interesting
/
getdns
mirror of https://github.com/getdnsapi/getdns.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge pull request #210 from wtoorop/features/stubby 

Features/stubby
This commit is contained in:
saradickinson 2016-10-16 10:24:25 +01:00 committed by GitHub
parent 1d34fcbdd5 0fa8152bb6
commit 3cea710dc5
12 changed files with 266 additions and 88 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
Makefile.in
View File

@ -44,7 +44,7 @@ libdir = @libdir@
srcdir = @srcdir@ srcdir = @srcdir@
INSTALL = @INSTALL@ INSTALL = @INSTALL@
all : default @GETDNS_QUERY@ all : default @GETDNS_QUERY@ @STUBBY@
everything: default everything: default
cd src/test && $(MAKE) cd src/test && $(MAKE)
@ -52,7 +52,7 @@ everything: default
default: default:
cd src && $(MAKE) $@ cd src && $(MAKE) $@
install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@ @INSTALL_STUBBY@
$(INSTALL) -m 755 -d $(DESTDIR)$(docdir) $(INSTALL) -m 755 -d $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir) $(INSTALL) -m 644 $(srcdir)/AUTHORS $(DESTDIR)$(docdir)
$(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir) $(INSTALL) -m 644 $(srcdir)/ChangeLog $(DESTDIR)$(docdir)
@ -87,7 +87,7 @@ install: all getdns.pc getdns_ext_event.pc @INSTALL_GETDNS_QUERY@
@echo "*** at package installation time from the post-install script." @echo "*** at package installation time from the post-install script."
@echo "***" @echo "***"
uninstall: @UNINSTALL_GETDNS_QUERY@ uninstall: @UNINSTALL_GETDNS_QUERY@ @UNINSTALL_STUBBY@
rm -rf $(DESTDIR)$(docdir) rm -rf $(DESTDIR)$(docdir)
cd doc && $(MAKE) $@ cd doc && $(MAKE) $@
cd src && $(MAKE) $@ cd src && $(MAKE) $@
@ -104,6 +104,9 @@ test:
getdns_query: getdns_query:
cd src && $(MAKE) $@ cd src && $(MAKE) $@
stubby:
cd src && $(MAKE) $@
scratchpad: scratchpad:
cd src && $(MAKE) $@ cd src && $(MAKE) $@
@ -111,10 +114,16 @@ pad: scratchpad
src/test/scratchpad || ./libtool exec gdb src/test/scratchpad src/test/scratchpad || ./libtool exec gdb src/test/scratchpad
install-getdns_query: install-getdns_query:
cd src/tools && $(MAKE) install cd src/tools && $(MAKE) $@
uninstall-getdns_query: uninstall-getdns_query:
cd src/tools && $(MAKE) uninstall cd src/tools && $(MAKE) $@
install-stubby:
cd src/tools && $(MAKE) $@
uninstall-stubby:
cd src/tools && $(MAKE) $@
clean: clean:
cd src && $(MAKE) $@ cd src && $(MAKE) $@

27
configure.ac
View File

@ -37,7 +37,7 @@ sinclude(./m4/ax_check_compile_flag.m4)
sinclude(./m4/pkg.m4) sinclude(./m4/pkg.m4)
AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net]) AC_INIT([getdns], [1.1.0], [users@getdnsapi.net], [], [https://getdnsapi.net])
AC_SUBST(RELEASE_CANDIDATE, [a1]) AC_SUBST(RELEASE_CANDIDATE, [-a2])
# Set current date from system if not set # Set current date from system if not set
AC_ARG_WITH([current-date], AC_ARG_WITH([current-date],
@ -255,6 +255,7 @@ else
fi fi
AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/bn.h openssl/rsa.h openssl/dsa.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method]) AC_CHECK_FUNCS([OPENSSL_config EVP_md5 EVP_sha1 EVP_sha224 EVP_sha256 EVP_sha384 EVP_sha512 FIPS_mode ENGINE_load_cryptodev EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new EVP_PKEY_base_id HMAC_CTX_new HMAC_CTX_free TLS_client_method])
AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [ AC_CHECK_DECLS([SSL_COMP_get_compression_methods,sk_SSL_COMP_pop_free,SSL_CTX_set_ecdh_auto], [], [], [
AC_INCLUDES_DEFAULT AC_INCLUDES_DEFAULT
@ -912,6 +913,26 @@ else
INSTALL_GETDNS_QUERY="install-getdns_query" INSTALL_GETDNS_QUERY="install-getdns_query"
UNINSTALL_GETDNS_QUERY="uninstall-getdns_query" UNINSTALL_GETDNS_QUERY="uninstall-getdns_query"
fi fi
AC_SUBST(GETDNS_QUERY)
AC_SUBST(INSTALL_GETDNS_QUERY)
AC_SUBST(UNINSTALL_GETDNS_QUERY)
AC_ARG_WITH(stubby, AS_HELP_STRING([--without-stubby],
[Do not compile and install stubby, the (stub) resolver daemon]),
[], [withval="yes"])
if test x_$withval = x_no; then
STUBBY=""
INSTALL_STUBBY=""
UNINSTALL_STUBBY=""
else
STUBBY="stubby"
INSTALL_STUBBY="install-stubby"
UNINSTALL_STUBBY="uninstall-stubby"
fi
AC_SUBST(STUBBY)
AC_SUBST(INSTALL_STUBBY)
AC_SUBST(UNINSTALL_STUBBY)
AC_ARG_WITH(fd-setsize, AS_HELP_STRING([--with-fd-setsize=size], AC_ARG_WITH(fd-setsize, AS_HELP_STRING([--with-fd-setsize=size],
[Set maximum file descriptor number that can be used by select]), [Set maximum file descriptor number that can be used by select]),
[], [withval="no"]) [], [withval="no"])
@ -924,10 +945,6 @@ case "$withval" in
;; ;;
esac esac
AC_SUBST(GETDNS_QUERY)
AC_SUBST(INSTALL_GETDNS_QUERY)
AC_SUBST(UNINSTALL_GETDNS_QUERY)
AC_CONFIG_FILES([Makefile src/Makefile src/version.c src/getdns/getdns.h src/getdns/getdns_extra.h spec/example/Makefile src/test/Makefile src/tools/Makefile doc/Makefile getdns.pc getdns_ext_event.pc]) AC_CONFIG_FILES([Makefile src/Makefile src/version.c src/getdns/getdns.h src/getdns/getdns_extra.h spec/example/Makefile src/test/Makefile src/tools/Makefile doc/Makefile getdns.pc getdns_ext_event.pc])
if [ test -n "$DOXYGEN" ] if [ test -n "$DOXYGEN" ]
then AC_CONFIG_FILES([src/Doxyfile]) then AC_CONFIG_FILES([src/Doxyfile])

3
src/Makefile.in
View File

@ -159,6 +159,9 @@ test: all
getdns_query: all getdns_query: all
cd tools && $(MAKE) $@ cd tools && $(MAKE) $@
stubby: all
cd tools && $(MAKE) $@
scratchpad: all scratchpad: all
cd test && $(MAKE) $@ cd test && $(MAKE) $@

9
src/context.c
View File

@ -693,6 +693,15 @@ _getdns_upstreams_dereference(getdns_upstreams *upstreams)
GETDNS_FREE(upstreams->mf, upstreams); GETDNS_FREE(upstreams->mf, upstreams);
} }
#if defined(DAEMON_DEBUG) && DAEMON_DEBUG
static char*
getdns_auth_str_array[] = {
GETDNS_STR_AUTH_NONE,
GETDNS_STR_AUTH_FAILED,
GETDNS_STR_AUTH_OK
};
#endif
void void
_getdns_upstream_shutdown(getdns_upstream *upstream) _getdns_upstream_shutdown(getdns_upstream *upstream)
{ {

39
src/gldns/keyraw.c
View File

@ -23,6 +23,15 @@
#ifdef HAVE_OPENSSL_ENGINE_H #ifdef HAVE_OPENSSL_ENGINE_H
# include <openssl/engine.h> # include <openssl/engine.h>
#endif #endif
#ifdef HAVE_OPENSSL_BN_H
#include <openssl/bn.h>
#endif
#ifdef HAVE_OPENSSL_RSA_H
#include <openssl/rsa.h>
#endif
#ifdef HAVE_OPENSSL_DSA_H
#include <openssl/dsa.h>
#endif
#endif /* HAVE_SSL */ #endif /* HAVE_SSL */
size_t size_t
@ -215,6 +224,7 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
BN_free(Y); BN_free(Y);
return NULL; return NULL;
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S #ifndef S_SPLINT_S
dsa->p = P; dsa->p = P;
dsa->q = Q; dsa->q = Q;
@ -222,6 +232,25 @@ gldns_key_buf2dsa_raw(unsigned char* key, size_t len)
dsa->pub_key = Y; dsa->pub_key = Y;
#endif /* splint */ #endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!DSA_set0_pqg(dsa, P, Q, G)) {
/* QPG not yet attached, need to free */
BN_free(Q);
BN_free(P);
BN_free(G);
DSA_free(dsa);
BN_free(Y);
return NULL;
}
if (!DSA_set0_key(dsa, Y, NULL)) {
/* QPG attached, cleaned up by DSA_fre() */
DSA_free(dsa);
BN_free(Y);
return NULL;
}
#endif
return dsa; return dsa;
} }
@ -273,11 +302,21 @@ gldns_key_buf2rsa_raw(unsigned char* key, size_t len)
BN_free(modulus); BN_free(modulus);
return NULL; return NULL;
} }
#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL)
#ifndef S_SPLINT_S #ifndef S_SPLINT_S
rsa->n = modulus; rsa->n = modulus;
rsa->e = exponent; rsa->e = exponent;
#endif /* splint */ #endif /* splint */
#else /* OPENSSL_VERSION_NUMBER */
if (!RSA_set0_key(rsa, modulus, exponent, NULL)) {
BN_free(exponent);
BN_free(modulus);
RSA_free(rsa);
return NULL;
}
#endif
return rsa; return rsa;
} }

2
src/gldns/rrdef.h
View File

@ -195,7 +195,7 @@ enum gldns_enum_rr_type
GLDNS_RR_TYPE_TALINK = 58, GLDNS_RR_TYPE_TALINK = 58,
GLDNS_RR_TYPE_CDS = 59, /** RFC 7344 */ GLDNS_RR_TYPE_CDS = 59, /** RFC 7344 */
GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */ GLDNS_RR_TYPE_CDNSKEY = 60, /** RFC 7344 */
GLDNS_RR_TYPE_OPENPGPKEY = 61, /* draft-ietf-dane-openpgpkey */ GLDNS_RR_TYPE_OPENPGPKEY = 61, /* RFC 7929 */
GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */ GLDNS_RR_TYPE_CSYNC = 62, /* RFC 7477 */
GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */ GLDNS_RR_TYPE_SPF = 99, /* RFC 4408 */

18
src/gldns/wire2str.h
View File

@ -118,7 +118,7 @@ int gldns_str_print(char** str, size_t* slen, const char* format, ...)
* @param str_len: the size of the string buffer. If more is needed, it'll * @param str_len: the size of the string buffer. If more is needed, it'll
* silently truncate the output to fit in the buffer. * silently truncate the output to fit in the buffer.
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_pkt_buf(uint8_t* data, size_t data_len, char* str, int gldns_wire2str_pkt_buf(uint8_t* data, size_t data_len, char* str,
size_t str_len); size_t str_len);
@ -351,7 +351,7 @@ int gldns_wire2str_edns_option_code_print(char** str, size_t* str_len,
* @param str_len: the size of the string buffer. If more is needed, it'll * @param str_len: the size of the string buffer. If more is needed, it'll
* silently truncate the output to fit in the buffer. * silently truncate the output to fit in the buffer.
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str, int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str,
size_t str_len); size_t str_len);
@ -369,7 +369,7 @@ int gldns_wire2str_rr_buf(uint8_t* rr, size_t rr_len, char* str,
* @param str_len: the size of the string buffer. If more is needed, it'll * @param str_len: the size of the string buffer. If more is needed, it'll
* silently truncate the output to fit in the buffer. * silently truncate the output to fit in the buffer.
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str, int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str,
size_t str_len); size_t str_len);
@ -389,7 +389,7 @@ int gldns_wire2str_rr_unknown_buf(uint8_t* rr, size_t rr_len, char* str,
* @param str_len: the size of the string buffer. If more is needed, it'll * @param str_len: the size of the string buffer. If more is needed, it'll
* silently truncate the output to fit in the buffer. * silently truncate the output to fit in the buffer.
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len, int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len,
char* str, size_t str_len); char* str, size_t str_len);
@ -406,7 +406,7 @@ int gldns_wire2str_rr_comment_buf(uint8_t* rr, size_t rr_len, size_t dname_len,
* silently truncate the output to fit in the buffer. * silently truncate the output to fit in the buffer.
* @param rrtype: rr type of the data * @param rrtype: rr type of the data
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str, int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
size_t str_len, uint16_t rrtype); size_t str_len, uint16_t rrtype);
@ -417,7 +417,7 @@ int gldns_wire2str_rdata_buf(uint8_t* rdata, size_t rdata_len, char* str,
* @param str: the string to write to. * @param str: the string to write to.
* @param len: length of str. * @param len: length of str.
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len); int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len);
@ -427,7 +427,7 @@ int gldns_wire2str_type_buf(uint16_t rrtype, char* str, size_t len);
* @param str: the string to write to. * @param str: the string to write to.
* @param len: length of str. * @param len: length of str.
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len); int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len);
@ -437,7 +437,7 @@ int gldns_wire2str_class_buf(uint16_t rrclass, char* str, size_t len);
* @param str: the string to write to. * @param str: the string to write to.
* @param len: length of str. * @param len: length of str.
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len); int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len);
@ -448,7 +448,7 @@ int gldns_wire2str_rcode_buf(int rcode, char* str, size_t len);
* @param str: the string to write to. * @param str: the string to write to.
* @param len: length of string. * @param len: length of string.
* @return the number of characters for this element, excluding zerobyte. * @return the number of characters for this element, excluding zerobyte.
* Is larger than str_len if output was truncated. * Is larger or equal than str_len if output was truncated.
*/ */
int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str, int gldns_wire2str_dname_buf(uint8_t* dname, size_t dname_len, char* str,
size_t len); size_t len);

12
src/pubkey-pinning.c
View File

@ -56,6 +56,10 @@
#include "context.h" #include "context.h"
#include "util-internal.h" #include "util-internal.h"
#ifndef X509_STORE_CTX_get0_untrusted
#define X509_STORE_CTX_get0_untrusted(store) store->untrusted
#endif
/* we only support sha256 at the moment. adding support for another /* we only support sha256 at the moment. adding support for another
digest is more complex than just adding another entry here. in digest is more complex than just adding another entry here. in
particular, you'll probably need a match for a particular cert particular, you'll probably need a match for a particular cert
@ -314,11 +318,11 @@ _get_ssl_getdns_upstream_idx()
{ {
static volatile int idx = -1; static volatile int idx = -1;
if (idx < 0) { if (idx < 0) {
CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); /* CRYPTO_w_lock(CRYPTO_LOCK_X509_STORE); */
if (idx < 0) if (idx < 0)
idx = SSL_get_ex_new_index(0, "associated getdns upstream", idx = SSL_get_ex_new_index(0, "associated getdns upstream",
NULL,NULL,NULL); NULL,NULL,NULL);
CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); /* CRYPTO_w_unlock(CRYPTO_LOCK_X509_STORE); */
} }
return idx; return idx;
} }
@ -383,7 +387,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
/* TODO: how do we handle raw public keys? */ /* TODO: how do we handle raw public keys? */
for (i = 0; i < sk_X509_num(store->untrusted); i++) { for (i = 0; i < sk_X509_num(X509_STORE_CTX_get0_untrusted(store)); i++) {
if (i > 0) { if (i > 0) {
/* TODO: how do we ensure that the certificates in /* TODO: how do we ensure that the certificates in
* each stage appropriately sign the previous one? * each stage appropriately sign the previous one?
@ -392,7 +396,7 @@ _getdns_verify_pinset_match(const sha256_pin_t *pinset,
return GETDNS_RETURN_GENERIC_ERROR; return GETDNS_RETURN_GENERIC_ERROR;
} }
x = sk_X509_value(store->untrusted, i); x = sk_X509_value(X509_STORE_CTX_get0_untrusted(store), i);
#if defined(STUB_DEBUG) && STUB_DEBUG #if defined(STUB_DEBUG) && STUB_DEBUG
DEBUG_STUB("%s %-35s: Name of cert: %d ", DEBUG_STUB("%s %-35s: Name of cert: %d ",
STUB_DEBUG_SETUP_TLS, __FUNCTION__, i); STUB_DEBUG_SETUP_TLS, __FUNCTION__, i);

14
src/tools/Makefile.in
View File

@ -67,13 +67,23 @@ $(ALL_OBJS):
getdns_query: getdns_query.lo getdns_query: getdns_query.lo
$(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS) $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) -o $@ getdns_query.lo $(LDFLAGS) $(LDLIBS)
install: getdns_query stubby: getdns_query
ln -s getdns_query stubby
install-getdns_query: getdns_query
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir) $(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir) $(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)
uninstall: uninstall-getdns_query:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/getdns_query $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/getdns_query
install-stubby: getdns_query
$(INSTALL) -m 755 -d $(DESTDIR)$(bindir)
$(LIBTOOL) --mode=install cp getdns_query $(DESTDIR)$(bindir)/stubby
uninstall-stubby:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(bindir)/stubby
clean: clean:
rm -f *.o *.lo $(PROGRAMS) rm -f *.o *.lo $(PROGRAMS)
rm -rf .libs rm -rf .libs

194
src/tools/getdns_query.c
View File

@ -48,6 +48,13 @@ typedef unsigned short in_port_t;
#define EXAMPLE_PIN "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\"" #define EXAMPLE_PIN "pin-sha256=\"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=\""
static int i_am_stubby = 0;
static const char *default_stubby_config =
"{ resolution_type: GETDNS_RESOLUTION_STUB"
", listen_addresses: [ { 127.0.0.1:53 } ]"
"}";
static int clear_listen_list_on_arg = 0;
static int run_in_foreground = 0;
static int quiet = 0; static int quiet = 0;
static int batch_mode = 0; static int batch_mode = 0;
static char *query_file = NULL; static char *query_file = NULL;
@ -192,11 +199,17 @@ print_usage(FILE *out, const char *progname)
fprintf(out, "\t\tRead settings from config file <filename>\n"); fprintf(out, "\t\tRead settings from config file <filename>\n");
fprintf(out, "\t\tThe getdns context will be configured with these settings\n"); fprintf(out, "\t\tThe getdns context will be configured with these settings\n");
fprintf(out, "\t\tThe file must be in json dict format.\n"); fprintf(out, "\t\tThe file must be in json dict format.\n");
if (i_am_stubby) {
fprintf(out, "\t\tBy default, configuration is first read from");
fprintf(out, "\t\t\"/etc/stubby.conf\" and then from \"$HOME/.stubby.conf\"");
}
fprintf(out, "\t-D\tSet edns0 do bit\n"); fprintf(out, "\t-D\tSet edns0 do bit\n");
fprintf(out, "\t-d\tclear edns0 do bit\n"); fprintf(out, "\t-d\tclear edns0 do bit\n");
fprintf(out, "\t-e <idle_timeout>\tSet idle timeout in miliseconds\n"); fprintf(out, "\t-e <idle_timeout>\tSet idle timeout in miliseconds\n");
fprintf(out, "\t-F <filename>\tread the queries from the specified file\n"); fprintf(out, "\t-F <filename>\tread the queries from the specified file\n");
fprintf(out, "\t-f <filename>\tRead DNSSEC trust anchors from <filename>\n"); fprintf(out, "\t-f <filename>\tRead DNSSEC trust anchors from <filename>\n");
if (i_am_stubby)
fprintf(out, "\t-g\tRun stubby in foreground (default is background)\n");
fprintf(out, "\t-G\tgeneral lookup\n"); fprintf(out, "\t-G\tgeneral lookup\n");
fprintf(out, "\t-H\thostname lookup. (<name> must be an IP address; <type> is ignored)\n"); fprintf(out, "\t-H\thostname lookup. (<name> must be an IP address; <type> is ignored)\n");
fprintf(out, "\t-h\tPrint this help\n"); fprintf(out, "\t-h\tPrint this help\n");
@ -212,9 +225,11 @@ print_usage(FILE *out, const char *progname)
fprintf(out, "\t-p\tPretty print response dict\n"); fprintf(out, "\t-p\tPretty print response dict\n");
fprintf(out, "\t-P <blocksize>\tPad TLS queries to a multiple of blocksize\n"); fprintf(out, "\t-P <blocksize>\tPad TLS queries to a multiple of blocksize\n");
fprintf(out, "\t-q\tQuiet mode - don't print response\n"); fprintf(out, "\t-q\tQuiet mode - don't print response\n");
fprintf(out, "\t-r\tSet recursing resolution type\n"); fprintf( out, "\t-r\tSet recursing resolution type%s\n"
, i_am_stubby ? "(default = stub)" : "");
fprintf(out, "\t-R <filename>\tRead root hints from <filename>\n"); fprintf(out, "\t-R <filename>\tRead root hints from <filename>\n");
fprintf(out, "\t-s\tSet stub resolution type (default = recursing)\n"); fprintf(out, "\t-s\tSet stub resolution type%s\n"
, i_am_stubby ? "" : "(default = recursing)" );
fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n"); fprintf(out, "\t-S\tservice lookup (<type> is ignored)\n");
fprintf(out, "\t-t <timeout>\tSet timeout in miliseconds\n"); fprintf(out, "\t-t <timeout>\tSet timeout in miliseconds\n");
fprintf(out, "\t-x\tDo not follow redirects\n"); fprintf(out, "\t-x\tDo not follow redirects\n");
@ -239,6 +254,8 @@ print_usage(FILE *out, const char *progname)
fprintf(out, "\t\tListen for DNS requests on the given IP address\n"); fprintf(out, "\t\tListen for DNS requests on the given IP address\n");
fprintf(out, "\t\t<listen address> is in the same format as upstreams.\n"); fprintf(out, "\t\t<listen address> is in the same format as upstreams.\n");
fprintf(out, "\t\tThis option can be given more than once.\n"); fprintf(out, "\t\tThis option can be given more than once.\n");
if (i_am_stubby)
fprintf(out, "\t\t(default is to listen on 127.0.0.1:53)\n");
} }
static getdns_return_t validate_chain(getdns_dict *response) static getdns_return_t validate_chain(getdns_dict *response)
@ -469,6 +486,48 @@ static void parse_config(const char *config_str)
} }
} }
int parse_config_file(const char *fn, int report_open_failure)
{
FILE *fh;
char *config_file = NULL;
long config_file_sz;
if (!(fh = fopen(fn, "r"))) {
if (report_open_failure)
fprintf( stderr, "Could not open \"%s\": %s\n"
, fn, strerror(errno));
return GETDNS_RETURN_GENERIC_ERROR;
}
if (fseek(fh, 0,SEEK_END) == -1) {
perror("fseek");
fclose(fh);
return GETDNS_RETURN_GENERIC_ERROR;
}
config_file_sz = ftell(fh);
if (config_file_sz <= 0) {
/* Empty config is no config */
fclose(fh);
return GETDNS_RETURN_GOOD;
}
if (!(config_file = malloc(config_file_sz + 1))){
fclose(fh);
fprintf(stderr, "Could not allocate memory for \"%s\"\n", fn);
return GETDNS_RETURN_MEMORY_ERROR;
}
rewind(fh);
if (fread(config_file, 1, config_file_sz, fh) != config_file_sz) {
fprintf( stderr, "An error occurred while reading \"%s\": %s\n"
, fn, strerror(errno));
fclose(fh);
return GETDNS_RETURN_MEMORY_ERROR;
}
config_file[config_file_sz] = 0;
fclose(fh);
parse_config(config_file);
free(config_file);
return GETDNS_RETURN_GOOD;
}
getdns_return_t parse_args(int argc, char **argv) getdns_return_t parse_args(int argc, char **argv)
{ {
getdns_return_t r = GETDNS_RETURN_GOOD; getdns_return_t r = GETDNS_RETURN_GOOD;
@ -483,8 +542,6 @@ getdns_return_t parse_args(int argc, char **argv)
getdns_bindata bindata; getdns_bindata bindata;
size_t upstream_count = 0; size_t upstream_count = 0;
FILE *fh; FILE *fh;
char *config_file = NULL;
long config_file_sz;
for (i = 1; i < argc; i++) { for (i = 1; i < argc; i++) {
arg = argv[i]; arg = argv[i];
@ -595,42 +652,7 @@ getdns_return_t parse_args(int argc, char **argv)
"after -C\n"); "after -C\n");
return GETDNS_RETURN_GENERIC_ERROR; return GETDNS_RETURN_GENERIC_ERROR;
} }
if (!(fh = fopen(argv[i], "r"))) { (void) parse_config_file(argv[i], 1);
fprintf(stderr, "Could not open \"%s\""
": %s\n",argv[i], strerror(errno));
return GETDNS_RETURN_GENERIC_ERROR;
}
if (fseek(fh, 0,SEEK_END) == -1) {
perror("fseek");
fclose(fh);
return GETDNS_RETURN_GENERIC_ERROR;
}
config_file_sz = ftell(fh);
if (config_file_sz <= 0) {
/* Empty config is no config */
fclose(fh);
break;
}
if (!(config_file=malloc(config_file_sz + 1))){
fclose(fh);
fprintf(stderr, "Could not allocate me"
"mory for \"%s\"\n", argv[i]);
return GETDNS_RETURN_MEMORY_ERROR;
}
rewind(fh);
if (fread(config_file, 1, config_file_sz, fh)
!= config_file_sz) {
fprintf(stderr, "An error occurred whil"
"e reading \"%s\": %s\n",argv[i],
strerror(errno));
fclose(fh);
return GETDNS_RETURN_MEMORY_ERROR;
}
config_file[config_file_sz] = 0;
fclose(fh);
parse_config(config_file);
free(config_file);
config_file = NULL;
break; break;
case 'D': case 'D':
(void) getdns_context_set_edns_do_bit(context, 1); (void) getdns_context_set_edns_do_bit(context, 1);
@ -927,17 +949,23 @@ getdns_return_t parse_args(int argc, char **argv)
"expected after -z\n"); "expected after -z\n");
return GETDNS_RETURN_GENERIC_ERROR; return GETDNS_RETURN_GENERIC_ERROR;
} }
if (argv[i][0] == '-' && argv[i][1] == '\0') { if (clear_listen_list_on_arg ||
(argv[i][0] == '-' && argv[i][1] == '\0')) {
if (listen_list && !listen_dict) if (listen_list && !listen_dict)
getdns_list_destroy( getdns_list_destroy(
listen_list); listen_list);
listen_list = NULL; listen_list = NULL;
listen_count = 0; listen_count = 0;
touched_listen_list = 1; if (!clear_listen_list_on_arg) {
DEBUG_SERVER("Clear listen list\n"); touched_listen_list = 1;
break; DEBUG_SERVER("Clear listen list\n");
break;
} else if (listen_dict) {
getdns_dict_destroy(listen_dict);
listen_dict = NULL;
}
clear_listen_list_on_arg = 0;
} }
if ((r = getdns_str2dict(argv[i], &downstream))) if ((r = getdns_str2dict(argv[i], &downstream)))
fprintf(stderr, "Could not convert \"%s\" to " fprintf(stderr, "Could not convert \"%s\" to "
"an IP dict: %s\n", argv[i], "an IP dict: %s\n", argv[i],
@ -966,6 +994,10 @@ getdns_return_t parse_args(int argc, char **argv)
} }
break; break;
default: default:
if (i_am_stubby && *c == 'g') {
run_in_foreground = 1;
break;
}
fprintf(stderr, "Unknown option " fprintf(stderr, "Unknown option "
"\"%c\"\n", *c); "\"%c\"\n", *c);
for (i = 0; i < argc; i++) for (i = 0; i < argc; i++)
@ -1002,7 +1034,24 @@ next: ;
if (print_api_info) { if (print_api_info) {
getdns_dict *api_information = getdns_dict *api_information =
getdns_context_get_api_information(context); getdns_context_get_api_information(context);
char *api_information_str = char *api_information_str;
if (listen_dict && !getdns_dict_get_list(
listen_dict, "listen_list", &listen_list)) {
(void) getdns_dict_set_list(api_information,
"listen_addresses", listen_list);
} else if (listen_list) {
(void) getdns_dict_set_list(api_information,
"listen_addresses", listen_list);
} else if ((listen_list = getdns_list_create())) {
(void) getdns_dict_set_list(api_information,
"listen_addresses", listen_list);
getdns_list_destroy(listen_list);
listen_list = NULL;
}
api_information_str =
getdns_pretty_print_dict(api_information); getdns_pretty_print_dict(api_information);
fprintf(stdout, "%s\n", api_information_str); fprintf(stdout, "%s\n", api_information_str);
free(api_information_str); free(api_information_str);
@ -1531,7 +1580,17 @@ error:
int int
main(int argc, char **argv) main(int argc, char **argv)
{ {
char home_stubby_conf_fn[1024];
getdns_return_t r; getdns_return_t r;
#ifndef USE_WINSOCK
char *prg_name = strrchr(argv[0], '/');
#else
char *prg_name = strrchr(argv[0], '\\');
#endif
prg_name = prg_name ? prg_name + 1 : argv[0];
i_am_stubby = strcasecmp(prg_name, "stubby") == 0
|| strcasecmp(prg_name, "lt-stubby") == 0;
name = the_root; name = the_root;
if ((r = getdns_context_create(&context, 1))) { if ((r = getdns_context_create(&context, 1))) {
@ -1546,8 +1605,20 @@ main(int argc, char **argv)
r = GETDNS_RETURN_MEMORY_ERROR; r = GETDNS_RETURN_MEMORY_ERROR;
goto done_destroy_context; goto done_destroy_context;
} }
if (i_am_stubby) {
(void) parse_config(default_stubby_config);
(void) parse_config_file("/etc/stubby.conf", 0);
if (snprintf( home_stubby_conf_fn, sizeof(home_stubby_conf_fn)
, "%s/.stubby.conf", getenv("HOME")
) < sizeof(home_stubby_conf_fn)) {
(void) parse_config_file(home_stubby_conf_fn, 0);
}
clear_listen_list_on_arg = 1;
}
if ((r = parse_args(argc, argv))) if ((r = parse_args(argc, argv)))
goto done_destroy_context; goto done_destroy_context;
clear_listen_list_on_arg = 0;
if (query_file) { if (query_file) {
fp = fopen(query_file, "rt"); fp = fopen(query_file, "rt");
@ -1564,8 +1635,10 @@ main(int argc, char **argv)
assert(loop); assert(loop);
} }
if (listen_count && (r = getdns_context_set_listen_addresses( if (listen_count && (r = getdns_context_set_listen_addresses(
context, incoming_request_handler, listen_list))) context, incoming_request_handler, listen_list))) {
perror("error: Could not bind on given addresses");
goto done_destroy_context; goto done_destroy_context;
}
/* Make the call */ /* Make the call */
if (interactive) { if (interactive) {
@ -1584,7 +1657,25 @@ main(int argc, char **argv)
} }
else if (listen_count) { else if (listen_count) {
assert(loop); assert(loop);
loop->vmt->run(loop); if (i_am_stubby && !run_in_foreground) {
pid_t pid = fork();
if (pid == -1) {
perror("Could not fork of stubby daemon\n");
r = GETDNS_RETURN_GENERIC_ERROR;
} else if (pid) {
FILE *fh = fopen("/var/rub/stubby.pid", "w");
if (! fh)
fh = fopen("/tmp/stubby.pid", "w");
if (fh) {
fprintf(fh, "%d", (int)pid);
fclose(fh);
batch_mode = 0;
}
} else
loop->vmt->run(loop);
} else
loop->vmt->run(loop);
} else } else
r = do_the_call(); r = do_the_call();
@ -1606,8 +1697,9 @@ done_destroy_context:
return 0; return 0;
else if (r == CONTINUE_ERROR) else if (r == CONTINUE_ERROR)
return 1; return 1;
fprintf(stdout, "\nAll done.\n");
if (!i_am_stubby)
fprintf(stdout, "\nAll done.\n");
return r; return r;
} }

7
src/types-internal.h
View File

@ -67,13 +67,6 @@ typedef enum getdns_auth_state {
#define GETDNS_STR_AUTH_FAILED "Failed" #define GETDNS_STR_AUTH_FAILED "Failed"
#define GETDNS_STR_AUTH_OK "Success" #define GETDNS_STR_AUTH_OK "Success"
static char*
getdns_auth_str_array[] = {
GETDNS_STR_AUTH_NONE,
GETDNS_STR_AUTH_FAILED,
GETDNS_STR_AUTH_OK
};
struct getdns_context; struct getdns_context;
struct getdns_upstreams; struct getdns_upstreams;
struct getdns_upstream; struct getdns_upstream;

10
src/util/val_secalgo.c
View File

@ -590,7 +590,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
log_err("EVP_MD_CTX_new: malloc failure"); log_err("EVP_MD_CTX_new: malloc failure");
EVP_PKEY_free(evp_key); EVP_PKEY_free(evp_key);
if(dofree) free(sigblock); if(dofree) free(sigblock);
else if(docrypto_free) CRYPTO_free(sigblock); else if(docrypto_free) OPENSSL_free(sigblock);
return 0; return 0;
} }
if(EVP_VerifyInit(ctx, digest_type) == 0) { if(EVP_VerifyInit(ctx, digest_type) == 0) {
@ -598,7 +598,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctx);
EVP_PKEY_free(evp_key); EVP_PKEY_free(evp_key);
if(dofree) free(sigblock); if(dofree) free(sigblock);
else if(docrypto_free) CRYPTO_free(sigblock); else if(docrypto_free) OPENSSL_free(sigblock);
return 0; return 0;
} }
if(EVP_VerifyUpdate(ctx, (unsigned char*)gldns_buffer_begin(buf), if(EVP_VerifyUpdate(ctx, (unsigned char*)gldns_buffer_begin(buf),
@ -607,7 +607,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
EVP_MD_CTX_destroy(ctx); EVP_MD_CTX_destroy(ctx);
EVP_PKEY_free(evp_key); EVP_PKEY_free(evp_key);
if(dofree) free(sigblock); if(dofree) free(sigblock);
else if(docrypto_free) CRYPTO_free(sigblock); else if(docrypto_free) OPENSSL_free(sigblock);
return 0; return 0;
} }
@ -621,7 +621,7 @@ _getdns_verify_canonrrset(gldns_buffer* buf, int algo, unsigned char* sigblock,
EVP_PKEY_free(evp_key); EVP_PKEY_free(evp_key);
if(dofree) free(sigblock); if(dofree) free(sigblock);
else if(docrypto_free) CRYPTO_free(sigblock); else if(docrypto_free) OPENSSL_free(sigblock);
if(res == 1) { if(res == 1) {
return 1; return 1;
@ -1359,6 +1359,7 @@ _getdns_dnskey_algo_id_is_supported(int id)
} }
} }
#ifdef USE_DSA
static char * static char *
_verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock, _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
unsigned int sigblock_len, unsigned char* key, unsigned int keylen) unsigned int sigblock_len, unsigned char* key, unsigned int keylen)
@ -1446,6 +1447,7 @@ _verify_nettle_dsa(gldns_buffer* buf, unsigned char* sigblock,
else else
return NULL; return NULL;
} }
#endif /* USE_DSA */
static char * static char *
_verify_nettle_rsa(gldns_buffer* buf, unsigned int digest_size, char* sigblock, _verify_nettle_rsa(gldns_buffer* buf, unsigned int digest_size, char* sigblock,