diff --git a/Makefile.in b/Makefile.in index b0a478a2..2ccf05b5 100644 --- a/Makefile.in +++ b/Makefile.in @@ -44,7 +44,7 @@ libdir = @libdir@ srcdir = @srcdir@ INSTALL = @INSTALL@ -all : default @GETDNS_QUERY@ +all : default @GETDNS_QUERY@ @STUBBY@ everything: default cd src/test && $(MAKE) @@ -52,7 +52,7 @@ everything: default default: cd src && $(MAKE) $@ -install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ +install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@ $(INSTALL) -m 755 -d $(DESTDIR)$(docdir) $(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir) $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir) @@ -87,7 +87,7 @@ install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @echo "*** at package installation time from the post-install script." @echo "***" -uninstall: @UNINSTALL_GETDNS_QUERY@ +uninstall: @UNINSTALL_GETDNS_QUERY@ @UNINSTALL_STUBBY@ rm -rf $(DESTDIR)$(docdir) cd doc && $(MAKE) $@ cd src && $(MAKE) $@ @@ -104,6 +104,9 @@ test: getdns_query: cd src && $(MAKE) $@ +stubby: + cd src && $(MAKE) $@ + scratchpad: cd src && $(MAKE) $@ @@ -111,10 +114,16 @@ pad: scratchpad src/test/scratchpad || ./libtool exec gdb src/test/scratchpad install-getdns_query: - cd src/tools && $(MAKE) install + cd src/tools && $(MAKE) $@ uninstall-getdns_query: - cd src/tools && $(MAKE) uninstall + cd src/tools && $(MAKE) $@ + +install-stubby: + cd src/tools && $(MAKE) $@ + +uninstall-stubby: + cd src/tools && $(MAKE) $@ clean: cd src && $(MAKE) $@ diff --git a/configure.ac b/configure.ac index efcf7ce0..e6f8f1ab 100644 --- a/configure.ac +++ b/configure.ac @@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4) sinclude(./m4/pkg.m4) AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net]) -AC_SUBST(RELEASE_CANDIDATE, [a1]) +AC_SUBST(RELEASE_CANDIDATE, [-a2]) # Set current date from system if not set AC_ARG_WITH([current-date], @@ -255,6 +255,7 @@ else fi AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method]) AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ AC_INCLUDES_DEFAULT @@ -912,6 +913,26 @@ else INSTALL_GETDNS_QUERY="install-getdns_query" UNINSTALL_GETDNS_QUERY="uninstall-getdns_query" fi +AC_SUBST(GETDNS_QUERY) +AC_SUBST(INSTALL_GETDNS_QUERY) +AC_SUBST(UNINSTALL_GETDNS_QUERY) + +AC_ARG_WITH(stubby, AS_HELP_STRING([--without-stubby], + [Do not compile and install stubby, the (stub) resolver daemon]), + [], [withval="yes"]) +if test x_$withval = x_no; then + STUBBY="" + INSTALL_STUBBY="" + UNINSTALL_STUBBY="" +else + STUBBY="stubby" + INSTALL_STUBBY="install-stubby" + UNINSTALL_STUBBY="uninstall-stubby" +fi +AC_SUBST(STUBBY) +AC_SUBST(INSTALL_STUBBY) +AC_SUBST(UNINSTALL_STUBBY) + AC_ARG_WITH(fd-setsize, AS_HELP_STRING([--with-fd-setsize=size], [Set maximum file descriptor number that can be used by select]), [], [withval="no"]) @@ -924,10 +945,6 @@ case "$withval" in ;; esac -AC_SUBST(GETDNS_QUERY) -AC_SUBST(INSTALL_GETDNS_QUERY) -AC_SUBST(UNINSTALL_GETDNS_QUERY) - AC_CONFIG_FILES([Makefile src/Makefile src/version.c src/getdns/getdns.h src/getdns/getdns_extra.h spec/example/Makefile src/test/Makefile src/tools/Makefile doc/Makefile getdns.pc getdns_ext_event.pc]) if [ test -n "$DOXYGEN" ] then AC_CONFIG_FILES([src/Doxyfile]) diff --git a/src/Makefile.in b/src/Makefile.in index ecfcf082..763e22da 100644 --- a/src/Makefile.in +++ b/src/Makefile.in @@ -159,6 +159,9 @@ test: all getdns_query: all cd tools && $(MAKE) $@ +stubby: all + cd tools && $(MAKE) $@ + scratchpad: all cd test && $(MAKE) $@ diff --git a/src/context.c b/src/context.c index 58abcd77..ff172499 100644 --- a/src/context.c +++ b/src/context.c @@ -693,6 +693,15 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams) GETDNS_FREE(upstreams->mf, upstreams); } +#if defined(DAEMON_DEBUG) && DAEMON_DEBUG +static char* +getdns_auth_str_array[] = { + GETDNS_STR_AUTH_NONE, + GETDNS_STR_AUTH_FAILED, + GETDNS_STR_AUTH_OK +}; +#endif + void _getdns_upstream_shutdown(getdns_upstream *upstream) { diff --git a/src/gldns/keyraw.c b/src/gldns/keyraw.c index 7a27e7f0..9e6adcb2 100644 --- a/src/gldns/keyraw.c +++ b/src/gldns/keyraw.c @@ -23,6 +23,15 @@ #ifdef HAVE_OPENSSL_ENGINE_H # include #endif +#ifdef HAVE_OPENSSL_BN_H +#include +#endif +#ifdef HAVE_OPENSSL_RSA_H +#include +#endif +#ifdef HAVE_OPENSSL_DSA_H +#include +#endif #endif /* HAVE_SSL */ size_t @@ -215,6 +224,7 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len) BN_free(Y); return NULL; } +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) #ifndef S_SPLINT_S dsa->p = P; dsa->q = Q; @@ -222,6 +232,25 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len) dsa->pub_key = Y; #endif /* splint */ +#else /* OPENSSL_VERSION_NUMBER */ + if (!DSA_set0_pqg(dsa, P, Q, G)) { + /* QPG not yet attached, need to free */ + BN_free(Q); + BN_free(P); + BN_free(G); + + DSA_free(dsa); + BN_free(Y); + return NULL; + } + if (!DSA_set0_key(dsa, Y, NULL)) { + /* QPG attached, cleaned up by DSA_fre() */ + DSA_free(dsa); + BN_free(Y); + return NULL; + } +#endif + return dsa; } @@ -273,11 +302,21 @@ gldns_key_buf2rsa_raw(unsigned char* key, size_t len) BN_free(modulus); return NULL; } +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) #ifndef S_SPLINT_S rsa->n = modulus; rsa->e = exponent; #endif /* splint */ +#else /* OPENSSL_VERSION_NUMBER */ + if (!RSA_set0_key(rsa, modulus, exponent, NULL)) { + BN_free(exponent); + BN_free(modulus); + RSA_free(rsa); + return NULL; + } +#endif + return rsa; } diff --git a/src/gldns/rrdef.h b/src/gldns/rrdef.h index b13580ea..f00fa33c 100644 --- a/src/gldns/rrdef.h +++ b/src/gldns/rrdef.h @@ -195,7 +195,7 @@ enum gldns_enum_rr_type GLDNS_RR_TYPE_TALINK = 58, GLDNS_RR_TYPE_CDS = 59, /** RFC 7344 */ GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */ - GLDNS_RR_TYPE_OPENPGPKEY = 61, /* draft-ietf-dane-openpgpkey */ + GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */ GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ diff --git a/src/gldns/wire2str.h b/src/gldns/wire2str.h index 050fb8e7..a4409991 100644 --- a/src/gldns/wire2str.h +++ b/src/gldns/wire2str.h @@ -118,7 +118,7 @@ int gldns_str_print(char** str, size_t* slen, const char* format, ...) * @param str_len: the size of the string buffer. If more is needed, it'll * silently truncate the output to fit in the buffer. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_pkt_buf(uint8_t* data, size_t data_len, char* str, size_t str_len); @@ -351,7 +351,7 @@ int gldns_wire2str_edns_option_code_print(char** str, size_t* str_len, * @param str_len: the size of the string buffer. If more is needed, it'll * silently truncate the output to fit in the buffer. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str, size_t str_len); @@ -369,7 +369,7 @@ int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str, * @param str_len: the size of the string buffer. If more is needed, it'll * silently truncate the output to fit in the buffer. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str, size_t str_len); @@ -389,7 +389,7 @@ int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str, * @param str_len: the size of the string buffer. If more is needed, it'll * silently truncate the output to fit in the buffer. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len, char* str, size_t str_len); @@ -406,7 +406,7 @@ int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len, * silently truncate the output to fit in the buffer. * @param rrtype: rr type of the data * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, size_t str_len, uint16_t rrtype); @@ -417,7 +417,7 @@ int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, * @param str: the string to write to. * @param len: length of str. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len); @@ -427,7 +427,7 @@ int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len); * @param str: the string to write to. * @param len: length of str. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len); @@ -437,7 +437,7 @@ int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len); * @param str: the string to write to. * @param len: length of str. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len); @@ -448,7 +448,7 @@ int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len); * @param str: the string to write to. * @param len: length of string. * @return the number of characters for this element, excluding zerobyte. - * Is larger than str_len if output was truncated. + * Is larger or equal than str_len if output was truncated. */ int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str, size_t len); diff --git a/src/pubkey-pinning.c b/src/pubkey-pinning.c index 8a2250d8..32497608 100644 --- a/src/pubkey-pinning.c +++ b/src/pubkey-pinning.c @@ -56,6 +56,10 @@ #include "context.h" #include "util-internal.h" +#ifndef X509_STORE_CTX_get0_untrusted +#define X509_STORE_CTX_get0_untrusted(store) store->untrusted +#endif + /* we only support sha256 at the moment. adding support for another digest is more complex than just adding another entry here. in particular, you'll probably need a match for a particular cert @@ -314,11 +318,11 @@ _get_ssl_getdns_upstream_idx() { static volatile int idx = -1; if (idx < 0) { - CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); + /* CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); */ if (idx < 0) idx = SSL_get_ex_new_index(0, "associated getdns upstream", NULL,NULL,NULL); - CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); + /* CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); */ } return idx; } @@ -383,7 +387,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset, /* TODO: how do we handle raw public keys? */ - for (i = 0; i < sk_X509_num(store->untrusted); i++) { + for (i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) { if (i > 0) { /* TODO: how do we ensure that the certificates in * each stage appropriately sign the previous one? @@ -392,7 +396,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset, return GETDNS_RETURN_GENERIC_ERROR; } - x = sk_X509_value(store->untrusted, i); + x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i); #if defined(STUB_DEBUG) && STUB_DEBUG DEBUG_STUB("%s %-35s: Name of cert: %d ", STUB_DEBUG_SETUP_TLS, __FUNCTION__, i); diff --git a/src/tools/Makefile.in b/src/tools/Makefile.in index ae2c6080..9f1bb75f 100644 --- a/src/tools/Makefile.in +++ b/src/tools/Makefile.in @@ -67,13 +67,23 @@ $(ALL_OBJS): getdns_query: getdns_query.lo $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS) -install: getdns_query +stubby: getdns_query + ln -s getdns_query stubby + +install-getdns_query: getdns_query $(INSTALL) -m 755 -d $(DESTDIR)$(bindir) $(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir) -uninstall: +uninstall-getdns_query: $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/getdns_query +install-stubby: getdns_query + $(INSTALL) -m 755 -d $(DESTDIR)$(bindir) + $(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)/stubby + +uninstall-stubby: + $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby + clean: rm -f *.o *.lo $(PROGRAMS) rm -rf .libs diff --git a/src/tools/getdns_query.c b/src/tools/getdns_query.c index 7acc77d9..51da2d94 100644 --- a/src/tools/getdns_query.c +++ b/src/tools/getdns_query.c @@ -48,6 +48,13 @@ typedef unsigned short in_port_t; #define EXAMPLE_PIN "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\"" +static int i_am_stubby = 0; +static const char *default_stubby_config = +"{ resolution_type: GETDNS_RESOLUTION_STUB" +", listen_addresses: [ { 127.0.0.1:53 } ]" +"}"; +static int clear_listen_list_on_arg = 0; +static int run_in_foreground = 0; static int quiet = 0; static int batch_mode = 0; static char *query_file = NULL; @@ -192,11 +199,17 @@ print_usage(FILE *out, const char *progname) fprintf(out, "\t\tRead settings from config file \n"); fprintf(out, "\t\tThe getdns context will be configured with these settings\n"); fprintf(out, "\t\tThe file must be in json dict format.\n"); + if (i_am_stubby) { + fprintf(out, "\t\tBy default, configuration is first read from"); + fprintf(out, "\t\t\"/etc/stubby.conf\" and then from \"$HOME/.stubby.conf\""); + } fprintf(out, "\t-D\tSet edns0 do bit\n"); fprintf(out, "\t-d\tclear edns0 do bit\n"); fprintf(out, "\t-e \tSet idle timeout in miliseconds\n"); fprintf(out, "\t-F \tread the queries from the specified file\n"); fprintf(out, "\t-f \tRead DNSSEC trust anchors from \n"); + if (i_am_stubby) + fprintf(out, "\t-g\tRun stubby in foreground (default is background)\n"); fprintf(out, "\t-G\tgeneral lookup\n"); fprintf(out, "\t-H\thostname lookup. ( must be an IP address; is ignored)\n"); fprintf(out, "\t-h\tPrint this help\n"); @@ -212,9 +225,11 @@ print_usage(FILE *out, const char *progname) fprintf(out, "\t-p\tPretty print response dict\n"); fprintf(out, "\t-P \tPad TLS queries to a multiple of blocksize\n"); fprintf(out, "\t-q\tQuiet mode - don't print response\n"); - fprintf(out, "\t-r\tSet recursing resolution type\n"); + fprintf( out, "\t-r\tSet recursing resolution type%s\n" + , i_am_stubby ? "(default = stub)" : ""); fprintf(out, "\t-R \tRead root hints from \n"); - fprintf(out, "\t-s\tSet stub resolution type (default = recursing)\n"); + fprintf(out, "\t-s\tSet stub resolution type%s\n" + , i_am_stubby ? "" : "(default = recursing)" ); fprintf(out, "\t-S\tservice lookup ( is ignored)\n"); fprintf(out, "\t-t \tSet timeout in miliseconds\n"); fprintf(out, "\t-x\tDo not follow redirects\n"); @@ -239,6 +254,8 @@ print_usage(FILE *out, const char *progname) fprintf(out, "\t\tListen for DNS requests on the given IP address\n"); fprintf(out, "\t\t is in the same format as upstreams.\n"); fprintf(out, "\t\tThis option can be given more than once.\n"); + if (i_am_stubby) + fprintf(out, "\t\t(default is to listen on 127.0.0.1:53)\n"); } static getdns_return_t validate_chain(getdns_dict *response) @@ -469,6 +486,48 @@ static void parse_config(const char *config_str) } } +int parse_config_file(const char *fn, int report_open_failure) +{ + FILE *fh; + char *config_file = NULL; + long config_file_sz; + + if (!(fh = fopen(fn, "r"))) { + if (report_open_failure) + fprintf( stderr, "Could not open \"%s\": %s\n" + , fn, strerror(errno)); + return GETDNS_RETURN_GENERIC_ERROR; + } + if (fseek(fh, 0,SEEK_END) == -1) { + perror("fseek"); + fclose(fh); + return GETDNS_RETURN_GENERIC_ERROR; + } + config_file_sz = ftell(fh); + if (config_file_sz <= 0) { + /* Empty config is no config */ + fclose(fh); + return GETDNS_RETURN_GOOD; + } + if (!(config_file = malloc(config_file_sz + 1))){ + fclose(fh); + fprintf(stderr, "Could not allocate memory for \"%s\"\n", fn); + return GETDNS_RETURN_MEMORY_ERROR; + } + rewind(fh); + if (fread(config_file, 1, config_file_sz, fh) != config_file_sz) { + fprintf( stderr, "An error occurred while reading \"%s\": %s\n" + , fn, strerror(errno)); + fclose(fh); + return GETDNS_RETURN_MEMORY_ERROR; + } + config_file[config_file_sz] = 0; + fclose(fh); + parse_config(config_file); + free(config_file); + return GETDNS_RETURN_GOOD; +} + getdns_return_t parse_args(int argc, char **argv) { getdns_return_t r = GETDNS_RETURN_GOOD; @@ -483,8 +542,6 @@ getdns_return_t parse_args(int argc, char **argv) getdns_bindata bindata; size_t upstream_count = 0; FILE *fh; - char *config_file = NULL; - long config_file_sz; for (i = 1; i < argc; i++) { arg = argv[i]; @@ -595,42 +652,7 @@ getdns_return_t parse_args(int argc, char **argv) "after -C\n"); return GETDNS_RETURN_GENERIC_ERROR; } - if (!(fh = fopen(argv[i], "r"))) { - fprintf(stderr, "Could not open \"%s\"" - ": %s\n",argv[i], strerror(errno)); - return GETDNS_RETURN_GENERIC_ERROR; - } - if (fseek(fh, 0,SEEK_END) == -1) { - perror("fseek"); - fclose(fh); - return GETDNS_RETURN_GENERIC_ERROR; - } - config_file_sz = ftell(fh); - if (config_file_sz <= 0) { - /* Empty config is no config */ - fclose(fh); - break; - } - if (!(config_file=malloc(config_file_sz + 1))){ - fclose(fh); - fprintf(stderr, "Could not allocate me" - "mory for \"%s\"\n", argv[i]); - return GETDNS_RETURN_MEMORY_ERROR; - } - rewind(fh); - if (fread(config_file, 1, config_file_sz, fh) - != config_file_sz) { - fprintf(stderr, "An error occurred whil" - "e reading \"%s\": %s\n",argv[i], - strerror(errno)); - fclose(fh); - return GETDNS_RETURN_MEMORY_ERROR; - } - config_file[config_file_sz] = 0; - fclose(fh); - parse_config(config_file); - free(config_file); - config_file = NULL; + (void) parse_config_file(argv[i], 1); break; case 'D': (void) getdns_context_set_edns_do_bit(context, 1); @@ -927,17 +949,23 @@ getdns_return_t parse_args(int argc, char **argv) "expected after -z\n"); return GETDNS_RETURN_GENERIC_ERROR; } - if (argv[i][0] == '-' && argv[i][1] == '\0') { + if (clear_listen_list_on_arg || + (argv[i][0] == '-' && argv[i][1] == '\0')) { if (listen_list && !listen_dict) getdns_list_destroy( listen_list); listen_list = NULL; listen_count = 0; - touched_listen_list = 1; - DEBUG_SERVER("Clear listen list\n"); - break; + if (!clear_listen_list_on_arg) { + touched_listen_list = 1; + DEBUG_SERVER("Clear listen list\n"); + break; + } else if (listen_dict) { + getdns_dict_destroy(listen_dict); + listen_dict = NULL; + } + clear_listen_list_on_arg = 0; } - if ((r = getdns_str2dict(argv[i], &downstream))) fprintf(stderr, "Could not convert \"%s\" to " "an IP dict: %s\n", argv[i], @@ -966,6 +994,10 @@ getdns_return_t parse_args(int argc, char **argv) } break; default: + if (i_am_stubby && *c == 'g') { + run_in_foreground = 1; + break; + } fprintf(stderr, "Unknown option " "\"%c\"\n", *c); for (i = 0; i < argc; i++) @@ -1002,7 +1034,24 @@ next: ; if (print_api_info) { getdns_dict *api_information = getdns_context_get_api_information(context); - char *api_information_str = + char *api_information_str; + + if (listen_dict && !getdns_dict_get_list( + listen_dict, "listen_list", &listen_list)) { + + (void) getdns_dict_set_list(api_information, + "listen_addresses", listen_list); + } else if (listen_list) { + (void) getdns_dict_set_list(api_information, + "listen_addresses", listen_list); + + } else if ((listen_list = getdns_list_create())) { + (void) getdns_dict_set_list(api_information, + "listen_addresses", listen_list); + getdns_list_destroy(listen_list); + listen_list = NULL; + } + api_information_str = getdns_pretty_print_dict(api_information); fprintf(stdout, "%s\n", api_information_str); free(api_information_str); @@ -1531,7 +1580,17 @@ error: int main(int argc, char **argv) { + char home_stubby_conf_fn[1024]; getdns_return_t r; +#ifndef USE_WINSOCK + char *prg_name = strrchr(argv[0], '/'); +#else + char *prg_name = strrchr(argv[0], '\\'); +#endif + prg_name = prg_name ? prg_name + 1 : argv[0]; + + i_am_stubby = strcasecmp(prg_name, "stubby") == 0 + || strcasecmp(prg_name, "lt-stubby") == 0; name = the_root; if ((r = getdns_context_create(&context, 1))) { @@ -1546,8 +1605,20 @@ main(int argc, char **argv) r = GETDNS_RETURN_MEMORY_ERROR; goto done_destroy_context; } + if (i_am_stubby) { + (void) parse_config(default_stubby_config); + (void) parse_config_file("/etc/stubby.conf", 0); + if (snprintf( home_stubby_conf_fn, sizeof(home_stubby_conf_fn) + , "%s/.stubby.conf", getenv("HOME") + ) < sizeof(home_stubby_conf_fn)) { + + (void) parse_config_file(home_stubby_conf_fn, 0); + } + clear_listen_list_on_arg = 1; + } if ((r = parse_args(argc, argv))) goto done_destroy_context; + clear_listen_list_on_arg = 0; if (query_file) { fp = fopen(query_file, "rt"); @@ -1564,8 +1635,10 @@ main(int argc, char **argv) assert(loop); } if (listen_count && (r = getdns_context_set_listen_addresses( - context, incoming_request_handler, listen_list))) + context, incoming_request_handler, listen_list))) { + perror("error: Could not bind on given addresses"); goto done_destroy_context; + } /* Make the call */ if (interactive) { @@ -1584,7 +1657,25 @@ main(int argc, char **argv) } else if (listen_count) { assert(loop); - loop->vmt->run(loop); + if (i_am_stubby && !run_in_foreground) { + pid_t pid = fork(); + if (pid == -1) { + perror("Could not fork of stubby daemon\n"); + r = GETDNS_RETURN_GENERIC_ERROR; + + } else if (pid) { + FILE *fh = fopen("/var/rub/stubby.pid", "w"); + if (! fh) + fh = fopen("/tmp/stubby.pid", "w"); + if (fh) { + fprintf(fh, "%d", (int)pid); + fclose(fh); + batch_mode = 0; + } + } else + loop->vmt->run(loop); + } else + loop->vmt->run(loop); } else r = do_the_call(); @@ -1606,8 +1697,9 @@ done_destroy_context: return 0; else if (r == CONTINUE_ERROR) return 1; - fprintf(stdout, "\nAll done.\n"); + + if (!i_am_stubby) + fprintf(stdout, "\nAll done.\n"); + return r; } - - diff --git a/src/types-internal.h b/src/types-internal.h index bd1f993c..b9d229e6 100644 --- a/src/types-internal.h +++ b/src/types-internal.h @@ -67,13 +67,6 @@ typedef enum getdns_auth_state { #define GETDNS_STR_AUTH_FAILED "Failed" #define GETDNS_STR_AUTH_OK "Success" -static char* -getdns_auth_str_array[] = { - GETDNS_STR_AUTH_NONE, - GETDNS_STR_AUTH_FAILED, - GETDNS_STR_AUTH_OK -}; - struct getdns_context; struct getdns_upstreams; struct getdns_upstream; diff --git a/src/util/val_secalgo.c b/src/util/val_secalgo.c index edbf538b..a27e7807 100644 --- a/src/util/val_secalgo.c +++ b/src/util/val_secalgo.c @@ -590,7 +590,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, log_err("EVP_MD_CTX_new: malloc failure"); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); - else if(docrypto_free) CRYPTO_free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); return 0; } if(EVP_VerifyInit(ctx, digest_type) == 0) { @@ -598,7 +598,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); - else if(docrypto_free) CRYPTO_free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); return 0; } if(EVP_VerifyUpdate(ctx, (unsigned char*)gldns_buffer_begin(buf), @@ -607,7 +607,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, EVP_MD_CTX_destroy(ctx); EVP_PKEY_free(evp_key); if(dofree) free(sigblock); - else if(docrypto_free) CRYPTO_free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); return 0; } @@ -621,7 +621,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock, EVP_PKEY_free(evp_key); if(dofree) free(sigblock); - else if(docrypto_free) CRYPTO_free(sigblock); + else if(docrypto_free) OPENSSL_free(sigblock); if(res == 1) { return 1; @@ -1359,6 +1359,7 @@ _getdns_dnskey_algo_id_is_supported(int id) } } +#ifdef USE_DSA static char * _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock, unsigned int sigblock_len, unsigned char* key, unsigned int keylen) @@ -1446,6 +1447,7 @@ _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock, else return NULL; } +#endif /* USE_DSA */ static char * _verify_nettle_rsa(gldns_buffer* buf, unsigned int digest_size, char* sigblock,