dns/bind9
dns/bind9
1
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9.git synced 2025-04-18 09:44:09 +03:00
Code
bind9/bin/dig/dighost.c
alessio 2f27d66450 Refactor to use list-like macro for message sections 
In the code base it is very common to iterate over all names in a message
section and all rdatasets for each name, but various idioms are used for
iteration.

This commit standardizes them as much as possible to a single idiom,
using the macro MSG_SECTION_FOREACH, similar to the existing
ISC_LIST_FOREACH.
2025-03-27 03:09:46 +01:00

4876 lines
120 KiB
C
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file
* \note
* Notice to programmers: Do not use this code as an example of how to
* use the ISC library to perform DNS lookups. Dig and Host both operate
* on the request level, since they allow fine-tuning of output and are
* intended as debugging tools. As a result, they perform many of the
* functions which could be better handled using the dns_resolver
* functions in most applications.
*/
#include <errno.h>
#include <inttypes.h>
#include <limits.h>
#include <locale.h>
#include <netdb.h>
#include <stdbool.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#ifdef HAVE_LIBIDN2
#include <idn2.h>
#endif /* HAVE_LIBIDN2 */
#include <isc/base64.h>
#include <isc/crypto.h>
#include <isc/file.h>
#include <isc/getaddresses.h>
#include <isc/hex.h>
#include <isc/log.h>
#include <isc/loop.h>
#include <isc/managers.h>
#include <isc/netaddr.h>
#include <isc/nonce.h>
#include <isc/parseint.h>
#include <isc/random.h>
#include <isc/result.h>
#include <isc/safe.h>
#include <isc/serial.h>
#include <isc/sockaddr.h>
#include <isc/string.h>
#include <isc/timer.h>
#include <isc/tls.h>
#include <isc/types.h>
#include <isc/util.h>
#include <isc/uv.h>
#include <isc/xml.h>
#include <dns/byaddr.h>
#include <dns/ede.h>
#include <dns/fixedname.h>
#include <dns/message.h>
#include <dns/name.h>
#include <dns/opcode.h>
#include <dns/rcode.h>
#include <dns/rdata.h>
#include <dns/rdataclass.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/rdatastruct.h>
#include <dns/rdatatype.h>
#include <dns/tsig.h>
#include <dst/dst.h>
#include <isccfg/namedconf.h>
#include <irs/resconf.h>
#include "dighost.h"
#define systemlocale(l) (void)setlocale(l, "")
#define resetlocale(l) (void)setlocale(l, "C")
dig_lookuplist_t lookup_list;
dig_serverlist_t server_list;
dig_searchlistlist_t search_list;
static bool cancel_now = false;
bool check_ra = false, have_ipv4 = false, have_ipv6 = false,
specified_source = false, free_now = false, usesearch = false,
showsearch = false, keep_open = false, verbose = false, yaml = false;
in_port_t port = 53;
bool port_set = false;
unsigned int timeout = 0;
unsigned int extrabytes;
isc_mem_t *mctx = NULL;
isc_nm_t *netmgr = NULL;
isc_loopmgr_t *loopmgr = NULL;
isc_loop_t *mainloop = NULL;
isc_sockaddr_t localaddr;
isc_refcount_t sendcount = 0;
isc_refcount_t recvcount = 0;
int ndots = -1;
int tries = -1;
int lookup_counter = 0;
static char servercookie[256];
#ifdef HAVE_LIBIDN2
static void
idn_input(const char *src, char *dst, size_t dstlen);
#endif /* HAVE_LIBIDN2 */
isc_nmhandle_t *keep = NULL;
isc_sockaddr_t keepaddr;
/*%
* Exit Codes:
*
*\li 0 Everything went well, including things like NXDOMAIN
*\li 1 Usage error
*\li 7 Got too many RR's or Names
*\li 8 Couldn't open batch file
*\li 9 No reply from server
*\li 10 Internal error
*/
int exitcode = 0;
int fatalexit = 0;
char keynametext[MXNAME];
char keyfile[MXNAME] = "";
char keysecret[MXNAME] = "";
unsigned char cookie_secret[33];
unsigned char cookie[8];
dst_algorithm_t hmac_alg = DST_ALG_UNKNOWN;
unsigned int digestbits = 0;
isc_buffer_t *namebuf = NULL;
dns_tsigkey_t *tsigkey = NULL;
dst_key_t *sig0key = NULL;
bool validated = true;
bool debugging = false;
bool debugtiming = false;
bool memdebugging = false;
char *progname = NULL;
dig_lookup_t *current_lookup = NULL;
#define DIG_MAX_ADDRESSES 20
static void
default_warnerr(const char *format, ...) {
va_list args;
printf(";; ");
va_start(args, format);
vprintf(format, args);
va_end(args);
printf("\n");
}
static void
default_comments(dig_lookup_t *lookup, const char *format, ...) {
va_list args;
if (lookup->comments) {
printf(";; ");
va_start(args, format);
vprintf(format, args);
va_end(args);
printf("\n");
}
}
/* dynamic callbacks */
isc_result_t (*dighost_printmessage)(dig_query_t *query,
const isc_buffer_t *msgbuf,
dns_message_t *msg, bool headers);
void (*dighost_error)(const char *format, ...) = default_warnerr;
void (*dighost_warning)(const char *format, ...) = default_warnerr;
void (*dighost_comments)(dig_lookup_t *lookup, const char *format,
...) = default_comments;
void (*dighost_received)(unsigned int bytes, isc_sockaddr_t *from,
dig_query_t *query);
void (*dighost_trying)(char *frm, dig_lookup_t *lookup);
void (*dighost_shutdown)(void);
/* forward declarations */
#define cancel_lookup(l) _cancel_lookup(l, __FILE__, __LINE__)
static void
_cancel_lookup(dig_lookup_t *lookup, const char *file, unsigned int line);
static void
recv_done(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,
void *arg);
static void
start_udp(dig_query_t *query);
static void
start_tcp(dig_query_t *query);
static void
force_next(dig_query_t *query);
static void
launch_next_query(dig_query_t *query);
static void
clear_current_lookup(void);
static bool
next_origin(dig_lookup_t *oldlookup);
static int
count_dots(char *string) {
char *s;
int i = 0;
s = string;
while (*s != '\0') {
if (*s == '.') {
i++;
}
s++;
}
return i;
}
static void
hex_dump(isc_buffer_t *b) {
unsigned int len, i;
isc_region_t r;
isc_buffer_usedregion(b, &r);
printf("%u bytes\n", r.length);
for (len = 0; len < r.length; len++) {
printf("%02x ", r.base[len]);
if (len % 16 == 15) {
printf(" ");
for (i = len - 15; i <= len; i++) {
if (r.base[i] >= '!' && r.base[i] <= '}') {
putchar(r.base[i]);
} else {
putchar('.');
}
}
printf("\n");
}
}
if (len % 16 != 0) {
for (i = len; (i % 16) != 0; i++) {
printf(" ");
}
printf(" ");
for (i = ((len >> 4) << 4); i < len; i++) {
if (r.base[i] >= '!' && r.base[i] <= '}') {
putchar(r.base[i]);
} else {
putchar('.');
}
}
printf("\n");
}
}
/*%
* Append 'len' bytes of 'text' at '*p', failing with
* ISC_R_NOSPACE if that would advance p past 'end'.
*/
static isc_result_t
append(const char *text, size_t len, char **p, char *end) {
if (*p + len > end) {
return ISC_R_NOSPACE;
}
memmove(*p, text, len);
*p += len;
return ISC_R_SUCCESS;
}
static isc_result_t
reverse_octets(const char *in, char **p, char *end) {
const char *dot = strchr(in, '.');
size_t len;
if (dot != NULL) {
isc_result_t result;
result = reverse_octets(dot + 1, p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
result = append(".", 1, p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
len = (int)(dot - in);
} else {
len = (int)strlen(in);
}
return append(in, len, p, end);
}
isc_result_t
get_reverse(char *reverse, size_t len, char *value, bool strict) {
int r;
isc_result_t result;
isc_netaddr_t addr;
addr.family = AF_INET6;
r = inet_pton(AF_INET6, value, &addr.type.in6);
if (r > 0) {
/* This is a valid IPv6 address. */
dns_fixedname_t fname;
dns_name_t *name;
name = dns_fixedname_initname(&fname);
result = dns_byaddr_createptrname(&addr, name);
if (result != ISC_R_SUCCESS) {
return result;
}
dns_name_format(name, reverse, (unsigned int)len);
return ISC_R_SUCCESS;
} else {
/*
* Not a valid IPv6 address. Assume IPv4.
* If 'strict' is not set, construct the
* in-addr.arpa name by blindly reversing
* octets whether or not they look like integers,
* so that this can be used for RFC2317 names
* and such.
*/
char *p = reverse;
char *end = reverse + len;
if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1) {
return DNS_R_BADDOTTEDQUAD;
}
result = reverse_octets(value, &p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
/* Append .in-addr.arpa. and a terminating NUL. */
result = append(".in-addr.arpa.", 15, &p, end);
if (result != ISC_R_SUCCESS) {
return result;
}
return ISC_R_SUCCESS;
}
}
#if TARGET_OS_IPHONE
void
warn(const char *format, ...) {
va_list args;
fflush(stdout);
fprintf(stderr, ";; Warning: ");
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fprintf(stderr, "\n");
}
#else /* if TARGET_OS_IPHONE */
void
warn(const char *format, ...) {
va_list args;
fflush(stdout);
fprintf(stderr, "%s: ", progname);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fprintf(stderr, "\n");
}
#endif /* if TARGET_OS_IPHONE */
void
digexit(void) {
if (exitcode < 10) {
exitcode = 10;
}
if (fatalexit != 0) {
_exit(fatalexit);
}
exit(exitcode);
}
void
fatal(const char *format, ...) {
va_list args;
fflush(stdout);
fprintf(stderr, "%s: ", progname);
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fprintf(stderr, "\n");
if (fatalexit == 0 && exitcode != 0) {
fatalexit = exitcode;
} else if (fatalexit == 0) {
fatalexit = EXIT_FAILURE;
}
digexit();
}
void
debug(const char *format, ...) {
va_list args;
isc_time_t t;
if (debugging) {
fflush(stdout);
if (debugtiming) {
t = isc_time_now();
fprintf(stderr, "%u.%06u: ", isc_time_seconds(&t),
isc_time_nanoseconds(&t) / 1000);
}
va_start(args, format);
vfprintf(stderr, format, args);
va_end(args);
fprintf(stderr, "\n");
}
}
void
check_result(isc_result_t result, const char *msg) {
if (result != ISC_R_SUCCESS) {
fatal("%s: %s", msg, isc_result_totext(result));
}
}
/*%
* Create a server structure, which is part of the lookup structure.
* This is little more than a linked list of servers to query in hopes
* of finding the answer the user is looking for
*/
dig_server_t *
make_server(const char *servname, const char *userarg) {
dig_server_t *srv;
REQUIRE(servname != NULL);
debug("make_server(%s)", servname);
srv = isc_mem_allocate(mctx, sizeof(struct dig_server));
strlcpy(srv->servername, servname, MXNAME);
strlcpy(srv->userarg, userarg, MXNAME);
ISC_LINK_INIT(srv, link);
return srv;
}
/*%
* Create a copy of the server list from the resolver configuration structure.
* The dest list must have already had ISC_LIST_INIT applied.
*/
static void
get_server_list(irs_resconf_t *resconf) {
isc_sockaddrlist_t *servers;
isc_sockaddr_t *sa;
dig_server_t *newsrv;
char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255") +
sizeof("%4000000000")];
debug("get_server_list()");
servers = irs_resconf_getnameservers(resconf);
for (sa = ISC_LIST_HEAD(*servers); sa != NULL;
sa = ISC_LIST_NEXT(sa, link))
{
int pf = isc_sockaddr_pf(sa);
isc_netaddr_t na;
isc_result_t result;
isc_buffer_t b;
if (pf == AF_INET && !have_ipv4) {
continue;
}
if (pf == AF_INET6 && !have_ipv6) {
continue;
}
isc_buffer_init(&b, tmp, sizeof(tmp));
isc_netaddr_fromsockaddr(&na, sa);
result = isc_netaddr_totext(&na, &b);
if (result != ISC_R_SUCCESS) {
continue;
}
isc_buffer_putuint8(&b, 0);
if (pf == AF_INET6 && na.zone != 0) {
char buf[sizeof("%4000000000")];
snprintf(buf, sizeof(buf), "%%%u", na.zone);
strlcat(tmp, buf, sizeof(tmp));
}
newsrv = make_server(tmp, tmp);
ISC_LINK_INIT(newsrv, link);
ISC_LIST_APPEND(server_list, newsrv, link);
}
}
void
flush_server_list(void) {
dig_server_t *s, *ps;
debug("flush_server_list()");
s = ISC_LIST_HEAD(server_list);
while (s != NULL) {
ps = s;
s = ISC_LIST_NEXT(s, link);
ISC_LIST_DEQUEUE(server_list, ps, link);
isc_mem_free(mctx, ps);
}
}
void
set_nameserver(char *opt) {
isc_result_t result;
isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
isc_netaddr_t netaddr;
int count, i;
dig_server_t *srv;
char tmp[ISC_NETADDR_FORMATSIZE];
if (opt == NULL) {
return;
}
isc_loopmgr_blocking(loopmgr);
result = isc_getaddresses(opt, 0, sockaddrs, DIG_MAX_ADDRESSES, &count);
isc_loopmgr_nonblocking(loopmgr);
if (result != ISC_R_SUCCESS) {
fatal("couldn't get address for '%s': %s", opt,
isc_result_totext(result));
}
flush_server_list();
for (i = 0; i < count; i++) {
isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
srv = make_server(tmp, opt);
if (srv == NULL) {
fatal("memory allocation failure");
}
ISC_LIST_APPEND(server_list, srv, link);
}
}
/*%
* Produce a cloned server list. The dest list must have already had
* ISC_LIST_INIT applied.
*/
void
clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest) {
dig_server_t *srv, *newsrv;
debug("clone_server_list()");
srv = ISC_LIST_HEAD(src);
while (srv != NULL) {
newsrv = make_server(srv->servername, srv->userarg);
ISC_LINK_INIT(newsrv, link);
ISC_LIST_ENQUEUE(*dest, newsrv, link);
srv = ISC_LIST_NEXT(srv, link);
}
}
/*%
* Create an empty lookup structure, which holds all the information needed
* to get an answer to a user's question. This structure contains two
* linked lists: the server list (servers to query) and the query list
* (outstanding queries which have been made to the listed servers).
*/
dig_lookup_t *
make_empty_lookup(void) {
dig_lookup_t *looknew;
int idnin = false, idnout = false;
#ifdef HAVE_LIBIDN2
if (getenv("IDN_DISABLE") == NULL) {
idnin = true;
idnout = isatty(1);
}
#endif /* HAVE_LIBIDN2 */
debug("make_empty_lookup()");
INSIST(!free_now);
looknew = isc_mem_allocate(mctx, sizeof(*looknew));
*looknew = (dig_lookup_t){
.pending = true,
.rdtype = dns_rdatatype_a,
.qrdtype = dns_rdatatype_a,
.rdclass = dns_rdataclass_in,
.servfail_stops = true,
.besteffort = true,
.opcode = dns_opcode_query,
.badcookie = true,
.idnin = idnin,
.idnout = idnout,
.udpsize = -1,
.edns = -1,
.original_edns = -1,
.recurse = true,
.retries = tries,
.comments = true,
.stats = true,
.section_question = true,
.section_answer = true,
.section_authority = true,
.section_additional = true,
.ednsneg = true,
};
dns_fixedname_init(&looknew->fdomain);
ISC_LINK_INIT(looknew, link);
ISC_LIST_INIT(looknew->q);
ISC_LIST_INIT(looknew->my_server_list);
isc_tlsctx_cache_create(mctx, &looknew->tls_ctx_cache);
isc_refcount_init(&looknew->references, 1);
looknew->magic = DIG_LOOKUP_MAGIC;
debug("make_empty_lookup() = %p->references = %" PRIuFAST32, looknew,
isc_refcount_current(&looknew->references));
return looknew;
}
#define EDNSOPT_OPTIONS 100U
static void
cloneopts(dig_lookup_t *looknew, dig_lookup_t *lookold) {
size_t len = sizeof(looknew->ednsopts[0]) * EDNSOPT_OPTIONS;
size_t i;
looknew->ednsopts = isc_mem_allocate(mctx, len);
for (i = 0; i < EDNSOPT_OPTIONS; i++) {
looknew->ednsopts[i].code = 0;
looknew->ednsopts[i].length = 0;
looknew->ednsopts[i].value = NULL;
}
looknew->ednsoptscnt = 0;
if (lookold == NULL || lookold->ednsopts == NULL) {
return;
}
for (i = 0; i < lookold->ednsoptscnt; i++) {
len = lookold->ednsopts[i].length;
if (len != 0) {
INSIST(lookold->ednsopts[i].value != NULL);
looknew->ednsopts[i].value = isc_mem_allocate(mctx,
len);
memmove(looknew->ednsopts[i].value,
lookold->ednsopts[i].value, len);
}
looknew->ednsopts[i].code = lookold->ednsopts[i].code;
looknew->ednsopts[i].length = len;
}
looknew->ednsoptscnt = lookold->ednsoptscnt;
}
/*%
* Clone a lookup, perhaps copying the server list. This does not clone
* the query list, since it will be regenerated by the setup_lookup()
* function, nor does it queue up the new lookup for processing.
* Caution: If you don't clone the servers, you MUST clone the server
* list separately from somewhere else, or construct it by hand.
*/
dig_lookup_t *
clone_lookup(dig_lookup_t *lookold, bool servers) {
dig_lookup_t *looknew;
debug("clone_lookup()");
INSIST(!free_now);
looknew = make_empty_lookup();
strlcpy(looknew->textname, lookold->textname, MXNAME);
strlcpy(looknew->cmdline, lookold->cmdline, MXNAME);
looknew->textname[MXNAME - 1] = 0;
looknew->rdtype = lookold->rdtype;
looknew->qrdtype = lookold->qrdtype;
looknew->rdclass = lookold->rdclass;
looknew->rdtypeset = lookold->rdtypeset;
looknew->rdclassset = lookold->rdclassset;
looknew->doing_xfr = lookold->doing_xfr;
looknew->ixfr_serial = lookold->ixfr_serial;
looknew->trace = lookold->trace;
looknew->trace_root = lookold->trace_root;
looknew->identify = lookold->identify;
looknew->identify_previous_line = lookold->identify_previous_line;
looknew->ignore = lookold->ignore;
looknew->servfail_stops = lookold->servfail_stops;
looknew->besteffort = lookold->besteffort;
looknew->dns64prefix = lookold->dns64prefix;
looknew->dnssec = lookold->dnssec;
looknew->ednsflags = lookold->ednsflags;
looknew->opcode = lookold->opcode;
looknew->expire = lookold->expire;
looknew->nsid = lookold->nsid;
looknew->zoneversion = lookold->zoneversion;
looknew->tcp_keepalive = lookold->tcp_keepalive;
looknew->header_only = lookold->header_only;
looknew->https_mode = lookold->https_mode;
if (lookold->https_path != NULL) {
looknew->https_path = isc_mem_strdup(mctx, lookold->https_path);
}
looknew->https_get = lookold->https_get;
looknew->http_plain = lookold->http_plain;
looknew->tls_ca_set = lookold->tls_ca_set;
if (lookold->tls_ca_file != NULL) {
looknew->tls_ca_file = isc_mem_strdup(mctx,
lookold->tls_ca_file);
};
looknew->tls_hostname_set = lookold->tls_hostname_set;
if (lookold->tls_hostname != NULL) {
looknew->tls_hostname = isc_mem_strdup(mctx,
lookold->tls_hostname);
}
looknew->tls_key_file_set = lookold->tls_key_file_set;
if (lookold->tls_key_file != NULL) {
looknew->tls_key_file = isc_mem_strdup(mctx,
lookold->tls_key_file);
}
looknew->tls_cert_file_set = lookold->tls_cert_file_set;
if (lookold->tls_cert_file != NULL) {
looknew->tls_cert_file = isc_mem_strdup(mctx,
lookold->tls_cert_file);
}
looknew->showbadcookie = lookold->showbadcookie;
looknew->showbadvers = lookold->showbadvers;
looknew->sendcookie = lookold->sendcookie;
looknew->seenbadcookie = lookold->seenbadcookie;
looknew->badcookie = lookold->badcookie;
looknew->cookie = lookold->cookie;
if (lookold->ednsopts != NULL) {
cloneopts(looknew, lookold);
} else {
looknew->ednsopts = NULL;
looknew->ednsoptscnt = 0;
}
looknew->ednsneg = lookold->ednsneg;
looknew->padding = lookold->padding;
looknew->multiline = lookold->multiline;
looknew->nottl = lookold->nottl;
looknew->noclass = lookold->noclass;
looknew->onesoa = lookold->onesoa;
looknew->use_usec = lookold->use_usec;
looknew->nocrypto = lookold->nocrypto;
looknew->ttlunits = lookold->ttlunits;
looknew->expandaaaa = lookold->expandaaaa;
looknew->svcparamkeycompat = lookold->svcparamkeycompat;
looknew->qr = lookold->qr;
looknew->idnin = lookold->idnin;
looknew->idnout = lookold->idnout;
looknew->udpsize = lookold->udpsize;
looknew->edns = lookold->edns;
looknew->original_edns = lookold->original_edns;
looknew->recurse = lookold->recurse;
looknew->aaonly = lookold->aaonly;
looknew->adflag = lookold->adflag;
looknew->cdflag = lookold->cdflag;
looknew->raflag = lookold->raflag;
looknew->tcflag = lookold->tcflag;
looknew->print_unknown_format = lookold->print_unknown_format;
looknew->zflag = lookold->zflag;
looknew->setqid = lookold->setqid;
looknew->qid = lookold->qid;
looknew->ns_search_only = lookold->ns_search_only;
looknew->tcp_mode = lookold->tcp_mode;
looknew->tcp_mode_set = lookold->tcp_mode_set;
looknew->tls_mode = lookold->tls_mode;
looknew->comments = lookold->comments;
looknew->stats = lookold->stats;
looknew->section_question = lookold->section_question;
looknew->section_answer = lookold->section_answer;
looknew->section_authority = lookold->section_authority;
looknew->section_additional = lookold->section_additional;
looknew->origin = lookold->origin;
looknew->retries = lookold->retries;
looknew->tsigctx = NULL;
looknew->need_search = lookold->need_search;
looknew->done_as_is = lookold->done_as_is;
looknew->rrcomments = lookold->rrcomments;
looknew->fuzzing = lookold->fuzzing;
looknew->fuzztime = lookold->fuzztime;
looknew->proxy_mode = lookold->proxy_mode;
looknew->proxy_plain = lookold->proxy_plain;
looknew->proxy_local = lookold->proxy_local;
looknew->proxy_src_addr = lookold->proxy_src_addr;
looknew->proxy_dst_addr = lookold->proxy_dst_addr;
if (lookold->ecs_addr != NULL) {
looknew->ecs_addr = isc_mem_get(mctx,
sizeof(*looknew->ecs_addr));
memmove(looknew->ecs_addr, lookold->ecs_addr,
sizeof(*looknew->ecs_addr));
}
dns_name_copy(dns_fixedname_name(&lookold->fdomain),
dns_fixedname_name(&looknew->fdomain));
if (servers) {
if (lookold->tls_ctx_cache != NULL) {
isc_tlsctx_cache_detach(&looknew->tls_ctx_cache);
isc_tlsctx_cache_attach(lookold->tls_ctx_cache,
&looknew->tls_ctx_cache);
}
clone_server_list(lookold->my_server_list,
&looknew->my_server_list);
}
isc_refcount_init(&looknew->references, 1);
looknew->magic = DIG_LOOKUP_MAGIC;
return looknew;
}
/*%
* Requeue a lookup for further processing, perhaps copying the server
* list. The new lookup structure is returned to the caller, and is
* queued for processing. If servers are not cloned in the requeue, they
* must be added before allowing the current event to complete, since the
* completion of the event may result in the next entry on the lookup
* queue getting run.
*/
dig_lookup_t *
requeue_lookup(dig_lookup_t *lookold, bool servers) {
dig_lookup_t *looknew = NULL;
debug("requeue_lookup()");
lookup_counter++;
if (lookup_counter > LOOKUP_LIMIT) {
fatal("too many lookups");
}
looknew = clone_lookup(lookold, servers);
INSIST(looknew != NULL);
debug("before insertion, init@%p -> %p, new@%p -> %p", lookold,
lookold->link.next, looknew, looknew->link.next);
ISC_LIST_PREPEND(lookup_list, looknew, link);
debug("after insertion, init -> %p, new = %p, new -> %p", lookold,
looknew, looknew->link.next);
return looknew;
}
void
setup_text_key(void) {
isc_result_t result;
dns_fixedname_t fkey;
dns_name_t *keyname = dns_fixedname_initname(&fkey);
isc_buffer_t secretbuf;
unsigned int secretsize;
unsigned char *secretstore;
debug("setup_text_key()");
isc_buffer_allocate(mctx, &namebuf, MXNAME);
isc_buffer_putstr(namebuf, keynametext);
secretsize = (unsigned int)strlen(keysecret) * 3 / 4;
secretstore = isc_mem_allocate(mctx, secretsize);
isc_buffer_init(&secretbuf, secretstore, secretsize);
result = isc_base64_decodestring(keysecret, &secretbuf);
if (result != ISC_R_SUCCESS) {
goto failure;
}
secretsize = isc_buffer_usedlength(&secretbuf);
if (hmac_alg == DST_ALG_UNKNOWN) {
result = DST_R_UNSUPPORTEDALG;
goto failure;
}
result = dns_name_fromtext(keyname, namebuf, dns_rootname, 0);
if (result != ISC_R_SUCCESS) {
goto failure;
}
result = dns_tsigkey_create(keyname, hmac_alg, secretstore,
(int)secretsize, mctx, &tsigkey);
failure:
if (result != ISC_R_SUCCESS) {
printf(";; Couldn't create key %s: %s\n", keynametext,
isc_result_totext(result));
} else {
dst_key_setbits(tsigkey->key, digestbits);
}
isc_mem_free(mctx, secretstore);
isc_buffer_free(&namebuf);
}
static isc_result_t
parse_uint_helper(uint32_t *uip, const char *value, uint32_t max,
const char *desc, int base) {
uint32_t n;
isc_result_t result = isc_parse_uint32(&n, value, base);
if (result == ISC_R_SUCCESS && n > max) {
result = ISC_R_RANGE;
}
if (result != ISC_R_SUCCESS) {
printf("invalid %s '%s': %s\n", desc, value,
isc_result_totext(result));
return result;
}
*uip = n;
return ISC_R_SUCCESS;
}
isc_result_t
parse_uint(uint32_t *uip, const char *value, uint32_t max, const char *desc) {
return parse_uint_helper(uip, value, max, desc, 10);
}
isc_result_t
parse_xint(uint32_t *uip, const char *value, uint32_t max, const char *desc) {
return parse_uint_helper(uip, value, max, desc, 0);
}
static uint32_t
parse_bits(char *arg, const char *desc, uint32_t max) {
isc_result_t result;
uint32_t tmp;
result = parse_uint(&tmp, arg, max, desc);
if (result != ISC_R_SUCCESS) {
fatal("couldn't parse digest bits");
}
tmp = (tmp + 7) & ~0x7U;
return tmp;
}
isc_result_t
parse_netprefix(isc_sockaddr_t **sap, const char *value) {
isc_result_t result = ISC_R_SUCCESS;
isc_sockaddr_t *sa = NULL;
struct in_addr in4;
struct in6_addr in6;
uint32_t prefix_length = 0xffffffff;
char *slash = NULL;
bool parsed = false;
bool prefix_parsed = false;
char buf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:XXX.XXX.XXX.XXX/128")];
REQUIRE(sap != NULL && *sap == NULL);
if (strlcpy(buf, value, sizeof(buf)) >= sizeof(buf)) {
fatal("invalid prefix '%s'\n", value);
}
sa = isc_mem_get(mctx, sizeof(*sa));
*sa = (isc_sockaddr_t){ .length = 0 };
if (strcmp(buf, "0") == 0) {
sa->type.sa.sa_family = AF_UNSPEC;
prefix_length = 0;
goto done;
}
slash = strchr(buf, '/');
if (slash != NULL) {
*slash = '\0';
result = isc_parse_uint32(&prefix_length, slash + 1, 10);
if (result != ISC_R_SUCCESS) {
fatal("invalid prefix length in '%s': %s\n", value,
isc_result_totext(result));
}
prefix_parsed = true;
}
if (inet_pton(AF_INET6, buf, &in6) == 1) {
parsed = true;
isc_sockaddr_fromin6(sa, &in6, 0);
if (prefix_length > 128) {
prefix_length = 128;
}
} else if (inet_pton(AF_INET, buf, &in4) == 1) {
parsed = true;
isc_sockaddr_fromin(sa, &in4, 0);
if (prefix_length > 32) {
prefix_length = 32;
}
} else if (prefix_parsed) {
int i;
for (i = 0; i < 3 && strlen(buf) < sizeof(buf) - 2; i++) {
strlcat(buf, ".0", sizeof(buf));
if (inet_pton(AF_INET, buf, &in4) == 1) {
parsed = true;
isc_sockaddr_fromin(sa, &in4, 0);
break;
}
}
if (prefix_length > 32) {
prefix_length = 32;
}
}
if (!parsed) {
fatal("invalid address '%s'", value);
}
done:
sa->length = prefix_length;
*sap = sa;
return ISC_R_SUCCESS;
}
/*
* Parse HMAC algorithm specification
*/
void
parse_hmac(const char *algname) {
char buf[20];
size_t len;
REQUIRE(algname != NULL);
len = strlen(algname);
if (len >= sizeof(buf)) {
fatal("unknown key type '%.*s'", (int)len, algname);
}
strlcpy(buf, algname, sizeof(buf));
digestbits = 0;
if (strcasecmp(buf, "hmac-md5") == 0) {
hmac_alg = DST_ALG_HMACMD5;
} else if (strncasecmp(buf, "hmac-md5-", 9) == 0) {
hmac_alg = DST_ALG_HMACMD5;
digestbits = parse_bits(&buf[9], "digest-bits [0..128]", 128);
} else if (strcasecmp(buf, "hmac-sha1") == 0) {
hmac_alg = DST_ALG_HMACSHA1;
digestbits = 0;
} else if (strncasecmp(buf, "hmac-sha1-", 10) == 0) {
hmac_alg = DST_ALG_HMACSHA1;
digestbits = parse_bits(&buf[10], "digest-bits [0..160]", 160);
} else if (strcasecmp(buf, "hmac-sha224") == 0) {
hmac_alg = DST_ALG_HMACSHA224;
} else if (strncasecmp(buf, "hmac-sha224-", 12) == 0) {
hmac_alg = DST_ALG_HMACSHA224;
digestbits = parse_bits(&buf[12], "digest-bits [0..224]", 224);
} else if (strcasecmp(buf, "hmac-sha256") == 0) {
hmac_alg = DST_ALG_HMACSHA256;
} else if (strncasecmp(buf, "hmac-sha256-", 12) == 0) {
hmac_alg = DST_ALG_HMACSHA256;
digestbits = parse_bits(&buf[12], "digest-bits [0..256]", 256);
} else if (strcasecmp(buf, "hmac-sha384") == 0) {
hmac_alg = DST_ALG_HMACSHA384;
} else if (strncasecmp(buf, "hmac-sha384-", 12) == 0) {
hmac_alg = DST_ALG_HMACSHA384;
digestbits = parse_bits(&buf[12], "digest-bits [0..384]", 384);
} else if (strcasecmp(buf, "hmac-sha512") == 0) {
hmac_alg = DST_ALG_HMACSHA512;
} else if (strncasecmp(buf, "hmac-sha512-", 12) == 0) {
hmac_alg = DST_ALG_HMACSHA512;
digestbits = parse_bits(&buf[12], "digest-bits [0..512]", 512);
} else {
fprintf(stderr,
";; Warning, ignoring "
"invalid TSIG algorithm %s\n",
buf);
}
}
/*
* Get a key from a named.conf format keyfile
*/
static isc_result_t
read_confkey(void) {
cfg_parser_t *pctx = NULL;
cfg_obj_t *file = NULL;
const cfg_obj_t *keyobj = NULL;
const cfg_obj_t *secretobj = NULL;
const cfg_obj_t *algorithmobj = NULL;
const char *keyname;
const char *secretstr;
const char *algorithm;
isc_result_t result;
if (!isc_file_exists(keyfile)) {
return ISC_R_FILENOTFOUND;
}
result = cfg_parser_create(mctx, &pctx);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = cfg_parse_file(pctx, keyfile, &cfg_type_sessionkey, &file);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
result = cfg_map_get(file, "key", &keyobj);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
(void)cfg_map_get(keyobj, "secret", &secretobj);
(void)cfg_map_get(keyobj, "algorithm", &algorithmobj);
if (secretobj == NULL || algorithmobj == NULL) {
fatal("key must have algorithm and secret");
}
keyname = cfg_obj_asstring(cfg_map_getname(keyobj));
secretstr = cfg_obj_asstring(secretobj);
algorithm = cfg_obj_asstring(algorithmobj);
strlcpy(keynametext, keyname, sizeof(keynametext));
strlcpy(keysecret, secretstr, sizeof(keysecret));
parse_hmac(algorithm);
setup_text_key();
cleanup:
if (pctx != NULL) {
if (file != NULL) {
cfg_obj_destroy(pctx, &file);
}
cfg_parser_destroy(&pctx);
}
return result;
}
void
setup_file_key(void) {
isc_result_t result;
dst_key_t *dstkey = NULL;
debug("setup_file_key()");
if (sig0key != NULL) {
dst_key_free(&sig0key);
}
/* Try reading the key from a K* pair */
result = dst_key_fromnamedfile(
keyfile, NULL, DST_TYPE_PRIVATE | DST_TYPE_KEY, mctx, &dstkey);
/* If that didn't work, try reading it as a session.key keyfile */
if (result != ISC_R_SUCCESS) {
result = read_confkey();
if (result == ISC_R_SUCCESS) {
return;
}
}
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "Couldn't read key from %s: %s\n", keyfile,
isc_result_totext(result));
goto failure;
}
switch (dst_key_alg(dstkey)) {
case DST_ALG_HMACMD5:
case DST_ALG_HMACSHA1:
case DST_ALG_HMACSHA224:
case DST_ALG_HMACSHA256:
case DST_ALG_HMACSHA384:
case DST_ALG_HMACSHA512:
hmac_alg = dst_key_alg(dstkey);
break;
default:
dst_key_attach(dstkey, &sig0key);
dst_key_free(&dstkey);
return;
}
if (dstkey != NULL) {
result = dns_tsigkey_createfromkey(
dst_key_name(dstkey), hmac_alg, dstkey, false, false,
NULL, 0, 0, mctx, &tsigkey);
if (result != ISC_R_SUCCESS) {
printf(";; Couldn't create key %s: %s\n", keynametext,
isc_result_totext(result));
}
}
failure:
if (dstkey != NULL) {
dst_key_free(&dstkey);
}
}
static dig_searchlist_t *
make_searchlist_entry(char *domain) {
dig_searchlist_t *search;
search = isc_mem_allocate(mctx, sizeof(*search));
strlcpy(search->origin, domain, MXNAME);
search->origin[MXNAME - 1] = 0;
ISC_LINK_INIT(search, link);
return search;
}
static void
clear_searchlist(void) {
dig_searchlist_t *search;
while ((search = ISC_LIST_HEAD(search_list)) != NULL) {
ISC_LIST_UNLINK(search_list, search, link);
isc_mem_free(mctx, search);
}
}
static void
create_search_list(irs_resconf_t *resconf) {
irs_resconf_searchlist_t *list;
irs_resconf_search_t *entry;
dig_searchlist_t *search;
debug("create_search_list()");
clear_searchlist();
list = irs_resconf_getsearchlist(resconf);
for (entry = ISC_LIST_HEAD(*list); entry != NULL;
entry = ISC_LIST_NEXT(entry, link))
{
search = make_searchlist_entry(entry->domain);
ISC_LIST_APPEND(search_list, search, link);
}
}
/*%
* Append 'addr' to the list of servers to be queried. This function is only
* called when no server addresses are explicitly specified and either libirs
* returns an empty list of servers to use or none of the addresses returned by
* libirs are usable due to the specified address family restrictions.
*/
static void
add_fallback_nameserver(const char *addr) {
dig_server_t *server = make_server(addr, addr);
ISC_LINK_INIT(server, link);
ISC_LIST_APPEND(server_list, server, link);
}
/*%
* Setup the system as a whole, reading key information and resolv.conf
* settings.
*/
void
setup_system(bool ipv4only, bool ipv6only) {
irs_resconf_t *resconf = NULL;
isc_result_t result;
debug("setup_system()");
if (ipv4only) {
if (have_ipv4) {
isc_net_disableipv6();
have_ipv6 = false;
} else {
fatal("can't find IPv4 networking");
}
}
if (ipv6only) {
if (have_ipv6) {
isc_net_disableipv4();
have_ipv4 = false;
} else {
fatal("can't find IPv6 networking");
}
}
result = irs_resconf_load(mctx, RESOLV_CONF, &resconf);
if (result != ISC_R_SUCCESS && result != ISC_R_FILENOTFOUND) {
fatal("parse of %s failed", RESOLV_CONF);
}
create_search_list(resconf);
if (ndots == -1) {
ndots = irs_resconf_getndots(resconf);
debug("ndots is %d.", ndots);
}
if (timeout == 0) {
timeout = irs_resconf_gettimeout(resconf);
debug("timeout is %d.", timeout);
}
if (tries == -1) {
tries = irs_resconf_getattempts(resconf);
if (tries == 0) {
tries = 3;
}
debug("retries is %d.", tries);
}
/* If user doesn't specify server use nameservers from resolv.conf. */
if (ISC_LIST_EMPTY(server_list)) {
get_server_list(resconf);
}
/* If we don't find a nameserver fall back to localhost */
if (ISC_LIST_EMPTY(server_list)) {
if (have_ipv6) {
add_fallback_nameserver("::1");
}
if (have_ipv4) {
add_fallback_nameserver("127.0.0.1");
}
}
irs_resconf_destroy(&resconf);
if (keyfile[0] != 0) {
setup_file_key();
} else if (keysecret[0] != 0) {
setup_text_key();
}
isc_nonce_buf(cookie_secret, sizeof(cookie_secret));
}
/*%
* Override the search list derived from resolv.conf by 'domain'.
*/
void
set_search_domain(char *domain) {
dig_searchlist_t *search;
clear_searchlist();
search = make_searchlist_entry(domain);
ISC_LIST_APPEND(search_list, search, link);
}
/*%
* Setup the ISC and DNS libraries for use by the system.
*/
void
setup_libs(void) {
isc_result_t result;
isc_logconfig_t *logconfig = NULL;
debug("setup_libs()");
result = isc_net_probeipv4();
if (result == ISC_R_SUCCESS) {
have_ipv4 = true;
}
result = isc_net_probeipv6();
if (result == ISC_R_SUCCESS) {
have_ipv6 = true;
}
if (!have_ipv6 && !have_ipv4) {
fatal("can't find either v4 or v6 networking");
}
isc_managers_create(&mctx, 1, &loopmgr, &netmgr);
logconfig = isc_logconfig_get();
isc_log_createandusechannel(logconfig, "debug", ISC_LOG_TOFILEDESC,
ISC_LOG_DYNAMIC, ISC_LOGDESTINATION_STDERR,
ISC_LOG_PRINTTIME, ISC_LOGCATEGORY_DEFAULT,
ISC_LOGMODULE_DEFAULT);
isc_log_setdebuglevel(0);
isc_mem_setname(mctx, "dig");
mainloop = isc_loop_main(loopmgr);
}
typedef struct dig_ednsoptname {
uint32_t code;
const char *name;
} dig_ednsoptname_t;
dig_ednsoptname_t optnames[] = {
{ 1, "LLQ" }, /* draft-sekar-dns-llq */
{ 2, "UL" }, /* draft-ietf-dnssd-update-lease */
{ 3, "NSID" }, /* RFC 5001 */
{ 5, "DAU" }, /* RFC 6975 */
{ 6, "DHU" }, /* RFC 6975 */
{ 7, "N3U" }, /* RFC 6975 */
{ 8, "ECS" }, /* RFC 7871 */
{ 9, "EXPIRE" }, /* RFC 7314 */
{ 10, "COOKIE" }, /* RFC 7873 */
{ 11, "KEEPALIVE" }, /* RFC 7828 */
{ 12, "PADDING" }, /* RFC 7830 */
{ 12, "PAD" }, /* shorthand */
{ 13, "CHAIN" }, /* RFC 7901 */
{ 14, "KEY-TAG" }, /* RFC 8145 */
{ 15, "EDE" }, /* ietf-dnsop-extended-error-16 */
{ 16, "CLIENT-TAG" }, /* draft-bellis-dnsop-edns-tags */
{ 17, "SERVER-TAG" }, /* draft-bellis-dnsop-edns-tags */
{ 18, "REPORT-CHANNEL" }, /* RFC 9567 */
{ 18, "RC" }, /* shorthand */
{ 19, "ZONEVERSION" }, /* RFC 9660 */
{ 26946, "DEVICEID" }, /* Brian Hartvigsen */
};
#define N_EDNS_OPTNAMES (sizeof(optnames) / sizeof(optnames[0]))
void
save_opt(dig_lookup_t *lookup, char *code, char *value) {
isc_result_t result;
uint32_t num = 0;
isc_buffer_t b;
bool found = false;
unsigned int i;
if (lookup->ednsoptscnt >= EDNSOPT_OPTIONS) {
fatal("too many ednsopts");
}
for (i = 0; i < N_EDNS_OPTNAMES; i++) {
if (strcasecmp(code, optnames[i].name) == 0) {
num = optnames[i].code;
found = true;
break;
}
}
if (!found) {
result = parse_uint(&num, code, 65535, "ednsopt");
if (result != ISC_R_SUCCESS) {
fatal("bad edns code point: %s", code);
}
}
if (lookup->ednsopts == NULL) {
cloneopts(lookup, NULL);
}
INSIST(lookup->ednsopts != NULL);
if (lookup->ednsopts[lookup->ednsoptscnt].value != NULL) {
isc_mem_free(mctx, lookup->ednsopts[lookup->ednsoptscnt].value);
}
lookup->ednsopts[lookup->ednsoptscnt].code = num;
lookup->ednsopts[lookup->ednsoptscnt].length = 0;
lookup->ednsopts[lookup->ednsoptscnt].value = NULL;
if (value != NULL) {
char *buf;
buf = isc_mem_allocate(mctx, strlen(value) / 2 + 1);
isc_buffer_init(&b, buf, (unsigned int)strlen(value) / 2 + 1);
result = isc_hex_decodestring(value, &b);
check_result(result, "isc_hex_decodestring");
lookup->ednsopts[lookup->ednsoptscnt].value =
isc_buffer_base(&b);
lookup->ednsopts[lookup->ednsoptscnt].length =
isc_buffer_usedlength(&b);
}
lookup->ednsoptscnt++;
}
/*%
* Add EDNS0 option record to a message. Currently, the only supported
* options are UDP buffer size, the DO bit, and EDNS options
* (e.g., NSID, COOKIE, client-subnet)
*/
static void
add_opt(dns_message_t *msg, uint16_t udpsize, uint16_t edns, unsigned int flags,
dns_ednsopt_t *opts, size_t count) {
dns_rdataset_t *rdataset = NULL;
isc_result_t result;
debug("add_opt()");
result = dns_message_buildopt(msg, &rdataset, edns, udpsize, flags,
opts, count);
check_result(result, "dns_message_buildopt");
result = dns_message_setopt(msg, rdataset);
check_result(result, "dns_message_setopt");
}
/*%
* Add a question section to a message, asking for the specified name,
* type, and class.
*/
static void
add_question(dns_message_t *message, dns_name_t *name, dns_rdataclass_t rdclass,
dns_rdatatype_t rdtype) {
dns_rdataset_t *rdataset;
debug("add_question()");
rdataset = NULL;
dns_message_gettemprdataset(message, &rdataset);
dns_rdataset_makequestion(rdataset, rdclass, rdtype);
ISC_LIST_APPEND(name->list, rdataset, link);
}
/*%
* Check if we're done with all the queued lookups, which is true iff
* all sockets, sends, and recvs are accounted for (counters == 0),
* and the lookup list is empty.
* If we are done, pass control back out to dighost_shutdown() (which is
* part of dig.c, host.c, or nslookup.c) to either shutdown the system as
* a whole or reseed the lookup list.
*/
static void
check_if_done(void) {
dig_lookup_t *lookup = NULL;
debug("check_if_done()");
debug("list %s", ISC_LIST_EMPTY(lookup_list) ? "empty" : "full");
lookup = ISC_LIST_HEAD(lookup_list);
while (lookup != NULL) {
dig_lookup_t *next = NULL;
debug("pending lookup %p", lookup);
next = ISC_LIST_NEXT(lookup, link);
lookup = next;
}
if (ISC_LIST_EMPTY(lookup_list) && current_lookup == NULL &&
isc_refcount_current(&sendcount) == 0)
{
INSIST(isc_refcount_current(&recvcount) == 0);
debug("shutting down");
dighost_shutdown();
if (current_lookup == NULL && keep != NULL) {
isc_nmhandle_detach(&keep);
}
}
}
/*%
* Check if we're done with all the queries in the lookup, except for
* the `except_q` query (can be NULL if no exception is required).
* Expects `l` to be a valid and locked lookup.
*/
static bool
check_if_queries_done(dig_lookup_t *l, dig_query_t *except_q) {
dig_query_t *q = ISC_LIST_HEAD(l->q);
debug("check_if_queries_done(%p)", l);
while (q != NULL) {
if (!q->started || isc_refcount_current(&q->references) > 1) {
if (!q->canceled && q != except_q) {
debug("there is a pending query %p", q);
return false;
}
}
q = ISC_LIST_NEXT(q, link);
}
return true;
}
static void
_destroy_lookup(dig_lookup_t *lookup) {
dig_server_t *s;
void *ptr;
REQUIRE(lookup != NULL);
REQUIRE(ISC_LIST_EMPTY(lookup->q));
debug("destroy_lookup");
isc_refcount_destroy(&lookup->references);
s = ISC_LIST_HEAD(lookup->my_server_list);
while (s != NULL) {
debug("freeing server %p belonging to %p", s, lookup);
ptr = s;
s = ISC_LIST_NEXT(s, link);
ISC_LIST_DEQUEUE(lookup->my_server_list, (dig_server_t *)ptr,
link);
isc_mem_free(mctx, ptr);
}
if (lookup->sendmsg != NULL) {
dns_message_detach(&lookup->sendmsg);
}
if (lookup->querysig != NULL) {
debug("freeing buffer %p", lookup->querysig);
isc_buffer_free(&lookup->querysig);
}
if (lookup->sendspace != NULL) {
isc_mem_put(mctx, lookup->sendspace, COMMSIZE);
}
if (lookup->tsigctx != NULL) {
dst_context_destroy(&lookup->tsigctx);
}
if (lookup->ecs_addr != NULL) {
isc_mem_put(mctx, lookup->ecs_addr, sizeof(*lookup->ecs_addr));
}
if (lookup->ednsopts != NULL) {
size_t i;
for (i = 0; i < EDNSOPT_OPTIONS; i++) {
if (lookup->ednsopts[i].value != NULL) {
isc_mem_free(mctx, lookup->ednsopts[i].value);
}
}
isc_mem_free(mctx, lookup->ednsopts);
}
if (lookup->https_path) {
isc_mem_free(mctx, lookup->https_path);
}
if (lookup->tls_ctx_cache != NULL) {
isc_tlsctx_cache_detach(&lookup->tls_ctx_cache);
}
if (lookup->tls_ca_file != NULL) {
isc_mem_free(mctx, lookup->tls_ca_file);
}
if (lookup->tls_hostname != NULL) {
isc_mem_free(mctx, lookup->tls_hostname);
}
if (lookup->tls_key_file != NULL) {
isc_mem_free(mctx, lookup->tls_key_file);
}
if (lookup->tls_cert_file != NULL) {
isc_mem_free(mctx, lookup->tls_cert_file);
}
isc_mem_free(mctx, lookup);
}
#define lookup_attach(s, t) _lookup_attach(s, t, __FILE__, __LINE__)
static void
_lookup_attach(dig_lookup_t *lookup, dig_lookup_t **lookupp, const char *file,
unsigned int line) {
REQUIRE(DIG_VALID_LOOKUP(lookup));
REQUIRE(lookupp != NULL && *lookupp == NULL);
debug("%s:%u:lookup_attach(%p) = %" PRIuFAST32, file, line, lookup,
isc_refcount_current(&lookup->references) + 1);
(void)isc_refcount_increment(&lookup->references);
*lookupp = lookup;
}
#define lookup_detach(l) _lookup_detach(l, __FILE__, __LINE__)
static void
_lookup_detach(dig_lookup_t **lookupp, const char *file, unsigned int line) {
REQUIRE(DIG_VALID_LOOKUP(*lookupp));
dig_lookup_t *lookup = *lookupp;
*lookupp = NULL;
debug("%s:%u:lookup_detach(%p) = %" PRIuFAST32, file, line, lookup,
isc_refcount_current(&lookup->references) - 1);
if (isc_refcount_decrement(&lookup->references) == 1) {
_destroy_lookup(lookup);
if (lookup == current_lookup) {
current_lookup = NULL;
start_lookup();
}
}
}
void
destroy_lookup(dig_lookup_t *lookup) {
REQUIRE(DIG_VALID_LOOKUP(lookup));
REQUIRE(isc_refcount_decrement(&lookup->references) == 1);
_destroy_lookup(lookup);
}
/*%
* Destroy a query when we're done with it. WARNING: This routine
* WILL invalidate the query pointer.
*/
static void
destroy_query(dig_query_t *query, const char *file, unsigned int line) {
debug("%s:%u:destroy_query(%p) = %" PRIuFAST32, file, line, query,
isc_refcount_current(&query->references));
isc_refcount_destroy(&query->references);
lookup_detach(&query->lookup);
INSIST(query->recvspace != NULL);
isc_mem_put(mctx, query->recvspace, COMMSIZE);
isc_mem_put(mctx, query->tmpsendspace, COMMSIZE);
query->magic = 0;
isc_mem_free(mctx, query);
}
#define query_attach(s, t) _query_attach(s, t, __FILE__, __LINE__)
static void
_query_attach(dig_query_t *source, dig_query_t **targetp, const char *file,
unsigned int line) {
REQUIRE(DIG_VALID_QUERY(source));
REQUIRE(targetp != NULL && *targetp == NULL);
debug("%s:%u:query_attach(%p) = %" PRIuFAST32, file, line, source,
isc_refcount_current(&source->references) + 1);
(void)isc_refcount_increment(&source->references);
*targetp = source;
}
#define query_detach(q) _query_detach(q, __FILE__, __LINE__)
static void
_query_detach(dig_query_t **queryp, const char *file, unsigned int line) {
dig_query_t *query = NULL;
dig_lookup_t *lookup = NULL;
REQUIRE(DIG_VALID_QUERY(*queryp));
query = *queryp;
*queryp = NULL;
lookup = query->lookup;
if (lookup->current_query == query) {
query_detach(&lookup->current_query);
}
debug("%s:%u:query_detach(%p) = %" PRIuFAST32, file, line, query,
isc_refcount_current(&query->references) - 1);
if (isc_refcount_decrement(&query->references) == 1) {
INSIST(query->readhandle == NULL);
INSIST(query->sendhandle == NULL);
if (ISC_LINK_LINKED(query, link)) {
ISC_LIST_UNLINK(lookup->q, query, link);
}
destroy_query(query, file, line);
}
}
/*%
* If we can, start the next lookup in the queue running.
* This assumes that the lookup on the head of the queue hasn't been
* started yet. It also removes the lookup from the head of the queue,
* setting the current_lookup pointer pointing to it.
*/
void
start_lookup(void) {
debug("start_lookup()");
if (cancel_now) {
return;
}
/*
* If there's a current lookup running, we really shouldn't get
* here.
*/
INSIST(current_lookup == NULL);
current_lookup = ISC_LIST_HEAD(lookup_list);
/*
* Put the current lookup somewhere so cancel_all can find it
*/
if (current_lookup != NULL) {
/*
* Formally, we should attach the lookup to the current_lookup
* and detach it from the lookup_list, but it would be one
* attach and one detach.
*/
ISC_LIST_DEQUEUE(lookup_list, current_lookup, link);
if (setup_lookup(current_lookup)) {
do_lookup(current_lookup);
} else if (next_origin(current_lookup)) {
lookup_detach(&current_lookup);
start_lookup();
}
} else {
check_if_done();
}
}
/*%
* If we can, clear the current lookup and start the next one running.
* (Note that while the reference count of current_lookup may be
* decremented, current_lookup will not be set to NULL.)
*/
static void
clear_current_lookup(void) {
dig_lookup_t *lookup = current_lookup;
INSIST(!free_now);
debug("clear_current_lookup()");
if (lookup == NULL) {
debug("current_lookup is already detached");
return;
}
if (lookup->cleared) {
debug("current_lookup is already cleared");
return;
}
if (ISC_LIST_HEAD(lookup->q) != NULL) {
debug("still have a worker");
return;
}
lookup->cleared = true;
debug("lookup cleared");
lookup_detach(&lookup);
}
/*%
* Create and queue a new lookup as a followup to the current lookup,
* based on the supplied message and section. This is used in trace and
* name server search modes to start a new lookup using servers from
* NS records in a reply. Returns the number of followup lookups made.
*/
static int
followup_lookup(dns_message_t *msg, dig_query_t *query, dns_section_t section) {
dig_lookup_t *lookup = NULL;
dig_server_t *srv = NULL;
dns_rdataset_t *rdataset = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_result_t result = ISC_R_NOMORE;
bool success = false;
int numLookups = 0;
int num;
isc_result_t lresult, addresses_result;
char bad_namestr[DNS_NAME_FORMATSIZE];
dns_name_t *domain;
bool horizontal = false, bad = false;
INSIST(!free_now);
debug("following up %s", query->lookup->textname);
addresses_result = ISC_R_SUCCESS;
bad_namestr[0] = '\0';
MSG_SECTION_FOREACH (msg, section, name) {
if (section == DNS_SECTION_AUTHORITY) {
rdataset = NULL;
result = dns_message_findtype(name, dns_rdatatype_soa,
0, &rdataset);
if (result == ISC_R_SUCCESS) {
return 0;
}
}
rdataset = NULL;
result = dns_message_findtype(name, dns_rdatatype_ns, 0,
&rdataset);
if (result != ISC_R_SUCCESS) {
continue;
}
debug("found NS set");
if (query->lookup->trace && !query->lookup->trace_root) {
dns_namereln_t namereln;
unsigned int nlabels;
int order;
domain = dns_fixedname_name(&query->lookup->fdomain);
namereln = dns_name_fullcompare(name, domain, &order,
&nlabels);
if (namereln == dns_namereln_equal) {
if (!horizontal) {
dighost_warning("BAD (HORIZONTAL) "
"REFERRAL");
}
horizontal = true;
} else if (namereln != dns_namereln_subdomain) {
if (!bad) {
dighost_warning("BAD REFERRAL");
}
bad = true;
continue;
}
}
for (result = dns_rdataset_first(rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(rdataset))
{
char namestr[DNS_NAME_FORMATSIZE];
dns_rdata_ns_t ns;
if (query->lookup->trace_root &&
query->lookup->nsfound >= MXSERV)
{
break;
}
dns_rdataset_current(rdataset, &rdata);
query->lookup->nsfound++;
result = dns_rdata_tostruct(&rdata, &ns, NULL);
check_result(result, "dns_rdata_tostruct");
dns_name_format(&ns.name, namestr, sizeof(namestr));
dns_rdata_freestruct(&ns);
/* Initialize lookup if we've not yet */
debug("found NS %s", namestr);
if (!success) {
success = true;
lookup_counter++;
lookup = requeue_lookup(query->lookup, false);
cancel_lookup(query->lookup);
lookup->doing_xfr = false;
if (!lookup->trace_root &&
section == DNS_SECTION_ANSWER)
{
lookup->trace = false;
} else {
lookup->trace = query->lookup->trace;
}
lookup->ns_search_only =
query->lookup->ns_search_only;
lookup->trace_root = false;
if (lookup->ns_search_only) {
lookup->recurse = false;
}
domain = dns_fixedname_name(&lookup->fdomain);
dns_name_copy(name, domain);
lookup->edns = lookup->original_edns;
}
debug("adding server %s", namestr);
num = getaddresses(lookup, namestr, &lresult);
if (lresult != ISC_R_SUCCESS) {
printf("couldn't get address for '%s': %s\n",
namestr, isc_result_totext(lresult));
if (addresses_result == ISC_R_SUCCESS) {
addresses_result = lresult;
strlcpy(bad_namestr, namestr,
sizeof(bad_namestr));
}
}
numLookups += num;
dns_rdata_reset(&rdata);
}
}
if (numLookups == 0 && addresses_result != ISC_R_SUCCESS) {
fatal("couldn't get address for '%s': %s", bad_namestr,
isc_result_totext(result));
}
if (lookup == NULL && section == DNS_SECTION_ANSWER &&
(query->lookup->trace || query->lookup->ns_search_only))
{
return followup_lookup(msg, query, DNS_SECTION_AUTHORITY);
}
/*
* Randomize the order the nameserver will be tried.
*/
if (numLookups > 1) {
uint32_t i, j;
dig_serverlist_t my_server_list;
dig_server_t *next;
ISC_LIST_INIT(my_server_list);
i = numLookups;
for (srv = ISC_LIST_HEAD(lookup->my_server_list); srv != NULL;
srv = ISC_LIST_HEAD(lookup->my_server_list))
{
INSIST(i > 0);
j = isc_random_uniform(i);
next = ISC_LIST_NEXT(srv, link);
while (j-- > 0 && next != NULL) {
srv = next;
next = ISC_LIST_NEXT(srv, link);
}
ISC_LIST_DEQUEUE(lookup->my_server_list, srv, link);
ISC_LIST_APPEND(my_server_list, srv, link);
i--;
}
ISC_LIST_APPENDLIST(lookup->my_server_list, my_server_list,
link);
}
return numLookups;
}
/*%
* Create and queue a new lookup using the next origin from the search
* list, read in setup_system().
*
* Return true iff there was another searchlist entry.
*/
static bool
next_origin(dig_lookup_t *oldlookup) {
dig_lookup_t *newlookup;
dig_searchlist_t *search;
dns_fixedname_t fixed;
dns_name_t *name;
isc_result_t result;
INSIST(!free_now);
debug("next_origin()");
debug("following up %s", oldlookup->textname);
if (!usesearch) {
/*
* We're not using a search list, so don't even think
* about finding the next entry.
*/
return false;
}
/*
* Check for a absolute name or ndots being met.
*/
name = dns_fixedname_initname(&fixed);
result = dns_name_fromstring(name, oldlookup->textname, NULL, 0, NULL);
if (result == ISC_R_SUCCESS &&
(dns_name_isabsolute(name) ||
(int)dns_name_countlabels(name) > ndots))
{
return false;
}
if (oldlookup->origin == NULL && !oldlookup->need_search) {
/*
* Then we just did rootorg; there's nothing left.
*/
return false;
}
if (oldlookup->origin == NULL && oldlookup->need_search) {
newlookup = requeue_lookup(oldlookup, true);
newlookup->origin = ISC_LIST_HEAD(search_list);
newlookup->need_search = false;
} else {
search = ISC_LIST_NEXT(oldlookup->origin, link);
if (search == NULL && oldlookup->done_as_is) {
return false;
}
newlookup = requeue_lookup(oldlookup, true);
newlookup->origin = search;
}
cancel_lookup(oldlookup);
return true;
}
/*%
* Insert an SOA record into the sendmessage in a lookup. Used for
* creating IXFR queries.
*/
static void
insert_soa(dig_lookup_t *lookup) {
isc_result_t result;
dns_rdata_soa_t soa;
dns_rdata_t *rdata = NULL;
dns_rdatalist_t *rdatalist = NULL;
dns_rdataset_t *rdataset = NULL;
dns_name_t *soaname = NULL;
debug("insert_soa()");
soa.mctx = mctx;
soa.serial = lookup->ixfr_serial;
soa.refresh = 0;
soa.retry = 0;
soa.expire = 0;
soa.minimum = 0;
soa.common.rdclass = lookup->rdclass;
soa.common.rdtype = dns_rdatatype_soa;
dns_name_init(&soa.origin);
dns_name_init(&soa.contact);
dns_name_clone(dns_rootname, &soa.origin);
dns_name_clone(dns_rootname, &soa.contact);
isc_buffer_init(&lookup->rdatabuf, lookup->rdatastore,
sizeof(lookup->rdatastore));
dns_message_gettemprdata(lookup->sendmsg, &rdata);
result = dns_rdata_fromstruct(rdata, lookup->rdclass, dns_rdatatype_soa,
&soa, &lookup->rdatabuf);
check_result(result, "isc_rdata_fromstruct");
dns_message_gettemprdataset(lookup->sendmsg, &rdataset);
dns_message_gettemprdatalist(lookup->sendmsg, &rdatalist);
rdatalist->type = dns_rdatatype_soa;
rdatalist->rdclass = lookup->rdclass;
ISC_LIST_APPEND(rdatalist->rdata, rdata, link);
dns_rdatalist_tordataset(rdatalist, rdataset);
dns_message_gettempname(lookup->sendmsg, &soaname);
dns_name_clone(lookup->name, soaname);
ISC_LIST_INIT(soaname->list);
ISC_LIST_APPEND(soaname->list, rdataset, link);
dns_message_addname(lookup->sendmsg, soaname, DNS_SECTION_AUTHORITY);
}
static void
compute_cookie(unsigned char *clientcookie, size_t len) {
/* XXXMPA need to fix, should be per server. */
INSIST(len >= 8U);
memmove(clientcookie, cookie_secret, 8);
}
#define new_query(l, s, u) _new_query(l, s, u, __FILE__, __LINE__)
static dig_query_t *
_new_query(dig_lookup_t *lookup, char *servname, char *userarg,
const char *file, unsigned int line) {
dig_query_t *query = NULL;
query = isc_mem_allocate(mctx, sizeof(dig_query_t));
debug("create query %p linked to lookup %p", query, lookup);
*query = (dig_query_t){ .sendbuf = lookup->renderbuf,
.servname = servname,
.userarg = userarg,
.warn_id = true,
.recvspace = isc_mem_get(mctx, COMMSIZE),
.tmpsendspace = isc_mem_get(mctx, COMMSIZE) };
lookup_attach(lookup, &query->lookup);
isc_refcount_init(&query->references, 1);
debug("%s:%u:new_query(%p) = %" PRIuFAST32, file, line, query,
isc_refcount_current(&query->references));
if (query->recvspace == NULL) {
fatal("memory allocation failure");
}
if (query->tmpsendspace == NULL) {
fatal("memory allocation failure");
}
isc_time_settoepoch(&query->time_sent);
isc_time_settoepoch(&query->time_recv);
ISC_LINK_INIT(query, clink);
ISC_LINK_INIT(query, link);
query->magic = DIG_QUERY_MAGIC;
return query;
}
/*%
* Setup the supplied lookup structure, making it ready to start sending
* queries to servers. Create and initialize the message to be sent as
* well as the query structures and buffer space for the replies. If the
* server list is empty, clone it from the system default list.
*/
bool
setup_lookup(dig_lookup_t *lookup) {
isc_result_t result;
unsigned int len;
dig_server_t *serv;
dig_query_t *query;
isc_buffer_t b;
dns_compress_t cctx;
char store[MXNAME];
char ecsbuf[20];
char cookiebuf[256];
char *origin = NULL;
char *textname = NULL;
REQUIRE(lookup != NULL);
#ifdef HAVE_LIBIDN2
char idn_origin[MXNAME], idn_textname[MXNAME];
#endif /* HAVE_LIBIDN2 */
INSIST(!free_now);
debug("setup_lookup(%p)", lookup);
dns_message_create(mctx, NULL, NULL, DNS_MESSAGE_INTENTRENDER,
&lookup->sendmsg);
if (lookup->new_search) {
debug("resetting lookup counter.");
lookup_counter = 0;
}
if (ISC_LIST_EMPTY(lookup->my_server_list)) {
debug("cloning server list");
clone_server_list(server_list, &lookup->my_server_list);
}
dns_message_gettempname(lookup->sendmsg, &lookup->name);
/*
* We cannot convert `textname' and `origin' separately.
* `textname' doesn't contain TLD, but local mapping needs
* TLD.
*/
textname = lookup->textname;
#ifdef HAVE_LIBIDN2
if (lookup->idnin) {
idn_input(textname, idn_textname, sizeof(idn_textname));
debug("idn_textname: %s", idn_textname);
textname = idn_textname;
}
#endif /* HAVE_LIBIDN2 */
/*
* If the name has too many dots, force the origin to be NULL
* (which produces an absolute lookup). Otherwise, take the origin
* we have if there's one in the struct already. If it's NULL,
* take the first entry in the searchlist iff either usesearch
* is TRUE or we got a domain line in the resolv.conf file.
*/
if (lookup->new_search) {
if ((count_dots(textname) >= ndots) || !usesearch) {
lookup->origin = NULL; /* Force abs lookup */
lookup->done_as_is = true;
lookup->need_search = usesearch;
} else if (lookup->origin == NULL && usesearch) {
lookup->origin = ISC_LIST_HEAD(search_list);
lookup->need_search = false;
}
}
if (lookup->origin != NULL) {
debug("trying origin %s", lookup->origin->origin);
dns_message_gettempname(lookup->sendmsg, &lookup->oname);
/* XXX Helper funct to conv char* to name? */
origin = lookup->origin->origin;
#ifdef HAVE_LIBIDN2
if (lookup->idnin) {
idn_input(origin, idn_origin, sizeof(idn_origin));
debug("trying idn origin %s", idn_origin);
origin = idn_origin;
}
#endif /* HAVE_LIBIDN2 */
len = (unsigned int)strlen(origin);
isc_buffer_init(&b, origin, len);
isc_buffer_add(&b, len);
result = dns_name_fromtext(lookup->oname, &b, dns_rootname, 0);
if (result != ISC_R_SUCCESS) {
dns_message_puttempname(lookup->sendmsg, &lookup->name);
dns_message_puttempname(lookup->sendmsg,
&lookup->oname);
fatal("'%s' is not in legal name syntax (%s)", origin,
isc_result_totext(result));
}
if (lookup->trace && lookup->trace_root) {
dns_name_clone(dns_rootname, lookup->name);
} else {
dns_fixedname_t fixed;
dns_name_t *name;
name = dns_fixedname_initname(&fixed);
len = (unsigned int)strlen(textname);
isc_buffer_init(&b, textname, len);
isc_buffer_add(&b, len);
result = dns_name_fromtext(name, &b, NULL, 0);
if (result == ISC_R_SUCCESS) {
if (!dns_name_isabsolute(name)) {
result = dns_name_concatenate(
name, lookup->oname,
lookup->name);
} else {
dns_name_copy(name, lookup->name);
}
}
if (result != ISC_R_SUCCESS) {
dns_message_puttempname(lookup->sendmsg,
&lookup->name);
dns_message_puttempname(lookup->sendmsg,
&lookup->oname);
if (result == DNS_R_NAMETOOLONG) {
return false;
}
fatal("'%s' is not in legal name syntax (%s)",
lookup->textname,
isc_result_totext(result));
}
}
dns_message_puttempname(lookup->sendmsg, &lookup->oname);
} else {
debug("using root origin");
if (lookup->trace && lookup->trace_root) {
dns_name_clone(dns_rootname, lookup->name);
} else {
len = (unsigned int)strlen(textname);
isc_buffer_init(&b, textname, len);
isc_buffer_add(&b, len);
result = dns_name_fromtext(lookup->name, &b,
dns_rootname, 0);
if (result != ISC_R_SUCCESS) {
dns_message_puttempname(lookup->sendmsg,
&lookup->name);
warn("'%s' is not a legal name (%s)",
lookup->textname,
isc_result_totext(result));
#if TARGET_OS_IPHONE
clear_current_lookup();
return false;
#else /* if TARGET_OS_IPHONE */
cleanup_openssl_refs();
digexit();
#endif /* if TARGET_OS_IPHONE */
}
}
}
dns_name_format(lookup->name, store, sizeof(store));
dighost_trying(store, lookup);
INSIST(dns_name_isabsolute(lookup->name));
lookup->sendmsg->id = (dns_messageid_t)isc_random16();
lookup->sendmsg->opcode = lookup->opcode;
lookup->msgcounter = 0;
/*
* If this is a trace request, completely disallow recursion after
* looking up the root name servers, since it's meaningless for traces.
*/
if ((lookup->trace || lookup->ns_search_only) && !lookup->trace_root) {
lookup->recurse = false;
}
if (lookup->recurse && lookup->rdtype != dns_rdatatype_axfr &&
lookup->rdtype != dns_rdatatype_ixfr)
{
debug("recursive query");
lookup->sendmsg->flags |= DNS_MESSAGEFLAG_RD;
}
/* XXX aaflag */
if (lookup->aaonly) {
debug("AA query");
lookup->sendmsg->flags |= DNS_MESSAGEFLAG_AA;
}
if (lookup->adflag) {
debug("AD query");
lookup->sendmsg->flags |= DNS_MESSAGEFLAG_AD;
}
if (lookup->cdflag) {
debug("CD query");
lookup->sendmsg->flags |= DNS_MESSAGEFLAG_CD;
}
if (lookup->raflag) {
debug("RA query");
lookup->sendmsg->flags |= DNS_MESSAGEFLAG_RA;
}
if (lookup->tcflag) {
debug("TC query");
lookup->sendmsg->flags |= DNS_MESSAGEFLAG_TC;
}
if (lookup->zflag) {
debug("Z query");
lookup->sendmsg->flags |= 0x0040U;
}
if (lookup->setqid) {
debug("set QID");
lookup->sendmsg->id = lookup->qid;
}
dns_message_addname(lookup->sendmsg, lookup->name,
DNS_SECTION_QUESTION);
if (lookup->trace && lookup->trace_root) {
lookup->qrdtype = lookup->rdtype;
lookup->rdtype = dns_rdatatype_ns;
}
if ((lookup->rdtype == dns_rdatatype_axfr) ||
(lookup->rdtype == dns_rdatatype_ixfr))
{
/*
* Force TCP mode if we're doing an axfr.
*/
if (lookup->rdtype == dns_rdatatype_axfr) {
lookup->doing_xfr = true;
lookup->tcp_mode = true;
} else if (lookup->tcp_mode) {
lookup->doing_xfr = true;
}
}
if (!lookup->header_only) {
add_question(lookup->sendmsg, lookup->name, lookup->rdclass,
lookup->rdtype);
}
/* add_soa */
if (lookup->rdtype == dns_rdatatype_ixfr) {
insert_soa(lookup);
}
/* XXX Insist this? */
lookup->tsigctx = NULL;
lookup->querysig = NULL;
if (tsigkey != NULL) {
debug("initializing keys");
result = dns_message_settsigkey(lookup->sendmsg, tsigkey);
check_result(result, "dns_message_settsigkey");
} else if (sig0key != NULL) {
debug("initializing keys");
result = dns_message_setsig0key(lookup->sendmsg, sig0key);
check_result(result, "dns_message_setsig0key");
}
if (lookup->fuzzing) {
lookup->sendmsg->fuzzing = true;
lookup->sendmsg->fuzztime = lookup->fuzztime;
}
lookup->sendspace = isc_mem_get(mctx, COMMSIZE);
dns_compress_init(&cctx, mctx, 0);
debug("starting to render the message");
isc_buffer_init(&lookup->renderbuf, lookup->sendspace, COMMSIZE);
result = dns_message_renderbegin(lookup->sendmsg, &cctx,
&lookup->renderbuf);
check_result(result, "dns_message_renderbegin");
if (lookup->udpsize > -1 || lookup->dnssec || lookup->edns > -1 ||
lookup->ecs_addr != NULL)
{
#define MAXOPTS (EDNSOPT_OPTIONS + DNS_EDNSOPTIONS)
dns_ednsopt_t opts[MAXOPTS];
unsigned int flags;
unsigned int i = 0;
/*
* There can't be more than MAXOPTS options to send:
* a maximum of EDNSOPT_OPTIONS set by +ednsopt
* and DNS_EDNSOPTIONS set by other arguments
* (+nsid, +cookie, etc).
*/
if (lookup->udpsize < 0) {
lookup->udpsize = DEFAULT_EDNS_BUFSIZE;
}
if (lookup->edns < 0) {
lookup->original_edns = lookup->edns =
DEFAULT_EDNS_VERSION;
}
if (lookup->nsid) {
INSIST(i < MAXOPTS);
opts[i].code = DNS_OPT_NSID;
opts[i].length = 0;
opts[i].value = NULL;
i++;
}
if (lookup->ecs_addr != NULL) {
uint8_t addr[16];
uint16_t family = 0;
uint32_t plen;
struct sockaddr *sa;
struct sockaddr_in *sin;
struct sockaddr_in6 *sin6;
size_t addrl;
sa = &lookup->ecs_addr->type.sa;
plen = lookup->ecs_addr->length;
/* Round up prefix len to a multiple of 8 */
addrl = (plen + 7) / 8;
INSIST(i < MAXOPTS);
opts[i].code = DNS_OPT_CLIENT_SUBNET;
opts[i].length = (uint16_t)addrl + 4;
check_result(result, "isc_buffer_allocate");
/*
* XXXMUKS: According to RFC7871, "If there is
* no ADDRESS set, i.e., SOURCE PREFIX-LENGTH is
* set to 0, then FAMILY SHOULD be set to the
* transport over which the query is sent."
*
* However, at this point we don't know what
* transport(s) we'll be using, so we can't
* set the value now. For now, we're using
* IPv4 as the default the +subnet option
* used an IPv4 prefix, or for +subnet=0,
* and IPv6 if the +subnet option used an
* IPv6 prefix.
*
* (For future work: preserve the offset into
* the buffer where the family field is;
* that way we can update it in start_udp()
* or start_tcp() once we know
* what it outght to be.)
*/
switch (sa->sa_family) {
case AF_UNSPEC:
INSIST(plen == 0);
family = 1;
break;
case AF_INET:
INSIST(plen <= 32);
family = 1;
sin = (struct sockaddr_in *)sa;
memmove(addr, &sin->sin_addr, addrl);
break;
case AF_INET6:
INSIST(plen <= 128);
family = 2;
sin6 = (struct sockaddr_in6 *)sa;
memmove(addr, &sin6->sin6_addr, addrl);
break;
default:
UNREACHABLE();
}
isc_buffer_init(&b, ecsbuf, sizeof(ecsbuf));
/* family */
isc_buffer_putuint16(&b, family);
/* source prefix-length */
isc_buffer_putuint8(&b, plen);
/* scope prefix-length */
isc_buffer_putuint8(&b, 0);
/* address */
if (addrl > 0) {
/* Mask off last address byte */
if ((plen % 8) != 0) {
addr[addrl - 1] &= ~0U
<< (8 - (plen % 8));
}
isc_buffer_putmem(&b, addr,
(unsigned int)addrl);
}
opts[i].value = (uint8_t *)ecsbuf;
i++;
}
if (lookup->sendcookie) {
INSIST(i < MAXOPTS);
opts[i].code = DNS_OPT_COOKIE;
if (lookup->cookie != NULL) {
isc_buffer_init(&b, cookiebuf,
sizeof(cookiebuf));
result = isc_hex_decodestring(lookup->cookie,
&b);
check_result(result, "isc_hex_decodestring");
opts[i].value = isc_buffer_base(&b);
opts[i].length = isc_buffer_usedlength(&b);
} else {
compute_cookie(cookie, sizeof(cookie));
opts[i].length = 8;
opts[i].value = cookie;
}
i++;
}
if (lookup->expire) {
INSIST(i < MAXOPTS);
opts[i].code = DNS_OPT_EXPIRE;
opts[i].length = 0;
opts[i].value = NULL;
i++;
}
if (lookup->tcp_keepalive) {
INSIST(i < MAXOPTS);
opts[i].code = DNS_OPT_TCP_KEEPALIVE;
opts[i].length = 0;
opts[i].value = NULL;
i++;
}
if (lookup->zoneversion) {
INSIST(i < MAXOPTS);
opts[i].code = DNS_OPT_ZONEVERSION;
opts[i].length = 0;
opts[i].value = NULL;
i++;
}
if (lookup->ednsoptscnt != 0) {
INSIST(i + lookup->ednsoptscnt <= MAXOPTS);
memmove(&opts[i], lookup->ednsopts,
sizeof(dns_ednsopt_t) * lookup->ednsoptscnt);
i += lookup->ednsoptscnt;
}
if (lookup->padding != 0 && (i >= MAXOPTS)) {
debug("turned off padding because of EDNS overflow");
lookup->padding = 0;
}
if (lookup->padding != 0) {
INSIST(i < MAXOPTS);
opts[i].code = DNS_OPT_PAD;
opts[i].length = 0;
opts[i].value = NULL;
i++;
dns_message_setpadding(lookup->sendmsg,
lookup->padding);
}
flags = lookup->ednsflags;
flags &= ~DNS_MESSAGEEXTFLAG_DO;
if (lookup->dnssec) {
flags |= DNS_MESSAGEEXTFLAG_DO;
}
add_opt(lookup->sendmsg, lookup->udpsize, lookup->edns, flags,
opts, i);
}
result = dns_message_rendersection(lookup->sendmsg,
DNS_SECTION_QUESTION, 0);
check_result(result, "dns_message_rendersection");
result = dns_message_rendersection(lookup->sendmsg,
DNS_SECTION_AUTHORITY, 0);
check_result(result, "dns_message_rendersection");
result = dns_message_renderend(lookup->sendmsg);
check_result(result, "dns_message_renderend");
debug("done rendering");
dns_compress_invalidate(&cctx);
/*
* Force TCP mode if the request is larger than 512 bytes.
*/
if (isc_buffer_usedlength(&lookup->renderbuf) > 512) {
lookup->tcp_mode = true;
}
lookup->pending = false;
for (serv = ISC_LIST_HEAD(lookup->my_server_list); serv != NULL;
serv = ISC_LIST_NEXT(serv, link))
{
query = new_query(lookup, serv->servername, serv->userarg);
ISC_LIST_ENQUEUE(lookup->q, query, link);
}
return true;
}
/*%
* NSSEARCH mode special mode handling function to start the next query in the
* list. The lookup lock must be held by the caller. The function will detach
* both the lookup and the query, and may cancel the lookup and clear the
* current lookup.
*/
static void
nssearch_next(dig_lookup_t *l, dig_query_t *q) {
dig_query_t *next = ISC_LIST_NEXT(q, link);
bool tcp_mode = l->tcp_mode;
INSIST(l->ns_search_only && !l->trace_root);
INSIST(l == current_lookup);
if (next == NULL) {
/*
* If this is the last query, and if there was
* not a single successful query in the whole
* lookup, then treat the situation as an error,
* cancel and clear the lookup.
*/
if (check_if_queries_done(l, q) && !l->ns_search_success) {
dighost_error("NS servers could not be reached");
if (exitcode < 9) {
exitcode = 9;
}
cancel_lookup(l);
query_detach(&q);
lookup_detach(&l);
clear_current_lookup();
} else {
query_detach(&q);
lookup_detach(&l);
}
} else {
query_detach(&q);
lookup_detach(&l);
debug("sending next, since searching");
if (tcp_mode) {
start_tcp(next);
} else {
start_udp(next);
}
}
}
/*%
* Event handler for send completion. Track send counter, and clear out
* the query if the send was canceled.
*/
static void
send_done(isc_nmhandle_t *handle, isc_result_t eresult, void *arg) {
dig_query_t *query = (dig_query_t *)arg;
dig_lookup_t *l = NULL;
REQUIRE(DIG_VALID_QUERY(query));
INSIST(query->sendhandle != NULL);
INSIST(handle == query->sendhandle);
debug("send_done(%p, %s, %p)", handle, isc_result_totext(eresult), arg);
isc_refcount_decrement0(&sendcount);
debug("sendcount=%" PRIuFAST32, isc_refcount_current(&sendcount));
INSIST(!free_now);
isc_nmhandle_detach(&query->sendhandle);
lookup_attach(query->lookup, &l);
if (eresult == ISC_R_CANCELED || query->canceled) {
debug("send_done: cancel");
if (!query->canceled) {
cancel_lookup(l);
}
query_detach(&query);
lookup_detach(&l);
return;
} else if (eresult != ISC_R_SUCCESS) {
debug("send failed: %s", isc_result_totext(eresult));
}
if (l->ns_search_only && !l->trace_root) {
nssearch_next(l, query);
} else {
query_detach(&query);
lookup_detach(&l);
}
check_if_done();
}
/*%
* Cancel a lookup, sending canceling reads on all existing sockets.
*/
static void
_cancel_lookup(dig_lookup_t *lookup, const char *file, unsigned int line) {
dig_query_t *query, *next;
debug("%s:%u:%s()", file, line, __func__);
query = ISC_LIST_HEAD(lookup->q);
while (query != NULL) {
REQUIRE(DIG_VALID_QUERY(query));
next = ISC_LIST_NEXT(query, link);
ISC_LIST_DEQUEUE(lookup->q, query, link);
debug("canceling pending query %p, belonging to %p", query,
query->lookup);
query->canceled = true;
if (query->readhandle != NULL &&
!isc_nm_is_http_handle(query->readhandle))
{
isc_nm_cancelread(query->readhandle);
}
query_detach(&query);
query = next;
}
lookup->pending = false;
lookup->retries = 0;
check_if_done();
}
static inline const char *
get_tls_sni_hostname(dig_query_t *query) {
return query->lookup->tls_hostname_set ? query->lookup->tls_hostname
: query->userarg;
}
static isc_tlsctx_t *
get_create_tls_context(dig_query_t *query, const bool is_https,
isc_tlsctx_client_session_cache_t **psess_cache) {
isc_result_t result;
isc_tlsctx_t *ctx = NULL, *found_ctx = NULL;
isc_tls_cert_store_t *store = NULL, *found_store = NULL;
char tlsctxname[ISC_SOCKADDR_FORMATSIZE];
const uint16_t family = isc_sockaddr_pf(&query->sockaddr) == PF_INET6
? AF_INET6
: AF_INET;
isc_tlsctx_cache_transport_t transport =
is_https ? isc_tlsctx_cache_https : isc_tlsctx_cache_tls;
const bool hostname_ignore_subject = !is_https;
isc_tlsctx_client_session_cache_t *sess_cache = NULL,
*found_sess_cache = NULL;
if (query->lookup->tls_key_file_set != query->lookup->tls_cert_file_set)
{
return NULL;
}
isc_sockaddr_format(&query->sockaddr, tlsctxname, sizeof(tlsctxname));
result = isc_tlsctx_cache_find(query->lookup->tls_ctx_cache, tlsctxname,
transport, family, &found_ctx,
&found_store, &found_sess_cache);
if (result != ISC_R_SUCCESS) {
if (query->lookup->tls_ca_set) {
if (found_store == NULL) {
result = isc_tls_cert_store_create(
query->lookup->tls_ca_file, &store);
if (result != ISC_R_SUCCESS) {
goto failure;
}
} else {
store = found_store;
}
}
result = isc_tlsctx_createclient(&ctx);
if (result != ISC_R_SUCCESS) {
goto failure;
}
if (store != NULL) {
const char *hostname = get_tls_sni_hostname(query);
/*
* According to RFC 8310, Subject field MUST NOT be
* inspected when verifying hostname for DoT. Only
* SubjectAltName must be checked. That is NOT the case
* for HTTPS.
*/
result = isc_tlsctx_enable_peer_verification(
ctx, false, store, hostname,
hostname_ignore_subject);
if (result != ISC_R_SUCCESS) {
goto failure;
}
}
if (query->lookup->tls_key_file_set &&
query->lookup->tls_cert_file_set)
{
result = isc_tlsctx_load_certificate(
ctx, query->lookup->tls_key_file,
query->lookup->tls_cert_file);
if (result != ISC_R_SUCCESS) {
goto failure;
}
}
if (!is_https) {
isc_tlsctx_enable_dot_client_alpn(ctx);
}
#if HAVE_LIBNGHTTP2
if (is_https) {
isc_tlsctx_enable_http2client_alpn(ctx);
}
#endif /* HAVE_LIBNGHTTP2 */
isc_tlsctx_client_session_cache_create(
mctx, ctx, ISC_TLSCTX_CLIENT_SESSION_CACHE_DEFAULT_SIZE,
&sess_cache);
result = isc_tlsctx_cache_add(
query->lookup->tls_ctx_cache, tlsctxname, transport,
family, ctx, store, sess_cache, NULL, NULL, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (psess_cache != NULL) {
INSIST(*psess_cache == NULL);
*psess_cache = sess_cache;
}
return ctx;
}
if (psess_cache != NULL) {
INSIST(*psess_cache == NULL);
*psess_cache = found_sess_cache;
}
INSIST(!query->lookup->tls_ca_set || found_store != NULL);
return found_ctx;
failure:
if (ctx != NULL) {
isc_tlsctx_free(&ctx);
}
/*
* The 'found_store' is being managed by the TLS context
* cache. Thus, we should keep it as it is, as it will get
* destroyed alongside the cache. As there is one store per
* multiple TLS contexts, we need to handle store deletion in a
* special way.
*/
if (store != NULL && store != found_store) {
isc_tls_cert_store_free(&store);
}
return NULL;
}
static void
tcp_connected(isc_nmhandle_t *handle, isc_result_t eresult, void *arg);
/*%
* Unlike start_udp, this can't be called multiple times with the same
* query. When we retry TCP, we requeue the whole lookup, which should
* start anew.
*/
static void
start_tcp(dig_query_t *query) {
isc_result_t result;
dig_query_t *next = NULL;
dig_query_t *connectquery = NULL;
isc_tlsctx_t *tlsctx = NULL;
bool tls_mode = false;
isc_tlsctx_client_session_cache_t *sess_cache = NULL;
int local_timeout;
isc_nm_proxy_type_t proxy_type = ISC_NM_PROXY_NONE;
isc_nm_proxyheader_info_t proxy_info = { 0 };
isc_nm_proxyheader_info_t *ppi = NULL;
REQUIRE(DIG_VALID_QUERY(query));
debug("start_tcp(%p)", query);
query_attach(query, &query->lookup->current_query);
tls_mode = dig_lookup_is_tls(query->lookup);
/*
* For TLS connections, we want to override the default
* port number.
*/
if (!port_set) {
if (tls_mode) {
port = 853;
} else if (query->lookup->https_mode &&
!query->lookup->http_plain)
{
port = 443;
} else if (query->lookup->https_mode) {
port = 80;
} else {
port = 53;
}
}
debug("query->servname = %s\n", query->servname);
result = get_address(query->servname, port, &query->sockaddr);
if (result != ISC_R_SUCCESS) {
/*
* This servname doesn't have an address. Try the next server
* by triggering an immediate 'timeout' (we lie, but the effect
* is the same).
*/
force_next(query);
return;
}
if (isc_sockaddr_pf(&query->sockaddr) == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&query->sockaddr.type.sin6.sin6_addr))
{
isc_netaddr_t netaddr;
char buf[ISC_NETADDR_FORMATSIZE];
isc_netaddr_fromsockaddr(&netaddr, &query->sockaddr);
isc_netaddr_format(&netaddr, buf, sizeof(buf));
dighost_warning("Skipping mapped address '%s'", buf);
if (ISC_LINK_LINKED(query, link)) {
next = ISC_LIST_NEXT(query, link);
} else {
next = NULL;
}
query_detach(&query);
if (next == NULL) {
dighost_warning("No acceptable nameservers");
clear_current_lookup();
} else {
start_tcp(next);
}
return;
}
INSIST(query->handle == NULL);
if (keep != NULL && isc_sockaddr_equal(&keepaddr, &query->sockaddr)) {
query->handle = keep;
launch_next_query(query);
query_detach(&query);
return;
} else if (keep != NULL) {
isc_nmhandle_detach(&keep);
}
if (timeout != 0) {
local_timeout = timeout * 1000;
} else {
local_timeout = TCP_TIMEOUT * 1000;
}
if (!specified_source) {
if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) && have_ipv4)
{
isc_sockaddr_any(&localaddr);
} else {
isc_sockaddr_any6(&localaddr);
}
}
if (query->lookup->proxy_mode) {
proxy_type = ISC_NM_PROXY_PLAIN;
if ((tls_mode || (query->lookup->https_mode &&
!query->lookup->http_plain)) &&
!query->lookup->proxy_plain)
{
proxy_type = ISC_NM_PROXY_ENCRYPTED;
}
if (!query->lookup->proxy_local) {
isc_nm_proxyheader_info_init(
&proxy_info, &query->lookup->proxy_src_addr,
&query->lookup->proxy_dst_addr, NULL);
ppi = &proxy_info;
}
}
REQUIRE(query != NULL);
query_attach(query, &connectquery);
if (tls_mode) {
tlsctx = get_create_tls_context(connectquery, false,
&sess_cache);
if (tlsctx == NULL) {
goto failure_tls;
}
isc_nm_streamdnsconnect(netmgr, &localaddr, &query->sockaddr,
tcp_connected, connectquery,
local_timeout, tlsctx,
get_tls_sni_hostname(query), sess_cache,
proxy_type, ppi);
#if HAVE_LIBNGHTTP2
} else if (query->lookup->https_mode) {
char uri[4096] = { 0 };
isc_nm_http_makeuri(!query->lookup->http_plain,
&query->sockaddr, query->userarg, port,
query->lookup->https_path, uri,
sizeof(uri));
if (!query->lookup->http_plain) {
tlsctx = get_create_tls_context(connectquery, true,
&sess_cache);
if (tlsctx == NULL) {
goto failure_tls;
}
}
isc_nm_httpconnect(netmgr, &localaddr, &query->sockaddr, uri,
!query->lookup->https_get, tcp_connected,
connectquery, tlsctx,
get_tls_sni_hostname(query), sess_cache,
local_timeout, proxy_type, ppi);
#endif
} else {
isc_nm_streamdnsconnect(netmgr, &localaddr, &query->sockaddr,
tcp_connected, connectquery,
local_timeout, NULL, NULL, NULL,
proxy_type, ppi);
}
return;
failure_tls:
if (query->lookup->tls_key_file_set != query->lookup->tls_cert_file_set)
{
dighost_warning(
"both TLS client certificate and key file must be "
"specified a the same time");
} else {
dighost_warning("TLS context cannot be created");
}
if (ISC_LINK_LINKED(query, link)) {
next = ISC_LIST_NEXT(query, link);
} else {
next = NULL;
}
query_detach(&connectquery);
query_detach(&query);
if (next == NULL) {
clear_current_lookup();
} else {
start_tcp(next);
}
}
static void
print_query_size(dig_query_t *query) {
if (!yaml) {
printf(";; QUERY SIZE: %u\n\n",
isc_buffer_usedlength(&query->lookup->renderbuf));
}
}
static void
send_udp(dig_query_t *query) {
dig_query_t *sendquery = NULL;
isc_region_t r;
query_attach(query, &sendquery);
isc_buffer_usedregion(&query->sendbuf, &r);
debug("sending a request");
if (query->lookup->use_usec) {
query->time_sent = isc_time_now_hires();
} else {
query->time_sent = isc_time_now();
}
isc_nmhandle_attach(query->handle, &query->sendhandle);
isc_nm_send(query->handle, &r, send_done, sendquery);
isc_refcount_increment0(&sendcount);
debug("sendcount=%" PRIuFAST32, isc_refcount_current(&sendcount));
/* XXX qrflag, print_query, etc... */
if (query->lookup->qr) {
extrabytes = 0;
dighost_printmessage(query, &query->lookup->renderbuf,
query->lookup->sendmsg, true);
if (query->lookup->stats) {
print_query_size(query);
}
}
}
static void
udp_ready(isc_nmhandle_t *handle, isc_result_t eresult, void *arg) {
dig_query_t *query = (dig_query_t *)arg;
dig_query_t *next = NULL;
char sockstr[ISC_SOCKADDR_FORMATSIZE];
dig_lookup_t *l = NULL;
dig_query_t *readquery = NULL;
int local_timeout = timeout * 1000;
REQUIRE(DIG_VALID_QUERY(query));
REQUIRE(query->handle == NULL);
debug("udp_ready()");
query->started = true;
if (cancel_now) {
query_detach(&query);
return;
}
INSIST(!free_now);
debug("udp_ready(%p, %s, %p)", handle, isc_result_totext(eresult),
query);
lookup_attach(query->lookup, &l);
if (eresult == ISC_R_CANCELED || query->canceled) {
debug("in cancel handler");
if (!query->canceled) {
cancel_lookup(l);
}
query_detach(&query);
lookup_detach(&l);
clear_current_lookup();
return;
}
if (eresult != ISC_R_SUCCESS) {
debug("udp setup failed: %s", isc_result_totext(eresult));
isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
dighost_warning("UDP setup with %s(%s) for %s failed: %s.",
sockstr, query->servname, l->textname,
isc_result_totext(eresult));
/*
* NSSEARCH mode: if the current query failed to start properly,
* then send_done() will not be called, and we want to make sure
* that the next query gets a chance to start in order to not
* break the chain.
*/
if (l->ns_search_only && !l->trace_root) {
nssearch_next(l, query);
check_if_done();
return;
}
if (exitcode < 9) {
exitcode = 9;
}
if (l->retries > 1) {
l->retries--;
debug("making new UDP request, %d tries left",
l->retries);
requeue_lookup(l, true);
next = NULL;
} else if ((l->current_query != NULL) &&
(ISC_LINK_LINKED(l->current_query, link)))
{
next = ISC_LIST_NEXT(l->current_query, link);
} else {
next = NULL;
}
query_detach(&query);
if (next == NULL) {
cancel_lookup(l);
}
lookup_detach(&l);
if (next != NULL) {
start_udp(next);
check_if_done();
} else {
dighost_error("no servers could be reached");
clear_current_lookup();
}
return;
}
exitcode = 0;
query_attach(query, &readquery);
debug("recving with lookup=%p, query=%p, handle=%p", query->lookup,
query, handle);
query->handle = handle;
isc_nmhandle_attach(handle, &query->readhandle);
isc_refcount_increment0(&recvcount);
debug("recvcount=%" PRIuFAST32, isc_refcount_current(&recvcount));
if (local_timeout == 0) {
local_timeout = UDP_TIMEOUT * 1000;
}
debug("have local timeout of %d", local_timeout);
isc_nmhandle_settimeout(handle, local_timeout);
isc_nm_read(handle, recv_done, readquery);
send_udp(readquery);
query_detach(&query);
lookup_detach(&l);
}
/*%
* Send a UDP packet to the remote nameserver, possible starting the
* recv action as well. Also make sure that the timer is running and
* is properly reset.
*/
static void
start_udp(dig_query_t *query) {
isc_result_t result;
dig_query_t *next = NULL;
dig_query_t *connectquery = NULL;
REQUIRE(DIG_VALID_QUERY(query));
debug("start_udp(%p)", query);
query_attach(query, &query->lookup->current_query);
debug("working on lookup %p, query %p", query->lookup, query);
if (query->handle != NULL) {
launch_next_query(query);
query_detach(&query);
return;
}
if (!port_set) {
port = 53;
}
result = get_address(query->servname, port, &query->sockaddr);
if (result != ISC_R_SUCCESS) {
/* This servname doesn't have an address. */
force_next(query);
return;
}
if (isc_sockaddr_pf(&query->sockaddr) == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&query->sockaddr.type.sin6.sin6_addr))
{
isc_netaddr_t netaddr;
char buf[ISC_NETADDR_FORMATSIZE];
isc_netaddr_fromsockaddr(&netaddr, &query->sockaddr);
isc_netaddr_format(&netaddr, buf, sizeof(buf));
dighost_warning("Skipping mapped address '%s'", buf);
next = ISC_LIST_NEXT(query, link);
query_detach(&query);
if (next == NULL) {
dighost_warning("No acceptable nameservers");
clear_current_lookup();
} else {
start_udp(next);
}
return;
}
if (!specified_source) {
if ((isc_sockaddr_pf(&query->sockaddr) == AF_INET) && have_ipv4)
{
isc_sockaddr_any(&localaddr);
} else {
isc_sockaddr_any6(&localaddr);
}
}
query_attach(query, &connectquery);
if (query->lookup->proxy_mode) {
isc_nm_proxyheader_info_t proxy_info = { 0 };
isc_nm_proxyheader_info_t *ppi = NULL;
if (!query->lookup->proxy_local) {
isc_nm_proxyheader_info_init(
&proxy_info, &query->lookup->proxy_src_addr,
&query->lookup->proxy_dst_addr, NULL);
ppi = &proxy_info;
}
isc_nm_proxyudpconnect(netmgr, &localaddr, &query->sockaddr,
udp_ready, connectquery,
(timeout ? timeout : UDP_TIMEOUT) * 1000,
ppi);
} else {
isc_nm_udpconnect(netmgr, &localaddr, &query->sockaddr,
udp_ready, connectquery,
(timeout ? timeout : UDP_TIMEOUT) * 1000);
}
}
/*%
* If there are more servers available for querying within 'lookup', initiate a
* TCP or UDP query to the next available server and return true; otherwise,
* return false.
*/
static bool
try_next_server(dig_lookup_t *lookup) {
dig_query_t *current_query, *next_query;
current_query = lookup->current_query;
if (current_query == NULL || !ISC_LINK_LINKED(current_query, link)) {
return false;
}
next_query = ISC_LIST_NEXT(current_query, link);
if (next_query == NULL) {
return false;
}
debug("trying next server...");
if (lookup->tcp_mode) {
start_tcp(next_query);
} else {
start_udp(next_query);
}
return true;
}
static void
force_next(dig_query_t *query) {
dig_lookup_t *l = NULL;
REQUIRE(DIG_VALID_QUERY(query));
debug("force_next()");
INSIST(!free_now);
if (cancel_now) {
return;
}
lookup_attach(query->lookup, &l);
if (try_next_server(l)) {
lookup_detach(&l);
return;
}
if (l->retries > 1) {
l->retries--;
debug("making new %s request, %d tries left",
l->tcp_mode ? "TCP" : "UDP", l->retries);
requeue_lookup(l, true);
lookup_detach(&l);
isc_refcount_decrement0(&recvcount);
debug("recvcount=%" PRIuFAST32,
isc_refcount_current(&recvcount));
query_detach(&query);
clear_current_lookup();
return;
}
if (query->readhandle != NULL) {
isc_refcount_decrement0(&recvcount);
debug("recvcount=%" PRIuFAST32,
isc_refcount_current(&recvcount));
}
if (l->ns_search_only) {
isc_netaddr_t netaddr;
char buf[ISC_NETADDR_FORMATSIZE];
isc_netaddr_fromsockaddr(&netaddr, &query->sockaddr);
isc_netaddr_format(&netaddr, buf, sizeof(buf));
dighost_error("no response from %s", buf);
} else {
printf("%s", l->cmdline);
dighost_error("no servers could be reached");
}
if (exitcode < 9) {
exitcode = 9;
}
query_detach(&query);
cancel_lookup(l);
lookup_detach(&l);
clear_current_lookup();
}
/*%
* For transfers that involve multiple recvs (XFR's in particular),
* launch the next recv.
*/
static void
launch_next_query(dig_query_t *query) {
dig_query_t *readquery = NULL;
int local_timeout = timeout * 1000;
dig_lookup_t *l = NULL;
isc_region_t r;
bool xfr;
REQUIRE(DIG_VALID_QUERY(query));
INSIST(!free_now);
debug("launch_next_query()");
lookup_attach(query->lookup, &l);
if (!l->pending) {
debug("ignoring launch_next_query because !pending");
query_detach(&query);
lookup_detach(&l);
clear_current_lookup();
return;
}
isc_nmhandle_attach(query->handle, &query->readhandle);
isc_refcount_increment0(&recvcount);
debug("recvcount=%" PRIuFAST32, isc_refcount_current(&recvcount));
if (local_timeout == 0) {
local_timeout = TCP_TIMEOUT * 1000;
}
debug("have local timeout of %d", local_timeout);
isc_nmhandle_settimeout(query->handle, local_timeout);
xfr = query->lookup->rdtype == dns_rdatatype_ixfr ||
query->lookup->rdtype == dns_rdatatype_axfr;
if (xfr &&
isc_nm_socket_type(query->handle) == isc_nm_streamdnssocket &&
query->lookup->tls_mode)
{
isc_result_t result = isc_nm_xfr_checkperm(query->handle);
if (result != ISC_R_SUCCESS) {
dighost_error("zone transfers over the established TLS "
"connection are not allowed: %s",
isc_result_totext(result));
isc_refcount_decrement0(&recvcount);
isc_nmhandle_detach(&query->readhandle);
cancel_lookup(l);
lookup_detach(&l);
clear_current_lookup();
return;
}
}
query_attach(query, &readquery);
isc_nm_read(query->handle, recv_done, readquery);
if (!query->first_soa_rcvd) {
dig_query_t *sendquery = NULL;
debug("sending a request in launch_next_query");
if (query->lookup->use_usec) {
query->time_sent = isc_time_now_hires();
} else {
query->time_sent = isc_time_now();
}
query_attach(query, &sendquery);
isc_buffer_usedregion(&query->sendbuf, &r);
if (keep != NULL) {
query->handle = keep;
}
isc_nmhandle_attach(query->handle, &query->sendhandle);
isc_nm_send(query->handle, &r, send_done, sendquery);
isc_refcount_increment0(&sendcount);
debug("sendcount=%" PRIuFAST32,
isc_refcount_current(&sendcount));
/* XXX qrflag, print_query, etc... */
if (l->qr) {
extrabytes = 0;
dighost_printmessage(query, &l->renderbuf, l->sendmsg,
true);
if (l->stats) {
print_query_size(query);
}
}
}
lookup_detach(&l);
return;
}
/*%
* Event handler for TCP connect complete. Make sure the connection was
* successful, then pass into launch_next_query to actually send the
* question.
*/
static void
tcp_connected(isc_nmhandle_t *handle, isc_result_t eresult, void *arg) {
dig_query_t *query = (dig_query_t *)arg;
dig_query_t *next = NULL;
char sockstr[ISC_SOCKADDR_FORMATSIZE];
dig_lookup_t *l = NULL;
REQUIRE(DIG_VALID_QUERY(query));
REQUIRE(query->handle == NULL);
debug("tcp_connected()");
query->started = true;
if (cancel_now) {
query_detach(&query);
return;
}
INSIST(!free_now);
debug("tcp_connected(%p, %s, %p)", handle, isc_result_totext(eresult),
query);
if (eresult == ISC_R_SHUTTINGDOWN) {
query_detach(&query);
cancel_all();
return;
}
lookup_attach(query->lookup, &l);
if (eresult == ISC_R_CANCELED || eresult == ISC_R_TLSBADPEERCERT ||
query->canceled)
{
debug("in cancel handler");
isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
if (eresult == ISC_R_TLSBADPEERCERT) {
dighost_warning(
"TLS peer certificate verification for "
"%s failed: %s",
sockstr,
isc_nm_verify_tls_peer_result_string(handle));
} else if (query->lookup->rdtype == dns_rdatatype_ixfr ||
query->lookup->rdtype == dns_rdatatype_axfr)
{
puts("; Transfer failed.");
}
if (!query->canceled) {
cancel_lookup(l);
}
query_detach(&query);
lookup_detach(&l);
clear_current_lookup();
return;
}
if (eresult != ISC_R_SUCCESS) {
debug("unsuccessful connection: %s",
isc_result_totext(eresult));
isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
dighost_warning("Connection to %s(%s) for %s failed: %s.",
sockstr, query->servname, l->textname,
isc_result_totext(eresult));
/*
* NSSEARCH mode: if the current query failed to start properly,
* then send_done() will not be called, and we want to make sure
* that the next query gets a chance to start in order to not
* break the chain.
*/
if (l->ns_search_only && !l->trace_root) {
nssearch_next(l, query);
check_if_done();
return;
}
/* XXX Clean up exitcodes */
if (exitcode < 9) {
exitcode = 9;
}
if (l->retries > 1) {
l->retries--;
debug("making new TCP request, %d tries left",
l->retries);
requeue_lookup(l, true);
next = NULL;
} else if ((l->current_query != NULL) &&
(ISC_LINK_LINKED(l->current_query, link)))
{
next = ISC_LIST_NEXT(l->current_query, link);
} else {
next = NULL;
}
query_detach(&query);
if (next == NULL) {
cancel_lookup(l);
}
lookup_detach(&l);
if (next != NULL) {
start_tcp(next);
check_if_done();
} else {
dighost_error("no servers could be reached");
clear_current_lookup();
}
return;
}
exitcode = 0;
query->handle = handle;
if (keep_open) {
keepaddr = query->sockaddr;
if (keep != NULL) {
isc_nmhandle_detach(&keep);
}
isc_nmhandle_attach(handle, &keep);
}
launch_next_query(query);
query_detach(&query);
lookup_detach(&l);
}
/*%
* Check if the ongoing XFR needs more data before it's complete, using
* the semantics of IXFR and AXFR protocols. Much of the complexity of
* this routine comes from determining when an IXFR is complete.
* false means more data is on the way, and the recv has been issued.
*/
static bool
check_for_more_data(dig_lookup_t *lookup, dig_query_t *query,
dns_message_t *msg, isc_sockaddr_t *peer, int len) {
dns_rdataset_t *rdataset = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_soa_t soa;
uint32_t ixfr_serial = lookup->ixfr_serial, serial;
isc_result_t result;
bool ixfr = lookup->rdtype == dns_rdatatype_ixfr;
bool axfr = lookup->rdtype == dns_rdatatype_axfr;
if (ixfr) {
axfr = query->ixfr_axfr;
}
debug("check_for_more_data()");
/*
* By the time we're in this routine, we know we're doing
* either an AXFR or IXFR. If there's no second_rr_type,
* then we don't yet know which kind of answer we got back
* from the server. Here, we're going to walk through the
* rr's in the message, acting as necessary whenever we hit
* an SOA rr.
*/
query->msg_count++;
query->byte_count += len;
if (ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
puts("; Transfer failed.");
return true;
}
MSG_SECTION_FOREACH (msg, DNS_SECTION_ANSWER, name) {
ISC_LIST_FOREACH (name->list, rdataset, link) {
result = dns_rdataset_first(rdataset);
if (result != ISC_R_SUCCESS) {
continue;
}
do {
query->rr_count++;
dns_rdata_reset(&rdata);
dns_rdataset_current(rdataset, &rdata);
/*
* If this is the first rr, make sure
* it's an SOA
*/
if ((!query->first_soa_rcvd) &&
(rdata.type != dns_rdatatype_soa))
{
puts("; Transfer failed. "
"Didn't start with SOA answer.");
return true;
}
if ((!query->second_rr_rcvd) &&
(rdata.type != dns_rdatatype_soa))
{
query->second_rr_rcvd = true;
query->second_rr_serial = 0;
debug("got the second rr as nonsoa");
axfr = query->ixfr_axfr = true;
goto next_rdata;
}
/*
* If the record is anything except an SOA
* now, just continue on...
*/
if (rdata.type != dns_rdatatype_soa) {
goto next_rdata;
}
/* Now we have an SOA. Work with it. */
debug("got an SOA");
result = dns_rdata_tostruct(&rdata, &soa, NULL);
check_result(result, "dns_rdata_tostruct");
serial = soa.serial;
dns_rdata_freestruct(&soa);
if (!query->first_soa_rcvd) {
query->first_soa_rcvd = true;
query->first_rr_serial = serial;
debug("this is the first serial %u",
serial);
if (ixfr &&
isc_serial_ge(ixfr_serial, serial))
{
debug("got up to date "
"response");
goto doexit;
}
goto next_rdata;
}
if (axfr) {
debug("doing axfr, got second SOA");
goto doexit;
}
if (!query->second_rr_rcvd) {
if (query->first_rr_serial == serial) {
debug("doing ixfr, got "
"empty zone");
goto doexit;
}
debug("this is the second serial %u",
serial);
query->second_rr_rcvd = true;
query->second_rr_serial = serial;
goto next_rdata;
}
/*
* If we get to this point, we're doing an
* IXFR and have to start really looking
* at serial numbers.
*/
if (query->first_rr_serial == serial) {
debug("got a match for ixfr");
if (!query->first_repeat_rcvd) {
query->first_repeat_rcvd = true;
goto next_rdata;
}
debug("done with ixfr");
goto doexit;
}
debug("meaningless soa %u", serial);
next_rdata:
result = dns_rdataset_next(rdataset);
} while (result == ISC_R_SUCCESS);
}
}
isc_nmhandle_detach(&query->readhandle);
launch_next_query(query);
query_detach(&query);
return false;
doexit:
dighost_received(len, peer, query);
return true;
}
static void
process_cookie(dig_lookup_t *l, dns_message_t *msg, isc_buffer_t *optbuf,
size_t optlen) {
char bb[256];
isc_buffer_t hexbuf;
size_t len;
const unsigned char *sent;
bool copy = true;
isc_result_t result;
if (l->cookie != NULL) {
isc_buffer_init(&hexbuf, bb, sizeof(bb));
result = isc_hex_decodestring(l->cookie, &hexbuf);
check_result(result, "isc_hex_decodestring");
sent = isc_buffer_base(&hexbuf);
len = isc_buffer_usedlength(&hexbuf);
} else {
sent = cookie;
len = sizeof(cookie);
}
INSIST(msg->cc_ok == 0 && msg->cc_bad == 0);
if (len >= 8 && optlen >= 8U) {
if (isc_safe_memequal(isc_buffer_current(optbuf), sent, 8)) {
msg->cc_ok = 1;
} else {
dighost_warning("Warning: Client COOKIE mismatch");
msg->cc_bad = 1;
copy = false;
}
} else {
dighost_warning("Warning: COOKIE bad token (too short)");
msg->cc_bad = 1;
copy = false;
}
if (copy) {
isc_region_t r;
r.base = isc_buffer_current(optbuf);
r.length = (unsigned int)optlen;
isc_buffer_init(&hexbuf, servercookie, sizeof(servercookie));
result = isc_hex_totext(&r, 2, "", &hexbuf);
check_result(result, "isc_hex_totext");
if (isc_buffer_availablelength(&hexbuf) > 0) {
isc_buffer_putuint8(&hexbuf, 0);
l->cookie = servercookie;
}
}
isc_buffer_forward(optbuf, (unsigned int)optlen);
}
static void
process_opt(dig_lookup_t *l, dns_message_t *msg) {
dns_rdata_t rdata;
isc_result_t result;
isc_buffer_t optbuf;
uint16_t optcode, optlen;
dns_rdataset_t *opt = msg->opt;
bool seen_cookie = false;
result = dns_rdataset_first(opt);
if (result == ISC_R_SUCCESS) {
dns_rdata_init(&rdata);
dns_rdataset_current(opt, &rdata);
isc_buffer_init(&optbuf, rdata.data, rdata.length);
isc_buffer_add(&optbuf, rdata.length);
while (isc_buffer_remaininglength(&optbuf) >= 4) {
optcode = isc_buffer_getuint16(&optbuf);
optlen = isc_buffer_getuint16(&optbuf);
switch (optcode) {
case DNS_OPT_COOKIE:
/*
* Only process the first cookie option.
*/
if (seen_cookie) {
isc_buffer_forward(&optbuf, optlen);
break;
}
process_cookie(l, msg, &optbuf, optlen);
seen_cookie = true;
break;
default:
isc_buffer_forward(&optbuf, optlen);
break;
}
}
}
}
static int
ednsvers(dns_rdataset_t *opt) {
return (opt->ttl >> 16) & 0xff;
}
/*%
* Event handler for recv complete. Perform whatever actions are necessary,
* based on the specifics of the user's request.
*/
static void
recv_done(isc_nmhandle_t *handle, isc_result_t eresult, isc_region_t *region,
void *arg) {
dig_query_t *query = (dig_query_t *)arg;
isc_buffer_t b;
dns_message_t *msg = NULL;
isc_result_t result;
dig_lookup_t *n = NULL;
dig_lookup_t *l = NULL;
bool docancel = false;
bool donext = false;
bool match = true;
bool done_process_opt = false;
unsigned int parseflags;
dns_messageid_t id;
unsigned int msgflags;
int newedns;
isc_sockaddr_t peer;
REQUIRE(DIG_VALID_QUERY(query));
REQUIRE(query->readhandle != NULL);
INSIST(!free_now);
debug("recv_done(%p, %s, %p, %p)", handle, isc_result_totext(eresult),
region, arg);
isc_refcount_decrement0(&recvcount);
debug("recvcount=%" PRIuFAST32, isc_refcount_current(&recvcount));
lookup_attach(query->lookup, &l);
if (eresult == ISC_R_CANCELED || eresult == ISC_R_SHUTTINGDOWN ||
query->canceled)
{
debug("recv_done: cancel");
isc_nmhandle_detach(&query->readhandle);
if (eresult == ISC_R_SHUTTINGDOWN) {
cancel_all();
} else if (!query->canceled) {
cancel_lookup(l);
}
query_detach(&query);
lookup_detach(&l);
clear_current_lookup();
return;
}
if (query->lookup->use_usec) {
query->time_recv = isc_time_now_hires();
} else {
query->time_recv = isc_time_now();
}
if ((!l->pending && !l->ns_search_only) || cancel_now) {
debug("no longer pending. Got %s", isc_result_totext(eresult));
goto next_lookup;
}
/*
* NSSEARCH mode is special, because the queries in the followup lookup
* are independent and they are being started in parallel, so if one of
* them fails there is no need to start the next query in the lookup,
* and this failure can be treated as a soft error (with a warning
* message), because there are usually more than one NS servers in the
* lookup's queries list. However, if there was not a single successful
* query in the followup lookup, then print an error message and exit
* with a non-zero exit code.
*/
if (l->ns_search_only && !l->trace_root) {
if (eresult == ISC_R_SUCCESS) {
l->ns_search_success = true;
} else {
char sockstr[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&query->sockaddr, sockstr,
sizeof(sockstr));
dighost_warning("communications error to %s: %s",
sockstr, isc_result_totext(eresult));
/*
* If this is not the last query, then we detach the
* query, but keep the lookup running.
*/
if (!check_if_queries_done(l, query)) {
goto detach_query;
}
/*
* This is the last query, and if there was not a
* single successful query in the whole lookup, then
* treat the situation as an error.
*/
if (!l->ns_search_success) {
dighost_error(
"NS servers could not be reached");
if (exitcode < 9) {
exitcode = 9;
}
}
goto cancel_lookup;
}
}
if (eresult != ISC_R_SUCCESS) {
char sockstr[ISC_SOCKADDR_FORMATSIZE];
isc_sockaddr_format(&query->sockaddr, sockstr, sizeof(sockstr));
dighost_warning("communications error to %s: %s", sockstr,
isc_result_totext(eresult));
if (l->retries > 1 && !l->tcp_mode) {
dig_query_t *newq = NULL;
/*
* For UDP, insert a copy of the current query just
* after itself in the list, and start it to retry the
* request.
*/
newq = new_query(l, query->servname, query->userarg);
ISC_LIST_INSERTAFTER(l->q, query, newq, link);
if (l->current_query == query) {
query_detach(&l->current_query);
}
if (l->current_query == NULL) {
l->retries--;
debug("making new UDP request, %d tries left",
l->retries);
start_udp(newq);
}
if (check_if_queries_done(l, query)) {
goto cancel_lookup;
}
goto detach_query;
} else if (l->retries > 1 && l->tcp_mode) {
/*
* For TCP, we have to requeue the whole lookup, see
* the comments above the start_tcp() function.
*/
l->retries--;
debug("making new TCP request, %d tries left",
l->retries);
requeue_lookup(l, true);
if (keep != NULL) {
isc_nmhandle_detach(&keep);
}
goto cancel_lookup;
} else {
dig_query_t *next = ISC_LIST_NEXT(query, link);
/*
* No retries left, go to the next query, if there is
* one.
*/
if (next != NULL) {
if (l->current_query == query) {
query_detach(&l->current_query);
}
if (l->current_query == NULL) {
debug("starting next query %p", next);
if (l->tcp_mode) {
start_tcp(next);
} else {
start_udp(next);
}
}
if (check_if_queries_done(l, query)) {
goto cancel_lookup;
}
goto detach_query;
}
/*
* Otherwise, print the cmdline and an error message,
* and cancel the lookup.
*/
printf("%s", l->cmdline);
dighost_error("no servers could be reached");
if (exitcode < 9) {
exitcode = 9;
}
if (keep != NULL) {
isc_nmhandle_detach(&keep);
}
goto cancel_lookup;
}
}
isc_buffer_init(&b, region->base, region->length);
isc_buffer_add(&b, region->length);
peer = isc_nmhandle_peeraddr(handle);
result = dns_message_peekheader(&b, &id, &msgflags);
if (result != ISC_R_SUCCESS || l->sendmsg->id != id) {
match = false;
if (l->tcp_mode) {
bool fail = true;
if (result == ISC_R_SUCCESS) {
if (!query->first_soa_rcvd || query->warn_id) {
dighost_warning("%s: ID mismatch: "
"expected ID %u, got "
"%u",
query->first_soa_rcvd
? "WARNING"
: "ERROR",
l->sendmsg->id, id);
}
if (query->first_soa_rcvd) {
fail = false;
}
query->warn_id = false;
} else {
dighost_warning("ERROR: short (< header size) "
"message");
}
if (fail) {
goto cancel_lookup;
}
match = true;
} else if (result == ISC_R_SUCCESS) {
dighost_warning("Warning: ID mismatch: expected ID %u,"
" got %u",
l->sendmsg->id, id);
} else {
dighost_warning("Warning: short (< header size) "
"message received");
}
}
if (result == ISC_R_SUCCESS && (msgflags & DNS_MESSAGEFLAG_QR) == 0) {
dighost_warning("Warning: query response not set");
}
if (!match) {
/*
* We are still attached to query and the query->readhandle is
* also attached
*/
isc_refcount_increment0(&recvcount);
debug("recvcount=%" PRIuFAST32,
isc_refcount_current(&recvcount));
isc_nm_read(handle, recv_done, query);
goto keep_query;
}
dns_message_create(mctx, NULL, NULL, DNS_MESSAGE_INTENTPARSE, &msg);
if (tsigkey != NULL) {
if (l->querysig == NULL) {
debug("getting initial querysig");
result = dns_message_getquerytsig(l->sendmsg, mctx,
&l->querysig);
check_result(result, "dns_message_getquerytsig");
}
dns_message_setquerytsig(msg, l->querysig);
result = dns_message_settsigkey(msg, tsigkey);
check_result(result, "dns_message_settsigkey");
msg->tsigctx = l->tsigctx;
l->tsigctx = NULL;
if (l->msgcounter != 0) {
msg->tcp_continuation = 1;
}
l->msgcounter++;
}
debug("before parse starts");
parseflags = l->dns64prefix ? 0 : DNS_MESSAGEPARSE_PRESERVEORDER;
if (l->besteffort) {
parseflags |= DNS_MESSAGEPARSE_BESTEFFORT;
parseflags |= DNS_MESSAGEPARSE_IGNORETRUNCATION;
}
result = dns_message_parse(msg, &b, parseflags);
if (result == DNS_R_RECOVERABLE) {
dighost_warning("Warning: Message parser reports malformed "
"message packet.");
} else if (result != ISC_R_SUCCESS) {
if (!yaml) {
printf(";; Got bad packet: %s\n",
isc_result_totext(result));
hex_dump(&b);
}
goto cancel_lookup;
}
if (msg->opcode != l->opcode) {
char expect[20] = { 0 }, got[20] = { 0 };
isc_buffer_init(&b, &expect, sizeof(expect));
result = dns_opcode_totext(l->opcode, &b);
check_result(result, "dns_opcode_totext");
isc_buffer_init(&b, &got, sizeof(got));
result = dns_opcode_totext(msg->opcode, &b);
check_result(result, "dns_opcode_totext");
dighost_warning("Warning: Opcode mismatch: expected %s, got %s",
expect, got);
isc_refcount_increment0(&recvcount);
debug("recvcount=%" PRIuFAST32,
isc_refcount_current(&recvcount));
isc_nm_read(handle, recv_done, query);
goto keep_query;
}
if (msg->counts[DNS_SECTION_QUESTION] == 0) {
if (l->doing_xfr) {
if (query->msg_count == 0) {
dighost_warning("missing question section");
}
} else if (!l->header_only && msg->opcode == dns_opcode_query) {
dighost_warning("missing question section");
}
} else {
match = true;
MSG_SECTION_FOREACH (msg, DNS_SECTION_QUESTION, name) {
dns_rdataset_t *rdataset;
ISC_LIST_FOREACH (name->list, rdataset, link) {
if (l->rdtype != rdataset->type ||
l->rdclass != rdataset->rdclass ||
!dns_name_equal(l->name, name))
{
char namestr[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
dns_name_format(name, namestr,
sizeof(namestr));
dns_rdatatype_format(rdataset->type,
typebuf,
sizeof(typebuf));
dns_rdataclass_format(rdataset->rdclass,
classbuf,
sizeof(classbuf));
dighost_warning(";; Question section "
"mismatch: got "
"%s/%s/%s",
namestr, typebuf,
classbuf);
match = false;
}
}
/* Break out of the loop on mismatch */
if (!match) {
if (l->tcp_mode) {
goto cancel_lookup;
}
/*
* We are still attached to query and the
* query->readhandle is also attached
*/
isc_refcount_increment0(&recvcount);
debug("recvcount=%" PRIuFAST32,
isc_refcount_current(&recvcount));
isc_nm_read(handle, recv_done, query);
goto keep_query;
}
}
}
if (msg->rcode == dns_rcode_badvers && msg->opt != NULL &&
(newedns = ednsvers(msg->opt)) < l->edns && l->ednsneg)
{
if (l->showbadvers) {
dighost_printmessage(query, &b, msg, true);
dighost_received(isc_buffer_usedlength(&b), &peer,
query);
}
/*
* Add minimum EDNS version required checks here if needed.
*/
dighost_comments(l, "BADVERS, retrying with EDNS version %u.",
(unsigned int)newedns);
l->edns = newedns;
n = requeue_lookup(l, true);
if (l->trace && l->trace_root) {
n->rdtype = l->qrdtype;
}
goto cancel_lookup;
}
if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0 && !l->ignore &&
!l->tcp_mode)
{
if (l->cookie == NULL && l->sendcookie && msg->opt != NULL) {
process_opt(l, msg);
}
dighost_comments(l, "Truncated, retrying in TCP mode.");
n = requeue_lookup(l, true);
n->tcp_mode = true;
if (l->trace && l->trace_root) {
n->rdtype = l->qrdtype;
}
goto cancel_lookup;
}
if (msg->rcode == dns_rcode_badcookie && !l->tcp_mode &&
l->sendcookie && l->badcookie)
{
process_opt(l, msg);
if (msg->cc_ok) {
if (l->showbadcookie) {
dighost_printmessage(query, &b, msg, true);
dighost_received(isc_buffer_usedlength(&b),
&peer, query);
}
dighost_comments(l, "BADCOOKIE, retrying%s.",
l->seenbadcookie ? " in TCP mode"
: "");
n = requeue_lookup(l, true);
if (l->seenbadcookie) {
n->tcp_mode = true;
}
n->seenbadcookie = true;
if (l->trace && l->trace_root) {
n->rdtype = l->qrdtype;
}
goto cancel_lookup;
}
done_process_opt = true;
}
if ((msg->rcode == dns_rcode_servfail && !l->servfail_stops) ||
(check_ra && (msg->flags & DNS_MESSAGEFLAG_RA) == 0 && l->recurse))
{
const char *err = (msg->rcode == dns_rcode_servfail &&
!l->servfail_stops)
? "SERVFAIL reply"
: "recursion not available";
dig_query_t *next = ISC_LIST_NEXT(query, link);
if (l->current_query == query) {
query_detach(&l->current_query);
}
if (next != NULL && (!l->ns_search_only || l->trace_root)) {
dighost_comments(l,
"Got %s from %s, trying next server",
err, query->servname);
debug("sending query %p", next);
if (l->tcp_mode) {
start_tcp(next);
} else {
start_udp(next);
}
if (check_if_queries_done(l, query)) {
goto cancel_lookup;
}
goto detach_query;
} else {
dighost_comments(l, "Got %s from %s", err,
query->servname);
}
}
if (tsigkey != NULL) {
result = dns_tsig_verify(&b, msg, NULL, NULL);
if (result != ISC_R_SUCCESS) {
dighost_warning("Couldn't verify signature: %s",
isc_result_totext(result));
validated = false;
}
l->tsigctx = msg->tsigctx;
msg->tsigctx = NULL;
if (l->querysig != NULL) {
debug("freeing querysig buffer %p", l->querysig);
isc_buffer_free(&l->querysig);
}
result = dns_message_getquerytsig(msg, mctx, &l->querysig);
check_result(result, "dns_message_getquerytsig");
}
extrabytes = isc_buffer_remaininglength(&b);
debug("after parse");
if (l->doing_xfr && l->xfr_q == NULL) {
l->xfr_q = query;
/*
* Once we are in the XFR message, increase
* the timeout to much longer, so brief network
* outages won't cause the XFR to abort
*/
if (timeout != INT_MAX && query->timer != NULL) {
unsigned int local_timeout;
if (timeout == 0) {
if (l->tcp_mode) {
local_timeout = TCP_TIMEOUT * 4000;
} else {
local_timeout = UDP_TIMEOUT * 4000;
}
} else {
if (timeout < (INT_MAX / 4)) {
local_timeout = timeout * 4000;
} else {
local_timeout = INT_MAX;
}
}
debug("have local timeout of %d", local_timeout);
isc_nmhandle_settimeout(query->handle, local_timeout);
}
}
if (!done_process_opt) {
if (l->cookie != NULL) {
if (msg->opt == NULL) {
dighost_warning("expected opt record in "
"response");
} else {
process_opt(l, msg);
}
} else if (l->sendcookie && msg->opt != NULL) {
process_opt(l, msg);
}
}
if (!l->doing_xfr || l->xfr_q == query) {
if (msg->rcode == dns_rcode_nxdomain &&
(l->origin != NULL || l->need_search))
{
if (!next_origin(l) || showsearch) {
dighost_printmessage(query, &b, msg, true);
dighost_received(isc_buffer_usedlength(&b),
&peer, query);
}
} else if (!l->trace && !l->ns_search_only) {
dighost_printmessage(query, &b, msg, true);
} else if (l->trace) {
int nl = 0;
int count = msg->counts[DNS_SECTION_ANSWER];
debug("in TRACE code");
if (!l->ns_search_only) {
dighost_printmessage(query, &b, msg, true);
}
l->rdtype = l->qrdtype;
if (l->trace_root || (l->ns_search_only && count > 0)) {
if (!l->trace_root) {
l->rdtype = dns_rdatatype_soa;
}
nl = followup_lookup(msg, query,
DNS_SECTION_ANSWER);
l->trace_root = false;
} else if (count == 0) {
nl = followup_lookup(msg, query,
DNS_SECTION_AUTHORITY);
}
if (nl == 0) {
docancel = true;
}
} else {
debug("in NSSEARCH code");
if (l->trace_root) {
/*
* This is the initial NS query.
*/
int nl;
l->rdtype = dns_rdatatype_soa;
nl = followup_lookup(msg, query,
DNS_SECTION_ANSWER);
if (nl == 0) {
docancel = true;
}
l->trace_root = false;
usesearch = false;
} else {
/*
* This is a query in the followup lookup
*/
dighost_printmessage(query, &b, msg, true);
docancel = check_if_queries_done(l, query);
}
}
}
if (l->pending) {
debug("still pending.");
}
if (l->doing_xfr) {
if (query != l->xfr_q) {
goto detach_query;
}
if (!docancel) {
docancel = check_for_more_data(l, query, msg, &peer,
region->length);
}
if (docancel) {
goto cancel_lookup;
}
/*
* check_for_more_data() will detach from query->readhandle
* and query on its own, as it needs to reuse the query and
* reattach to the readhandle in launch_next_query().
*/
goto keep_query;
} else {
if (msg->rcode == dns_rcode_noerror || l->origin == NULL) {
dighost_received(isc_buffer_usedlength(&b), &peer,
query);
}
if (!l->ns_search_only) {
l->pending = false;
}
if (!l->ns_search_only || l->trace_root || docancel) {
goto cancel_lookup;
}
goto next_lookup;
}
cancel_lookup:
docancel = true;
next_lookup:
donext = true;
detach_query:
isc_nmhandle_detach(&query->readhandle);
query_detach(&query);
if (docancel) {
cancel_lookup(l);
}
keep_query:
if (msg != NULL) {
dns_message_detach(&msg);
}
lookup_detach(&l);
if (donext) {
clear_current_lookup();
}
}
/*%
* Turn a name into an address, using system-supplied routines. This is
* used in looking up server names, etc... and needs to use system-supplied
* routines, since they may be using a non-DNS system for these lookups.
*/
isc_result_t
get_address(char *host, in_port_t myport, isc_sockaddr_t *sockaddr) {
int count;
isc_result_t result;
isc_loopmgr_blocking(loopmgr);
result = isc_getaddresses(host, myport, sockaddr, 1, &count);
isc_loopmgr_nonblocking(loopmgr);
if (result != ISC_R_SUCCESS) {
return result;
}
INSIST(count == 1);
return ISC_R_SUCCESS;
}
int
getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp) {
isc_result_t result;
isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
isc_netaddr_t netaddr;
int count, i;
dig_server_t *srv;
char tmp[ISC_NETADDR_FORMATSIZE];
isc_loopmgr_blocking(loopmgr);
result = isc_getaddresses(host, 0, sockaddrs, DIG_MAX_ADDRESSES,
&count);
isc_loopmgr_nonblocking(loopmgr);
SET_IF_NOT_NULL(resultp, result);
if (result != ISC_R_SUCCESS) {
if (resultp == NULL) {
fatal("couldn't get address for '%s': %s", host,
isc_result_totext(result));
}
return 0;
}
for (i = 0; i < count; i++) {
isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
srv = make_server(tmp, host);
ISC_LIST_APPEND(lookup->my_server_list, srv, link);
}
return count;
}
/*%
* Initiate either a TCP or UDP lookup
*/
void
do_lookup(dig_lookup_t *lookup) {
dig_query_t *query;
REQUIRE(lookup != NULL);
debug("do_lookup()");
lookup->pending = true;
query = ISC_LIST_HEAD(lookup->q);
if (query != NULL) {
REQUIRE(DIG_VALID_QUERY(query));
if (lookup->tcp_mode) {
start_tcp(query);
} else {
start_udp(query);
}
}
}
/*%
* Start everything in action upon task startup.
*/
void
onrun_callback(void *arg) {
UNUSED(arg);
start_lookup();
}
void
run_loop(void *arg) {
UNUSED(arg);
start_lookup();
}
/*%
* Make everything on the lookup queue go away. Mainly used by the
* SIGINT handler.
*/
void
cancel_all(void) {
dig_lookup_t *l, *n;
dig_query_t *q, *nq;
debug("cancel_all()");
if (free_now) {
return;
}
cancel_now = true;
while (current_lookup != NULL) {
for (q = ISC_LIST_HEAD(current_lookup->q); q != NULL; q = nq) {
nq = ISC_LIST_NEXT(q, link);
debug("canceling pending query %p, belonging to %p", q,
current_lookup);
q->canceled = true;
if (q->readhandle != NULL &&
!isc_nm_is_http_handle(q->readhandle))
{
isc_nm_cancelread(q->readhandle);
}
query_detach(&q);
}
/*
* current_lookup could have been detached via query_detach().
*/
if (current_lookup != NULL) {
lookup_detach(&current_lookup);
}
}
l = ISC_LIST_HEAD(lookup_list);
while (l != NULL) {
n = ISC_LIST_NEXT(l, link);
ISC_LIST_DEQUEUE(lookup_list, l, link);
lookup_detach(&l);
l = n;
}
}
void
cleanup_openssl_refs(void) {
if (tsigkey != NULL) {
debug("freeing TSIG key %p", tsigkey);
dns_tsigkey_detach(&tsigkey);
}
if (sig0key != NULL) {
debug("freeing SIG(0) key %p", sig0key);
dst_key_free(&sig0key);
}
}
/*%
* Destroy all of the libs we are using, and get everything ready for a
* clean shutdown.
*/
void
destroy_libs(void) {
debug("destroy_libs()");
isc_refcount_destroy(&recvcount);
isc_refcount_destroy(&sendcount);
INSIST(ISC_LIST_HEAD(lookup_list) == NULL);
INSIST(current_lookup == NULL);
INSIST(!free_now);
free_now = true;
flush_server_list();
clear_searchlist();
cleanup_openssl_refs();
if (namebuf != NULL) {
debug("freeing key %p", tsigkey);
isc_buffer_free(&namebuf);
}
debug("Destroy memory");
if (memdebugging != 0) {
isc_mem_stats(mctx, stderr);
}
isc_managers_destroy(&mctx, &loopmgr, &netmgr);
#if ENABLE_LEAK_DETECTION
isc__crypto_setdestroycheck(true);
isc__uv_setdestroycheck(true);
isc__xml_setdestroycheck(true);
#endif
isc_mem_checkdestroyed(stderr);
}
#ifdef HAVE_LIBIDN2
static isc_result_t
idn_filter(isc_buffer_t *buffer, unsigned int start) {
char src[MXNAME];
char *dst = NULL;
size_t srclen, dstlen;
int res;
/*
* Copy name from 'buffer' to 'src' and terminate it with NULL.
*/
srclen = isc_buffer_usedlength(buffer) - start;
INSIST(srclen < sizeof(src));
memmove(src, (char *)isc_buffer_base(buffer) + start, srclen);
src[srclen] = '\0';
/*
* Try to convert the name; leave it unchanged if conversion fails.
*/
systemlocale(LC_ALL);
res = idn2_to_unicode_8zlz(src, &dst, IDN2_NONTRANSITIONAL);
if (res == IDN2_DISALLOWED) {
res = idn2_to_unicode_8zlz(src, &dst, IDN2_TRANSITIONAL);
}
resetlocale(LC_ALL);
if (res != IDN2_OK) {
return ISC_R_SUCCESS;
}
/*
* Copy the converted back into 'buffer' if it fits.
*/
dstlen = strlen(dst);
if (isc_buffer_length(buffer) < start + dstlen) {
return ISC_R_NOSPACE;
}
isc_buffer_subtract(buffer, srclen);
memmove(isc_buffer_used(buffer), dst, dstlen);
isc_buffer_add(buffer, dstlen);
idn2_free(dst);
return ISC_R_SUCCESS;
}
/*%
* Convert 'src', which is a string using the current locale's character
* encoding, into an ACE string suitable for use in the DNS, storing the
* conversion result in 'dst', which is 'dstlen' bytes large.
*
* 'dst' MUST be large enough to hold any valid domain name.
*/
static void
idn_input(const char *src, char *dst, size_t dstlen) {
char *ascii = NULL;
size_t len;
int res;
/*
* We trust libidn2 to return an error if 'src' is too large to be a
* valid domain name.
*
* If conversion fails under IDNA2008 rules, retry with transitional
* rules. The aim is that characters whose interpretation changed will
* be handled under the new rules, but we will accept characters (such
* as emoji) that were OK but are now forbidden.
*/
systemlocale(LC_ALL);
res = idn2_to_ascii_lz(src, &ascii, IDN2_NONTRANSITIONAL);
if (res == IDN2_DISALLOWED) {
res = idn2_to_ascii_lz(src, &ascii, IDN2_TRANSITIONAL);
}
resetlocale(LC_ALL);
/*
* idn2_to_ascii_lz() normalizes all strings to lower case, but
* we generally don't want to lowercase all input strings; make
* sure to return the original case if the two strings differ
* only in case.
*/
if (res == IDN2_OK && strcasecmp(src, ascii) != 0) {
len = strlcpy(dst, ascii, dstlen);
} else {
len = strlcpy(dst, src, dstlen);
}
INSIST(len < dstlen);
idn2_free(ascii);
}
#endif /* HAVE_LIBIDN2 */
void
dig_idnsetup(dig_lookup_t *lookup, bool active) {
#ifdef HAVE_LIBIDN2
isc_result_t result;
result = dns_name_settotextfilter(
(active && lookup->idnout) ? idn_filter : NULL);
check_result(result, "dns_name_settotextfilter");
#else
UNUSED(lookup);
UNUSED(active);
return;
#endif /* HAVE_LIBIDN2 */
}
bool
dig_lookup_is_tls(const dig_lookup_t *lookup) {
if (lookup->tls_mode || (lookup->tls_ca_set && !lookup->https_mode)) {
return true;
}
return false;
}
View Git Blame Copy Permalink