![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to rfc1035.c CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src|
Return to rfc1035.c CVS log | Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / dnsmasq / src |
1.1 misho 1: /* dnsmasq is Copyright (c) 2000-2013 Simon Kelley
2:
3: This program is free software; you can redistribute it and/or modify
4: it under the terms of the GNU General Public License as published by
5: the Free Software Foundation; version 2 dated June, 1991, or
6: (at your option) version 3 dated 29 June, 2007.
7:
8: This program is distributed in the hope that it will be useful,
9: but WITHOUT ANY WARRANTY; without even the implied warranty of
10: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11: GNU General Public License for more details.
12:
13: You should have received a copy of the GNU General Public License
14: along with this program. If not, see <http://www.gnu.org/licenses/>.
15: */
16:
17: #include "dnsmasq.h"
18:
19:
20: #define CHECK_LEN(header, pp, plen, len) \
21: ((size_t)((pp) - (unsigned char *)(header) + (len)) <= (plen))
22:
23: #define ADD_RDLEN(header, pp, plen, len) \
24: (!CHECK_LEN(header, pp, plen, len) ? 0 : (((pp) += (len)), 1))
25:
26: int extract_name(struct dns_header *header, size_t plen, unsigned char **pp,
27: char *name, int isExtract, int extrabytes)
28: {
29: unsigned char *cp = (unsigned char *)name, *p = *pp, *p1 = NULL;
30: unsigned int j, l, hops = 0;
31: int retvalue = 1;
32:
33: if (isExtract)
34: *cp = 0;
35:
36: while (1)
37: {
38: unsigned int label_type;
39:
40: if (!CHECK_LEN(header, p, plen, 1))
41: return 0;
42:
43: if ((l = *p++) == 0)
44: /* end marker */
45: {
46: /* check that there are the correct no of bytes after the name */
47: if (!CHECK_LEN(header, p, plen, extrabytes))
48: return 0;
49:
50: if (isExtract)
51: {
52: if (cp != (unsigned char *)name)
53: cp--;
54: *cp = 0; /* terminate: lose final period */
55: }
56: else if (*cp != 0)
57: retvalue = 2;
58:
59: if (p1) /* we jumped via compression */
60: *pp = p1;
61: else
62: *pp = p;
63:
64: return retvalue;
65: }
66:
67: label_type = l & 0xc0;
68:
69: if (label_type == 0xc0) /* pointer */
70: {
71: if (!CHECK_LEN(header, p, plen, 1))
72: return 0;
73:
74: /* get offset */
75: l = (l&0x3f) << 8;
76: l |= *p++;
77:
78: if (!p1) /* first jump, save location to go back to */
79: p1 = p;
80:
81: hops++; /* break malicious infinite loops */
82: if (hops > 255)
83: return 0;
84:
85: p = l + (unsigned char *)header;
86: }
87: else if (label_type == 0x80)
88: return 0; /* reserved */
89: else if (label_type == 0x40)
90: { /* ELT */
91: unsigned int count, digs;
92:
93: if ((l & 0x3f) != 1)
94: return 0; /* we only understand bitstrings */
95:
96: if (!isExtract)
97: return 0; /* Cannot compare bitsrings */
98:
99: count = *p++;
100: if (count == 0)
101: count = 256;
102: digs = ((count-1)>>2)+1;
103:
104: /* output is \[x<hex>/siz]. which is digs+9 chars */
105: if (cp - (unsigned char *)name + digs + 9 >= MAXDNAME)
106: return 0;
107: if (!CHECK_LEN(header, p, plen, (count-1)>>3))
108: return 0;
109:
110: *cp++ = '\\';
111: *cp++ = '[';
112: *cp++ = 'x';
113: for (j=0; j<digs; j++)
114: {
115: unsigned int dig;
116: if (j%2 == 0)
117: dig = *p >> 4;
118: else
119: dig = *p++ & 0x0f;
120:
121: *cp++ = dig < 10 ? dig + '0' : dig + 'A' - 10;
122: }
123: cp += sprintf((char *)cp, "/%d]", count);
124: /* do this here to overwrite the zero char from sprintf */
125: *cp++ = '.';
126: }
127: else
128: { /* label_type = 0 -> label. */
129: if (cp - (unsigned char *)name + l + 1 >= MAXDNAME)
130: return 0;
131: if (!CHECK_LEN(header, p, plen, l))
132: return 0;
133:
134: for(j=0; j<l; j++, p++)
135: if (isExtract)
136: {
137: unsigned char c = *p;
138: if (isascii(c) && !iscntrl(c) && c != '.')
139: *cp++ = *p;
140: else
141: return 0;
142: }
143: else
144: {
145: unsigned char c1 = *cp, c2 = *p;
146:
147: if (c1 == 0)
148: retvalue = 2;
149: else
150: {
151: cp++;
152: if (c1 >= 'A' && c1 <= 'Z')
153: c1 += 'a' - 'A';
154: if (c2 >= 'A' && c2 <= 'Z')
155: c2 += 'a' - 'A';
156:
157: if (c1 != c2)
158: retvalue = 2;
159: }
160: }
161:
162: if (isExtract)
163: *cp++ = '.';
164: else if (*cp != 0 && *cp++ != '.')
165: retvalue = 2;
166: }
167: }
168: }
169:
170: /* Max size of input string (for IPv6) is 75 chars.) */
171: #define MAXARPANAME 75
172: int in_arpa_name_2_addr(char *namein, struct all_addr *addrp)
173: {
174: int j;
175: char name[MAXARPANAME+1], *cp1;
176: unsigned char *addr = (unsigned char *)addrp;
177: char *lastchunk = NULL, *penchunk = NULL;
178:
179: if (strlen(namein) > MAXARPANAME)
180: return 0;
181:
182: memset(addrp, 0, sizeof(struct all_addr));
183:
184: /* turn name into a series of asciiz strings */
185: /* j counts no of labels */
186: for(j = 1,cp1 = name; *namein; cp1++, namein++)
187: if (*namein == '.')
188: {
189: penchunk = lastchunk;
190: lastchunk = cp1 + 1;
191: *cp1 = 0;
192: j++;
193: }
194: else
195: *cp1 = *namein;
196:
197: *cp1 = 0;
198:
199: if (j<3)
200: return 0;
201:
202: if (hostname_isequal(lastchunk, "arpa") && hostname_isequal(penchunk, "in-addr"))
203: {
204: /* IP v4 */
205: /* address arives as a name of the form
206: www.xxx.yyy.zzz.in-addr.arpa
207: some of the low order address octets might be missing
208: and should be set to zero. */
209: for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
210: {
211: /* check for digits only (weeds out things like
212: 50.0/24.67.28.64.in-addr.arpa which are used
213: as CNAME targets according to RFC 2317 */
214: char *cp;
215: for (cp = cp1; *cp; cp++)
216: if (!isdigit((unsigned char)*cp))
217: return 0;
218:
219: addr[3] = addr[2];
220: addr[2] = addr[1];
221: addr[1] = addr[0];
222: addr[0] = atoi(cp1);
223: }
224:
225: return F_IPV4;
226: }
227: #ifdef HAVE_IPV6
228: else if (hostname_isequal(penchunk, "ip6") &&
229: (hostname_isequal(lastchunk, "int") || hostname_isequal(lastchunk, "arpa")))
230: {
231: /* IP v6:
232: Address arrives as 0.1.2.3.4.5.6.7.8.9.a.b.c.d.e.f.ip6.[int|arpa]
233: or \[xfedcba9876543210fedcba9876543210/128].ip6.[int|arpa]
234:
235: Note that most of these the various reprentations are obsolete and
236: left-over from the many DNS-for-IPv6 wars. We support all the formats
237: that we can since there is no reason not to.
238: */
239:
240: if (*name == '\\' && *(name+1) == '[' &&
241: (*(name+2) == 'x' || *(name+2) == 'X'))
242: {
243: for (j = 0, cp1 = name+3; *cp1 && isxdigit((unsigned char) *cp1) && j < 32; cp1++, j++)
244: {
245: char xdig[2];
246: xdig[0] = *cp1;
247: xdig[1] = 0;
248: if (j%2)
249: addr[j/2] |= strtol(xdig, NULL, 16);
250: else
251: addr[j/2] = strtol(xdig, NULL, 16) << 4;
252: }
253:
254: if (*cp1 == '/' && j == 32)
255: return F_IPV6;
256: }
257: else
258: {
259: for (cp1 = name; cp1 != penchunk; cp1 += strlen(cp1)+1)
260: {
261: if (*(cp1+1) || !isxdigit((unsigned char)*cp1))
262: return 0;
263:
264: for (j = sizeof(struct all_addr)-1; j>0; j--)
265: addr[j] = (addr[j] >> 4) | (addr[j-1] << 4);
266: addr[0] = (addr[0] >> 4) | (strtol(cp1, NULL, 16) << 4);
267: }
268:
269: return F_IPV6;
270: }
271: }
272: #endif
273:
274: return 0;
275: }
276:
277: static unsigned char *skip_name(unsigned char *ansp, struct dns_header *header, size_t plen, int extrabytes)
278: {
279: while(1)
280: {
281: unsigned int label_type;
282:
283: if (!CHECK_LEN(header, ansp, plen, 1))
284: return NULL;
285:
286: label_type = (*ansp) & 0xc0;
287:
288: if (label_type == 0xc0)
289: {
290: /* pointer for compression. */
291: ansp += 2;
292: break;
293: }
294: else if (label_type == 0x80)
295: return NULL; /* reserved */
296: else if (label_type == 0x40)
297: {
298: /* Extended label type */
299: unsigned int count;
300:
301: if (!CHECK_LEN(header, ansp, plen, 2))
302: return NULL;
303:
304: if (((*ansp++) & 0x3f) != 1)
305: return NULL; /* we only understand bitstrings */
306:
307: count = *(ansp++); /* Bits in bitstring */
308:
309: if (count == 0) /* count == 0 means 256 bits */
310: ansp += 32;
311: else
312: ansp += ((count-1)>>3)+1;
313: }
314: else
315: { /* label type == 0 Bottom six bits is length */
316: unsigned int len = (*ansp++) & 0x3f;
317:
318: if (!ADD_RDLEN(header, ansp, plen, len))
319: return NULL;
320:
321: if (len == 0)
322: break; /* zero length label marks the end. */
323: }
324: }
325:
326: if (!CHECK_LEN(header, ansp, plen, extrabytes))
327: return NULL;
328:
329: return ansp;
330: }
331:
332: unsigned char *skip_questions(struct dns_header *header, size_t plen)
333: {
334: int q;
335: unsigned char *ansp = (unsigned char *)(header+1);
336:
337: for (q = ntohs(header->qdcount); q != 0; q--)
338: {
339: if (!(ansp = skip_name(ansp, header, plen, 4)))
340: return NULL;
341: ansp += 4; /* class and type */
342: }
343:
344: return ansp;
345: }
346:
347: static unsigned char *skip_section(unsigned char *ansp, int count, struct dns_header *header, size_t plen)
348: {
349: int i, rdlen;
350:
351: for (i = 0; i < count; i++)
352: {
353: if (!(ansp = skip_name(ansp, header, plen, 10)))
354: return NULL;
355: ansp += 8; /* type, class, TTL */
356: GETSHORT(rdlen, ansp);
357: if (!ADD_RDLEN(header, ansp, plen, rdlen))
358: return NULL;
359: }
360:
361: return ansp;
362: }
363:
364: /* CRC the question section. This is used to safely detect query
365: retransmision and to detect answers to questions we didn't ask, which
366: might be poisoning attacks. Note that we decode the name rather
367: than CRC the raw bytes, since replies might be compressed differently.
368: We ignore case in the names for the same reason. Return all-ones
369: if there is not question section. */
370: unsigned int questions_crc(struct dns_header *header, size_t plen, char *name)
371: {
372: int q;
373: unsigned int crc = 0xffffffff;
374: unsigned char *p1, *p = (unsigned char *)(header+1);
375:
376: for (q = ntohs(header->qdcount); q != 0; q--)
377: {
378: if (!extract_name(header, plen, &p, name, 1, 4))
379: return crc; /* bad packet */
380:
381: for (p1 = (unsigned char *)name; *p1; p1++)
382: {
383: int i = 8;
384: char c = *p1;
385:
386: if (c >= 'A' && c <= 'Z')
387: c += 'a' - 'A';
388:
389: crc ^= c << 24;
390: while (i--)
391: crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
392: }
393:
394: /* CRC the class and type as well */
395: for (p1 = p; p1 < p+4; p1++)
396: {
397: int i = 8;
398: crc ^= *p1 << 24;
399: while (i--)
400: crc = crc & 0x80000000 ? (crc << 1) ^ 0x04c11db7 : crc << 1;
401: }
402:
403: p += 4;
404: if (!CHECK_LEN(header, p, plen, 0))
405: return crc; /* bad packet */
406: }
407:
408: return crc;
409: }
410:
411:
412: size_t resize_packet(struct dns_header *header, size_t plen, unsigned char *pheader, size_t hlen)
413: {
414: unsigned char *ansp = skip_questions(header, plen);
415:
416: /* if packet is malformed, just return as-is. */
417: if (!ansp)
418: return plen;
419:
420: if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount) + ntohs(header->arcount),
421: header, plen)))
422: return plen;
423:
424: /* restore pseudoheader */
425: if (pheader && ntohs(header->arcount) == 0)
426: {
427: /* must use memmove, may overlap */
428: memmove(ansp, pheader, hlen);
429: header->arcount = htons(1);
430: ansp += hlen;
431: }
432:
433: return ansp - (unsigned char *)header;
434: }
435:
436: unsigned char *find_pseudoheader(struct dns_header *header, size_t plen, size_t *len, unsigned char **p, int *is_sign)
437: {
438: /* See if packet has an RFC2671 pseudoheader, and if so return a pointer to it.
439: also return length of pseudoheader in *len and pointer to the UDP size in *p
440: Finally, check to see if a packet is signed. If it is we cannot change a single bit before
441: forwarding. We look for SIG and TSIG in the addition section, and TKEY queries (for GSS-TSIG) */
442:
443: int i, arcount = ntohs(header->arcount);
444: unsigned char *ansp = (unsigned char *)(header+1);
445: unsigned short rdlen, type, class;
446: unsigned char *ret = NULL;
447:
448: if (is_sign)
449: {
450: *is_sign = 0;
451:
452: if (OPCODE(header) == QUERY)
453: {
454: for (i = ntohs(header->qdcount); i != 0; i--)
455: {
456: if (!(ansp = skip_name(ansp, header, plen, 4)))
457: return NULL;
458:
459: GETSHORT(type, ansp);
460: GETSHORT(class, ansp);
461:
462: if (class == C_IN && type == T_TKEY)
463: *is_sign = 1;
464: }
465: }
466: }
467: else
468: {
469: if (!(ansp = skip_questions(header, plen)))
470: return NULL;
471: }
472:
473: if (arcount == 0)
474: return NULL;
475:
476: if (!(ansp = skip_section(ansp, ntohs(header->ancount) + ntohs(header->nscount), header, plen)))
477: return NULL;
478:
479: for (i = 0; i < arcount; i++)
480: {
481: unsigned char *save, *start = ansp;
482: if (!(ansp = skip_name(ansp, header, plen, 10)))
483: return NULL;
484:
485: GETSHORT(type, ansp);
486: save = ansp;
487: GETSHORT(class, ansp);
488: ansp += 4; /* TTL */
489: GETSHORT(rdlen, ansp);
490: if (!ADD_RDLEN(header, ansp, plen, rdlen))
491: return NULL;
492: if (type == T_OPT)
493: {
494: if (len)
495: *len = ansp - start;
496: if (p)
497: *p = save;
498: ret = start;
499: }
500: else if (is_sign &&
501: i == arcount - 1 &&
502: class == C_ANY &&
503: (type == T_SIG || type == T_TSIG))
504: *is_sign = 1;
505: }
506:
507: return ret;
508: }
509:
510: struct macparm {
511: unsigned char *limit;
512: struct dns_header *header;
513: size_t plen;
514: union mysockaddr *l3;
515: };
516:
517: static int filter_mac(int family, char *addrp, char *mac, size_t maclen, void *parmv)
518: {
519: struct macparm *parm = parmv;
520: int match = 0;
521: unsigned short rdlen;
522: struct dns_header *header = parm->header;
523: unsigned char *lenp, *datap, *p;
524:
525: if (family == parm->l3->sa.sa_family)
526: {
527: if (family == AF_INET && memcmp (&parm->l3->in.sin_addr, addrp, INADDRSZ) == 0)
528: match = 1;
529: #ifdef HAVE_IPV6
530: else
531: if (family == AF_INET6 && memcmp (&parm->l3->in6.sin6_addr, addrp, IN6ADDRSZ) == 0)
532: match = 1;
533: #endif
534: }
535:
536: if (!match)
537: return 1; /* continue */
538:
539: if (ntohs(header->arcount) == 0)
540: {
541: /* We are adding the pseudoheader */
542: if (!(p = skip_questions(header, parm->plen)) ||
543: !(p = skip_section(p,
544: ntohs(header->ancount) + ntohs(header->nscount),
545: header, parm->plen)))
546: return 0;
547: *p++ = 0; /* empty name */
548: PUTSHORT(T_OPT, p);
549: PUTSHORT(PACKETSZ, p); /* max packet length - is 512 suitable default for non-EDNS0 resolvers? */
550: PUTLONG(0, p); /* extended RCODE */
551: lenp = p;
552: PUTSHORT(0, p); /* RDLEN */
553: rdlen = 0;
554: if (((ssize_t)maclen) > (parm->limit - (p + 4)))
555: return 0; /* Too big */
556: header->arcount = htons(1);
557: datap = p;
558: }
559: else
560: {
561: int i, is_sign;
562: unsigned short code, len;
563:
564: if (ntohs(header->arcount) != 1 ||
565: !(p = find_pseudoheader(header, parm->plen, NULL, NULL, &is_sign)) ||
566: is_sign ||
567: (!(p = skip_name(p, header, parm->plen, 10))))
568: return 0;
569:
570: p += 8; /* skip UDP length and RCODE */
571:
572: lenp = p;
573: GETSHORT(rdlen, p);
574: if (!CHECK_LEN(header, p, parm->plen, rdlen))
575: return 0; /* bad packet */
576: datap = p;
577:
578: /* check if option already there */
579: for (i = 0; i + 4 < rdlen; i += len + 4)
580: {
581: GETSHORT(code, p);
582: GETSHORT(len, p);
583: if (code == EDNS0_OPTION_MAC)
584: return 0;
585: p += len;
586: }
587:
588: if (((ssize_t)maclen) > (parm->limit - (p + 4)))
589: return 0; /* Too big */
590: }
591:
592: PUTSHORT(EDNS0_OPTION_MAC, p);
593: PUTSHORT(maclen, p);
594: memcpy(p, mac, maclen);
595: p += maclen;
596:
597: PUTSHORT(p - datap, lenp);
598: parm->plen = p - (unsigned char *)header;
599:
600: return 0; /* done */
601: }
602:
603:
604: size_t add_mac(struct dns_header *header, size_t plen, char *limit, union mysockaddr *l3)
605: {
606: struct macparm parm;
607:
608: /* Must have an existing pseudoheader as the only ar-record,
609: or have no ar-records. Must also not be signed */
610:
611: if (ntohs(header->arcount) > 1)
612: return plen;
613:
614: parm.header = header;
615: parm.limit = (unsigned char *)limit;
616: parm.plen = plen;
617: parm.l3 = l3;
618:
619: iface_enumerate(AF_UNSPEC, &parm, filter_mac);
620:
621: return parm.plen;
622: }
623:
624:
625: /* is addr in the non-globally-routed IP space? */
626: static int private_net(struct in_addr addr, int ban_localhost)
627: {
628: in_addr_t ip_addr = ntohl(addr.s_addr);
629:
630: return
631: (((ip_addr & 0xFF000000) == 0x7F000000) && ban_localhost) /* 127.0.0.0/8 (loopback) */ ||
632: ((ip_addr & 0xFFFF0000) == 0xC0A80000) /* 192.168.0.0/16 (private) */ ||
633: ((ip_addr & 0xFF000000) == 0x0A000000) /* 10.0.0.0/8 (private) */ ||
634: ((ip_addr & 0xFFF00000) == 0xAC100000) /* 172.16.0.0/12 (private) */ ||
635: ((ip_addr & 0xFFFF0000) == 0xA9FE0000) /* 169.254.0.0/16 (zeroconf) */ ;
636: }
637:
638: static unsigned char *do_doctor(unsigned char *p, int count, struct dns_header *header, size_t qlen, char *name)
639: {
640: int i, qtype, qclass, rdlen;
641:
642: for (i = count; i != 0; i--)
643: {
644: if (name && option_bool(OPT_LOG))
645: {
646: if (!extract_name(header, qlen, &p, name, 1, 10))
647: return 0;
648: }
649: else if (!(p = skip_name(p, header, qlen, 10)))
650: return 0; /* bad packet */
651:
652: GETSHORT(qtype, p);
653: GETSHORT(qclass, p);
654: p += 4; /* ttl */
655: GETSHORT(rdlen, p);
656:
657: if (qclass == C_IN && qtype == T_A)
658: {
659: struct doctor *doctor;
660: struct in_addr addr;
661:
662: if (!CHECK_LEN(header, p, qlen, INADDRSZ))
663: return 0;
664:
665: /* alignment */
666: memcpy(&addr, p, INADDRSZ);
667:
668: for (doctor = daemon->doctors; doctor; doctor = doctor->next)
669: {
670: if (doctor->end.s_addr == 0)
671: {
672: if (!is_same_net(doctor->in, addr, doctor->mask))
673: continue;
674: }
675: else if (ntohl(doctor->in.s_addr) > ntohl(addr.s_addr) ||
676: ntohl(doctor->end.s_addr) < ntohl(addr.s_addr))
677: continue;
678:
679: addr.s_addr &= ~doctor->mask.s_addr;
680: addr.s_addr |= (doctor->out.s_addr & doctor->mask.s_addr);
681: /* Since we munged the data, the server it came from is no longer authoritative */
682: header->hb3 &= ~HB3_AA;
683: memcpy(p, &addr, INADDRSZ);
684: break;
685: }
686: }
687: else if (qtype == T_TXT && name && option_bool(OPT_LOG))
688: {
689: unsigned char *p1 = p;
690: if (!CHECK_LEN(header, p1, qlen, rdlen))
691: return 0;
692: while ((p1 - p) < rdlen)
693: {
694: unsigned int i, len = *p1;
695: unsigned char *p2 = p1;
696: /* make counted string zero-term and sanitise */
697: for (i = 0; i < len; i++)
698: {
699: if (!isprint((int)*(p2+1)))
700: break;
701:
702: *p2 = *(p2+1);
703: p2++;
704: }
705: *p2 = 0;
706: my_syslog(LOG_INFO, "reply %s is %s", name, p1);
707: /* restore */
708: memmove(p1 + 1, p1, i);
709: *p1 = len;
710: p1 += len+1;
711: }
712: }
713:
714: if (!ADD_RDLEN(header, p, qlen, rdlen))
715: return 0; /* bad packet */
716: }
717:
718: return p;
719: }
720:
721: static int find_soa(struct dns_header *header, size_t qlen, char *name)
722: {
723: unsigned char *p;
724: int qtype, qclass, rdlen;
725: unsigned long ttl, minttl = ULONG_MAX;
726: int i, found_soa = 0;
727:
728: /* first move to NS section and find TTL from any SOA section */
729: if (!(p = skip_questions(header, qlen)) ||
730: !(p = do_doctor(p, ntohs(header->ancount), header, qlen, name)))
731: return 0; /* bad packet */
732:
733: for (i = ntohs(header->nscount); i != 0; i--)
734: {
735: if (!(p = skip_name(p, header, qlen, 10)))
736: return 0; /* bad packet */
737:
738: GETSHORT(qtype, p);
739: GETSHORT(qclass, p);
740: GETLONG(ttl, p);
741: GETSHORT(rdlen, p);
742:
743: if ((qclass == C_IN) && (qtype == T_SOA))
744: {
745: found_soa = 1;
746: if (ttl < minttl)
747: minttl = ttl;
748:
749: /* MNAME */
750: if (!(p = skip_name(p, header, qlen, 0)))
751: return 0;
752: /* RNAME */
753: if (!(p = skip_name(p, header, qlen, 20)))
754: return 0;
755: p += 16; /* SERIAL REFRESH RETRY EXPIRE */
756:
757: GETLONG(ttl, p); /* minTTL */
758: if (ttl < minttl)
759: minttl = ttl;
760: }
761: else if (!ADD_RDLEN(header, p, qlen, rdlen))
762: return 0; /* bad packet */
763: }
764:
765: /* rewrite addresses in additioal section too */
766: if (!do_doctor(p, ntohs(header->arcount), header, qlen, NULL))
767: return 0;
768:
769: if (!found_soa)
770: minttl = daemon->neg_ttl;
771:
772: return minttl;
773: }
774:
775: /* Note that the following code can create CNAME chains that don't point to a real record,
776: either because of lack of memory, or lack of SOA records. These are treated by the cache code as
777: expired and cleaned out that way.
778: Return 1 if we reject an address because it look like part of dns-rebinding attack. */
779: int extract_addresses(struct dns_header *header, size_t qlen, char *name, time_t now,
780: char **ipsets, int is_sign, int check_rebind, int checking_disabled)
781: {
782: unsigned char *p, *p1, *endrr, *namep;
783: int i, j, qtype, qclass, aqtype, aqclass, ardlen, res, searched_soa = 0;
784: unsigned long ttl = 0;
785: struct all_addr addr;
786: #ifdef HAVE_IPSET
787: char **ipsets_cur;
788: #else
789: (void)ipsets; /* unused */
790: #endif
791:
792: cache_start_insert();
793:
794: /* find_soa is needed for dns_doctor and logging side-effects, so don't call it lazily if there are any. */
795: if (daemon->doctors || option_bool(OPT_LOG))
796: {
797: searched_soa = 1;
798: ttl = find_soa(header, qlen, name);
799: }
800:
801: /* go through the questions. */
802: p = (unsigned char *)(header+1);
803:
804: for (i = ntohs(header->qdcount); i != 0; i--)
805: {
806: int found = 0, cname_count = 5;
807: struct crec *cpp = NULL;
808: int flags = RCODE(header) == NXDOMAIN ? F_NXDOMAIN : 0;
809: unsigned long cttl = ULONG_MAX, attl;
810:
811: namep = p;
812: if (!extract_name(header, qlen, &p, name, 1, 4))
813: return 0; /* bad packet */
814:
815: GETSHORT(qtype, p);
816: GETSHORT(qclass, p);
817:
818: if (qclass != C_IN)
819: continue;
820:
821: /* PTRs: we chase CNAMEs here, since we have no way to
822: represent them in the cache. */
823: if (qtype == T_PTR)
824: {
825: int name_encoding = in_arpa_name_2_addr(name, &addr);
826:
827: if (!name_encoding)
828: continue;
829:
830: if (!(flags & F_NXDOMAIN))
831: {
832: cname_loop:
833: if (!(p1 = skip_questions(header, qlen)))
834: return 0;
835:
836: for (j = ntohs(header->ancount); j != 0; j--)
837: {
838: unsigned char *tmp = namep;
839: /* the loop body overwrites the original name, so get it back here. */
840: if (!extract_name(header, qlen, &tmp, name, 1, 0) ||
841: !(res = extract_name(header, qlen, &p1, name, 0, 10)))
842: return 0; /* bad packet */
843:
844: GETSHORT(aqtype, p1);
845: GETSHORT(aqclass, p1);
846: GETLONG(attl, p1);
847: if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
848: {
849: (p1) -= 4;
850: PUTLONG(daemon->max_ttl, p1);
851: }
852: GETSHORT(ardlen, p1);
853: endrr = p1+ardlen;
854:
855: /* TTL of record is minimum of CNAMES and PTR */
856: if (attl < cttl)
857: cttl = attl;
858:
859: if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == T_PTR))
860: {
861: if (!extract_name(header, qlen, &p1, name, 1, 0))
862: return 0;
863:
864: if (aqtype == T_CNAME)
865: {
866: if (!cname_count--)
867: return 0; /* looped CNAMES */
868: goto cname_loop;
869: }
870:
871: cache_insert(name, &addr, now, cttl, name_encoding | F_REVERSE);
872: found = 1;
873: }
874:
875: p1 = endrr;
876: if (!CHECK_LEN(header, p1, qlen, 0))
877: return 0; /* bad packet */
878: }
879: }
880:
881: if (!found && !option_bool(OPT_NO_NEG))
882: {
883: if (!searched_soa)
884: {
885: searched_soa = 1;
886: ttl = find_soa(header, qlen, NULL);
887: }
888: if (ttl)
889: cache_insert(NULL, &addr, now, ttl, name_encoding | F_REVERSE | F_NEG | flags);
890: }
891: }
892: else
893: {
894: /* everything other than PTR */
895: struct crec *newc;
896: int addrlen;
897:
898: if (qtype == T_A)
899: {
900: addrlen = INADDRSZ;
901: flags |= F_IPV4;
902: }
903: #ifdef HAVE_IPV6
904: else if (qtype == T_AAAA)
905: {
906: addrlen = IN6ADDRSZ;
907: flags |= F_IPV6;
908: }
909: #endif
910: else
911: continue;
912:
913: if (!(flags & F_NXDOMAIN))
914: {
915: cname_loop1:
916: if (!(p1 = skip_questions(header, qlen)))
917: return 0;
918:
919: for (j = ntohs(header->ancount); j != 0; j--)
920: {
921: if (!(res = extract_name(header, qlen, &p1, name, 0, 10)))
922: return 0; /* bad packet */
923:
924: GETSHORT(aqtype, p1);
925: GETSHORT(aqclass, p1);
926: GETLONG(attl, p1);
927: if ((daemon->max_ttl != 0) && (attl > daemon->max_ttl) && !is_sign)
928: {
929: (p1) -= 4;
930: PUTLONG(daemon->max_ttl, p1);
931: }
932: GETSHORT(ardlen, p1);
933: endrr = p1+ardlen;
934:
935: if (aqclass == C_IN && res != 2 && (aqtype == T_CNAME || aqtype == qtype))
936: {
937: if (aqtype == T_CNAME)
938: {
939: if (!cname_count--)
940: return 0; /* looped CNAMES */
941: newc = cache_insert(name, NULL, now, attl, F_CNAME | F_FORWARD);
942: if (newc)
943: {
944: newc->addr.cname.cache = NULL;
945: if (cpp)
946: {
947: cpp->addr.cname.cache = newc;
948: cpp->addr.cname.uid = newc->uid;
949: }
950: }
951:
952: cpp = newc;
953: if (attl < cttl)
954: cttl = attl;
955:
956: if (!extract_name(header, qlen, &p1, name, 1, 0))
957: return 0;
958: goto cname_loop1;
959: }
960: else
961: {
962: found = 1;
963:
964: /* copy address into aligned storage */
965: if (!CHECK_LEN(header, p1, qlen, addrlen))
966: return 0; /* bad packet */
967: memcpy(&addr, p1, addrlen);
968:
969: /* check for returned address in private space */
970: if (check_rebind &&
971: (flags & F_IPV4) &&
972: private_net(addr.addr.addr4, !option_bool(OPT_LOCAL_REBIND)))
973: return 1;
974:
975: #ifdef HAVE_IPSET
976: if (ipsets && (flags & (F_IPV4 | F_IPV6)))
977: {
978: ipsets_cur = ipsets;
979: while (*ipsets_cur)
980: add_to_ipset(*ipsets_cur++, &addr, flags, 0);
981: }
982: #endif
983:
984: newc = cache_insert(name, &addr, now, attl, flags | F_FORWARD);
985: if (newc && cpp)
986: {
987: cpp->addr.cname.cache = newc;
988: cpp->addr.cname.uid = newc->uid;
989: }
990: cpp = NULL;
991: }
992: }
993:
994: p1 = endrr;
995: if (!CHECK_LEN(header, p1, qlen, 0))
996: return 0; /* bad packet */
997: }
998: }
999:
1000: if (!found && !option_bool(OPT_NO_NEG))
1001: {
1002: if (!searched_soa)
1003: {
1004: searched_soa = 1;
1005: ttl = find_soa(header, qlen, NULL);
1006: }
1007: /* If there's no SOA to get the TTL from, but there is a CNAME
1008: pointing at this, inherit its TTL */
1009: if (ttl || cpp)
1010: {
1011: newc = cache_insert(name, NULL, now, ttl ? ttl : cttl, F_FORWARD | F_NEG | flags);
1012: if (newc && cpp)
1013: {
1014: cpp->addr.cname.cache = newc;
1015: cpp->addr.cname.uid = newc->uid;
1016: }
1017: }
1018: }
1019: }
1020: }
1021:
1022: /* Don't put stuff from a truncated packet into the cache.
1023: Don't cache replies where DNSSEC validation was turned off, either
1024: the upstream server told us so, or the original query specified it.
1025: Don't cache replies from non-recursive nameservers, since we may get a
1026: reply containing a CNAME but not its target, even though the target
1027: does exist. */
1028: if (!(header->hb3 & HB3_TC) &&
1029: !(header->hb4 & HB4_CD) &&
1030: (header->hb4 & HB4_RA) &&
1031: !checking_disabled)
1032: cache_end_insert();
1033:
1034: return 0;
1035: }
1036:
1037: /* If the packet holds exactly one query
1038: return F_IPV4 or F_IPV6 and leave the name from the query in name */
1039:
1040: unsigned int extract_request(struct dns_header *header, size_t qlen, char *name, unsigned short *typep)
1041: {
1042: unsigned char *p = (unsigned char *)(header+1);
1043: int qtype, qclass;
1044:
1045: if (typep)
1046: *typep = 0;
1047:
1048: if (ntohs(header->qdcount) != 1 || OPCODE(header) != QUERY)
1049: return 0; /* must be exactly one query. */
1050:
1051: if (!extract_name(header, qlen, &p, name, 1, 4))
1052: return 0; /* bad packet */
1053:
1054: GETSHORT(qtype, p);
1055: GETSHORT(qclass, p);
1056:
1057: if (typep)
1058: *typep = qtype;
1059:
1060: if (qclass == C_IN)
1061: {
1062: if (qtype == T_A)
1063: return F_IPV4;
1064: if (qtype == T_AAAA)
1065: return F_IPV6;
1066: if (qtype == T_ANY)
1067: return F_IPV4 | F_IPV6;
1068: }
1069:
1070: return F_QUERY;
1071: }
1072:
1073:
1074: size_t setup_reply(struct dns_header *header, size_t qlen,
1075: struct all_addr *addrp, unsigned int flags, unsigned long ttl)
1076: {
1077: unsigned char *p = skip_questions(header, qlen);
1078:
1079: /* clear authoritative and truncated flags, set QR flag */
1080: header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
1081: /* set RA flag */
1082: header->hb4 |= HB4_RA;
1083:
1084: header->nscount = htons(0);
1085: header->arcount = htons(0);
1086: header->ancount = htons(0); /* no answers unless changed below */
1087: if (flags == F_NEG)
1088: SET_RCODE(header, SERVFAIL); /* couldn't get memory */
1089: else if (flags == F_NOERR)
1090: SET_RCODE(header, NOERROR); /* empty domain */
1091: else if (flags == F_NXDOMAIN)
1092: SET_RCODE(header, NXDOMAIN);
1093: else if (p && flags == F_IPV4)
1094: { /* we know the address */
1095: SET_RCODE(header, NOERROR);
1096: header->ancount = htons(1);
1097: header->hb3 |= HB3_AA;
1098: add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_A, C_IN, "4", addrp);
1099: }
1100: #ifdef HAVE_IPV6
1101: else if (p && flags == F_IPV6)
1102: {
1103: SET_RCODE(header, NOERROR);
1104: header->ancount = htons(1);
1105: header->hb3 |= HB3_AA;
1106: add_resource_record(header, NULL, NULL, sizeof(struct dns_header), &p, ttl, NULL, T_AAAA, C_IN, "6", addrp);
1107: }
1108: #endif
1109: else /* nowhere to forward to */
1110: SET_RCODE(header, REFUSED);
1111:
1112: return p - (unsigned char *)header;
1113: }
1114:
1115: /* check if name matches local names ie from /etc/hosts or DHCP or local mx names. */
1116: int check_for_local_domain(char *name, time_t now)
1117: {
1118: struct crec *crecp;
1119: struct mx_srv_record *mx;
1120: struct txt_record *txt;
1121: struct interface_name *intr;
1122: struct ptr_record *ptr;
1123: struct naptr *naptr;
1124:
1125: if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6 | F_CNAME)) &&
1126: (crecp->flags & (F_HOSTS | F_DHCP)))
1127: return 1;
1128:
1129: for (naptr = daemon->naptr; naptr; naptr = naptr->next)
1130: if (hostname_isequal(name, naptr->name))
1131: return 1;
1132:
1133: for (mx = daemon->mxnames; mx; mx = mx->next)
1134: if (hostname_isequal(name, mx->name))
1135: return 1;
1136:
1137: for (txt = daemon->txt; txt; txt = txt->next)
1138: if (hostname_isequal(name, txt->name))
1139: return 1;
1140:
1141: for (intr = daemon->int_names; intr; intr = intr->next)
1142: if (hostname_isequal(name, intr->name))
1143: return 1;
1144:
1145: for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1146: if (hostname_isequal(name, ptr->name))
1147: return 1;
1148:
1149: return 0;
1150: }
1151:
1152: /* Is the packet a reply with the answer address equal to addr?
1153: If so mung is into an NXDOMAIN reply and also put that information
1154: in the cache. */
1155: int check_for_bogus_wildcard(struct dns_header *header, size_t qlen, char *name,
1156: struct bogus_addr *baddr, time_t now)
1157: {
1158: unsigned char *p;
1159: int i, qtype, qclass, rdlen;
1160: unsigned long ttl;
1161: struct bogus_addr *baddrp;
1162:
1163: /* skip over questions */
1164: if (!(p = skip_questions(header, qlen)))
1165: return 0; /* bad packet */
1166:
1167: for (i = ntohs(header->ancount); i != 0; i--)
1168: {
1169: if (!extract_name(header, qlen, &p, name, 1, 10))
1170: return 0; /* bad packet */
1171:
1172: GETSHORT(qtype, p);
1173: GETSHORT(qclass, p);
1174: GETLONG(ttl, p);
1175: GETSHORT(rdlen, p);
1176:
1177: if (qclass == C_IN && qtype == T_A)
1178: {
1179: if (!CHECK_LEN(header, p, qlen, INADDRSZ))
1180: return 0;
1181:
1182: for (baddrp = baddr; baddrp; baddrp = baddrp->next)
1183: if (memcmp(&baddrp->addr, p, INADDRSZ) == 0)
1184: {
1185: /* Found a bogus address. Insert that info here, since there no SOA record
1186: to get the ttl from in the normal processing */
1187: cache_start_insert();
1188: cache_insert(name, NULL, now, ttl, F_IPV4 | F_FORWARD | F_NEG | F_NXDOMAIN | F_CONFIG);
1189: cache_end_insert();
1190:
1191: return 1;
1192: }
1193: }
1194:
1195: if (!ADD_RDLEN(header, p, qlen, rdlen))
1196: return 0;
1197: }
1198:
1199: return 0;
1200: }
1201:
1202: int add_resource_record(struct dns_header *header, char *limit, int *truncp, int nameoffset, unsigned char **pp,
1203: unsigned long ttl, int *offset, unsigned short type, unsigned short class, char *format, ...)
1204: {
1205: va_list ap;
1206: unsigned char *sav, *p = *pp;
1207: int j;
1208: unsigned short usval;
1209: long lval;
1210: char *sval;
1211:
1212: if (truncp && *truncp)
1213: return 0;
1214:
1215: va_start(ap, format); /* make ap point to 1st unamed argument */
1216:
1217: if (nameoffset > 0)
1218: {
1219: PUTSHORT(nameoffset | 0xc000, p);
1220: }
1221: else
1222: {
1223: char *name = va_arg(ap, char *);
1224: if (name)
1225: p = do_rfc1035_name(p, name);
1226: if (nameoffset < 0)
1227: {
1228: PUTSHORT(-nameoffset | 0xc000, p);
1229: }
1230: else
1231: *p++ = 0;
1232: }
1233:
1234: PUTSHORT(type, p);
1235: PUTSHORT(class, p);
1236: PUTLONG(ttl, p); /* TTL */
1237:
1238: sav = p; /* Save pointer to RDLength field */
1239: PUTSHORT(0, p); /* Placeholder RDLength */
1240:
1241: for (; *format; format++)
1242: switch (*format)
1243: {
1244: #ifdef HAVE_IPV6
1245: case '6':
1246: sval = va_arg(ap, char *);
1247: memcpy(p, sval, IN6ADDRSZ);
1248: p += IN6ADDRSZ;
1249: break;
1250: #endif
1251:
1252: case '4':
1253: sval = va_arg(ap, char *);
1254: memcpy(p, sval, INADDRSZ);
1255: p += INADDRSZ;
1256: break;
1257:
1258: case 's':
1259: usval = va_arg(ap, int);
1260: PUTSHORT(usval, p);
1261: break;
1262:
1263: case 'l':
1264: lval = va_arg(ap, long);
1265: PUTLONG(lval, p);
1266: break;
1267:
1268: case 'd':
1269: /* get domain-name answer arg and store it in RDATA field */
1270: if (offset)
1271: *offset = p - (unsigned char *)header;
1272: p = do_rfc1035_name(p, va_arg(ap, char *));
1273: *p++ = 0;
1274: break;
1275:
1276: case 't':
1277: usval = va_arg(ap, int);
1278: sval = va_arg(ap, char *);
1279: if (usval != 0)
1280: memcpy(p, sval, usval);
1281: p += usval;
1282: break;
1283:
1284: case 'z':
1285: sval = va_arg(ap, char *);
1286: usval = sval ? strlen(sval) : 0;
1287: if (usval > 255)
1288: usval = 255;
1289: *p++ = (unsigned char)usval;
1290: memcpy(p, sval, usval);
1291: p += usval;
1292: break;
1293: }
1294:
1295: va_end(ap); /* clean up variable argument pointer */
1296:
1297: j = p - sav - 2;
1298: PUTSHORT(j, sav); /* Now, store real RDLength */
1299:
1300: /* check for overflow of buffer */
1301: if (limit && ((unsigned char *)limit - p) < 0)
1302: {
1303: if (truncp)
1304: *truncp = 1;
1305: return 0;
1306: }
1307:
1308: *pp = p;
1309: return 1;
1310: }
1311:
1312: static unsigned long crec_ttl(struct crec *crecp, time_t now)
1313: {
1314: /* Return 0 ttl for DHCP entries, which might change
1315: before the lease expires. */
1316:
1317: if (crecp->flags & (F_IMMORTAL | F_DHCP))
1318: return daemon->local_ttl;
1319:
1320: /* Return the Max TTL value if it is lower then the actual TTL */
1321: if (daemon->max_ttl == 0 || ((unsigned)(crecp->ttd - now) < daemon->max_ttl))
1322: return crecp->ttd - now;
1323: else
1324: return daemon->max_ttl;
1325: }
1326:
1327:
1328: /* return zero if we can't answer from cache, or packet size if we can */
1329: size_t answer_request(struct dns_header *header, char *limit, size_t qlen,
1330: struct in_addr local_addr, struct in_addr local_netmask, time_t now)
1331: {
1332: char *name = daemon->namebuff;
1333: unsigned char *p, *ansp, *pheader;
1334: int qtype, qclass;
1335: struct all_addr addr;
1336: int nameoffset;
1337: unsigned short flag;
1338: int q, ans, anscount = 0, addncount = 0;
1339: int dryrun = 0, sec_reqd = 0;
1340: int is_sign;
1341: struct crec *crecp;
1342: int nxdomain = 0, auth = 1, trunc = 0;
1343: struct mx_srv_record *rec;
1344:
1345: /* If there is an RFC2671 pseudoheader then it will be overwritten by
1346: partial replies, so we have to do a dry run to see if we can answer
1347: the query. We check to see if the do bit is set, if so we always
1348: forward rather than answering from the cache, which doesn't include
1349: security information. */
1350:
1351: if (find_pseudoheader(header, qlen, NULL, &pheader, &is_sign))
1352: {
1353: unsigned short udpsz, flags;
1354: unsigned char *psave = pheader;
1355:
1356: GETSHORT(udpsz, pheader);
1357: pheader += 2; /* ext_rcode */
1358: GETSHORT(flags, pheader);
1359:
1360: sec_reqd = flags & 0x8000; /* do bit */
1361:
1362: /* If our client is advertising a larger UDP packet size
1363: than we allow, trim it so that we don't get an overlarge
1364: response from upstream */
1365:
1366: if (!is_sign && (udpsz > daemon->edns_pktsz))
1367: PUTSHORT(daemon->edns_pktsz, psave);
1368:
1369: dryrun = 1;
1370: }
1371:
1372: if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
1373: return 0;
1374:
1375: for (rec = daemon->mxnames; rec; rec = rec->next)
1376: rec->offset = 0;
1377:
1378: rerun:
1379: /* determine end of question section (we put answers there) */
1380: if (!(ansp = skip_questions(header, qlen)))
1381: return 0; /* bad packet */
1382:
1383: /* now process each question, answers go in RRs after the question */
1384: p = (unsigned char *)(header+1);
1385:
1386: for (q = ntohs(header->qdcount); q != 0; q--)
1387: {
1388: /* save pointer to name for copying into answers */
1389: nameoffset = p - (unsigned char *)header;
1390:
1391: /* now extract name as .-concatenated string into name */
1392: if (!extract_name(header, qlen, &p, name, 1, 4))
1393: return 0; /* bad packet */
1394:
1395: GETSHORT(qtype, p);
1396: GETSHORT(qclass, p);
1397:
1398: ans = 0; /* have we answered this question */
1399:
1400: if (qtype == T_TXT || qtype == T_ANY)
1401: {
1402: struct txt_record *t;
1403: for(t = daemon->txt; t ; t = t->next)
1404: {
1405: if (t->class == qclass && hostname_isequal(name, t->name))
1406: {
1407: ans = 1;
1408: if (!dryrun)
1409: {
1410: log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
1411: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1412: daemon->local_ttl, NULL,
1413: T_TXT, t->class, "t", t->len, t->txt))
1414: anscount++;
1415:
1416: }
1417: }
1418: }
1419: }
1420:
1421: if (qclass == C_IN)
1422: {
1423: struct txt_record *t;
1424:
1425: for (t = daemon->rr; t; t = t->next)
1426: if ((t->class == qtype || qtype == T_ANY) && hostname_isequal(name, t->name))
1427: {
1428: ans = 1;
1429: if (!dryrun)
1430: {
1431: log_query(F_CONFIG | F_RRNAME, name, NULL, "<RR>");
1432: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1433: daemon->local_ttl, NULL,
1434: t->class, C_IN, "t", t->len, t->txt))
1435: anscount ++;
1436: }
1437: }
1438:
1439: if (qtype == T_PTR || qtype == T_ANY)
1440: {
1441: /* see if it's w.z.y.z.in-addr.arpa format */
1442: int is_arpa = in_arpa_name_2_addr(name, &addr);
1443: struct ptr_record *ptr;
1444: struct interface_name* intr = NULL;
1445:
1446: for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1447: if (hostname_isequal(name, ptr->name))
1448: break;
1449:
1450: if (is_arpa == F_IPV4)
1451: for (intr = daemon->int_names; intr; intr = intr->next)
1452: {
1453: if (addr.addr.addr4.s_addr == get_ifaddr(intr->intr).s_addr)
1454: break;
1455: else
1456: while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
1457: intr = intr->next;
1458: }
1459:
1460: if (intr)
1461: {
1462: ans = 1;
1463: if (!dryrun)
1464: {
1465: log_query(F_IPV4 | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
1466: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1467: daemon->local_ttl, NULL,
1468: T_PTR, C_IN, "d", intr->name))
1469: anscount++;
1470: }
1471: }
1472: else if (ptr)
1473: {
1474: ans = 1;
1475: if (!dryrun)
1476: {
1477: log_query(F_CONFIG | F_RRNAME, name, NULL, "<PTR>");
1478: for (ptr = daemon->ptr; ptr; ptr = ptr->next)
1479: if (hostname_isequal(name, ptr->name) &&
1480: add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1481: daemon->local_ttl, NULL,
1482: T_PTR, C_IN, "d", ptr->ptr))
1483: anscount++;
1484:
1485: }
1486: }
1487: else if ((crecp = cache_find_by_addr(NULL, &addr, now, is_arpa)))
1488: do
1489: {
1490: /* don't answer wildcard queries with data not from /etc/hosts or dhcp leases */
1491: if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
1492: continue;
1493:
1494: if (crecp->flags & F_NEG)
1495: {
1496: ans = 1;
1497: auth = 0;
1498: if (crecp->flags & F_NXDOMAIN)
1499: nxdomain = 1;
1500: if (!dryrun)
1501: log_query(crecp->flags & ~F_FORWARD, name, &addr, NULL);
1502: }
1503: else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
1504: {
1505: ans = 1;
1506: if (!(crecp->flags & (F_HOSTS | F_DHCP)))
1507: auth = 0;
1508: if (!dryrun)
1509: {
1510: log_query(crecp->flags & ~F_FORWARD, cache_get_name(crecp), &addr,
1511: record_source(crecp->uid));
1512:
1513: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1514: crec_ttl(crecp, now), NULL,
1515: T_PTR, C_IN, "d", cache_get_name(crecp)))
1516: anscount++;
1517: }
1518: }
1519: } while ((crecp = cache_find_by_addr(crecp, &addr, now, is_arpa)));
1520: else if (is_arpa == F_IPV4 &&
1521: option_bool(OPT_BOGUSPRIV) &&
1522: private_net(addr.addr.addr4, 1))
1523: {
1524: /* if not in cache, enabled and private IPV4 address, return NXDOMAIN */
1525: ans = 1;
1526: nxdomain = 1;
1527: if (!dryrun)
1528: log_query(F_CONFIG | F_REVERSE | F_IPV4 | F_NEG | F_NXDOMAIN,
1529: name, &addr, NULL);
1530: }
1531: }
1532:
1533: for (flag = F_IPV4; flag; flag = (flag == F_IPV4) ? F_IPV6 : 0)
1534: {
1535: unsigned short type = T_A;
1536:
1537: if (flag == F_IPV6)
1538: #ifdef HAVE_IPV6
1539: type = T_AAAA;
1540: #else
1541: break;
1542: #endif
1543:
1544: if (qtype != type && qtype != T_ANY)
1545: continue;
1546:
1547: /* Check for "A for A" queries; be rather conservative
1548: about what looks like dotted-quad. */
1549: if (qtype == T_A)
1550: {
1551: char *cp;
1552: unsigned int i, a;
1553: int x;
1554:
1555: for (cp = name, i = 0, a = 0; *cp; i++)
1556: {
1557: if (!isdigit((unsigned char)*cp) || (x = strtol(cp, &cp, 10)) > 255)
1558: {
1559: i = 5;
1560: break;
1561: }
1562:
1563: a = (a << 8) + x;
1564:
1565: if (*cp == '.')
1566: cp++;
1567: }
1568:
1569: if (i == 4)
1570: {
1571: ans = 1;
1572: if (!dryrun)
1573: {
1574: addr.addr.addr4.s_addr = htonl(a);
1575: log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, NULL);
1576: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1577: daemon->local_ttl, NULL, type, C_IN, "4", &addr))
1578: anscount++;
1579: }
1580: continue;
1581: }
1582: }
1583:
1584: /* interface name stuff */
1585: if (qtype == T_A)
1586: {
1587: struct interface_name *intr;
1588:
1589: for (intr = daemon->int_names; intr; intr = intr->next)
1590: if (hostname_isequal(name, intr->name))
1591: break;
1592:
1593: if (intr)
1594: {
1595: ans = 1;
1596: if (!dryrun)
1597: {
1598: if ((addr.addr.addr4 = get_ifaddr(intr->intr)).s_addr == (in_addr_t) -1)
1599: log_query(F_FORWARD | F_CONFIG | F_IPV4 | F_NEG, name, NULL, NULL);
1600: else
1601: {
1602: log_query(F_FORWARD | F_CONFIG | F_IPV4, name, &addr, NULL);
1603: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1604: daemon->local_ttl, NULL, type, C_IN, "4", &addr))
1605: anscount++;
1606: }
1607: }
1608: continue;
1609: }
1610: }
1611:
1612: cname_restart:
1613: if ((crecp = cache_find_by_name(NULL, name, now, flag | F_CNAME)))
1614: {
1615: int localise = 0;
1616:
1617: /* See if a putative address is on the network from which we recieved
1618: the query, is so we'll filter other answers. */
1619: if (local_addr.s_addr != 0 && option_bool(OPT_LOCALISE) && flag == F_IPV4)
1620: {
1621: struct crec *save = crecp;
1622: do {
1623: if ((crecp->flags & F_HOSTS) &&
1624: is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask))
1625: {
1626: localise = 1;
1627: break;
1628: }
1629: } while ((crecp = cache_find_by_name(crecp, name, now, flag | F_CNAME)));
1630: crecp = save;
1631: }
1632:
1633: do
1634: {
1635: /* don't answer wildcard queries with data not from /etc/hosts
1636: or DHCP leases */
1637: if (qtype == T_ANY && !(crecp->flags & (F_HOSTS | F_DHCP)))
1638: break;
1639:
1640: if (crecp->flags & F_CNAME)
1641: {
1642: if (!dryrun)
1643: {
1644: log_query(crecp->flags, name, NULL, record_source(crecp->uid));
1645: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1646: crec_ttl(crecp, now), &nameoffset,
1647: T_CNAME, C_IN, "d", cache_get_name(crecp->addr.cname.cache)))
1648: anscount++;
1649: }
1650:
1651: strcpy(name, cache_get_name(crecp->addr.cname.cache));
1652: goto cname_restart;
1653: }
1654:
1655: if (crecp->flags & F_NEG)
1656: {
1657: ans = 1;
1658: auth = 0;
1659: if (crecp->flags & F_NXDOMAIN)
1660: nxdomain = 1;
1661: if (!dryrun)
1662: log_query(crecp->flags, name, NULL, NULL);
1663: }
1664: else if ((crecp->flags & (F_HOSTS | F_DHCP)) || !sec_reqd)
1665: {
1666: /* If we are returning local answers depending on network,
1667: filter here. */
1668: if (localise &&
1669: (crecp->flags & F_HOSTS) &&
1670: !is_same_net(*((struct in_addr *)&crecp->addr), local_addr, local_netmask))
1671: continue;
1672:
1673: if (!(crecp->flags & (F_HOSTS | F_DHCP)))
1674: auth = 0;
1675:
1676: ans = 1;
1677: if (!dryrun)
1678: {
1679: log_query(crecp->flags & ~F_REVERSE, name, &crecp->addr.addr,
1680: record_source(crecp->uid));
1681:
1682: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1683: crec_ttl(crecp, now), NULL, type, C_IN,
1684: type == T_A ? "4" : "6", &crecp->addr))
1685: anscount++;
1686: }
1687: }
1688: } while ((crecp = cache_find_by_name(crecp, name, now, flag | F_CNAME)));
1689: }
1690: }
1691:
1692: if (qtype == T_CNAME || qtype == T_ANY)
1693: {
1694: if ((crecp = cache_find_by_name(NULL, name, now, F_CNAME)) &&
1695: (qtype == T_CNAME || (crecp->flags & (F_HOSTS | F_DHCP))))
1696: {
1697: ans = 1;
1698: if (!dryrun)
1699: {
1700: log_query(crecp->flags, name, NULL, record_source(crecp->uid));
1701: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
1702: crec_ttl(crecp, now), &nameoffset,
1703: T_CNAME, C_IN, "d", cache_get_name(crecp->addr.cname.cache)))
1704: anscount++;
1705: }
1706: }
1707: }
1708:
1709: if (qtype == T_MX || qtype == T_ANY)
1710: {
1711: int found = 0;
1712: for (rec = daemon->mxnames; rec; rec = rec->next)
1713: if (!rec->issrv && hostname_isequal(name, rec->name))
1714: {
1715: ans = found = 1;
1716: if (!dryrun)
1717: {
1718: int offset;
1719: log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
1720: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1721: &offset, T_MX, C_IN, "sd", rec->weight, rec->target))
1722: {
1723: anscount++;
1724: if (rec->target)
1725: rec->offset = offset;
1726: }
1727: }
1728: }
1729:
1730: if (!found && (option_bool(OPT_SELFMX) || option_bool(OPT_LOCALMX)) &&
1731: cache_find_by_name(NULL, name, now, F_HOSTS | F_DHCP))
1732: {
1733: ans = 1;
1734: if (!dryrun)
1735: {
1736: log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
1737: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl, NULL,
1738: T_MX, C_IN, "sd", 1,
1739: option_bool(OPT_SELFMX) ? name : daemon->mxtarget))
1740: anscount++;
1741: }
1742: }
1743: }
1744:
1745: if (qtype == T_SRV || qtype == T_ANY)
1746: {
1747: int found = 0;
1748: struct mx_srv_record *move = NULL, **up = &daemon->mxnames;
1749:
1750: for (rec = daemon->mxnames; rec; rec = rec->next)
1751: if (rec->issrv && hostname_isequal(name, rec->name))
1752: {
1753: found = ans = 1;
1754: if (!dryrun)
1755: {
1756: int offset;
1757: log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>");
1758: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1759: &offset, T_SRV, C_IN, "sssd",
1760: rec->priority, rec->weight, rec->srvport, rec->target))
1761: {
1762: anscount++;
1763: if (rec->target)
1764: rec->offset = offset;
1765: }
1766: }
1767:
1768: /* unlink first SRV record found */
1769: if (!move)
1770: {
1771: move = rec;
1772: *up = rec->next;
1773: }
1774: else
1775: up = &rec->next;
1776: }
1777: else
1778: up = &rec->next;
1779:
1780: /* put first SRV record back at the end. */
1781: if (move)
1782: {
1783: *up = move;
1784: move->next = NULL;
1785: }
1786:
1787: if (!found && option_bool(OPT_FILTER) && (qtype == T_SRV || (qtype == T_ANY && strchr(name, '_'))))
1788: {
1789: ans = 1;
1790: if (!dryrun)
1791: log_query(F_CONFIG | F_NEG, name, NULL, NULL);
1792: }
1793: }
1794:
1795: if (qtype == T_NAPTR || qtype == T_ANY)
1796: {
1797: struct naptr *na;
1798: for (na = daemon->naptr; na; na = na->next)
1799: if (hostname_isequal(name, na->name))
1800: {
1801: ans = 1;
1802: if (!dryrun)
1803: {
1804: log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
1805: if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->local_ttl,
1806: NULL, T_NAPTR, C_IN, "sszzzd",
1807: na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
1808: anscount++;
1809: }
1810: }
1811: }
1812:
1813: if (qtype == T_MAILB)
1814: ans = 1, nxdomain = 1;
1815:
1816: if (qtype == T_SOA && option_bool(OPT_FILTER))
1817: {
1818: ans = 1;
1819: if (!dryrun)
1820: log_query(F_CONFIG | F_NEG, name, &addr, NULL);
1821: }
1822: }
1823:
1824: if (!ans)
1825: return 0; /* failed to answer a question */
1826: }
1827:
1828: if (dryrun)
1829: {
1830: dryrun = 0;
1831: goto rerun;
1832: }
1833:
1834: /* create an additional data section, for stuff in SRV and MX record replies. */
1835: for (rec = daemon->mxnames; rec; rec = rec->next)
1836: if (rec->offset != 0)
1837: {
1838: /* squash dupes */
1839: struct mx_srv_record *tmp;
1840: for (tmp = rec->next; tmp; tmp = tmp->next)
1841: if (tmp->offset != 0 && hostname_isequal(rec->target, tmp->target))
1842: tmp->offset = 0;
1843:
1844: crecp = NULL;
1845: while ((crecp = cache_find_by_name(crecp, rec->target, now, F_IPV4 | F_IPV6)))
1846: {
1847: #ifdef HAVE_IPV6
1848: int type = crecp->flags & F_IPV4 ? T_A : T_AAAA;
1849: #else
1850: int type = T_A;
1851: #endif
1852: if (crecp->flags & F_NEG)
1853: continue;
1854:
1855: if (add_resource_record(header, limit, NULL, rec->offset, &ansp,
1856: crec_ttl(crecp, now), NULL, type, C_IN,
1857: crecp->flags & F_IPV4 ? "4" : "6", &crecp->addr))
1858: addncount++;
1859: }
1860: }
1861:
1862: /* done all questions, set up header and return length of result */
1863: /* clear authoritative and truncated flags, set QR flag */
1864: header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
1865: /* set RA flag */
1866: header->hb4 |= HB4_RA;
1867:
1868: /* authoritive - only hosts and DHCP derived names. */
1869: if (auth)
1870: header->hb3 |= HB3_AA;
1871:
1872: /* truncation */
1873: if (trunc)
1874: header->hb3 |= HB3_TC;
1875:
1876: if (anscount == 0 && nxdomain)
1877: SET_RCODE(header, NXDOMAIN);
1878: else
1879: SET_RCODE(header, NOERROR); /* no error */
1880: header->ancount = htons(anscount);
1881: header->nscount = htons(0);
1882: header->arcount = htons(addncount);
1883: return ansp - (unsigned char *)header;
1884: }
1885: