dighost.c 141 KB
Newer Older
1
/*
Automatic Updater's avatar
Automatic Updater committed
2
 * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
3
 * Copyright (C) 2000-2003  Internet Software Consortium.
4
 *
Automatic Updater's avatar
Automatic Updater committed
5
 * Permission to use, copy, modify, and/or distribute this software for any
6 7
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
8
 *
Mark Andrews's avatar
Mark Andrews committed
9 10 11 12 13 14 15
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
16 17
 */

Automatic Updater's avatar
Automatic Updater committed
18
/* $Id: dighost.c,v 1.317 2009/01/17 23:47:42 tbox Exp $ */
19

20 21
/*! \file
 *  \note
22 23 24 25 26 27 28 29
 * Notice to programmers:  Do not use this code as an example of how to
 * use the ISC library to perform DNS lookups.  Dig and Host both operate
 * on the request level, since they allow fine-tuning of output and are
 * intended as debugging tools.  As a result, they perform many of the
 * functions which could be better handled using the dns_resolver
 * functions in most applications.
 */

30 31 32
#include <config.h>
#include <stdlib.h>
#include <unistd.h>
33
#include <string.h>
34
#include <limits.h>
35

36 37 38 39 40 41 42 43 44 45 46
#ifdef HAVE_LOCALE_H
#include <locale.h>
#endif

#ifdef WITH_IDN
#include <idn/result.h>
#include <idn/log.h>
#include <idn/resconf.h>
#include <idn/api.h>
#endif

47
#include <dns/byaddr.h>
48 49 50 51 52 53 54
#ifdef DIG_SIGCHASE
#include <dns/dnssec.h>
#include <dns/ds.h>
#include <dns/nsec.h>
#include <isc/random.h>
#include <ctype.h>
#endif
55
#include <dns/fixedname.h>
56
#include <dns/message.h>
Brian Wellington's avatar
Brian Wellington committed
57
#include <dns/name.h>
58 59
#include <dns/rdata.h>
#include <dns/rdataclass.h>
Michael Sawyer's avatar
Michael Sawyer committed
60
#include <dns/rdatalist.h>
61
#include <dns/rdataset.h>
Michael Sawyer's avatar
Michael Sawyer committed
62
#include <dns/rdatastruct.h>
63 64
#include <dns/rdatatype.h>
#include <dns/result.h>
65
#include <dns/tsig.h>
66

67
#include <dst/dst.h>
68

Michael Sawyer's avatar
Michael Sawyer committed
69 70 71
#include <isc/app.h>
#include <isc/base64.h>
#include <isc/entropy.h>
72
#include <isc/file.h>
Michael Sawyer's avatar
Michael Sawyer committed
73
#include <isc/lang.h>
74
#include <isc/netaddr.h>
75 76 77
#ifdef DIG_SIGCHASE
#include <isc/netdb.h>
#endif
Mark Andrews's avatar
Mark Andrews committed
78
#include <isc/print.h>
79
#include <isc/random.h>
Michael Sawyer's avatar
Michael Sawyer committed
80
#include <isc/result.h>
Michael Sawyer's avatar
Michael Sawyer committed
81 82 83 84 85
#include <isc/string.h>
#include <isc/task.h>
#include <isc/timer.h>
#include <isc/types.h>
#include <isc/util.h>
86

87 88 89
#include <lwres/lwres.h>
#include <lwres/net.h>

90
#include <bind9/getaddresses.h>
91

92
#include <dig/dig.h>
93

94 95 96 97 98 99 100 101
#if ! defined(NS_INADDRSZ)
#define NS_INADDRSZ	 4
#endif

#if ! defined(NS_IN6ADDRSZ)
#define NS_IN6ADDRSZ	16
#endif

102 103 104
static lwres_context_t *lwctx = NULL;
static lwres_conf_t *lwconf;

105
dig_lookuplist_t lookup_list;
106
dig_serverlist_t server_list;
107
dig_searchlistlist_t search_list;
108

109
isc_boolean_t
110
	check_ra = ISC_FALSE,
111
	have_ipv4 = ISC_FALSE,
112 113 114
	have_ipv6 = ISC_FALSE,
	specified_source = ISC_FALSE,
	free_now = ISC_FALSE,
115
	cancel_now = ISC_FALSE,
116
	usesearch = ISC_FALSE,
117
	showsearch = ISC_FALSE,
118
	qr = ISC_FALSE,
119
	is_dst_up = ISC_FALSE;
120
in_port_t port = 53;
121
unsigned int timeout = 0;
122
unsigned int extrabytes;
123 124
isc_mem_t *mctx = NULL;
isc_taskmgr_t *taskmgr = NULL;
125
isc_task_t *global_task = NULL;
126 127
isc_timermgr_t *timermgr = NULL;
isc_socketmgr_t *socketmgr = NULL;
128
isc_sockaddr_t bind_address;
Michael Sawyer's avatar
Michael Sawyer committed
129
isc_sockaddr_t bind_any;
130
int sendcount = 0;
131
int recvcount = 0;
Michael Sawyer's avatar
Michael Sawyer committed
132
int sockcount = 0;
133
int ndots = -1;
134
int tries = 3;
135
int lookup_counter = 0;
136

137 138 139 140 141 142 143 144 145 146
#ifdef WITH_IDN
static void		initialize_idn(void);
static isc_result_t	output_filter(isc_buffer_t *buffer,
				      unsigned int used_org,
				      isc_boolean_t absolute);
static idn_result_t	append_textname(char *name, const char *origin,
					size_t namesize);
static void		idn_check_result(idn_result_t r, const char *msg);

#define MAXDLEN		256
147
int  idnoptions	= 0;
148 149
#endif

150
/*%
151
 * Exit Codes:
152
 *
153 154 155 156 157 158
 *\li	0   Everything went well, including things like NXDOMAIN
 *\li	1   Usage error
 *\li	7   Got too many RR's or Names
 *\li	8   Couldn't open batch file
 *\li	9   No reply from server
 *\li	10  Internal error
159 160
 */
int exitcode = 0;
161
int fatalexit = 0;
162
char keynametext[MXNAME];
163
char keyfile[MXNAME] = "";
164
char keysecret[MXNAME] = "";
165 166
dns_name_t *hmacname = NULL;
unsigned int digestbits = 0;
167 168
isc_buffer_t *namebuf = NULL;
dns_tsigkey_t *key = NULL;
169
isc_boolean_t validated = ISC_TRUE;
170
isc_entropy_t *entp = NULL;
171
isc_mempool_t *commctx = NULL;
172
isc_boolean_t debugging = ISC_FALSE;
173
isc_boolean_t memdebugging = ISC_FALSE;
Michael Sawyer's avatar
Michael Sawyer committed
174
char *progname = NULL;
175
isc_mutex_t lookup_lock;
176
dig_lookup_t *current_lookup = NULL;
177

178 179
#ifdef DIG_SIGCHASE

180
isc_result_t	  get_trusted_key(isc_mem_t *mctx);
181 182 183 184 185 186 187 188 189
dns_rdataset_t *  sigchase_scanname(dns_rdatatype_t type,
				    dns_rdatatype_t covers,
				    isc_boolean_t *lookedup,
				    dns_name_t *rdata_name);
dns_rdataset_t *  chase_scanname_section(dns_message_t *msg,
					 dns_name_t *name,
					 dns_rdatatype_t type,
					 dns_rdatatype_t covers,
					 int section);
190
isc_result_t	  advanced_rrsearch(dns_rdataset_t **rdataset,
191 192 193 194
				    dns_name_t *name,
				    dns_rdatatype_t type,
				    dns_rdatatype_t covers,
				    isc_boolean_t *lookedup);
195
isc_result_t	  sigchase_verify_sig_key(dns_name_t *name,
196 197 198 199
					  dns_rdataset_t *rdataset,
					  dst_key_t* dnsseckey,
					  dns_rdataset_t *sigrdataset,
					  isc_mem_t *mctx);
200
isc_result_t	  sigchase_verify_sig(dns_name_t *name,
201 202 203 204
				      dns_rdataset_t *rdataset,
				      dns_rdataset_t *keyrdataset,
				      dns_rdataset_t *sigrdataset,
				      isc_mem_t *mctx);
205
isc_result_t	  sigchase_verify_ds(dns_name_t *name,
206 207 208
				     dns_rdataset_t *keyrdataset,
				     dns_rdataset_t *dsrdataset,
				     isc_mem_t *mctx);
209 210 211
void		  sigchase(dns_message_t *msg);
void		  print_rdata(dns_rdata_t *rdata, isc_mem_t *mctx);
void		  print_rdataset(dns_name_t *name,
212
				 dns_rdataset_t *rdataset, isc_mem_t *mctx);
213
void		  dup_name(dns_name_t *source, dns_name_t* target,
214
			   isc_mem_t *mctx);
215 216 217
void		  free_name(dns_name_t *name, isc_mem_t *mctx);
void		  dump_database(void);
void		  dump_database_section(dns_message_t *msg, int section);
218 219
dns_rdataset_t *  search_type(dns_name_t *name, dns_rdatatype_t type,
			      dns_rdatatype_t covers);
220
isc_result_t	  contains_trusted_key(dns_name_t *name,
221 222 223
				       dns_rdataset_t *rdataset,
				       dns_rdataset_t *sigrdataset,
				       isc_mem_t *mctx);
224 225
void		  print_type(dns_rdatatype_t type);
isc_result_t	  prove_nx_domain(dns_message_t * msg,
226 227 228 229
				  dns_name_t * name,
				  dns_name_t * rdata_name,
				  dns_rdataset_t ** rdataset,
				  dns_rdataset_t ** sigrdataset);
230
isc_result_t	  prove_nx_type(dns_message_t * msg, dns_name_t *name,
231 232 233 234 235 236
				dns_rdataset_t *nsec,
				dns_rdataclass_t class,
				dns_rdatatype_t type,
				dns_name_t * rdata_name,
				dns_rdataset_t ** rdataset,
				dns_rdataset_t ** sigrdataset);
237
isc_result_t	  prove_nx(dns_message_t * msg, dns_name_t * name,
238 239 240 241 242
			   dns_rdataclass_t class,
			   dns_rdatatype_t type,
			   dns_name_t * rdata_name,
			   dns_rdataset_t ** rdataset,
			   dns_rdataset_t ** sigrdataset);
243
static void	  nameFromString(const char *str, dns_name_t *p_ret);
244 245
int		  inf_name(dns_name_t * name1, dns_name_t * name2);
isc_result_t	  opentmpkey(isc_mem_t *mctx, const char *file,
246
			     char **tempp, FILE **fp);
247 248 249
isc_result_t	  removetmpkey(isc_mem_t *mctx, const char *file);
void		  clean_trustedkey(void);
void		  insert_trustedkey(dst_key_t  * key);
250
#if DIG_SIGCHASE_BU
251 252 253
isc_result_t	  getneededrr(dns_message_t *msg);
void		  sigchase_bottom_up(dns_message_t *msg);
void		  sigchase_bu(dns_message_t *msg);
254 255
#endif
#if DIG_SIGCHASE_TD
256 257 258
isc_result_t	  initialization(dns_name_t *name);
isc_result_t	  prepare_lookup(dns_name_t *name);
isc_result_t	  grandfather_pb_test(dns_name_t * zone_name,
259
				      dns_rdataset_t *sigrdataset);
260
isc_result_t	  child_of_zone(dns_name_t *name,
261 262
				dns_name_t *zone_name,
				dns_name_t *child_name);
263
void		  sigchase_td(dns_message_t *msg);
264 265 266
#endif
char trustedkey[MXNAME] = "";

267 268 269 270 271 272 273
dns_rdataset_t *chase_rdataset = NULL;
dns_rdataset_t *chase_sigrdataset = NULL;
dns_rdataset_t *chase_dsrdataset = NULL;
dns_rdataset_t *chase_sigdsrdataset = NULL;
dns_rdataset_t *chase_keyrdataset = NULL;
dns_rdataset_t *chase_sigkeyrdataset = NULL;
dns_rdataset_t *chase_nsrdataset = NULL;
274

275
dns_name_t chase_name; /* the query name */
276 277 278 279
#if DIG_SIGCHASE_TD
/*
 * the current name is the parent name when we follow delegation
 */
Automatic Updater's avatar
Automatic Updater committed
280
dns_name_t chase_current_name;
281 282 283
/*
 * the child name is used for delegation (NS DS responses in AUTHORITY section)
 */
284
dns_name_t chase_authority_name;
285 286
#endif
#if DIG_SIGCHASE_BU
287
dns_name_t chase_signame;
288 289 290 291 292 293 294 295 296 297 298 299 300 301 302 303 304 305 306 307 308
#endif


isc_boolean_t chase_siglookedup = ISC_FALSE;
isc_boolean_t chase_keylookedup = ISC_FALSE;
isc_boolean_t chase_sigkeylookedup = ISC_FALSE;
isc_boolean_t chase_dslookedup = ISC_FALSE;
isc_boolean_t chase_sigdslookedup = ISC_FALSE;
#if DIG_SIGCHASE_TD
isc_boolean_t chase_nslookedup = ISC_FALSE;
isc_boolean_t chase_lookedup = ISC_FALSE;


isc_boolean_t delegation_follow = ISC_FALSE;
isc_boolean_t grandfather_pb = ISC_FALSE;
isc_boolean_t have_response = ISC_FALSE;
isc_boolean_t have_delegation_ns = ISC_FALSE;
dns_message_t * error_message = NULL;
#endif

isc_boolean_t dsvalidating = ISC_FALSE;
309
isc_boolean_t chase_name_dup = ISC_FALSE;
310 311 312 313 314 315 316

ISC_LIST(dig_message_t) chase_message_list;
ISC_LIST(dig_message_t) chase_message_list2;


#define MAX_TRUSTED_KEY 5
typedef struct struct_trusted_key_list {
317 318
	dst_key_t * key[MAX_TRUSTED_KEY];
	int nb_tk;
319 320
} struct_tk_list;

321
struct_tk_list tk_list = { {NULL, NULL, NULL, NULL, NULL}, 0};
322 323 324

#endif

325 326
#define DIG_MAX_ADDRESSES 20

327
/*%
328
 * Apply and clear locks at the event level in global task.
329
 * Can I get rid of these using shutdown events?  XXX
330 331
 */
#define LOCK_LOOKUP {\
Brian Wellington's avatar
Brian Wellington committed
332 333 334
	debug("lock_lookup %s:%d", __FILE__, __LINE__);\
	check_result(isc_mutex_lock((&lookup_lock)), "isc_mutex_lock");\
	debug("success");\
335 336
}
#define UNLOCK_LOOKUP {\
Brian Wellington's avatar
Brian Wellington committed
337 338 339
	debug("unlock_lookup %s:%d", __FILE__, __LINE__);\
	check_result(isc_mutex_unlock((&lookup_lock)),\
		     "isc_mutex_unlock");\
340
}
341

342
static void
343 344
cancel_lookup(dig_lookup_t *lookup);

Michael Sawyer's avatar
Michael Sawyer committed
345 346 347
static void
recv_done(isc_task_t *task, isc_event_t *event);

348 349 350
static void
send_udp(dig_query_t *query);

Michael Sawyer's avatar
Michael Sawyer committed
351 352 353
static void
connect_timeout(isc_task_t *task, isc_event_t *event);

354 355 356
static void
launch_next_query(dig_query_t *query, isc_boolean_t include_question);

357 358 359 360 361 362 363 364 365 366 367

static void *
mem_alloc(void *arg, size_t size) {
	return (isc_mem_get(arg, size));
}

static void
mem_free(void *arg, void *mem, size_t size) {
	isc_mem_put(arg, mem, size);
}

Mark Andrews's avatar
Mark Andrews committed
368
char *
369 370 371 372 373 374 375 376 377
next_token(char **stringp, const char *delim) {
	char *res;

	do {
		res = strsep(stringp, delim);
		if (res == NULL)
			break;
	} while (*res == '\0');
	return (res);
Brian Wellington's avatar
Brian Wellington committed
378
}
379

380 381 382
static int
count_dots(char *string) {
	char *s;
383
	int i = 0;
384 385

	s = string;
386
	while (*s != '\0') {
387 388 389 390 391 392 393
		if (*s == '.')
			i++;
		s++;
	}
	return (i);
}

394
static void
395
hex_dump(isc_buffer_t *b) {
396 397 398
	unsigned int len;
	isc_region_t r;

399
	isc_buffer_usedregion(b, &r);
400

401
	printf("%d bytes\n", r.length);
402
	for (len = 0; len < r.length; len++) {
403
		printf("%02x ", r.base[len]);
404
		if (len % 16 == 15)
405 406
			printf("\n");
	}
Michael Sawyer's avatar
Michael Sawyer committed
407
	if (len % 16 != 0)
408 409 410
		printf("\n");
}

411
/*%
412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441
 * Append 'len' bytes of 'text' at '*p', failing with
 * ISC_R_NOSPACE if that would advance p past 'end'.
 */
static isc_result_t
append(const char *text, int len, char **p, char *end) {
	if (len > end - *p)
		return (ISC_R_NOSPACE);
	memcpy(*p, text, len);
	*p += len;
	return (ISC_R_SUCCESS);
}

static isc_result_t
reverse_octets(const char *in, char **p, char *end) {
	char *dot = strchr(in, '.');
	int len;
	if (dot != NULL) {
		isc_result_t result;
		result = reverse_octets(dot + 1, p, end);
		if (result != ISC_R_SUCCESS)
			return (result);
		result = append(".", 1, p, end);
		if (result != ISC_R_SUCCESS)
			return (result);
		len = dot - in;
	} else {
		len = strlen(in);
	}
	return (append(in, len, p, end));
}
442 443

isc_result_t
444
get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
445 446 447
	    isc_boolean_t strict)
{
	int r;
448
	isc_result_t result;
449
	isc_netaddr_t addr;
450

451
	addr.family = AF_INET6;
Andreas Gustafsson's avatar
spacing  
Andreas Gustafsson committed
452
	r = inet_pton(AF_INET6, value, &addr.type.in6);
453 454
	if (r > 0) {
		/* This is a valid IPv6 address. */
455 456
		dns_fixedname_t fname;
		dns_name_t *name;
Mark Andrews's avatar
Mark Andrews committed
457 458
		unsigned int options = 0;

459 460
		if (ip6_int)
			options |= DNS_BYADDROPT_IPV6INT;
461 462
		dns_fixedname_init(&fname);
		name = dns_fixedname_name(&fname);
463
		result = dns_byaddr_createptrname2(&addr, options, name);
464 465
		if (result != ISC_R_SUCCESS)
			return (result);
466
		dns_name_format(name, reverse, len);
467 468 469 470 471 472 473 474 475 476 477
		return (ISC_R_SUCCESS);
	} else {
		/*
		 * Not a valid IPv6 address.  Assume IPv4.
		 * If 'strict' is not set, construct the
		 * in-addr.arpa name by blindly reversing
		 * octets whether or not they look like integers,
		 * so that this can be used for RFC2317 names
		 * and such.
		 */
		char *p = reverse;
478
		char *end = reverse + len;
Michael Graff's avatar
Michael Graff committed
479 480
		if (strict && inet_pton(AF_INET, value, &addr.type.in) != 1)
			return (DNS_R_BADDOTTEDQUAD);
481 482 483 484 485 486 487 488
		result = reverse_octets(value, &p, end);
		if (result != ISC_R_SUCCESS)
			return (result);
		/* Append .in-addr.arpa. and a terminating NUL. */
		result = append(".in-addr.arpa.", 15, &p, end);
		if (result != ISC_R_SUCCESS)
			return (result);
		return (ISC_R_SUCCESS);
489 490 491
	}
}

492
void
David Lawrence's avatar
David Lawrence committed
493
fatal(const char *format, ...) {
494 495
	va_list args;

496
	fflush(stdout);
497
	fprintf(stderr, "%s: ", progname);
498
	va_start(args, format);
499 500 501
	vfprintf(stderr, format, args);
	va_end(args);
	fprintf(stderr, "\n");
502 503
	if (exitcode < 10)
		exitcode = 10;
504 505
	if (fatalexit != 0)
		exitcode = fatalexit;
506
	exit(exitcode);
507 508
}

509
void
David Lawrence's avatar
David Lawrence committed
510
debug(const char *format, ...) {
511 512
	va_list args;

513
	if (debugging) {
514
		fflush(stdout);
515
		va_start(args, format);
516 517 518 519
		vfprintf(stderr, format, args);
		va_end(args);
		fprintf(stderr, "\n");
	}
520 521
}

522
void
David Lawrence's avatar
David Lawrence committed
523
check_result(isc_result_t result, const char *msg) {
524
	if (result != ISC_R_SUCCESS) {
525
		fatal("%s: %s", msg, isc_result_totext(result));
526
	}
527 528
}

529
/*%
Michael Sawyer's avatar
Michael Sawyer committed
530 531 532 533
 * Create a server structure, which is part of the lookup structure.
 * This is little more than a linked list of servers to query in hopes
 * of finding the answer the user is looking for
 */
534
dig_server_t *
535
make_server(const char *servname, const char *userarg) {
536 537 538 539
	dig_server_t *srv;

	REQUIRE(servname != NULL);

540
	debug("make_server(%s)", servname);
541 542
	srv = isc_mem_allocate(mctx, sizeof(struct dig_server));
	if (srv == NULL)
543
		fatal("memory allocation failure in %s:%d",
544 545
		      __FILE__, __LINE__);
	strncpy(srv->servername, servname, MXNAME);
546
	strncpy(srv->userarg, userarg, MXNAME);
547
	srv->servername[MXNAME-1] = 0;
548
	srv->userarg[MXNAME-1] = 0;
549
	ISC_LINK_INIT(srv, link);
550 551
	return (srv);
}
552

553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569
static int
addr2af(int lwresaddrtype)
{
	int af = 0;

	switch (lwresaddrtype) {
	case LWRES_ADDRTYPE_V4:
		af = AF_INET;
		break;

	case LWRES_ADDRTYPE_V6:
		af = AF_INET6;
		break;
	}

	return (af);
}
570

571
/*%
572 573 574
 * Create a copy of the server list from the lwres configuration structure.
 * The dest list must have already had ISC_LIST_INIT applied.
 */
575
static void
576 577 578 579 580 581 582 583 584 585
copy_server_list(lwres_conf_t *confdata, dig_serverlist_t *dest) {
	dig_server_t *newsrv;
	char tmp[sizeof("ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255")];
	int af;
	int i;

	debug("copy_server_list()");
	for (i = 0; i < confdata->nsnext; i++) {
		af = addr2af(confdata->nameservers[i].family);

586 587 588 589 590
		if (af == AF_INET && !have_ipv4)
			continue;
		if (af == AF_INET6 && !have_ipv6)
			continue;

591 592
		lwres_net_ntop(af, confdata->nameservers[i].address,
				   tmp, sizeof(tmp));
593
		newsrv = make_server(tmp, tmp);
594 595 596 597
		ISC_LINK_INIT(newsrv, link);
		ISC_LIST_ENQUEUE(*dest, newsrv, link);
	}
}
598

599 600 601 602 603 604 605 606 607 608 609 610 611
void
flush_server_list(void) {
	dig_server_t *s, *ps;

	debug("flush_server_list()");
	s = ISC_LIST_HEAD(server_list);
	while (s != NULL) {
		ps = s;
		s = ISC_LIST_NEXT(s, link);
		ISC_LIST_DEQUEUE(server_list, ps, link);
		isc_mem_free(mctx, ps);
	}
}
612

613 614
void
set_nameserver(char *opt) {
615 616 617
	isc_result_t result;
	isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
	isc_netaddr_t netaddr;
Mark Andrews's avatar
Mark Andrews committed
618
	int count, i;
619
	dig_server_t *srv;
620
	char tmp[ISC_NETADDR_FORMATSIZE];
621 622 623 624

	if (opt == NULL)
		return;

625
	result = bind9_getaddresses(opt, 0, sockaddrs,
Automatic Updater's avatar
Automatic Updater committed
626
				    DIG_MAX_ADDRESSES, &count);
627 628 629 630
	if (result != ISC_R_SUCCESS)
		fatal("couldn't get address for '%s': %s",
		      opt, isc_result_totext(result));

631
	flush_server_list();
Automatic Updater's avatar
Automatic Updater committed
632

633 634 635 636 637 638 639 640
	for (i = 0; i < count; i++) {
		isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
		isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
		srv = make_server(tmp, opt);
		if (srv == NULL)
			fatal("memory allocation failure");
		ISC_LIST_APPEND(server_list, srv, link);
	}
641 642
}

643
static isc_result_t
Mark Andrews's avatar
Mark Andrews committed
644
add_nameserver(lwres_conf_t *confdata, const char *addr, int af) {
645 646 647 648 649 650

	int i = confdata->nsnext;

	if (confdata->nsnext >= LWRES_CONFMAXNAMESERVERS)
		return (ISC_R_FAILURE);

651 652 653 654 655 656 657 658 659 660 661 662 663 664
	switch (af) {
	case AF_INET:
		confdata->nameservers[i].family = LWRES_ADDRTYPE_V4;
		confdata->nameservers[i].length = NS_INADDRSZ;
		break;
	case AF_INET6:
		confdata->nameservers[i].family = LWRES_ADDRTYPE_V6;
		confdata->nameservers[i].length = NS_IN6ADDRSZ;
		break;
	default:
		return (ISC_R_FAILURE);
	}

	if (lwres_net_pton(af, addr, &confdata->nameservers[i].address) == 1) {
665 666 667 668 669
		confdata->nsnext++;
		return (ISC_R_SUCCESS);
	}
	return (ISC_R_FAILURE);
}
670

671
/*%
Michael Sawyer's avatar
Michael Sawyer committed
672 673 674
 * Produce a cloned server list.  The dest list must have already had
 * ISC_LIST_INIT applied.
 */
675
void
676
clone_server_list(dig_serverlist_t src, dig_serverlist_t *dest) {
677 678 679 680 681
	dig_server_t *srv, *newsrv;

	debug("clone_server_list()");
	srv = ISC_LIST_HEAD(src);
	while (srv != NULL) {
682
		newsrv = make_server(srv->servername, srv->userarg);
683
		ISC_LINK_INIT(newsrv, link);
684 685 686 687 688
		ISC_LIST_ENQUEUE(*dest, newsrv, link);
		srv = ISC_LIST_NEXT(srv, link);
	}
}

689
/*%
Michael Sawyer's avatar
Michael Sawyer committed
690 691 692 693 694
 * Create an empty lookup structure, which holds all the information needed
 * to get an answer to a user's question.  This structure contains two
 * linked lists: the server list (servers to query) and the query list
 * (outstanding queries which have been made to the listed servers).
 */
695
dig_lookup_t *
696
make_empty_lookup(void) {
697 698
	dig_lookup_t *looknew;

Michael Sawyer's avatar
Michael Sawyer committed
699
	debug("make_empty_lookup()");
700

701
	INSIST(!free_now);
702

703
	looknew = isc_mem_allocate(mctx, sizeof(struct dig_lookup));
704
	if (looknew == NULL)
705
		fatal("memory allocation failure in %s:%d",
706
		       __FILE__, __LINE__);
707
	looknew->pending = ISC_TRUE;
Andreas Gustafsson's avatar
spacing  
Andreas Gustafsson committed
708
	looknew->textname[0] = 0;
709
	looknew->cmdline[0] = 0;
Ben Cottrell's avatar
Ben Cottrell committed
710
	looknew->rdtype = dns_rdatatype_a;
711
	looknew->qrdtype = dns_rdatatype_a;
Ben Cottrell's avatar
Ben Cottrell committed
712
	looknew->rdclass = dns_rdataclass_in;
Michael Sawyer's avatar
Michael Sawyer committed
713 714
	looknew->rdtypeset = ISC_FALSE;
	looknew->rdclassset = ISC_FALSE;
715
	looknew->sendspace = NULL;
716 717 718
	looknew->sendmsg = NULL;
	looknew->name = NULL;
	looknew->oname = NULL;
719 720
	looknew->timer = NULL;
	looknew->xfr_q = NULL;
Michael Sawyer's avatar
Michael Sawyer committed
721
	looknew->current_query = NULL;
722 723 724 725 726
	looknew->doing_xfr = ISC_FALSE;
	looknew->ixfr_serial = ISC_FALSE;
	looknew->trace = ISC_FALSE;
	looknew->trace_root = ISC_FALSE;
	looknew->identify = ISC_FALSE;
Ben Cottrell's avatar
Ben Cottrell committed
727
	looknew->identify_previous_line = ISC_FALSE;
Michael Sawyer's avatar
Michael Sawyer committed
728
	looknew->ignore = ISC_FALSE;
729
	looknew->servfail_stops = ISC_TRUE;
730
	looknew->besteffort = ISC_TRUE;
731
	looknew->dnssec = ISC_FALSE;
732
	looknew->nsid = ISC_FALSE;
733 734 735
#ifdef DIG_SIGCHASE
	looknew->sigchase = ISC_FALSE;
#if DIG_SIGCHASE_TD
736
	looknew->do_topdown = ISC_FALSE;
737 738 739 740 741
	looknew->trace_root_sigchase = ISC_FALSE;
	looknew->rdtype_sigchaseset = ISC_FALSE;
	looknew->rdtype_sigchase = dns_rdatatype_any;
	looknew->qrdtype_sigchase = dns_rdatatype_any;
	looknew->rdclass_sigchase = dns_rdataclass_in;
742
	looknew->rdclass_sigchaseset = ISC_FALSE;
743 744
#endif
#endif
745
	looknew->udpsize = 0;
746
	looknew->edns = -1;
747
	looknew->recurse = ISC_TRUE;
Michael Sawyer's avatar
Michael Sawyer committed
748
	looknew->aaonly = ISC_FALSE;
749 750 751 752
	looknew->adflag = ISC_FALSE;
	looknew->cdflag = ISC_FALSE;
	looknew->ns_search_only = ISC_FALSE;
	looknew->origin = NULL;
753
	looknew->tsigctx = NULL;
754 755 756 757
	looknew->querysig = NULL;
	looknew->retries = tries;
	looknew->nsfound = 0;
	looknew->tcp_mode = ISC_FALSE;
758
	looknew->ip6_int = ISC_FALSE;
759 760 761 762 763 764 765
	looknew->comments = ISC_TRUE;
	looknew->stats = ISC_TRUE;
	looknew->section_question = ISC_TRUE;
	looknew->section_answer = ISC_TRUE;
	looknew->section_authority = ISC_TRUE;
	looknew->section_additional = ISC_TRUE;
	looknew->new_search = ISC_FALSE;
766 767
	looknew->done_as_is = ISC_FALSE;
	looknew->need_search = ISC_FALSE;
768
	ISC_LINK_INIT(looknew, link);
769
	ISC_LIST_INIT(looknew->q);
770
	ISC_LIST_INIT(looknew->my_server_list);
771 772 773
	return (looknew);
}

774
/*%
Michael Sawyer's avatar
Michael Sawyer committed
775 776 777
 * Clone a lookup, perhaps copying the server list.  This does not clone
 * the query list, since it will be regenerated by the setup_lookup()
 * function, nor does it queue up the new lookup for processing.
778
 * Caution: If you don't clone the servers, you MUST clone the server
Francis Dupont's avatar
Francis Dupont committed
779
 * list separately from somewhere else, or construct it by hand.
780
 */
781 782 783 784 785 786 787 788 789 790
dig_lookup_t *
clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
	dig_lookup_t *looknew;

	debug("clone_lookup()");

	INSIST(!free_now);

	looknew = make_empty_lookup();
	INSIST(looknew != NULL);
Andreas Gustafsson's avatar
Andreas Gustafsson committed
791
	strncpy(looknew->textname, lookold->textname, MXNAME);
792 793 794
#if DIG_SIGCHASE_TD
	strncpy(looknew->textnamesigchase, lookold->textnamesigchase, MXNAME);
#endif
795
	strncpy(looknew->cmdline, lookold->cmdline, MXNAME);
Andreas Gustafsson's avatar
spacing  
Andreas Gustafsson committed
796
	looknew->textname[MXNAME-1] = 0;
797
	looknew->rdtype = lookold->rdtype;
798
	looknew->qrdtype = lookold->qrdtype;
799
	looknew->rdclass = lookold->rdclass;
Michael Sawyer's avatar
Michael Sawyer committed
800 801
	looknew->rdtypeset = lookold->rdtypeset;
	looknew->rdclassset = lookold->rdclassset;
802
	looknew->doing_xfr = lookold->doing_xfr;
Michael Sawyer's avatar
Michael Sawyer committed
803
	looknew->ixfr_serial = lookold->ixfr_serial;
804 805 806
	looknew->trace = lookold->trace;
	looknew->trace_root = lookold->trace_root;
	looknew->identify = lookold->identify;
Ben Cottrell's avatar
Ben Cottrell committed
807
	looknew->identify_previous_line = lookold->identify_previous_line;
Michael Sawyer's avatar
Michael Sawyer committed
808
	looknew->ignore = lookold->ignore;
809
	looknew->servfail_stops = lookold->servfail_stops;
810
	looknew->besteffort = lookold->besteffort;
811
	looknew->dnssec = lookold->dnssec;
812
	looknew->nsid = lookold->nsid;
813 814 815
#ifdef DIG_SIGCHASE
	looknew->sigchase = lookold->sigchase;
#if DIG_SIGCHASE_TD
816
	looknew->do_topdown = lookold->do_topdown;
817
	looknew->trace_root_sigchase = lookold->trace_root_sigchase;
818
	looknew->rdtype_sigchaseset = lookold->rdtype_sigchaseset;
819 820 821 822 823 824
	looknew->rdtype_sigchase = lookold->rdtype_sigchase;
	looknew->qrdtype_sigchase = lookold->qrdtype_sigchase;
	looknew->rdclass_sigchase = lookold->rdclass_sigchase;
	looknew->rdclass_sigchaseset = lookold->rdclass_sigchaseset;
#endif
#endif
825
	looknew->udpsize = lookold->udpsize;
826
	looknew->edns = lookold->edns;
827
	looknew->recurse = lookold->recurse;
Brian Wellington's avatar
Brian Wellington committed
828
	looknew->aaonly = lookold->aaonly;
829 830
	looknew->adflag = lookold->adflag;
	looknew->cdflag = lookold->cdflag;
831 832 833 834 835 836 837 838
	looknew->ns_search_only = lookold->ns_search_only;
	looknew->tcp_mode = lookold->tcp_mode;
	looknew->comments = lookold->comments;
	looknew->stats = lookold->stats;
	looknew->section_question = lookold->section_question;
	looknew->section_answer = lookold->section_answer;
	looknew->section_authority = lookold->section_authority;
	looknew->section_additional = lookold->section_additional;
Michael Sawyer's avatar
Michael Sawyer committed
839
	looknew->retries = lookold->retries;
840
	looknew->tsigctx = NULL;
841 842
	looknew->need_search = lookold->need_search;
	looknew->done_as_is = lookold->done_as_is;
843

844 845 846
	if (servers)
		clone_server_list(lookold->my_server_list,
				  &looknew->my_server_list);
847 848 849
	return (looknew);
}

850
/*%
Michael Sawyer's avatar
Michael Sawyer committed
851 852 853 854 855 856 857
 * Requeue a lookup for further processing, perhaps copying the server
 * list.  The new lookup structure is returned to the caller, and is
 * queued for processing.  If servers are not cloned in the requeue, they
 * must be added before allowing the current event to complete, since the
 * completion of the event may result in the next entry on the lookup
 * queue getting run.
 */
858 859 860 861 862 863 864 865
dig_lookup_t *
requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers) {
	dig_lookup_t *looknew;

	debug("requeue_lookup()");

	lookup_counter++;
	if (lookup_counter > LOOKUP_LIMIT)
866
		fatal("too many lookups");
867 868 869 870

	looknew = clone_lookup(lookold, servers);
	INSIST(looknew != NULL);

Brian Wellington's avatar
Brian Wellington committed
871
	debug("before insertion, init@%p -> %p, new@%p -> %p",
872
	      lookold, lookold->link.next, looknew, looknew->link.next);
Michael Sawyer's avatar
Michael Sawyer committed
873
	ISC_LIST_PREPEND(lookup_list, looknew, link);
Brian Wellington's avatar
Brian Wellington committed
874
	debug("after insertion, init -> %p, new = %p, new -> %p",
875
	      lookold, looknew, looknew->link.next);
876
	return (looknew);
877
}
878

879 880 881 882

static void
setup_text_key(void) {
	isc_result_t result;
Brian Wellington's avatar
Brian Wellington committed
883
	dns_name_t keyname;
884 885 886 887 888 889 890 891 892 893 894
	isc_buffer_t secretbuf;
	int secretsize;
	unsigned char *secretstore;

	debug("setup_text_key()");
	result = isc_buffer_allocate(mctx, &namebuf, MXNAME);
	check_result(result, "isc_buffer_allocate");
	dns_name_init(&keyname, NULL);
	check_result(result, "dns_name_init");
	isc_buffer_putstr(namebuf, keynametext);
	secretsize = strlen(keysecret) * 3 / 4;
895
	secretstore = isc_mem_allocate(mctx, secretsize);
896
	if (secretstore == NULL)
897
		fatal("memory allocation failure in %s:%d",
898 899
		      __FILE__, __LINE__);
	isc_buffer_init(&secretbuf, secretstore, secretsize);
900
	result = isc_base64_decodestring(keysecret, &secretbuf);
Brian Wellington's avatar
Brian Wellington committed
901
	if (result != ISC_R_SUCCESS)
902
		goto failure;
Automatic Updater's avatar
Automatic Updater committed
903

904
	secretsize = isc_buffer_usedlength(&secretbuf);
905

906 907 908
	result = dns_name_fromtext(&keyname, namebuf,
				   dns_rootname, ISC_FALSE,
				   namebuf);
Brian Wellington's avatar
Brian Wellington committed
909
	if (result != ISC_R_SUCCESS)
910
		goto failure;
Brian Wellington's avatar
Brian Wellington committed
911

912 913
	result = dns_tsigkey_create(&keyname, hmacname, secretstore,
				    secretsize, ISC_FALSE, NULL, 0, 0, mctx,
914
				    NULL, &key);
Brian Wellington's avatar
Brian Wellington committed
915 916
 failure:
	if (result != ISC_R_SUCCESS)
917
		printf(";; Couldn't create key %s: %s\n",
Brian Wellington's avatar
Brian Wellington committed