diff options
author | Dag-Erling Smørgrav <des@FreeBSD.org> | 2013-02-15 21:49:12 +0000 |
---|---|---|
committer | Dag-Erling Smørgrav <des@FreeBSD.org> | 2013-02-15 21:49:12 +0000 |
commit | 2787e39aaaaffd1fb07657ffaa2e3561858b3c73 (patch) | |
tree | a08484c53617b571107c1a33e4ea1b64e436080f /contrib/ldns/drill | |
parent | 6709dfe57acb55966880c1027552f9d27e1e45cf (diff) | |
parent | 2f10c3e258216a4694be7302c4a039b26be832bf (diff) | |
download | src-test2-2787e39aaaaffd1fb07657ffaa2e3561858b3c73.tar.gz src-test2-2787e39aaaaffd1fb07657ffaa2e3561858b3c73.zip |
Upgrade to 1.6.16
Notes
Notes:
svn path=/head/; revision=246854
Diffstat (limited to 'contrib/ldns/drill')
-rw-r--r-- | contrib/ldns/drill/Makefile.in | 8 | ||||
-rw-r--r-- | contrib/ldns/drill/chasetrace.c | 14 | ||||
-rw-r--r-- | contrib/ldns/drill/config.h.in | 3 | ||||
-rwxr-xr-x | contrib/ldns/drill/configure | 56 | ||||
-rw-r--r-- | contrib/ldns/drill/configure.ac | 26 | ||||
-rw-r--r-- | contrib/ldns/drill/dnssec.c | 107 | ||||
-rw-r--r-- | contrib/ldns/drill/drill.1.in (renamed from contrib/ldns/drill/drill.1) | 12 | ||||
-rw-r--r-- | contrib/ldns/drill/drill.c | 30 | ||||
-rw-r--r-- | contrib/ldns/drill/drill.h | 1 | ||||
-rw-r--r-- | contrib/ldns/drill/drill_util.c | 32 | ||||
-rw-r--r-- | contrib/ldns/drill/drill_util.h | 7 | ||||
-rw-r--r-- | contrib/ldns/drill/securetrace.c | 4 | ||||
-rw-r--r-- | contrib/ldns/drill/work.c | 26 |
13 files changed, 233 insertions, 93 deletions
diff --git a/contrib/ldns/drill/Makefile.in b/contrib/ldns/drill/Makefile.in index 5730f0809c76..ac555fa1e575 100644 --- a/contrib/ldns/drill/Makefile.in +++ b/contrib/ldns/drill/Makefile.in @@ -9,6 +9,7 @@ exec_prefix = @exec_prefix@ bindir = @bindir@ mandir = @mandir@ includedir = @includedir@ +datarootdir = @datarootdir@ CC = @CC@ CFLAGS = -I. @CFLAGS@ @@ -77,7 +78,6 @@ docclean: distclean: clean docclean rm -f config.h - rm -f drill.h realclean: clean docclean rm -f tags @@ -88,9 +88,9 @@ realclean: clean docclean rm -rf autom4te.cache rm -f config.h rm -f config.h.in - rm -f drill.h rm -f configure rm -f Makefile + rm -f drill.1 rm -f aclocal.m4 doc: @@ -99,7 +99,7 @@ doc: install: all $(INSTALL) -d $(DESTDIR)$(bindir) $(INSTALL) drill $(DESTDIR)$(bindir)/drill - $(INSTALL) -m 644 $(srcdir)/drill.1 $(DESTDIR)$(mandir)/man1/drill.1 + $(INSTALL) -m 644 drill.1 $(DESTDIR)$(mandir)/man1/drill.1 uninstall: @echo @@ -116,4 +116,4 @@ lint: done confclean: clean - rm -rf config.log config.status config.h Makefile + rm -rf config.log config.status config.h Makefile drill.1 diff --git a/contrib/ldns/drill/chasetrace.c b/contrib/ldns/drill/chasetrace.c index c2bbfd009019..0a37ff3017e6 100644 --- a/contrib/ldns/drill/chasetrace.c +++ b/contrib/ldns/drill/chasetrace.c @@ -45,7 +45,15 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, p = ldns_pkt_new(); res = ldns_resolver_new(); - if (!p || !res) { + if (!p) { + if (res) { + ldns_resolver_free(res); + } + error("Memory allocation failed"); + return NULL; + } + if (!res) { + ldns_pkt_free(p); error("Memory allocation failed"); return NULL; } @@ -73,6 +81,8 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, if (status != LDNS_STATUS_OK) { fprintf(stderr, "Error adding root servers to resolver: %s\n", ldns_get_errorstr_by_id(status)); ldns_rr_list_print(stdout, global_dns_root); + ldns_resolver_free(res); + ldns_pkt_free(p); return NULL; } @@ -118,7 +128,7 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, drill_pkt_print_footer(stdout, local_res, p); /* remove the old nameserver from the resolver */ - while((pop = ldns_resolver_pop_nameserver(res))) { /* do it */ } + while(ldns_resolver_pop_nameserver(res)) { /* do it */ } /* also check for new_nss emptyness */ diff --git a/contrib/ldns/drill/config.h.in b/contrib/ldns/drill/config.h.in index 9b2a282a8e92..75448a07ecc6 100644 --- a/contrib/ldns/drill/config.h.in +++ b/contrib/ldns/drill/config.h.in @@ -111,6 +111,9 @@ /* Define to 1 if you have the <ws2tcpip.h> header file. */ #undef HAVE_WS2TCPIP_H +/* Default trust anchor file */ +#undef LDNS_TRUST_ANCHOR_FILE + /* Define to the address where bug reports for this package should be sent. */ #undef PACKAGE_BUGREPORT diff --git a/contrib/ldns/drill/configure b/contrib/ldns/drill/configure index 95bc43560728..6a4487d9a979 100755 --- a/contrib/ldns/drill/configure +++ b/contrib/ldns/drill/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.13. +# Generated by GNU Autoconf 2.68 for ldns 1.6.16. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -560,8 +560,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.13' -PACKAGE_STRING='ldns 1.6.13' +PACKAGE_VERSION='1.6.16' +PACKAGE_STRING='ldns 1.6.16' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -604,6 +604,7 @@ ac_includes_default="\ ac_subst_vars='LTLIBOBJS LIBOBJS +LDNS_TRUST_ANCHOR_FILE LDNSDIR LIBS_STC RUNTIME_PATH @@ -664,6 +665,7 @@ enable_option_checking enable_rpath with_ssl with_ldns +with_trust_anchor ' ac_precious_vars='build_alias host_alias @@ -1216,7 +1218,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.13 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.16 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1277,7 +1279,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.6.13:";; + short | recursive ) echo "Configuration of ldns 1.6.16:";; esac cat <<\_ACEOF @@ -1296,6 +1298,9 @@ Optional Packages: --with-ldns=PATH specify prefix of path of ldns library to use + --with-trust-anchor=KEYFILE + Default location of the trust anchor file. + [default=SYSCONFDIR/unbound/root.key] Some influential environment variables: CC C compiler command @@ -1373,7 +1378,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.13 +ldns configure 1.6.16 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1796,7 +1801,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.13, which was +It was created by ldns $as_me 1.6.16, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -5379,16 +5384,46 @@ else as_fn_error $? "Can't find ldns library" "$LINENO" 5 +fi fi + + + +# Check whether --with-trust-anchor was given. +if test "${with_trust_anchor+set}" = set; then : + withval=$with_trust_anchor; + LDNS_TRUST_ANCHOR_FILE="$withval" + +else + + if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then + if test "x$sysconfdir" = 'x${prefix}/etc' ; then + if test "x$prefix" = 'xNONE' ; then + LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key" + else + LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key" + fi + else + LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key" + fi + fi + fi +cat >>confdefs.h <<_ACEOF +#define LDNS_TRUST_ANCHOR_FILE "$LDNS_TRUST_ANCHOR_FILE" +_ACEOF + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: Default trust anchor: $LDNS_TRUST_ANCHOR_FILE" >&5 +$as_echo "$as_me: Default trust anchor: $LDNS_TRUST_ANCHOR_FILE" >&6;} -ac_config_files="$ac_config_files Makefile" +ac_config_files="$ac_config_files Makefile drill.1" ac_config_headers="$ac_config_headers config.h" @@ -5910,7 +5945,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.13, which was +This file was extended by ldns $as_me 1.6.16, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5972,7 +6007,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.13 +ldns config.status 1.6.16 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" @@ -6094,6 +6129,7 @@ for ac_config_target in $ac_config_targets do case $ac_config_target in "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "drill.1") CONFIG_FILES="$CONFIG_FILES drill.1" ;; "config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; diff --git a/contrib/ldns/drill/configure.ac b/contrib/ldns/drill/configure.ac index afd5c63803b3..17d7541c027b 100644 --- a/contrib/ldns/drill/configure.ac +++ b/contrib/ldns/drill/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.56) -AC_INIT(ldns, 1.6.13, libdns@nlnetlabs.nl,libdns) +AC_INIT(ldns, 1.6.16, libdns@nlnetlabs.nl,libdns) AC_CONFIG_SRCDIR([drill.c]) sinclude(../acx_nlnetlabs.m4) @@ -170,13 +170,33 @@ if test -f $ldns_dev_dir/ldns/util.h && \ else AC_MSG_RESULT([no]) AC_CHECK_LIB(ldns, ldns_rr_new, , [ - AC_MSG_ERROR([Can't find ldns library]) + AC_MSG_ERROR([Can't find ldns library])dnl ' ] ) fi AC_SUBST(LDNSDIR) +AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE], +[Default location of the trust anchor file. [default=SYSCONFDIR/unbound/root.key]]), [ + LDNS_TRUST_ANCHOR_FILE="$withval" +],[ + if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then + if test "x$sysconfdir" = 'x${prefix}/etc' ; then + if test "x$prefix" = 'xNONE' ; then + LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key" + else + LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key" + fi + else + LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key" + fi + fi +]) +AC_DEFINE_UNQUOTED([LDNS_TRUST_ANCHOR_FILE], ["$LDNS_TRUST_ANCHOR_FILE"], [Default trust anchor file]) +AC_SUBST(LDNS_TRUST_ANCHOR_FILE) +AC_MSG_NOTICE([Default trust anchor: $LDNS_TRUST_ANCHOR_FILE]) + AH_BOTTOM([ #include <stdio.h> @@ -254,6 +274,6 @@ extern int optind, opterr; #endif ]) -AC_CONFIG_FILES([Makefile]) +AC_CONFIG_FILES([Makefile drill.1]) AC_CONFIG_HEADER([config.h]) AC_OUTPUT diff --git a/contrib/ldns/drill/dnssec.c b/contrib/ldns/drill/dnssec.c index b72ffb95dadc..b8074be03cc5 100644 --- a/contrib/ldns/drill/dnssec.c +++ b/contrib/ldns/drill/dnssec.c @@ -22,12 +22,10 @@ get_rr(ldns_resolver *res, ldns_rdf *zname, ldns_rr_type t, ldns_rr_class c) p = ldns_pkt_new(); found = NULL; - if (ldns_resolver_send(&p, res, zname, t, c, 0) != LDNS_STATUS_OK) { - /* oops */ - return NULL; - } else { + if (ldns_resolver_send(&p, res, zname, t, c, 0) == LDNS_STATUS_OK) { found = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANY_NOQUESTION); } + ldns_pkt_free(p); return found; } @@ -36,6 +34,7 @@ drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p) { ldns_rr_list *new_nss; ldns_rr_list *hostnames; + char *answerfrom_str; if (verbosity < 5) { return; @@ -46,8 +45,7 @@ drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p) new_nss = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER); ldns_rr_list_print(fd, new_nss); - - /* new_nss can be empty.... */ + ldns_rr_list_deep_free(new_nss); fprintf(fd, ";; Received %d bytes from %s#%d(", (int) ldns_pkt_size(p), @@ -59,7 +57,11 @@ drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p) ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0)); ldns_rr_list_deep_free(hostnames); } else { - fprintf(fd, "%s", ldns_rdf2str(ldns_pkt_answerfrom(p))); + answerfrom_str = ldns_rdf2str(ldns_pkt_answerfrom(p)); + if (answerfrom_str) { + fprintf(fd, "%s", answerfrom_str); + LDNS_FREE(answerfrom_str); + } } fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p)); } @@ -68,6 +70,7 @@ void drill_pkt_print_footer(FILE *fd, ldns_resolver *r, ldns_pkt *p) { ldns_rr_list *hostnames; + char *answerfrom_str; if (verbosity < 5) { return; @@ -85,7 +88,11 @@ drill_pkt_print_footer(FILE *fd, ldns_resolver *r, ldns_pkt *p) ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0)); ldns_rr_list_deep_free(hostnames); } else { - fprintf(fd, "%s", ldns_rdf2str(ldns_pkt_answerfrom(p))); + answerfrom_str = ldns_rdf2str(ldns_pkt_answerfrom(p)); + if (answerfrom_str) { + fprintf(fd, "%s", answerfrom_str); + LDNS_FREE(answerfrom_str); + } } fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p)); } @@ -98,7 +105,6 @@ get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t, ldns_rr_list **rrlist, ldns_rr_list **sig) { ldns_pkt_type pt = LDNS_PACKET_UNKNOWN; - ldns_rr_list *rr = NULL; ldns_rr_list *sigs = NULL; size_t i; @@ -111,36 +117,52 @@ get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t, pt = ldns_pkt_reply_type(p); if (name) { - rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_ANSWER); - if (!rr) { - rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_AUTHORITY); + if (rrlist) { + *rrlist = ldns_pkt_rr_list_by_name_and_type(p, name, t, + LDNS_SECTION_ANSWER); + if (!*rrlist) { + *rrlist = ldns_pkt_rr_list_by_name_and_type( + p, name, t, + LDNS_SECTION_AUTHORITY); + } } - sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_ANSWER); - if (!sigs) { - sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_AUTHORITY); + if (sig) { + sigs = ldns_pkt_rr_list_by_name_and_type(p, name, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + if (!sigs) { + sigs = ldns_pkt_rr_list_by_name_and_type( + p, name, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_AUTHORITY); + } } } else { - /* A DS-referral - get the DS records if they are there */ - rr = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_AUTHORITY); - sigs = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_RRSIG, - LDNS_SECTION_AUTHORITY); + /* A DS-referral - get the DS records if they are there */ + if (rrlist) { + *rrlist = ldns_pkt_rr_list_by_type( + p, t, LDNS_SECTION_AUTHORITY); + } + if (sig) { + sigs = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_AUTHORITY); + } } if (sig) { *sig = ldns_rr_list_new(); for (i = 0; i < ldns_rr_list_rr_count(sigs); i++) { /* only add the sigs that cover this type */ - if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(ldns_rr_list_rr(sigs, i))) == - t) { - ldns_rr_list_push_rr(*sig, ldns_rr_clone(ldns_rr_list_rr(sigs, i))); + if (t == ldns_rdf2rr_type(ldns_rr_rrsig_typecovered( + ldns_rr_list_rr(sigs, i)))) { + + ldns_rr_list_push_rr(*sig, + ldns_rr_clone( + ldns_rr_list_rr( + sigs, i))); } } } ldns_rr_list_deep_free(sigs); - if (rrlist) { - *rrlist = rr; - } if (pt == LDNS_PACKET_NXDOMAIN || pt == LDNS_PACKET_NODATA) { return pt; @@ -153,6 +175,7 @@ get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t, ldns_status ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs) { +#ifdef HAVE_SSL uint16_t nsec_i; ldns_rr_list *nsecs; @@ -216,12 +239,28 @@ ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_lis ldns_rr_list* sigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION); ldns_rr* q = ldns_rr_new(); ldns_rr* match = NULL; - if(!sigs) return LDNS_STATUS_MEM_ERR; - if(!q) return LDNS_STATUS_MEM_ERR; + + if(!sigs) { + if (q) { + ldns_rr_free(q); + } + ldns_rr_list_deep_free(nsecs); + return LDNS_STATUS_MEM_ERR; + } + if(!q) { + ldns_rr_list_deep_free(nsecs); + ldns_rr_list_deep_free(sigs); + return LDNS_STATUS_MEM_ERR; + } ldns_rr_set_question(q, 1); ldns_rr_set_ttl(q, 0); ldns_rr_set_owner(q, ldns_rdf_clone(name)); - if(!ldns_rr_owner(q)) return LDNS_STATUS_MEM_ERR; + if(!ldns_rr_owner(q)) { + ldns_rr_free(q); + ldns_rr_list_deep_free(sigs); + ldns_rr_list_deep_free(nsecs); + return LDNS_STATUS_MEM_ERR; + } ldns_rr_set_type(q, type); /* result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0); */ @@ -234,6 +273,14 @@ ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_lis ldns_rr_list_deep_free(sigs); } return result; +#else + (void)pkt; + (void)name; + (void)type; + (void)nsec_rrs; + (void)nsec_rr_sigs; + return LDNS_STATUS_ERR; +#endif /* HAVE_SSL */ } /* NSEC3 draft -07 */ diff --git a/contrib/ldns/drill/drill.1 b/contrib/ldns/drill/drill.1.in index 24cfd6dabe98..15b15a425333 100644 --- a/contrib/ldns/drill/drill.1 +++ b/contrib/ldns/drill/drill.1.in @@ -161,6 +161,11 @@ given \fBdrill\fR tries to validate the current answer with this key. No chasing is done. When \fBdrill\fR is doing a secure trace, this key will be used as trust anchor. Can contain a DNSKEY or a DS record. +Alternatively, when DNSSEC enabled tracing (\fB-TD\fR) or signature +chasing (\fB-S\fR), if \fB-k\fR is not specified, and a default trust anchor +(@LDNS_TRUST_ANCHOR_FILE@) exists and contains a valid DNSKEY or DS record, +it will be used as the trust anchor. + .TP \fB\-o \fImnemonic\fR Use this option to set or unset specific header bits. A bit is @@ -212,6 +217,13 @@ specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.s \fB\-z \fR don't randomize the nameserver list before sending queries. +.SH "FILES" +.TP +@LDNS_TRUST_ANCHOR_FILE@ +The file from which trusted keys are loaded when no \fB-k\fR option is given. +.SH "SEE ALSO" +.LP +unbound-anchor(8) .SH AUTHOR Jelte Jansen and Miek Gieben. Both of NLnet Labs. diff --git a/contrib/ldns/drill/drill.c b/contrib/ldns/drill/drill.c index 2f779634d8e0..574c8b98c856 100644 --- a/contrib/ldns/drill/drill.c +++ b/contrib/ldns/drill/drill.c @@ -47,19 +47,25 @@ usage(FILE *stream, const char *progname) fprintf(stream, "\t-6\t\tstay on ip6\n"); fprintf(stream, "\t-a\t\tfallback to EDNS0 and TCP if the answer is truncated\n"); fprintf(stream, "\t-b <bufsize>\tuse <bufsize> as the buffer size (defaults to 512 b)\n"); - fprintf(stream, "\t-c <file>\t\tuse file for rescursive nameserver configuration (/etc/resolv.conf)\n"); - fprintf(stream, "\t-k <file>\tspecify a file that contains a trusted DNSSEC key (DNSKEY|DS) [**]\n"); - fprintf(stream, "\t\t\tused to verify any signatures in the current answer\n"); - fprintf(stream, "\t-o <mnemonic>\tset flags to: [QR|qr][AA|aa][TC|tc][RD|rd][CD|cd][RA|ra][AD|ad]\n"); + fprintf(stream, "\t-c <file>\tuse file for rescursive nameserver configuration" + "\n\t\t\t(/etc/resolv.conf)\n"); + fprintf(stream, "\t-k <file>\tspecify a file that contains a trusted DNSSEC key [**]\n"); + fprintf(stream, "\t\t\tUsed to verify any signatures in the current answer.\n"); + fprintf(stream, "\t\t\tWhen DNSSEC enabled tracing (-TD) or signature\n" + "\t\t\tchasing (-S) and no key files are given, keys are read\n" + "\t\t\tfrom: %s\n", + LDNS_TRUST_ANCHOR_FILE); + fprintf(stream, "\t-o <mnemonic>\tset flags to:" + "\n\t\t\t[QR|qr][AA|aa][TC|tc][RD|rd][CD|cd][RA|ra][AD|ad]\n"); fprintf(stream, "\t\t\tlowercase: unset bit, uppercase: set bit\n"); fprintf(stream, "\t-p <port>\tuse <port> as remote port number\n"); fprintf(stream, "\t-s\t\tshow the DS RR for each key in a packet\n"); fprintf(stream, "\t-u\t\tsend the query with udp (the default)\n"); fprintf(stream, "\t-x\t\tdo a reverse lookup\n"); fprintf(stream, "\twhen doing a secure trace:\n"); - fprintf(stream, "\t-r <file>\t\tuse file as root servers hint file\n"); + fprintf(stream, "\t-r <file>\tuse file as root servers hint file\n"); fprintf(stream, "\t-t\t\tsend the query with tcp (connected)\n"); - fprintf(stream, "\t-d <domain>\t\tuse domain as the start point for the trace\n"); + fprintf(stream, "\t-d <domain>\tuse domain as the start point for the trace\n"); fprintf(stream, "\t-y <name:key[:algo]>\tspecify named base64 tsig key, and optional an\n\t\t\talgorithm (defaults to hmac-md5.sig-alg.reg.int)\n"); fprintf(stream, "\t-z\t\tdon't randomize the nameservers before use\n"); fprintf(stream, "\n [*] = enables/implies DNSSEC\n"); @@ -272,7 +278,8 @@ main(int argc, char *argv[]) qusevc = true; break; case 'k': - status = read_key_file(optarg, key_list); + status = read_key_file(optarg, + key_list, false); if (status != LDNS_STATUS_OK) { error("Could not parse the key file %s: %s", optarg, ldns_get_errorstr_by_id(status)); } @@ -397,6 +404,15 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; + if ((PURPOSE == DRILL_CHASE || (PURPOSE == DRILL_TRACE && qdnssec)) && + ldns_rr_list_rr_count(key_list) == 0) { + + (void) read_key_file(LDNS_TRUST_ANCHOR_FILE, key_list, true); + } + if (ldns_rr_list_rr_count(key_list) > 0) { + printf(";; Number of trusted keys: %d\n", + (int) ldns_rr_list_rr_count(key_list)); + } /* do a secure trace when requested */ if (PURPOSE == DRILL_TRACE && qdnssec) { #ifdef HAVE_SSL diff --git a/contrib/ldns/drill/drill.h b/contrib/ldns/drill/drill.h index 69b0396b2171..0746fe7bff23 100644 --- a/contrib/ldns/drill/drill.h +++ b/contrib/ldns/drill/drill.h @@ -85,7 +85,6 @@ ldns_status ldns_verify_denial(ldns_pkt *pkt, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs); -ldns_status read_key_file(const char *filename, ldns_rr_list *key_list); ldns_pkt *read_hex_pkt(char *filename); ldns_buffer *read_hex_buffer(char *filename); void init_root(void); diff --git a/contrib/ldns/drill/drill_util.c b/contrib/ldns/drill/drill_util.c index 98d88e7942da..db0433e77e1d 100644 --- a/contrib/ldns/drill/drill_util.c +++ b/contrib/ldns/drill/drill_util.c @@ -13,14 +13,14 @@ #include <errno.h> -static size_t +static int read_line(FILE *input, char *line, size_t len) { - size_t i; + int i; char c; - for (i = 0; i < len-1; i++) { - c = getc(input); + for (i = 0; i < (int)len-1; i++) { + c = (char)getc(input); if (c == EOF) { return -1; } else if (c != '\n') { @@ -35,20 +35,22 @@ read_line(FILE *input, char *line, size_t len) /* key_list must be initialized with ldns_rr_list_new() */ ldns_status -read_key_file(const char *filename, ldns_rr_list *key_list) +read_key_file(const char *filename, ldns_rr_list *key_list, bool silently) { int line_len = 0; int line_nr = 0; int key_count = 0; - char line[LDNS_MAX_PACKETLEN]; + char line[LDNS_MAX_LINELEN]; ldns_status status; FILE *input_file; ldns_rr *rr; input_file = fopen(filename, "r"); if (!input_file) { - fprintf(stderr, "Error opening %s: %s\n", - filename, strerror(errno)); + if (! silently) { + fprintf(stderr, "Error opening %s: %s\n", + filename, strerror(errno)); + } return LDNS_STATUS_ERR; } while (line_len >= 0) { @@ -57,10 +59,13 @@ read_key_file(const char *filename, ldns_rr_list *key_list) if (line_len > 0 && line[0] != ';') { status = ldns_rr_new_frm_str(&rr, line, 0, NULL, NULL); if (status != LDNS_STATUS_OK) { - fprintf(stderr, - "Error parsing DNSKEY RR in line %d: %s\n", - line_nr, - ldns_get_errorstr_by_id(status)); + if (! silently) { + fprintf(stderr, + "Error parsing DNSKEY RR " + "in line %d: %s\n", line_nr, + ldns_get_errorstr_by_id(status) + ); + } } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY || ldns_rr_get_type(rr) == LDNS_RR_TYPE_DS) { ldns_rr_list_push_rr(key_list, rr); @@ -70,7 +75,7 @@ read_key_file(const char *filename, ldns_rr_list *key_list) } } } - printf(";; Number of trusted keys: %d\n", key_count); + fclose(input_file); if (key_count > 0) { return LDNS_STATUS_OK; } else { @@ -132,6 +137,7 @@ print_ds_of_keys(ldns_pkt *p) ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA256); local_print_ds(stdout, "; sha256: ", ds); } + ldns_rr_list_deep_free(keys); } } diff --git a/contrib/ldns/drill/drill_util.h b/contrib/ldns/drill/drill_util.h index de7844118dbc..42b3f32b25df 100644 --- a/contrib/ldns/drill/drill_util.h +++ b/contrib/ldns/drill/drill_util.h @@ -12,6 +12,13 @@ #define _DRILL_UTIL_H_ #include <ldns/ldns.h> + +/** + * Read keys from filename and append to key_list. + */ +ldns_status read_key_file(const char *filename, ldns_rr_list *key_list, + bool silently); + /** * return a address rdf, either A or AAAA * NULL if anything goes wrong diff --git a/contrib/ldns/drill/securetrace.c b/contrib/ldns/drill/securetrace.c index 029ebf51d6fe..c6e7e588409a 100644 --- a/contrib/ldns/drill/securetrace.c +++ b/contrib/ldns/drill/securetrace.c @@ -231,7 +231,8 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, if (status != LDNS_STATUS_OK) { printf("ERRRRR: %s\n", ldns_get_errorstr_by_id(status)); ldns_rr_list_print(stdout, global_dns_root); - return status; + result = status; + goto done; } labels_count = ldns_dname_label_count(name); if (start_name) { @@ -392,7 +393,6 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, printf(";; There is an empty non-terminal here, continue\n"); continue; } - goto done; } if (ldns_resolver_nameserver_count(res) == 0) { diff --git a/contrib/ldns/drill/work.c b/contrib/ldns/drill/work.c index 3a9cb5855d70..653145fe522b 100644 --- a/contrib/ldns/drill/work.c +++ b/contrib/ldns/drill/work.c @@ -122,11 +122,6 @@ packetbuffromfile(char *filename, uint8_t *wire) hexbuf[hexbufpos] = (uint8_t) c; hexbufpos++; break; - default: - warning("unknown state while reading %s", filename); - xfree(hexbuf); - return 0; - break; } c = fgetc(fp); } @@ -178,20 +173,7 @@ read_hex_buffer(char *filename) size_t wiresize; ldns_buffer *result_buffer = NULL; - FILE *fp = NULL; - - if (strncmp(filename, "-", 2) != 0) { - fp = fopen(filename, "r"); - } else { - fp = stdin; - } - - if (fp == NULL) { - perror(""); - warning("Unable to open %s", filename); - return NULL; - } - + wire = xmalloc(LDNS_MAX_PACKETLEN); wiresize = packetbuffromfile(filename, wire); @@ -199,8 +181,8 @@ read_hex_buffer(char *filename) result_buffer = LDNS_MALLOC(ldns_buffer); ldns_buffer_new_frm_data(result_buffer, wire, wiresize); ldns_buffer_set_position(result_buffer, ldns_buffer_capacity(result_buffer)); - xfree(wire); + return result_buffer; } @@ -236,7 +218,7 @@ read_hex_pkt(char *filename) void dump_hex(const ldns_pkt *pkt, const char *filename) { - uint8_t *wire; + uint8_t *wire = NULL; size_t size, i; FILE *fp; ldns_status status; @@ -252,6 +234,7 @@ dump_hex(const ldns_pkt *pkt, const char *filename) if (status != LDNS_STATUS_OK) { error("Unable to convert packet: error code %u", status); + LDNS_FREE(wire); return; } @@ -273,4 +256,5 @@ dump_hex(const ldns_pkt *pkt, const char *filename) } fprintf(fp, "\n"); fclose(fp); + LDNS_FREE(wire); } |