X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?a=blobdiff_plain;f=src%2Ftypes.c;h=804b3b587043ac0a18ceda54b4153727f2632ee5;hb=75aee8cde6bdeb7e7bd8567c40b9c739e468918f;hp=4b2a5264cbdc75e17dc0ef51b0eea0c19bbb6ccb;hpb=da234f9fe6d3391530bcb1fe632f1164cf0ad9dc;p=adns.git diff --git a/src/types.c b/src/types.c index 4b2a526..804b3b5 100644 --- a/src/types.c +++ b/src/types.c @@ -263,27 +263,26 @@ static adns_status pa_inaddr(const parseinfo *pai, int cbyte, static int search_sortlist(adns_state ads, int af, const void *ad) { const struct sortlist *slp; - const struct in6_addr *a6; - union gen_addr a; + struct in_addr a4; int i; int v6mappedp= 0; if (af == AF_INET6) { - a6= ad; + const struct in6_addr *a6= ad; if (IN6_IS_ADDR_V4MAPPED(a6)) { - a.v4.s_addr= htonl(((unsigned long)a6->s6_addr[12] << 24) | - ((unsigned long)a6->s6_addr[13] << 16) | - ((unsigned long)a6->s6_addr[14] << 8) | - ((unsigned long)a6->s6_addr[15] << 0)); + a4.s_addr= htonl(((unsigned long)a6->s6_addr[12] << 24) | + ((unsigned long)a6->s6_addr[13] << 16) | + ((unsigned long)a6->s6_addr[14] << 8) | + ((unsigned long)a6->s6_addr[15] << 0)); v6mappedp= 1; } } for (i=0, slp=ads->sortlist; insortlist && - !adns__addr_match_p(af,ad, slp->af,&slp->base,&slp->mask) && + !adns__addr_matches(af,ad, &slp->base,&slp->mask) && !(v6mappedp && - adns__addr_match_p(AF_INET,&a, slp->af,&slp->base,&slp->mask)); + adns__addr_matches(AF_INET,&a4, &slp->base,&slp->mask)); i++, slp++); return i; } @@ -311,7 +310,7 @@ static adns_status csp_genaddr(vbuf *vb, int af, const void *p) { memset(&a, 0, sizeof(a)); a.addr.sa.sa_family= af; - adns__sockaddr_inject(p, 0, &a.addr.sa); + adns__addr_inject(p, &a.addr); err= adns_addr2text(&a.addr.sa,0, buf,&len, 0); assert(!err); CSP_ADDSTR(buf); return adns_s_ok; @@ -378,6 +377,27 @@ static unsigned addr_rrtypeflag(adns_rrtype type) { return i < addr_nrrtypes ? 1 << i : 0; } +/* About CNAME handling in addr queries. + * + * A user-level addr query is translated into a number of protocol-level + * queries, and its job is to reassemble the results. This gets tricky if + * the answers aren't consistent. In particular, if the answers report + * inconsistent indirection via CNAME records (e.g., different CNAMEs, or + * some indirect via a CNAME, and some don't) then we have trouble. + * + * Once we've received an answer, even if it was NODATA, we set + * adns__qf_addr_answer on the parent query. This will let us detect a + * conflict between a no-CNAME-with-NODATA reply and a subsequent CNAME. + * + * If we detect a conflict of any kind, then at least one answer came back + * with a CNAME record, so we pick the first such answer (somewhat + * arbitrarily) as being the `right' canonical name, and set this in the + * parent query's answer->cname slot. We discard address records from the + * wrong name. And finally we cancel the outstanding child queries, and + * resubmit address queries for the address families we don't yet have, with + * adns__qf_addr_cname set so that we know that we're in the fixup state. + */ + static adns_status pap_addr(const parseinfo *pai, int rrty, size_t rrsz, int *cbyte_io, int max, adns_rr_addr *storeto) { const byte *dgram= pai->dgram; @@ -435,9 +455,8 @@ static adns_status pa_addr(const parseinfo *pai, int cbyte, } static int search_sortlist_sa(adns_state ads, const struct sockaddr *sa) { - union gen_addr a; - adns__sockaddr_extract(sa, &a, 0); - return search_sortlist(ads, sa->sa_family, &a); + const void *pa = adns__sockaddr_addr(sa); + return search_sortlist(ads, sa->sa_family, pa); } static int dip_sockaddr(adns_state ads, @@ -498,7 +517,26 @@ static unsigned addr_rrtypes(adns_state ads, adns_rrtype type, /* Return a mask of addr_rf_... flags indicating which address families are * wanted, given a query type and flags. */ - return addr_rf_a; + + adns_queryflags permitaf= 0; + unsigned want= 0; + + if (!(type & adns__qtf_bigaddr)) + qf= (qf & ~adns_qf_want_allaf) | adns_qf_want_ipv4; + else { + if (!(qf & adns_qf_want_allaf)) { + qf |= (type & adns__qtf_manyaf) ? + adns_qf_want_allaf : adns_qf_want_ipv4; + } + if (ads->iflags & adns_if_permit_ipv4) permitaf |= adns_qf_want_ipv4; + if (ads->iflags & adns_if_permit_ipv6) permitaf |= adns_qf_want_ipv6; + if (qf & permitaf) qf &= permitaf | ~adns_qf_want_allaf; + } + + if (qf & adns_qf_want_ipv4) want |= addr_rf_a; + if (qf & adns_qf_want_ipv6) want |= addr_rf_aaaa; + + return want; } static void icb_addr(adns_query parent, adns_query child); @@ -617,9 +655,55 @@ static void icb_addr(adns_query parent, adns_query child) { adns_answer *pans= parent->answer, *cans= child->answer; struct timeval now; adns_status err; + adns_queryflags qf; + int id; propagate_ttl(parent, child); + if (!(child->flags & adns__qf_addr_cname) && + (parent->flags & adns__qf_addr_answer) && + (!!pans->cname != !!cans->cname || + (pans->cname && strcmp(pans->cname, cans->cname)))) { + /* We've detected an inconsistency in CNAME records, and must deploy + * countermeasures. + */ + + if (!pans->cname) { + /* The child has a CNAME record, but the parent doesn't. We must + * discard all of the parent's addresses, and substitute the child's. + */ + + assert(pans->rrsz == cans->rrsz); + adns__free_interim(parent, pans->rrs.bytes); + adns__transfer_interim(child, parent, cans->rrs.bytes); + pans->rrs.bytes= cans->rrs.bytes; + pans->nrrs= cans->nrrs; + parent->ctx.tinfo.addr.have= 0; + done_addr_type(parent, cans->type); + err= copy_cname_from_child(parent, child); if (err) goto x_err; + } + + /* We've settled on the CNAME (now) associated with the parent, which + * already has appropriate address records. Build a query datagram for + * this name so that we can issue child queries for the missing address + * families. The child's vbuf looks handy for this. + */ + err= adns__mkquery(ads, &child->vb, &id, pans->cname, + strlen(pans->cname), &tinfo_addrsub, + adns_r_addr, parent->flags); + if (err) goto x_err; + + /* Now cancel the remaining children, and try again with the CNAME we've + * settled on. + */ + adns__cancel_children(parent); + if (gettimeofday(&now, 0)) goto x_gtod; + qf= adns__qf_addr_cname; + if (!(parent->flags & adns_qf_cname_loose)) qf |= adns_qf_cname_forbid; + addr_subqueries(parent, now, qf, child->vb.buf, child->vb.used); + return; + } + if (cans->cname && !pans->cname) { err= copy_cname_from_child(parent, child); if (err) goto x_err; @@ -652,6 +736,7 @@ static void icb_addr(adns_query parent, adns_query child) { if (parent->children.head) LIST_LINK_TAIL(ads->childw, parent); else if (!pans->nrrs) adns__query_fail(parent, adns_s_nodata); else adns__query_done(parent); + parent->flags |= adns__qf_addr_answer; return; x_gtod: @@ -863,7 +948,8 @@ static adns_status pap_hostaddr(const parseinfo *pai, int *cbyte_io, ctx.callback= icb_hostaddr; ctx.pinfo.hostaddr= rrp; - nflags= adns_qf_quoteok_query | (pai->qu->flags & adns_qf_ipv6_mapv4); + nflags= adns_qf_quoteok_query | (pai->qu->flags & (adns_qf_want_allaf | + adns_qf_ipv6_mapv4)); if (!(pai->qu->flags & adns_qf_cname_loose)) nflags |= adns_qf_cname_forbid; st= addr_submit(pai->qu, &nqu, &pai->qu->vb, id, want, @@ -1053,12 +1139,13 @@ static adns_status cs_inthost(vbuf *vb, const void *datap) { static adns_status ckl_ptr(adns_state ads, adns_queryflags flags, union checklabel_state *cls, qcontext *ctx, - int labnum, const char *label, int lablen) { + int labnum, const char *dgram, + int labstart, int lablen) { if (lablen) { - if (adns__revparse_label(&cls->ptr, labnum, label,lablen)) + if (adns__revparse_label(&cls->ptr, labnum, dgram,labstart,lablen)) return adns_s_querydomainwrong; } else { - if (adns__revparse_done(&cls->ptr, labnum, + if (adns__revparse_done(&cls->ptr, dgram, labnum, &ctx->tinfo.ptr.rev_rrtype, &ctx->tinfo.ptr.addr)) return adns_s_querydomainwrong; @@ -1068,7 +1155,7 @@ static adns_status ckl_ptr(adns_state ads, adns_queryflags flags, static void icb_ptr(adns_query parent, adns_query child) { adns_answer *cans= child->answer; - const struct af_addr *queried; + const adns_sockaddr *queried; const unsigned char *found; adns_state ads= parent->ads; int i; @@ -1083,8 +1170,8 @@ static void icb_ptr(adns_query parent, adns_query child) { queried= &parent->ctx.tinfo.ptr.addr; for (i=0, found=cans->rrs.bytes; inrrs; i++, found+=cans->rrsz) { - if (adns__genaddr_equal_p(queried->af,&queried->addr, - parent->ctx.tinfo.ptr.addr.af,found)) { + if (adns__addrs_equal_raw(&queried->sa, + parent->ctx.tinfo.ptr.addr.sa.sa_family,found)) { if (!parent->children.head) { adns__query_done(parent); return; @@ -1337,12 +1424,14 @@ static adns_status cs_soa(vbuf *vb, const void *datap) { static adns_status ckl_srv(adns_state ads, adns_queryflags flags, union checklabel_state *cls, qcontext *ctx, - int labnum, const char *label, int lablen) { + int labnum, const char *dgram, + int labstart, int lablen) { + const char *label = dgram+labstart; if (labnum < 2 && !(flags & adns_qf_quoteok_query)) { if (!lablen || label[0] != '_') return adns_s_querydomaininvalid; return adns_s_ok; } - return adns__ckl_hostname(ads, flags, cls, ctx, labnum, label, lablen); + return adns__ckl_hostname(ads,flags, cls,ctx, labnum, dgram,labstart,lablen); } static adns_status pap_srv_begin(const parseinfo *pai, int *cbyte_io, int max,