diff options
Diffstat (limited to 'crypto/heimdal/lib/roken/resolve.c')
-rw-r--r-- | crypto/heimdal/lib/roken/resolve.c | 495 |
1 files changed, 271 insertions, 224 deletions
diff --git a/crypto/heimdal/lib/roken/resolve.c b/crypto/heimdal/lib/roken/resolve.c index cdbc069..8f8fec7 100644 --- a/crypto/heimdal/lib/roken/resolve.c +++ b/crypto/heimdal/lib/roken/resolve.c @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995 - 2003 Kungliga Tekniska Högskolan + * Copyright (c) 1995 - 2006 Kungliga Tekniska Högskolan * (Royal Institute of Technology, Stockholm, Sweden). * All rights reserved. * @@ -45,35 +45,39 @@ #include <assert.h> -RCSID("$Id: resolve.c,v 1.38.2.1 2003/04/22 15:02:47 lha Exp $"); +RCSID("$Id: resolve.c 19869 2007-01-12 16:03:14Z lha $"); +#ifdef _AIX /* AIX have broken res_nsearch() in 5.1 (5.0 also ?) */ #undef HAVE_RES_NSEARCH -#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) +#endif -#define DECL(X) {#X, T_##X} +#define DECL(X) {#X, rk_ns_t_##X} static struct stot{ const char *name; int type; }stot[] = { - DECL(A), - DECL(NS), - DECL(CNAME), - DECL(SOA), - DECL(PTR), - DECL(MX), - DECL(TXT), - DECL(AFSDB), - DECL(SIG), - DECL(KEY), - DECL(SRV), - DECL(NAPTR), + DECL(a), + DECL(aaaa), + DECL(ns), + DECL(cname), + DECL(soa), + DECL(ptr), + DECL(mx), + DECL(txt), + DECL(afsdb), + DECL(sig), + DECL(key), + DECL(srv), + DECL(naptr), + DECL(sshfp), + DECL(ds), {NULL, 0} }; int _resolve_debug = 0; -int +int ROKEN_LIB_FUNCTION dns_string_to_type(const char *name) { struct stot *p = stot; @@ -83,7 +87,7 @@ dns_string_to_type(const char *name) return -1; } -const char * +const char * ROKEN_LIB_FUNCTION dns_type_to_string(int type) { struct stot *p = stot; @@ -93,7 +97,19 @@ dns_type_to_string(int type) return NULL; } -void +#if (defined(HAVE_RES_SEARCH) || defined(HAVE_RES_NSEARCH)) && defined(HAVE_DN_EXPAND) + +static void +dns_free_rr(struct resource_record *rr) +{ + if(rr->domain) + free(rr->domain); + if(rr->u.data) + free(rr->u.data); + free(rr); +} + +void ROKEN_LIB_FUNCTION dns_free_data(struct dns_reply *r) { struct resource_record *rr; @@ -101,29 +117,30 @@ dns_free_data(struct dns_reply *r) free(r->q.domain); for(rr = r->head; rr;){ struct resource_record *tmp = rr; - if(rr->domain) - free(rr->domain); - if(rr->u.data) - free(rr->u.data); rr = rr->next; - free(tmp); + dns_free_rr(tmp); } free (r); } static int parse_record(const unsigned char *data, const unsigned char *end_data, - const unsigned char **pp, struct resource_record **rr) + const unsigned char **pp, struct resource_record **ret_rr) { + struct resource_record *rr; int type, class, ttl, size; int status; char host[MAXDNAME]; const unsigned char *p = *pp; + + *ret_rr = NULL; + status = dn_expand(data, end_data, p, host, sizeof(host)); if(status < 0) return -1; if (p + status + 10 > end_data) return -1; + p += status; type = (p[0] << 8) | p[1]; p += 2; @@ -137,198 +154,246 @@ parse_record(const unsigned char *data, const unsigned char *end_data, if (p + size > end_data) return -1; - *rr = calloc(1, sizeof(**rr)); - if(*rr == NULL) + rr = calloc(1, sizeof(*rr)); + if(rr == NULL) return -1; - (*rr)->domain = strdup(host); - if((*rr)->domain == NULL) { - free(*rr); + rr->domain = strdup(host); + if(rr->domain == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->type = type; - (*rr)->class = class; - (*rr)->ttl = ttl; - (*rr)->size = size; + rr->type = type; + rr->class = class; + rr->ttl = ttl; + rr->size = size; switch(type){ - case T_NS: - case T_CNAME: - case T_PTR: + case rk_ns_t_ns: + case rk_ns_t_cname: + case rk_ns_t_ptr: status = dn_expand(data, end_data, p, host, sizeof(host)); if(status < 0) { - free(*rr); + dns_free_rr(rr); return -1; } - (*rr)->u.txt = strdup(host); - if((*rr)->u.txt == NULL) { - free(*rr); + rr->u.txt = strdup(host); + if(rr->u.txt == NULL) { + dns_free_rr(rr); return -1; } break; - case T_MX: - case T_AFSDB:{ + case rk_ns_t_mx: + case rk_ns_t_afsdb:{ size_t hostlen; status = dn_expand(data, end_data, p + 2, host, sizeof(host)); if(status < 0){ - free(*rr); + dns_free_rr(rr); return -1; } if (status + 2 > size) { - free(*rr); + dns_free_rr(rr); return -1; } hostlen = strlen(host); - (*rr)->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + + rr->u.mx = (struct mx_record*)malloc(sizeof(struct mx_record) + hostlen); - if((*rr)->u.mx == NULL) { - free(*rr); + if(rr->u.mx == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.mx->preference = (p[0] << 8) | p[1]; - strlcpy((*rr)->u.mx->domain, host, hostlen + 1); + rr->u.mx->preference = (p[0] << 8) | p[1]; + strlcpy(rr->u.mx->domain, host, hostlen + 1); break; } - case T_SRV:{ + case rk_ns_t_srv:{ size_t hostlen; status = dn_expand(data, end_data, p + 6, host, sizeof(host)); if(status < 0){ - free(*rr); + dns_free_rr(rr); return -1; } if (status + 6 > size) { - free(*rr); + dns_free_rr(rr); return -1; } hostlen = strlen(host); - (*rr)->u.srv = + rr->u.srv = (struct srv_record*)malloc(sizeof(struct srv_record) + hostlen); - if((*rr)->u.srv == NULL) { - free(*rr); + if(rr->u.srv == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.srv->priority = (p[0] << 8) | p[1]; - (*rr)->u.srv->weight = (p[2] << 8) | p[3]; - (*rr)->u.srv->port = (p[4] << 8) | p[5]; - strlcpy((*rr)->u.srv->target, host, hostlen + 1); + rr->u.srv->priority = (p[0] << 8) | p[1]; + rr->u.srv->weight = (p[2] << 8) | p[3]; + rr->u.srv->port = (p[4] << 8) | p[5]; + strlcpy(rr->u.srv->target, host, hostlen + 1); break; } - case T_TXT:{ + case rk_ns_t_txt:{ if(size == 0 || size < *p + 1) { - free(*rr); + dns_free_rr(rr); return -1; } - (*rr)->u.txt = (char*)malloc(*p + 1); - if((*rr)->u.txt == NULL) { - free(*rr); + rr->u.txt = (char*)malloc(*p + 1); + if(rr->u.txt == NULL) { + dns_free_rr(rr); return -1; } - strncpy((*rr)->u.txt, (char*)p + 1, *p); - (*rr)->u.txt[*p] = '\0'; + strncpy(rr->u.txt, (const char*)(p + 1), *p); + rr->u.txt[*p] = '\0'; break; } - case T_KEY : { + case rk_ns_t_key : { size_t key_len; if (size < 4) { - free(*rr); + dns_free_rr(rr); return -1; } key_len = size - 4; - (*rr)->u.key = malloc (sizeof(*(*rr)->u.key) + key_len - 1); - if ((*rr)->u.key == NULL) { - free(*rr); + rr->u.key = malloc (sizeof(*rr->u.key) + key_len - 1); + if (rr->u.key == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.key->flags = (p[0] << 8) | p[1]; - (*rr)->u.key->protocol = p[2]; - (*rr)->u.key->algorithm = p[3]; - (*rr)->u.key->key_len = key_len; - memcpy ((*rr)->u.key->key_data, p + 4, key_len); + rr->u.key->flags = (p[0] << 8) | p[1]; + rr->u.key->protocol = p[2]; + rr->u.key->algorithm = p[3]; + rr->u.key->key_len = key_len; + memcpy (rr->u.key->key_data, p + 4, key_len); break; } - case T_SIG : { + case rk_ns_t_sig : { size_t sig_len, hostlen; if(size <= 18) { - free(*rr); + dns_free_rr(rr); return -1; } status = dn_expand (data, end_data, p + 18, host, sizeof(host)); if (status < 0) { - free(*rr); + dns_free_rr(rr); return -1; } if (status + 18 > size) { - free(*rr); + dns_free_rr(rr); return -1; } /* the signer name is placed after the sig_data, to make it - easy to free this struture; the size calculation below + easy to free this structure; the size calculation below includes the zero-termination if the structure itself. don't you just love C? */ sig_len = size - 18 - status; hostlen = strlen(host); - (*rr)->u.sig = malloc(sizeof(*(*rr)->u.sig) + rr->u.sig = malloc(sizeof(*rr->u.sig) + hostlen + sig_len); - if ((*rr)->u.sig == NULL) { - free(*rr); + if (rr->u.sig == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.sig->type = (p[0] << 8) | p[1]; - (*rr)->u.sig->algorithm = p[2]; - (*rr)->u.sig->labels = p[3]; - (*rr)->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16) + rr->u.sig->type = (p[0] << 8) | p[1]; + rr->u.sig->algorithm = p[2]; + rr->u.sig->labels = p[3]; + rr->u.sig->orig_ttl = (p[4] << 24) | (p[5] << 16) | (p[6] << 8) | p[7]; - (*rr)->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16) + rr->u.sig->sig_expiration = (p[8] << 24) | (p[9] << 16) | (p[10] << 8) | p[11]; - (*rr)->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16) + rr->u.sig->sig_inception = (p[12] << 24) | (p[13] << 16) | (p[14] << 8) | p[15]; - (*rr)->u.sig->key_tag = (p[16] << 8) | p[17]; - (*rr)->u.sig->sig_len = sig_len; - memcpy ((*rr)->u.sig->sig_data, p + 18 + status, sig_len); - (*rr)->u.sig->signer = &(*rr)->u.sig->sig_data[sig_len]; - strlcpy((*rr)->u.sig->signer, host, hostlen + 1); + rr->u.sig->key_tag = (p[16] << 8) | p[17]; + rr->u.sig->sig_len = sig_len; + memcpy (rr->u.sig->sig_data, p + 18 + status, sig_len); + rr->u.sig->signer = &rr->u.sig->sig_data[sig_len]; + strlcpy(rr->u.sig->signer, host, hostlen + 1); break; } - case T_CERT : { + case rk_ns_t_cert : { size_t cert_len; if (size < 5) { - free(*rr); + dns_free_rr(rr); return -1; } cert_len = size - 5; - (*rr)->u.cert = malloc (sizeof(*(*rr)->u.cert) + cert_len - 1); - if ((*rr)->u.cert == NULL) { - free(*rr); + rr->u.cert = malloc (sizeof(*rr->u.cert) + cert_len - 1); + if (rr->u.cert == NULL) { + dns_free_rr(rr); return -1; } - (*rr)->u.cert->type = (p[0] << 8) | p[1]; - (*rr)->u.cert->tag = (p[2] << 8) | p[3]; - (*rr)->u.cert->algorithm = p[4]; - (*rr)->u.cert->cert_len = cert_len; - memcpy ((*rr)->u.cert->cert_data, p + 5, cert_len); + rr->u.cert->type = (p[0] << 8) | p[1]; + rr->u.cert->tag = (p[2] << 8) | p[3]; + rr->u.cert->algorithm = p[4]; + rr->u.cert->cert_len = cert_len; + memcpy (rr->u.cert->cert_data, p + 5, cert_len); + break; + } + case rk_ns_t_sshfp : { + size_t sshfp_len; + + if (size < 2) { + dns_free_rr(rr); + return -1; + } + + sshfp_len = size - 2; + + rr->u.sshfp = malloc (sizeof(*rr->u.sshfp) + sshfp_len - 1); + if (rr->u.sshfp == NULL) { + dns_free_rr(rr); + return -1; + } + + rr->u.sshfp->algorithm = p[0]; + rr->u.sshfp->type = p[1]; + rr->u.sshfp->sshfp_len = sshfp_len; + memcpy (rr->u.sshfp->sshfp_data, p + 2, sshfp_len); + break; + } + case rk_ns_t_ds: { + size_t digest_len; + + if (size < 4) { + dns_free_rr(rr); + return -1; + } + + digest_len = size - 4; + + rr->u.ds = malloc (sizeof(*rr->u.ds) + digest_len - 1); + if (rr->u.ds == NULL) { + dns_free_rr(rr); + return -1; + } + + rr->u.ds->key_tag = (p[0] << 8) | p[1]; + rr->u.ds->algorithm = p[2]; + rr->u.ds->digest_type = p[3]; + rr->u.ds->digest_len = digest_len; + memcpy (rr->u.ds->digest_data, p + 4, digest_len); break; } default: - (*rr)->u.data = (unsigned char*)malloc(size); - if(size != 0 && (*rr)->u.data == NULL) { - free(*rr); + rr->u.data = (unsigned char*)malloc(size); + if(size != 0 && rr->u.data == NULL) { + dns_free_rr(rr); return -1; } - memcpy((*rr)->u.data, p, size); + if (size) + memcpy(rr->u.data, p, size); } *pp = p + size; + *ret_rr = rr; + return 0; } @@ -351,15 +416,33 @@ parse_reply(const unsigned char *data, size_t len) return NULL; p = data; -#if 0 - /* doesn't work on Crays */ - memcpy(&r->h, p, sizeof(HEADER)); - p += sizeof(HEADER); -#else - memcpy(&r->h, p, 12); /* XXX this will probably be mostly garbage */ + + r->h.id = (p[0] << 8) | p[1]; + r->h.flags = 0; + if (p[2] & 0x01) + r->h.flags |= rk_DNS_HEADER_RESPONSE_FLAG; + r->h.opcode = (p[2] >> 1) & 0xf; + if (p[2] & 0x20) + r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER; + if (p[2] & 0x40) + r->h.flags |= rk_DNS_HEADER_TRUNCATED_MESSAGE; + if (p[2] & 0x80) + r->h.flags |= rk_DNS_HEADER_RECURSION_DESIRED; + if (p[3] & 0x01) + r->h.flags |= rk_DNS_HEADER_RECURSION_AVAILABLE; + if (p[3] & 0x04) + r->h.flags |= rk_DNS_HEADER_AUTHORITIVE_ANSWER; + if (p[3] & 0x08) + r->h.flags |= rk_DNS_HEADER_CHECKING_DISABLED; + r->h.response_code = (p[3] >> 4) & 0xf; + r->h.qdcount = (p[4] << 8) | p[5]; + r->h.ancount = (p[6] << 8) | p[7]; + r->h.nscount = (p[8] << 8) | p[9]; + r->h.arcount = (p[10] << 8) | p[11]; + p += 12; -#endif - if(ntohs(r->h.qdcount) != 1) { + + if(r->h.qdcount != 1) { free(r); return NULL; } @@ -384,21 +467,21 @@ parse_reply(const unsigned char *data, size_t len) p += 2; rr = &r->head; - for(i = 0; i < ntohs(r->h.ancount); i++) { + for(i = 0; i < r->h.ancount; i++) { if(parse_record(data, end_data, &p, rr) != 0) { dns_free_data(r); return NULL; } rr = &(*rr)->next; } - for(i = 0; i < ntohs(r->h.nscount); i++) { + for(i = 0; i < r->h.nscount; i++) { if(parse_record(data, end_data, &p, rr) != 0) { dns_free_data(r); return NULL; } rr = &(*rr)->next; } - for(i = 0; i < ntohs(r->h.arcount); i++) { + for(i = 0; i < r->h.arcount; i++) { if(parse_record(data, end_data, &p, rr) != 0) { dns_free_data(r); return NULL; @@ -409,54 +492,87 @@ parse_reply(const unsigned char *data, size_t len) return r; } +#ifdef HAVE_RES_NSEARCH +#ifdef HAVE_RES_NDESTROY +#define rk_res_free(x) res_ndestroy(x) +#else +#define rk_res_free(x) res_nclose(x) +#endif +#endif + static struct dns_reply * dns_lookup_int(const char *domain, int rr_class, int rr_type) { - unsigned char reply[1024]; + struct dns_reply *r; + unsigned char *reply = NULL; + int size; int len; #ifdef HAVE_RES_NSEARCH - struct __res_state stat; - memset(&stat, 0, sizeof(stat)); - if(res_ninit(&stat)) + struct __res_state state; + memset(&state, 0, sizeof(state)); + if(res_ninit(&state)) return NULL; /* is this the best we can do? */ #elif defined(HAVE__RES) u_long old_options = 0; #endif - if (_resolve_debug) { + size = 0; + len = 1000; + do { + if (reply) { + free(reply); + reply = NULL; + } + if (size <= len) + size = len; + if (_resolve_debug) { #ifdef HAVE_RES_NSEARCH - stat.options |= RES_DEBUG; + state.options |= RES_DEBUG; #elif defined(HAVE__RES) - old_options = _res.options; - _res.options |= RES_DEBUG; + old_options = _res.options; + _res.options |= RES_DEBUG; #endif - fprintf(stderr, "dns_lookup(%s, %d, %s)\n", domain, - rr_class, dns_type_to_string(rr_type)); - } + fprintf(stderr, "dns_lookup(%s, %d, %s), buffer size %d\n", domain, + rr_class, dns_type_to_string(rr_type), size); + } + reply = malloc(size); + if (reply == NULL) { +#ifdef HAVE_RES_NSEARCH + rk_res_free(&state); +#endif + return NULL; + } #ifdef HAVE_RES_NSEARCH - len = res_nsearch(&stat, domain, rr_class, rr_type, reply, sizeof(reply)); + len = res_nsearch(&state, domain, rr_class, rr_type, reply, size); #else - len = res_search(domain, rr_class, rr_type, reply, sizeof(reply)); + len = res_search(domain, rr_class, rr_type, reply, size); #endif - if (_resolve_debug) { + if (_resolve_debug) { #if defined(HAVE__RES) && !defined(HAVE_RES_NSEARCH) - _res.options = old_options; + _res.options = old_options; #endif - fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", - domain, rr_class, dns_type_to_string(rr_type), len); - } + fprintf(stderr, "dns_lookup(%s, %d, %s) --> %d\n", + domain, rr_class, dns_type_to_string(rr_type), len); + } + if (len < 0) { #ifdef HAVE_RES_NSEARCH - res_nclose(&stat); -#endif - if(len < 0) { - return NULL; - } else { - len = min(len, sizeof(reply)); - return parse_reply(reply, len); - } + rk_res_free(&state); +#endif + free(reply); + return NULL; + } + } while (size < len && len < rk_DNS_MAX_PACKET_SIZE); +#ifdef HAVE_RES_NSEARCH + rk_res_free(&state); +#endif + + len = min(len, size); + r = parse_reply(reply, len); + free(reply); + return r; } -struct dns_reply * +struct dns_reply * ROKEN_LIB_FUNCTION dns_lookup(const char *domain, const char *type_name) { int type; @@ -486,7 +602,7 @@ compare_srv(const void *a, const void *b) #endif /* try to rearrange the srv-records by the algorithm in RFC2782 */ -void +void ROKEN_LIB_FUNCTION dns_srv_order(struct dns_reply *r) { struct resource_record **srvs, **ss, **headp; @@ -499,7 +615,7 @@ dns_srv_order(struct dns_reply *r) #endif for(rr = r->head; rr; rr = rr->next) - if(rr->type == T_SRV) + if(rr->type == rk_ns_t_srv) num_srv++; if(num_srv == 0) @@ -512,7 +628,7 @@ dns_srv_order(struct dns_reply *r) /* unlink all srv-records from the linked list and put them in a vector */ for(ss = srvs, headp = &r->head; *headp; ) - if((*headp)->type == T_SRV) { + if((*headp)->type == rk_ns_t_srv) { *ss = *headp; *headp = (*headp)->next; (*ss)->next = NULL; @@ -535,8 +651,7 @@ dns_srv_order(struct dns_reply *r) /* find the last record with the same priority and count the sum of all weights */ for(sum = 0, tt = ss; tt < srvs + num_srv; tt++) { - if(*tt == NULL) - continue; + assert(*tt != NULL); if((*tt)->u.srv->priority != (*ss)->u.srv->priority) break; sum += (*tt)->u.srv->weight; @@ -577,88 +692,20 @@ dns_srv_order(struct dns_reply *r) #else /* NOT defined(HAVE_RES_SEARCH) && defined(HAVE_DN_EXPAND) */ -struct dns_reply * +struct dns_reply * ROKEN_LIB_FUNCTION dns_lookup(const char *domain, const char *type_name) { return NULL; } -void +void ROKEN_LIB_FUNCTION dns_free_data(struct dns_reply *r) { } -void +void ROKEN_LIB_FUNCTION dns_srv_order(struct dns_reply *r) { } #endif - -#ifdef TEST -int -main(int argc, char **argv) -{ - struct dns_reply *r; - struct resource_record *rr; - r = dns_lookup(argv[1], argv[2]); - if(r == NULL){ - printf("No reply.\n"); - return 1; - } - if(r->q.type == T_SRV) - dns_srv_order(r); - - for(rr = r->head; rr;rr=rr->next){ - printf("%-30s %-5s %-6d ", rr->domain, dns_type_to_string(rr->type), rr->ttl); - switch(rr->type){ - case T_NS: - case T_CNAME: - case T_PTR: - printf("%s\n", (char*)rr->u.data); - break; - case T_A: - printf("%s\n", inet_ntoa(*rr->u.a)); - break; - case T_MX: - case T_AFSDB:{ - printf("%d %s\n", rr->u.mx->preference, rr->u.mx->domain); - break; - } - case T_SRV:{ - struct srv_record *srv = rr->u.srv; - printf("%d %d %d %s\n", srv->priority, srv->weight, - srv->port, srv->target); - break; - } - case T_TXT: { - printf("%s\n", rr->u.txt); - break; - } - case T_SIG : { - struct sig_record *sig = rr->u.sig; - const char *type_string = dns_type_to_string (sig->type); - - printf ("type %u (%s), algorithm %u, labels %u, orig_ttl %u, sig_expiration %u, sig_inception %u, key_tag %u, signer %s\n", - sig->type, type_string ? type_string : "", - sig->algorithm, sig->labels, sig->orig_ttl, - sig->sig_expiration, sig->sig_inception, sig->key_tag, - sig->signer); - break; - } - case T_KEY : { - struct key_record *key = rr->u.key; - - printf ("flags %u, protocol %u, algorithm %u\n", - key->flags, key->protocol, key->algorithm); - break; - } - default: - printf("\n"); - break; - } - } - - return 0; -} -#endif |