read is actually the class + */ + clas_val = ldns_get_rr_class_by_name(ttl); + /* class can be left out too, assume IN, current + * token must be type + */ + if (clas_val == 0) { + clas_val = LDNS_RR_CLASS_IN; + type = LDNS_XMALLOC(char, strlen(ttl) + 1); + strncpy(type, ttl, strlen(ttl) + 1); + } + } else { + if (ldns_bget_token(rr_buf, clas, "\t\n ", LDNS_SYNTAX_DATALEN) == -1) { + LDNS_FREE(owner); + LDNS_FREE(ttl); + LDNS_FREE(clas); + LDNS_FREE(rdata); + LDNS_FREE(rd); + LDNS_FREE(rd_buf); + ldns_buffer_free(rr_buf); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_CLASS_ERR; + } + clas_val = ldns_get_rr_class_by_name(clas); + /* class can be left out too, assume IN, current + * token must be type + */ + if (clas_val == 0) { + clas_val = LDNS_RR_CLASS_IN; + type = LDNS_XMALLOC(char, strlen(clas) + 1); + strncpy(type, clas, strlen(clas) + 1); + } + } + /* the rest should still be waiting for us */ + + if (!type) { + type = LDNS_XMALLOC(char, LDNS_SYNTAX_DATALEN); + if (ldns_bget_token(rr_buf, type, "\t\n ", LDNS_SYNTAX_DATALEN) == -1) { + LDNS_FREE(owner); + LDNS_FREE(ttl); + LDNS_FREE(clas); + LDNS_FREE(rdata); + LDNS_FREE(rd); + LDNS_FREE(rd_buf); + ldns_buffer_free(rr_buf); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_TYPE_ERR; + } + } + + if (ldns_bget_token(rr_buf, rdata, "\0", LDNS_MAX_PACKETLEN) == -1) { + /* apparently we are done, and it's only a question RR + * so do not free and error here + LDNS_FREE(owner); + LDNS_FREE(ttl); + LDNS_FREE(clas); + LDNS_FREE(type); + LDNS_FREE(rdata); + LDNS_FREE(rd); + LDNS_FREE(rd_buf); + ldns_buffer_free(rr_buf); + ldns_rr_free(new); + return NULL; + */ + } + + ldns_buffer_new_frm_data(rd_buf, rdata, strlen(rdata)); + + if (strlen(owner) <= 1 && strncmp(owner, "@", 1) == 0) { + if (origin) { + ldns_rr_set_owner(new, ldns_rdf_clone(origin)); + } else if (prev && *prev) { + ldns_rr_set_owner(new, ldns_rdf_clone(*prev)); + } else { + /* default to root */ + ldns_rr_set_owner(new, ldns_dname_new_frm_str(".")); + } + + /* @ also overrides prev */ + if (prev) { + ldns_rdf_deep_free(*prev); + *prev = ldns_rdf_clone(ldns_rr_owner(new)); + } + } else { + if (strlen(owner) == 0) { + /* no ownername was given, try prev, if that fails + * origin, else default to root */ + if (prev && *prev) { + ldns_rr_set_owner(new, ldns_rdf_clone(*prev)); + } else if (origin) { + ldns_rr_set_owner(new, ldns_rdf_clone(origin)); + } else { + ldns_rr_set_owner(new, ldns_dname_new_frm_str(".")); + } + } else { + owner_dname = ldns_dname_new_frm_str(owner); + if (!owner_dname) { + LDNS_FREE(owner); + LDNS_FREE(ttl); + LDNS_FREE(clas); + LDNS_FREE(type); + LDNS_FREE(rdata); + LDNS_FREE(rd); + LDNS_FREE(rd_buf); + ldns_buffer_free(rr_buf); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_ERR; + } + + ldns_rr_set_owner(new, owner_dname); + if (!ldns_dname_str_absolute(owner) && origin) { + if(ldns_dname_cat(ldns_rr_owner(new), + origin) != LDNS_STATUS_OK) { + LDNS_FREE(owner); + LDNS_FREE(ttl); + LDNS_FREE(clas); + LDNS_FREE(type); + LDNS_FREE(rdata); + LDNS_FREE(rd); + LDNS_FREE(rd_buf); + ldns_buffer_free(rr_buf); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_ERR; + } + } + if (prev) { + ldns_rdf_deep_free(*prev); + *prev = ldns_rdf_clone(ldns_rr_owner(new)); + } + } + } + LDNS_FREE(owner); + + ldns_rr_set_question(new, question); + + ldns_rr_set_ttl(new, ttl_val); + LDNS_FREE(ttl); + + ldns_rr_set_class(new, clas_val); + LDNS_FREE(clas); + + rr_type = ldns_get_rr_type_by_name(type); + LDNS_FREE(type); + + desc = ldns_rr_descript((uint16_t)rr_type); + ldns_rr_set_type(new, rr_type); + if (desc) { + /* only the rdata remains */ + r_max = ldns_rr_descriptor_maximum(desc); + r_min = ldns_rr_descriptor_minimum(desc); + } else { + r_min = 0; + r_max = 1; + } + + /* depending on the rr_type we need to extract + * the rdata differently, e.g. NSEC/NSEC3 */ + switch(rr_type) { + default: + done = false; + + for (r_cnt = 0; !done && r_cnt < r_max; r_cnt++) { + quoted = false; + /* if type = B64, the field may contain spaces */ + if (ldns_rr_descriptor_field_type(desc, + r_cnt) == LDNS_RDF_TYPE_B64 || + ldns_rr_descriptor_field_type(desc, + r_cnt) == LDNS_RDF_TYPE_HEX || + ldns_rr_descriptor_field_type(desc, + r_cnt) == LDNS_RDF_TYPE_LOC || + ldns_rr_descriptor_field_type(desc, + r_cnt) == LDNS_RDF_TYPE_WKS || + ldns_rr_descriptor_field_type(desc, + r_cnt) == LDNS_RDF_TYPE_IPSECKEY || + ldns_rr_descriptor_field_type(desc, + r_cnt) == LDNS_RDF_TYPE_NSEC) { + delimiters = "\n\t"; + } else { + delimiters = "\n\t "; + } + + if (ldns_rr_descriptor_field_type(desc, + r_cnt) == LDNS_RDF_TYPE_STR && + ldns_buffer_remaining(rd_buf) > 0) { + /* skip spaces */ + while (*(ldns_buffer_current(rd_buf)) == ' ') { + ldns_buffer_skip(rd_buf, 1); + } + + if (*(ldns_buffer_current(rd_buf)) == '\"') { + delimiters = "\"\0"; + ldns_buffer_skip(rd_buf, 1); + quoted = true; + } + } + + /* because number of fields can be variable, we can't + rely on _maximum() only */ + /* skip spaces */ + while (ldns_buffer_position(rd_buf) < ldns_buffer_limit(rd_buf) && + *(ldns_buffer_current(rd_buf)) == ' ' + ) { + ldns_buffer_skip(rd_buf, 1); + } + + if ((c = ldns_bget_token(rd_buf, rd, delimiters, + LDNS_MAX_RDFLEN)) != -1) { + /* hmmz, rfc3597 specifies that any type can be represented with + * \# method, which can contain spaces... + * it does specify size though... + */ + rd_strlen = strlen(rd); + + /* unknown RR data */ + if (rd_strlen == 2 && strncmp(rd, "\\#", 2) == 0 && !quoted) { + c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN); + if (c == -1) { + /* something goes very wrong here */ + ldns_buffer_free(rd_buf); + LDNS_FREE(rd); + return LDNS_STATUS_SYNTAX_RDATA_ERR; + } + hex_data_size = (uint16_t) atoi(rd); + /* copy the hex chars into hex str (which is 2 chars per byte) */ + hex_data_str = LDNS_XMALLOC(char, 2 * hex_data_size + 1); + if (!hex_data_str) { + /* malloc error */ + ldns_buffer_free(rd_buf); + LDNS_FREE(rd); + return LDNS_STATUS_SYNTAX_RDATA_ERR; + } + cur_hex_data_size = 0; + while(cur_hex_data_size < 2 * hex_data_size) { + c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN); + rd_strlen = strlen(rd); + strncpy(hex_data_str + cur_hex_data_size, rd, rd_strlen); + cur_hex_data_size += rd_strlen; + } + hex_data_str[cur_hex_data_size] = '\0'; + + /* correct the rdf type */ + /* if *we* know the type, interpret it as wireformat */ + if (desc) { + hex_data = LDNS_XMALLOC(uint8_t, hex_data_size + 2); + ldns_write_uint16(hex_data, hex_data_size); + ldns_hexstring_to_data(hex_data + 2, hex_data_str); + hex_pos = 0; + (void) ldns_wire2rdf(new, hex_data, + hex_data_size+2, &hex_pos); + LDNS_FREE(hex_data); + } else { + r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_HEX, hex_data_str); + ldns_rdf_set_type(r, LDNS_RDF_TYPE_UNKNOWN); + ldns_rr_push_rdf(new, r); + } + LDNS_FREE(hex_data_str); + } else { + /* Normal RR */ + switch(ldns_rr_descriptor_field_type(desc, r_cnt)) { + case LDNS_RDF_TYPE_HEX: + case LDNS_RDF_TYPE_B64: + /* can have spaces, and will always be the last + * record of the rrdata. Read in the rest */ + if ((c = ldns_bget_token(rd_buf, + b64, + "\n", + LDNS_MAX_RDFLEN)) + != -1) { + rd = strncat(rd, + b64, + LDNS_MAX_RDFLEN + - strlen(rd) - 1); + } + r = ldns_rdf_new_frm_str( + ldns_rr_descriptor_field_type(desc, r_cnt), + rd); + break; + case LDNS_RDF_TYPE_DNAME: + r = ldns_rdf_new_frm_str( + ldns_rr_descriptor_field_type(desc, r_cnt), + rd); + + /* check if the origin should be used or concatenated */ + if (r && ldns_rdf_size(r) > 1 && ldns_rdf_data(r)[0] == 1 + && ldns_rdf_data(r)[1] == '@') { + ldns_rdf_deep_free(r); + if (origin) { + r = ldns_rdf_clone(origin); + } else { + /* if this is the SOA, use its own owner name */ + if (rr_type == LDNS_RR_TYPE_SOA) { + r = ldns_rdf_clone(ldns_rr_owner(new)); + } else { + r = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, "."); + } + } + } else if (r && rd_strlen >= 1 && !ldns_dname_str_absolute(rd) && origin) { + if (ldns_dname_cat(r, origin) != LDNS_STATUS_OK) { + return LDNS_STATUS_ERR; + } + } + break; + default: + r = ldns_rdf_new_frm_str( + ldns_rr_descriptor_field_type(desc, r_cnt), + rd); + break; + } + if (r) { + ldns_rr_push_rdf(new, r); + } else { + LDNS_FREE(rd); + LDNS_FREE(b64); + ldns_buffer_free(rd_buf); + ldns_buffer_free(rr_buf); + LDNS_FREE(rdata); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_RDATA_ERR; + } + } + if (quoted) { + if (ldns_buffer_available(rd_buf, 1)) { + ldns_buffer_skip(rd_buf, 1); + } else { + done = true; + } + } + } else { + done = true; + } + } + } + LDNS_FREE(rd); + LDNS_FREE(b64); + ldns_buffer_free(rd_buf); + ldns_buffer_free(rr_buf); + LDNS_FREE(rdata); + + if (!question && desc && ldns_rr_rd_count(new) < r_min) { + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR; + } + + if (newrr) { + *newrr = new; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_rr_new_frm_str(ldns_rr **newrr, const char *str, + uint32_t default_ttl, ldns_rdf *origin, + ldns_rdf **prev) +{ + return ldns_rr_new_frm_str_internal(newrr, + str, + default_ttl, + origin, + prev, + false); +} + +ldns_status +ldns_rr_new_question_frm_str(ldns_rr **newrr, const char *str, + ldns_rdf *origin, ldns_rdf **prev) +{ + return ldns_rr_new_frm_str_internal(newrr, + str, + 0, + origin, + prev, + true); +} + +ldns_status +ldns_rr_new_frm_fp(ldns_rr **newrr, FILE *fp, uint32_t *ttl, ldns_rdf **origin, ldns_rdf **prev) +{ + return ldns_rr_new_frm_fp_l(newrr, fp, ttl, origin, prev, NULL); +} + +ldns_status +ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf **origin, ldns_rdf **prev, int *line_nr) +{ + char *line; + const char *endptr; /* unused */ + ldns_rr *rr; + char *keyword; + uint32_t ttl; + ldns_rdf *tmp; + ldns_status s; + ssize_t size; + + s = LDNS_STATUS_ERR; + if (default_ttl) { + ttl = *default_ttl; + } else { + ttl = 0; + } + + line = LDNS_XMALLOC(char, LDNS_MAX_LINELEN + 1); + if (!line) { + return LDNS_STATUS_MEM_ERR; + } + + /* read an entire line in from the file */ + if ((size = ldns_fget_token_l(fp, line, LDNS_PARSE_SKIP_SPACE, LDNS_MAX_LINELEN, line_nr)) == -1) { + LDNS_FREE(line); + /* if last line was empty, we are now at feof, which is not + * always a parse error (happens when for instance last line + * was a comment) + */ + return LDNS_STATUS_SYNTAX_ERR; + } + + /* we can have the situation, where we've read ok, but still got + * no bytes to play with, in this case size is 0 + */ + if (size == 0) { + LDNS_FREE(line); + return LDNS_STATUS_SYNTAX_EMPTY; + } + + if ((keyword = strstr(line, "$ORIGIN "))) { + if (*origin) { + ldns_rdf_deep_free(*origin); + *origin = NULL; + } + tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, keyword + 8); + if (!tmp) { + /* could not parse what next to $ORIGIN */ + LDNS_FREE(line); + return LDNS_STATUS_SYNTAX_DNAME_ERR; + } + *origin = tmp; + s = LDNS_STATUS_SYNTAX_ORIGIN; + } else if ((keyword = strstr(line, "$TTL "))) { + if (default_ttl) { + *default_ttl = ldns_str2period(keyword + 5, &endptr); + } + s = LDNS_STATUS_SYNTAX_TTL; + } else { + if (origin && *origin) { + s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, *origin, prev); + } else { + s = ldns_rr_new_frm_str(&rr, (const char*) line, ttl, NULL, prev); + } + } + LDNS_FREE(line); + if (newrr && s == LDNS_STATUS_OK) { + *newrr = rr; + } + return s; +} + +void +ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *owner) +{ + rr->_owner = owner; +} + +void +ldns_rr_set_question(ldns_rr *rr, bool question) +{ + rr->_rr_question = question; +} + +void +ldns_rr_set_ttl(ldns_rr *rr, uint32_t ttl) +{ + rr->_ttl = ttl; +} + +void +ldns_rr_set_rd_count(ldns_rr *rr, size_t count) +{ + rr->_rd_count = count; +} + +void +ldns_rr_set_type(ldns_rr *rr, ldns_rr_type rr_type) +{ + rr->_rr_type = rr_type; +} + +void +ldns_rr_set_class(ldns_rr *rr, ldns_rr_class rr_class) +{ + rr->_rr_class = rr_class; +} + +ldns_rdf * +ldns_rr_set_rdf(ldns_rr *rr, const ldns_rdf *f, size_t position) +{ + size_t rd_count; + ldns_rdf *pop; + ldns_rdf **rdata_fields; + + rd_count = ldns_rr_rd_count(rr); + if (position < rd_count) { + rdata_fields = rr->_rdata_fields; + /* dicard the old one */ + pop = rr->_rdata_fields[position]; + rr->_rdata_fields[position] = (ldns_rdf*)f; + return pop; + } else { + return NULL; + } +} + +bool +ldns_rr_push_rdf(ldns_rr *rr, const ldns_rdf *f) +{ + size_t rd_count; + ldns_rdf **rdata_fields; + + rd_count = ldns_rr_rd_count(rr); + + /* grow the array */ + rdata_fields = LDNS_XREALLOC( + rr->_rdata_fields, ldns_rdf *, rd_count + 1); + if (!rdata_fields) { + return false; + } + + /* add the new member */ + rr->_rdata_fields = rdata_fields; + rr->_rdata_fields[rd_count] = (ldns_rdf*)f; + + ldns_rr_set_rd_count(rr, rd_count + 1); + return true; +} + +ldns_rdf * +ldns_rr_pop_rdf(ldns_rr *rr) +{ + size_t rd_count; + ldns_rdf *pop; + + rd_count = ldns_rr_rd_count(rr); + + if (rd_count == 0) { + return NULL; + } + + pop = rr->_rdata_fields[rd_count - 1]; + + /* shrink the array */ + rr->_rdata_fields = LDNS_XREALLOC( + rr->_rdata_fields, ldns_rdf *, rd_count - 1); + + ldns_rr_set_rd_count(rr, rd_count - 1); + return pop; +} + +ldns_rdf * +ldns_rr_rdf(const ldns_rr *rr, size_t nr) +{ + if (nr < ldns_rr_rd_count(rr)) { + return rr->_rdata_fields[nr]; + } else { + return NULL; + } +} + +ldns_rdf * +ldns_rr_owner(const ldns_rr *rr) +{ + return rr->_owner; +} + +bool +ldns_rr_is_question(const ldns_rr *rr) +{ + return rr->_rr_question; +} + +uint32_t +ldns_rr_ttl(const ldns_rr *rr) +{ + return rr->_ttl; +} + +size_t +ldns_rr_rd_count(const ldns_rr *rr) +{ + return rr->_rd_count; +} + +ldns_rr_type +ldns_rr_get_type(const ldns_rr *rr) +{ + return rr->_rr_type; +} + +ldns_rr_class +ldns_rr_get_class(const ldns_rr *rr) +{ + return rr->_rr_class; +} + +/* rr_lists */ + +size_t +ldns_rr_list_rr_count(const ldns_rr_list *rr_list) +{ + if (rr_list) { + return rr_list->_rr_count; + } else { + return 0; + } +} + +ldns_rr * +ldns_rr_list_set_rr(ldns_rr_list *rr_list, const ldns_rr *r, size_t count) +{ + ldns_rr *old; + + if (count > ldns_rr_list_rr_count(rr_list)) { + return NULL; + } + + old = ldns_rr_list_rr(rr_list, count); + + /* overwrite old's pointer */ + rr_list->_rrs[count] = (ldns_rr*)r; + return old; +} + +void +ldns_rr_list_set_rr_count(ldns_rr_list *rr_list, size_t count) +{ + assert(count <= rr_list->_rr_capacity); + rr_list->_rr_count = count; +} + +ldns_rr * +ldns_rr_list_rr(const ldns_rr_list *rr_list, size_t nr) +{ + if (nr < ldns_rr_list_rr_count(rr_list)) { + return rr_list->_rrs[nr]; + } else { + return NULL; + } +} + +ldns_rr_list * +ldns_rr_list_new() +{ + ldns_rr_list *rr_list = LDNS_MALLOC(ldns_rr_list); + rr_list->_rr_count = 0; + rr_list->_rr_capacity = 0; + rr_list->_rrs = NULL; + return rr_list; +} + +void +ldns_rr_list_free(ldns_rr_list *rr_list) +{ + if (rr_list) { + LDNS_FREE(rr_list->_rrs); + LDNS_FREE(rr_list); + } +} + +void +ldns_rr_list_deep_free(ldns_rr_list *rr_list) +{ + size_t i; + + if (rr_list) { + for (i=0; i < ldns_rr_list_rr_count(rr_list); i++) { + ldns_rr_free(ldns_rr_list_rr(rr_list, i)); + } + LDNS_FREE(rr_list->_rrs); + LDNS_FREE(rr_list); + } +} + + +/* add right to left. So we modify *left! */ +bool +ldns_rr_list_cat(ldns_rr_list *left, ldns_rr_list *right) +{ + size_t r_rr_count; + size_t l_rr_count; + size_t i; + + if (left) { + l_rr_count = ldns_rr_list_rr_count(left); + } else { + return false; + } + + if (right) { + r_rr_count = ldns_rr_list_rr_count(right); + } else { + r_rr_count = 0; + } + + /* push right to left */ + for(i = 0; i < r_rr_count; i++) { + ldns_rr_list_push_rr(left, ldns_rr_list_rr(right, i)); + } + return true; +} + +ldns_rr_list * +ldns_rr_list_cat_clone(ldns_rr_list *left, ldns_rr_list *right) +{ + size_t l_rr_count; + size_t r_rr_count; + size_t i; + ldns_rr_list *cat; + + l_rr_count = 0; + + if (left) { + l_rr_count = ldns_rr_list_rr_count(left); + } else { + return ldns_rr_list_clone(right); + } + + if (right) { + r_rr_count = ldns_rr_list_rr_count(right); + } else { + r_rr_count = 0; + } + + cat = ldns_rr_list_new(); + + if (!cat) { + return NULL; + } + + /* left */ + for(i = 0; i < l_rr_count; i++) { + ldns_rr_list_push_rr(cat, + ldns_rr_clone(ldns_rr_list_rr(left, i))); + } + /* right */ + for(i = 0; i < r_rr_count; i++) { + ldns_rr_list_push_rr(cat, + ldns_rr_clone(ldns_rr_list_rr(right, i))); + } + return cat; +} + +ldns_rr_list * +ldns_rr_list_subtype_by_rdf(ldns_rr_list *l, ldns_rdf *r, size_t pos) +{ + size_t i; + ldns_rr_list *subtyped; + ldns_rdf *list_rdf; + + subtyped = ldns_rr_list_new(); + + for(i = 0; i < ldns_rr_list_rr_count(l); i++) { + list_rdf = ldns_rr_rdf( + ldns_rr_list_rr(l, i), + pos); + if (!list_rdf) { + /* pos is too large or any other error */ + ldns_rr_list_deep_free(subtyped); + return NULL; + } + + if (ldns_rdf_compare(list_rdf, r) == 0) { + /* a match */ + ldns_rr_list_push_rr(subtyped, + ldns_rr_clone(ldns_rr_list_rr(l, i))); + } + } + + if (ldns_rr_list_rr_count(subtyped) > 0) { + return subtyped; + } else { + ldns_rr_list_free(subtyped); + return NULL; + } +} + +bool +ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr) +{ + size_t rr_count; + size_t cap; + + rr_count = ldns_rr_list_rr_count(rr_list); + cap = rr_list->_rr_capacity; + + /* grow the array */ + if(rr_count+1 > cap) { + ldns_rr **rrs; + + if(cap == 0) + cap = LDNS_RRLIST_INIT; /* initial list size */ + else cap *= 2; + rrs = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap); + if (!rrs) { + return false; + } + rr_list->_rrs = rrs; + rr_list->_rr_capacity = cap; + } + + /* add the new member */ + rr_list->_rrs[rr_count] = (ldns_rr*)rr; + + ldns_rr_list_set_rr_count(rr_list, rr_count + 1); + return true; +} + +bool +ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list) +{ + size_t i; + + for(i = 0; i < ldns_rr_list_rr_count(push_list); i++) { + if (!ldns_rr_list_push_rr(rr_list, + ldns_rr_list_rr(push_list, i))) { + return false; + } + } + return true; +} + +ldns_rr * +ldns_rr_list_pop_rr(ldns_rr_list *rr_list) +{ + size_t rr_count; + size_t cap; + ldns_rr *pop; + + rr_count = ldns_rr_list_rr_count(rr_list); + + if (rr_count == 0) { + return NULL; + } + + cap = rr_list->_rr_capacity; + pop = ldns_rr_list_rr(rr_list, rr_count - 1); + + /* shrink the array */ + if(cap > LDNS_RRLIST_INIT && rr_count-1 <= cap/2) { + cap /= 2; + rr_list->_rrs = LDNS_XREALLOC(rr_list->_rrs, ldns_rr *, cap); + rr_list->_rr_capacity = cap; + } + + ldns_rr_list_set_rr_count(rr_list, rr_count - 1); + + return pop; +} + +ldns_rr_list * +ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t howmany) +{ + /* pop a number of rr's and put them in a rr_list */ + ldns_rr_list *popped; + ldns_rr *p; + size_t i = howmany; + + popped = ldns_rr_list_new(); + + if (!popped) { + return NULL; + } + + + while(i > 0 && + (p = ldns_rr_list_pop_rr(rr_list)) != NULL) { + ldns_rr_list_push_rr(popped, p); + i--; + } + + if (i == howmany) { + return NULL; + } else { + return popped; + } +} + + +bool +ldns_rr_list_contains_rr(const ldns_rr_list *rr_list, ldns_rr *rr) +{ + size_t i; + + if (!rr_list || !rr || ldns_rr_list_rr_count(rr_list) == 0) { + return false; + } + + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + if (rr == ldns_rr_list_rr(rr_list, i)) { + return true; + } else if (ldns_rr_compare(rr, ldns_rr_list_rr(rr_list, i)) == 0) { + return true; + } + } + return false; +} + +bool +ldns_is_rrset(ldns_rr_list *rr_list) +{ + ldns_rr_type t; + ldns_rr_class c; + ldns_rdf *o; + ldns_rr *tmp; + size_t i; + + if (!rr_list || ldns_rr_list_rr_count(rr_list) == 0) { + return false; + } + + tmp = ldns_rr_list_rr(rr_list, 0); + + t = ldns_rr_get_type(tmp); + c = ldns_rr_get_class(tmp); + o = ldns_rr_owner(tmp); + + /* compare these with the rest of the rr_list, start with 1 */ + for (i = 1; i < ldns_rr_list_rr_count(rr_list); i++) { + tmp = ldns_rr_list_rr(rr_list, i); + if (t != ldns_rr_get_type(tmp)) { + return false; + } + if (c != ldns_rr_get_class(tmp)) { + return false; + } + if (ldns_rdf_compare(o, ldns_rr_owner(tmp)) != 0) { + return false; + } + } + return true; +} + +bool +ldns_rr_set_push_rr(ldns_rr_list *rr_list, ldns_rr *rr) +{ + size_t rr_count; + size_t i; + ldns_rr *last; + + assert(rr != NULL); + + rr_count = ldns_rr_list_rr_count(rr_list); + + if (rr_count == 0) { + /* nothing there, so checking it is + * not needed */ + return ldns_rr_list_push_rr(rr_list, rr); + } else { + /* check with the final rr in the rr_list */ + last = ldns_rr_list_rr(rr_list, rr_count - 1); + + if (ldns_rr_get_class(last) != ldns_rr_get_class(rr)) { + return false; + } + if (ldns_rr_get_type(last) != ldns_rr_get_type(rr)) { + return false; + } + /* only check if not equal to RRSIG */ + if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) { + if (ldns_rr_ttl(last) != ldns_rr_ttl(rr)) { + return false; + } + } + if (ldns_rdf_compare(ldns_rr_owner(last), + ldns_rr_owner(rr)) != 0) { + return false; + } + /* ok, still alive - check if the rr already + * exists - if so, dont' add it */ + for(i = 0; i < rr_count; i++) { + if(ldns_rr_compare( + ldns_rr_list_rr(rr_list, i), rr) == 0) { + return false; + } + } + /* it's safe, push it */ + return ldns_rr_list_push_rr(rr_list, rr); + } +} + +ldns_rr * +ldns_rr_set_pop_rr(ldns_rr_list *rr_list) +{ + return ldns_rr_list_pop_rr(rr_list); +} + +ldns_rr_list * +ldns_rr_list_pop_rrset(ldns_rr_list *rr_list) +{ + ldns_rr_list *rrset; + ldns_rr *last_rr = NULL; + ldns_rr *next_rr; + + if (!rr_list) { + return NULL; + } + + rrset = ldns_rr_list_new(); + if (!last_rr) { + last_rr = ldns_rr_list_pop_rr(rr_list); + if (!last_rr) { + ldns_rr_list_free(rrset); + return NULL; + } else { + ldns_rr_list_push_rr(rrset, last_rr); + } + } + + if (ldns_rr_list_rr_count(rr_list) > 0) { + next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1); + } else { + next_rr = NULL; + } + + while (next_rr) { + if ( + ldns_rdf_compare(ldns_rr_owner(next_rr), + ldns_rr_owner(last_rr)) == 0 + && + ldns_rr_get_type(next_rr) == ldns_rr_get_type(last_rr) + && + ldns_rr_get_class(next_rr) == ldns_rr_get_class(last_rr) + ) { + ldns_rr_list_push_rr(rrset, ldns_rr_list_pop_rr(rr_list)); + if (ldns_rr_list_rr_count(rr_list) > 0) { + last_rr = next_rr; + next_rr = ldns_rr_list_rr(rr_list, ldns_rr_list_rr_count(rr_list) - 1); + } else { + next_rr = NULL; + } + } else { + next_rr = NULL; + } + } + + return rrset; +} + +ldns_rr * +ldns_rr_clone(const ldns_rr *rr) +{ + size_t i; + ldns_rr *new_rr; + + if (!rr) { + return NULL; + } + + new_rr = ldns_rr_new(); + if (!new_rr) { + return NULL; + } + if (ldns_rr_owner(rr)) { + ldns_rr_set_owner(new_rr, ldns_rdf_clone(ldns_rr_owner(rr))); + } + ldns_rr_set_ttl(new_rr, ldns_rr_ttl(rr)); + ldns_rr_set_type(new_rr, ldns_rr_get_type(rr)); + ldns_rr_set_class(new_rr, ldns_rr_get_class(rr)); + + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + if (ldns_rr_rdf(rr,i)) { + ldns_rr_push_rdf(new_rr, ldns_rdf_clone(ldns_rr_rdf(rr, i))); + } + } + + return new_rr; +} + +ldns_rr_list * +ldns_rr_list_clone(const ldns_rr_list *rrlist) +{ + size_t i; + ldns_rr_list *new_list; + ldns_rr *r; + + if (!rrlist) { + return NULL; + } + + new_list = ldns_rr_list_new(); + if (!new_list) { + return NULL; + } + for (i = 0; i < ldns_rr_list_rr_count(rrlist); i++) { + r = ldns_rr_clone( + ldns_rr_list_rr(rrlist, i) + ); + if (!r) { + /* huh, failure in cloning */ + ldns_rr_list_deep_free(new_list); + return NULL; + } + ldns_rr_list_push_rr(new_list, r); + } + return new_list; +} + + +int +qsort_rr_compare(const void *a, const void *b) +{ + const ldns_rr *rr1 = * (const ldns_rr **) a; + const ldns_rr *rr2 = * (const ldns_rr **) b; + + if (rr1 == NULL && rr2 == NULL) { + return 0; + } + if (rr1 == NULL) { + return -1; + } + if (rr2 == NULL) { + return 1; + } + return ldns_rr_compare(rr1, rr2); +} + +int +qsort_schwartz_rr_compare(const void *a, const void *b) +{ + int result = 0; + ldns_rr *rr1, *rr2; + ldns_buffer *rr1_buf, *rr2_buf; + struct ldns_schwartzian_compare_struct *sa = *(struct ldns_schwartzian_compare_struct **) a; + struct ldns_schwartzian_compare_struct *sb = *(struct ldns_schwartzian_compare_struct **) b; + /* if we are doing 2wire, we need to do lowercasing on the dname (and maybe on the rdata) + * this must be done for comparison only, so we need to have a temp var for both buffers, + * which is only used when the transformed object value isn't there yet + */ + ldns_rr *canonical_a, *canonical_b; + + rr1 = (ldns_rr *) sa->original_object; + rr2 = (ldns_rr *) sb->original_object; + + result = ldns_rr_compare_no_rdata(rr1, rr2); + + if (result == 0) { + if (!sa->transformed_object) { + canonical_a = ldns_rr_clone(sa->original_object); + ldns_rr2canonical(canonical_a); + sa->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_a)); + if (ldns_rr2buffer_wire(sa->transformed_object, canonical_a, LDNS_SECTION_ANY) != LDNS_STATUS_OK) { + fprintf(stderr, "ERR!\n"); + ldns_rr_free(canonical_a); + return 0; + } + ldns_rr_free(canonical_a); + } + if (!sb->transformed_object) { + canonical_b = ldns_rr_clone(sb->original_object); + ldns_rr2canonical(canonical_b); + sb->transformed_object = ldns_buffer_new(ldns_rr_uncompressed_size(canonical_b)); + if (ldns_rr2buffer_wire(sb->transformed_object, canonical_b, LDNS_SECTION_ANY) != LDNS_STATUS_OK) { + fprintf(stderr, "ERR!\n"); + ldns_rr_free(canonical_b); + return 0; + } + ldns_rr_free(canonical_b); + } + rr1_buf = (ldns_buffer *) sa->transformed_object; + rr2_buf = (ldns_buffer *) sb->transformed_object; + + result = ldns_rr_compare_wire(rr1_buf, rr2_buf); + } + + return result; +} + +void +ldns_rr_list_sort(ldns_rr_list *unsorted) +{ + struct ldns_schwartzian_compare_struct **sortables; + size_t item_count; + size_t i; + + if (unsorted) { + item_count = ldns_rr_list_rr_count(unsorted); + + sortables = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct *, + item_count); + for (i = 0; i < item_count; i++) { + sortables[i] = LDNS_XMALLOC(struct ldns_schwartzian_compare_struct, 1); + sortables[i]->original_object = ldns_rr_list_rr(unsorted, i); + sortables[i]->transformed_object = NULL; + } + qsort(sortables, + item_count, + sizeof(struct ldns_schwartzian_compare_struct *), + qsort_schwartz_rr_compare); + for (i = 0; i < item_count; i++) { + unsorted->_rrs[i] = sortables[i]->original_object; + if (sortables[i]->transformed_object) { + ldns_buffer_free(sortables[i]->transformed_object); + } + LDNS_FREE(sortables[i]); + } + LDNS_FREE(sortables); + } +} + +int +ldns_rr_compare_no_rdata(const ldns_rr *rr1, const ldns_rr *rr2) +{ + size_t rr1_len; + size_t rr2_len; + size_t offset; + + assert(rr1 != NULL); + assert(rr2 != NULL); + + rr1_len = ldns_rr_uncompressed_size(rr1); + rr2_len = ldns_rr_uncompressed_size(rr2); + + if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) < 0) { + return -1; + } else if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) > 0) { + return 1; + } + + /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */ + if (ldns_rr_get_class(rr1) != ldns_rr_get_class(rr2)) { + return ldns_rr_get_class(rr1) - ldns_rr_get_class(rr2); + } + + /* should return -1 if rr1 comes before rr2, so need to do rr1 - rr2, not rr2 - rr1 */ + if (ldns_rr_get_type(rr1) != ldns_rr_get_type(rr2)) { + return ldns_rr_get_type(rr1) - ldns_rr_get_type(rr2); + } + + /* offset is the owername length + ttl + type + class + rdlen == start of wire format rdata */ + offset = ldns_rdf_size(ldns_rr_owner(rr1)) + 4 + 2 + 2 + 2; + /* if either record doesn't have any RDATA... */ + if (offset > rr1_len || offset > rr2_len) { + if (rr1_len == rr2_len) { + return 0; + } + return ((int) rr2_len - (int) rr1_len); + } + + return 0; +} + +int ldns_rr_compare_wire(ldns_buffer *rr1_buf, ldns_buffer *rr2_buf) +{ + size_t rr1_len, rr2_len, min_len, i, offset; + + rr1_len = ldns_buffer_capacity(rr1_buf); + rr2_len = ldns_buffer_capacity(rr2_buf); + + /* jump past dname (checked in earlier part) + * and especially past TTL */ + offset = 0; + while (offset < rr1_len && *ldns_buffer_at(rr1_buf, offset) != 0) { + offset += *ldns_buffer_at(rr1_buf, offset) + 1; + } + /* jump to rdata section (PAST the rdata length field, otherwise + rrs with different lengths might be sorted erroneously */ + offset += 11; + min_len = (rr1_len < rr2_len) ? rr1_len : rr2_len; + /* Compare RRs RDATA byte for byte. */ + for(i = offset; i < min_len; i++) { + if (*ldns_buffer_at(rr1_buf,i) < *ldns_buffer_at(rr2_buf,i)) { + return -1; + } else if (*ldns_buffer_at(rr1_buf,i) > *ldns_buffer_at(rr2_buf,i)) { + return +1; + } + } + + /* If both RDATAs are the same up to min_len, then the shorter one sorts first. */ + if (rr1_len < rr2_len) { + return -1; + } else if (rr1_len > rr2_len) { + return +1; + } + /* The RDATAs are equal. */ + return 0; + +} + +int +ldns_rr_compare(const ldns_rr *rr1, const ldns_rr *rr2) +{ + int result; + size_t rr1_len, rr2_len; + + ldns_buffer *rr1_buf; + ldns_buffer *rr2_buf; + + result = ldns_rr_compare_no_rdata(rr1, rr2); + if (result == 0) { + rr1_len = ldns_rr_uncompressed_size(rr1); + rr2_len = ldns_rr_uncompressed_size(rr2); + + rr1_buf = ldns_buffer_new(rr1_len); + rr2_buf = ldns_buffer_new(rr2_len); + + if (ldns_rr2buffer_wire_canonical(rr1_buf, + rr1, + LDNS_SECTION_ANY) + != LDNS_STATUS_OK) { + ldns_buffer_free(rr1_buf); + ldns_buffer_free(rr2_buf); + return 0; + } + if (ldns_rr2buffer_wire_canonical(rr2_buf, + rr2, + LDNS_SECTION_ANY) + != LDNS_STATUS_OK) { + ldns_buffer_free(rr1_buf); + ldns_buffer_free(rr2_buf); + return 0; + } + + result = ldns_rr_compare_wire(rr1_buf, rr2_buf); + + ldns_buffer_free(rr1_buf); + ldns_buffer_free(rr2_buf); + } + + return result; +} + +/* convert dnskey to a ds with the given algorithm, + * then compare the result with the given ds */ +static int +ldns_rr_compare_ds_dnskey(ldns_rr *ds, + ldns_rr *dnskey) +{ + ldns_rr *ds_gen; + bool result = false; + ldns_hash algo; + + if (!dnskey || !ds || + ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS || + ldns_rr_get_type(dnskey) != LDNS_RR_TYPE_DNSKEY) { + return false; + } + +algo = ldns_rdf2native_int8(ldns_rr_rdf(ds, 2)); + + ds_gen = ldns_key_rr2ds(dnskey, algo); + if (ds_gen) { + result = ldns_rr_compare(ds, ds_gen) == 0; + ldns_rr_free(ds_gen); + } + return result; +} + +bool +ldns_rr_compare_ds(const ldns_rr *orr1, const ldns_rr *orr2) +{ + bool result; + ldns_rr *rr1 = ldns_rr_clone(orr1); + ldns_rr *rr2 = ldns_rr_clone(orr2); + + /* set ttls to zero */ + ldns_rr_set_ttl(rr1, 0); + ldns_rr_set_ttl(rr2, 0); + + if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DS && + ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DNSKEY) { + result = ldns_rr_compare_ds_dnskey(rr1, rr2); + } else if (ldns_rr_get_type(rr1) == LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(rr2) == LDNS_RR_TYPE_DS) { + result = ldns_rr_compare_ds_dnskey(rr2, rr1); + } else { + result = (ldns_rr_compare(rr1, rr2) == 0); + } + + ldns_rr_free(rr1); + ldns_rr_free(rr2); + + return result; +} + +int +ldns_rr_list_compare(const ldns_rr_list *rrl1, const ldns_rr_list *rrl2) +{ + size_t i = 0; + int rr_cmp; + + assert(rrl1 != NULL); + assert(rrl2 != NULL); + + for (i = 0; i < ldns_rr_list_rr_count(rrl1) && i < ldns_rr_list_rr_count(rrl2); i++) { + rr_cmp = ldns_rr_compare(ldns_rr_list_rr(rrl1, i), ldns_rr_list_rr(rrl2, i)); + if (rr_cmp != 0) { + return rr_cmp; + } + } + + if (i == ldns_rr_list_rr_count(rrl1) && + i != ldns_rr_list_rr_count(rrl2)) { + return 1; + } else if (i == ldns_rr_list_rr_count(rrl2) && + i != ldns_rr_list_rr_count(rrl1)) { + return -1; + } else { + return 0; + } +} + +size_t +ldns_rr_uncompressed_size(const ldns_rr *r) +{ + size_t rrsize; + size_t i; + + rrsize = 0; + /* add all the rdf sizes */ + for(i = 0; i < ldns_rr_rd_count(r); i++) { + rrsize += ldns_rdf_size(ldns_rr_rdf(r, i)); + } + /* ownername */ + rrsize += ldns_rdf_size(ldns_rr_owner(r)); + rrsize += LDNS_RR_OVERHEAD; + return rrsize; +} + +void +ldns_rr2canonical(ldns_rr *rr) +{ + uint16_t i; + + if (!rr) { + return; + } + + ldns_dname2canonical(ldns_rr_owner(rr)); + + /* + * lowercase the rdata dnames if the rr type is one + * of the list in chapter 7 of RFC3597 + */ + switch(ldns_rr_get_type(rr)) { + case LDNS_RR_TYPE_NS: + case LDNS_RR_TYPE_MD: + case LDNS_RR_TYPE_MF: + case LDNS_RR_TYPE_CNAME: + case LDNS_RR_TYPE_SOA: + case LDNS_RR_TYPE_MB: + case LDNS_RR_TYPE_MG: + case LDNS_RR_TYPE_MR: + case LDNS_RR_TYPE_PTR: + case LDNS_RR_TYPE_HINFO: + case LDNS_RR_TYPE_MINFO: + case LDNS_RR_TYPE_MX: + case LDNS_RR_TYPE_RP: + case LDNS_RR_TYPE_AFSDB: + case LDNS_RR_TYPE_RT: + case LDNS_RR_TYPE_SIG: + case LDNS_RR_TYPE_PX: + case LDNS_RR_TYPE_NXT: + case LDNS_RR_TYPE_NAPTR: + case LDNS_RR_TYPE_KX: + case LDNS_RR_TYPE_SRV: + case LDNS_RR_TYPE_DNAME: + case LDNS_RR_TYPE_A6: + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + ldns_dname2canonical(ldns_rr_rdf(rr, i)); + } + return; + default: + /* do nothing */ + return; + } +} + +void +ldns_rr_list2canonical(ldns_rr_list *rr_list) +{ + size_t i; + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + ldns_rr2canonical(ldns_rr_list_rr(rr_list, i)); + } +} + +uint8_t +ldns_rr_label_count(ldns_rr *rr) +{ + if (!rr) { + return 0; + } + return ldns_dname_label_count( + ldns_rr_owner(rr)); +} + +/** \cond */ +static const ldns_rdf_type type_0_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN }; +static const ldns_rdf_type type_a_wireformat[] = { LDNS_RDF_TYPE_A }; +static const ldns_rdf_type type_ns_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_md_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_mf_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_cname_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_soa_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_INT32, + LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, LDNS_RDF_TYPE_PERIOD, + LDNS_RDF_TYPE_PERIOD +}; +static const ldns_rdf_type type_mb_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_mg_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_mr_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_wks_wireformat[] = { + LDNS_RDF_TYPE_A, LDNS_RDF_TYPE_WKS +}; +static const ldns_rdf_type type_ptr_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_hinfo_wireformat[] = { + LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR +}; +static const ldns_rdf_type type_minfo_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_mx_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_rp_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_afsdb_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_x25_wireformat[] = { LDNS_RDF_TYPE_STR }; +static const ldns_rdf_type type_isdn_wireformat[] = { + LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR +}; +static const ldns_rdf_type type_rt_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_nsap_wireformat[] = { + LDNS_RDF_TYPE_NSAP +}; +static const ldns_rdf_type type_nsap_ptr_wireformat[] = { + LDNS_RDF_TYPE_STR +}; +static const ldns_rdf_type type_sig_wireformat[] = { + LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, + LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_key_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_px_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_gpos_wireformat[] = { + LDNS_RDF_TYPE_STR, + LDNS_RDF_TYPE_STR, + LDNS_RDF_TYPE_STR +}; +static const ldns_rdf_type type_aaaa_wireformat[] = { LDNS_RDF_TYPE_AAAA }; +static const ldns_rdf_type type_loc_wireformat[] = { LDNS_RDF_TYPE_LOC }; +static const ldns_rdf_type type_nxt_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_UNKNOWN +}; +static const ldns_rdf_type type_eid_wireformat[] = { + LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_nimloc_wireformat[] = { + LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_srv_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_atma_wireformat[] = { + LDNS_RDF_TYPE_ATMA +}; +static const ldns_rdf_type type_naptr_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_STR, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_kx_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME +}; +static const ldns_rdf_type type_cert_wireformat[] = { + LDNS_RDF_TYPE_CERT_ALG, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_a6_wireformat[] = { LDNS_RDF_TYPE_UNKNOWN }; +static const ldns_rdf_type type_dname_wireformat[] = { LDNS_RDF_TYPE_DNAME }; +static const ldns_rdf_type type_sink_wireformat[] = { LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_apl_wireformat[] = { + LDNS_RDF_TYPE_APL +}; +static const ldns_rdf_type type_ds_wireformat[] = { + LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_sshfp_wireformat[] = { + LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_HEX +}; +static const ldns_rdf_type type_ipseckey_wireformat[] = { + LDNS_RDF_TYPE_IPSECKEY +}; +static const ldns_rdf_type type_rrsig_wireformat[] = { + LDNS_RDF_TYPE_TYPE, LDNS_RDF_TYPE_ALG, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT32, + LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_TIME, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_nsec_wireformat[] = { + LDNS_RDF_TYPE_DNAME, LDNS_RDF_TYPE_NSEC +}; +static const ldns_rdf_type type_dhcid_wireformat[] = { + LDNS_RDF_TYPE_B64 +}; +/* nsec3 is some vars, followed by same type of data of nsec */ +static const ldns_rdf_type type_nsec3_wireformat[] = { +/* LDNS_RDF_TYPE_NSEC3_VARS, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC*/ + LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC3_SALT, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC +}; + +static const ldns_rdf_type type_nsec3params_wireformat[] = { +/* LDNS_RDF_TYPE_NSEC3_PARAMS_VARS*/ + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_NSEC3_SALT +}; + +static const ldns_rdf_type type_dnskey_wireformat[] = { + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT8, + LDNS_RDF_TYPE_ALG, + LDNS_RDF_TYPE_B64 +}; +static const ldns_rdf_type type_tsig_wireformat[] = { + LDNS_RDF_TYPE_DNAME, + LDNS_RDF_TYPE_TSIGTIME, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16_DATA, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16, + LDNS_RDF_TYPE_INT16_DATA +}; +/** \endcond */ + +/** \cond */ +/* All RR's defined in 1035 are well known and can thus + * be compressed. See RFC3597. These RR's are: + * CNAME HINFO MB MD MF MG MINFO MR MX NULL NS PTR SOA TXT + */ +static ldns_rr_descriptor rdata_field_descriptors[] = { + /* 0 */ + { 0, NULL, 0, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 1 */ + {LDNS_RR_TYPE_A, "A", 1, 1, type_a_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 2 */ + {LDNS_RR_TYPE_NS, "NS", 1, 1, type_ns_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 3 */ + {LDNS_RR_TYPE_MD, "MD", 1, 1, type_md_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 4 */ + {LDNS_RR_TYPE_MF, "MF", 1, 1, type_mf_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 5 */ + {LDNS_RR_TYPE_CNAME, "CNAME", 1, 1, type_cname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 6 */ + {LDNS_RR_TYPE_SOA, "SOA", 7, 7, type_soa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 }, + /* 7 */ + {LDNS_RR_TYPE_MB, "MB", 1, 1, type_mb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 8 */ + {LDNS_RR_TYPE_MG, "MG", 1, 1, type_mg_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 9 */ + {LDNS_RR_TYPE_MR, "MR", 1, 1, type_mr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 10 */ + {LDNS_RR_TYPE_NULL, "NULL", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 11 */ + {LDNS_RR_TYPE_WKS, "WKS", 2, 2, type_wks_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 12 */ + {LDNS_RR_TYPE_PTR, "PTR", 1, 1, type_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 13 */ + {LDNS_RR_TYPE_HINFO, "HINFO", 2, 2, type_hinfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 14 */ + {LDNS_RR_TYPE_MINFO, "MINFO", 2, 2, type_minfo_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 2 }, + /* 15 */ + {LDNS_RR_TYPE_MX, "MX", 2, 2, type_mx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_COMPRESS, 1 }, + /* 16 */ + {LDNS_RR_TYPE_TXT, "TXT", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, + /* 17 */ + {LDNS_RR_TYPE_RP, "RP", 2, 2, type_rp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, + /* 18 */ + {LDNS_RR_TYPE_AFSDB, "AFSDB", 2, 2, type_afsdb_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 19 */ + {LDNS_RR_TYPE_X25, "X25", 1, 1, type_x25_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 20 */ + {LDNS_RR_TYPE_ISDN, "ISDN", 1, 2, type_isdn_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 21 */ + {LDNS_RR_TYPE_RT, "RT", 2, 2, type_rt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 22 */ + {LDNS_RR_TYPE_NSAP, "NSAP", 1, 1, type_nsap_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 23 */ + {LDNS_RR_TYPE_NSAP_PTR, "NSAP-PTR", 1, 1, type_nsap_ptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 24 */ + {LDNS_RR_TYPE_SIG, "SIG", 9, 9, type_sig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 25 */ + {LDNS_RR_TYPE_KEY, "KEY", 4, 4, type_key_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 26 */ + {LDNS_RR_TYPE_PX, "PX", 3, 3, type_px_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 2 }, + /* 27 */ + {LDNS_RR_TYPE_GPOS, "GPOS", 1, 1, type_gpos_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 28 */ + {LDNS_RR_TYPE_AAAA, "AAAA", 1, 1, type_aaaa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 29 */ + {LDNS_RR_TYPE_LOC, "LOC", 1, 1, type_loc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 30 */ + {LDNS_RR_TYPE_NXT, "NXT", 2, 2, type_nxt_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 31 */ + {LDNS_RR_TYPE_EID, "EID", 1, 1, type_eid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 32 */ + {LDNS_RR_TYPE_NIMLOC, "NIMLOC", 1, 1, type_nimloc_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 33 */ + {LDNS_RR_TYPE_SRV, "SRV", 4, 4, type_srv_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 34 */ + {LDNS_RR_TYPE_ATMA, "ATMA", 1, 1, type_atma_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 35 */ + {LDNS_RR_TYPE_NAPTR, "NAPTR", 6, 6, type_naptr_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 36 */ + {LDNS_RR_TYPE_KX, "KX", 2, 2, type_kx_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 37 */ + {LDNS_RR_TYPE_CERT, "CERT", 4, 4, type_cert_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 38 */ + {LDNS_RR_TYPE_A6, "A6", 1, 1, type_a6_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 39 */ + {LDNS_RR_TYPE_DNAME, "DNAME", 1, 1, type_dname_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 40 */ + {LDNS_RR_TYPE_SINK, "SINK", 1, 1, type_sink_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 41 */ + {LDNS_RR_TYPE_OPT, "OPT", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 42 */ + {LDNS_RR_TYPE_APL, "APL", 0, 0, type_apl_wireformat, LDNS_RDF_TYPE_APL, LDNS_RR_NO_COMPRESS, 0 }, + /* 43 */ + {LDNS_RR_TYPE_DS, "DS", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 44 */ + {LDNS_RR_TYPE_SSHFP, "SSHFP", 3, 3, type_sshfp_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 45 */ + {LDNS_RR_TYPE_IPSECKEY, "IPSECKEY", 1, 1, type_ipseckey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 46 */ + {LDNS_RR_TYPE_RRSIG, "RRSIG", 9, 9, type_rrsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 1 }, + /* 47 */ + {LDNS_RR_TYPE_NSEC, "NSEC", 1, 2, type_nsec_wireformat, LDNS_RDF_TYPE_NSEC, LDNS_RR_NO_COMPRESS, 1 }, + /* 48 */ + {LDNS_RR_TYPE_DNSKEY, "DNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 49 */ +{LDNS_RR_TYPE_DHCID, "DHCID", 1, 1, type_dhcid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 50 */ + {LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 51 */ +{LDNS_RR_TYPE_NSEC3PARAMS, "NSEC3PARAM", 4, 4, type_nsec3params_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, + /* 52 */ +{LDNS_RR_TYPE_NULL, "TYPE52", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE55", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE56", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE57", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE58", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE59", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE60", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE61", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE62", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE63", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE64", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE65", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE66", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE67", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE68", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE69", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE70", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE71", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE72", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE73", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE74", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE75", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE76", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE77", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE78", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE79", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE80", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE81", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE82", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE83", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE84", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE85", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE86", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE87", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE88", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE89", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE90", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE91", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE92", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE93", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE94", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE95", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE96", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE97", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE98", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_SPF, "SPF", 1, 0, NULL, LDNS_RDF_TYPE_STR, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE100", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE101", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE102", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE103", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE104", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE105", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE106", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE107", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE108", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE109", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE110", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE111", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE112", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE113", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE114", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE115", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE116", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE117", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE118", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE119", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE120", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE121", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE122", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE123", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE124", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE125", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE126", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE127", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE128", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE129", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE130", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE131", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE132", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE133", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE134", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE135", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE136", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE137", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE138", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE139", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE140", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE141", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE142", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE143", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE144", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE145", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE146", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE147", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE148", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE149", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE150", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE151", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE152", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE153", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE154", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE155", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE156", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE157", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE158", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE159", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE160", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE161", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE162", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE163", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE164", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE165", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE166", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE167", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE168", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE169", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE170", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE171", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE172", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE173", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE174", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE175", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE176", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE177", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE178", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE179", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE180", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE181", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE182", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE183", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE184", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE185", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE186", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE187", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE188", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE189", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE190", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE191", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE192", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE193", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE194", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE195", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE196", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE197", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE198", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE199", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE200", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE201", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE202", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE203", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE204", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE205", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE206", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE207", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE208", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE209", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE210", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE211", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE212", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE213", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE214", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE215", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE216", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE217", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE218", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE219", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE220", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE221", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE222", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE223", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE224", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE225", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE226", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE227", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE228", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE229", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE230", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE231", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE232", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE233", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE234", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE235", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE236", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE237", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE238", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE239", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE240", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE241", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE242", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE243", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE244", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE245", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE246", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE247", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE248", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NULL, "TYPE249", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_TSIG, "TSIG", 8, 9, type_tsig_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +/* split in array, no longer contiguous */ +{LDNS_RR_TYPE_DLV, "DLV", 4, 4, type_ds_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 } +}; +/** \endcond */ + +/** + * \def LDNS_RDATA_FIELD_DESCRIPTORS_COUNT + * computes the number of rdata fields + */ +#define LDNS_RDATA_FIELD_DESCRIPTORS_COUNT \ + (sizeof(rdata_field_descriptors)/sizeof(rdata_field_descriptors[0])) + +const ldns_rr_descriptor * +ldns_rr_descript(uint16_t type) +{ + size_t i; + if (type <= LDNS_RDATA_FIELD_DESCRIPTORS_COMMON) { + return &rdata_field_descriptors[type]; + } else { + /* because not all array index equals type code */ + for (i = LDNS_RDATA_FIELD_DESCRIPTORS_COMMON; + i < LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; + i++) { + if (rdata_field_descriptors[i]._type == type) { + return &rdata_field_descriptors[i]; + } + } + return &rdata_field_descriptors[0]; + } +} + +size_t +ldns_rr_descriptor_minimum(const ldns_rr_descriptor *descriptor) +{ + if (descriptor) { + return descriptor->_minimum; + } else { + return 0; + } +} + +size_t +ldns_rr_descriptor_maximum(const ldns_rr_descriptor *descriptor) +{ + if (descriptor) { + if (descriptor->_variable != LDNS_RDF_TYPE_NONE) { + /* Should really be SIZE_MAX... bad FreeBSD. */ + return UINT_MAX; + } else { + return descriptor->_maximum; + } + } else { + return 0; + } +} + +ldns_rdf_type +ldns_rr_descriptor_field_type(const ldns_rr_descriptor *descriptor, + size_t index) +{ + assert(descriptor != NULL); + assert(index < descriptor->_maximum + || descriptor->_variable != LDNS_RDF_TYPE_NONE); + if (index < descriptor->_maximum) { + return descriptor->_wireformat[index]; + } else { + return descriptor->_variable; + } +} + +ldns_rr_type +ldns_get_rr_type_by_name(const char *name) +{ + unsigned int i; + const char *desc_name; + const ldns_rr_descriptor *desc; + + /* TYPEXX representation */ + if (strlen(name) > 4 && strncasecmp(name, "TYPE", 4) == 0) { + return atoi(name + 4); + } + + /* Normal types */ + for (i = 0; i < (unsigned int) LDNS_RDATA_FIELD_DESCRIPTORS_COUNT; i++) { + desc = &rdata_field_descriptors[i]; + desc_name = desc->_name; + if(desc_name && + strlen(name) == strlen(desc_name) && + strncasecmp(name, desc_name, strlen(desc_name)) == 0) { + /* because not all array index equals type code */ + return desc->_type; + } + } + + /* special cases for query types */ + if (strlen(name) == 4 && strncasecmp(name, "IXFR", 4) == 0) { + return 251; + } else if (strlen(name) == 4 && strncasecmp(name, "AXFR", 4) == 0) { + return 252; + } else if (strlen(name) == 5 && strncasecmp(name, "MAILB", 5) == 0) { + return 253; + } else if (strlen(name) == 5 && strncasecmp(name, "MAILA", 5) == 0) { + return 254; + } else if (strlen(name) == 3 && strncasecmp(name, "ANY", 3) == 0) { + return 255; + } + + return 0; +} + +ldns_rr_class +ldns_get_rr_class_by_name(const char *name) +{ + ldns_lookup_table *lt; + + /* CLASSXX representation */ + if (strlen(name) > 5 && strncasecmp(name, "CLASS", 5) == 0) { + return atoi(name + 5); + } + + /* Normal types */ + lt = ldns_lookup_by_name(ldns_rr_classes, name); + + if (lt) { + return lt->id; + } + return 0; +} + + +ldns_rr_type +ldns_rdf2rr_type(const ldns_rdf *rd) +{ + ldns_rr_type r; + + if (!rd) { + return 0; + } + + if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_TYPE) { + return 0; + } + + r = (ldns_rr_type) ldns_rdf2native_int16(rd); + return r; +} + +ldns_rr_type +ldns_rr_list_type(const ldns_rr_list *rr_list) +{ + if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) { + return ldns_rr_get_type(ldns_rr_list_rr(rr_list, 0)); + } else { + return 0; + } +} + +ldns_rdf * +ldns_rr_list_owner(const ldns_rr_list *rr_list) +{ + if (rr_list && ldns_rr_list_rr_count(rr_list) > 0) { + return ldns_rr_owner(ldns_rr_list_rr(rr_list, 0)); + } else { + return NULL; + } +} diff --git a/contrib/ldns/rr_functions.c b/contrib/ldns/rr_functions.c new file mode 100644 index 0000000000..3297f7a916 --- /dev/null +++ b/contrib/ldns/rr_functions.c @@ -0,0 +1,337 @@ +/* + * rr_function.c + * + * function that operate on specific rr types + * + * (c) NLnet Labs, 2004-2006 + * See the file LICENSE for the license + */ + +/* + * These come strait from perldoc Net::DNS::RR::xxx + * first the read variant, then the write. This is + * not complete. + */ + +#include + +#include + +#include +#include + +/** + * return a specific rdf + * \param[in] type type of RR + * \param[in] rr the rr itself + * \param[in] pos at which postion to get it + * \return the rdf sought + */ +static ldns_rdf * +ldns_rr_function(ldns_rr_type type, const ldns_rr *rr, size_t pos) +{ + if (!rr || ldns_rr_get_type(rr) != type) { + return NULL; + } + return ldns_rr_rdf(rr, pos); +} + +/** + * set a specific rdf + * \param[in] type type of RR + * \param[in] rr the rr itself + * \param[in] rdf the rdf to set + * \param[in] pos at which postion to set it + * \return true or false + */ +static bool +ldns_rr_set_function(ldns_rr_type type, ldns_rr *rr, ldns_rdf *rdf, size_t pos) +{ + ldns_rdf *pop; + if (!rr || ldns_rr_get_type(rr) != type) { + return false; + } + pop = ldns_rr_set_rdf(rr, rdf, pos); + ldns_rdf_deep_free(pop); + return true; +} + +/* A/AAAA records */ +ldns_rdf * +ldns_rr_a_address(const ldns_rr *r) +{ + /* 2 types to check, cannot use the macro */ + if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A && + ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) { + return NULL; + } + return ldns_rr_rdf(r, 0); +} + +bool +ldns_rr_a_set_address(ldns_rr *r, ldns_rdf *f) +{ + /* 2 types to check, cannot use the macro... */ + ldns_rdf *pop; + if (!r || (ldns_rr_get_type(r) != LDNS_RR_TYPE_A && + ldns_rr_get_type(r) != LDNS_RR_TYPE_AAAA)) { + return false; + } + pop = ldns_rr_set_rdf(r, f, 0); + if (pop) { + LDNS_FREE(pop); + return true; + } else { + return false; + } +} + +/* NS record */ +ldns_rdf * +ldns_rr_ns_nsdname(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_NS, r, 0); +} + +/* MX record */ +ldns_rdf * +ldns_rr_mx_preference(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_MX, r, 0); +} + +ldns_rdf * +ldns_rr_mx_exchange(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_MX, r, 1); +} + +/* RRSIG record */ +ldns_rdf * +ldns_rr_rrsig_typecovered(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 0); +} + +bool +ldns_rr_rrsig_set_typecovered(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 0); +} + +ldns_rdf * +ldns_rr_rrsig_algorithm(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 1); +} + +bool +ldns_rr_rrsig_set_algorithm(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 1); +} + +ldns_rdf * +ldns_rr_rrsig_labels(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 2); +} + +bool +ldns_rr_rrsig_set_labels(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 2); +} + +ldns_rdf * +ldns_rr_rrsig_origttl(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 3); +} + +bool +ldns_rr_rrsig_set_origttl(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 3); +} + +ldns_rdf * +ldns_rr_rrsig_expiration(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 4); +} + +bool +ldns_rr_rrsig_set_expiration(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 4); +} + +ldns_rdf * +ldns_rr_rrsig_inception(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 5); +} + +bool +ldns_rr_rrsig_set_inception(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 5); +} + +ldns_rdf * +ldns_rr_rrsig_keytag(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 6); +} + +bool +ldns_rr_rrsig_set_keytag(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 6); +} + +ldns_rdf * +ldns_rr_rrsig_signame(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 7); +} + +bool +ldns_rr_rrsig_set_signame(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 7); +} + +ldns_rdf * +ldns_rr_rrsig_sig(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_RRSIG, r, 8); +} + +bool +ldns_rr_rrsig_set_sig(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_RRSIG, r, f, 8); +} + +/* DNSKEY record */ +ldns_rdf * +ldns_rr_dnskey_flags(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 0); +} + +bool +ldns_rr_dnskey_set_flags(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 0); +} + +ldns_rdf * +ldns_rr_dnskey_protocol(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 1); +} + +bool +ldns_rr_dnskey_set_protocol(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 1); +} + +ldns_rdf * +ldns_rr_dnskey_algorithm(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 2); +} + +bool +ldns_rr_dnskey_set_algorithm(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 2); +} + +ldns_rdf * +ldns_rr_dnskey_key(const ldns_rr *r) +{ + return ldns_rr_function(LDNS_RR_TYPE_DNSKEY, r, 3); +} + +bool +ldns_rr_dnskey_set_key(ldns_rr *r, ldns_rdf *f) +{ + return ldns_rr_set_function(LDNS_RR_TYPE_DNSKEY, r, f, 3); +} + +size_t +ldns_rr_dnskey_key_size_raw(const unsigned char* keydata, + const size_t len, + const ldns_algorithm alg) +{ + /* for DSA keys */ + uint8_t t; + + /* for RSA keys */ + uint16_t exp; + uint16_t int16; + + switch (alg) { + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: + if (len > 0) { + t = keydata[0]; + return (64 + t*8)*8; + } else { + return 0; + } + break; + case LDNS_SIGN_RSAMD5: + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: +#endif + if (len > 0) { + if (keydata[0] == 0) { + /* big exponent */ + if (len > 3) { + memmove(&int16, keydata + 1, 2); + exp = ntohs(int16); + return (len - exp - 3)*8; + } else { + return 0; + } + } else { + exp = keydata[0]; + return (len-exp-1)*8; + } + } else { + return 0; + } + break; +#ifdef USE_GOST + case LDNS_SIGN_GOST: + return 512; + break; +#endif + case LDNS_SIGN_HMACMD5: + return len; + break; + default: + return 0; + } +} + +size_t +ldns_rr_dnskey_key_size(const ldns_rr *key) +{ + if (!key) { + return 0; + } + return ldns_rr_dnskey_key_size_raw(ldns_rdf_data(ldns_rr_dnskey_key(key)), + ldns_rdf_size(ldns_rr_dnskey_key(key)), + ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(key)) + ); +} diff --git a/contrib/ldns/sha1.c b/contrib/ldns/sha1.c new file mode 100644 index 0000000000..7610d01f56 --- /dev/null +++ b/contrib/ldns/sha1.c @@ -0,0 +1,177 @@ +/* + * modified for ldns by Jelte Jansen, original taken from OpenBSD: + * + * SHA-1 in C + * By Steve Reid + * 100% Public Domain + * + * Test Vectors (from FIPS PUB 180-1) + * "abc" + * A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D + * "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq" + * 84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1 + * A million repetitions of "a" + * 34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F +*/ + +/* #define LITTLE_ENDIAN * This should be #define'd already, if true. */ +/* #define SHA1HANDSOFF * Copies data before messing with it. */ + +#include +#include +#include + +#define rol(value, bits) (((value) << (bits)) | ((value) >> (32 - (bits)))) + +/* blk0() and blk() perform the initial expand. */ +/* I got the idea of expanding during the round function from SSLeay */ +#if BYTE_ORDER == LITTLE_ENDIAN +#define blk0(i) (block->l[i] = (rol(block->l[i],24)&0xFF00FF00) \ + |(rol(block->l[i],8)&0x00FF00FF)) +#else +#define blk0(i) block->l[i] +#endif +#define blk(i) (block->l[i&15] = rol(block->l[(i+13)&15]^block->l[(i+8)&15] \ + ^block->l[(i+2)&15]^block->l[i&15],1)) + +/* (R0+R1), R2, R3, R4 are the different operations used in SHA1 */ +#define R0(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk0(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R1(v,w,x,y,z,i) z+=((w&(x^y))^y)+blk(i)+0x5A827999+rol(v,5);w=rol(w,30); +#define R2(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0x6ED9EBA1+rol(v,5);w=rol(w,30); +#define R3(v,w,x,y,z,i) z+=(((w|x)&y)|(w&x))+blk(i)+0x8F1BBCDC+rol(v,5);w=rol(w,30); +#define R4(v,w,x,y,z,i) z+=(w^x^y)+blk(i)+0xCA62C1D6+rol(v,5);w=rol(w,30); + +/* Hash a single 512-bit block. This is the core of the algorithm. */ + +void +ldns_sha1_transform(uint32_t state[5], const unsigned char buffer[LDNS_SHA1_BLOCK_LENGTH]) +{ + uint32_t a, b, c, d, e; + typedef union { + unsigned char c[64]; + unsigned int l[16]; + } CHAR64LONG16; + CHAR64LONG16* block; +#ifdef SHA1HANDSOFF + unsigned char workspace[LDNS_SHA1_BLOCK_LENGTH]; + + block = (CHAR64LONG16 *)workspace; + memmove(block, buffer, LDNS_SHA1_BLOCK_LENGTH); +#else + block = (CHAR64LONG16 *)buffer; +#endif + /* Copy context->state[] to working vars */ + a = state[0]; + b = state[1]; + c = state[2]; + d = state[3]; + e = state[4]; + + /* 4 rounds of 20 operations each. Loop unrolled. */ + R0(a,b,c,d,e, 0); R0(e,a,b,c,d, 1); R0(d,e,a,b,c, 2); R0(c,d,e,a,b, 3); + R0(b,c,d,e,a, 4); R0(a,b,c,d,e, 5); R0(e,a,b,c,d, 6); R0(d,e,a,b,c, 7); + R0(c,d,e,a,b, 8); R0(b,c,d,e,a, 9); R0(a,b,c,d,e,10); R0(e,a,b,c,d,11); + R0(d,e,a,b,c,12); R0(c,d,e,a,b,13); R0(b,c,d,e,a,14); R0(a,b,c,d,e,15); + R1(e,a,b,c,d,16); R1(d,e,a,b,c,17); R1(c,d,e,a,b,18); R1(b,c,d,e,a,19); + R2(a,b,c,d,e,20); R2(e,a,b,c,d,21); R2(d,e,a,b,c,22); R2(c,d,e,a,b,23); + R2(b,c,d,e,a,24); R2(a,b,c,d,e,25); R2(e,a,b,c,d,26); R2(d,e,a,b,c,27); + R2(c,d,e,a,b,28); R2(b,c,d,e,a,29); R2(a,b,c,d,e,30); R2(e,a,b,c,d,31); + R2(d,e,a,b,c,32); R2(c,d,e,a,b,33); R2(b,c,d,e,a,34); R2(a,b,c,d,e,35); + R2(e,a,b,c,d,36); R2(d,e,a,b,c,37); R2(c,d,e,a,b,38); R2(b,c,d,e,a,39); + R3(a,b,c,d,e,40); R3(e,a,b,c,d,41); R3(d,e,a,b,c,42); R3(c,d,e,a,b,43); + R3(b,c,d,e,a,44); R3(a,b,c,d,e,45); R3(e,a,b,c,d,46); R3(d,e,a,b,c,47); + R3(c,d,e,a,b,48); R3(b,c,d,e,a,49); R3(a,b,c,d,e,50); R3(e,a,b,c,d,51); + R3(d,e,a,b,c,52); R3(c,d,e,a,b,53); R3(b,c,d,e,a,54); R3(a,b,c,d,e,55); + R3(e,a,b,c,d,56); R3(d,e,a,b,c,57); R3(c,d,e,a,b,58); R3(b,c,d,e,a,59); + R4(a,b,c,d,e,60); R4(e,a,b,c,d,61); R4(d,e,a,b,c,62); R4(c,d,e,a,b,63); + R4(b,c,d,e,a,64); R4(a,b,c,d,e,65); R4(e,a,b,c,d,66); R4(d,e,a,b,c,67); + R4(c,d,e,a,b,68); R4(b,c,d,e,a,69); R4(a,b,c,d,e,70); R4(e,a,b,c,d,71); + R4(d,e,a,b,c,72); R4(c,d,e,a,b,73); R4(b,c,d,e,a,74); R4(a,b,c,d,e,75); + R4(e,a,b,c,d,76); R4(d,e,a,b,c,77); R4(c,d,e,a,b,78); R4(b,c,d,e,a,79); + + /* Add the working vars back into context.state[] */ + state[0] += a; + state[1] += b; + state[2] += c; + state[3] += d; + state[4] += e; + /* Wipe variables */ + a = b = c = d = e = 0; +} + + +/* SHA1Init - Initialize new context */ + +void +ldns_sha1_init(ldns_sha1_ctx *context) +{ + /* SHA1 initialization constants */ + context->count = 0; + context->state[0] = 0x67452301; + context->state[1] = 0xEFCDAB89; + context->state[2] = 0x98BADCFE; + context->state[3] = 0x10325476; + context->state[4] = 0xC3D2E1F0; +} + + +/* Run your data through this. */ + +void +ldns_sha1_update(ldns_sha1_ctx *context, const unsigned char *data, unsigned int len) +{ + unsigned int i; + unsigned int j; + + j = (uint32_t)((context->count >> 3) & 63); + context->count += (len << 3); + if ((j + len) > 63) { + memmove(&context->buffer[j], data, (i = 64 - j)); + ldns_sha1_transform(context->state, context->buffer); + for ( ; i + 63 < len; i += 64) { + ldns_sha1_transform(context->state, &data[i]); + } + j = 0; + } + else i = 0; + memmove(&context->buffer[j], &data[i], len - i); +} + + +/* Add padding and return the message digest. */ + +void +ldns_sha1_final(unsigned char digest[LDNS_SHA1_DIGEST_LENGTH], ldns_sha1_ctx *context) +{ + unsigned int i; + unsigned char finalcount[8]; + + for (i = 0; i < 8; i++) { + finalcount[i] = (unsigned char)((context->count >> + ((7 - (i & 7)) * 8)) & 255); /* Endian independent */ + } + ldns_sha1_update(context, (unsigned char *)"\200", 1); + while ((context->count & 504) != 448) { + ldns_sha1_update(context, (unsigned char *)"\0", 1); + } + ldns_sha1_update(context, finalcount, 8); /* Should cause a SHA1Transform() */ + + if (digest) + for (i = 0; i < LDNS_SHA1_DIGEST_LENGTH; i++) { + digest[i] = (unsigned char)((context->state[i >> 2] >> + ((3 - (i & 3)) * 8)) & 255); + } +#ifdef SHA1HANDSOFF /* make SHA1Transform overwrite its own static vars */ + ldns_sha1_transform(context->state, context->buffer); +#endif +} + +unsigned char * +ldns_sha1(unsigned char *data, unsigned int data_len, unsigned char *digest) +{ + ldns_sha1_ctx ctx; + ldns_sha1_init(&ctx); + ldns_sha1_update(&ctx, data, data_len); + ldns_sha1_final(digest, &ctx); + return digest; +} diff --git a/contrib/ldns/sha2.c b/contrib/ldns/sha2.c new file mode 100644 index 0000000000..62f5f6b822 --- /dev/null +++ b/contrib/ldns/sha2.c @@ -0,0 +1,970 @@ +/* + * FILE: sha2.c + * AUTHOR: Aaron D. Gifford - http://www.aarongifford.com/ + * + * Copyright (c) 2000-2001, Aaron D. Gifford + * All rights reserved. + * + * Modified by Jelte Jansen to fit in ldns, and not clash with any + * system-defined SHA code. + * Changes: + * - Renamed (external) functions and constants to fit ldns style + * - Removed _End and _Data functions + * - Added ldns_shaX(data, len, digest) convenience functions + * - Removed prototypes of _Transform functions and made those static + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the copyright holder nor the names of contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTOR(S) ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTOR(S) BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * $Id: sha2.c,v 1.1 2001/11/08 00:01:51 adg Exp adg $ + */ + +#include +#include /* memcpy()/memset() or bcopy()/bzero() */ +#include /* assert() */ +#include + +/* + * ASSERT NOTE: + * Some sanity checking code is included using assert(). On my FreeBSD + * system, this additional code can be removed by compiling with NDEBUG + * defined. Check your own systems manpage on assert() to see how to + * compile WITHOUT the sanity checking code on your system. + * + * UNROLLED TRANSFORM LOOP NOTE: + * You can define SHA2_UNROLL_TRANSFORM to use the unrolled transform + * loop version for the hash transform rounds (defined using macros + * later in this file). Either define on the command line, for example: + * + * cc -DSHA2_UNROLL_TRANSFORM -o sha2 sha2.c sha2prog.c + * + * or define below: + * + * #define SHA2_UNROLL_TRANSFORM + * + */ + + +/*** SHA-256/384/512 Machine Architecture Definitions *****************/ +/* + * BYTE_ORDER NOTE: + * + * Please make sure that your system defines BYTE_ORDER. If your + * architecture is little-endian, make sure it also defines + * LITTLE_ENDIAN and that the two (BYTE_ORDER and LITTLE_ENDIAN) are + * equivilent. + * + * If your system does not define the above, then you can do so by + * hand like this: + * + * #define LITTLE_ENDIAN 1234 + * #define BIG_ENDIAN 4321 + * + * And for little-endian machines, add: + * + * #define BYTE_ORDER LITTLE_ENDIAN + * + * Or for big-endian machines: + * + * #define BYTE_ORDER BIG_ENDIAN + * + * The FreeBSD machine this was written on defines BYTE_ORDER + * appropriately by including (which in turn includes + * where the appropriate definitions are actually + * made). + */ +#if !defined(BYTE_ORDER) || (BYTE_ORDER != LITTLE_ENDIAN && BYTE_ORDER != BIG_ENDIAN) +#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN +#endif + +typedef uint8_t sha2_byte; /* Exactly 1 byte */ +typedef uint32_t sha2_word32; /* Exactly 4 bytes */ +typedef uint64_t sha2_word64; /* Exactly 8 bytes */ + +/*** SHA-256/384/512 Various Length Definitions ***********************/ +/* NOTE: Most of these are in sha2.h */ +#define ldns_sha256_SHORT_BLOCK_LENGTH (LDNS_SHA256_BLOCK_LENGTH - 8) +#define ldns_sha384_SHORT_BLOCK_LENGTH (LDNS_SHA384_BLOCK_LENGTH - 16) +#define ldns_sha512_SHORT_BLOCK_LENGTH (LDNS_SHA512_BLOCK_LENGTH - 16) + + +/*** ENDIAN REVERSAL MACROS *******************************************/ +#if BYTE_ORDER == LITTLE_ENDIAN +#define REVERSE32(w,x) { \ + sha2_word32 tmp = (w); \ + tmp = (tmp >> 16) | (tmp << 16); \ + (x) = ((tmp & 0xff00ff00UL) >> 8) | ((tmp & 0x00ff00ffUL) << 8); \ +} +#define REVERSE64(w,x) { \ + sha2_word64 tmp = (w); \ + tmp = (tmp >> 32) | (tmp << 32); \ + tmp = ((tmp & 0xff00ff00ff00ff00ULL) >> 8) | \ + ((tmp & 0x00ff00ff00ff00ffULL) << 8); \ + (x) = ((tmp & 0xffff0000ffff0000ULL) >> 16) | \ + ((tmp & 0x0000ffff0000ffffULL) << 16); \ +} +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +/* + * Macro for incrementally adding the unsigned 64-bit integer n to the + * unsigned 128-bit integer (represented using a two-element array of + * 64-bit words): + */ +#define ADDINC128(w,n) { \ + (w)[0] += (sha2_word64)(n); \ + if ((w)[0] < (n)) { \ + (w)[1]++; \ + } \ +} + +/* + * Macros for copying blocks of memory and for zeroing out ranges + * of memory. Using these macros makes it easy to switch from + * using memset()/memcpy() and using bzero()/bcopy(). + * + * Please define either SHA2_USE_MEMSET_MEMCPY or define + * SHA2_USE_BZERO_BCOPY depending on which function set you + * choose to use: + */ +#if !defined(SHA2_USE_MEMSET_MEMCPY) && !defined(SHA2_USE_BZERO_BCOPY) +/* Default to memset()/memcpy() if no option is specified */ +#define SHA2_USE_MEMSET_MEMCPY 1 +#endif +#if defined(SHA2_USE_MEMSET_MEMCPY) && defined(SHA2_USE_BZERO_BCOPY) +/* Abort with an error if BOTH options are defined */ +#error Define either SHA2_USE_MEMSET_MEMCPY or SHA2_USE_BZERO_BCOPY, not both! +#endif + +#ifdef SHA2_USE_MEMSET_MEMCPY +#define MEMSET_BZERO(p,l) memset((p), 0, (l)) +#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l)) +#endif +#ifdef SHA2_USE_BZERO_BCOPY +#define MEMSET_BZERO(p,l) bzero((p), (l)) +#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l)) +#endif + + +/*** THE SIX LOGICAL FUNCTIONS ****************************************/ +/* + * Bit shifting and rotation (used by the six SHA-XYZ logical functions: + * + * NOTE: The naming of R and S appears backwards here (R is a SHIFT and + * S is a ROTATION) because the SHA-256/384/512 description document + * (see http://csrc.nist.gov/cryptval/shs/sha256-384-512.pdf) uses this + * same "backwards" definition. + */ +/* Shift-right (used in SHA-256, SHA-384, and SHA-512): */ +#define R(b,x) ((x) >> (b)) +/* 32-bit Rotate-right (used in SHA-256): */ +#define S32(b,x) (((x) >> (b)) | ((x) << (32 - (b)))) +/* 64-bit Rotate-right (used in SHA-384 and SHA-512): */ +#define S64(b,x) (((x) >> (b)) | ((x) << (64 - (b)))) + +/* Two of six logical functions used in SHA-256, SHA-384, and SHA-512: */ +#define Ch(x,y,z) (((x) & (y)) ^ ((~(x)) & (z))) +#define Maj(x,y,z) (((x) & (y)) ^ ((x) & (z)) ^ ((y) & (z))) + +/* Four of six logical functions used in SHA-256: */ +#define Sigma0_256(x) (S32(2, (x)) ^ S32(13, (x)) ^ S32(22, (x))) +#define Sigma1_256(x) (S32(6, (x)) ^ S32(11, (x)) ^ S32(25, (x))) +#define sigma0_256(x) (S32(7, (x)) ^ S32(18, (x)) ^ R(3 , (x))) +#define sigma1_256(x) (S32(17, (x)) ^ S32(19, (x)) ^ R(10, (x))) + +/* Four of six logical functions used in SHA-384 and SHA-512: */ +#define Sigma0_512(x) (S64(28, (x)) ^ S64(34, (x)) ^ S64(39, (x))) +#define Sigma1_512(x) (S64(14, (x)) ^ S64(18, (x)) ^ S64(41, (x))) +#define sigma0_512(x) (S64( 1, (x)) ^ S64( 8, (x)) ^ R( 7, (x))) +#define sigma1_512(x) (S64(19, (x)) ^ S64(61, (x)) ^ R( 6, (x))) + +/*** SHA-XYZ INITIAL HASH VALUES AND CONSTANTS ************************/ +/* Hash constant words K for SHA-256: */ +static const sha2_word32 K256[64] = { + 0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, + 0x3956c25bUL, 0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, + 0xd807aa98UL, 0x12835b01UL, 0x243185beUL, 0x550c7dc3UL, + 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL, 0xc19bf174UL, + 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL, + 0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, + 0x983e5152UL, 0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, + 0xc6e00bf3UL, 0xd5a79147UL, 0x06ca6351UL, 0x14292967UL, + 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL, 0x53380d13UL, + 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL, + 0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, + 0xd192e819UL, 0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, + 0x19a4c116UL, 0x1e376c08UL, 0x2748774cUL, 0x34b0bcb5UL, + 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL, 0x682e6ff3UL, + 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL, + 0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL +}; + +/* initial hash value H for SHA-256: */ +static const sha2_word32 ldns_sha256_initial_hash_value[8] = { + 0x6a09e667UL, + 0xbb67ae85UL, + 0x3c6ef372UL, + 0xa54ff53aUL, + 0x510e527fUL, + 0x9b05688cUL, + 0x1f83d9abUL, + 0x5be0cd19UL +}; + +/* Hash constant words K for SHA-384 and SHA-512: */ +static const sha2_word64 K512[80] = { + 0x428a2f98d728ae22ULL, 0x7137449123ef65cdULL, + 0xb5c0fbcfec4d3b2fULL, 0xe9b5dba58189dbbcULL, + 0x3956c25bf348b538ULL, 0x59f111f1b605d019ULL, + 0x923f82a4af194f9bULL, 0xab1c5ed5da6d8118ULL, + 0xd807aa98a3030242ULL, 0x12835b0145706fbeULL, + 0x243185be4ee4b28cULL, 0x550c7dc3d5ffb4e2ULL, + 0x72be5d74f27b896fULL, 0x80deb1fe3b1696b1ULL, + 0x9bdc06a725c71235ULL, 0xc19bf174cf692694ULL, + 0xe49b69c19ef14ad2ULL, 0xefbe4786384f25e3ULL, + 0x0fc19dc68b8cd5b5ULL, 0x240ca1cc77ac9c65ULL, + 0x2de92c6f592b0275ULL, 0x4a7484aa6ea6e483ULL, + 0x5cb0a9dcbd41fbd4ULL, 0x76f988da831153b5ULL, + 0x983e5152ee66dfabULL, 0xa831c66d2db43210ULL, + 0xb00327c898fb213fULL, 0xbf597fc7beef0ee4ULL, + 0xc6e00bf33da88fc2ULL, 0xd5a79147930aa725ULL, + 0x06ca6351e003826fULL, 0x142929670a0e6e70ULL, + 0x27b70a8546d22ffcULL, 0x2e1b21385c26c926ULL, + 0x4d2c6dfc5ac42aedULL, 0x53380d139d95b3dfULL, + 0x650a73548baf63deULL, 0x766a0abb3c77b2a8ULL, + 0x81c2c92e47edaee6ULL, 0x92722c851482353bULL, + 0xa2bfe8a14cf10364ULL, 0xa81a664bbc423001ULL, + 0xc24b8b70d0f89791ULL, 0xc76c51a30654be30ULL, + 0xd192e819d6ef5218ULL, 0xd69906245565a910ULL, + 0xf40e35855771202aULL, 0x106aa07032bbd1b8ULL, + 0x19a4c116b8d2d0c8ULL, 0x1e376c085141ab53ULL, + 0x2748774cdf8eeb99ULL, 0x34b0bcb5e19b48a8ULL, + 0x391c0cb3c5c95a63ULL, 0x4ed8aa4ae3418acbULL, + 0x5b9cca4f7763e373ULL, 0x682e6ff3d6b2b8a3ULL, + 0x748f82ee5defb2fcULL, 0x78a5636f43172f60ULL, + 0x84c87814a1f0ab72ULL, 0x8cc702081a6439ecULL, + 0x90befffa23631e28ULL, 0xa4506cebde82bde9ULL, + 0xbef9a3f7b2c67915ULL, 0xc67178f2e372532bULL, + 0xca273eceea26619cULL, 0xd186b8c721c0c207ULL, + 0xeada7dd6cde0eb1eULL, 0xf57d4f7fee6ed178ULL, + 0x06f067aa72176fbaULL, 0x0a637dc5a2c898a6ULL, + 0x113f9804bef90daeULL, 0x1b710b35131c471bULL, + 0x28db77f523047d84ULL, 0x32caab7b40c72493ULL, + 0x3c9ebe0a15c9bebcULL, 0x431d67c49c100d4cULL, + 0x4cc5d4becb3e42b6ULL, 0x597f299cfc657e2aULL, + 0x5fcb6fab3ad6faecULL, 0x6c44198c4a475817ULL +}; + +/* initial hash value H for SHA-384 */ +static const sha2_word64 sha384_initial_hash_value[8] = { + 0xcbbb9d5dc1059ed8ULL, + 0x629a292a367cd507ULL, + 0x9159015a3070dd17ULL, + 0x152fecd8f70e5939ULL, + 0x67332667ffc00b31ULL, + 0x8eb44a8768581511ULL, + 0xdb0c2e0d64f98fa7ULL, + 0x47b5481dbefa4fa4ULL +}; + +/* initial hash value H for SHA-512 */ +static const sha2_word64 sha512_initial_hash_value[8] = { + 0x6a09e667f3bcc908ULL, + 0xbb67ae8584caa73bULL, + 0x3c6ef372fe94f82bULL, + 0xa54ff53a5f1d36f1ULL, + 0x510e527fade682d1ULL, + 0x9b05688c2b3e6c1fULL, + 0x1f83d9abfb41bd6bULL, + 0x5be0cd19137e2179ULL +}; + +/*** SHA-256: *********************************************************/ +void ldns_sha256_init(ldns_sha256_CTX* context) { + if (context == (ldns_sha256_CTX*)0) { + return; + } + MEMCPY_BCOPY(context->state, ldns_sha256_initial_hash_value, LDNS_SHA256_DIGEST_LENGTH); + MEMSET_BZERO(context->buffer, LDNS_SHA256_BLOCK_LENGTH); + context->bitcount = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-256 round macros: */ + +#if BYTE_ORDER == LITTLE_ENDIAN + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ + REVERSE32(*data++, W256[j]); \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ + K256[j] + W256[j]; \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + + +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND256_0_TO_15(a,b,c,d,e,f,g,h) \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + \ + K256[j] + (W256[j] = *data++); \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND256(a,b,c,d,e,f,g,h) \ + s0 = W256[(j+1)&0x0f]; \ + s0 = sigma0_256(s0); \ + s1 = W256[(j+14)&0x0f]; \ + s1 = sigma1_256(s1); \ + T1 = (h) + Sigma1_256(e) + Ch((e), (f), (g)) + K256[j] + \ + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_256(a) + Maj((a), (b), (c)); \ + j++ + +static void ldns_sha256_Transform(ldns_sha256_CTX* context, + const sha2_word32* data) { + sha2_word32 a, b, c, d, e, f, g, h, s0, s1; + sha2_word32 T1, *W256; + int j; + + W256 = (sha2_word32*)context->buffer; + + /* initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { + /* Rounds 0 to 15 (unrolled): */ + ROUND256_0_TO_15(a,b,c,d,e,f,g,h); + ROUND256_0_TO_15(h,a,b,c,d,e,f,g); + ROUND256_0_TO_15(g,h,a,b,c,d,e,f); + ROUND256_0_TO_15(f,g,h,a,b,c,d,e); + ROUND256_0_TO_15(e,f,g,h,a,b,c,d); + ROUND256_0_TO_15(d,e,f,g,h,a,b,c); + ROUND256_0_TO_15(c,d,e,f,g,h,a,b); + ROUND256_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds to 64: */ + do { + ROUND256(a,b,c,d,e,f,g,h); + ROUND256(h,a,b,c,d,e,f,g); + ROUND256(g,h,a,b,c,d,e,f); + ROUND256(f,g,h,a,b,c,d,e); + ROUND256(e,f,g,h,a,b,c,d); + ROUND256(d,e,f,g,h,a,b,c); + ROUND256(c,d,e,f,g,h,a,b); + ROUND256(b,c,d,e,f,g,h,a); + } while (j < 64); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +static void ldns_sha256_Transform(ldns_sha256_CTX* context, + const sha2_word32* data) { + sha2_word32 a, b, c, d, e, f, g, h, s0, s1; + sha2_word32 T1, T2, *W256; + int j; + + W256 = (sha2_word32*)context->buffer; + + /* initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { +#if BYTE_ORDER == LITTLE_ENDIAN + /* Copy data while converting to host byte order */ + REVERSE32(*data++,W256[j]); + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + W256[j]; +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + /* Apply the SHA-256 compression function to update a..h with copy */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + (W256[j] = *data++); +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W256[(j+1)&0x0f]; + s0 = sigma0_256(s0); + s1 = W256[(j+14)&0x0f]; + s1 = sigma1_256(s1); + + /* Apply the SHA-256 compression function to update a..h */ + T1 = h + Sigma1_256(e) + Ch(e, f, g) + K256[j] + + (W256[j&0x0f] += s1 + W256[(j+9)&0x0f] + s0); + T2 = Sigma0_256(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 64); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void ldns_sha256_update(ldns_sha256_CTX* context, const sha2_byte *data, size_t len) { + unsigned int freespace, usedspace; + + if (len == 0) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + assert(context != (ldns_sha256_CTX*)0 && data != (sha2_byte*)0); + + usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = LDNS_SHA256_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); + context->bitcount += freespace << 3; + len -= freespace; + data += freespace; + ldns_sha256_Transform(context, (sha2_word32*)context->buffer); + } else { + /* The buffer is not yet full */ + MEMCPY_BCOPY(&context->buffer[usedspace], data, len); + context->bitcount += len << 3; + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= LDNS_SHA256_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + ldns_sha256_Transform(context, (sha2_word32*)data); + context->bitcount += LDNS_SHA256_BLOCK_LENGTH << 3; + len -= LDNS_SHA256_BLOCK_LENGTH; + data += LDNS_SHA256_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + MEMCPY_BCOPY(context->buffer, data, len); + context->bitcount += len << 3; + } + /* Clean up: */ + usedspace = freespace = 0; +} + +void ldns_sha256_final(sha2_byte digest[], ldns_sha256_CTX* context) { + sha2_word32 *d = (sha2_word32*)digest; + unsigned int usedspace; + + /* Sanity check: */ + assert(context != (ldns_sha256_CTX*)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (sha2_byte*)0) { + usedspace = (context->bitcount >> 3) % LDNS_SHA256_BLOCK_LENGTH; +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert FROM host byte order */ + REVERSE64(context->bitcount,context->bitcount); +#endif + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= ldns_sha256_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + MEMSET_BZERO(&context->buffer[usedspace], ldns_sha256_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < LDNS_SHA256_BLOCK_LENGTH) { + MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA256_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + ldns_sha256_Transform(context, (sha2_word32*)context->buffer); + + /* And set-up for the last transform: */ + MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH); + } + } else { + /* Set-up for the last transform: */ + MEMSET_BZERO(context->buffer, ldns_sha256_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Set the bit count: */ + *(sha2_word64*)&context->buffer[ldns_sha256_SHORT_BLOCK_LENGTH] = context->bitcount; + + /* final transform: */ + ldns_sha256_Transform(context, (sha2_word32*)context->buffer); + +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 8; j++) { + REVERSE32(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + MEMCPY_BCOPY(d, context->state, LDNS_SHA256_DIGEST_LENGTH); +#endif + } + + /* Clean up state data: */ + MEMSET_BZERO(context, sizeof(context)); + usedspace = 0; +} + +unsigned char * +ldns_sha256(unsigned char *data, unsigned int data_len, unsigned char *digest) +{ + ldns_sha256_CTX ctx; + ldns_sha256_init(&ctx); + ldns_sha256_update(&ctx, data, data_len); + ldns_sha256_final(digest, &ctx); + return digest; +} + +/*** SHA-512: *********************************************************/ +void ldns_sha512_init(ldns_sha512_CTX* context) { + if (context == (ldns_sha512_CTX*)0) { + return; + } + MEMCPY_BCOPY(context->state, sha512_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH); + MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH); + context->bitcount[0] = context->bitcount[1] = 0; +} + +#ifdef SHA2_UNROLL_TRANSFORM + +/* Unrolled SHA-512 round macros: */ +#if BYTE_ORDER == LITTLE_ENDIAN + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ + REVERSE64(*data++, W512[j]); \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ + K512[j] + W512[j]; \ + (d) += T1, \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)), \ + j++ + + +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND512_0_TO_15(a,b,c,d,e,f,g,h) \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + \ + K512[j] + (W512[j] = *data++); \ + (d) += T1; \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ + j++ + +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + +#define ROUND512(a,b,c,d,e,f,g,h) \ + s0 = W512[(j+1)&0x0f]; \ + s0 = sigma0_512(s0); \ + s1 = W512[(j+14)&0x0f]; \ + s1 = sigma1_512(s1); \ + T1 = (h) + Sigma1_512(e) + Ch((e), (f), (g)) + K512[j] + \ + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); \ + (d) += T1; \ + (h) = T1 + Sigma0_512(a) + Maj((a), (b), (c)); \ + j++ + +static void ldns_sha512_Transform(ldns_sha512_CTX* context, + const sha2_word64* data) { + sha2_word64 a, b, c, d, e, f, g, h, s0, s1; + sha2_word64 T1, *W512 = (sha2_word64*)context->buffer; + int j; + + /* initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { + ROUND512_0_TO_15(a,b,c,d,e,f,g,h); + ROUND512_0_TO_15(h,a,b,c,d,e,f,g); + ROUND512_0_TO_15(g,h,a,b,c,d,e,f); + ROUND512_0_TO_15(f,g,h,a,b,c,d,e); + ROUND512_0_TO_15(e,f,g,h,a,b,c,d); + ROUND512_0_TO_15(d,e,f,g,h,a,b,c); + ROUND512_0_TO_15(c,d,e,f,g,h,a,b); + ROUND512_0_TO_15(b,c,d,e,f,g,h,a); + } while (j < 16); + + /* Now for the remaining rounds up to 79: */ + do { + ROUND512(a,b,c,d,e,f,g,h); + ROUND512(h,a,b,c,d,e,f,g); + ROUND512(g,h,a,b,c,d,e,f); + ROUND512(f,g,h,a,b,c,d,e); + ROUND512(e,f,g,h,a,b,c,d); + ROUND512(d,e,f,g,h,a,b,c); + ROUND512(c,d,e,f,g,h,a,b); + ROUND512(b,c,d,e,f,g,h,a); + } while (j < 80); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = 0; +} + +#else /* SHA2_UNROLL_TRANSFORM */ + +static void ldns_sha512_Transform(ldns_sha512_CTX* context, + const sha2_word64* data) { + sha2_word64 a, b, c, d, e, f, g, h, s0, s1; + sha2_word64 T1, T2, *W512 = (sha2_word64*)context->buffer; + int j; + + /* initialize registers with the prev. intermediate value */ + a = context->state[0]; + b = context->state[1]; + c = context->state[2]; + d = context->state[3]; + e = context->state[4]; + f = context->state[5]; + g = context->state[6]; + h = context->state[7]; + + j = 0; + do { +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert TO host byte order */ + REVERSE64(*data++, W512[j]); + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + W512[j]; +#else /* BYTE_ORDER == LITTLE_ENDIAN */ + /* Apply the SHA-512 compression function to update a..h with copy */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + (W512[j] = *data++); +#endif /* BYTE_ORDER == LITTLE_ENDIAN */ + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 16); + + do { + /* Part of the message block expansion: */ + s0 = W512[(j+1)&0x0f]; + s0 = sigma0_512(s0); + s1 = W512[(j+14)&0x0f]; + s1 = sigma1_512(s1); + + /* Apply the SHA-512 compression function to update a..h */ + T1 = h + Sigma1_512(e) + Ch(e, f, g) + K512[j] + + (W512[j&0x0f] += s1 + W512[(j+9)&0x0f] + s0); + T2 = Sigma0_512(a) + Maj(a, b, c); + h = g; + g = f; + f = e; + e = d + T1; + d = c; + c = b; + b = a; + a = T1 + T2; + + j++; + } while (j < 80); + + /* Compute the current intermediate hash value */ + context->state[0] += a; + context->state[1] += b; + context->state[2] += c; + context->state[3] += d; + context->state[4] += e; + context->state[5] += f; + context->state[6] += g; + context->state[7] += h; + + /* Clean up */ + a = b = c = d = e = f = g = h = T1 = T2 = 0; +} + +#endif /* SHA2_UNROLL_TRANSFORM */ + +void ldns_sha512_update(ldns_sha512_CTX* context, const sha2_byte *data, size_t len) { + unsigned int freespace, usedspace; + + if (len == 0) { + /* Calling with no data is valid - we do nothing */ + return; + } + + /* Sanity check: */ + assert(context != (ldns_sha512_CTX*)0 && data != (sha2_byte*)0); + + usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH; + if (usedspace > 0) { + /* Calculate how much free space is available in the buffer */ + freespace = LDNS_SHA512_BLOCK_LENGTH - usedspace; + + if (len >= freespace) { + /* Fill the buffer completely and process it */ + MEMCPY_BCOPY(&context->buffer[usedspace], data, freespace); + ADDINC128(context->bitcount, freespace << 3); + len -= freespace; + data += freespace; + ldns_sha512_Transform(context, (sha2_word64*)context->buffer); + } else { + /* The buffer is not yet full */ + MEMCPY_BCOPY(&context->buffer[usedspace], data, len); + ADDINC128(context->bitcount, len << 3); + /* Clean up: */ + usedspace = freespace = 0; + return; + } + } + while (len >= LDNS_SHA512_BLOCK_LENGTH) { + /* Process as many complete blocks as we can */ + ldns_sha512_Transform(context, (sha2_word64*)data); + ADDINC128(context->bitcount, LDNS_SHA512_BLOCK_LENGTH << 3); + len -= LDNS_SHA512_BLOCK_LENGTH; + data += LDNS_SHA512_BLOCK_LENGTH; + } + if (len > 0) { + /* There's left-overs, so save 'em */ + MEMCPY_BCOPY(context->buffer, data, len); + ADDINC128(context->bitcount, len << 3); + } + /* Clean up: */ + usedspace = freespace = 0; +} + +static void ldns_sha512_Last(ldns_sha512_CTX* context) { + unsigned int usedspace; + + usedspace = (context->bitcount[0] >> 3) % LDNS_SHA512_BLOCK_LENGTH; +#if BYTE_ORDER == LITTLE_ENDIAN + /* Convert FROM host byte order */ + REVERSE64(context->bitcount[0],context->bitcount[0]); + REVERSE64(context->bitcount[1],context->bitcount[1]); +#endif + if (usedspace > 0) { + /* Begin padding with a 1 bit: */ + context->buffer[usedspace++] = 0x80; + + if (usedspace <= ldns_sha512_SHORT_BLOCK_LENGTH) { + /* Set-up for the last transform: */ + MEMSET_BZERO(&context->buffer[usedspace], ldns_sha512_SHORT_BLOCK_LENGTH - usedspace); + } else { + if (usedspace < LDNS_SHA512_BLOCK_LENGTH) { + MEMSET_BZERO(&context->buffer[usedspace], LDNS_SHA512_BLOCK_LENGTH - usedspace); + } + /* Do second-to-last transform: */ + ldns_sha512_Transform(context, (sha2_word64*)context->buffer); + + /* And set-up for the last transform: */ + MEMSET_BZERO(context->buffer, LDNS_SHA512_BLOCK_LENGTH - 2); + } + } else { + /* Prepare for final transform: */ + MEMSET_BZERO(context->buffer, ldns_sha512_SHORT_BLOCK_LENGTH); + + /* Begin padding with a 1 bit: */ + *context->buffer = 0x80; + } + /* Store the length of input data (in bits): */ + *(sha2_word64*)&context->buffer[ldns_sha512_SHORT_BLOCK_LENGTH] = context->bitcount[1]; + *(sha2_word64*)&context->buffer[ldns_sha512_SHORT_BLOCK_LENGTH+8] = context->bitcount[0]; + + /* final transform: */ + ldns_sha512_Transform(context, (sha2_word64*)context->buffer); +} + +void ldns_sha512_final(sha2_byte digest[], ldns_sha512_CTX* context) { + sha2_word64 *d = (sha2_word64*)digest; + + /* Sanity check: */ + assert(context != (ldns_sha512_CTX*)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (sha2_byte*)0) { + ldns_sha512_Last(context); + + /* Save the hash data for output: */ +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 8; j++) { + REVERSE64(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + MEMCPY_BCOPY(d, context->state, LDNS_SHA512_DIGEST_LENGTH); +#endif + } + + /* Zero out state data */ + MEMSET_BZERO(context, sizeof(context)); +} + +unsigned char * +ldns_sha512(unsigned char *data, unsigned int data_len, unsigned char *digest) +{ + ldns_sha512_CTX ctx; + ldns_sha512_init(&ctx); + ldns_sha512_update(&ctx, data, data_len); + ldns_sha512_final(digest, &ctx); + return digest; +} + +/*** SHA-384: *********************************************************/ +void ldns_sha384_init(ldns_sha384_CTX* context) { + if (context == (ldns_sha384_CTX*)0) { + return; + } + MEMCPY_BCOPY(context->state, sha384_initial_hash_value, LDNS_SHA512_DIGEST_LENGTH); + MEMSET_BZERO(context->buffer, LDNS_SHA384_BLOCK_LENGTH); + context->bitcount[0] = context->bitcount[1] = 0; +} + +void ldns_sha384_update(ldns_sha384_CTX* context, const sha2_byte* data, size_t len) { + ldns_sha512_update((ldns_sha512_CTX*)context, data, len); +} + +void ldns_sha384_final(sha2_byte digest[], ldns_sha384_CTX* context) { + sha2_word64 *d = (sha2_word64*)digest; + + /* Sanity check: */ + assert(context != (ldns_sha384_CTX*)0); + + /* If no digest buffer is passed, we don't bother doing this: */ + if (digest != (sha2_byte*)0) { + ldns_sha512_Last((ldns_sha512_CTX*)context); + + /* Save the hash data for output: */ +#if BYTE_ORDER == LITTLE_ENDIAN + { + /* Convert TO host byte order */ + int j; + for (j = 0; j < 6; j++) { + REVERSE64(context->state[j],context->state[j]); + *d++ = context->state[j]; + } + } +#else + MEMCPY_BCOPY(d, context->state, LDNS_SHA384_DIGEST_LENGTH); +#endif + } + + /* Zero out state data */ + MEMSET_BZERO(context, sizeof(context)); +} + +unsigned char * +ldns_sha384(unsigned char *data, unsigned int data_len, unsigned char *digest) +{ + ldns_sha384_CTX ctx; + ldns_sha384_init(&ctx); + ldns_sha384_update(&ctx, data, data_len); + ldns_sha384_final(digest, &ctx); + return digest; +} diff --git a/contrib/ldns/str2host.c b/contrib/ldns/str2host.c new file mode 100644 index 0000000000..4ee3e782ae --- /dev/null +++ b/contrib/ldns/str2host.c @@ -0,0 +1,1182 @@ +/* + * str2host.c + * + * conversion routines from the presentation format + * to the host format + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ +#include + +#include + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#include + +#include +#ifdef HAVE_NETDB_H +#include +#endif + +#include +#ifdef HAVE_SYS_PARAM_H +#include +#endif + +ldns_status +ldns_str2rdf_int16(ldns_rdf **rd, const char *shortstr) +{ + char *end = NULL; + uint16_t *r; + r = LDNS_MALLOC(uint16_t); + + *r = htons((uint16_t)strtol((char *)shortstr, &end, 10)); + + if(*end != 0) { + LDNS_FREE(r); + return LDNS_STATUS_INVALID_INT; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT16, sizeof(uint16_t), r); + LDNS_FREE(r); + return LDNS_STATUS_OK; + } +} + +ldns_status +ldns_str2rdf_time(ldns_rdf **rd, const char *time) +{ + /* convert a time YYYYDDMMHHMMSS to wireformat */ + uint16_t *r = NULL; + struct tm tm; + uint32_t l; + char *end; + + /* Try to scan the time... */ + r = (uint16_t*)LDNS_MALLOC(uint32_t); + + memset(&tm, 0, sizeof(tm)); + + if (strlen(time) == 14 && + sscanf(time, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec) == 6 + ) { + tm.tm_year -= 1900; + tm.tm_mon--; + /* Check values */ + if (tm.tm_year < 70) { + goto bad_format; + } + if (tm.tm_mon < 0 || tm.tm_mon > 11) { + goto bad_format; + } + if (tm.tm_mday < 1 || tm.tm_mday > 31) { + goto bad_format; + } + + if (tm.tm_hour < 0 || tm.tm_hour > 23) { + goto bad_format; + } + + if (tm.tm_min < 0 || tm.tm_min > 59) { + goto bad_format; + } + + if (tm.tm_sec < 0 || tm.tm_sec > 59) { + goto bad_format; + } + + l = htonl(mktime_from_utc(&tm)); + memcpy(r, &l, sizeof(uint32_t)); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_TIME, sizeof(uint32_t), r); + LDNS_FREE(r); + return LDNS_STATUS_OK; + } else { + /* handle it as 32 bits timestamp */ + l = htonl((uint32_t)strtol((char*)time, &end, 10)); + if(*end != 0) { + LDNS_FREE(r); + return LDNS_STATUS_ERR; + } else { + memcpy(r, &l, sizeof(uint32_t)); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r); + LDNS_FREE(r); + return LDNS_STATUS_OK; + } + } + + bad_format: + LDNS_FREE(r); + return LDNS_STATUS_INVALID_TIME; +} + +ldns_status +ldns_str2rdf_nsec3_salt(ldns_rdf **rd, const char *salt_str) +{ + uint8_t salt_length; + int c; + int salt_length_str; + + uint8_t *salt; + uint8_t *data; + + salt_length_str = strlen(salt_str); + if (salt_length_str == 1 && salt_str[0] == '-') { + salt_length_str = 0; + } else if (salt_length_str % 2 != 0) { + return LDNS_STATUS_INVALID_HEX; + } + if (salt_length_str > 512) { + return LDNS_STATUS_INVALID_HEX; + } + + salt = LDNS_XMALLOC(uint8_t, salt_length_str / 2); + for (c = 0; c < salt_length_str; c += 2) { + if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) { + salt[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 + + ldns_hexdigit_to_int(salt_str[c+1]); + } else { + LDNS_FREE(salt); + return LDNS_STATUS_INVALID_HEX; + } + } + salt_length = (uint8_t) (salt_length_str / 2); + + data = LDNS_XMALLOC(uint8_t, 1 + salt_length); + data[0] = salt_length; + memcpy(&data[1], salt, salt_length); + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, 1 + salt_length, data); + LDNS_FREE(data); + LDNS_FREE(salt); + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_period(ldns_rdf **rd,const char *period) +{ + uint32_t p; + const char *end; + + /* Allocate required space... */ + p = ldns_str2period(period, &end); + + if (*end != 0) { + return LDNS_STATUS_ERR; + } else { + p = (uint32_t) htonl(p); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_PERIOD, sizeof(uint32_t), &p); + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_int32(ldns_rdf **rd, const char *longstr) +{ + char *end; + uint16_t *r = NULL; + uint32_t l; + + r = (uint16_t*)LDNS_MALLOC(uint32_t); + errno = 0; /* must set to zero before call, + note race condition on errno */ + if(*longstr == '-') + l = htonl((uint32_t)strtol((char*)longstr, &end, 10)); + else l = htonl((uint32_t)strtoul((char*)longstr, &end, 10)); + + if(*end != 0) { + LDNS_FREE(r); + return LDNS_STATUS_ERR; + } else { + if (errno == ERANGE) { + LDNS_FREE(r); + return LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW; + } + memcpy(r, &l, sizeof(uint32_t)); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT32, sizeof(uint32_t), r); + LDNS_FREE(r); + return LDNS_STATUS_OK; + } +} + +ldns_status +ldns_str2rdf_int8(ldns_rdf **rd, const char *bytestr) +{ + char *end; + uint8_t *r = NULL; + + r = LDNS_MALLOC(uint8_t); + + *r = (uint8_t)strtol((char*)bytestr, &end, 10); + + if(*end != 0) { + LDNS_FREE(r); + return LDNS_STATUS_ERR; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT8, sizeof(uint8_t), r); + LDNS_FREE(r); + return LDNS_STATUS_OK; + } +} + + +/* + * Checks whether the escaped value at **s is an octal value or + * a 'normally' escaped character (and not eos) + * + * The string pointer at *s is increased by either 0 (on error), 1 (on + * normal escapes), or 3 (on octals) + * + * Returns the number of bytes read from the escaped string, or + * 0 on error + */ +static int +parse_escape(uint8_t *s, uint8_t *q) { + uint8_t val; + if (strlen((char *)s) > 3 && + isdigit((int) s[1]) && + isdigit((int) s[2]) && + isdigit((int) s[3])) { + /* cast this so it fits */ + val = (uint8_t) ldns_hexdigit_to_int((char) s[1]) * 100 + + ldns_hexdigit_to_int((char) s[2]) * 10 + + ldns_hexdigit_to_int((char) s[3]); + *q = val; + return 3; + } else { + s++; + if (*s == '\0') { + /* apparently the string terminator + * has been escaped... + */ + return 0; + } + *q = *s; + return 1; + } +} + +/* + * No special care is taken, all dots are translated into + * label seperators. + * Could be made more efficient....we do 3 memcpy's in total... + */ +ldns_status +ldns_str2rdf_dname(ldns_rdf **d, const char *str) +{ + size_t len; + + int esc; + uint8_t *s,*p,*q, *pq, label_len; + uint8_t buf[LDNS_MAX_DOMAINLEN + 1]; + *d = NULL; + + len = strlen((char*)str); + /* octet representation can make strings a lot longer than actual length */ + if (len > LDNS_MAX_DOMAINLEN * 4) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + if (0 == len) { + return LDNS_STATUS_DOMAINNAME_UNDERFLOW; + } + + /* root label */ + if (1 == len && *str == '.') { + *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, 1, "\0"); + return LDNS_STATUS_OK; + } + + /* get on with the rest */ + + /* s is on the current dot + * p on the previous one + * q builds the dname + */ + len = 0; + q = buf+1; + pq = buf; + label_len = 0; + for (s = p = (uint8_t *) str; *s; s++, q++) { + if (q > buf + LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + *q = 0; + switch (*s) { + case '.': + if (label_len > LDNS_MAX_LABELLEN) { + return LDNS_STATUS_LABEL_OVERFLOW; + } + if (label_len == 0) { + return LDNS_STATUS_EMPTY_LABEL; + } + len += label_len + 1; + *pq = label_len; + label_len = 0; + pq = q; + p = s+1; + break; + case '\\': + /* octet value or literal char */ + esc = parse_escape(s, q); + if (esc > 0) { + s += esc; + label_len++; + } else { + return LDNS_STATUS_SYNTAX_BAD_ESCAPE; + } + break; + default: + *q = *s; + label_len++; + } + } + + /* add root label if last char was not '.' */ + if (!ldns_dname_str_absolute(str)) { + if (q > buf + LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + len += label_len + 1; + *pq = label_len; + *q = 0; + } + len++; + + *d = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, len, buf); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_a(ldns_rdf **rd, const char *str) +{ + in_addr_t address; + if (inet_pton(AF_INET, (char*)str, &address) != 1) { + return LDNS_STATUS_INVALID_IP4; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_A, sizeof(address), &address); + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_aaaa(ldns_rdf **rd, const char *str) +{ + uint8_t address[LDNS_IP6ADDRLEN + 1]; + + if (inet_pton(AF_INET6, (char*)str, address) != 1) { + return LDNS_STATUS_INVALID_IP6; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_AAAA, sizeof(address) - 1, &address); + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_str(ldns_rdf **rd, const char *str) +{ + uint8_t *data; + size_t i, str_i; + + if (strlen(str) > 255) { + return LDNS_STATUS_INVALID_STR; + } + + data = LDNS_XMALLOC(uint8_t, strlen(str) + 1); + i = 1; + for (str_i = 0; str_i < strlen(str); str_i++) { + if (str[str_i] == '\\') { + /* octet value or literal char */ + str_i += (size_t) parse_escape((uint8_t*) &str[str_i], (uint8_t*) &data[i]); + } else { + data[i] = (uint8_t) str[str_i]; + } + i++; + } + data[0] = i - 1; + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_STR, i, data); + LDNS_FREE(data); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_apl(ldns_rdf **rd, const char *str) +{ + const char *my_str = str; + + char *my_ip_str; + size_t ip_str_len; + + uint16_t family; + bool negation; + uint8_t afdlength = 0; + uint8_t *afdpart; + uint8_t prefix; + + uint8_t *data; + + size_t i = 0; + + /* [!]afi:address/prefix */ + if (strlen(my_str) < 2) { + return LDNS_STATUS_INVALID_STR; + } + + if (my_str[0] == '!') { + negation = true; + my_str += 1; + } else { + negation = false; + } + + family = (uint16_t) atoi(my_str); + + my_str = strchr(my_str, ':') + 1; + + /* need ip addr and only ip addr for inet_pton */ + ip_str_len = (size_t) (strchr(my_str, '/') - my_str); + my_ip_str = LDNS_XMALLOC(char, ip_str_len + 1); + strncpy(my_ip_str, my_str, ip_str_len + 1); + my_ip_str[ip_str_len] = '\0'; + + if (family == 1) { + /* ipv4 */ + afdpart = LDNS_XMALLOC(uint8_t, 4); + if (inet_pton(AF_INET, my_ip_str, afdpart) == 0) { + return LDNS_STATUS_INVALID_STR; + } + for (i = 0; i < 4; i++) { + if (afdpart[i] != 0) { + afdlength = i + 1; + } + } + } else if (family == 2) { + /* ipv6 */ + afdpart = LDNS_XMALLOC(uint8_t, 16); + if (inet_pton(AF_INET6, my_ip_str, afdpart) == 0) { + return LDNS_STATUS_INVALID_STR; + } + for (i = 0; i < 16; i++) { + if (afdpart[i] != 0) { + afdlength = i + 1; + } + } + } else { + /* unknown family */ + LDNS_FREE(my_ip_str); + return LDNS_STATUS_INVALID_STR; + } + + my_str = strchr(my_str, '/') + 1; + prefix = (uint8_t) atoi(my_str); + + data = LDNS_XMALLOC(uint8_t, 4 + afdlength); + ldns_write_uint16(data, family); + data[2] = prefix; + data[3] = afdlength; + if (negation) { + /* set bit 1 of byte 3 */ + data[3] = data[3] | 0x80; + } + + memcpy(data + 4, afdpart, afdlength); + + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_APL, afdlength + 4, data); + LDNS_FREE(afdpart); + LDNS_FREE(data); + LDNS_FREE(my_ip_str); + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_b64(ldns_rdf **rd, const char *str) +{ + uint8_t *buffer; + int16_t i; + + buffer = LDNS_XMALLOC(uint8_t, ldns_b64_ntop_calculate_size(strlen(str))); + + i = (uint16_t)ldns_b64_pton((const char*)str, buffer, + ldns_b64_ntop_calculate_size(strlen(str))); + if (-1 == i) { + LDNS_FREE(buffer); + return LDNS_STATUS_INVALID_B64; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_B64, (uint16_t) i, buffer); + } + LDNS_FREE(buffer); + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_b32_ext(ldns_rdf **rd, const char *str) +{ + uint8_t *buffer; + int i; + /* first byte contains length of actual b32 data */ + uint8_t len = ldns_b32_pton_calculate_size(strlen(str)); + buffer = LDNS_XMALLOC(uint8_t, len + 1); + buffer[0] = len; + + i = ldns_b32_pton_extended_hex((const char*)str, strlen(str), buffer + 1, + ldns_b32_ntop_calculate_size(strlen(str))); + if (i < 0) { + return LDNS_STATUS_INVALID_B32_EXT; + } else { + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_B32_EXT, (uint16_t) i + 1, buffer); + } + LDNS_FREE(buffer); + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_hex(ldns_rdf **rd, const char *str) +{ + uint8_t *t, *t_orig; + int i; + size_t len; + + len = strlen(str); + + if (len > LDNS_MAX_RDFLEN * 2) { + return LDNS_STATUS_LABEL_OVERFLOW; + } else { + t = LDNS_XMALLOC(uint8_t, (len / 2) + 1); + t_orig = t; + /* Now process octet by octet... */ + while (*str) { + *t = 0; + if (isspace((int) *str)) { + str++; + } else { + for (i = 16; i >= 1; i -= 15) { + while (*str && isspace((int) *str)) { str++; } + if (*str) { + if (isxdigit((int) *str)) { + *t += ldns_hexdigit_to_int(*str) * i; + } else { + return LDNS_STATUS_ERR; + } + ++str; + } + } + ++t; + } + } + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + (size_t) (t - t_orig), + t_orig); + LDNS_FREE(t_orig); + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_nsec(ldns_rdf **rd, const char *str) +{ + const char *delimiters = "\n\t "; + char *token = LDNS_XMALLOC(char, LDNS_MAX_RDFLEN); + ldns_buffer *str_buf; + ssize_t c; + uint16_t cur_type; + size_t type_count = 0; + ldns_rr_type type_list[1024]; + + str_buf = LDNS_MALLOC(ldns_buffer); + ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); + + while ((c = ldns_bget_token(str_buf, token, delimiters, LDNS_MAX_RDFLEN)) != -1) { + cur_type = ldns_get_rr_type_by_name(token); + type_list[type_count] = cur_type; + type_count++; + } + + *rd = ldns_dnssec_create_nsec_bitmap(type_list, + type_count, + LDNS_RR_TYPE_NSEC); + + if (token) + LDNS_FREE(token); + ldns_buffer_free(str_buf); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_type(ldns_rdf **rd, const char *str) +{ + uint16_t type; + type = htons(ldns_get_rr_type_by_name(str)); + /* ldns_rr_type is a 16 bit value */ + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_TYPE, sizeof(uint16_t), &type); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_class(ldns_rdf **rd, const char *str) +{ + uint16_t klass; + klass = htons(ldns_get_rr_class_by_name(str)); + /* class is 16 bit */ + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_CLASS, sizeof(uint16_t), &klass); + return LDNS_STATUS_OK; +} + +/* An certificate alg field can either be specified as a 8 bits number + * or by its symbolic name. Handle both + */ +ldns_status +ldns_str2rdf_cert_alg(ldns_rdf **rd, const char *str) +{ + ldns_lookup_table *lt; + ldns_status st; + uint8_t idd[2]; + lt = ldns_lookup_by_name(ldns_cert_algorithms, str); + st = LDNS_STATUS_OK; + + if (lt) { + ldns_write_uint16(idd, (uint16_t) lt->id); + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_INT16, sizeof(uint16_t), idd); + if (!*rd) { + st = LDNS_STATUS_ERR; + } + } else { + /* try as-is (a number) */ + st = ldns_str2rdf_int16(rd, str); + if (st == LDNS_STATUS_OK && + ldns_rdf2native_int16(*rd) == 0) { + st = LDNS_STATUS_CERT_BAD_ALGORITHM; + } + } + + return st; +} + +/* An alg field can either be specified as a 8 bits number + * or by its symbolic name. Handle both + */ +ldns_status +ldns_str2rdf_alg(ldns_rdf **rd, const char *str) +{ + ldns_lookup_table *lt; + ldns_status st; + + lt = ldns_lookup_by_name(ldns_algorithms, str); + st = LDNS_STATUS_OK; + + if (lt) { + /* it was given as a integer */ + *rd = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t) lt->id); + if (!*rd) { + st = LDNS_STATUS_ERR; + } + } else { + /* try as-is (a number) */ + st = ldns_str2rdf_int8(rd, str); + } + return st; +} + +ldns_status +ldns_str2rdf_unknown(ldns_rdf **rd, const char *str) +{ + /* this should be caught in an earlier time (general str2host for + rr's */ + rd = rd; + str = str; + return LDNS_STATUS_NOT_IMPL; +} + +ldns_status +ldns_str2rdf_tsig(ldns_rdf **rd, const char *str) +{ + /* there is no strign representation for TSIG rrs */ + rd = rd; + str = str; + return LDNS_STATUS_NOT_IMPL; +} + +ldns_status +ldns_str2rdf_service(ldns_rdf **rd, const char *str) +{ + /* is this used? is this actually WKS? or SRV? */ + rd = rd; + str = str; + return LDNS_STATUS_NOT_IMPL; +} + +static int +loc_parse_cm(char* my_str, char** endstr, uint8_t* m, uint8_t* e) +{ + /* read [.][mM] */ + /* into mantissa exponent format for LOC type */ + uint32_t meters = 0, cm = 0, val; + while (isblank(*my_str)) { + my_str++; + } + meters = (uint32_t)strtol(my_str, &my_str, 10); + if (*my_str == '.') { + my_str++; + cm = (uint32_t)strtol(my_str, &my_str, 10); + } + if (meters >= 1) { + *e = 2; + val = meters; + } else { + *e = 0; + val = cm; + } + while(val >= 10) { + (*e)++; + val /= 10; + } + *m = (uint8_t)val; + + if (*e > 9) + return 0; + if (*my_str == 'm' || *my_str == 'M') { + my_str++; + } + *endstr = my_str; + return 1; +} + +ldns_status +ldns_str2rdf_loc(ldns_rdf **rd, const char *str) +{ + uint32_t latitude = 0; + uint32_t longitude = 0; + uint32_t altitude = 0; + + uint8_t *data; + uint32_t equator = (uint32_t) ldns_power(2, 31); + + uint32_t h = 0; + uint32_t m = 0; + uint8_t size_b = 1, size_e = 2; + uint8_t horiz_pre_b = 1, horiz_pre_e = 6; + uint8_t vert_pre_b = 1, vert_pre_e = 3; + + double s = 0.0; + bool northerness; + bool easterness; + + char *my_str = (char *) str; + + /* only support version 0 */ + if (isdigit((int) *my_str)) { + h = (uint32_t) strtol(my_str, &my_str, 10); + } else { + return LDNS_STATUS_INVALID_STR; + } + + while (isblank((int) *my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + m = (uint32_t) strtol(my_str, &my_str, 10); + } else if (*my_str == 'N' || *my_str == 'S') { + goto north; + } else { + return LDNS_STATUS_INVALID_STR; + } + + while (isblank((int) *my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + s = strtod(my_str, &my_str); + } +north: + while (isblank((int) *my_str)) { + my_str++; + } + + if (*my_str == 'N') { + northerness = true; + } else if (*my_str == 'S') { + northerness = false; + } else { + return LDNS_STATUS_INVALID_STR; + } + + my_str++; + + /* store number */ + s = 1000.0 * s; + /* add a little to make floor in conversion a round */ + s += 0.0005; + latitude = (uint32_t) s; + latitude += 1000 * 60 * m; + latitude += 1000 * 60 * 60 * h; + if (northerness) { + latitude = equator + latitude; + } else { + latitude = equator - latitude; + } + while (isblank(*my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + h = (uint32_t) strtol(my_str, &my_str, 10); + } else { + return LDNS_STATUS_INVALID_STR; + } + + while (isblank((int) *my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + m = (uint32_t) strtol(my_str, &my_str, 10); + } else if (*my_str == 'E' || *my_str == 'W') { + goto east; + } else { + return LDNS_STATUS_INVALID_STR; + } + + while (isblank(*my_str)) { + my_str++; + } + + if (isdigit((int) *my_str)) { + s = strtod(my_str, &my_str); + } + +east: + while (isblank(*my_str)) { + my_str++; + } + + if (*my_str == 'E') { + easterness = true; + } else if (*my_str == 'W') { + easterness = false; + } else { + return LDNS_STATUS_INVALID_STR; + } + + my_str++; + + /* store number */ + s *= 1000.0; + /* add a little to make floor in conversion a round */ + s += 0.0005; + longitude = (uint32_t) s; + longitude += 1000 * 60 * m; + longitude += 1000 * 60 * 60 * h; + + if (easterness) { + longitude += equator; + } else { + longitude = equator - longitude; + } + + altitude = (uint32_t)(strtod(my_str, &my_str)*100.0 + + 10000000.0 + 0.5); + if (*my_str == 'm' || *my_str == 'M') { + my_str++; + } + + if (strlen(my_str) > 0) { + if(!loc_parse_cm(my_str, &my_str, &size_b, &size_e)) + return LDNS_STATUS_INVALID_STR; + } + + if (strlen(my_str) > 0) { + if(!loc_parse_cm(my_str, &my_str, &horiz_pre_b, &horiz_pre_e)) + return LDNS_STATUS_INVALID_STR; + } + + if (strlen(my_str) > 0) { + if(!loc_parse_cm(my_str, &my_str, &vert_pre_b, &vert_pre_e)) + return LDNS_STATUS_INVALID_STR; + } + + data = LDNS_XMALLOC(uint8_t, 16); + data[0] = 0; + data[1] = 0; + data[1] = ((size_b << 4) & 0xf0) | (size_e & 0x0f); + data[2] = ((horiz_pre_b << 4) & 0xf0) | (horiz_pre_e & 0x0f); + data[3] = ((vert_pre_b << 4) & 0xf0) | (vert_pre_e & 0x0f); + ldns_write_uint32(data + 4, latitude); + ldns_write_uint32(data + 8, longitude); + ldns_write_uint32(data + 12, altitude); + + *rd = ldns_rdf_new_frm_data( + LDNS_RDF_TYPE_LOC, 16, data); + + LDNS_FREE(data); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_wks(ldns_rdf **rd, const char *str) +{ + uint8_t *bitmap = NULL; + uint8_t *data; + int bm_len = 0; + + struct protoent *proto = NULL; + struct servent *serv = NULL; + int serv_port; + + ldns_buffer *str_buf; + + char *proto_str = NULL; + char *token = LDNS_XMALLOC(char, 50); + + str_buf = LDNS_MALLOC(ldns_buffer); + ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); + + while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) { + if (!proto_str) { + proto_str = strdup(token); + if (!proto_str) { + LDNS_FREE(token); + LDNS_FREE(str_buf); + return LDNS_STATUS_INVALID_STR; + } + } else { + serv = getservbyname(token, proto_str); + if (serv) { + serv_port = (int) ntohs((uint16_t) serv->s_port); + } else { + serv_port = atoi(token); + } + if (serv_port / 8 >= bm_len) { + bitmap = LDNS_XREALLOC(bitmap, uint8_t, (serv_port / 8) + 1); + /* set to zero to be sure */ + for (; bm_len <= serv_port / 8; bm_len++) { + bitmap[bm_len] = 0; + } + } + ldns_set_bit(bitmap + (serv_port / 8), 7 - (serv_port % 8), true); + } + } + + if (!proto_str) { + LDNS_FREE(token); + LDNS_FREE(str_buf); + return LDNS_STATUS_INVALID_STR; + } + + data = LDNS_XMALLOC(uint8_t, bm_len + 1); + if (proto_str) + proto = getprotobyname(proto_str); + if (proto) { + data[0] = (uint8_t) proto->p_proto; + } else if (proto_str) { + data[0] = (uint8_t) atoi(proto_str); + } else { + data[0] = 0; + } + memcpy(data + 1, bitmap, (size_t) bm_len); + + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_WKS, (uint16_t) (bm_len + 1), data); + + LDNS_FREE(data); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + LDNS_FREE(bitmap); + free(proto_str); +#ifdef HAVE_ENDSERVENT + endservent(); +#endif +#ifdef HAVE_ENDPROTOENT + endprotoent(); +#endif + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_str2rdf_nsap(ldns_rdf **rd, const char *str) +{ + size_t len, i; + char* nsap_str = (char*) str; + + /* just a hex string with optional dots? */ + if (str[0] != '0' || str[1] != 'x') { + return LDNS_STATUS_INVALID_STR; + } else { + len = strlen(str); + for (i=0; i < len; i++) { + if (nsap_str[i] == '.') + nsap_str[i] = ' '; + } + return ldns_str2rdf_hex(rd, str+2); + } +} + +ldns_status +ldns_str2rdf_atma(ldns_rdf **rd, const char *str) +{ + size_t len, i; + char* atma_str = (char*) str; + ldns_status status; + + /* just a hex string with optional dots? */ + len = strlen(str); + for (i=0; i < len; i++) { + if (atma_str[i] == '.') + atma_str[i] = ' '; + } + status = ldns_str2rdf_hex(rd, str); + if (status != LDNS_STATUS_OK) { + ; /* probably in e.164 format than */ + } + return status; +} + +ldns_status +ldns_str2rdf_ipseckey(ldns_rdf **rd, const char *str) +{ + uint8_t precedence = 0; + uint8_t gateway_type = 0; + uint8_t algorithm = 0; + char* gateway = NULL; + char* publickey = NULL; + uint8_t *data; + ldns_buffer *str_buf; + char *token = LDNS_XMALLOC(char, 256); + int token_count = 0; + int ipseckey_len = 0; + ldns_rdf* gateway_rdf = NULL; + ldns_rdf* publickey_rdf = NULL; + ldns_status status = LDNS_STATUS_OK; + + str_buf = LDNS_MALLOC(ldns_buffer); + ldns_buffer_new_frm_data(str_buf, (char *)str, strlen(str)); + while(ldns_bget_token(str_buf, token, "\t\n ", strlen(str)) > 0) { + switch (token_count) { + case 0: + precedence = atoi(token); + break; + case 1: + gateway_type = atoi(token); + break; + case 2: + algorithm = atoi(token); + break; + case 3: + gateway = strdup(token); + if (!gateway || (gateway_type == 0 && + (token[0] != '.' || token[1] != '\0'))) { + LDNS_FREE(gateway); + LDNS_FREE(token); + LDNS_FREE(str_buf); + return LDNS_STATUS_INVALID_STR; + } + break; + case 4: + publickey = strdup(token); + break; + default: + LDNS_FREE(token); + LDNS_FREE(str_buf); + return LDNS_STATUS_INVALID_STR; + break; + } + token_count++; + } + + if (!gateway || !publickey) { + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + LDNS_FREE(str_buf); + return LDNS_STATUS_INVALID_STR; + } + + if (gateway_type == 1) { + status = ldns_str2rdf_a(&gateway_rdf, gateway); + } else if (gateway_type == 2) { + status = ldns_str2rdf_aaaa(&gateway_rdf, gateway); + } else if (gateway_type == 3) { + status = ldns_str2rdf_dname(&gateway_rdf, gateway); + } + + if (status != LDNS_STATUS_OK) { + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + LDNS_FREE(str_buf); + return LDNS_STATUS_INVALID_STR; + } + + status = ldns_str2rdf_b64(&publickey_rdf, publickey); + + if (status != LDNS_STATUS_OK) { + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + LDNS_FREE(str_buf); + return LDNS_STATUS_INVALID_STR; + } + + /* now copy all into one ipseckey rdf */ + if (gateway_type) + ipseckey_len = 3 + ldns_rdf_size(gateway_rdf) + ldns_rdf_size(publickey_rdf); + else + ipseckey_len = 3 + ldns_rdf_size(publickey_rdf); + + data = LDNS_XMALLOC(uint8_t, ipseckey_len); + + data[0] = precedence; + data[1] = gateway_type; + data[2] = algorithm; + + if (gateway_type) { + memcpy(data + 3, + ldns_rdf_data(gateway_rdf), ldns_rdf_size(gateway_rdf)); + memcpy(data + 3 + ldns_rdf_size(gateway_rdf), + ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf)); + } else { + memcpy(data + 3, + ldns_rdf_data(publickey_rdf), ldns_rdf_size(publickey_rdf)); + } + + *rd = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_IPSECKEY, (uint16_t) ipseckey_len, data); + + if (gateway) + LDNS_FREE(gateway); + if (publickey) + LDNS_FREE(publickey); + LDNS_FREE(token); + ldns_buffer_free(str_buf); + ldns_rdf_free(gateway_rdf); + ldns_rdf_free(publickey_rdf); + LDNS_FREE(data); + return LDNS_STATUS_OK; +} diff --git a/contrib/ldns/tsig.c b/contrib/ldns/tsig.c new file mode 100644 index 0000000000..38a9a0e862 --- /dev/null +++ b/contrib/ldns/tsig.c @@ -0,0 +1,386 @@ +/* + * tsig.c + * + * contains the functions needed for TSIG [RFC2845] + * + * (c) 2005-2006 NLnet Labs + * See the file LICENSE for the license + */ + +#include + +#include + +#include + +#ifdef HAVE_SSL +#include +#include +#endif /* HAVE_SSL */ + +char * +ldns_tsig_algorithm(ldns_tsig_credentials *tc) +{ + return tc->algorithm; +} + +char * +ldns_tsig_keyname(ldns_tsig_credentials *tc) +{ + return tc->keyname; +} + +char * +ldns_tsig_keydata(ldns_tsig_credentials *tc) +{ + return tc->keydata; +} + +char * +ldns_tsig_keyname_clone(ldns_tsig_credentials *tc) +{ + return strdup(tc->keyname); +} + +char * +ldns_tsig_keydata_clone(ldns_tsig_credentials *tc) +{ + return strdup(tc->keydata); +} + +/* + * Makes an exact copy of the wire, but with the tsig rr removed + */ +uint8_t * +ldns_tsig_prepare_pkt_wire(uint8_t *wire, size_t wire_len, size_t *result_len) +{ + uint8_t *wire2 = NULL; + uint16_t qd_count; + uint16_t an_count; + uint16_t ns_count; + uint16_t ar_count; + ldns_rr *rr; + + size_t pos; + uint16_t i; + + ldns_status status; + + /* fake parse the wire */ + qd_count = LDNS_QDCOUNT(wire); + an_count = LDNS_ANCOUNT(wire); + ns_count = LDNS_NSCOUNT(wire); + ar_count = LDNS_ARCOUNT(wire); + + if (ar_count > 0) { + ar_count--; + } else { + return NULL; + } + + pos = LDNS_HEADER_SIZE; + + for (i = 0; i < qd_count; i++) { + status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_QUESTION); + if (status != LDNS_STATUS_OK) { + return NULL; + } + ldns_rr_free(rr); + } + + for (i = 0; i < an_count; i++) { + status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_ANSWER); + if (status != LDNS_STATUS_OK) { + return NULL; + } + ldns_rr_free(rr); + } + + for (i = 0; i < ns_count; i++) { + status = ldns_wire2rr(&rr, wire, wire_len, &pos, LDNS_SECTION_AUTHORITY); + if (status != LDNS_STATUS_OK) { + return NULL; + } + ldns_rr_free(rr); + } + + for (i = 0; i < ar_count; i++) { + status = ldns_wire2rr(&rr, wire, wire_len, &pos, + LDNS_SECTION_ADDITIONAL); + if (status != LDNS_STATUS_OK) { + return NULL; + } + ldns_rr_free(rr); + } + + *result_len = pos; + wire2 = LDNS_XMALLOC(uint8_t, *result_len); + memcpy(wire2, wire, *result_len); + + ldns_write_uint16(wire2 + LDNS_ARCOUNT_OFF, ar_count); + + return wire2; +} + +#ifdef HAVE_SSL +static const EVP_MD * +ldns_digest_function(char *name) +{ + /* these are the mandatory algorithms from RFC4635 */ + /* The optional algorithms are not yet implemented */ + if (strlen(name) == 12 && strncasecmp(name, "hmac-sha256.", 11) == 0) { +#ifdef HAVE_EVP_SHA256 + return EVP_sha256(); +#else + return NULL; +#endif + } else if (strlen(name) == 10 && strncasecmp(name, "hmac-sha1.", 9) == 0) + return EVP_sha1(); + else if (strlen(name) == 25 && strncasecmp(name, + "hmac-md5.sig-alg.reg.int.", 25) == 0) + return EVP_md5(); + else + return NULL; +} +#endif + +#ifdef HAVE_SSL +static ldns_status +ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size, + const char *key_data, ldns_rdf *key_name_rdf, ldns_rdf *fudge_rdf, + ldns_rdf *algorithm_rdf, ldns_rdf *time_signed_rdf, ldns_rdf *error_rdf, + ldns_rdf *other_data_rdf, ldns_rdf *orig_mac_rdf) +{ + char *wireformat; + int wiresize; + unsigned char *mac_bytes; + unsigned char *key_bytes; + int key_size; + const EVP_MD *digester; + char *algorithm_name; + unsigned int md_len = EVP_MAX_MD_SIZE; + ldns_rdf *result = NULL; + ldns_buffer *data_buffer = NULL; + + /* + * prepare the digestable information + */ + data_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN); + /* if orig_mac is not NULL, add it too */ + if (orig_mac_rdf) { + (void) ldns_rdf2buffer_wire(data_buffer, orig_mac_rdf); + } + ldns_buffer_write(data_buffer, pkt_wire, pkt_wire_size); + (void)ldns_rdf2buffer_wire(data_buffer, key_name_rdf); + ldns_buffer_write_u16(data_buffer, LDNS_RR_CLASS_ANY); + ldns_buffer_write_u32(data_buffer, 0); + (void)ldns_rdf2buffer_wire(data_buffer, algorithm_rdf); + (void)ldns_rdf2buffer_wire(data_buffer, time_signed_rdf); + (void)ldns_rdf2buffer_wire(data_buffer, fudge_rdf); + (void)ldns_rdf2buffer_wire(data_buffer, error_rdf); + (void)ldns_rdf2buffer_wire(data_buffer, other_data_rdf); + + wireformat = (char *) data_buffer->_data; + wiresize = (int) ldns_buffer_position(data_buffer); + + algorithm_name = ldns_rdf2str(algorithm_rdf); + + /* prepare the key */ + key_bytes = LDNS_XMALLOC(unsigned char, + ldns_b64_pton_calculate_size(strlen(key_data))); + key_size = ldns_b64_pton(key_data, key_bytes, strlen(key_data) * 2); + if (key_size < 0) { + /* LDNS_STATUS_INVALID_B64 */ + return LDNS_STATUS_INVALID_B64; + } + /* hmac it */ + /* 2 spare bytes for the length */ + mac_bytes = LDNS_XMALLOC(unsigned char, md_len); + memset(mac_bytes, 0, md_len); + + digester = ldns_digest_function(algorithm_name); + + if (digester) { + (void) HMAC(digester, key_bytes, key_size, (void *)wireformat, + (size_t) wiresize, mac_bytes + 2, &md_len); + + ldns_write_uint16(mac_bytes, md_len); + result = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16_DATA, md_len + 2, + mac_bytes); + } else { + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; + } + + LDNS_FREE(algorithm_name); + LDNS_FREE(mac_bytes); + LDNS_FREE(key_bytes); + ldns_buffer_free(data_buffer); + + *tsig_mac = result; + + return LDNS_STATUS_OK; +} +#endif /* HAVE_SSL */ + + +#ifdef HAVE_SSL +bool +ldns_pkt_tsig_verify(ldns_pkt *pkt, uint8_t *wire, size_t wirelen, + const char *key_name, const char *key_data, ldns_rdf *orig_mac_rdf) +{ + ldns_rdf *fudge_rdf; + ldns_rdf *algorithm_rdf; + ldns_rdf *time_signed_rdf; + ldns_rdf *orig_id_rdf; + ldns_rdf *error_rdf; + ldns_rdf *other_data_rdf; + ldns_rdf *pkt_mac_rdf; + ldns_rdf *my_mac_rdf; + ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); + uint16_t pkt_id, orig_pkt_id; + ldns_status status; + + uint8_t *prepared_wire = NULL; + size_t prepared_wire_size = 0; + + ldns_rr *orig_tsig = ldns_pkt_tsig(pkt); + + if (!orig_tsig) { + ldns_rdf_deep_free(key_name_rdf); + return false; + } + algorithm_rdf = ldns_rr_rdf(orig_tsig, 0); + time_signed_rdf = ldns_rr_rdf(orig_tsig, 1); + fudge_rdf = ldns_rr_rdf(orig_tsig, 2); + pkt_mac_rdf = ldns_rr_rdf(orig_tsig, 3); + orig_id_rdf = ldns_rr_rdf(orig_tsig, 4); + error_rdf = ldns_rr_rdf(orig_tsig, 5); + other_data_rdf = ldns_rr_rdf(orig_tsig, 6); + + /* remove temporarily */ + ldns_pkt_set_tsig(pkt, NULL); + /* temporarily change the id to the original id */ + pkt_id = ldns_pkt_id(pkt); + orig_pkt_id = ldns_rdf2native_int16(orig_id_rdf); + ldns_pkt_set_id(pkt, orig_pkt_id); + + prepared_wire = ldns_tsig_prepare_pkt_wire(wire, wirelen, &prepared_wire_size); + + status = ldns_tsig_mac_new(&my_mac_rdf, prepared_wire, prepared_wire_size, + key_data, key_name_rdf, fudge_rdf, algorithm_rdf, + time_signed_rdf, error_rdf, other_data_rdf, orig_mac_rdf); + + LDNS_FREE(prepared_wire); + + if (status != LDNS_STATUS_OK) { + ldns_rdf_deep_free(key_name_rdf); + return false; + } + /* Put back the values */ + ldns_pkt_set_tsig(pkt, orig_tsig); + ldns_pkt_set_id(pkt, pkt_id); + + ldns_rdf_deep_free(key_name_rdf); + + if (ldns_rdf_compare(pkt_mac_rdf, my_mac_rdf) == 0) { + ldns_rdf_deep_free(my_mac_rdf); + return true; + } else { + ldns_rdf_deep_free(my_mac_rdf); + return false; + } +} +#endif /* HAVE_SSL */ + +#ifdef HAVE_SSL +/* TODO: memory :p */ +ldns_status +ldns_pkt_tsig_sign(ldns_pkt *pkt, const char *key_name, const char *key_data, + uint16_t fudge, const char *algorithm_name, ldns_rdf *query_mac) +{ + ldns_rr *tsig_rr; + ldns_rdf *key_name_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, key_name); + ldns_rdf *fudge_rdf = NULL; + ldns_rdf *orig_id_rdf = NULL; + ldns_rdf *algorithm_rdf; + ldns_rdf *error_rdf = NULL; + ldns_rdf *mac_rdf = NULL; + ldns_rdf *other_data_rdf = NULL; + + ldns_status status = LDNS_STATUS_OK; + + uint8_t *pkt_wire = NULL; + size_t pkt_wire_len; + + struct timeval tv_time_signed; + uint8_t *time_signed = NULL; + ldns_rdf *time_signed_rdf = NULL; + + algorithm_rdf = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, algorithm_name); + + /* eww don't have create tsigtime rdf yet :( */ + /* bleh :p */ + if (gettimeofday(&tv_time_signed, NULL) == 0) { + time_signed = LDNS_XMALLOC(uint8_t, 6); + ldns_write_uint64_as_uint48(time_signed, + (uint64_t)tv_time_signed.tv_sec); + } else { + status = LDNS_STATUS_INTERNAL_ERR; + goto clean; + } + + time_signed_rdf = ldns_rdf_new(LDNS_RDF_TYPE_TSIGTIME, 6, time_signed); + + fudge_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, fudge); + + orig_id_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, ldns_pkt_id(pkt)); + + error_rdf = ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, 0); + + other_data_rdf = ldns_native2rdf_int16_data(0, NULL); + + if (ldns_pkt2wire(&pkt_wire, pkt, &pkt_wire_len) != LDNS_STATUS_OK) { + status = LDNS_STATUS_ERR; + goto clean; + } + + status = ldns_tsig_mac_new(&mac_rdf, pkt_wire, pkt_wire_len, + key_data, key_name_rdf, fudge_rdf, algorithm_rdf, + time_signed_rdf, error_rdf, other_data_rdf, query_mac); + + if (!mac_rdf) { + goto clean; + } + + LDNS_FREE(pkt_wire); + + /* Create the TSIG RR */ + tsig_rr = ldns_rr_new(); + ldns_rr_set_owner(tsig_rr, key_name_rdf); + ldns_rr_set_class(tsig_rr, LDNS_RR_CLASS_ANY); + ldns_rr_set_type(tsig_rr, LDNS_RR_TYPE_TSIG); + ldns_rr_set_ttl(tsig_rr, 0); + + ldns_rr_push_rdf(tsig_rr, algorithm_rdf); + ldns_rr_push_rdf(tsig_rr, time_signed_rdf); + ldns_rr_push_rdf(tsig_rr, fudge_rdf); + ldns_rr_push_rdf(tsig_rr, mac_rdf); + ldns_rr_push_rdf(tsig_rr, orig_id_rdf); + ldns_rr_push_rdf(tsig_rr, error_rdf); + ldns_rr_push_rdf(tsig_rr, other_data_rdf); + + ldns_pkt_set_tsig(pkt, tsig_rr); + + return status; + + clean: + ldns_rdf_free(key_name_rdf); + ldns_rdf_free(algorithm_rdf); + ldns_rdf_free(time_signed_rdf); + ldns_rdf_free(fudge_rdf); + ldns_rdf_free(orig_id_rdf); + ldns_rdf_free(error_rdf); + ldns_rdf_free(other_data_rdf); + return status; +} +#endif /* HAVE_SSL */ diff --git a/contrib/ldns/update.c b/contrib/ldns/update.c new file mode 100644 index 0000000000..01e67aa069 --- /dev/null +++ b/contrib/ldns/update.c @@ -0,0 +1,315 @@ +/* update.c + * + * Functions for RFC 2136 Dynamic Update + * + * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + */ + +#include + +#include + +#include +#include +#include + +/* + * RFC 2136 sections mapped to RFC 1035: + * zone/ZO -- QD/question + * prerequisites/PR -- AN/answers + * updates/UP -- NS/authority records + * additional data/AD -- AR/additional records + */ + +ldns_pkt * +ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c, + ldns_rr_list *pr_rrlist, ldns_rr_list *up_rrlist, ldns_rr_list *ad_rrlist) +{ + ldns_pkt *p; + + if (!zone_rdf || !up_rrlist) { + return NULL; + } + + if (c == 0) { + c = LDNS_RR_CLASS_IN; + } + + /* Create packet, fill in Zone Section. */ + p = ldns_pkt_query_new(zone_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); + if (!p) { + return NULL; + } + zone_rdf = NULL; /* No longer safe to use. */ + + ldns_pkt_set_opcode(p, LDNS_PACKET_UPDATE); + + ldns_rr_list_deep_free(p->_authority); + + ldns_pkt_set_authority(p, ldns_rr_list_clone(up_rrlist)); + + ldns_update_set_upcount(p, ldns_rr_list_rr_count(up_rrlist)); + + if (pr_rrlist) { + ldns_rr_list_deep_free(p->_answer); /*XXX access function */ + ldns_pkt_set_answer(p, ldns_rr_list_clone(pr_rrlist)); + ldns_update_set_prcount(p, ldns_rr_list_rr_count(pr_rrlist)); + } + + if (ad_rrlist) { + ldns_rr_list_deep_free(p->_additional); + ldns_pkt_set_additional(p, ldns_rr_list_clone(ad_rrlist)); + ldns_update_set_adcount(p, ldns_rr_list_rr_count(ad_rrlist)); + } + return p; +} + +ldns_status +ldns_update_pkt_tsig_add(ldns_pkt *p, ldns_resolver *r) +{ +#ifdef HAVE_SSL + uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */ + if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) + return ldns_pkt_tsig_sign(p, ldns_resolver_tsig_keyname(r), + ldns_resolver_tsig_keydata(r), fudge, + ldns_resolver_tsig_algorithm(r), NULL); +#else + /* do nothing */ + (void)p; + (void)r; +#endif /* HAVE_SSL */ + /* No TSIG to do. */ + return LDNS_STATUS_OK; +} + +/* Move to higher.c or similar? */ +/* XXX doc */ +ldns_status +ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, + ldns_rr_class c, ldns_rdf **mname) +{ + ldns_rr *soa_rr; + ldns_pkt *query, *resp; + + /* Nondestructive, so clone 'zone' here */ + query = ldns_pkt_query_new(ldns_rdf_clone(zone), LDNS_RR_TYPE_SOA, + c, LDNS_RD); + if (!query) { + return LDNS_STATUS_ERR; + } + + ldns_pkt_set_random_id(query); + if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { + ldns_pkt_free(query); + return LDNS_STATUS_ERR; + } + ldns_pkt_free(query); + if (!resp) { + return LDNS_STATUS_ERR; + } + + /* Expect a SOA answer. */ + *mname = NULL; + while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)))) { + if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA) + continue; + /* [RFC1035 3.3.13] */ + *mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); + break; + } + ldns_pkt_free(resp); + + return *mname ? LDNS_STATUS_OK : LDNS_STATUS_ERR; +} + +/* Try to get zone and MNAME from SOA queries. */ +ldns_status +ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, + ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf) +{ + ldns_rr *soa_rr, *rr; + ldns_rdf *soa_zone = NULL, *soa_mname = NULL; + ldns_rdf *ipaddr, *fqdn_rdf, *tmp; + ldns_rdf **nslist; + ldns_pkt *query, *resp; + size_t i; + + /* + * XXX Ok, this cannot be the best way to find this...? + * XXX (I run into weird cache-related stuff here) + */ + + /* Step 1 - first find a nameserver that should know *something* */ + fqdn_rdf = ldns_dname_new_frm_str(fqdn); + query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); + if (!query) { + return LDNS_STATUS_ERR; + } + fqdn_rdf = NULL; + + ldns_pkt_set_random_id(query); + if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { + ldns_pkt_free(query); + return LDNS_STATUS_ERR; + } + ldns_pkt_free(query); + if (!resp) { + return LDNS_STATUS_ERR; + } + + /* XXX Is it safe to only look in authority section here? */ + while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { + if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA) + continue; + /* [RFC1035 3.3.13] */ + soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); + break; + } + ldns_pkt_free(resp); + if (!soa_rr) { + return LDNS_STATUS_ERR; + } + + /* Step 2 - find SOA MNAME IP address, add to resolver */ + query = ldns_pkt_query_new(soa_mname, LDNS_RR_TYPE_A, c, LDNS_RD); + if (!query) { + return LDNS_STATUS_ERR; + } + soa_mname = NULL; + + ldns_pkt_set_random_id(query); + if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { + ldns_pkt_free(query); + return LDNS_STATUS_ERR; + } + ldns_pkt_free(query); + if (!resp) { + return LDNS_STATUS_ERR; + } + + if (ldns_pkt_ancount(resp) == 0) { + ldns_pkt_free(resp); + return LDNS_STATUS_ERR; + } + + /* XXX There may be more than one answer RR here. */ + rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)); + ipaddr = ldns_rr_rdf(rr, 0); + + /* Put the SOA mname IP first in the nameserver list. */ + nslist = ldns_resolver_nameservers(r); + for (i = 0; i < ldns_resolver_nameserver_count(r); i++) { + if (ldns_rdf_compare(ipaddr, nslist[i]) == 0) { + if (i) { + tmp = nslist[0]; + nslist[0] = nslist[i]; + nslist[i] = tmp; + } + break; + } + } + if (i >= ldns_resolver_nameserver_count(r)) { + /* SOA mname was not part of the resolver so add it first. */ + (void) ldns_resolver_push_nameserver(r, ipaddr); + nslist = ldns_resolver_nameservers(r); + i = ldns_resolver_nameserver_count(r) - 1; + tmp = nslist[0]; + nslist[0] = nslist[i]; + nslist[i] = tmp; + } + ldns_pkt_free(resp); + + /* Make sure to ask the first in the list, i.e SOA mname */ + ldns_resolver_set_random(r, false); + + /* Step 3 - Redo SOA query, sending to SOA MNAME directly. */ + fqdn_rdf = ldns_dname_new_frm_str(fqdn); + query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); + if (!query) { + return LDNS_STATUS_ERR; + } + fqdn_rdf = NULL; + + ldns_pkt_set_random_id(query); + if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { + ldns_pkt_free(query); + return LDNS_STATUS_ERR; + } + ldns_pkt_free(query); + if (!resp) { + return LDNS_STATUS_ERR; + } + + /* XXX Is it safe to only look in authority section here, too? */ + while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { + if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA) + continue; + /* [RFC1035 3.3.13] */ + soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); + soa_zone = ldns_rdf_clone(ldns_rr_owner(soa_rr)); + break; + } + ldns_pkt_free(resp); + if (!soa_rr) { + return LDNS_STATUS_ERR; + } + + /* That seems to have worked, pass results to caller. */ + *zone_rdf = soa_zone; + *mname_rdf = soa_mname; + return LDNS_STATUS_OK; +} + +/* + * ldns_update_{get,set}_{zo,pr,up,ad}count + */ + +uint16_t +ldns_update_zocount(const ldns_pkt *p) +{ + return ldns_pkt_qdcount(p); +} + +uint16_t +ldns_update_prcount(const ldns_pkt *p) +{ + return ldns_pkt_ancount(p); +} + +uint16_t +ldns_update_upcount(const ldns_pkt *p) +{ + return ldns_pkt_nscount(p); +} + +uint16_t +ldns_update_ad(const ldns_pkt *p) +{ + return ldns_pkt_arcount(p); +} + +void +ldns_update_set_zo(ldns_pkt *p, uint16_t v) +{ + ldns_pkt_set_qdcount(p, v); +} + +void +ldns_update_set_prcount(ldns_pkt *p, uint16_t v) +{ + ldns_pkt_set_ancount(p, v); +} + +void +ldns_update_set_upcount(ldns_pkt *p, uint16_t v) +{ + ldns_pkt_set_nscount(p, v); +} + +void +ldns_update_set_adcount(ldns_pkt *p, uint16_t v) +{ + ldns_pkt_set_arcount(p, v); +} diff --git a/contrib/ldns/util.c b/contrib/ldns/util.c new file mode 100644 index 0000000000..82fa264189 --- /dev/null +++ b/contrib/ldns/util.c @@ -0,0 +1,370 @@ +/* + * util.c + * + * some general memory functions + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include +#include +#include +#include +#include +#include +#include +#include + +#ifdef HAVE_SSL +#include +#endif + +/* put this here tmp. for debugging */ +void +xprintf_rdf(ldns_rdf *rd) +{ + /* assume printable string */ + fprintf(stderr, "size\t:%u\n", (unsigned int)ldns_rdf_size(rd)); + fprintf(stderr, "type\t:%u\n", (unsigned int)ldns_rdf_get_type(rd)); + fprintf(stderr, "data\t:[%.*s]\n", (int)ldns_rdf_size(rd), + (char*)ldns_rdf_data(rd)); +} + +void +xprintf_rr(ldns_rr *rr) +{ + /* assume printable string */ + uint16_t count, i; + + count = ldns_rr_rd_count(rr); + + for(i = 0; i < count; i++) { + fprintf(stderr, "print rd %u\n", (unsigned int) i); + xprintf_rdf(rr->_rdata_fields[i]); + } +} + +void xprintf_hex(uint8_t *data, size_t len) +{ + size_t i; + for (i = 0; i < len; i++) { + if (i > 0 && i % 20 == 0) { + printf("\t; %u - %u\n", (unsigned int) i - 19, (unsigned int) i); + } + printf("%02x ", (unsigned int) data[i]); + } + printf("\n"); +} + +ldns_lookup_table * +ldns_lookup_by_name(ldns_lookup_table *table, const char *name) +{ + while (table->name != NULL) { + if (strcasecmp(name, table->name) == 0) + return table; + table++; + } + return NULL; +} + +ldns_lookup_table * +ldns_lookup_by_id(ldns_lookup_table *table, int id) +{ + while (table->name != NULL) { + if (table->id == id) + return table; + table++; + } + return NULL; +} + +int +ldns_get_bit(uint8_t bits[], size_t index) +{ + /* + * The bits are counted from left to right, so bit #0 is the + * left most bit. + */ + return (int) (bits[index / 8] & (1 << (7 - index % 8))); +} + +int +ldns_get_bit_r(uint8_t bits[], size_t index) +{ + /* + * The bits are counted from right to left, so bit #0 is the + * right most bit. + */ + return (int) bits[index / 8] & (1 << (index % 8)); +} + +void +ldns_set_bit(uint8_t *byte, int bit_nr, bool value) +{ + if (bit_nr >= 0 && bit_nr < 8) { + if (value) { + *byte = *byte | (0x01 << bit_nr); + } else { + *byte = *byte & !(0x01 << bit_nr); + } + } +} + +int +ldns_hexdigit_to_int(char ch) +{ + switch (ch) { + case '0': return 0; + case '1': return 1; + case '2': return 2; + case '3': return 3; + case '4': return 4; + case '5': return 5; + case '6': return 6; + case '7': return 7; + case '8': return 8; + case '9': return 9; + case 'a': case 'A': return 10; + case 'b': case 'B': return 11; + case 'c': case 'C': return 12; + case 'd': case 'D': return 13; + case 'e': case 'E': return 14; + case 'f': case 'F': return 15; + default: + return -1; + } +} + +char +ldns_int_to_hexdigit(int i) +{ + switch (i) { + case 0: return '0'; + case 1: return '1'; + case 2: return '2'; + case 3: return '3'; + case 4: return '4'; + case 5: return '5'; + case 6: return '6'; + case 7: return '7'; + case 8: return '8'; + case 9: return '9'; + case 10: return 'a'; + case 11: return 'b'; + case 12: return 'c'; + case 13: return 'd'; + case 14: return 'e'; + case 15: return 'f'; + default: + abort(); + } +} + +int +ldns_hexstring_to_data(uint8_t *data, const char *str) +{ + size_t i; + + if (!str || !data) { + return -1; + } + + if (strlen(str) % 2 != 0) { + return -2; + } + + for (i = 0; i < strlen(str) / 2; i++) { + data[i] = + 16 * (uint8_t) ldns_hexdigit_to_int(str[i*2]) + + (uint8_t) ldns_hexdigit_to_int(str[i*2 + 1]); + } + + return (int) i; +} + +const char * +ldns_version(void) +{ + return (char*)LDNS_VERSION; +} + +/* Number of days per month (except for February in leap years). */ +static const int mdays[] = { + 31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 +}; + +static int +is_leap_year(int year) +{ + return year % 4 == 0 && (year % 100 != 0 || year % 400 == 0); +} + +static int +leap_days(int y1, int y2) +{ + --y1; + --y2; + return (y2/4 - y1/4) - (y2/100 - y1/100) + (y2/400 - y1/400); +} + +/* + * Code adapted from Python 2.4.1 sources (Lib/calendar.py). + */ +time_t +mktime_from_utc(const struct tm *tm) +{ + int year = 1900 + tm->tm_year; + time_t days = 365 * ((time_t) year - 1970) + leap_days(1970, year); + time_t hours; + time_t minutes; + time_t seconds; + int i; + + for (i = 0; i < tm->tm_mon; ++i) { + days += mdays[i]; + } + if (tm->tm_mon > 1 && is_leap_year(year)) { + ++days; + } + days += tm->tm_mday - 1; + + hours = days * 24 + tm->tm_hour; + minutes = hours * 60 + tm->tm_min; + seconds = minutes * 60 + tm->tm_sec; + + return seconds; +} + +/** + * Init the random source + * applications should call this if they need entropy data within ldns + * If openSSL is available, it is automatically seeded from /dev/urandom + * or /dev/random + * + * If you need more entropy, or have no openssl available, this function + * MUST be called at the start of the program + * + * If openssl *is* available, this function just adds more entropy + **/ +int +ldns_init_random(FILE *fd, unsigned int size) +{ + /* if fp is given, seed srandom with data from file + otherwise use /dev/urandom */ + FILE *rand_f; + uint8_t *seed; + size_t read = 0; + unsigned int seed_i; + struct timeval tv; + struct timezone tz; + + /* we'll need at least sizeof(unsigned int) bytes for the + standard prng seed */ + if (size < (unsigned int) sizeof(seed_i)){ + size = (unsigned int) sizeof(seed_i); + } + + seed = LDNS_XMALLOC(uint8_t, size); + + if (!fd) { + if ((rand_f = fopen("/dev/urandom", "r")) == NULL) { + /* no readable /dev/urandom, try /dev/random */ + if ((rand_f = fopen("/dev/random", "r")) == NULL) { + /* no readable /dev/random either, and no entropy + source given. we'll have to improvise */ + for (read = 0; read < size; read++) { + gettimeofday(&tv, &tz); + seed[read] = (uint8_t) (tv.tv_usec % 256); + } + } else { + read = fread(seed, 1, size, rand_f); + } + } else { + read = fread(seed, 1, size, rand_f); + } + } else { + rand_f = fd; + read = fread(seed, 1, size, rand_f); + } + + if (read < size) { + LDNS_FREE(seed); + return 1; + } else { +#ifdef HAVE_SSL + /* Seed the OpenSSL prng (most systems have it seeded + automatically, in that case this call just adds entropy */ + RAND_seed(seed, (int) size); +#else + /* Seed the standard prng, only uses the first + * unsigned sizeof(unsiged int) bytes found in the entropy pool + */ + memcpy(&seed_i, seed, sizeof(seed_i)); + srandom(seed_i); +#endif + LDNS_FREE(seed); + } + + if (!fd) { + fclose(rand_f); + } + + return 0; +} + +/* + * BubbleBabble code taken from OpenSSH + * Copyright (c) 2001 Carsten Raskgaard. All rights reserved. + */ +char * +ldns_bubblebabble(uint8_t *data, size_t len) +{ + char vowels[] = { 'a', 'e', 'i', 'o', 'u', 'y' }; + char consonants[] = { 'b', 'c', 'd', 'f', 'g', 'h', 'k', 'l', 'm', + 'n', 'p', 'r', 's', 't', 'v', 'z', 'x' }; + size_t i, j = 0, rounds, seed = 1; + char *retval; + + rounds = (len / 2) + 1; + retval = LDNS_XMALLOC(char, rounds * 6); + retval[j++] = 'x'; + for (i = 0; i < rounds; i++) { + size_t idx0, idx1, idx2, idx3, idx4; + if ((i + 1 < rounds) || (len % 2 != 0)) { + idx0 = (((((size_t)(data[2 * i])) >> 6) & 3) + + seed) % 6; + idx1 = (((size_t)(data[2 * i])) >> 2) & 15; + idx2 = ((((size_t)(data[2 * i])) & 3) + + (seed / 6)) % 6; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + if ((i + 1) < rounds) { + idx3 = (((size_t)(data[(2 * i) + 1])) >> 4) & 15; + idx4 = (((size_t)(data[(2 * i) + 1]))) & 15; + retval[j++] = consonants[idx3]; + retval[j++] = '-'; + retval[j++] = consonants[idx4]; + seed = ((seed * 5) + + ((((size_t)(data[2 * i])) * 7) + + ((size_t)(data[(2 * i) + 1])))) % 36; + } + } else { + idx0 = seed % 6; + idx1 = 16; + idx2 = seed / 6; + retval[j++] = vowels[idx0]; + retval[j++] = consonants[idx1]; + retval[j++] = vowels[idx2]; + } + } + retval[j++] = 'x'; + retval[j++] = '\0'; + return retval; +} diff --git a/contrib/ldns/wire2host.c b/contrib/ldns/wire2host.c new file mode 100644 index 0000000000..c694aa0b9d --- /dev/null +++ b/contrib/ldns/wire2host.c @@ -0,0 +1,455 @@ +/* + * wire2host.c + * + * conversion routines from the wire to the host + * format. + * This will usually just a re-ordering of the + * data (as we store it in network format) + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + + +#include + +#include +/*#include */ + +#include +#include + + + +/* + * Set of macro's to deal with the dns message header as specified + * in RFC1035 in portable way. + * + */ + +/* + * + * 1 1 1 1 1 1 + * 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | ID | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * |QR| Opcode |AA|TC|RD|RA| Z|AD|CD| RCODE | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | QDCOUNT | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | ANCOUNT | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | NSCOUNT | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * | ARCOUNT | + * +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+ + * + */ + + +/* allocates memory to *dname! */ +ldns_status +ldns_wire2dname(ldns_rdf **dname, const uint8_t *wire, size_t max, size_t *pos) +{ + uint8_t label_size; + uint16_t pointer_target; + uint8_t pointer_target_buf[2]; + size_t dname_pos = 0; + size_t uncompressed_length = 0; + size_t compression_pos = 0; + uint8_t tmp_dname[LDNS_MAX_DOMAINLEN]; + unsigned int pointer_count = 0; + + if (*pos >= max) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + + label_size = wire[*pos]; + while (label_size > 0) { + /* compression */ + while (label_size >= 192) { + if (compression_pos == 0) { + compression_pos = *pos + 2; + } + + pointer_count++; + + /* remove first two bits */ + if (*pos + 2 > max) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + pointer_target_buf[0] = wire[*pos] & 63; + pointer_target_buf[1] = wire[*pos + 1]; + pointer_target = ldns_read_uint16(pointer_target_buf); + + if (pointer_target == 0) { + return LDNS_STATUS_INVALID_POINTER; + } else if (pointer_target > max) { + return LDNS_STATUS_INVALID_POINTER; + } else if (pointer_count > LDNS_MAX_POINTERS) { + return LDNS_STATUS_INVALID_POINTER; + } + *pos = pointer_target; + label_size = wire[*pos]; + } + if(label_size == 0) + break; /* break from pointer to 0 byte */ + if (label_size > LDNS_MAX_LABELLEN) { + return LDNS_STATUS_LABEL_OVERFLOW; + } + if (*pos + label_size > max) { + return LDNS_STATUS_LABEL_OVERFLOW; + } + + /* check space for labelcount itself */ + if (dname_pos + 1 > LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + tmp_dname[dname_pos] = label_size; + if (label_size > 0) { + dname_pos++; + } + *pos = *pos + 1; + if (dname_pos + label_size > LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + memcpy(&tmp_dname[dname_pos], &wire[*pos], label_size); + uncompressed_length += label_size + 1; + dname_pos += label_size; + *pos = *pos + label_size; + + if (*pos < max) { + label_size = wire[*pos]; + } + } + + if (compression_pos > 0) { + *pos = compression_pos; + } else { + *pos = *pos + 1; + } + + if (dname_pos >= LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + + tmp_dname[dname_pos] = 0; + dname_pos++; + + *dname = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, + (uint16_t) dname_pos, tmp_dname); + if (!*dname) { + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + +/* maybe make this a goto error so data can be freed or something/ */ +#define LDNS_STATUS_CHECK_RETURN(st) {if (st != LDNS_STATUS_OK) { return st; }} +#define LDNS_STATUS_CHECK_GOTO(st, label) {if (st != LDNS_STATUS_OK) { /*printf("STG %s:%d: status code %d\n", __FILE__, __LINE__, st);*/ goto label; }} + +ldns_status +ldns_wire2rdf(ldns_rr *rr, const uint8_t *wire, size_t max, size_t *pos) +{ + size_t end; + size_t cur_rdf_length; + uint8_t rdf_index; + uint8_t *data; + uint16_t rd_length; + ldns_rdf *cur_rdf = NULL; + ldns_rdf_type cur_rdf_type; + const ldns_rr_descriptor *descriptor = ldns_rr_descript(ldns_rr_get_type(rr)); + ldns_status status; + + if (*pos + 2 > max) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + + rd_length = ldns_read_uint16(&wire[*pos]); + *pos = *pos + 2; + + if (*pos + rd_length > max) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + + end = *pos + (size_t) rd_length; + + for (rdf_index = 0; + rdf_index < ldns_rr_descriptor_maximum(descriptor); rdf_index++) { + if (*pos >= end) { + break; + } + cur_rdf_length = 0; + + cur_rdf_type = ldns_rr_descriptor_field_type(descriptor, rdf_index); + /* handle special cases immediately, set length + for fixed length rdata and do them below */ + switch (cur_rdf_type) { + case LDNS_RDF_TYPE_DNAME: + status = ldns_wire2dname(&cur_rdf, wire, max, pos); + LDNS_STATUS_CHECK_RETURN(status); + break; + case LDNS_RDF_TYPE_CLASS: + case LDNS_RDF_TYPE_ALG: + case LDNS_RDF_TYPE_INT8: + cur_rdf_length = LDNS_RDF_SIZE_BYTE; + break; + case LDNS_RDF_TYPE_TYPE: + case LDNS_RDF_TYPE_INT16: + case LDNS_RDF_TYPE_CERT_ALG: + cur_rdf_length = LDNS_RDF_SIZE_WORD; + break; + case LDNS_RDF_TYPE_TIME: + case LDNS_RDF_TYPE_INT32: + case LDNS_RDF_TYPE_A: + case LDNS_RDF_TYPE_PERIOD: + cur_rdf_length = LDNS_RDF_SIZE_DOUBLEWORD; + break; + case LDNS_RDF_TYPE_TSIGTIME: + cur_rdf_length = LDNS_RDF_SIZE_6BYTES; + break; + case LDNS_RDF_TYPE_AAAA: + cur_rdf_length = LDNS_RDF_SIZE_16BYTES; + break; + case LDNS_RDF_TYPE_STR: + case LDNS_RDF_TYPE_NSEC3_SALT: + /* len is stored in first byte + * it should be in the rdf too, so just + * copy len+1 from this position + */ + cur_rdf_length = ((size_t) wire[*pos]) + 1; + break; + case LDNS_RDF_TYPE_INT16_DATA: + cur_rdf_length = (size_t) ldns_read_uint16(&wire[*pos]) + 2; + break; + case LDNS_RDF_TYPE_B32_EXT: + case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: + /* length is stored in first byte */ + cur_rdf_length = ((size_t) wire[*pos]) + 1; + break; + case LDNS_RDF_TYPE_APL: + case LDNS_RDF_TYPE_B64: + case LDNS_RDF_TYPE_HEX: + case LDNS_RDF_TYPE_NSEC: + case LDNS_RDF_TYPE_UNKNOWN: + case LDNS_RDF_TYPE_SERVICE: + case LDNS_RDF_TYPE_LOC: + case LDNS_RDF_TYPE_WKS: + case LDNS_RDF_TYPE_NSAP: + case LDNS_RDF_TYPE_ATMA: + case LDNS_RDF_TYPE_IPSECKEY: + case LDNS_RDF_TYPE_TSIG: + case LDNS_RDF_TYPE_NONE: + /* + * Read to end of rr rdata + */ + cur_rdf_length = end - *pos; + break; + } + + /* fixed length rdata */ + if (cur_rdf_length > 0) { + if (cur_rdf_length + *pos > end) { + return LDNS_STATUS_PACKET_OVERFLOW; + } + data = LDNS_XMALLOC(uint8_t, rd_length); + if (!data) { + return LDNS_STATUS_MEM_ERR; + } + memcpy(data, &wire[*pos], cur_rdf_length); + + cur_rdf = ldns_rdf_new(cur_rdf_type, cur_rdf_length, data); + *pos = *pos + cur_rdf_length; + } + + if (cur_rdf) { + ldns_rr_push_rdf(rr, cur_rdf); + cur_rdf = NULL; + } + } + + return LDNS_STATUS_OK; +} + + +/* TODO: + can *pos be incremented at READ_INT? or maybe use something like + RR_CLASS(wire)? + uhhm Jelte?? +*/ +ldns_status +ldns_wire2rr(ldns_rr **rr_p, const uint8_t *wire, size_t max, + size_t *pos, ldns_pkt_section section) +{ + ldns_rdf *owner = NULL; + ldns_rr *rr = ldns_rr_new(); + ldns_status status; + + status = ldns_wire2dname(&owner, wire, max, pos); + LDNS_STATUS_CHECK_GOTO(status, status_error); + + ldns_rr_set_owner(rr, owner); + + if (*pos + 4 > max) { + status = LDNS_STATUS_PACKET_OVERFLOW; + goto status_error; + } + + ldns_rr_set_type(rr, ldns_read_uint16(&wire[*pos])); + *pos = *pos + 2; + + ldns_rr_set_class(rr, ldns_read_uint16(&wire[*pos])); + *pos = *pos + 2; + + if (section != LDNS_SECTION_QUESTION) { + if (*pos + 4 > max) { + status = LDNS_STATUS_PACKET_OVERFLOW; + goto status_error; + } + ldns_rr_set_ttl(rr, ldns_read_uint32(&wire[*pos])); + + *pos = *pos + 4; + status = ldns_wire2rdf(rr, wire, max, pos); + + LDNS_STATUS_CHECK_GOTO(status, status_error); + ldns_rr_set_question(rr, false); + } else { + ldns_rr_set_question(rr, true); + } + + *rr_p = rr; + return LDNS_STATUS_OK; + +status_error: + ldns_rr_free(rr); + return status; +} + +static ldns_status +ldns_wire2pkt_hdr(ldns_pkt *packet, const uint8_t *wire, size_t max, size_t *pos) +{ + if (*pos + LDNS_HEADER_SIZE > max) { + return LDNS_STATUS_WIRE_INCOMPLETE_HEADER; + } else { + ldns_pkt_set_id(packet, LDNS_ID_WIRE(wire)); + ldns_pkt_set_qr(packet, LDNS_QR_WIRE(wire)); + ldns_pkt_set_opcode(packet, LDNS_OPCODE_WIRE(wire)); + ldns_pkt_set_aa(packet, LDNS_AA_WIRE(wire)); + ldns_pkt_set_tc(packet, LDNS_TC_WIRE(wire)); + ldns_pkt_set_rd(packet, LDNS_RD_WIRE(wire)); + ldns_pkt_set_ra(packet, LDNS_RA_WIRE(wire)); + ldns_pkt_set_ad(packet, LDNS_AD_WIRE(wire)); + ldns_pkt_set_cd(packet, LDNS_CD_WIRE(wire)); + ldns_pkt_set_rcode(packet, LDNS_RCODE_WIRE(wire)); + + ldns_pkt_set_qdcount(packet, LDNS_QDCOUNT(wire)); + ldns_pkt_set_ancount(packet, LDNS_ANCOUNT(wire)); + ldns_pkt_set_nscount(packet, LDNS_NSCOUNT(wire)); + ldns_pkt_set_arcount(packet, LDNS_ARCOUNT(wire)); + + *pos += LDNS_HEADER_SIZE; + + return LDNS_STATUS_OK; + } +} + +ldns_status +ldns_buffer2pkt_wire(ldns_pkt **packet, ldns_buffer *buffer) +{ + /* lazy */ + return ldns_wire2pkt(packet, ldns_buffer_begin(buffer), + ldns_buffer_limit(buffer)); + +} + +ldns_status +ldns_wire2pkt(ldns_pkt **packet_p, const uint8_t *wire, size_t max) +{ + size_t pos = 0; + uint16_t i; + ldns_rr *rr; + ldns_pkt *packet = ldns_pkt_new(); + ldns_status status = LDNS_STATUS_OK; + int have_edns = 0; + + uint8_t data[4]; + + status = ldns_wire2pkt_hdr(packet, wire, max, &pos); + LDNS_STATUS_CHECK_GOTO(status, status_error); + + for (i = 0; i < ldns_pkt_qdcount(packet); i++) { + + status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_QUESTION); + if (status == LDNS_STATUS_PACKET_OVERFLOW) { + status = LDNS_STATUS_WIRE_INCOMPLETE_QUESTION; + } + LDNS_STATUS_CHECK_GOTO(status, status_error); + if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) { + ldns_pkt_free(packet); + return LDNS_STATUS_INTERNAL_ERR; + } + } + for (i = 0; i < ldns_pkt_ancount(packet); i++) { + status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ANSWER); + if (status == LDNS_STATUS_PACKET_OVERFLOW) { + status = LDNS_STATUS_WIRE_INCOMPLETE_ANSWER; + } + LDNS_STATUS_CHECK_GOTO(status, status_error); + if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) { + ldns_pkt_free(packet); + return LDNS_STATUS_INTERNAL_ERR; + } + } + for (i = 0; i < ldns_pkt_nscount(packet); i++) { + status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_AUTHORITY); + if (status == LDNS_STATUS_PACKET_OVERFLOW) { + status = LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY; + } + LDNS_STATUS_CHECK_GOTO(status, status_error); + if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) { + ldns_pkt_free(packet); + return LDNS_STATUS_INTERNAL_ERR; + } + } + for (i = 0; i < ldns_pkt_arcount(packet); i++) { + status = ldns_wire2rr(&rr, wire, max, &pos, LDNS_SECTION_ADDITIONAL); + if (status == LDNS_STATUS_PACKET_OVERFLOW) { + status = LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL; + } + LDNS_STATUS_CHECK_GOTO(status, status_error); + + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_OPT) { + ldns_pkt_set_edns_udp_size(packet, ldns_rr_get_class(rr)); + ldns_write_uint32(data, ldns_rr_ttl(rr)); + ldns_pkt_set_edns_extended_rcode(packet, data[0]); + ldns_pkt_set_edns_version(packet, data[1]); + ldns_pkt_set_edns_z(packet, ldns_read_uint16(&data[2])); + /* edns might not have rdfs */ + if (ldns_rr_rdf(rr, 0)) { + ldns_pkt_set_edns_data(packet, ldns_rdf_clone(ldns_rr_rdf(rr, 0))); + } + ldns_rr_free(rr); + have_edns = 1; + } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_TSIG) { + ldns_pkt_set_tsig(packet, rr); + ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) - 1); + } else if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) { + ldns_pkt_free(packet); + return LDNS_STATUS_INTERNAL_ERR; + } + } + ldns_pkt_set_size(packet, max); + if(have_edns) + ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) - 1); + + *packet_p = packet; + return status; + +status_error: + ldns_pkt_free(packet); + return status; +} diff --git a/contrib/ldns/zone.c b/contrib/ldns/zone.c new file mode 100644 index 0000000000..77c39b4b25 --- /dev/null +++ b/contrib/ldns/zone.c @@ -0,0 +1,434 @@ +/* zone.c + * + * Functions for ldns_zone structure + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ +#include + +#include + +#include +#include + +ldns_rr * +ldns_zone_soa(const ldns_zone *z) +{ + return z->_soa; +} + +size_t +ldns_zone_rr_count(const ldns_zone *z) +{ + return ldns_rr_list_rr_count(z->_rrs); +} + +void +ldns_zone_set_soa(ldns_zone *z, ldns_rr *soa) +{ + z->_soa = soa; +} + +ldns_rr_list * +ldns_zone_rrs(const ldns_zone *z) +{ + return z->_rrs; +} + +void +ldns_zone_set_rrs(ldns_zone *z, ldns_rr_list *rrlist) +{ + z->_rrs = rrlist; +} + +bool +ldns_zone_push_rr_list(ldns_zone *z, ldns_rr_list *list) +{ + return ldns_rr_list_cat(ldns_zone_rrs(z), list); + +} + +bool +ldns_zone_push_rr(ldns_zone *z, ldns_rr *rr) +{ + return ldns_rr_list_push_rr( ldns_zone_rrs(z), rr); +} + +/* return a clone of the given rr list, without the glue records + * rr list should be the complete zone + * if present, stripped records are added to the list *glue_records + */ +ldns_rr_list * +ldns_zone_strip_glue_rrs(const ldns_rdf *zone_name, const ldns_rr_list *rrs, ldns_rr_list *glue_rrs) +{ + ldns_rr_list *new_list; + + /* when do we find glue? It means we find an IP address + * (AAAA/A) for a nameserver listed in the zone + * + * Alg used here: + * first find all the zonecuts (NS records) + * find all the AAAA or A records (can be done it the + * above loop). + * + * Check if the aaaa/a list are subdomains under the + * NS domains. + * If yes -> glue, if no -> not glue + */ + + ldns_rr_list *zone_cuts; + ldns_rr_list *addr; + ldns_rr *r, *ns, *a; + ldns_rdf *dname_a, *dname_ns, *ns_owner; + uint16_t i,j; + + new_list = NULL; + zone_cuts = NULL; + addr = NULL; + + new_list = ldns_rr_list_new(); + if (!new_list) goto memory_error; + zone_cuts = ldns_rr_list_new(); + if (!zone_cuts) goto memory_error; + addr = ldns_rr_list_new(); + if (!addr) goto memory_error; + + for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + r = ldns_rr_list_rr(rrs, i); + if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A || + ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) { + /* possibly glue */ + if (!ldns_rr_list_push_rr(addr, r)) goto memory_error; + continue; + } + if (ldns_rr_get_type(r) == LDNS_RR_TYPE_NS) { + /* multiple zones will end up here - + * for now; not a problem + */ + /* don't add NS records for the current zone itself */ + if (ldns_rdf_compare(ldns_rr_owner(r), + zone_name) != 0) { + if (!ldns_rr_list_push_rr(zone_cuts, r)) goto memory_error; + } + continue; + } + } + + /* will sorting make it quicker ?? */ + for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) { + ns = ldns_rr_list_rr(zone_cuts, i); + ns_owner = ldns_rr_owner(ns); + dname_ns = ldns_rr_ns_nsdname(ns); + for(j = 0; j < ldns_rr_list_rr_count(addr); j++) { + a = ldns_rr_list_rr(addr, j); + dname_a = ldns_rr_owner(a); + + if (ldns_dname_is_subdomain(dname_a, ns_owner)) { + /* GLUE! */ + if (glue_rrs) { + if (!ldns_rr_list_push_rr(glue_rrs, a)) goto memory_error; + } + break; + } else { + if (!ldns_rr_list_push_rr(new_list, a)) goto memory_error; + } + } + } + + ldns_rr_list_free(addr); + ldns_rr_list_free(zone_cuts); + + return new_list; + +memory_error: + if (new_list) { + ldns_rr_list_free(new_list); + } + if (zone_cuts) { + ldns_rr_list_free(zone_cuts); + } + if (addr) { + ldns_rr_list_free(addr); + } + return NULL; +} + +/* + * Get the list of glue records in a zone + * XXX: there should be a way for this to return error, other than NULL, + * since NULL is a valid return + */ +ldns_rr_list * +ldns_zone_glue_rr_list(const ldns_zone *z) +{ + /* when do we find glue? It means we find an IP address + * (AAAA/A) for a nameserver listed in the zone + * + * Alg used here: + * first find all the zonecuts (NS records) + * find all the AAAA or A records (can be done it the + * above loop). + * + * Check if the aaaa/a list are subdomains under the + * NS domains. + * If yes -> glue, if no -> not glue + */ + + ldns_rr_list *zone_cuts; + ldns_rr_list *addr; + ldns_rr_list *glue; + ldns_rr *r, *ns, *a; + ldns_rdf *dname_a, *dname_ns, *ns_owner; + size_t i,j; + + zone_cuts = NULL; + addr = NULL; + glue = NULL; + + /* we cannot determine glue in a 'zone' without a SOA */ + if (!ldns_zone_soa(z)) { + return NULL; + } + + zone_cuts = ldns_rr_list_new(); + if (!zone_cuts) goto memory_error; + addr = ldns_rr_list_new(); + if (!addr) goto memory_error; + glue = ldns_rr_list_new(); + if (!glue) goto memory_error; + + for(i = 0; i < ldns_zone_rr_count(z); i++) { + r = ldns_rr_list_rr(ldns_zone_rrs(z), i); + if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A || + ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) { + /* possibly glue */ + if (!ldns_rr_list_push_rr(addr, r)) goto memory_error; + continue; + } + if (ldns_rr_get_type(r) == LDNS_RR_TYPE_NS) { + /* multiple zones will end up here - + * for now; not a problem + */ + /* don't add NS records for the current zone itself */ + if (ldns_rdf_compare(ldns_rr_owner(r), + ldns_rr_owner(ldns_zone_soa(z))) != 0) { + if (!ldns_rr_list_push_rr(zone_cuts, r)) goto memory_error; + } + continue; + } + } + + /* will sorting make it quicker ?? */ + for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) { + ns = ldns_rr_list_rr(zone_cuts, i); + ns_owner = ldns_rr_owner(ns); + + dname_ns = ldns_rr_ns_nsdname(ns); + for(j = 0; j < ldns_rr_list_rr_count(addr); j++) { + a = ldns_rr_list_rr(addr, j); + dname_a = ldns_rr_owner(a); + + if (ldns_dname_is_subdomain(dname_a, ns_owner)) { + /* GLUE! */ + if (!ldns_rr_list_push_rr(glue, a)) goto memory_error; + } + } + } + + ldns_rr_list_free(addr); + ldns_rr_list_free(zone_cuts); + + if (ldns_rr_list_rr_count(glue) == 0) { + ldns_rr_list_free(glue); + return NULL; + } else { + return glue; + } + +memory_error: + if (zone_cuts) { + LDNS_FREE(zone_cuts); + } + if (addr) { + ldns_rr_list_free(addr); + } + if (glue) { + ldns_rr_list_free(glue); + } + return NULL; +} + +ldns_zone * +ldns_zone_new(void) +{ + ldns_zone *z; + + z = LDNS_MALLOC(ldns_zone); + if (!z) { + return NULL; + } + + z->_rrs = ldns_rr_list_new(); + if (!z->_rrs) { + LDNS_FREE(z); + return NULL; + } + ldns_zone_set_soa(z, NULL); + return z; +} + +/* we regocnize: + * $TTL, $ORIGIN + */ +ldns_status +ldns_zone_new_frm_fp(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c) +{ + return ldns_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); +} + +/* XXX: class is never used */ +ldns_status +ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c, + int *line_nr) +{ + ldns_zone *newzone; + ldns_rr *rr; + uint32_t my_ttl; + ldns_rr_class my_class; + ldns_rdf *my_origin; + ldns_rdf *my_prev; + bool soa_seen = false; /* 2 soa are an error */ + ldns_status s; + ldns_status ret; + + /* most cases of error are memory problems */ + ret = LDNS_STATUS_MEM_ERR; + + newzone = NULL; + my_origin = NULL; + my_prev = NULL; + + my_ttl = ttl; + my_class = c; + + if (origin) { + my_origin = ldns_rdf_clone(origin); + if (!my_origin) goto error; + /* also set the prev */ + my_prev = ldns_rdf_clone(origin); + if (!my_prev) goto error; + } + + newzone = ldns_zone_new(); + if (!newzone) goto error; + + while(!feof(fp)) { + s = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, &my_prev, line_nr); + switch (s) { + case LDNS_STATUS_OK: + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) { + if (soa_seen) { + /* second SOA + * just skip, maybe we want to say + * something??? */ + ldns_rr_free(rr); + continue; + } + soa_seen = true; + ldns_zone_set_soa(newzone, rr); + /* set origin to soa if not specified */ + if (!my_origin) { + my_origin = ldns_rdf_clone(ldns_rr_owner(rr)); + } + continue; + } + + /* a normal RR - as sofar the DNS is normal */ + if (!ldns_zone_push_rr(newzone, rr)) goto error; + + /*my_origin = ldns_rr_owner(rr);*/ + my_ttl = ldns_rr_ttl(rr); /* XXX: this seems like an error */ + my_class = ldns_rr_get_class(rr); + case LDNS_STATUS_SYNTAX_EMPTY: + /* empty line was seen */ + case LDNS_STATUS_SYNTAX_TTL: + /* the function set the ttl */ + break; + case LDNS_STATUS_SYNTAX_ORIGIN: + /* the function set the origin */ + break; + default: + ret = s; + goto error; + } + } + + if (my_origin) { + ldns_rdf_deep_free(my_origin); + } + if (my_prev) { + ldns_rdf_deep_free(my_prev); + } + if (z) { + *z = newzone; + } else { + ldns_zone_free(newzone); + } + + return LDNS_STATUS_OK; + +error: + if (my_origin) { + ldns_rdf_deep_free(my_origin); + } + if (my_prev) { + ldns_rdf_deep_free(my_prev); + } + if (newzone) { + ldns_zone_free(newzone); + } + return ret; +} + +void +ldns_zone_sort(ldns_zone *zone) +{ + ldns_rr_list *zrr; + assert(zone != NULL); + + zrr = ldns_zone_rrs(zone); + ldns_rr_list_sort(zrr); +} + +#if 0 +/** + * ixfr function. Work on a ldns_zone and remove and add + * the rrs from the rrlist + * \param[in] z the zone to work on + * \param[in] del rr_list to remove from the zone + * \param[in] add rr_list to add to the zone + * \return Tja, wat zouden we eens returnen TODO + */ +void +ldns_zone_ixfr_del_add(ldns_zone *z, ldns_rr_list *del, ldns_rr_list *add) +{ + +} +#endif + +void +ldns_zone_free(ldns_zone *zone) +{ + ldns_rr_list_free(zone->_rrs); + LDNS_FREE(zone); +} + +void +ldns_zone_deep_free(ldns_zone *zone) +{ + ldns_rr_free(zone->_soa); + ldns_rr_list_deep_free(zone->_rrs); + LDNS_FREE(zone); +} -- 2.41.0