| 1 | /**/ |
| 2 | |
| 3 | #include "internal.h" |
| 4 | |
| 5 | static void cname_recurse(adns_state ads, adns_query qu, adns_queryflags xflags) { |
| 6 | abort(); /* FIXME */ |
| 7 | } |
| 8 | |
| 9 | void adns__procdgram(adns_state ads, const byte *dgram, int dglen, |
| 10 | int serv, struct timeval now) { |
| 11 | int cbyte, rrstart, wantedrrs, rri, foundsoa, foundns; |
| 12 | int id, f1, f2, qdcount, ancount, nscount, arcount, flg_ra, flg_tc; |
| 13 | int rrtype, rrclass, rdlength, rdstart, ownermatched, ownerstart; |
| 14 | int anstart, nsstart, arstart; |
| 15 | int currentrrs; |
| 16 | adns_query qu, nqu; |
| 17 | dns_rcode rcode; |
| 18 | adns_status st; |
| 19 | = 0; |
| 20 | |
| 21 | if (dglen<DNS_HDRSIZE) { |
| 22 | adns__diag(ads,serv,"received datagram too short for message header (%d)",dglen); |
| 23 | return; |
| 24 | } |
| 25 | GET_W(cbyte,id); |
| 26 | GET_B(cbyte,f1); |
| 27 | GET_B(cbyte,f2); |
| 28 | GET_W(cbyte,qdcount); |
| 29 | GET_W(cbyte,ancount); |
| 30 | GET_W(cbyte,nscount); |
| 31 | GET_W(cbyte,arcount); |
| 32 | assert(cbyte == DNS_HDRSIZE); |
| 33 | |
| 34 | flg_tc= f1&0x20; |
| 35 | flg_ra= f2&0x80; |
| 36 | |
| 37 | if (f1&0x80) { |
| 38 | adns__diag(ads,serv,"server sent us a query, not a response"); |
| 39 | return; |
| 40 | } |
| 41 | if (f1&0x70) { |
| 42 | adns__diag(ads,serv,"server sent us unknown opcode %d (wanted 0=QUERY)", |
| 43 | (f1>>4)&0x70); |
| 44 | return; |
| 45 | } |
| 46 | if (!qdcount) { |
| 47 | adns__diag(ads,serv,"server sent reply without quoting our question"); |
| 48 | return; |
| 49 | } else if (qdcount>1) { |
| 50 | adns__diag(ads,serv,"server claimed to answer %d questions with one message", |
| 51 | qdcount); |
| 52 | return; |
| 53 | } |
| 54 | for (qu= ads->timew.head; qu; qu= nqu) { |
| 55 | nqu= qu->next; |
| 56 | if (qu->id != id) continue; |
| 57 | if (dglen < qu->querylen) continue; |
| 58 | if (memcmp(qu->querymsg+DNS_HDRSIZE,dgram+DNS_HDRSIZE,qu->querylen-DNS_HDRSIZE)) |
| 59 | continue; |
| 60 | break; |
| 61 | } |
| 62 | assert(qu->cnameoff == -1); |
| 63 | anstart= qu->querylen; |
| 64 | if (!qu) { |
| 65 | adns__debug(ads,serv,"reply not found (id=%02x)",id); |
| 66 | return; |
| 67 | } |
| 68 | |
| 69 | LIST_UNLINK(ads->timew,qu); |
| 70 | /* We're definitely going to do something with this query now */ |
| 71 | |
| 72 | if (!(f1&0x01)) { |
| 73 | adns__diag(ads,serv,"server thinks we didn't ask for recursive lookup"); |
| 74 | adns__query_fail(ads,qu,adns_s_serverfaulty); |
| 75 | return; |
| 76 | } |
| 77 | |
| 78 | rcode= (f1&0x0f); |
| 79 | switch (rcode) { |
| 80 | case rcode_noerror: |
| 81 | case rcode_nxdomain: |
| 82 | break; |
| 83 | case rcode_formaterror: |
| 84 | adns__warn(ads,serv,"server cannot understand our query (Format Error)"); |
| 85 | adns__query_fail(ads,qu,adns_s_serverfaulty); |
| 86 | return; |
| 87 | case rcode_servfail: |
| 88 | adns__query_fail(ads,qu,adns_s_servfail); |
| 89 | return; |
| 90 | case rcode_notimp: |
| 91 | adns__warn(ads,serv,"server claims not to implement our query"); |
| 92 | adns__query_fail(ads,qu,adns_s_notimplemented); |
| 93 | return; |
| 94 | case rcode_refused: |
| 95 | adns__warn(ads,serv,"server refused our query"); |
| 96 | adns__query_fail(ads,qu,adns_s_refused); |
| 97 | return; |
| 98 | default: |
| 99 | adns__warn(ads,serv,"server gave unknown response code %d",rcode); |
| 100 | adns__query_fail(ads,qu,adns_s_reasonunknown); |
| 101 | return; |
| 102 | } |
| 103 | |
| 104 | /* Now, take a look at the answer section, and see if it is complete. |
| 105 | * If it has any CNAMEs we stuff them in the answer. |
| 106 | */ |
| 107 | wantedrrs= 0; |
| 108 | for (rri= 0; rri<ancount; rri++) { |
| 109 | rrstart= cbyte; |
| 110 | if (qu->cnameoff >= 0) { |
| 111 | st= adns__findrr(ads,serv, dgram,dglen,&cbyte, |
| 112 | &rrtype,&rrclass,&rdlength,&rdstart, |
| 113 | dgram,dglen,qu->cnameoff, &ownermatched); |
| 114 | } else { |
| 115 | st= adns__get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte, |
| 116 | &rrtype,&rrclass,&rdlength,&rdstart, |
| 117 | qu->querymsg,qu->querylen,DNS_HDRSIZE, &ownermatched); |
| 118 | } |
| 119 | if (st) adns__query_fail(ads,qu,st); |
| 120 | if (rrtype == -1) goto x_truncated; |
| 121 | |
| 122 | if (rrclass != DNS_CLASS_IN) { |
| 123 | adns__diag(ads,serv,"ignoring answer RR with wrong class %d (expected IN=%d)", |
| 124 | rrclass,DNS_CLASS_IN); |
| 125 | continue; |
| 126 | } |
| 127 | if (!ownermatched) { |
| 128 | if (ads->iflags & adns_if_debug) { |
| 129 | st= adns__get_domain_temp(ads,qu,serv, dgram,dglen,&rrstart,dglen, &ownerstart); |
| 130 | if (st) |
| 131 | adns__debug(ads,serv, "ignoring RR with an irrelevant owner" |
| 132 | " whose format is bad, code %d",st); |
| 133 | else if (ownerstart>=0) |
| 134 | adns__debug(ads,serv, "ignoring RR with an irrelevant owner" |
| 135 | " \"%s\"", qu->ans.buf+ownerstart); |
| 136 | else |
| 137 | adns__debug(ads,serv,"ignoring RR with an irrelevant truncated owner"); |
| 138 | } |
| 139 | continue; |
| 140 | } |
| 141 | if (qu->cnameoff<0 && |
| 142 | (qu->typei->type & adns__rrt_typemask) != adns_r_cname && |
| 143 | rrtype == adns_r_cname) { /* Ignore second and subsequent CNAMEs */ |
| 144 | st= adns__get_domain_perm(ads,qu,serv, dgram,dglen, |
| 145 | &rdstart,rdstart+rdlength,&qu->cnameoff); |
| 146 | if (st) { adns__query_fail(ads,qu,st); return; } |
| 147 | if (qu->cnameoff==-1) goto x_truncated; |
| 148 | /* If we find the answer section truncated after this point we restart |
| 149 | * the query at the CNAME; if beforehand then we obviously have to use |
| 150 | * TCP. If there is no truncation we can use the whole answer if |
| 151 | * it contains the relevant info. |
| 152 | */ |
| 153 | } else if (rrtype == (qu->typei->type & adns__rrt_typemask)) { |
| 154 | wantedrrs++; |
| 155 | } else { |
| 156 | adns__debug(ads,serv,"ignoring answer RR with irrelevant type %d",rrtype); |
| 157 | } |
| 158 | } |
| 159 | |
| 160 | /* If we got here then the answer section is intact. */ |
| 161 | nsstart= cbyte; |
| 162 | |
| 163 | if (!wantedrrs) { |
| 164 | /* Oops, NODATA or NXDOMAIN or perhaps a referral (which would be a problem) */ |
| 165 | |
| 166 | if (rcode == rcode_nxdomain) { |
| 167 | adns__query_finish(ads,qu,adns_s_nxdomain); |
| 168 | return; |
| 169 | } |
| 170 | |
| 171 | /* RFC2308: NODATA has _either_ a SOA _or_ _no_ NS records in authority section */ |
| 172 | foundsoa= 0; foundns= 0; |
| 173 | for (rri= 0; rri<nscount; rri++) { |
| 174 | rrstart= cbyte; |
| 175 | st= adns__get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte, |
| 176 | &rrtype,&rrclass, &rdlength,&rdstart, 0,0,0,0); |
| 177 | if (st) { adns__query_fail(ads,qu,st); return; } |
| 178 | if (rrtype==-1) goto x_truncated; |
| 179 | if (rrclass != DNS_CLASS_IN) { |
| 180 | adns__diag(ads,serv,"ignoring authority RR with wrong class %d (expected IN=%d)", |
| 181 | rrclass,DNS_CLASS_IN); |
| 182 | continue; |
| 183 | } |
| 184 | if (rrtype == adns_r_soa_raw) { foundsoa= 1; break; } |
| 185 | else if (rrtype == adns_r_ns_raw) { foundns= 1; } |
| 186 | } |
| 187 | |
| 188 | if (foundsoa || !foundns) { |
| 189 | /* Aha ! A NODATA response, good. */ |
| 190 | adns__query_finish(ads,qu,adns_s_nodata); |
| 191 | return; |
| 192 | } |
| 193 | |
| 194 | /* Now what ? No relevant answers, no SOA, and at least some NS's. |
| 195 | * Looks like a referral. Just one last chance ... if we came across |
| 196 | * a CNAME then perhaps we should do our own CNAME lookup. |
| 197 | */ |
| 198 | if (qu->cnameoff != -1) { cname_recurse(ads,qu,0); return; } |
| 199 | |
| 200 | /* Bloody hell, I thought we asked for recursion ? */ |
| 201 | if (!flg_ra) { |
| 202 | adns__diag(ads,serv,"server is not willing to do recursive lookups for us"); |
| 203 | adns__query_fail(ads,qu,adns_s_norecurse); |
| 204 | return; |
| 205 | } |
| 206 | adns__diag(ads,serv,"server claims to do recursion, but gave us a referral"); |
| 207 | adns__query_fail(ads,qu,adns_s_serverfaulty); |
| 208 | return; |
| 209 | } |
| 210 | |
| 211 | /* Now, we have some RRs which we wanted. */ |
| 212 | |
| 213 | qu->rrsoff= adns__vbuf_malloc(&qu->ans,qu->typei->rrsz*wantedrrs); |
| 214 | if (qu->rrsoff == -1) adns__query_fail(ads,qu,adns_s_nolocalmem); |
| 215 | |
| 216 | cbyte= anstart; |
| 217 | currentrrs= 0; |
| 218 | arstart= -1; |
| 219 | for (rri=0; rri<ancount; rri++) { |
| 220 | st= adns__get_rr_temp(ads,qu,serv, dgram,dglen,&cbyte, |
| 221 | &rrtype,&rrclass, &rdlength,&rdstart, 0,0,0,0); |
| 222 | assert(!st); assert(rrtype != -1); |
| 223 | if (rrclass != DNS_CLASS_IN || |
| 224 | rrtype != (qu->typei->type & adns__rrt_typemask)) |
| 225 | continue; |
| 226 | assert(currentrrs<wantedrrs); |
| 227 | st= qu->typei->get_fn(ads,qu,serv, dgram,dglen, &rdstart,rdstart+rdlength, |
| 228 | nsstart,arcount,&arstart, qu->rrsoff,¤trrs); |
| 229 | if (st) { adns__query_fail(ads,qu,st); return; } |
| 230 | if (currentrrs==-1) goto x_truncated; |
| 231 | } |
| 232 | |
| 233 | /* This may have generated some child queries ... */ |
| 234 | if (qu->children.head) { |
| 235 | qu->state= query_child; |
| 236 | LIST_LINK_TAIL(ads->childw,qu); |
| 237 | return; |
| 238 | } |
| 239 | |
| 240 | adns__query_finish(ads,qu,adns_s_ok); |
| 241 | return; |
| 242 | |
| 243 | x_truncated: |
| 244 | if (!flg_tc) { |
| 245 | adns__diag(ads,serv,"server sent datagram which points outside itself"); |
| 246 | adns__query_fail(ads,qu,adns_s_serverfaulty); |
| 247 | return; |
| 248 | } |
| 249 | if (qu->cnameoff != -1) { cname_recurse(ads,qu,adns_qf_usevc); return; } |
| 250 | qu->cnameoff= -1; |
| 251 | qu->rrsoff= -1; |
| 252 | ans= (adns_answer*)qu->ans.buf; |
| 253 | ans->nrrs= 0; |
| 254 | qu->ans.used= sizeof(adns_answer); |
| 255 | qu->flags |= adns_qf_usevc; |
| 256 | adns__query_udp(ads,qu,now); |
| 257 | } |