]> CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/blob - contrib/unbound/iterator/iter_hints.c
projects / FreeBSD / FreeBSD.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Fix multiple vulnerabilities in unbound.
[FreeBSD/FreeBSD.git] / contrib / unbound / iterator / iter_hints.c
1 /*
2  * iterator/iter_hints.c - iterative resolver module stub and root hints.
3  *
4  * Copyright (c) 2007, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  * 
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  * 
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  * 
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  * 
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  * 
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35
36 /**
37  * \file
38  *
39  * This file contains functions to assist the iterator module.
40  * Keep track of stub and root hints, and read those from config.
41  */
42 #include "config.h"
43 #include "iterator/iter_hints.h"
44 #include "iterator/iter_delegpt.h"
45 #include "util/log.h"
46 #include "util/config_file.h"
47 #include "util/net_help.h"
48 #include "util/data/dname.h"
49 #include "sldns/rrdef.h"
50 #include "sldns/str2wire.h"
51 #include "sldns/wire2str.h"
52
53 struct iter_hints* 
54 hints_create(void)
55 {
56         struct iter_hints* hints = (struct iter_hints*)calloc(1,
57                 sizeof(struct iter_hints));
58         if(!hints)
59                 return NULL;
60         return hints;
61 }
62
63 static void hints_stub_free(struct iter_hints_stub* s)
64 {
65         if(!s) return;
66         delegpt_free_mlc(s->dp);
67         free(s);
68 }
69
70 static void delhintnode(rbnode_type* n, void* ATTR_UNUSED(arg))
71 {
72         struct iter_hints_stub* node = (struct iter_hints_stub*)n;
73         hints_stub_free(node);
74 }
75
76 static void hints_del_tree(struct iter_hints* hints)
77 {
78         traverse_postorder(&hints->tree, &delhintnode, NULL);
79 }
80
81 void 
82 hints_delete(struct iter_hints* hints)
83 {
84         if(!hints) 
85                 return;
86         hints_del_tree(hints);
87         free(hints);
88 }
89
90 /** add hint to delegation hints */
91 static int
92 ah(struct delegpt* dp, const char* sv, const char* ip)
93 {
94         struct sockaddr_storage addr;
95         socklen_t addrlen;
96         size_t dname_len;
97         uint8_t* dname = sldns_str2wire_dname(sv, &dname_len);
98         if(!dname) {
99                 log_err("could not parse %s", sv);
100                 return 0;
101         }
102         if(!delegpt_add_ns_mlc(dp, dname, 0) ||
103            !extstrtoaddr(ip, &addr, &addrlen) ||
104            !delegpt_add_target_mlc(dp, dname, dname_len,
105                 &addr, addrlen, 0, 0)) {
106                 free(dname);
107                 return 0;
108         }
109         free(dname);
110         return 1;
111 }
112
113 /** obtain compiletime provided root hints */
114 static struct delegpt* 
115 compile_time_root_prime(int do_ip4, int do_ip6)
116 {
117         /* from:
118          ;       This file is made available by InterNIC
119          ;       under anonymous FTP as
120          ;           file                /domain/named.cache
121          ;           on server           FTP.INTERNIC.NET
122          ;       -OR-                    RS.INTERNIC.NET
123          ;
124          ;       related version of root zone:   changes-on-20120103
125          */
126         struct delegpt* dp = delegpt_create_mlc((uint8_t*)"\000");
127         if(!dp)
128                 return NULL;
129         dp->has_parent_side_NS = 1;
130       if(do_ip4) {
131         if(!ah(dp, "A.ROOT-SERVERS.NET.", "198.41.0.4"))        goto failed;
132         if(!ah(dp, "B.ROOT-SERVERS.NET.", "199.9.14.201")) goto failed;
133         if(!ah(dp, "C.ROOT-SERVERS.NET.", "192.33.4.12"))       goto failed;
134         if(!ah(dp, "D.ROOT-SERVERS.NET.", "199.7.91.13"))       goto failed;
135         if(!ah(dp, "E.ROOT-SERVERS.NET.", "192.203.230.10")) goto failed;
136         if(!ah(dp, "F.ROOT-SERVERS.NET.", "192.5.5.241"))       goto failed;
137         if(!ah(dp, "G.ROOT-SERVERS.NET.", "192.112.36.4"))      goto failed;
138         if(!ah(dp, "H.ROOT-SERVERS.NET.", "198.97.190.53"))     goto failed;
139         if(!ah(dp, "I.ROOT-SERVERS.NET.", "192.36.148.17"))     goto failed;
140         if(!ah(dp, "J.ROOT-SERVERS.NET.", "192.58.128.30"))     goto failed;
141         if(!ah(dp, "K.ROOT-SERVERS.NET.", "193.0.14.129"))      goto failed;
142         if(!ah(dp, "L.ROOT-SERVERS.NET.", "199.7.83.42"))       goto failed;
143         if(!ah(dp, "M.ROOT-SERVERS.NET.", "202.12.27.33"))      goto failed;
144       }
145       if(do_ip6) {
146         if(!ah(dp, "A.ROOT-SERVERS.NET.", "2001:503:ba3e::2:30")) goto failed;
147         if(!ah(dp, "B.ROOT-SERVERS.NET.", "2001:500:200::b")) goto failed;
148         if(!ah(dp, "C.ROOT-SERVERS.NET.", "2001:500:2::c")) goto failed;
149         if(!ah(dp, "D.ROOT-SERVERS.NET.", "2001:500:2d::d")) goto failed;
150         if(!ah(dp, "E.ROOT-SERVERS.NET.", "2001:500:a8::e")) goto failed;
151         if(!ah(dp, "F.ROOT-SERVERS.NET.", "2001:500:2f::f")) goto failed;
152         if(!ah(dp, "G.ROOT-SERVERS.NET.", "2001:500:12::d0d")) goto failed;
153         if(!ah(dp, "H.ROOT-SERVERS.NET.", "2001:500:1::53")) goto failed;
154         if(!ah(dp, "I.ROOT-SERVERS.NET.", "2001:7fe::53")) goto failed;
155         if(!ah(dp, "J.ROOT-SERVERS.NET.", "2001:503:c27::2:30")) goto failed;
156         if(!ah(dp, "K.ROOT-SERVERS.NET.", "2001:7fd::1")) goto failed;
157         if(!ah(dp, "L.ROOT-SERVERS.NET.", "2001:500:9f::42")) goto failed;
158         if(!ah(dp, "M.ROOT-SERVERS.NET.", "2001:dc3::35")) goto failed;
159       }
160         return dp;
161 failed:
162         delegpt_free_mlc(dp);
163         return 0;
164 }
165
166 /** insert new hint info into hint structure */
167 static int
168 hints_insert(struct iter_hints* hints, uint16_t c, struct delegpt* dp,
169         int noprime)
170 {
171         struct iter_hints_stub* node = (struct iter_hints_stub*)malloc(
172                 sizeof(struct iter_hints_stub));
173         if(!node) {
174                 delegpt_free_mlc(dp);
175                 return 0;
176         }
177         node->dp = dp;
178         node->noprime = (uint8_t)noprime;
179         if(!name_tree_insert(&hints->tree, &node->node, dp->name, dp->namelen,
180                 dp->namelabs, c)) {
181                 char buf[257];
182                 dname_str(dp->name, buf);
183                 log_err("second hints for zone %s ignored.", buf);
184                 delegpt_free_mlc(dp);
185                 free(node);
186         }
187         return 1;
188 }
189
190 /** set stub name */
191 static struct delegpt* 
192 read_stubs_name(struct config_stub* s)
193 {
194         struct delegpt* dp;
195         size_t dname_len;
196         uint8_t* dname;
197         if(!s->name) {
198                 log_err("stub zone without a name");
199                 return NULL;
200         }
201         dname = sldns_str2wire_dname(s->name, &dname_len);
202         if(!dname) {
203                 log_err("cannot parse stub zone name %s", s->name);
204                 return NULL;
205         }
206         if(!(dp=delegpt_create_mlc(dname))) {
207                 free(dname);
208                 log_err("out of memory");
209                 return NULL;
210         }
211         free(dname);
212         return dp;
213 }
214
215 /** set stub host names */
216 static int 
217 read_stubs_host(struct config_stub* s, struct delegpt* dp)
218 {
219         struct config_strlist* p;
220         size_t dname_len;
221         uint8_t* dname;
222         for(p = s->hosts; p; p = p->next) {
223                 log_assert(p->str);
224                 dname = sldns_str2wire_dname(p->str, &dname_len);
225                 if(!dname) {
226                         log_err("cannot parse stub %s nameserver name: '%s'", 
227                                 s->name, p->str);
228                         return 0;
229                 }
230                 if(!delegpt_add_ns_mlc(dp, dname, 0)) {
231                         free(dname);
232                         log_err("out of memory");
233                         return 0;
234                 }
235                 free(dname);
236         }
237         return 1;
238 }
239
240 /** set stub server addresses */
241 static int 
242 read_stubs_addr(struct config_stub* s, struct delegpt* dp)
243 {
244         struct config_strlist* p;
245         struct sockaddr_storage addr;
246         socklen_t addrlen;
247         char* auth_name;
248         for(p = s->addrs; p; p = p->next) {
249                 log_assert(p->str);
250                 if(!authextstrtoaddr(p->str, &addr, &addrlen, &auth_name)) {
251                         log_err("cannot parse stub %s ip address: '%s'", 
252                                 s->name, p->str);
253                         return 0;
254                 }
255 #if ! defined(HAVE_SSL_SET1_HOST) && ! defined(HAVE_X509_VERIFY_PARAM_SET1_HOST)
256                 if(auth_name)
257                         log_err("no name verification functionality in "
258                                 "ssl library, ignored name for %s", p->str);
259 #endif
260                 if(!delegpt_add_addr_mlc(dp, &addr, addrlen, 0, 0,
261                         auth_name)) {
262                         log_err("out of memory");
263                         return 0;
264                 }
265         }
266         return 1;
267 }
268
269 /** read stubs config */
270 static int 
271 read_stubs(struct iter_hints* hints, struct config_file* cfg)
272 {
273         struct config_stub* s;
274         struct delegpt* dp;
275         for(s = cfg->stubs; s; s = s->next) {
276                 if(!(dp=read_stubs_name(s)))
277                         return 0;
278                 if(!read_stubs_host(s, dp) || !read_stubs_addr(s, dp)) {
279                         delegpt_free_mlc(dp);
280                         return 0;
281                 }
282                 /* the flag is turned off for 'stub-first' so that the
283                  * last resort will ask for parent-side NS record and thus
284                  * fallback to the internet name servers on a failure */
285                 dp->has_parent_side_NS = (uint8_t)!s->isfirst;
286                 /* Do not cache if set. */
287                 dp->no_cache = s->no_cache;
288                 /* ssl_upstream */
289                 dp->ssl_upstream = (uint8_t)s->ssl_upstream;
290                 delegpt_log(VERB_QUERY, dp);
291                 if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, !s->isprime))
292                         return 0;
293         }
294         return 1;
295 }
296
297 /** read root hints from file */
298 static int 
299 read_root_hints(struct iter_hints* hints, char* fname)
300 {
301         struct sldns_file_parse_state pstate;
302         struct delegpt* dp;
303         uint8_t rr[LDNS_RR_BUF_SIZE];
304         size_t rr_len, dname_len;
305         int status;
306         uint16_t c = LDNS_RR_CLASS_IN;
307         FILE* f = fopen(fname, "r");
308         if(!f) {
309                 log_err("could not read root hints %s: %s",
310                         fname, strerror(errno));
311                 return 0;
312         }
313         dp = delegpt_create_mlc(NULL);
314         if(!dp) {
315                 log_err("out of memory reading root hints");
316                 fclose(f);
317                 return 0;
318         }
319         verbose(VERB_QUERY, "Reading root hints from %s", fname);
320         memset(&pstate, 0, sizeof(pstate));
321         pstate.lineno = 1;
322         dp->has_parent_side_NS = 1;
323         while(!feof(f)) {
324                 rr_len = sizeof(rr);
325                 dname_len = 0;
326                 status = sldns_fp2wire_rr_buf(f, rr, &rr_len, &dname_len,
327                         &pstate);
328                 if(status != 0) {
329                         log_err("reading root hints %s %d:%d: %s", fname,
330                                 pstate.lineno, LDNS_WIREPARSE_OFFSET(status),
331                                 sldns_get_errorstr_parse(status));
332                         goto stop_read;
333                 }
334                 if(rr_len == 0)
335                         continue; /* EMPTY line, TTL or ORIGIN */
336                 if(sldns_wirerr_get_type(rr, rr_len, dname_len)
337                         == LDNS_RR_TYPE_NS) {
338                         if(!delegpt_add_ns_mlc(dp, sldns_wirerr_get_rdata(rr,
339                                 rr_len, dname_len), 0)) {
340                                 log_err("out of memory reading root hints");
341                                 goto stop_read;
342                         }
343                         c = sldns_wirerr_get_class(rr, rr_len, dname_len);
344                         if(!dp->name) {
345                                 if(!delegpt_set_name_mlc(dp, rr)) {
346                                         log_err("out of memory.");
347                                         goto stop_read;
348                                 }
349                         }
350                 } else if(sldns_wirerr_get_type(rr, rr_len, dname_len)
351                         == LDNS_RR_TYPE_A && sldns_wirerr_get_rdatalen(rr,
352                         rr_len, dname_len) == INET_SIZE) {
353                         struct sockaddr_in sa;
354                         socklen_t len = (socklen_t)sizeof(sa);
355                         memset(&sa, 0, len);
356                         sa.sin_family = AF_INET;
357                         sa.sin_port = (in_port_t)htons(UNBOUND_DNS_PORT);
358                         memmove(&sa.sin_addr, 
359                                 sldns_wirerr_get_rdata(rr, rr_len, dname_len),
360                                 INET_SIZE);
361                         if(!delegpt_add_target_mlc(dp, rr, dname_len,
362                                         (struct sockaddr_storage*)&sa, len, 
363                                         0, 0)) {
364                                 log_err("out of memory reading root hints");
365                                 goto stop_read;
366                         }
367                 } else if(sldns_wirerr_get_type(rr, rr_len, dname_len)
368                         == LDNS_RR_TYPE_AAAA && sldns_wirerr_get_rdatalen(rr,
369                         rr_len, dname_len) == INET6_SIZE) {
370                         struct sockaddr_in6 sa;
371                         socklen_t len = (socklen_t)sizeof(sa);
372                         memset(&sa, 0, len);
373                         sa.sin6_family = AF_INET6;
374                         sa.sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT);
375                         memmove(&sa.sin6_addr, 
376                                 sldns_wirerr_get_rdata(rr, rr_len, dname_len),
377                                 INET6_SIZE);
378                         if(!delegpt_add_target_mlc(dp, rr, dname_len,
379                                         (struct sockaddr_storage*)&sa, len,
380                                         0, 0)) {
381                                 log_err("out of memory reading root hints");
382                                 goto stop_read;
383                         }
384                 } else {
385                         char buf[17];
386                         sldns_wire2str_type_buf(sldns_wirerr_get_type(rr,
387                                 rr_len, dname_len), buf, sizeof(buf));
388                         log_warn("root hints %s:%d skipping type %s",
389                                 fname, pstate.lineno, buf);
390                 }
391         }
392         fclose(f);
393         if(!dp->name) {
394                 log_warn("root hints %s: no NS content", fname);
395                 delegpt_free_mlc(dp);
396                 return 1;
397         }
398         if(!hints_insert(hints, c, dp, 0)) {
399                 return 0;
400         }
401         delegpt_log(VERB_QUERY, dp);
402         return 1;
403
404 stop_read:
405         delegpt_free_mlc(dp);
406         fclose(f);
407         return 0;
408 }
409
410 /** read root hints list */
411 static int 
412 read_root_hints_list(struct iter_hints* hints, struct config_file* cfg)
413 {
414         struct config_strlist* p;
415         for(p = cfg->root_hints; p; p = p->next) {
416                 log_assert(p->str);
417                 if(p->str && p->str[0]) {
418                         char* f = p->str;
419                         if(cfg->chrootdir && cfg->chrootdir[0] &&
420                                 strncmp(p->str, cfg->chrootdir, 
421                                 strlen(cfg->chrootdir)) == 0)
422                                 f += strlen(cfg->chrootdir);
423                         if(!read_root_hints(hints, f))
424                                 return 0;
425                 }
426         }
427         return 1;
428 }
429
430 int 
431 hints_apply_cfg(struct iter_hints* hints, struct config_file* cfg)
432 {
433         hints_del_tree(hints);
434         name_tree_init(&hints->tree);
435         
436         /* read root hints */
437         if(!read_root_hints_list(hints, cfg))
438                 return 0;
439
440         /* read stub hints */
441         if(!read_stubs(hints, cfg))
442                 return 0;
443
444         /* use fallback compiletime root hints */
445         if(!hints_lookup_root(hints, LDNS_RR_CLASS_IN)) {
446                 struct delegpt* dp = compile_time_root_prime(cfg->do_ip4,
447                         cfg->do_ip6);
448                 verbose(VERB_ALGO, "no config, using builtin root hints.");
449                 if(!dp) 
450                         return 0;
451                 if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp, 0))
452                         return 0;
453         }
454
455         name_tree_init_parents(&hints->tree);
456         return 1;
457 }
458
459 struct delegpt* 
460 hints_lookup_root(struct iter_hints* hints, uint16_t qclass)
461 {
462         uint8_t rootlab = 0;
463         struct iter_hints_stub *stub;
464         stub = (struct iter_hints_stub*)name_tree_find(&hints->tree,
465                 &rootlab, 1, 1, qclass);
466         if(!stub)
467                 return NULL;
468         return stub->dp;
469 }
470
471 struct iter_hints_stub* 
472 hints_lookup_stub(struct iter_hints* hints, uint8_t* qname, 
473         uint16_t qclass, struct delegpt* cache_dp)
474 {
475         size_t len;
476         int labs;
477         struct iter_hints_stub *r;
478
479         /* first lookup the stub */
480         labs = dname_count_size_labels(qname, &len);
481         r = (struct iter_hints_stub*)name_tree_lookup(&hints->tree, qname,
482                 len, labs, qclass);
483         if(!r) return NULL;
484
485         /* If there is no cache (root prime situation) */
486         if(cache_dp == NULL) {
487                 if(r->dp->namelabs != 1)
488                         return r; /* no cache dp, use any non-root stub */
489                 return NULL;
490         }
491
492         /*
493          * If the stub is same as the delegation we got
494          * And has noprime set, we need to 'prime' to use this stub instead.
495          */
496         if(r->noprime && query_dname_compare(cache_dp->name, r->dp->name)==0)
497                 return r; /* use this stub instead of cached dp */
498         
499         /* 
500          * If our cached delegation point is above the hint, we need to prime.
501          */
502         if(dname_strict_subdomain(r->dp->name, r->dp->namelabs,
503                 cache_dp->name, cache_dp->namelabs))
504                 return r; /* need to prime this stub */
505         return NULL;
506 }
507
508 int hints_next_root(struct iter_hints* hints, uint16_t* qclass)
509 {
510         return name_tree_next_root(&hints->tree, qclass);
511 }
512
513 size_t 
514 hints_get_mem(struct iter_hints* hints)
515 {
516         size_t s;
517         struct iter_hints_stub* p;
518         if(!hints) return 0;
519         s = sizeof(*hints);
520         RBTREE_FOR(p, struct iter_hints_stub*, &hints->tree) {
521                 s += sizeof(*p) + delegpt_get_mem(p->dp);
522         }
523         return s;
524 }
525
526 int 
527 hints_add_stub(struct iter_hints* hints, uint16_t c, struct delegpt* dp,
528         int noprime)
529 {
530         struct iter_hints_stub *z;
531         if((z=(struct iter_hints_stub*)name_tree_find(&hints->tree,
532                 dp->name, dp->namelen, dp->namelabs, c)) != NULL) {
533                 (void)rbtree_delete(&hints->tree, &z->node);
534                 hints_stub_free(z);
535         }
536         if(!hints_insert(hints, c, dp, noprime))
537                 return 0;
538         name_tree_init_parents(&hints->tree);
539         return 1;
540 }
541
542 void 
543 hints_delete_stub(struct iter_hints* hints, uint16_t c, uint8_t* nm)
544 {
545         struct iter_hints_stub *z;
546         size_t len;
547         int labs = dname_count_size_labels(nm, &len);
548         if(!(z=(struct iter_hints_stub*)name_tree_find(&hints->tree,
549                 nm, len, labs, c)))
550                 return; /* nothing to do */
551         (void)rbtree_delete(&hints->tree, &z->node);
552         hints_stub_free(z);
553         name_tree_init_parents(&hints->tree);
554 }
555
Unnamed repository; edit this file 'description' to name the repository.