static int search_sortlist(adns_state ads, int af, const void *ad) {
const struct sortlist *slp;
- const struct in6_addr *a6;
- union gen_addr a;
+ struct in_addr a4;
int i;
int v6mappedp= 0;
if (af == AF_INET6) {
- a6= ad;
+ const struct in6_addr *a6= ad;
if (IN6_IS_ADDR_V4MAPPED(a6)) {
- a.v4.s_addr= htonl(((unsigned long)a6->s6_addr[12] << 24) |
- ((unsigned long)a6->s6_addr[13] << 16) |
- ((unsigned long)a6->s6_addr[14] << 8) |
- ((unsigned long)a6->s6_addr[15] << 0));
+ a4.s_addr= htonl(((unsigned long)a6->s6_addr[12] << 24) |
+ ((unsigned long)a6->s6_addr[13] << 16) |
+ ((unsigned long)a6->s6_addr[14] << 8) |
+ ((unsigned long)a6->s6_addr[15] << 0));
v6mappedp= 1;
}
}
for (i=0, slp=ads->sortlist;
i<ads->nsortlist &&
- !adns__addr_match_p(af,ad, slp->af,&slp->base,&slp->mask) &&
+ !adns__addr_matches(af,ad, &slp->base,&slp->mask) &&
!(v6mappedp &&
- adns__addr_match_p(AF_INET,&a, slp->af,&slp->base,&slp->mask));
+ adns__addr_matches(AF_INET,&a4, &slp->base,&slp->mask));
i++, slp++);
return i;
}
memset(&a, 0, sizeof(a));
a.addr.sa.sa_family= af;
- adns__sockaddr_inject(p, 0, &a.addr.sa);
+ adns__addr_inject(p, &a.addr);
err= adns_addr2text(&a.addr.sa,0, buf,&len, 0); assert(!err);
CSP_ADDSTR(buf);
return adns_s_ok;
return i < addr_nrrtypes ? 1 << i : 0;
}
+/* About CNAME handling in addr queries.
+ *
+ * A user-level addr query is translated into a number of protocol-level
+ * queries, and its job is to reassemble the results. This gets tricky if
+ * the answers aren't consistent. In particular, if the answers report
+ * inconsistent indirection via CNAME records (e.g., different CNAMEs, or
+ * some indirect via a CNAME, and some don't) then we have trouble.
+ *
+ * Once we've received an answer, even if it was NODATA, we set
+ * adns__qf_addr_answer on the parent query. This will let us detect a
+ * conflict between a no-CNAME-with-NODATA reply and a subsequent CNAME.
+ *
+ * If we detect a conflict of any kind, then at least one answer came back
+ * with a CNAME record, so we pick the first such answer (somewhat
+ * arbitrarily) as being the `right' canonical name, and set this in the
+ * parent query's answer->cname slot. We discard address records from the
+ * wrong name. And finally we cancel the outstanding child queries, and
+ * resubmit address queries for the address families we don't yet have, with
+ * adns__qf_addr_cname set so that we know that we're in the fixup state.
+ */
+
static adns_status pap_addr(const parseinfo *pai, int rrty, size_t rrsz,
int *cbyte_io, int max, adns_rr_addr *storeto) {
const byte *dgram= pai->dgram;
}
static int search_sortlist_sa(adns_state ads, const struct sockaddr *sa) {
- union gen_addr a;
- adns__sockaddr_extract(sa, &a, 0);
- return search_sortlist(ads, sa->sa_family, &a);
+ const void *pa = adns__sockaddr_addr(sa);
+ return search_sortlist(ads, sa->sa_family, pa);
}
static int dip_sockaddr(adns_state ads,
/* Return a mask of addr_rf_... flags indicating which address families are
* wanted, given a query type and flags.
*/
- return addr_rf_a;
+
+ adns_queryflags permitaf= 0;
+ unsigned want= 0;
+
+ if (!(type & adns__qtf_bigaddr))
+ qf= (qf & ~adns_qf_want_allaf) | adns_qf_want_ipv4;
+ else {
+ if (!(qf & adns_qf_want_allaf)) {
+ qf |= (type & adns__qtf_manyaf) ?
+ adns_qf_want_allaf : adns_qf_want_ipv4;
+ }
+ if (ads->iflags & adns_if_permit_ipv4) permitaf |= adns_qf_want_ipv4;
+ if (ads->iflags & adns_if_permit_ipv6) permitaf |= adns_qf_want_ipv6;
+ if (qf & permitaf) qf &= permitaf | ~adns_qf_want_allaf;
+ }
+
+ if (qf & adns_qf_want_ipv4) want |= addr_rf_a;
+ if (qf & adns_qf_want_ipv6) want |= addr_rf_aaaa;
+
+ return want;
}
static void icb_addr(adns_query parent, adns_query child);
adns_answer *pans= parent->answer, *cans= child->answer;
struct timeval now;
adns_status err;
+ adns_queryflags qf;
+ int id;
propagate_ttl(parent, child);
+ if (!(child->flags & adns__qf_addr_cname) &&
+ (parent->flags & adns__qf_addr_answer) &&
+ (!!pans->cname != !!cans->cname ||
+ (pans->cname && strcmp(pans->cname, cans->cname)))) {
+ /* We've detected an inconsistency in CNAME records, and must deploy
+ * countermeasures.
+ */
+
+ if (!pans->cname) {
+ /* The child has a CNAME record, but the parent doesn't. We must
+ * discard all of the parent's addresses, and substitute the child's.
+ */
+
+ assert(pans->rrsz == cans->rrsz);
+ adns__free_interim(parent, pans->rrs.bytes);
+ adns__transfer_interim(child, parent, cans->rrs.bytes);
+ pans->rrs.bytes= cans->rrs.bytes;
+ pans->nrrs= cans->nrrs;
+ parent->ctx.tinfo.addr.have= 0;
+ done_addr_type(parent, cans->type);
+ err= copy_cname_from_child(parent, child); if (err) goto x_err;
+ }
+
+ /* We've settled on the CNAME (now) associated with the parent, which
+ * already has appropriate address records. Build a query datagram for
+ * this name so that we can issue child queries for the missing address
+ * families. The child's vbuf looks handy for this.
+ */
+ err= adns__mkquery(ads, &child->vb, &id, pans->cname,
+ strlen(pans->cname), &tinfo_addrsub,
+ adns_r_addr, parent->flags);
+ if (err) goto x_err;
+
+ /* Now cancel the remaining children, and try again with the CNAME we've
+ * settled on.
+ */
+ adns__cancel_children(parent);
+ if (gettimeofday(&now, 0)) goto x_gtod;
+ qf= adns__qf_addr_cname;
+ if (!(parent->flags & adns_qf_cname_loose)) qf |= adns_qf_cname_forbid;
+ addr_subqueries(parent, now, qf, child->vb.buf, child->vb.used);
+ return;
+ }
+
if (cans->cname && !pans->cname) {
err= copy_cname_from_child(parent, child);
if (err) goto x_err;
if (parent->children.head) LIST_LINK_TAIL(ads->childw, parent);
else if (!pans->nrrs) adns__query_fail(parent, adns_s_nodata);
else adns__query_done(parent);
+ parent->flags |= adns__qf_addr_answer;
return;
x_gtod:
ctx.callback= icb_hostaddr;
ctx.pinfo.hostaddr= rrp;
- nflags= adns_qf_quoteok_query | (pai->qu->flags & adns_qf_ipv6_mapv4);
+ nflags= adns_qf_quoteok_query | (pai->qu->flags & (adns_qf_want_allaf |
+ adns_qf_ipv6_mapv4));
if (!(pai->qu->flags & adns_qf_cname_loose)) nflags |= adns_qf_cname_forbid;
st= addr_submit(pai->qu, &nqu, &pai->qu->vb, id, want,
static adns_status ckl_ptr(adns_state ads, adns_queryflags flags,
union checklabel_state *cls, qcontext *ctx,
- int labnum, const char *label, int lablen) {
+ int labnum, const char *dgram,
+ int labstart, int lablen) {
if (lablen) {
- if (adns__revparse_label(&cls->ptr, labnum, label,lablen))
+ if (!adns__revparse_label(&cls->ptr, labnum, dgram,labstart,lablen))
return adns_s_querydomainwrong;
} else {
- if (adns__revparse_done(&cls->ptr, labnum,
- &ctx->tinfo.ptr.rev_rrtype,
- &ctx->tinfo.ptr.addr))
+ if (!adns__revparse_done(&cls->ptr, dgram, labnum,
+ &ctx->tinfo.ptr.rev_rrtype,
+ &ctx->tinfo.ptr.addr))
return adns_s_querydomainwrong;
}
return adns_s_ok;
static void icb_ptr(adns_query parent, adns_query child) {
adns_answer *cans= child->answer;
- const struct af_addr *queried;
+ const adns_sockaddr *queried;
const unsigned char *found;
adns_state ads= parent->ads;
int i;
queried= &parent->ctx.tinfo.ptr.addr;
for (i=0, found=cans->rrs.bytes; i<cans->nrrs; i++, found+=cans->rrsz) {
- if (adns__genaddr_equal_p(queried->af,&queried->addr,
- parent->ctx.tinfo.ptr.addr.af,found)) {
+ if (adns__addrs_equal_raw(&queried->sa,
+ parent->ctx.tinfo.ptr.addr.sa.sa_family,found)) {
if (!parent->children.head) {
adns__query_done(parent);
return;
static adns_status ckl_srv(adns_state ads, adns_queryflags flags,
union checklabel_state *cls, qcontext *ctx,
- int labnum, const char *label, int lablen) {
- if (labnum < 2 && !(flags & adns_qf_quoteok_query)) {
+ int labnum, const char *dgram,
+ int labstart, int lablen) {
+ const char *label = dgram+labstart;
+ if (labnum < 2) {
+ if (flags & adns_qf_quoteok_query) return adns_s_ok;
if (!lablen || label[0] != '_') return adns_s_querydomaininvalid;
return adns_s_ok;
}
- return adns__ckl_hostname(ads, flags, cls, ctx, labnum, label, lablen);
+ return adns__ckl_hostname(ads,flags, cls,ctx, labnum, dgram,labstart,lablen);
}
static adns_status pap_srv_begin(const parseinfo *pai, int *cbyte_io, int max,
~ianmdlvl / adns.git / blobdiff