diff options
Diffstat (limited to 'third_party/resolv_wrapper')
-rw-r--r-- | third_party/resolv_wrapper/resolv_wrapper.c | 2224 | ||||
-rw-r--r-- | third_party/resolv_wrapper/wscript | 94 |
2 files changed, 2318 insertions, 0 deletions
diff --git a/third_party/resolv_wrapper/resolv_wrapper.c b/third_party/resolv_wrapper/resolv_wrapper.c new file mode 100644 index 0000000..b69a55a --- /dev/null +++ b/third_party/resolv_wrapper/resolv_wrapper.c @@ -0,0 +1,2224 @@ +/* + * Copyright (c) 2014-2018 Andreas Schneider <asn@samba.org> + * Copyright (c) 2014-2016 Jakub Hrozek <jakub.hrozek@posteo.se> + * + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * 3. Neither the name of the author nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +#include "config.h" + +#include <errno.h> +#include <arpa/inet.h> +#ifdef HAVE_ARPA_NAMESER_H +#include <arpa/nameser.h> +#endif /* HAVE_ARPA_NAMESER_H */ +#include <netinet/in.h> +#include <sys/socket.h> +#include <sys/types.h> +#include <stdarg.h> +#include <stdlib.h> +#include <stdio.h> +#include <stdbool.h> +#include <string.h> +#include <unistd.h> +#include <ctype.h> + +#include <resolv.h> + +#if defined(HAVE_RES_STATE_U_EXT_NSADDRS) || defined(HAVE_RES_SOCKADDR_UNION_SIN6) +#define HAVE_RESOLV_IPV6_NSADDRS 1 +#endif + +/* GCC has printf type attribute check. */ +#ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT +#define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b))) +#else +#define PRINTF_ATTRIBUTE(a,b) +#endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */ + +#ifdef HAVE_DESTRUCTOR_ATTRIBUTE +#define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor)) +#else +#define DESTRUCTOR_ATTRIBUTE +#endif /* HAVE_DESTRUCTOR_ATTRIBUTE */ + +#ifndef RWRAP_DEFAULT_FAKE_TTL +#define RWRAP_DEFAULT_FAKE_TTL 600 +#endif /* RWRAP_DEFAULT_FAKE_TTL */ + +#ifndef HAVE_NS_NAME_COMPRESS +#define ns_name_compress dn_comp +#endif + +#define ns_t_uri 256 + +enum rwrap_dbglvl_e { + RWRAP_LOG_ERROR = 0, + RWRAP_LOG_WARN, + RWRAP_LOG_NOTICE, + RWRAP_LOG_DEBUG, + RWRAP_LOG_TRACE +}; + +#ifndef HAVE_GETPROGNAME +static const char *getprogname(void) +{ +#if defined(HAVE_PROGRAM_INVOCATION_SHORT_NAME) + return program_invocation_short_name; +#elif defined(HAVE_GETEXECNAME) + return getexecname(); +#else + return NULL; +#endif /* HAVE_PROGRAM_INVOCATION_SHORT_NAME */ +} +#endif /* HAVE_GETPROGNAME */ + +static void rwrap_log(enum rwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4); +# define RWRAP_LOG(dbglvl, ...) rwrap_log((dbglvl), __func__, __VA_ARGS__) + +static void rwrap_log(enum rwrap_dbglvl_e dbglvl, + const char *func, + const char *format, ...) +{ + char buffer[1024]; + va_list va; + const char *d; + unsigned int lvl = 0; + const char *prefix = NULL; + const char *progname = NULL; + + d = getenv("RESOLV_WRAPPER_DEBUGLEVEL"); + if (d != NULL) { + lvl = atoi(d); + } + + if (lvl < dbglvl) { + return; + } + + va_start(va, format); + vsnprintf(buffer, sizeof(buffer), format, va); + va_end(va); + + switch (dbglvl) { + case RWRAP_LOG_ERROR: + prefix = "RWRAP_ERROR"; + break; + case RWRAP_LOG_WARN: + prefix = "RWRAP_WARN"; + break; + case RWRAP_LOG_NOTICE: + prefix = "RWRAP_NOTICE"; + break; + case RWRAP_LOG_DEBUG: + prefix = "RWRAP_DEBUG"; + break; + case RWRAP_LOG_TRACE: + prefix = "RWRAP_TRACE"; + break; + } + + progname = getprogname(); + if (progname == NULL) { + progname = "<unknown>"; + } + + fprintf(stderr, + "%s[%s (%u)] - %s: %s\n", + prefix, + progname, + (unsigned int)getpid(), + func, + buffer); +} + +#ifndef SAFE_FREE +#define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0) +#endif + +#define NEXT_KEY(buf, key) do { \ + (key) = (buf) ? strpbrk((buf), " \t") : NULL; \ + if ((key) != NULL) { \ + (key)[0] = '\0'; \ + (key)++; \ + } \ + while ((key) != NULL \ + && (isblank((int)(key)[0]))) { \ + (key)++; \ + } \ +} while(0); + +#define RWRAP_MAX_RECURSION 64 + +union rwrap_sockaddr { + struct sockaddr sa; + struct sockaddr_in in; + struct sockaddr_in6 in6; +}; + +/* Priority and weight can be omitted from the hosts file, but need to be part + * of the output + */ +#define DFL_SRV_PRIO 1 +#define DFL_SRV_WEIGHT 100 +#define DFL_URI_PRIO 1 +#define DFL_URI_WEIGHT 100 + +struct rwrap_srv_rrdata { + uint16_t port; + uint16_t prio; + uint16_t weight; + char hostname[MAXDNAME]; +}; + +struct rwrap_uri_rrdata { + uint16_t prio; + uint16_t weight; + char uri[MAXDNAME]; +}; + +struct rwrap_soa_rrdata { + uint32_t serial; + uint32_t refresh; + uint32_t retry; + uint32_t expire; + uint32_t minimum; + char nameserver[MAXDNAME]; + char mailbox[MAXDNAME]; +}; + +struct rwrap_fake_rr { + union fake_rrdata { + struct in_addr a_rec; + struct in6_addr aaaa_rec; + struct rwrap_srv_rrdata srv_rec; + struct rwrap_uri_rrdata uri_rec; + struct rwrap_soa_rrdata soa_rec; + char cname_rec[MAXDNAME]; + char ptr_rec[MAXDNAME]; + char txt_rec[MAXDNAME]; + } rrdata; + + char key[MAXDNAME]; + int type; /* ns_t_* */ +}; + +static void rwrap_fake_rr_init(struct rwrap_fake_rr *rr, size_t len) +{ + size_t i; + + for (i = 0; i < len; i++) { + rr[i].type = ns_t_invalid; + } +} + +static int rwrap_create_fake_a_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + int ok; + + ok = inet_pton(AF_INET, value, &rr->rrdata.a_rec); + if (!ok) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Failed to convert [%s] to binary\n", value); + return -1; + } + + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_a; + return 0; +} + +static int rwrap_create_fake_aaaa_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + int ok; + + ok = inet_pton(AF_INET6, value, &rr->rrdata.aaaa_rec); + if (!ok) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Failed to convert [%s] to binary\n", value); + return -1; + } + + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_aaaa; + return 0; +} +static int rwrap_create_fake_ns_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + memcpy(rr->rrdata.srv_rec.hostname, value, strlen(value) + 1); + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_ns; + return 0; +} + +static int rwrap_create_fake_srv_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + char *str_prio; + char *str_weight; + char *str_port; + const char *hostname; + + /* parse the value into priority, weight, port and hostname + * and check the validity */ + hostname = value; + NEXT_KEY(hostname, str_port); + NEXT_KEY(str_port, str_prio); + NEXT_KEY(str_prio, str_weight); + if (str_port == NULL || hostname == NULL) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Malformed SRV entry [%s]\n", value); + return -1; + } + + if (str_prio) { + rr->rrdata.srv_rec.prio = atoi(str_prio); + } else { + rr->rrdata.srv_rec.prio = DFL_SRV_PRIO; + } + if (str_weight) { + rr->rrdata.srv_rec.weight = atoi(str_weight); + } else { + rr->rrdata.srv_rec.weight = DFL_SRV_WEIGHT; + } + rr->rrdata.srv_rec.port = atoi(str_port); + memcpy(rr->rrdata.srv_rec.hostname , hostname, strlen(hostname) + 1); + + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_srv; + return 0; +} + +static int rwrap_create_fake_uri_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + char *str_prio; + char *str_weight; + const char *uri; + + /* parse the value into priority, weight, and uri + * and check the validity */ + uri = value; + NEXT_KEY(uri, str_prio); + NEXT_KEY(str_prio, str_weight); + if (uri == NULL) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Malformed URI entry [<null>]\n"); + return -1; + } + + if (str_prio) { + rr->rrdata.uri_rec.prio = atoi(str_prio); + } else { + rr->rrdata.uri_rec.prio = DFL_URI_PRIO; + } + if (str_weight) { + rr->rrdata.uri_rec.weight = atoi(str_weight); + } else { + rr->rrdata.uri_rec.weight = DFL_URI_WEIGHT; + } + memcpy(rr->rrdata.uri_rec.uri, uri, strlen(uri) + 1); + + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_uri; + return 0; +} + +static int rwrap_create_fake_txt_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + memcpy(rr->rrdata.txt_rec, value, strlen(value) + 1); + + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_txt; + return 0; +} + +static int rwrap_create_fake_soa_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + const char *nameserver; + char *mailbox; + char *str_serial; + char *str_refresh; + char *str_retry; + char *str_expire; + char *str_minimum; + + /* parse the value into nameserver, mailbox, serial, refresh, + * retry, expire, minimum and check the validity + */ + nameserver = value; + NEXT_KEY(nameserver, mailbox); + NEXT_KEY(mailbox, str_serial); + NEXT_KEY(str_serial, str_refresh); + NEXT_KEY(str_refresh, str_retry); + NEXT_KEY(str_retry, str_expire); + NEXT_KEY(str_expire, str_minimum); + if (nameserver == NULL || mailbox == NULL || str_serial == NULL || + str_refresh == NULL || str_retry == NULL || str_expire == NULL || + str_minimum == NULL) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Malformed SOA entry [%s]\n", value); + return -1; + } + + memcpy(rr->rrdata.soa_rec.nameserver, nameserver, strlen(nameserver)+1); + memcpy(rr->rrdata.soa_rec.mailbox, mailbox, strlen(mailbox)+1); + + rr->rrdata.soa_rec.serial = atoi(str_serial); + rr->rrdata.soa_rec.refresh = atoi(str_refresh); + rr->rrdata.soa_rec.retry = atoi(str_retry); + rr->rrdata.soa_rec.expire = atoi(str_expire); + rr->rrdata.soa_rec.minimum = atoi(str_minimum); + + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_soa; + return 0; +} + +static int rwrap_create_fake_cname_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + memcpy(rr->rrdata.cname_rec , value, strlen(value) + 1); + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_cname; + return 0; +} + +static int rwrap_create_fake_ptr_rr(const char *key, + const char *value, + struct rwrap_fake_rr *rr) +{ + memcpy(rr->rrdata.ptr_rec , value, strlen(value) + 1); + memcpy(rr->key, key, strlen(key) + 1); + rr->type = ns_t_ptr; + return 0; +} + +/* Prepares a fake header with a single response. Advances header_blob */ +static ssize_t rwrap_fake_header(uint8_t **header_blob, size_t remaining, + size_t ancount, size_t arcount) +{ + union { + uint8_t *blob; + HEADER *header; + } h; + + if (remaining < NS_HFIXEDSZ) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n"); + return -1; + } + + h.blob = *header_blob; + memset(h.blob, 0, NS_HFIXEDSZ); + + h.header->id = res_randomid(); /* random query ID */ + h.header->qr = 1; /* response flag */ + h.header->rd = 1; /* recursion desired */ + h.header->ra = 1; /* recursion available */ + + h.header->qdcount = htons(1); /* no. of questions */ + h.header->ancount = htons(ancount); /* no. of answers */ + h.header->arcount = htons(arcount); /* no. of add'tl records */ + + /* move past the header */ + *header_blob = h.blob += NS_HFIXEDSZ; + + return NS_HFIXEDSZ; +} + +static ssize_t rwrap_fake_question(const char *question, + uint16_t type, + uint8_t **question_ptr, + size_t remaining) +{ + uint8_t *qb = *question_ptr; + int n; + + n = ns_name_compress(question, qb, remaining, NULL, NULL); + if (n < 0) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Failed to compress [%s]\n", question); + return -1; + } + + qb += n; + remaining -= n; + + if (remaining < 2 * sizeof(uint16_t)) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n"); + return -1; + } + + NS_PUT16(type, qb); + NS_PUT16(ns_c_in, qb); + + *question_ptr = qb; + return n + 2 * sizeof(uint16_t); +} + +static ssize_t rwrap_fake_rdata_common(uint16_t type, + size_t rdata_size, + const char *key, + size_t remaining, + uint8_t **rdata_ptr) +{ + uint8_t *rd = *rdata_ptr; + ssize_t written = 0; + + written = ns_name_compress(key, rd, remaining, NULL, NULL); + if (written < 0) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Failed to compress [%s]\n", key); + return -1; + } + rd += written; + remaining -= written; + + if (remaining < 3 * sizeof(uint16_t) + sizeof(uint32_t)) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small\n"); + return -1; + } + + NS_PUT16(type, rd); + NS_PUT16(ns_c_in, rd); + NS_PUT32(RWRAP_DEFAULT_FAKE_TTL, rd); + NS_PUT16(rdata_size, rd); + + if (remaining < rdata_size) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small\n"); + return -1; + } + + *rdata_ptr = rd; + return written + 3 * sizeof(uint16_t) + sizeof(uint32_t) + rdata_size; +} + +static ssize_t rwrap_fake_a(struct rwrap_fake_rr *rr, + uint8_t *answer_ptr, + size_t anslen) +{ + uint8_t *a = answer_ptr; + ssize_t resp_size; + + if (rr->type != ns_t_a) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding A RR"); + + resp_size = rwrap_fake_rdata_common(ns_t_a, sizeof(struct in_addr), rr->key, + anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, &rr->rrdata.a_rec, sizeof(struct in_addr)); + + return resp_size; +} + +static ssize_t rwrap_fake_aaaa(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size; + + if (rr->type != ns_t_aaaa) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding AAAA RR"); + + resp_size = rwrap_fake_rdata_common(ns_t_aaaa, sizeof(struct in6_addr), + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, &rr->rrdata.aaaa_rec, sizeof(struct in6_addr)); + + return resp_size; +} + +static ssize_t rwrap_fake_ns(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size = 0; + size_t rdata_size; + unsigned char hostname_compressed[MAXDNAME]; + ssize_t compressed_len; + + if (rr->type != ns_t_ns) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding NS RR"); + + /* Prepare the data to write */ + compressed_len = ns_name_compress(rr->rrdata.srv_rec.hostname, + hostname_compressed, + MAXDNAME, + NULL, + NULL); + if (compressed_len < 0) { + return -1; + } + + /* Is this enough? */ + rdata_size = compressed_len; + + resp_size = rwrap_fake_rdata_common(ns_t_ns, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, hostname_compressed, compressed_len); + + return resp_size; +} + +static ssize_t rwrap_fake_srv(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size; + size_t rdata_size; + unsigned char hostname_compressed[MAXDNAME]; + ssize_t compressed_len; + + if (rr->type != ns_t_srv) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SRV RR"); + rdata_size = 3 * sizeof(uint16_t); + + /* Prepare the data to write */ + compressed_len = ns_name_compress(rr->rrdata.srv_rec.hostname, + hostname_compressed, MAXDNAME, + NULL, NULL); + if (compressed_len < 0) { + return -1; + } + rdata_size += compressed_len; + + resp_size = rwrap_fake_rdata_common(ns_t_srv, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + NS_PUT16(rr->rrdata.srv_rec.prio, a); + NS_PUT16(rr->rrdata.srv_rec.weight, a); + NS_PUT16(rr->rrdata.srv_rec.port, a); + memcpy(a, hostname_compressed, compressed_len); + + return resp_size; +} + +static ssize_t rwrap_fake_uri(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size; + size_t rdata_size; + size_t uri_len; + + if (rr->type != ns_t_uri) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding URI RR"); + rdata_size = 3 * sizeof(uint16_t); + uri_len = strlen(rr->rrdata.uri_rec.uri) + 1; + rdata_size += uri_len; + + resp_size = rwrap_fake_rdata_common(ns_t_uri, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + NS_PUT16(rr->rrdata.uri_rec.prio, a); + NS_PUT16(rr->rrdata.uri_rec.weight, a); + memcpy(a, rr->rrdata.uri_rec.uri, uri_len); + + return resp_size; +} + +static ssize_t rwrap_fake_txt(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size; + size_t rdata_size; + size_t txt_len; + + if (rr->type != ns_t_txt) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding TXT RR"); + txt_len = strlen(rr->rrdata.txt_rec) + 1; + rdata_size = txt_len; + + resp_size = rwrap_fake_rdata_common(ns_t_txt, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, rr->rrdata.txt_rec, txt_len); + + return resp_size; +} + +static ssize_t rwrap_fake_soa(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size; + size_t rdata_size; + unsigned char nameser_compressed[MAXDNAME]; + ssize_t compressed_ns_len; + unsigned char mailbox_compressed[MAXDNAME]; + ssize_t compressed_mb_len; + + if (rr->type != ns_t_soa) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SOA RR"); + rdata_size = 5 * sizeof(uint16_t); + + compressed_ns_len = ns_name_compress(rr->rrdata.soa_rec.nameserver, + nameser_compressed, + MAXDNAME, NULL, NULL); + if (compressed_ns_len < 0) { + return -1; + } + rdata_size += compressed_ns_len; + + compressed_mb_len = ns_name_compress(rr->rrdata.soa_rec.mailbox, + mailbox_compressed, + MAXDNAME, NULL, NULL); + if (compressed_mb_len < 0) { + return -1; + } + rdata_size += compressed_mb_len; + + resp_size = rwrap_fake_rdata_common(ns_t_soa, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, nameser_compressed, compressed_ns_len); + a += compressed_ns_len; + memcpy(a, mailbox_compressed, compressed_mb_len); + a += compressed_mb_len; + NS_PUT32(rr->rrdata.soa_rec.serial, a); + NS_PUT32(rr->rrdata.soa_rec.refresh, a); + NS_PUT32(rr->rrdata.soa_rec.retry, a); + NS_PUT32(rr->rrdata.soa_rec.expire, a); + NS_PUT32(rr->rrdata.soa_rec.minimum, a); + + return resp_size; +} + +static ssize_t rwrap_fake_cname(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t resp_size; + unsigned char hostname_compressed[MAXDNAME]; + ssize_t rdata_size; + + if (rr->type != ns_t_cname) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding CNAME RR"); + + /* Prepare the data to write */ + rdata_size = ns_name_compress(rr->rrdata.cname_rec, + hostname_compressed, MAXDNAME, + NULL, NULL); + if (rdata_size < 0) { + return -1; + } + + resp_size = rwrap_fake_rdata_common(ns_t_cname, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, hostname_compressed, rdata_size); + + return resp_size; +} + +static ssize_t rwrap_fake_ptr(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + uint8_t *a = answer; + ssize_t rdata_size; + ssize_t resp_size; + unsigned char hostname_compressed[MAXDNAME]; + + if (rr->type != ns_t_ptr) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n"); + return -1; + } + RWRAP_LOG(RWRAP_LOG_TRACE, "Adding PTR RR"); + + /* Prepare the data to write */ + rdata_size = ns_name_compress(rr->rrdata.ptr_rec, + hostname_compressed, MAXDNAME, + NULL, NULL); + if (rdata_size < 0) { + return -1; + } + + resp_size = rwrap_fake_rdata_common(ns_t_ptr, rdata_size, + rr->key, anslen, &a); + if (resp_size < 0) { + return -1; + } + + memcpy(a, hostname_compressed, rdata_size); + + return resp_size; +} + +#define RESOLV_MATCH(line, name) \ + (strncmp(line, name, sizeof(name) - 1) == 0 && \ + (line[sizeof(name) - 1] == ' ' || \ + line[sizeof(name) - 1] == '\t')) + +#define TYPE_MATCH(type, ns_type, rec_type, str_type, key, query) \ + ((type) == (ns_type) && \ + (strncmp((rec_type), (str_type), sizeof(str_type)) == 0) && \ + (strcasecmp(key, query)) == 0) + + +static int rwrap_get_record(const char *hostfile, unsigned recursion, + const char *query, int type, + struct rwrap_fake_rr *rr); + +static int rwrap_uri_recurse(const char *hostfile, unsigned recursion, + const char *query, struct rwrap_fake_rr *rr) +{ + int rc; + + rc = rwrap_get_record(hostfile, recursion, query, ns_t_uri, rr); + if (rc == ENOENT) { + rc = 0; + } + + return rc; +} + +static int rwrap_srv_recurse(const char *hostfile, unsigned recursion, + const char *query, struct rwrap_fake_rr *rr) +{ + int rc; + + rc = rwrap_get_record(hostfile, recursion, query, ns_t_a, rr); + if (rc == 0) return 0; + + rc = rwrap_get_record(hostfile, recursion, query, ns_t_aaaa, rr); + if (rc == ENOENT) rc = 0; + + return rc; +} + +static int rwrap_cname_recurse(const char *hostfile, unsigned recursion, + const char *query, struct rwrap_fake_rr *rr) +{ + int rc; + + rc = rwrap_get_record(hostfile, recursion, query, ns_t_a, rr); + if (rc == 0) return 0; + + rc = rwrap_get_record(hostfile, recursion, query, ns_t_aaaa, rr); + if (rc == 0) return 0; + + rc = rwrap_get_record(hostfile, recursion, query, ns_t_cname, rr); + if (rc == ENOENT) rc = 0; + + return rc; +} + +static int rwrap_get_record(const char *hostfile, unsigned recursion, + const char *query, int type, + struct rwrap_fake_rr *rr) +{ + FILE *fp = NULL; + char buf[BUFSIZ]; + char *key = NULL; + char *value = NULL; + int rc = ENOENT; + unsigned num_uris = 0; + + if (recursion >= RWRAP_MAX_RECURSION) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Recursed too deep!\n"); + return -1; + } + + RWRAP_LOG(RWRAP_LOG_TRACE, + "Searching in fake hosts file %s for %s:%d\n", hostfile, + query, type); + + fp = fopen(hostfile, "r"); + if (fp == NULL) { + RWRAP_LOG(RWRAP_LOG_WARN, + "Opening %s failed: %s", + hostfile, strerror(errno)); + return -1; + } + + while (fgets(buf, sizeof(buf), fp) != NULL) { + char *rec_type; + char *q; + + rec_type = buf; + key = value = NULL; + + NEXT_KEY(rec_type, key); + NEXT_KEY(key, value); + + if (key == NULL || value == NULL) { + RWRAP_LOG(RWRAP_LOG_WARN, + "Malformed line: not enough parts, use \"rec_type key data\n" + "For example \"A cwrap.org 10.10.10.10\""); + continue; + } + + q = value; + while(q[0] != '\n' && q[0] != '\0') { + q++; + } + q[0] = '\0'; + + if (type == ns_t_uri && recursion > 0) { + /* Skip non-URI records. */ + if (!TYPE_MATCH(type, ns_t_uri, rec_type, "URI", key, query)) { + continue; + } + /* Skip previous records based on the recurse depth. */ + num_uris++; + if (num_uris <= recursion) { + continue; + } + } + + if (TYPE_MATCH(type, ns_t_a, rec_type, "A", key, query)) { + rc = rwrap_create_fake_a_rr(key, value, rr); + break; + } else if (TYPE_MATCH(type, ns_t_aaaa, + rec_type, "AAAA", key, query)) { + rc = rwrap_create_fake_aaaa_rr(key, value, rr); + break; + } else if (TYPE_MATCH(type, ns_t_ns, + rec_type, "NS", key, query)) { + rc = rwrap_create_fake_ns_rr(key, value, rr); + break; + } else if (TYPE_MATCH(type, ns_t_srv, + rec_type, "SRV", key, query)) { + rc = rwrap_create_fake_srv_rr(key, value, rr); + if (rc == 0) { + rc = rwrap_srv_recurse(hostfile, recursion+1, + rr->rrdata.srv_rec.hostname, + rr + 1); + } + break; + } else if (TYPE_MATCH(type, ns_t_uri, + rec_type, "URI", key, query)) { + rc = rwrap_create_fake_uri_rr(key, value, rr); + if (rc == 0) { + /* Recurse to collect multiple URI answers under a single key. */ + rc = rwrap_uri_recurse(hostfile, recursion + 1, key, rr + 1); + } + break; + } else if (TYPE_MATCH(type, ns_t_soa, + rec_type, "SOA", key, query)) { + rc = rwrap_create_fake_soa_rr(key, value, rr); + break; + } else if (TYPE_MATCH(type, ns_t_cname, + rec_type, "CNAME", key, query)) { + rc = rwrap_create_fake_cname_rr(key, value, rr); + if (rc == 0) { + rc = rwrap_cname_recurse(hostfile, recursion+1, + value, rr + 1); + } + break; + } else if (TYPE_MATCH(type, ns_t_a, rec_type, "CNAME", key, query)) { + rc = rwrap_create_fake_cname_rr(key, value, rr); + if (rc == 0) { + rc = rwrap_cname_recurse(hostfile, recursion+1, + value, rr + 1); + } + break; + } else if (TYPE_MATCH(type, ns_t_ptr, + rec_type, "PTR", key, query)) { + rc = rwrap_create_fake_ptr_rr(key, value, rr); + break; + } + else if (TYPE_MATCH(type, ns_t_txt, + rec_type, "TXT", key, query)) { + rc = rwrap_create_fake_txt_rr(key, value, rr); + break; + } + } + + if (rc == ENOENT && recursion == 0 && key != NULL) { + RWRAP_LOG(RWRAP_LOG_TRACE, "Record for [%s] not found\n", query); + memcpy(rr->key, key, strlen(key) + 1); + } + + fclose(fp); + return rc; +} + +static ssize_t rwrap_fake_empty(int type, + const char *question, + uint8_t *answer, + size_t anslen) +{ + ssize_t resp_data; + size_t remaining = anslen; + + resp_data = rwrap_fake_header(&answer, remaining, 0, 0); + if (resp_data < 0) { + return -1; + } + remaining -= resp_data; + + resp_data += rwrap_fake_question(question, type, &answer, remaining); + if (resp_data < 0) { + return -1; + } + remaining -= resp_data; + + resp_data += rwrap_fake_rdata_common(type, 0, question, + remaining, &answer); + if (resp_data < 0) { + return -1; + } + + return resp_data; +} + +static inline bool rwrap_known_type(int type) +{ + switch (type) { + case ns_t_a: + case ns_t_aaaa: + case ns_t_ns: + case ns_t_srv: + case ns_t_uri: + case ns_t_soa: + case ns_t_cname: + case ns_t_ptr: + case ns_t_txt: + return true; + } + + return false; +} + +static int rwrap_ancount(struct rwrap_fake_rr *rrs, int qtype) +{ + int i; + int ancount = 0; + + /* For URI return the number of URIs. */ + if (qtype == ns_t_uri) { + for (i = 0; i < RWRAP_MAX_RECURSION; i++) { + if (rwrap_known_type(rrs[i].type) && + rrs[i].type == qtype) { + ancount++; + } + } + return ancount; + } + + /* Include all RRs in the stack until the sought type + * in the answer section. This is the case i.e. when looking + * up an A record but the name points to a CNAME + */ + for (i = 0; i < RWRAP_MAX_RECURSION; i++) { + ancount++; + + if (rwrap_known_type(rrs[i].type) && + rrs[i].type == qtype) { + break; + } + } + + /* Return 0 records if the sought type wasn't in the stack */ + return i < RWRAP_MAX_RECURSION ? ancount : 0; +} + +static int rwrap_arcount(struct rwrap_fake_rr *rrs, int ancount) +{ + int i; + int arcount = 0; + + /* start from index ancount */ + for (i = ancount; i < RWRAP_MAX_RECURSION; i++) { + if (rwrap_known_type(rrs[i].type)) { + arcount++; + } + } + + return arcount; +} + +static ssize_t rwrap_add_rr(struct rwrap_fake_rr *rr, + uint8_t *answer, + size_t anslen) +{ + ssize_t resp_data; + + if (rr == NULL) { + RWRAP_LOG(RWRAP_LOG_ERROR, "Internal error!\n"); + return -1; + } + + switch (rr->type) { + case ns_t_a: + resp_data = rwrap_fake_a(rr, answer, anslen); + break; + case ns_t_aaaa: + resp_data = rwrap_fake_aaaa(rr, answer, anslen); + break; + case ns_t_ns: + resp_data = rwrap_fake_ns(rr, answer, anslen); + break; + case ns_t_srv: + resp_data = rwrap_fake_srv(rr, answer, anslen); + break; + case ns_t_uri: + resp_data = rwrap_fake_uri(rr, answer, anslen); + break; + case ns_t_soa: + resp_data = rwrap_fake_soa(rr, answer, anslen); + break; + case ns_t_cname: + resp_data = rwrap_fake_cname(rr, answer, anslen); + break; + case ns_t_ptr: + resp_data = rwrap_fake_ptr(rr, answer, anslen); + break; + case ns_t_txt: + resp_data = rwrap_fake_txt(rr, answer, anslen); + break; + default: + return -1; + } + + return resp_data; +} + +static ssize_t rwrap_fake_answer(struct rwrap_fake_rr *rrs, + int type, + uint8_t *answer, + size_t anslen) + +{ + ssize_t resp_data; + ssize_t rrlen; + size_t remaining = anslen; + int ancount; + int arcount; + int i; + + ancount = rwrap_ancount(rrs, type); + arcount = rwrap_arcount(rrs, ancount); + RWRAP_LOG(RWRAP_LOG_TRACE, + "Got %d answers and %d additional records\n", ancount, arcount); + + resp_data = rwrap_fake_header(&answer, remaining, ancount, arcount); + if (resp_data < 0) { + return -1; + } + remaining -= resp_data; + + resp_data += rwrap_fake_question(rrs->key, rrs->type, &answer, remaining); + if (resp_data < 0) { + return -1; + } + remaining -= resp_data; + + /* answer */ + for (i = 0; i < ancount; i++) { + rrlen = rwrap_add_rr(&rrs[i], answer, remaining); + if (rrlen < 0) { + return -1; + } + remaining -= rrlen; + answer += rrlen; + resp_data += rrlen; + } + + /* add authoritative NS here? */ + + /* additional records */ + for (i = ancount; i < ancount + arcount; i++) { + rrlen = rwrap_add_rr(&rrs[i], answer, remaining); + if (rrlen < 0) { + return -1; + } + remaining -= rrlen; + answer += rrlen; + resp_data += rrlen; + } + + return resp_data; +} + +/* Reads in a file in the following format: + * TYPE RDATA + * + * Malformed entries are silently skipped. + * Allocates answer buffer of size anslen that has to be freed after use. + */ +static int rwrap_res_fake_hosts(const char *hostfile, + const char *query, + int type, + unsigned char *answer, + size_t anslen) +{ + int rc = ENOENT; + char *query_name = NULL; + size_t qlen = strlen(query); + struct rwrap_fake_rr rrs[RWRAP_MAX_RECURSION]; + ssize_t resp_size; + + RWRAP_LOG(RWRAP_LOG_TRACE, + "Searching in fake hosts file %s\n", hostfile); + + if (qlen > 0 && query[qlen-1] == '.') { + qlen--; + } + + query_name = strndup(query, qlen); + if (query_name == NULL) { + return -1; + } + + rwrap_fake_rr_init(rrs, RWRAP_MAX_RECURSION); + + rc = rwrap_get_record(hostfile, 0, query_name, type, rrs); + switch (rc) { + case 0: + RWRAP_LOG(RWRAP_LOG_TRACE, + "Found record for [%s]\n", query_name); + resp_size = rwrap_fake_answer(rrs, type, answer, anslen); + break; + case ENOENT: + RWRAP_LOG(RWRAP_LOG_TRACE, + "No record for [%s]\n", query_name); + resp_size = rwrap_fake_empty(type, rrs->key, answer, anslen); + break; + default: + RWRAP_LOG(RWRAP_LOG_NOTICE, + "Searching for [%s] did not return any results\n", + query_name); + free(query_name); + return -1; + } + + switch (resp_size) { + case -1: + RWRAP_LOG(RWRAP_LOG_ERROR, + "Error faking answer for [%s]\n", query_name); + break; + default: + RWRAP_LOG(RWRAP_LOG_TRACE, + "Successfully faked answer for [%s]\n", + query_name); + break; + } + + free(query_name); + return resp_size; +} + +/********************************************************* + * RWRAP LOADING LIBC FUNCTIONS + *********************************************************/ + +#include <dlfcn.h> + +typedef int (*__libc_res_ninit)(struct __res_state *state); +typedef int (*__libc___res_ninit)(struct __res_state *state); +typedef void (*__libc_res_nclose)(struct __res_state *state); +typedef void (*__libc___res_nclose)(struct __res_state *state); +typedef int (*__libc_res_nquery)(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen); +typedef int (*__libc___res_nquery)(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen); +typedef int (*__libc_res_nsearch)(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen); +typedef int (*__libc___res_nsearch)(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen); + +#define RWRAP_SYMBOL_ENTRY(i) \ + union { \ + __libc_##i f; \ + void *obj; \ + } _libc_##i + +struct rwrap_libc_symbols { + RWRAP_SYMBOL_ENTRY(res_ninit); + RWRAP_SYMBOL_ENTRY(__res_ninit); + RWRAP_SYMBOL_ENTRY(res_nclose); + RWRAP_SYMBOL_ENTRY(__res_nclose); + RWRAP_SYMBOL_ENTRY(res_nquery); + RWRAP_SYMBOL_ENTRY(__res_nquery); + RWRAP_SYMBOL_ENTRY(res_nsearch); + RWRAP_SYMBOL_ENTRY(__res_nsearch); +}; +#undef RWRAP_SYMBOL_ENTRY + +struct rwrap { + struct { + void *handle; + struct rwrap_libc_symbols symbols; + } libc; + + struct { + void *handle; + struct rwrap_libc_symbols symbols; + } libresolv; + + bool initialised; + bool enabled; + + char *socket_dir; +}; + +static struct rwrap rwrap; + +enum rwrap_lib { + RWRAP_LIBC, + RWRAP_LIBRESOLV +}; + +static const char *rwrap_str_lib(enum rwrap_lib lib) +{ + switch (lib) { + case RWRAP_LIBC: + return "libc"; + case RWRAP_LIBRESOLV: + return "libresolv"; + } + + /* Compiler would warn us about unhandled enum value if we get here */ + return "unknown"; +} + +static void *rwrap_load_lib_handle(enum rwrap_lib lib) +{ + int flags = RTLD_LAZY; + void *handle = NULL; + int i; + +#ifdef RTLD_DEEPBIND + const char *env_preload = getenv("LD_PRELOAD"); + const char *env_deepbind = getenv("RESOLV_WRAPPER_DISABLE_DEEPBIND"); + bool enable_deepbind = true; + + /* Don't do a deepbind if we run with libasan */ + if (env_preload != NULL && strlen(env_preload) < 1024) { + const char *p = strstr(env_preload, "libasan.so"); + if (p != NULL) { + enable_deepbind = false; + } + } + + if (env_deepbind != NULL && strlen(env_deepbind) >= 1) { + enable_deepbind = false; + } + + if (enable_deepbind) { + flags |= RTLD_DEEPBIND; + } +#endif + + switch (lib) { + case RWRAP_LIBRESOLV: +#ifdef HAVE_LIBRESOLV + handle = rwrap.libresolv.handle; + if (handle == NULL) { + for (i = 10; i >= 0; i--) { + char soname[256] = {0}; + + snprintf(soname, sizeof(soname), "libresolv.so.%d", i); + handle = dlopen(soname, flags); + if (handle != NULL) { + break; + } + } + + rwrap.libresolv.handle = handle; + } + break; +#endif + /* FALL TROUGH */ + case RWRAP_LIBC: + handle = rwrap.libc.handle; +#ifdef LIBC_SO + if (handle == NULL) { + handle = dlopen(LIBC_SO, flags); + + rwrap.libc.handle = handle; + } +#endif + if (handle == NULL) { + for (i = 10; i >= 0; i--) { + char soname[256] = {0}; + + snprintf(soname, sizeof(soname), "libc.so.%d", i); + handle = dlopen(soname, flags); + if (handle != NULL) { + break; + } + } + + rwrap.libc.handle = handle; + } + break; + } + + if (handle == NULL) { +#ifdef RTLD_NEXT + handle = rwrap.libc.handle = rwrap.libresolv.handle = RTLD_NEXT; +#else + RWRAP_LOG(RWRAP_LOG_ERROR, + "Failed to dlopen library: %s\n", + dlerror()); + exit(-1); +#endif + } + + return handle; +} + +static void *_rwrap_bind_symbol(enum rwrap_lib lib, const char *fn_name) +{ + void *handle; + void *func; + + handle = rwrap_load_lib_handle(lib); + + func = dlsym(handle, fn_name); + if (func == NULL) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Failed to find %s: %s\n", + fn_name, dlerror()); + exit(-1); + } + + RWRAP_LOG(RWRAP_LOG_TRACE, + "Loaded %s from %s", + fn_name, rwrap_str_lib(lib)); + return func; +} + +#define rwrap_bind_symbol_libc(sym_name) \ + if (rwrap.libc.symbols._libc_##sym_name.obj == NULL) { \ + rwrap.libc.symbols._libc_##sym_name.obj = \ + _rwrap_bind_symbol(RWRAP_LIBC, #sym_name); \ + } + +#define rwrap_bind_symbol_libresolv(sym_name) \ + if (rwrap.libresolv.symbols._libc_##sym_name.obj == NULL) { \ + rwrap.libresolv.symbols._libc_##sym_name.obj = \ + _rwrap_bind_symbol(RWRAP_LIBRESOLV, #sym_name); \ + } + +/* + * IMPORTANT + * + * Functions especially from libc need to be loaded individually, you can't load + * all at once or gdb will segfault at startup. The same applies to valgrind and + * has probably something todo with with the linker. + * So we need load each function at the point it is called the first time. + */ + +static int libc_res_ninit(struct __res_state *state) +{ +#if !defined(res_ninit) && defined(HAVE_RES_NINIT) + rwrap_bind_symbol_libresolv(res_ninit); + + return rwrap.libresolv.symbols._libc_res_ninit.f(state); +#elif defined(HAVE___RES_NINIT) + rwrap_bind_symbol_libresolv(__res_ninit); + + return rwrap.libresolv.symbols._libc___res_ninit.f(state); +#else +#error "No res_ninit function" +#endif +} + +static void libc_res_nclose(struct __res_state *state) +{ +#if !defined(res_close) && defined(HAVE_RES_NCLOSE) + rwrap_bind_symbol_libresolv(res_nclose); + + rwrap.libresolv.symbols._libc_res_nclose.f(state); + return; +#elif defined(HAVE___RES_NCLOSE) + rwrap_bind_symbol_libresolv(__res_nclose); + + rwrap.libresolv.symbols._libc___res_nclose.f(state); +#else +#error "No res_nclose function" +#endif +} + +static int libc_res_nquery(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +{ +#if !defined(res_nquery) && defined(HAVE_RES_NQUERY) + rwrap_bind_symbol_libresolv(res_nquery); + + return rwrap.libresolv.symbols._libc_res_nquery.f(state, + dname, + class, + type, + answer, + anslen); +#elif defined(HAVE___RES_NQUERY) + rwrap_bind_symbol_libresolv(__res_nquery); + + return rwrap.libresolv.symbols._libc___res_nquery.f(state, + dname, + class, + type, + answer, + anslen); +#else +#error "No res_nquery function" +#endif +} + +static int libc_res_nsearch(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +{ +#if !defined(res_nsearch) && defined(HAVE_RES_NSEARCH) + rwrap_bind_symbol_libresolv(res_nsearch); + + return rwrap.libresolv.symbols._libc_res_nsearch.f(state, + dname, + class, + type, + answer, + anslen); +#elif defined(HAVE___RES_NSEARCH) + rwrap_bind_symbol_libresolv(__res_nsearch); + + return rwrap.libresolv.symbols._libc___res_nsearch.f(state, + dname, + class, + type, + answer, + anslen); +#else +#error "No res_nsearch function" +#endif +} + +/**************************************************************************** + * RES_HELPER + ***************************************************************************/ + +static size_t rwrap_get_nameservers(struct __res_state *state, + size_t nserv, + union rwrap_sockaddr *nsaddrs) +{ +#ifdef HAVE_RES_SOCKADDR_UNION_SIN + union res_sockaddr_union set[MAXNS]; + size_t i; + int rc; + + memset(set, 0, sizeof(set)); + memset(nsaddrs, 0, sizeof(*nsaddrs) * nserv); + + if (nserv > MAXNS) { + nserv = MAXNS; + } + + rc = res_getservers(state, set, nserv); + if (rc <= 0) { + return 0; + } + if (rc < nserv) { + nserv = rc; + } + + for (i = 0; i < nserv; i++) { + switch (set[i].sin.sin_family) { + case AF_INET: + nsaddrs[i] = (union rwrap_sockaddr) { + .in = set[i].sin, + }; + break; +#ifdef HAVE_RES_SOCKADDR_UNION_SIN6 + case AF_INET6: + nsaddrs[i] = (union rwrap_sockaddr) { + .in6 = set[i].sin6, + }; + break; +#endif + } + } + + return nserv; +#else /* ! HAVE_RES_SOCKADDR_UNION_SIN */ + size_t i; + + memset(nsaddrs, 0, sizeof(*nsaddrs) * nserv); + + if (nserv > (size_t)state->nscount) { + nserv = (size_t)state->nscount; + } + + for (i = 0; i < nserv; i++) { +#ifdef HAVE_RES_STATE_U_EXT_NSADDRS + if (state->_u._ext.nsaddrs[i] != NULL) { + nsaddrs[i] = (union rwrap_sockaddr) { + .in6 = *state->_u._ext.nsaddrs[i], + }; + } else +#endif /* HAVE_RES_STATE_U_EXT_NSADDRS */ + { + nsaddrs[i] = (union rwrap_sockaddr) { + .in = state->nsaddr_list[i], + }; + } + } + + return nserv; +#endif /* ! HAVE_RES_SOCKADDR_UNION_SIN */ +} + +static void rwrap_log_nameservers(enum rwrap_dbglvl_e dbglvl, + const char *func, + struct __res_state *state) +{ + union rwrap_sockaddr nsaddrs[MAXNS]; + size_t nserv = MAXNS; + size_t i; + + memset(nsaddrs, 0, sizeof(nsaddrs)); + nserv = rwrap_get_nameservers(state, nserv, nsaddrs); + for (i = 0; i < nserv; i++) { + char ip[INET6_ADDRSTRLEN]; + + switch (nsaddrs[i].sa.sa_family) { + case AF_INET: + inet_ntop(AF_INET, &(nsaddrs[i].in.sin_addr), + ip, sizeof(ip)); + break; + case AF_INET6: + inet_ntop(AF_INET6, &(nsaddrs[i].in6.sin6_addr), + ip, sizeof(ip)); + break; + default: + snprintf(ip, sizeof(ip), "<unknown sa_family=%d", + nsaddrs[i].sa.sa_family); + break; + } + + rwrap_log(dbglvl, func, + " nameserver: %s", + ip); + } +} + +static void rwrap_reset_nameservers(struct __res_state *state) +{ +#ifdef HAVE_RES_SOCKADDR_UNION_SIN + res_setservers(state, NULL, 0); +#else /* ! HAVE_RES_SOCKADDR_UNION_SIN */ +#ifdef HAVE_RES_STATE_U_EXT_NSADDRS + size_t i; + + for (i = 0; i < (size_t)state->nscount; i++) { + if (state->_u._ext.nssocks[i] != -1) { + close(state->_u._ext.nssocks[i]); + state->_u._ext.nssocks[i] = -1; + } + SAFE_FREE(state->_u._ext.nsaddrs[i]); + } + memset(&state->_u._ext, 0, sizeof(state->_u._ext)); + for (i = 0; i < MAXNS; i++) { + state->_u._ext.nssocks[i] = -1; + state->_u._ext.nsmap[i] = MAXNS + 1; + } + state->ipv6_unavail = false; +#endif + memset(state->nsaddr_list, 0, sizeof(state->nsaddr_list)); + state->nscount = 0; +#endif /* ! HAVE_RES_SOCKADDR_UNION_SIN */ +} + +static int rwrap_set_nameservers(struct __res_state *state, + size_t nserv, + const union rwrap_sockaddr *nsaddrs) +{ +#ifdef HAVE_RES_SOCKADDR_UNION_SIN + union res_sockaddr_union set[MAXNS]; + size_t i; + + memset(set, 0, sizeof(set)); + + if (nserv > MAXNS) { + nserv = MAXNS; + } + + rwrap_reset_nameservers(state); + + for (i = 0; i < nserv; i++) { + switch (nsaddrs[i].sa.sa_family) { + case AF_INET: + set[i] = (union res_sockaddr_union) { + .sin = nsaddrs[i].in, + }; + break; +#ifdef HAVE_RES_SOCKADDR_UNION_SIN6 + case AF_INET6: + set[i] = (union res_sockaddr_union) { + .sin6 = nsaddrs[i].in6, + }; + break; +#endif + default: + RWRAP_LOG(RWRAP_LOG_ERROR, + "Internal error unhandled sa_family=%d", + nsaddrs[i].sa.sa_family); + errno = ENOSYS; + return -1; + } + } + + res_setservers(state, set, nserv); + return 0; +#else /* ! HAVE_RES_SOCKADDR_UNION_SIN */ + size_t i; + + if (nserv > MAXNS) { + nserv = MAXNS; + } + rwrap_reset_nameservers(state); + + for (i = 0; i < nserv; i++) { + switch (nsaddrs[i].sa.sa_family) { + case AF_INET: + state->nsaddr_list[i] = nsaddrs[i].in; + break; +#ifdef HAVE_RES_STATE_U_EXT_NSADDRS + case AF_INET6: + state->_u._ext.nsaddrs[i] = malloc(sizeof(nsaddrs[i].in6)); + if (state->_u._ext.nsaddrs[i] == NULL) { + rwrap_reset_nameservers(state); + errno = ENOMEM; + return -1; + } + *state->_u._ext.nsaddrs[i] = nsaddrs[i].in6; + state->_u._ext.nssocks[i] = -1; + state->_u._ext.nsmap[i] = MAXNS + 1; + state->_u._ext.nscount6++; + break; +#endif + default: + RWRAP_LOG(RWRAP_LOG_ERROR, + "Internal error unhandled sa_family=%d", + nsaddrs[i].sa.sa_family); + rwrap_reset_nameservers(state); + errno = ENOSYS; + return -1; + } + } + + /* + * note that state->_u._ext.nscount is left as 0, + * this matches glibc and allows resolv wrapper + * to work with most (maybe all) glibc versions. + */ + state->nscount = i; + + return 0; +#endif /* ! HAVE_RES_SOCKADDR_UNION_SIN */ +} + +static int rwrap_parse_resolv_conf(struct __res_state *state, + const char *resolv_conf) +{ + FILE *fp; + char buf[BUFSIZ]; + size_t nserv = 0; + union rwrap_sockaddr nsaddrs[MAXNS]; + + memset(nsaddrs, 0, sizeof(nsaddrs)); + + fp = fopen(resolv_conf, "r"); + if (fp == NULL) { + RWRAP_LOG(RWRAP_LOG_WARN, + "Opening %s failed: %s", + resolv_conf, strerror(errno)); + return -1; + } + + while(fgets(buf, sizeof(buf), fp) != NULL) { + char *p; + + /* Ignore comments */ + if (buf[0] == '#' || buf[0] == ';') { + continue; + } + + if (RESOLV_MATCH(buf, "nameserver") && nserv < MAXNS) { + struct in_addr a; + struct in6_addr a6; + char *q; + int ok; + + p = buf + strlen("nameserver"); + + /* Skip spaces and tabs */ + while(isblank((int)p[0])) { + p++; + } + + q = p; + while(q[0] != '\n' && q[0] != '\0') { + q++; + } + q[0] = '\0'; + + ok = inet_pton(AF_INET, p, &a); + if (ok) { + nsaddrs[nserv] = (union rwrap_sockaddr) { + .in = { + .sin_family = AF_INET, + .sin_addr = a, + .sin_port = htons(53), + .sin_zero = { 0 }, + }, + }; + + nserv++; + continue; + } + + ok = inet_pton(AF_INET6, p, &a6); + if (ok) { +#ifdef HAVE_RESOLV_IPV6_NSADDRS + nsaddrs[nserv] = (union rwrap_sockaddr) { + .in6 = { + + .sin6_family = AF_INET6, + .sin6_port = htons(53), + .sin6_flowinfo = 0, + .sin6_addr = a6, + }, + }; + nserv++; + continue; +#else /* !HAVE_RESOLV_IPV6_NSADDRS */ + RWRAP_LOG(RWRAP_LOG_WARN, + "resolve_wrapper does not support " + "IPv6 on this platform"); + continue; +#endif + } + + RWRAP_LOG(RWRAP_LOG_ERROR, "Malformed DNS server[%s]", p); + continue; + } /* TODO: match other keywords */ + } + + if (ferror(fp)) { + RWRAP_LOG(RWRAP_LOG_ERROR, + "Reading from %s failed", + resolv_conf); + fclose(fp); + return -1; + } + + fclose(fp); + + if (nserv == 0) { + RWRAP_LOG(RWRAP_LOG_WARN, + "No usable nameservers found in %s", + resolv_conf); + errno = ESRCH; + return -1; + } + + return rwrap_set_nameservers(state, nserv, nsaddrs); +} + +/**************************************************************************** + * RES_NINIT + ***************************************************************************/ + +static int rwrap_res_ninit(struct __res_state *state) +{ + int rc; + + rc = libc_res_ninit(state); + if (rc == 0) { + const char *resolv_conf = getenv("RESOLV_WRAPPER_CONF"); + + if (resolv_conf != NULL) { + rc = rwrap_parse_resolv_conf(state, resolv_conf); + } + } + + return rc; +} + +#if !defined(res_ninit) && defined(HAVE_RES_NINIT) +int res_ninit(struct __res_state *state) +#elif defined(HAVE___RES_NINIT) +int __res_ninit(struct __res_state *state) +#endif +{ + return rwrap_res_ninit(state); +} + +/**************************************************************************** + * RES_INIT + ***************************************************************************/ + +static struct __res_state rwrap_res_state; + +static int rwrap_res_init(void) +{ + int rc; + + rc = rwrap_res_ninit(&rwrap_res_state); + + return rc; +} + +#if !defined(res_ninit) && defined(HAVE_RES_INIT) +int res_init(void) +#elif defined(HAVE___RES_INIT) +int __res_init(void) +#endif +{ + return rwrap_res_init(); +} + +/**************************************************************************** + * RES_NCLOSE + ***************************************************************************/ + +static void rwrap_res_nclose(struct __res_state *state) +{ + rwrap_reset_nameservers(state); + libc_res_nclose(state); +} + +#if !defined(res_nclose) && defined(HAVE_RES_NCLOSE) +void res_nclose(struct __res_state *state) +#elif defined(HAVE___RES_NCLOSE) +void __res_nclose(struct __res_state *state) +#endif +{ + rwrap_res_nclose(state); +} + +/**************************************************************************** + * RES_CLOSE + ***************************************************************************/ + +static void rwrap_res_close(void) +{ + rwrap_res_nclose(&rwrap_res_state); +} + +#if defined(HAVE_RES_CLOSE) +void res_close(void) +#elif defined(HAVE___RES_CLOSE) +void __res_close(void) +#endif +{ + rwrap_res_close(); +} + +/**************************************************************************** + * RES_NQUERY + ***************************************************************************/ + +static int rwrap_res_nquery(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +{ + int rc; + const char *fake_hosts; + + RWRAP_LOG(RWRAP_LOG_TRACE, + "Resolve the domain name [%s] - class=%d, type=%d", + dname, class, type); + rwrap_log_nameservers(RWRAP_LOG_TRACE, __func__, state); + + fake_hosts = getenv("RESOLV_WRAPPER_HOSTS"); + if (fake_hosts != NULL) { + rc = rwrap_res_fake_hosts(fake_hosts, dname, type, answer, anslen); + } else { + rc = libc_res_nquery(state, dname, class, type, answer, anslen); + } + + + RWRAP_LOG(RWRAP_LOG_TRACE, + "The returned response length is: %d", + rc); + + return rc; +} + +#if !defined(res_nquery) && defined(HAVE_RES_NQUERY) +int res_nquery(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +#elif defined(HAVE___RES_NQUERY) +int __res_nquery(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +#endif +{ + return rwrap_res_nquery(state, dname, class, type, answer, anslen); +} + +/**************************************************************************** + * RES_QUERY + ***************************************************************************/ + +static int rwrap_res_query(const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +{ + int rc; + + rc = rwrap_res_ninit(&rwrap_res_state); + if (rc != 0) { + return rc; + } + + rc = rwrap_res_nquery(&rwrap_res_state, + dname, + class, + type, + answer, + anslen); + + return rc; +} + +#if !defined(res_query) && defined(HAVE_RES_QUERY) +int res_query(const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +#elif defined(HAVE___RES_QUERY) +int __res_query(const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +#endif +{ + return rwrap_res_query(dname, class, type, answer, anslen); +} + +/**************************************************************************** + * RES_NSEARCH + ***************************************************************************/ + +static int rwrap_res_nsearch(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +{ + int rc; + const char *fake_hosts; + + RWRAP_LOG(RWRAP_LOG_TRACE, + "Resolve the domain name [%s] - class=%d, type=%d", + dname, class, type); + rwrap_log_nameservers(RWRAP_LOG_TRACE, __func__, state); + + fake_hosts = getenv("RESOLV_WRAPPER_HOSTS"); + if (fake_hosts != NULL) { + rc = rwrap_res_fake_hosts(fake_hosts, dname, type, answer, anslen); + } else { + rc = libc_res_nsearch(state, dname, class, type, answer, anslen); + } + + RWRAP_LOG(RWRAP_LOG_TRACE, + "The returned response length is: %d", + rc); + + return rc; +} + +#if !defined(res_nsearch) && defined(HAVE_RES_NSEARCH) +int res_nsearch(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +#elif defined(HAVE___RES_NSEARCH) +int __res_nsearch(struct __res_state *state, + const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +#endif +{ + return rwrap_res_nsearch(state, dname, class, type, answer, anslen); +} + +/**************************************************************************** + * RES_SEARCH + ***************************************************************************/ + +static int rwrap_res_search(const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +{ + int rc; + + rc = rwrap_res_ninit(&rwrap_res_state); + if (rc != 0) { + return rc; + } + + rc = rwrap_res_nsearch(&rwrap_res_state, + dname, + class, + type, + answer, + anslen); + + return rc; +} + +#if !defined(res_search) && defined(HAVE_RES_SEARCH) +int res_search(const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +#elif defined(HAVE___RES_SEARCH) +int __res_search(const char *dname, + int class, + int type, + unsigned char *answer, + int anslen) +#endif +{ + return rwrap_res_search(dname, class, type, answer, anslen); +} diff --git a/third_party/resolv_wrapper/wscript b/third_party/resolv_wrapper/wscript new file mode 100644 index 0000000..7e369bd --- /dev/null +++ b/third_party/resolv_wrapper/wscript @@ -0,0 +1,94 @@ +#!/usr/bin/env python + +import os +from waflib import Logs + +VERSION="1.1.7" + +def configure(conf): + if conf.CHECK_RESOLV_WRAPPER(): + conf.DEFINE('USING_SYSTEM_RESOLV_WRAPPER', 1) + libresolv_wrapper_so_path = 'libresolv_wrapper.so' + else: + + if conf.CONFIG_SET("HAVE___THREAD"): + conf.DEFINE("HAVE_GCC_THREAD_LOCAL_STORAGE", 1) + + # check HAVE_ATTRIBUTE_PRINTF_FORMAT + conf.CHECK_CODE(''' + void log_fn(const char *format, ...) __attribute__ ((format (printf, 1, 2))); + + int main(void) { + return 0; + } + ''', + 'HAVE_ATTRIBUTE_PRINTF_FORMAT', + addmain=False, + strict=True, + msg='Checking for printf format validation support') + + conf.CHECK_HEADERS('resolv.h') + + conf.CHECK_STRUCTURE_MEMBER('struct __res_state', + '_u._ext.nsaddrs', + headers='sys/socket.h netinet/in.h resolv.h', + define='HAVE_RES_STATE_U_EXT_NSADDRS') + conf.CHECK_STRUCTURE_MEMBER('union res_sockaddr_union', + 'sin', + headers='sys/socket.h netinet/in.h resolv.h', + define='HAVE_RES_SOCKADDR_UNION_SIN') + conf.CHECK_STRUCTURE_MEMBER('union res_sockaddr_union', + 'sin6', + headers='sys/socket.h netinet/in.h resolv.h', + define='HAVE_RES_SOCKADDR_UNION_SIN6') + + conf.CHECK_FUNCS_IN('res_ninit', 'resolv') + if conf.CONFIG_SET('HAVE_RES_NINIT'): + conf.DEFINE('HAVE_RES_NINIT_IN_LIBRESOLV', 1) + + conf.CHECK_FUNCS_IN('res_nclose', 'resolv') + if conf.CONFIG_SET('HAVE_RES_NCLOSE'): + conf.DEFINE('HAVE_RES_NCLOSE_IN_LIBRESOLV', 1) + + # If we find res_nquery in libc, we can't do resolv.conf redirect + conf.CHECK_FUNCS('res_nquery __res_nquery') + if (conf.CONFIG_SET('HAVE_RES_NQUERY') + or conf.CONFIG_SET('HAVE___RES_NQUERY')): + Logs.warn("Detection for resolv_wrapper: " + "Only dns faking will be available") + else: + if conf.CHECK_FUNCS('res_nquery', lib='resolv'): + conf.DEFINE('HAVE_RESOLV_CONF_SUPPORT', 1) + if conf.CHECK_FUNCS('__res_nquery', lib='resolv'): + conf.DEFINE('HAVE_RESOLV_CONF_SUPPORT', 1) + + conf.CHECK_FUNCS_IN('res_init __res_init', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_ninit __res_ninit', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_close __res_close', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_nclose __res_nclose', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_query __res_query', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_nquery __res_nquery', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_search __res_search', 'resolv', checklibc=True) + conf.CHECK_FUNCS_IN('res_nsearch __res_nsearch', 'resolv', checklibc=True) + + conf.CHECK_DECLS('ns_name_compress', headers='sys/types.h arpa/nameser.h') + if (conf.CONFIG_SET("HAVE_DECL_NS_NAME_COMPRESS")): + conf.DEFINE("HAVE_NS_NAME_COMPRESS", 1) + + # Create full path to resolv_wrapper + blddir = os.path.realpath(conf.bldnode.abspath()) + libresolv_wrapper_so_path = blddir + '/default/third_party/resolv_wrapper/libresolv-wrapper.so' + + conf.DEFINE('LIBRESOLV_WRAPPER_SO_PATH', libresolv_wrapper_so_path) + conf.DEFINE('RESOLV_WRAPPER', 1) + +def build(bld): + if bld.CONFIG_SET("HAVE_RESOLV_H") and not bld.CONFIG_SET("USING_SYSTEM_RESOLV_WRAPPER"): + # We need to do it this way or the library wont work. + # Using private_library=True will add symbol version which + # breaks preloading! + bld.SAMBA_LIBRARY('resolv_wrapper', + source='resolv_wrapper.c', + deps='dl resolv', + install=False, + realname='libresolv-wrapper.so') |