Annotation of embedaddon/dnsmasq/src/rfc1035.c, revision 1.1
1.1 ! misho 1: /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
! 2:
! 3: This program is free software; you can redistribute it and/or modify
! 4: it under the terms of the GNU General Public License as published by
! 5: the Free Software Foundation; version 2 dated June, 1991, or
! 6: (at your option) version 3 dated 29 June, 2007.
! 7:
! 8: This program is distributed in the hope that it will be useful,
! 9: but WITHOUT ANY WARRANTY; without even the implied warranty of
! 10: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
! 11: GNU General Public License for more details.
! 12:
! 13: You should have received a copy of the GNU General Public License
! 14: along with this program. If not, see <http://www.gnu.org/licenses/>.
! 15: */
! 16:
! 17: #include "dnsmasq.h"
! 18:
! 19:
! 20: #define CHECK_LEN(header, pp, plen, len) \
! 21: ((size_t)((pp) - (unsigned char *)(header) + (len)) <= (plen))
! 22:
! 23: #define ADD_RDLEN(header, pp, plen, len) \
! 24: (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1))
! 25:
! 26: int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
! 27: char *name, int isExtract, int extrabytes)
! 28: {
! 29: unsigned char *cp = (unsigned char *)name, *p = *pp, *p1 = NULL;
! 30: unsigned int j, l, hops = 0;
! 31: int retvalue = 1;
! 32:
! 33: if (isExtract)
! 34: *cp = 0;
! 35:
! 36: while (1)
! 37: {
! 38: unsigned int label_type;
! 39:
! 40: if (!CHECK_LEN(header, p, plen, 1))
! 41: return 0;
! 42:
! 43: if ((l = *p++) == 0)
! 44: /* end marker */
! 45: {
! 46: /* check that there are the correct no of bytes after the name */
! 47: if (!CHECK_LEN(header, p, plen, extrabytes))
! 48: return 0;
! 49:
! 50: if (isExtract)
! 51: {
! 52: if (cp != (unsigned char *)name)
! 53: cp--;
! 54: *cp = 0; /* terminate: lose final period */
! 55: }
! 56: else if (*cp != 0)
! 57: retvalue = 2;
! 58:
! 59: if (p1) /* we jumped via compression */
! 60: *pp = p1;
! 61: else
! 62: *pp = p;
! 63:
! 64: return retvalue;
! 65: }
! 66:
! 67: label_type = l & 0xc0;
! 68:
! 69: if (label_type == 0xc0) /* pointer */
! 70: {
! 71: if (!CHECK_LEN(header, p, plen, 1))
! 72: return 0;
! 73:
! 74: /* get offset */
! 75: l = (l&0x3f) << 8;
! 76: l |= *p++;
! 77:
! 78: if (!p1) /* first jump, save location to go back to */
! 79: p1 = p;
! 80:
! 81: hops++; /* break malicious infinite loops */
! 82: if (hops > 255)
! 83: return 0;
! 84:
! 85: p = l + (unsigned char *)header;
! 86: }
! 87: else if (label_type == 0x80)
! 88: return 0; /* reserved */
! 89: else if (label_type == 0x40)
! 90: { /* ELT */
! 91: unsigned int count, digs;
! 92:
! 93: if ((l & 0x3f) != 1)
! 94: return 0; /* we only understand bitstrings */
! 95:
! 96: if (!isExtract)
! 97: return 0; /* Cannot compare bitsrings */
! 98:
! 99: count = *p++;
! 100: if (count == 0)
! 101: count = 256;
! 102: digs = ((count-1)>>2)+1;
! 103:
! 104: /* output is \[x<hex>/siz]. which is digs+9 chars */
! 105: if (cp - (unsigned char *)name + digs + 9 >= MAXDNAME)
! 106: return 0;
! 107: if (!CHECK_LEN(header, p, plen, (count-1)>>3))
! 108: return 0;
! 109:
! 110: *cp++ = '\\';
! 111: *cp++ = '[';
! 112: *cp++ = 'x';
! 113: for (j=0; j<digs; j++)
! 114: {
! 115: unsigned int dig;
! 116: if (j%2 == 0)
! 117: dig = *p >> 4;
! 118: else
! 119: dig = *p++ & 0x0f;
! 120:
! 121: *cp++ = dig < 10 ? dig + '0' : dig + 'A' - 10;
! 122: }
! 123: cp += sprintf((char *)cp, "/%d]", count);
! 124: /* do this here to overwrite the zero char from sprintf */
! 125: *cp++ = '.';
! 126: }
! 127: else
! 128: { /* label_type = 0 -> label. */
! 129: if (cp - (unsigned char *)name + l + 1 >= MAXDNAME)
! 130: return 0;
! 131: if (!CHECK_LEN(header, p, plen, l))
! 132: return 0;
! 133:
! 134: for(j=0; j<l; j++, p++)
! 135: if (isExtract)
! 136: {
! 137: unsigned char c = *p;
! 138: if (isascii(c) && !iscntrl(c) && c != '.')
! 139: *cp++ = *p;
! 140: else
! 141: return 0;
! 142: }
! 143: else
! 144: {
! 145: unsigned char c1 = *cp, c2 = *p;
! 146:
! 147: if (c1 == 0)
! 148: retvalue = 2;
! 149: else
! 150: {
! 151: cp++;
! 152: if (c1 >= 'A' && c1 <= 'Z')
! 153: c1 += 'a' - 'A';
! 154: if (c2 >= 'A' && c2 <= 'Z')
! 155: c2 += 'a' - 'A';
! 156:
! 157: if (c1 != c2)
! 158: retvalue = 2;
! 159: }
! 160: }
! 161:
! 162: if (isExtract)
! 163: *cp++ = '.';
! 164: else if (*cp != 0 && *cp++ != '.')
! 165: retvalue = 2;
! 166: }
! 167: }
! 168: }
! 169:
! 170: /* Max size of input string (for IPv6) is 75 chars.) */
! 171: #define MAXARPANAME 75
! 172: int in_arpa_name_2_addr(char *namein, struct all_addr *addrp)
! 173: {
! 174: int j;
! 175: char name[MAXARPANAME+1], *cp1;
! 176: unsigned char *addr = (unsigned char *)addrp;
! 177: char *lastchunk = NULL, *penchunk = NULL;
! 178:
! 179: if (strlen(namein) > MAXARPANAME)
! 180: return 0;
! 181:
! 182: memset(addrp, 0, sizeof(struct all_addr));
! 183:
! 184: /* turn name into a series of asciiz strings */
! 185: /* j counts no of labels */
! 186: for(j = 1,cp1 = name; *namein; cp1++, namein++)
! 187: if (*namein == '.')
! 188: {
! 189: penchunk = lastchunk;
! 190: lastchunk = cp1 + 1;
! 191: *cp1 = 0;
! 192: j++;
! 193: }
! 194: else
! 195: *cp1 = *namein;
! 196:
! 197: *cp1 = 0;
! 198:
! 199: if (j<3)
! 200: return 0;
! 201:
! 202: if (hostname_isequal(lastchunk, "arpa") && hostname_isequal(penchunk, "in-addr"))
! 203: {
! 204: /* IP v4 */
! 205: /* address arives as a name of the form
! 206: www.xxx.yyy.zzz.in-addr.arpa
! 207: some of the low order address octets might be missing
! 208: and should be set to zero. */
! 209: for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
! 210: {
! 211: /* check for digits only (weeds out things like
! 212: 50.0/24.67.28.64.in-addr.arpa which are used
! 213: as CNAME targets according to RFC 2317 */
! 214: char *cp;
! 215: for (cp = cp1; *cp; cp++)
! 216: if (!isdigit((unsigned char)*cp))
! 217: return 0;
! 218:
! 219: addr[3] = addr[2];
! 220: addr[2] = addr[1];
! 221: addr[1] = addr[0];
! 222: addr[0] = atoi(cp1);
! 223: }
! 224:
! 225: return F_IPV4;
! 226: }
! 227: #ifdef HAVE_IPV6
! 228: else if (hostname_isequal(penchunk, "ip6") &&
! 229: (hostname_isequal(lastchunk, "int") || hostname_isequal(lastchunk, "arpa")))
! 230: {
! 231: /* IP v6:
! 232: Address arrives as 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.[int|arpa]
! 233: or \[xfedcba9876543210fedcba9876543210/128].ip6.[int|arpa]
! 234:
! 235: Note that most of these the various reprentations are obsolete and
! 236: left-over from the many DNS-for-IPv6 wars. We support all the formats
! 237: that we can since there is no reason not to.
! 238: */
! 239:
! 240: if (*name == '\\' && *(name+1) == '[' &&
! 241: (*(name+2) == 'x' || *(name+2) == 'X'))
! 242: {
! 243: for (j = 0, cp1 = name+3; *cp1 && isxdigit((unsigned char) *cp1) && j < 32; cp1++, j++)
! 244: {
! 245: char xdig[2];
! 246: xdig[0] = *cp1;
! 247: xdig[1] = 0;
! 248: if (j%2)
! 249: addr[j/2] |= strtol(xdig, NULL, 16);
! 250: else
! 251: addr[j/2] = strtol(xdig, NULL, 16) << 4;
! 252: }
! 253:
! 254: if (*cp1 == '/' && j == 32)
! 255: return F_IPV6;
! 256: }
! 257: else
! 258: {
! 259: for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
! 260: {
! 261: if (*(cp1+1) || !isxdigit((unsigned char)*cp1))
! 262: return 0;
! 263:
! 264: for (j = sizeof(struct all_addr)-1; j>0; j--)
! 265: addr[j] = (addr[j] >> 4) | (addr[j-1] << 4);
! 266: addr[0] = (addr[0] >> 4) | (strtol(cp1, NULL, 16) << 4);
! 267: }
! 268:
! 269: return F_IPV6;
! 270: }
! 271: }
! 272: #endif
! 273:
! 274: return 0;
! 275: }
! 276:
! 277: static unsigned char *skip_name(unsigned char *ansp, struct dns_header *header, size_t plen, int extrabytes)
! 278: {
! 279: while(1)
! 280: {
! 281: unsigned int label_type;
! 282:
! 283: if (!CHECK_LEN(header, ansp, plen, 1))
! 284: return NULL;
! 285:
! 286: label_type = (*ansp) & 0xc0;
! 287:
! 288: if (label_type == 0xc0)
! 289: {
! 290: /* pointer for compression. */
! 291: ansp += 2;
! 292: break;
! 293: }
! 294: else if (label_type == 0x80)
! 295: return NULL; /* reserved */
! 296: else if (label_type == 0x40)
! 297: {
! 298: /* Extended label type */
! 299: unsigned int count;
! 300:
! 301: if (!CHECK_LEN(header, ansp, plen, 2))
! 302: return NULL;
! 303:
! 304: if (((*ansp++) & 0x3f) != 1)
! 305: return NULL; /* we only understand bitstrings */
! 306:
! 307: count = *(ansp++); /* Bits in bitstring */
! 308:
! 309: if (count == 0) /* count == 0 means 256 bits */
! 310: ansp += 32;
! 311: else
! 312: ansp += ((count-1)>>3)+1;
! 313: }
! 314: else
! 315: { /* label type == 0 Bottom six bits is length */
! 316: unsigned int len = (*ansp++) & 0x3f;
! 317:
! 318: if (!ADD_RDLEN(header, ansp, plen, len))
! 319: return NULL;
! 320:
! 321: if (len == 0)
! 322: break; /* zero length label marks the end. */
! 323: }
! 324: }
! 325:
! 326: if (!CHECK_LEN(header, ansp, plen, extrabytes))
! 327: return NULL;
! 328:
! 329: return ansp;
! 330: }
! 331:
! 332: unsigned char *skip_questions(struct dns_header *header, size_t plen)
! 333: {
! 334: int q;
! 335: unsigned char *ansp = (unsigned char *)(header+1);
! 336:
! 337: for (q = ntohs(header->qdcount); q != 0; q--)
! 338: {
! 339: if (!(ansp = skip_name(ansp, header, plen, 4)))
! 340: return NULL;
! 341: ansp += 4; /* class and type */
! 342: }
! 343:
! 344: return ansp;
! 345: }
! 346:
! 347: static unsigned char *skip_section(unsigned char *ansp, int count, struct dns_header *header, size_t plen)
! 348: {
! 349: int i, rdlen;
! 350:
! 351: for (i = 0; i < count; i++)
! 352: {
! 353: if (!(ansp = skip_name(ansp, header, plen, 10)))
! 354: return NULL;
! 355: ansp += 8; /* type, class, TTL */
! 356: GETSHORT(rdlen, ansp);
! 357: if (!ADD_RDLEN(header, ansp, plen, rdlen))
! 358: return NULL;
! 359: }
! 360:
! 361: return ansp;
! 362: }
! 363:
! 364: /* CRC the question section. This is used to safely detect query
! 365: retransmision and to detect answers to questions we didn't ask, which
! 366: might be poisoning attacks. Note that we decode the name rather
! 367: than CRC the raw bytes, since replies might be compressed differently.
! 368: We ignore case in the names for the same reason. Return all-ones
! 369: if there is not question section. */
! 370: unsigned int questions_crc(struct dns_header *header, size_t plen, char *name)
! 371: {
! 372: int q;
! 373: unsigned int crc = 0xffffffff;
! 374: unsigned char *p1, *p = (unsigned char *)(header+1);
! 375:
! 376: for (q = ntohs(header->qdcount); q != 0; q--)
! 377: {
! 378: if (!extract_name(header, plen, &p, name, 1, 4))
! 379: return crc; /* bad packet */
! 380:
! 381: for (p1 = (unsigned char *)name; *p1; p1++)
! 382: {
! 383: int i = 8;
! 384: char c = *p1;
! 385:
! 386: if (c >= 'A' && c <= 'Z')
! 387: c += 'a' - 'A';
! 388:
! 389: crc ^= c << 24;
! 390: while (i--)
! 391: crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
! 392: }
! 393:
! 394: /* CRC the class and type as well */
! 395: for (p1 = p; p1 < p+4; p1++)
! 396: {
! 397: int i = 8;
! 398: crc ^= *p1 << 24;
! 399: while (i--)
! 400: crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
! 401: }
! 402:
! 403: p += 4;
! 404: if (!CHECK_LEN(header, p, plen, 0))
! 405: return crc; /* bad packet */
! 406: }
! 407:
! 408: return crc;
! 409: }
! 410:
! 411:
! 412: size_t resize_packet(struct dns_header *header, size_t plen, unsigned char *pheader, size_t hlen)
! 413: {
! 414: unsigned char *ansp = skip_questions(header, plen);
! 415:
! 416: /* if packet is malformed, just return as-is. */
! 417: if (!ansp)
! 418: return plen;
! 419:
! 420: if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount),
! 421: header, plen)))
! 422: return plen;
! 423:
! 424: /* restore pseudoheader */
! 425: if (pheader && ntohs(header->arcount) == 0)
! 426: {
! 427: /* must use memmove, may overlap */
! 428: memmove(ansp, pheader, hlen);
! 429: header->arcount = htons(1);
! 430: ansp += hlen;
! 431: }
! 432:
! 433: return ansp - (unsigned char *)header;
! 434: }
! 435:
! 436: unsigned char *find_pseudoheader(struct dns_header *header, size_t plen, size_t *len, unsigned char **p, int *is_sign)
! 437: {
! 438: /* See if packet has an RFC2671 pseudoheader, and if so return a pointer to it.
! 439: also return length of pseudoheader in *len and pointer to the UDP size in *p
! 440: Finally, check to see if a packet is signed. If it is we cannot change a single bit before
! 441: forwarding. We look for SIG and TSIG in the addition section, and TKEY queries (for GSS-TSIG) */
! 442:
! 443: int i, arcount = ntohs(header->arcount);
! 444: unsigned char *ansp = (unsigned char *)(header+1);
! 445: unsigned short rdlen, type, class;
! 446: unsigned char *ret = NULL;
! 447:
! 448: if (is_sign)
! 449: {
! 450: *is_sign = 0;
! 451:
! 452: if (OPCODE(header) == QUERY)
! 453: {
! 454: for (i = ntohs(header->qdcount); i != 0; i--)
! 455: {
! 456: if (!(ansp = skip_name(ansp, header, plen, 4)))
! 457: return NULL;
! 458:
! 459: GETSHORT(type, ansp);
! 460: GETSHORT(class, ansp);
! 461:
! 462: if (class == C_IN && type == T_TKEY)
! 463: *is_sign = 1;
! 464: }
! 465: }
! 466: }
! 467: else
! 468: {
! 469: if (!(ansp = skip_questions(header, plen)))
! 470: return NULL;
! 471: }
! 472:
! 473: if (arcount == 0)
! 474: return NULL;
! 475:
! 476: if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount), header, plen)))
! 477: return NULL;
! 478:
! 479: for (i = 0; i < arcount; i++)
! 480: {
! 481: unsigned char *save, *start = ansp;
! 482: if (!(ansp = skip_name(ansp, header, plen, 10)))
! 483: return NULL;
! 484:
! 485: GETSHORT(type, ansp);
! 486: save = ansp;
! 487: GETSHORT(class, ansp);
! 488: ansp += 4; /* TTL */
! 489: GETSHORT(rdlen, ansp);
! 490: if (!ADD_RDLEN(header, ansp, plen, rdlen))
! 491: return NULL;
! 492: if (type == T_OPT)
! 493: {
! 494: if (len)
! 495: *len = ansp - start;
! 496: if (p)
! 497: *p = save;
! 498: ret = start;
! 499: }
! 500: else if (is_sign &&
! 501: i == arcount - 1 &&
! 502: class == C_ANY &&
! 503: (type == T_SIG || type == T_TSIG))
! 504: *is_sign = 1;
! 505: }
! 506:
! 507: return ret;
! 508: }
! 509:
! 510: struct macparm {
! 511: unsigned char *limit;
! 512: struct dns_header *header;
! 513: size_t plen;
! 514: union mysockaddr *l3;
! 515: };
! 516:
! 517: static int filter_mac(int family, char *addrp, char *mac, size_t maclen, void *parmv)
! 518: {
! 519: struct macparm *parm = parmv;
! 520: int match = 0;
! 521: unsigned short rdlen;
! 522: struct dns_header *header = parm->header;
! 523: unsigned char *lenp, *datap, *p;
! 524:
! 525: if (family == parm->l3->sa.sa_family)
! 526: {
! 527: if (family == AF_INET && memcmp (&parm->l3->in.sin_addr, addrp, INADDRSZ) == 0)
! 528: match = 1;
! 529: #ifdef HAVE_IPV6
! 530: else
! 531: if (family == AF_INET6 && memcmp (&parm->l3->in6.sin6_addr, addrp, IN6ADDRSZ) == 0)
! 532: match = 1;
! 533: #endif
! 534: }
! 535:
! 536: if (!match)
! 537: return 1; /* continue */
! 538:
! 539: if (ntohs(header->arcount) == 0)
! 540: {
! 541: /* We are adding the pseudoheader */
! 542: if (!(p = skip_questions(header, parm->plen)) ||
! 543: !(p = skip_section(p,
! 544: ntohs(header->ancount) + ntohs(header->nscount),
! 545: header, parm->plen)))
! 546: return 0;
! 547: *p++ = 0; /* empty name */
! 548: PUTSHORT(T_OPT, p);
! 549: PUTSHORT(PACKETSZ, p); /* max packet length - is 512 suitable default for non-EDNS0 resolvers? */
! 550: PUTLONG(0, p); /* extended RCODE */
! 551: lenp = p;
! 552: PUTSHORT(0, p); /* RDLEN */
! 553: rdlen = 0;
! 554: if (((ssize_t)maclen) > (parm->limit - (p + 4)))
! 555: return 0; /* Too big */
! 556: header->arcount = htons(1);
! 557: datap = p;
! 558: }
! 559: else
! 560: {
! 561: int i, is_sign;
! 562: unsigned short code, len;
! 563:
! 564: if (ntohs(header->arcount) != 1 ||
! 565: !(p = find_pseudoheader(header, parm->plen, NULL, NULL, &is_sign)) ||
! 566: is_sign ||
! 567: (!(p = skip_name(p, header, parm->plen, 10))))
! 568: return 0;
! 569:
! 570: p += 8; /* skip UDP length and RCODE */
! 571:
! 572: lenp = p;
! 573: GETSHORT(rdlen, p);
! 574: if (!CHECK_LEN(header, p, parm->plen, rdlen))
! 575: return 0; /* bad packet */
! 576: datap = p;
! 577:
! 578: /* check if option already there */
! 579: for (i = 0; i + 4 < rdlen; i += len + 4)
! 580: {
! 581: GETSHORT(code, p);
! 582: GETSHORT(len, p);
! 583: if (code == EDNS0_OPTION_MAC)
! 584: return 0;
! 585: p += len;
! 586: }
! 587:
! 588: if (((ssize_t)maclen) > (parm->limit - (p + 4)))
! 589: return 0; /* Too big */
! 590: }
! 591:
! 592: PUTSHORT(EDNS0_OPTION_MAC, p);
! 593: PUTSHORT(maclen, p);
! 594: memcpy(p, mac, maclen);
! 595: p += maclen;
! 596:
! 597: PUTSHORT(p - datap, lenp);
! 598: parm->plen = p - (unsigned char *)header;
! 599:
! 600: return 0; /* done */
! 601: }
! 602:
! 603:
! 604: size_t add_mac(struct dns_header *header, size_t plen, char *limit, union mysockaddr *l3)
! 605: {
! 606: struct macparm parm;
! 607:
! 608: /* Must have an existing pseudoheader as the only ar-record,
! 609: or have no ar-records. Must also not be signed */
! 610:
! 611: if (ntohs(header->arcount) > 1)
! 612: return plen;
! 613:
! 614: parm.header = header;
! 615: parm.limit = (unsigned char *)limit;
! 616: parm.plen = plen;
! 617: parm.l3 = l3;
! 618:
! 619: iface_enumerate(AF_UNSPEC, &parm, filter_mac);
! 620:
! 621: return parm.plen;
! 622: }
! 623:
! 624:
! 625: /* is addr in the non-globally-routed IP space? */
! 626: static int private_net(struct in_addr addr, int ban_localhost)
! 627: {
! 628: in_addr_t ip_addr = ntohl(addr.s_addr);
! 629:
! 630: return
! 631: (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ ||
! 632: ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ ||
! 633: ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ ||
! 634: ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ ||
! 635: ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ;
! 636: }
! 637:
! 638: static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name)
! 639: {
! 640: int i, qtype, qclass, rdlen;
! 641:
! 642: for (i = count; i != 0; i--)
! 643: {
! 644: if (name && option_bool(OPT_LOG))
! 645: {
! 646: if (!extract_name(header, qlen, &p, name, 1, 10))
! 647: return 0;
! 648: }
! 649: else if (!(p = skip_name(p, header, qlen, 10)))
! 650: return 0; /* bad packet */
! 651:
! 652: GETSHORT(qtype, p);
! 653: GETSHORT(qclass, p);
! 654: p += 4; /* ttl */
! 655: GETSHORT(rdlen, p);
! 656:
! 657: if (qclass == C_IN && qtype == T_A)
! 658: {
! 659: struct doctor *doctor;
! 660: struct in_addr addr;
! 661:
! 662: if (!CHECK_LEN(header, p, qlen, INADDRSZ))
! 663: return 0;
! 664:
! 665: /* alignment */
! 666: memcpy(&addr, p, INADDRSZ);
! 667:
! 668: for (doctor = daemon->doctors; doctor; doctor = doctor->next)
! 669: {
! 670: if (doctor->end.s_addr == 0)
! 671: {
! 672: if (!is_same_net(doctor->in, addr, doctor->mask))
! 673: continue;
! 674: }
! 675: else if (ntohl(doctor->in.s_addr) > ntohl(addr.s_addr) ||
! 676: ntohl(doctor->end.s_addr) < ntohl(addr.s_addr))
! 677: continue;
! 678:
! 679: addr.s_addr &= ~doctor->mask.s_addr;
! 680: addr.s_addr |= (doctor->out.s_addr & doctor->mask.s_addr);
! 681: /* Since we munged the data, the server it came from is no longer authoritative */
! 682: header->hb3 &= ~HB3_AA;
! 683: memcpy(p, &addr, INADDRSZ);
! 684: break;
! 685: }
! 686: }
! 687: else if (qtype == T_TXT && name && option_bool(OPT_LOG))
! 688: {
! 689: unsigned char *p1 = p;
! 690: if (!CHECK_LEN(header, p1, qlen, rdlen))
! 691: return 0;
! 692: while ((p1 - p) < rdlen)
! 693: {
! 694: unsigned int i, len = *p1;
! 695: unsigned char *p2 = p1;
! 696: /* make counted string zero-term and sanitise */
! 697: for (i = 0; i < len; i++)
! 698: {
! 699: if (!isprint((int)*(p2+1)))
! 700: break;
! 701:
! 702: *p2 = *(p2+1);
! 703: p2++;
! 704: }
! 705: *p2 = 0;
! 706: my_syslog(LOG_INFO, "reply %s is %s", name, p1);
! 707: /* restore */
! 708: memmove(p1 + 1, p1, i);
! 709: *p1 = len;
! 710: p1 += len+1;
! 711: }
! 712: }
! 713:
! 714: if (!ADD_RDLEN(header, p, qlen, rdlen))
! 715: return 0; /* bad packet */
! 716: }
! 717:
! 718: return p;
! 719: }
! 720:
! 721: static int find_soa(struct dns_header *header, size_t qlen, char *name)
! 722: {
! 723: unsigned char *p;
! 724: int qtype, qclass, rdlen;
! 725: unsigned long ttl, minttl = ULONG_MAX;
! 726: int i, found_soa = 0;
! 727:
! 728: /* first move to NS section and find TTL from any SOA section */
! 729: if (!(p = skip_questions(header, qlen)) ||
! 730: !(p = do_doctor(p, ntohs(header->ancount), header, qlen, name)))
! 731: return 0; /* bad packet */
! 732:
! 733: for (i = ntohs(header->nscount); i != 0; i--)
! 734: {
! 735: if (!(p = skip_name(p, header, qlen, 10)))
! 736: return 0; /* bad packet */
! 737:
! 738: GETSHORT(qtype, p);
! 739: GETSHORT(qclass, p);
! 740: GETLONG(ttl, p);
! 741: GETSHORT(rdlen, p);
! 742:
! 743: if ((qclass == C_IN) && (qtype == T_SOA))
! 744: {
! 745: found_soa = 1;
! 746: if (ttl < minttl)
! 747: minttl = ttl;
! 748:
! 749: /* MNAME */
! 750: if (!(p = skip_name(p, header, qlen, 0)))
! 751: return 0;
! 752: /* RNAME */
! 753: if (!(p = skip_name(p, header, qlen, 20)))
! 754: return 0;
! 755: p += 16; /* SERIAL REFRESH RETRY EXPIRE */
! 756:
! 757: GETLONG(ttl, p); /* minTTL */
! 758: if (ttl < minttl)
! 759: minttl = ttl;
! 760: }
! 761: else if (!ADD_RDLEN(header, p, qlen, rdlen))
! 762: return 0; /* bad packet */
! 763: }
! 764:
! 765: /* rewrite addresses in additioal section too */
! 766: if (!do_doctor(p, ntohs(header->arcount), header, qlen, NULL))
! 767: return 0;
! 768:
! 769: if (!found_soa)
! 770: minttl = daemon->neg_ttl;
! 771:
! 772: return minttl;
! 773: }
! 774:
! 775: /* Note that the following code can create CNAME chains that don't point to a real record,
! 776: either because of lack of memory, or lack of SOA records. These are treated by the cache code as
! 777: expired and cleaned out that way.
! 778: Return 1 if we reject an address because it look like part of dns-rebinding attack. */
! 779: int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t now,
! 780: char **ipsets, int is_sign, int check_rebind, int checking_disabled)
! 781: {
! 782: unsigned char *p, *p1, *endrr, *namep;
! 783: int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
! 784: unsigned long ttl = 0;
! 785: struct all_addr addr;
! 786: #ifdef HAVE_IPSET
! 787: char **ipsets_cur;
! 788: #else
! 789: (void)ipsets; /* unused */
! 790: #endif
! 791:
! 792: cache_start_insert();
! 793:
! 794: /* find_soa is needed for dns_doctor and logging side-effects, so don't call it lazily if there are any. */
! 795: if (daemon->doctors || option_bool(OPT_LOG))
! 796: {
! 797: searched_soa = 1;
! 798: ttl = find_soa(header, qlen, name);
! 799: }
! 800:
! 801: /* go through the questions. */
! 802: p = (unsigned char *)(header+1);
! 803:
! 804: for (i = ntohs(header->qdcount); i != 0; i--)
! 805: {
! 806: int found = 0, cname_count = 5;
! 807: struct crec *cpp = NULL;
! 808: int flags = RCODE(header) == NXDOMAIN ? F_NXDOMAIN : 0;
! 809: unsigned long cttl = ULONG_MAX, attl;
! 810:
! 811: namep = p;
! 812: if (!extract_name(header, qlen, &p, name, 1, 4))
! 813: return 0; /* bad packet */
! 814:
! 815: GETSHORT(qtype, p);
! 816: GETSHORT(qclass, p);
! 817:
! 818: if (qclass != C_IN)
! 819: continue;
! 820:
! 821: /* PTRs: we chase CNAMEs here, since we have no way to
! 822: represent them in the cache. */
! 823: if (qtype == T_PTR)
! 824: {
! 825: int name_encoding = in_arpa_name_2_addr(name, &addr);
! 826:
! 827: if (!name_encoding)
! 828: continue;
! 829:
! 830: if (!(flags & F_NXDOMAIN))
! 831: {
! 832: cname_loop:
! 833: if (!(p1 = skip_questions(header, qlen)))
! 834: return 0;
! 835:
! 836: for (j = ntohs(header->ancount); j != 0; j--)
! 837: {
! 838: unsigned char *tmp = namep;
! 839: /* the loop body overwrites the original name, so get it back here. */
! 840: if (!extract_name(header, qlen, &tmp, name, 1, 0) ||
! 841: !(res = extract_name(header, qlen, &p1, name, 0, 10)))
! 842: return 0; /* bad packet */
! 843:
! 844: GETSHORT(aqtype, p1);
! 845: GETSHORT(aqclass, p1);
! 846: GETLONG(attl, p1);
! 847: if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
! 848: {
! 849: (p1) -= 4;
! 850: PUTLONG(daemon->max_ttl, p1);
! 851: }
! 852: GETSHORT(ardlen, p1);
! 853: endrr = p1+ardlen;
! 854:
! 855: /* TTL of record is minimum of CNAMES and PTR */
! 856: if (attl < cttl)
! 857: cttl = attl;
! 858:
! 859: if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == T_PTR))
! 860: {
! 861: if (!extract_name(header, qlen, &p1, name, 1, 0))
! 862: return 0;
! 863:
! 864: if (aqtype == T_CNAME)
! 865: {
! 866: if (!cname_count--)
! 867: return 0; /* looped CNAMES */
! 868: goto cname_loop;
! 869: }
! 870:
! 871: cache_insert(name, &addr, now, cttl, name_encoding | F_REVERSE);
! 872: found = 1;
! 873: }
! 874:
! 875: p1 = endrr;
! 876: if (!CHECK_LEN(header, p1, qlen, 0))
! 877: return 0; /* bad packet */
! 878: }
! 879: }
! 880:
! 881: if (!found && !option_bool(OPT_NO_NEG))
! 882: {
! 883: if (!searched_soa)
! 884: {
! 885: searched_soa = 1;
! 886: ttl = find_soa(header, qlen, NULL);
! 887: }
! 888: if (ttl)
! 889: cache_insert(NULL, &addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags);
! 890: }
! 891: }
! 892: else
! 893: {
! 894: /* everything other than PTR */
! 895: struct crec *newc;
! 896: int addrlen;
! 897:
! 898: if (qtype == T_A)
! 899: {
! 900: addrlen = INADDRSZ;
! 901: flags |= F_IPV4;
! 902: }
! 903: #ifdef HAVE_IPV6
! 904: else if (qtype == T_AAAA)
! 905: {
! 906: addrlen = IN6ADDRSZ;
! 907: flags |= F_IPV6;
! 908: }
! 909: #endif
! 910: else
! 911: continue;
! 912:
! 913: if (!(flags & F_NXDOMAIN))
! 914: {
! 915: cname_loop1:
! 916: if (!(p1 = skip_questions(header, qlen)))
! 917: return 0;
! 918:
! 919: for (j = ntohs(header->ancount); j != 0; j--)
! 920: {
! 921: if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
! 922: return 0; /* bad packet */
! 923:
! 924: GETSHORT(aqtype, p1);
! 925: GETSHORT(aqclass, p1);
! 926: GETLONG(attl, p1);
! 927: if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
! 928: {
! 929: (p1) -= 4;
! 930: PUTLONG(daemon->max_ttl, p1);
! 931: }
! 932: GETSHORT(ardlen, p1);
! 933: endrr = p1+ardlen;
! 934:
! 935: if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == qtype))
! 936: {
! 937: if (aqtype == T_CNAME)
! 938: {
! 939: if (!cname_count--)
! 940: return 0; /* looped CNAMES */
! 941: newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD);
! 942: if (newc)
! 943: {
! 944: newc->addr.cname.cache = NULL;
! 945: if (cpp)
! 946: {
! 947: cpp->addr.cname.cache = newc;
! 948: cpp->addr.cname.uid = newc->uid;
! 949: }
! 950: }
! 951:
! 952: cpp = newc;
! 953: if (attl < cttl)
! 954: cttl = attl;
! 955:
! 956: if (!extract_name(header, qlen, &p1, name, 1, 0))
! 957: return 0;
! 958: goto cname_loop1;
! 959: }
! 960: else
! 961: {
! 962: found = 1;
! 963:
! 964: /* copy address into aligned storage */
! 965: if (!CHECK_LEN(header, p1, qlen, addrlen))
! 966: return 0; /* bad packet */
! 967: memcpy(&addr, p1, addrlen);
! 968:
! 969: /* check for returned address in private space */
! 970: if (check_rebind &&
! 971: (flags & F_IPV4) &&
! 972: private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
! 973: return 1;
! 974:
! 975: #ifdef HAVE_IPSET
! 976: if (ipsets && (flags & (F_IPV4 | F_IPV6)))
! 977: {
! 978: ipsets_cur = ipsets;
! 979: while (*ipsets_cur)
! 980: add_to_ipset(*ipsets_cur++, &addr, flags, 0);
! 981: }
! 982: #endif
! 983:
! 984: newc = cache_insert(name, &addr, now, attl, flags | F_FORWARD);
! 985: if (newc && cpp)
! 986: {
! 987: cpp->addr.cname.cache = newc;
! 988: cpp->addr.cname.uid = newc->uid;
! 989: }
! 990: cpp = NULL;
! 991: }
! 992: }
! 993:
! 994: p1 = endrr;
! 995: if (!CHECK_LEN(header, p1, qlen, 0))
! 996: return 0; /* bad packet */
! 997: }
! 998: }
! 999:
! 1000: if (!found && !option_bool(OPT_NO_NEG))
! 1001: {
! 1002: if (!searched_soa)
! 1003: {
! 1004: searched_soa = 1;
! 1005: ttl = find_soa(header, qlen, NULL);
! 1006: }
! 1007: /* If there's no SOA to get the TTL from, but there is a CNAME
! 1008: pointing at this, inherit its TTL */
! 1009: if (ttl || cpp)
! 1010: {
! 1011: newc = cache_insert(name, NULL, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags);
! 1012: if (newc && cpp)
! 1013: {
! 1014: cpp->addr.cname.cache = newc;
! 1015: cpp->addr.cname.uid = newc->uid;
! 1016: }
! 1017: }
! 1018: }
! 1019: }
! 1020: }
! 1021:
! 1022: /* Don't put stuff from a truncated packet into the cache.
! 1023: Don't cache replies where DNSSEC validation was turned off, either
! 1024: the upstream server told us so, or the original query specified it.
! 1025: Don't cache replies from non-recursive nameservers, since we may get a
! 1026: reply containing a CNAME but not its target, even though the target
! 1027: does exist. */
! 1028: if (!(header->hb3 & HB3_TC) &&
! 1029: !(header->hb4 & HB4_CD) &&
! 1030: (header->hb4 & HB4_RA) &&
! 1031: !checking_disabled)
! 1032: cache_end_insert();
! 1033:
! 1034: return 0;
! 1035: }
! 1036:
! 1037: /* If the packet holds exactly one query
! 1038: return F_IPV4 or F_IPV6 and leave the name from the query in name */
! 1039:
! 1040: unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, unsigned short *typep)
! 1041: {
! 1042: unsigned char *p = (unsigned char *)(header+1);
! 1043: int qtype, qclass;
! 1044:
! 1045: if (typep)
! 1046: *typep = 0;
! 1047:
! 1048: if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY)
! 1049: return 0; /* must be exactly one query. */
! 1050:
! 1051: if (!extract_name(header, qlen, &p, name, 1, 4))
! 1052: return 0; /* bad packet */
! 1053:
! 1054: GETSHORT(qtype, p);
! 1055: GETSHORT(qclass, p);
! 1056:
! 1057: if (typep)
! 1058: *typep = qtype;
! 1059:
! 1060: if (qclass == C_IN)
! 1061: {
! 1062: if (qtype == T_A)
! 1063: return F_IPV4;
! 1064: if (qtype == T_AAAA)
! 1065: return F_IPV6;
! 1066: if (qtype == T_ANY)
! 1067: return F_IPV4 | F_IPV6;
! 1068: }
! 1069:
! 1070: return F_QUERY;
! 1071: }
! 1072:
! 1073:
! 1074: size_t setup_reply(struct dns_header *header, size_t qlen,
! 1075: struct all_addr *addrp, unsigned int flags, unsigned long ttl)
! 1076: {
! 1077: unsigned char *p = skip_questions(header, qlen);
! 1078:
! 1079: /* clear authoritative and truncated flags, set QR flag */
! 1080: header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
! 1081: /* set RA flag */
! 1082: header->hb4 |= HB4_RA;
! 1083:
! 1084: header->nscount = htons(0);
! 1085: header->arcount = htons(0);
! 1086: header->ancount = htons(0); /* no answers unless changed below */
! 1087: if (flags == F_NEG)
! 1088: SET_RCODE(header, SERVFAIL); /* couldn't get memory */
! 1089: else if (flags == F_NOERR)
! 1090: SET_RCODE(header, NOERROR); /* empty domain */
! 1091: else if (flags == F_NXDOMAIN)
! 1092: SET_RCODE(header, NXDOMAIN);
! 1093: else if (p && flags == F_IPV4)
! 1094: { /* we know the address */
! 1095: SET_RCODE(header, NOERROR);
! 1096: header->ancount = htons(1);
! 1097: header->hb3 |= HB3_AA;
! 1098: add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
! 1099: }
! 1100: #ifdef HAVE_IPV6
! 1101: else if (p && flags == F_IPV6)
! 1102: {
! 1103: SET_RCODE(header, NOERROR);
! 1104: header->ancount = htons(1);
! 1105: header->hb3 |= HB3_AA;
! 1106: add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_AAAA, C_IN, "6", addrp);
! 1107: }
! 1108: #endif
! 1109: else /* nowhere to forward to */
! 1110: SET_RCODE(header, REFUSED);
! 1111:
! 1112: return p - (unsigned char *)header;
! 1113: }
! 1114:
! 1115: /* check if name matches local names ie from /etc/hosts or DHCP or local mx names. */
! 1116: int check_for_local_domain(char *name, time_t now)
! 1117: {
! 1118: struct crec *crecp;
! 1119: struct mx_srv_record *mx;
! 1120: struct txt_record *txt;
! 1121: struct interface_name *intr;
! 1122: struct ptr_record *ptr;
! 1123: struct naptr *naptr;
! 1124:
! 1125: if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6 | F_CNAME)) &&
! 1126: (crecp->flags & (F_HOSTS | F_DHCP)))
! 1127: return 1;
! 1128:
! 1129: for (naptr = daemon->naptr; naptr; naptr = naptr->next)
! 1130: if (hostname_isequal(name, naptr->name))
! 1131: return 1;
! 1132:
! 1133: for (mx = daemon->mxnames; mx; mx = mx->next)
! 1134: if (hostname_isequal(name, mx->name))
! 1135: return 1;
! 1136:
! 1137: for (txt = daemon->txt; txt; txt = txt->next)
! 1138: if (hostname_isequal(name, txt->name))
! 1139: return 1;
! 1140:
! 1141: for (intr = daemon->int_names; intr; intr = intr->next)
! 1142: if (hostname_isequal(name, intr->name))
! 1143: return 1;
! 1144:
! 1145: for (ptr = daemon->ptr; ptr; ptr = ptr->next)
! 1146: if (hostname_isequal(name, ptr->name))
! 1147: return 1;
! 1148:
! 1149: return 0;
! 1150: }
! 1151:
! 1152: /* Is the packet a reply with the answer address equal to addr?
! 1153: If so mung is into an NXDOMAIN reply and also put that information
! 1154: in the cache. */
! 1155: int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name,
! 1156: struct bogus_addr *baddr, time_t now)
! 1157: {
! 1158: unsigned char *p;
! 1159: int i, qtype, qclass, rdlen;
! 1160: unsigned long ttl;
! 1161: struct bogus_addr *baddrp;
! 1162:
! 1163: /* skip over questions */
! 1164: if (!(p = skip_questions(header, qlen)))
! 1165: return 0; /* bad packet */
! 1166:
! 1167: for (i = ntohs(header->ancount); i != 0; i--)
! 1168: {
! 1169: if (!extract_name(header, qlen, &p, name, 1, 10))
! 1170: return 0; /* bad packet */
! 1171:
! 1172: GETSHORT(qtype, p);
! 1173: GETSHORT(qclass, p);
! 1174: GETLONG(ttl, p);
! 1175: GETSHORT(rdlen, p);
! 1176:
! 1177: if (qclass == C_IN && qtype == T_A)
! 1178: {
! 1179: if (!CHECK_LEN(header, p, qlen, INADDRSZ))
! 1180: return 0;
! 1181:
! 1182: for (baddrp = baddr; baddrp; baddrp = baddrp->next)
! 1183: if (memcmp(&baddrp->addr, p, INADDRSZ) == 0)
! 1184: {
! 1185: /* Found a bogus address. Insert that info here, since there no SOA record
! 1186: to get the ttl from in the normal processing */
! 1187: cache_start_insert();
! 1188: cache_insert(name, NULL, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN | F_CONFIG);
! 1189: cache_end_insert();
! 1190:
! 1191: return 1;
! 1192: }
! 1193: }
! 1194:
! 1195: if (!ADD_RDLEN(header, p, qlen, rdlen))
! 1196: return 0;
! 1197: }
! 1198:
! 1199: return 0;
! 1200: }
! 1201:
! 1202: int add_resource_record(struct dns_header *header, char *limit, int *truncp, int nameoffset, unsigned char **pp,
! 1203: unsigned long ttl, int *offset, unsigned short type, unsigned short class, char *format, ...)
! 1204: {
! 1205: va_list ap;
! 1206: unsigned char *sav, *p = *pp;
! 1207: int j;
! 1208: unsigned short usval;
! 1209: long lval;
! 1210: char *sval;
! 1211:
! 1212: if (truncp && *truncp)
! 1213: return 0;
! 1214:
! 1215: va_start(ap, format); /* make ap point to 1st unamed argument */
! 1216:
! 1217: if (nameoffset > 0)
! 1218: {
! 1219: PUTSHORT(nameoffset | 0xc000, p);
! 1220: }
! 1221: else
! 1222: {
! 1223: char *name = va_arg(ap, char *);
! 1224: if (name)
! 1225: p = do_rfc1035_name(p, name);
! 1226: if (nameoffset < 0)
! 1227: {
! 1228: PUTSHORT(-nameoffset | 0xc000, p);
! 1229: }
! 1230: else
! 1231: *p++ = 0;
! 1232: }
! 1233:
! 1234: PUTSHORT(type, p);
! 1235: PUTSHORT(class, p);
! 1236: PUTLONG(ttl, p); /* TTL */
! 1237:
! 1238: sav = p; /* Save pointer to RDLength field */
! 1239: PUTSHORT(0, p); /* Placeholder RDLength */
! 1240:
! 1241: for (; *format; format++)
! 1242: switch (*format)
! 1243: {
! 1244: #ifdef HAVE_IPV6
! 1245: case '6':
! 1246: sval = va_arg(ap, char *);
! 1247: memcpy(p, sval, IN6ADDRSZ);
! 1248: p += IN6ADDRSZ;
! 1249: break;
! 1250: #endif
! 1251:
! 1252: case '4':
! 1253: sval = va_arg(ap, char *);
! 1254: memcpy(p, sval, INADDRSZ);
! 1255: p += INADDRSZ;
! 1256: break;
! 1257:
! 1258: case 's':
! 1259: usval = va_arg(ap, int);
! 1260: PUTSHORT(usval, p);
! 1261: break;
! 1262:
! 1263: case 'l':
! 1264: lval = va_arg(ap, long);
! 1265: PUTLONG(lval, p);
! 1266: break;
! 1267:
! 1268: case 'd':
! 1269: /* get domain-name answer arg and store it in RDATA field */
! 1270: if (offset)
! 1271: *offset = p - (unsigned char *)header;
! 1272: p = do_rfc1035_name(p, va_arg(ap, char *));
! 1273: *p++ = 0;
! 1274: break;
! 1275:
! 1276: case 't':
! 1277: usval = va_arg(ap, int);
! 1278: sval = va_arg(ap, char *);
! 1279: if (usval != 0)
! 1280: memcpy(p, sval, usval);
! 1281: p += usval;
! 1282: break;
! 1283:
! 1284: case 'z':
! 1285: sval = va_arg(ap, char *);
! 1286: usval = sval ? strlen(sval) : 0;
! 1287: if (usval > 255)
! 1288: usval = 255;
! 1289: *p++ = (unsigned char)usval;
! 1290: memcpy(p, sval, usval);
! 1291: p += usval;
! 1292: break;
! 1293: }
! 1294:
! 1295: va_end(ap); /* clean up variable argument pointer */
! 1296:
! 1297: j = p - sav - 2;
! 1298: PUTSHORT(j, sav); /* Now, store real RDLength */
! 1299:
! 1300: /* check for overflow of buffer */
! 1301: if (limit && ((unsigned char *)limit - p) < 0)
! 1302: {
! 1303: if (truncp)
! 1304: *truncp = 1;
! 1305: return 0;
! 1306: }
! 1307:
! 1308: *pp = p;
! 1309: return 1;
! 1310: }
! 1311:
! 1312: static unsigned long crec_ttl(struct crec *crecp, time_t now)
! 1313: {
! 1314: /* Return 0 ttl for DHCP entries, which might change
! 1315: before the lease expires. */
! 1316:
! 1317: if (crecp->flags & (F_IMMORTAL | F_DHCP))
! 1318: return daemon->local_ttl;
! 1319:
! 1320: /* Return the Max TTL value if it is lower then the actual TTL */
! 1321: if (daemon->max_ttl == 0 || ((unsigned)(crecp->ttd - now) < daemon->max_ttl))
! 1322: return crecp->ttd - now;
! 1323: else
! 1324: return daemon->max_ttl;
! 1325: }
! 1326:
! 1327:
! 1328: /* return zero if we can't answer from cache, or packet size if we can */
! 1329: size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
! 1330: struct in_addr local_addr, struct in_addr local_netmask, time_t now)
! 1331: {
! 1332: char *name = daemon->namebuff;
! 1333: unsigned char *p, *ansp, *pheader;
! 1334: int qtype, qclass;
! 1335: struct all_addr addr;
! 1336: int nameoffset;
! 1337: unsigned short flag;
! 1338: int q, ans, anscount = 0, addncount = 0;
! 1339: int dryrun = 0, sec_reqd = 0;
! 1340: int is_sign;
! 1341: struct crec *crecp;
! 1342: int nxdomain = 0, auth = 1, trunc = 0;
! 1343: struct mx_srv_record *rec;
! 1344:
! 1345: /* If there is an RFC2671 pseudoheader then it will be overwritten by
! 1346: partial replies, so we have to do a dry run to see if we can answer
! 1347: the query. We check to see if the do bit is set, if so we always
! 1348: forward rather than answering from the cache, which doesn't include
! 1349: security information. */
! 1350:
! 1351: if (find_pseudoheader(header, qlen, NULL, &pheader, &is_sign))
! 1352: {
! 1353: unsigned short udpsz, flags;
! 1354: unsigned char *psave = pheader;
! 1355:
! 1356: GETSHORT(udpsz, pheader);
! 1357: pheader += 2; /* ext_rcode */
! 1358: GETSHORT(flags, pheader);
! 1359:
! 1360: sec_reqd = flags & 0x8000; /* do bit */
! 1361:
! 1362: /* If our client is advertising a larger UDP packet size
! 1363: than we allow, trim it so that we don't get an overlarge
! 1364: response from upstream */
! 1365:
! 1366: if (!is_sign && (udpsz > daemon->edns_pktsz))
! 1367: PUTSHORT(daemon->edns_pktsz, psave);
! 1368:
! 1369: dryrun = 1;
! 1370: }
! 1371:
! 1372: if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
! 1373: return 0;
! 1374:
! 1375: for (rec = daemon->mxnames; rec; rec = rec->next)
! 1376: rec->offset = 0;
! 1377:
! 1378: rerun:
! 1379: /* determine end of question section (we put answers there) */
! 1380: if (!(ansp = skip_questions(header, qlen)))
! 1381: return 0; /* bad packet */
! 1382:
! 1383: /* now process each question, answers go in RRs after the question */
! 1384: p = (unsigned char *)(header+1);
! 1385:
! 1386: for (q = ntohs(header->qdcount); q != 0; q--)
! 1387: {
! 1388: /* save pointer to name for copying into answers */
! 1389: nameoffset = p - (unsigned char *)header;
! 1390:
! 1391: /* now extract name as .-concatenated string into name */
! 1392: if (!extract_name(header, qlen, &p, name, 1, 4))
! 1393: return 0; /* bad packet */
! 1394:
! 1395: GETSHORT(qtype, p);
! 1396: GETSHORT(qclass, p);
! 1397:
! 1398: ans = 0; /* have we answered this question */
! 1399:
! 1400: if (qtype == T_TXT || qtype == T_ANY)
! 1401: {
! 1402: struct txt_record *t;
! 1403: for(t = daemon->txt; t ; t = t->next)
! 1404: {
! 1405: if (t->class == qclass && hostname_isequal(name, t->name))
! 1406: {
! 1407: ans = 1;
! 1408: if (!dryrun)
! 1409: {
! 1410: log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
! 1411: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1412: daemon->local_ttl, NULL,
! 1413: T_TXT, t->class, "t", t->len, t->txt))
! 1414: anscount++;
! 1415:
! 1416: }
! 1417: }
! 1418: }
! 1419: }
! 1420:
! 1421: if (qclass == C_IN)
! 1422: {
! 1423: struct txt_record *t;
! 1424:
! 1425: for (t = daemon->rr; t; t = t->next)
! 1426: if ((t->class == qtype || qtype == T_ANY) && hostname_isequal(name, t->name))
! 1427: {
! 1428: ans = 1;
! 1429: if (!dryrun)
! 1430: {
! 1431: log_query(F_CONFIG | F_RRNAME, name, NULL, "<RR>");
! 1432: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1433: daemon->local_ttl, NULL,
! 1434: t->class, C_IN, "t", t->len, t->txt))
! 1435: anscount ++;
! 1436: }
! 1437: }
! 1438:
! 1439: if (qtype == T_PTR || qtype == T_ANY)
! 1440: {
! 1441: /* see if it's w.z.y.z.in-addr.arpa format */
! 1442: int is_arpa = in_arpa_name_2_addr(name, &addr);
! 1443: struct ptr_record *ptr;
! 1444: struct interface_name* intr = NULL;
! 1445:
! 1446: for (ptr = daemon->ptr; ptr; ptr = ptr->next)
! 1447: if (hostname_isequal(name, ptr->name))
! 1448: break;
! 1449:
! 1450: if (is_arpa == F_IPV4)
! 1451: for (intr = daemon->int_names; intr; intr = intr->next)
! 1452: {
! 1453: if (addr.addr.addr4.s_addr == get_ifaddr(intr->intr).s_addr)
! 1454: break;
! 1455: else
! 1456: while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
! 1457: intr = intr->next;
! 1458: }
! 1459:
! 1460: if (intr)
! 1461: {
! 1462: ans = 1;
! 1463: if (!dryrun)
! 1464: {
! 1465: log_query(F_IPV4 | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
! 1466: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1467: daemon->local_ttl, NULL,
! 1468: T_PTR, C_IN, "d", intr->name))
! 1469: anscount++;
! 1470: }
! 1471: }
! 1472: else if (ptr)
! 1473: {
! 1474: ans = 1;
! 1475: if (!dryrun)
! 1476: {
! 1477: log_query(F_CONFIG | F_RRNAME, name, NULL, "<PTR>");
! 1478: for (ptr = daemon->ptr; ptr; ptr = ptr->next)
! 1479: if (hostname_isequal(name, ptr->name) &&
! 1480: add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1481: daemon->local_ttl, NULL,
! 1482: T_PTR, C_IN, "d", ptr->ptr))
! 1483: anscount++;
! 1484:
! 1485: }
! 1486: }
! 1487: else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
! 1488: do
! 1489: {
! 1490: /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
! 1491: if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
! 1492: continue;
! 1493:
! 1494: if (crecp->flags & F_NEG)
! 1495: {
! 1496: ans = 1;
! 1497: auth = 0;
! 1498: if (crecp->flags & F_NXDOMAIN)
! 1499: nxdomain = 1;
! 1500: if (!dryrun)
! 1501: log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL);
! 1502: }
! 1503: else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
! 1504: {
! 1505: ans = 1;
! 1506: if (!(crecp->flags & (F_HOSTS | F_DHCP)))
! 1507: auth = 0;
! 1508: if (!dryrun)
! 1509: {
! 1510: log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr,
! 1511: record_source(crecp->uid));
! 1512:
! 1513: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1514: crec_ttl(crecp, now), NULL,
! 1515: T_PTR, C_IN, "d", cache_get_name(crecp)))
! 1516: anscount++;
! 1517: }
! 1518: }
! 1519: } while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa)));
! 1520: else if (is_arpa == F_IPV4 &&
! 1521: option_bool(OPT_BOGUSPRIV) &&
! 1522: private_net(addr.addr.addr4, 1))
! 1523: {
! 1524: /* if not in cache, enabled and private IPV4 address, return NXDOMAIN */
! 1525: ans = 1;
! 1526: nxdomain = 1;
! 1527: if (!dryrun)
! 1528: log_query(F_CONFIG | F_REVERSE | F_IPV4 | F_NEG | F_NXDOMAIN,
! 1529: name, &addr, NULL);
! 1530: }
! 1531: }
! 1532:
! 1533: for (flag = F_IPV4; flag; flag = (flag == F_IPV4) ? F_IPV6 : 0)
! 1534: {
! 1535: unsigned short type = T_A;
! 1536:
! 1537: if (flag == F_IPV6)
! 1538: #ifdef HAVE_IPV6
! 1539: type = T_AAAA;
! 1540: #else
! 1541: break;
! 1542: #endif
! 1543:
! 1544: if (qtype != type && qtype != T_ANY)
! 1545: continue;
! 1546:
! 1547: /* Check for "A for A" queries; be rather conservative
! 1548: about what looks like dotted-quad. */
! 1549: if (qtype == T_A)
! 1550: {
! 1551: char *cp;
! 1552: unsigned int i, a;
! 1553: int x;
! 1554:
! 1555: for (cp = name, i = 0, a = 0; *cp; i++)
! 1556: {
! 1557: if (!isdigit((unsigned char)*cp) || (x = strtol(cp, &cp, 10)) > 255)
! 1558: {
! 1559: i = 5;
! 1560: break;
! 1561: }
! 1562:
! 1563: a = (a << 8) + x;
! 1564:
! 1565: if (*cp == '.')
! 1566: cp++;
! 1567: }
! 1568:
! 1569: if (i == 4)
! 1570: {
! 1571: ans = 1;
! 1572: if (!dryrun)
! 1573: {
! 1574: addr.addr.addr4.s_addr = htonl(a);
! 1575: log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, NULL);
! 1576: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1577: daemon->local_ttl, NULL, type, C_IN, "4", &addr))
! 1578: anscount++;
! 1579: }
! 1580: continue;
! 1581: }
! 1582: }
! 1583:
! 1584: /* interface name stuff */
! 1585: if (qtype == T_A)
! 1586: {
! 1587: struct interface_name *intr;
! 1588:
! 1589: for (intr = daemon->int_names; intr; intr = intr->next)
! 1590: if (hostname_isequal(name, intr->name))
! 1591: break;
! 1592:
! 1593: if (intr)
! 1594: {
! 1595: ans = 1;
! 1596: if (!dryrun)
! 1597: {
! 1598: if ((addr.addr.addr4 = get_ifaddr(intr->intr)).s_addr == (in_addr_t) -1)
! 1599: log_query(F_FORWARD | F_CONFIG | F_IPV4 | F_NEG, name, NULL, NULL);
! 1600: else
! 1601: {
! 1602: log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, NULL);
! 1603: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1604: daemon->local_ttl, NULL, type, C_IN, "4", &addr))
! 1605: anscount++;
! 1606: }
! 1607: }
! 1608: continue;
! 1609: }
! 1610: }
! 1611:
! 1612: cname_restart:
! 1613: if ((crecp = cache_find_by_name(NULL, name, now, flag | F_CNAME)))
! 1614: {
! 1615: int localise = 0;
! 1616:
! 1617: /* See if a putative address is on the network from which we recieved
! 1618: the query, is so we'll filter other answers. */
! 1619: if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && flag == F_IPV4)
! 1620: {
! 1621: struct crec *save = crecp;
! 1622: do {
! 1623: if ((crecp->flags & F_HOSTS) &&
! 1624: is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask))
! 1625: {
! 1626: localise = 1;
! 1627: break;
! 1628: }
! 1629: } while ((crecp = cache_find_by_name(crecp, name, now, flag | F_CNAME)));
! 1630: crecp = save;
! 1631: }
! 1632:
! 1633: do
! 1634: {
! 1635: /* don't answer wildcard queries with data not from /etc/hosts
! 1636: or DHCP leases */
! 1637: if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
! 1638: break;
! 1639:
! 1640: if (crecp->flags & F_CNAME)
! 1641: {
! 1642: if (!dryrun)
! 1643: {
! 1644: log_query(crecp->flags, name, NULL, record_source(crecp->uid));
! 1645: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1646: crec_ttl(crecp, now), &nameoffset,
! 1647: T_CNAME, C_IN, "d", cache_get_name(crecp->addr.cname.cache)))
! 1648: anscount++;
! 1649: }
! 1650:
! 1651: strcpy(name, cache_get_name(crecp->addr.cname.cache));
! 1652: goto cname_restart;
! 1653: }
! 1654:
! 1655: if (crecp->flags & F_NEG)
! 1656: {
! 1657: ans = 1;
! 1658: auth = 0;
! 1659: if (crecp->flags & F_NXDOMAIN)
! 1660: nxdomain = 1;
! 1661: if (!dryrun)
! 1662: log_query(crecp->flags, name, NULL, NULL);
! 1663: }
! 1664: else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
! 1665: {
! 1666: /* If we are returning local answers depending on network,
! 1667: filter here. */
! 1668: if (localise &&
! 1669: (crecp->flags & F_HOSTS) &&
! 1670: !is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask))
! 1671: continue;
! 1672:
! 1673: if (!(crecp->flags & (F_HOSTS | F_DHCP)))
! 1674: auth = 0;
! 1675:
! 1676: ans = 1;
! 1677: if (!dryrun)
! 1678: {
! 1679: log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr.addr,
! 1680: record_source(crecp->uid));
! 1681:
! 1682: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1683: crec_ttl(crecp, now), NULL, type, C_IN,
! 1684: type == T_A ? "4" : "6", &crecp->addr))
! 1685: anscount++;
! 1686: }
! 1687: }
! 1688: } while ((crecp = cache_find_by_name(crecp, name, now, flag | F_CNAME)));
! 1689: }
! 1690: }
! 1691:
! 1692: if (qtype == T_CNAME || qtype == T_ANY)
! 1693: {
! 1694: if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME)) &&
! 1695: (qtype == T_CNAME || (crecp->flags & (F_HOSTS | F_DHCP))))
! 1696: {
! 1697: ans = 1;
! 1698: if (!dryrun)
! 1699: {
! 1700: log_query(crecp->flags, name, NULL, record_source(crecp->uid));
! 1701: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
! 1702: crec_ttl(crecp, now), &nameoffset,
! 1703: T_CNAME, C_IN, "d", cache_get_name(crecp->addr.cname.cache)))
! 1704: anscount++;
! 1705: }
! 1706: }
! 1707: }
! 1708:
! 1709: if (qtype == T_MX || qtype == T_ANY)
! 1710: {
! 1711: int found = 0;
! 1712: for (rec = daemon->mxnames; rec; rec = rec->next)
! 1713: if (!rec->issrv && hostname_isequal(name, rec->name))
! 1714: {
! 1715: ans = found = 1;
! 1716: if (!dryrun)
! 1717: {
! 1718: int offset;
! 1719: log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
! 1720: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
! 1721: &offset, T_MX, C_IN, "sd", rec->weight, rec->target))
! 1722: {
! 1723: anscount++;
! 1724: if (rec->target)
! 1725: rec->offset = offset;
! 1726: }
! 1727: }
! 1728: }
! 1729:
! 1730: if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) &&
! 1731: cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP))
! 1732: {
! 1733: ans = 1;
! 1734: if (!dryrun)
! 1735: {
! 1736: log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
! 1737: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL,
! 1738: T_MX, C_IN, "sd", 1,
! 1739: option_bool(OPT_SELFMX) ? name : daemon->mxtarget))
! 1740: anscount++;
! 1741: }
! 1742: }
! 1743: }
! 1744:
! 1745: if (qtype == T_SRV || qtype == T_ANY)
! 1746: {
! 1747: int found = 0;
! 1748: struct mx_srv_record *move = NULL, **up = &daemon->mxnames;
! 1749:
! 1750: for (rec = daemon->mxnames; rec; rec = rec->next)
! 1751: if (rec->issrv && hostname_isequal(name, rec->name))
! 1752: {
! 1753: found = ans = 1;
! 1754: if (!dryrun)
! 1755: {
! 1756: int offset;
! 1757: log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>");
! 1758: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
! 1759: &offset, T_SRV, C_IN, "sssd",
! 1760: rec->priority, rec->weight, rec->srvport, rec->target))
! 1761: {
! 1762: anscount++;
! 1763: if (rec->target)
! 1764: rec->offset = offset;
! 1765: }
! 1766: }
! 1767:
! 1768: /* unlink first SRV record found */
! 1769: if (!move)
! 1770: {
! 1771: move = rec;
! 1772: *up = rec->next;
! 1773: }
! 1774: else
! 1775: up = &rec->next;
! 1776: }
! 1777: else
! 1778: up = &rec->next;
! 1779:
! 1780: /* put first SRV record back at the end. */
! 1781: if (move)
! 1782: {
! 1783: *up = move;
! 1784: move->next = NULL;
! 1785: }
! 1786:
! 1787: if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_'))))
! 1788: {
! 1789: ans = 1;
! 1790: if (!dryrun)
! 1791: log_query(F_CONFIG | F_NEG, name, NULL, NULL);
! 1792: }
! 1793: }
! 1794:
! 1795: if (qtype == T_NAPTR || qtype == T_ANY)
! 1796: {
! 1797: struct naptr *na;
! 1798: for (na = daemon->naptr; na; na = na->next)
! 1799: if (hostname_isequal(name, na->name))
! 1800: {
! 1801: ans = 1;
! 1802: if (!dryrun)
! 1803: {
! 1804: log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
! 1805: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
! 1806: NULL, T_NAPTR, C_IN, "sszzzd",
! 1807: na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
! 1808: anscount++;
! 1809: }
! 1810: }
! 1811: }
! 1812:
! 1813: if (qtype == T_MAILB)
! 1814: ans = 1, nxdomain = 1;
! 1815:
! 1816: if (qtype == T_SOA && option_bool(OPT_FILTER))
! 1817: {
! 1818: ans = 1;
! 1819: if (!dryrun)
! 1820: log_query(F_CONFIG | F_NEG, name, &addr, NULL);
! 1821: }
! 1822: }
! 1823:
! 1824: if (!ans)
! 1825: return 0; /* failed to answer a question */
! 1826: }
! 1827:
! 1828: if (dryrun)
! 1829: {
! 1830: dryrun = 0;
! 1831: goto rerun;
! 1832: }
! 1833:
! 1834: /* create an additional data section, for stuff in SRV and MX record replies. */
! 1835: for (rec = daemon->mxnames; rec; rec = rec->next)
! 1836: if (rec->offset != 0)
! 1837: {
! 1838: /* squash dupes */
! 1839: struct mx_srv_record *tmp;
! 1840: for (tmp = rec->next; tmp; tmp = tmp->next)
! 1841: if (tmp->offset != 0 && hostname_isequal(rec->target, tmp->target))
! 1842: tmp->offset = 0;
! 1843:
! 1844: crecp = NULL;
! 1845: while ((crecp = cache_find_by_name(crecp, rec->target, now, F_IPV4 | F_IPV6)))
! 1846: {
! 1847: #ifdef HAVE_IPV6
! 1848: int type = crecp->flags & F_IPV4 ? T_A : T_AAAA;
! 1849: #else
! 1850: int type = T_A;
! 1851: #endif
! 1852: if (crecp->flags & F_NEG)
! 1853: continue;
! 1854:
! 1855: if (add_resource_record(header, limit, NULL, rec->offset, &ansp,
! 1856: crec_ttl(crecp, now), NULL, type, C_IN,
! 1857: crecp->flags & F_IPV4 ? "4" : "6", &crecp->addr))
! 1858: addncount++;
! 1859: }
! 1860: }
! 1861:
! 1862: /* done all questions, set up header and return length of result */
! 1863: /* clear authoritative and truncated flags, set QR flag */
! 1864: header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
! 1865: /* set RA flag */
! 1866: header->hb4 |= HB4_RA;
! 1867:
! 1868: /* authoritive - only hosts and DHCP derived names. */
! 1869: if (auth)
! 1870: header->hb3 |= HB3_AA;
! 1871:
! 1872: /* truncation */
! 1873: if (trunc)
! 1874: header->hb3 |= HB3_TC;
! 1875:
! 1876: if (anscount == 0 && nxdomain)
! 1877: SET_RCODE(header, NXDOMAIN);
! 1878: else
! 1879: SET_RCODE(header, NOERROR); /* no error */
! 1880: header->ancount = htons(anscount);
! 1881: header->nscount = htons(0);
! 1882: header->arcount = htons(addncount);
! 1883: return ansp - (unsigned char *)header;
! 1884: }
! 1885:
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rfc1035.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src