diff options
Diffstat (limited to 'drill')
| -rw-r--r-- | drill/chasetrace.c | 2 | ||||
| -rwxr-xr-x | drill/configure | 37 | ||||
| -rw-r--r-- | drill/configure.ac | 2 | ||||
| -rw-r--r-- | drill/drill.1.in | 11 | ||||
| -rw-r--r-- | drill/drill.c | 55 | ||||
| -rw-r--r-- | drill/drill_util.c | 6 | ||||
| -rw-r--r-- | drill/securetrace.c | 28 | ||||
| -rw-r--r-- | drill/work.c | 1 |
8 files changed, 111 insertions, 31 deletions
diff --git a/drill/chasetrace.c b/drill/chasetrace.c index 0a37ff3017e6..370f627673e2 100644 --- a/drill/chasetrace.c +++ b/drill/chasetrace.c @@ -74,6 +74,8 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, ldns_resolver_usevc(local_res)); ldns_resolver_set_random(res, ldns_resolver_random(local_res)); + ldns_resolver_set_source(res, + ldns_resolver_source(local_res)); ldns_resolver_set_recursive(res, false); /* setup the root nameserver in the new resolver */ diff --git a/drill/configure b/drill/configure index 6a4487d9a979..0937a1b288ab 100755 --- a/drill/configure +++ b/drill/configure @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.16. +# Generated by GNU Autoconf 2.68 for ldns 1.6.17. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -560,8 +560,8 @@ MAKEFLAGS= # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.16' -PACKAGE_STRING='ldns 1.6.16' +PACKAGE_VERSION='1.6.17' +PACKAGE_STRING='ldns 1.6.17' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -1218,7 +1218,7 @@ if test "$ac_init_help" = "long"; then # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.16 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.17 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1279,7 +1279,7 @@ fi if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.6.16:";; + short | recursive ) echo "Configuration of ldns 1.6.17:";; esac cat <<\_ACEOF @@ -1378,7 +1378,7 @@ fi test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.16 +ldns configure 1.6.17 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1801,7 +1801,7 @@ cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.16, which was +It was created by ldns $as_me 1.6.17, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2154,7 +2154,12 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # Copyright 2009, Wouter Wijngaards, NLnet Labs. # BSD licensed. # -# Version 21 +# Version 26 +# 2013-09-19 FLTO help text improved. +# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes +# 2013-06-25 FLTO has --disable-flto option. +# 2013-05-03 Update W32_SLEEP for newer mingw that links but not defines it. +# 2013-03-22 Fix ACX_RSRC_VERSION for long version numbers. # 2012-02-09 Fix AHX_MEMCMP_BROKEN with undef in compat/memcmp.h. # 2012-01-20 Fix COMPILER_FLAGS_UNBOUND for gcc 4.6.2 assigned-not-used-warns. # 2011-12-05 Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc. @@ -2169,7 +2174,7 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu # 2010-07-02 Add check for ss_family (for minix). # 2010-04-26 Fix to use CPPFLAGS for CHECK_COMPILER_FLAGS. # 2010-03-01 Fix RPATH using CONFIG_COMMANDS to run at the very end. -# 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS seperate, -ldl +# 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS separate, -ldl # 2010-02-01 added ACX_CHECK_MEMCMP_SIGNED, AHX_MEMCMP_BROKEN # 2010-01-20 added AHX_COONFIG_STRLCAT # 2009-07-14 U_CHAR detection improved for windows crosscompile. @@ -4240,7 +4245,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -std=c99 -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -4271,7 +4276,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -xc99 -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -4314,7 +4319,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -O2 -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -4347,7 +4352,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -Werror -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -4378,7 +4383,7 @@ if eval \${cv_prog_cc_flag_$cache+:} false; then : $as_echo_n "(cached) " >&6 else -echo 'void f(){}' >conftest.c +echo 'void f(void){}' >conftest.c if test -z "`$CC $CPPFLAGS $CFLAGS -Wall -c conftest.c 2>&1`"; then eval "cv_prog_cc_flag_$cache=yes" else @@ -5945,7 +5950,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1 # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.16, which was +This file was extended by ldns $as_me 1.6.17, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6007,7 +6012,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.16 +ldns config.status 1.6.17 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" diff --git a/drill/configure.ac b/drill/configure.ac index 17d7541c027b..b7fe2aee07a8 100644 --- a/drill/configure.ac +++ b/drill/configure.ac @@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.56) -AC_INIT(ldns, 1.6.16, libdns@nlnetlabs.nl,libdns) +AC_INIT(ldns, 1.6.17, libdns@nlnetlabs.nl,libdns) AC_CONFIG_SRCDIR([drill.c]) sinclude(../acx_nlnetlabs.m4) diff --git a/drill/drill.1.in b/drill/drill.1.in index 15b15a425333..b6d74f6554d7 100644 --- a/drill/drill.1.in +++ b/drill/drill.1.in @@ -83,6 +83,11 @@ Chase the signature(s) of 'name' to a known key or as high up in the tree as possible. .TP +\fB\-I \fIIPv4 or IPv6 address\fR +Source address to query from. The source address has to be present +on an interface of the host running drill. + +.TP \fB\-V \fIlevel\fR Be more verbose. Set level to 5 to see the actual query that is sent. @@ -217,6 +222,12 @@ specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.s \fB\-z \fR don't randomize the nameserver list before sending queries. +.SH "EXIT STATUS" +The exit status is 0 if the looked up answer is secure and trusted, +or insecure. +The exit status is not 0 if the looked up answer is untrusted or bogus, +or an error occurred while performing the lookup. + .SH "FILES" .TP @LDNS_TRUST_ANCHOR_FILE@ diff --git a/drill/drill.c b/drill/drill.c index 574c8b98c856..b967ad949c8d 100644 --- a/drill/drill.c +++ b/drill/drill.c @@ -33,6 +33,7 @@ usage(FILE *stream, const char *progname) fprintf(stream, "\t-T\t\ttrace from the root down to <name>\n"); fprintf(stream, "\t-S\t\tchase signature(s) from <name> to a know key [*]\n"); #endif /*HAVE_SSL*/ + fprintf(stream, "\t-I <address>\tsource address to query from\n"); fprintf(stream, "\t-V <number>\tverbosity (0-5)\n"); fprintf(stream, "\t-Q\t\tquiet mode (overrules -V)\n"); fprintf(stream, "\n"); @@ -103,6 +104,7 @@ main(int argc, char *argv[]) ldns_pkt *pkt; ldns_pkt *qpkt; char *serv; + char *src = NULL; const char *name; char *name2; char *progname; @@ -110,6 +112,7 @@ main(int argc, char *argv[]) char *answer_file = NULL; ldns_buffer *query_buffer = NULL; ldns_rdf *serv_rdf; + ldns_rdf *src_rdf = NULL; ldns_rr_type type; ldns_rr_class clas; #if 0 @@ -157,7 +160,7 @@ main(int argc, char *argv[]) int_type = -1; serv = NULL; type = 0; int_clas = -1; name = NULL; clas = 0; - qname = NULL; + qname = NULL; src = NULL; progname = strdup(argv[0]); #ifdef USE_WINSOCK @@ -195,7 +198,7 @@ main(int argc, char *argv[]) /* global first, query opt next, option with parm's last * and sorted */ /* "46DITSVQf:i:w:q:achuvxzy:so:p:b:k:" */ - while ((c = getopt(argc, argv, "46ab:c:d:Df:hi:Ik:o:p:q:Qr:sStTuvV:w:xy:z")) != -1) { + while ((c = getopt(argc, argv, "46ab:c:d:Df:hi:I:k:o:p:q:Qr:sStTuvV:w:xy:z")) != -1) { switch(c) { /* global options */ case '4': @@ -208,7 +211,7 @@ main(int argc, char *argv[]) qdnssec = true; break; case 'I': - /* reserved for backward compatibility */ + src = optarg; break; case 'T': if (PURPOSE == DRILL_CHASE) { @@ -482,6 +485,14 @@ main(int argc, char *argv[]) } } + if (src) { + src_rdf = ldns_rdf_new_addr_frm_str(src); + if(!src_rdf) { + fprintf(stderr, "-I must be (or resolve) to a valid IP[v6] address.\n"); + exit(EXIT_FAILURE); + } + } + /* set the nameserver to use */ if (!serv) { /* no server given make a resolver from /etc/resolv.conf */ @@ -513,6 +524,7 @@ main(int argc, char *argv[]) ldns_resolver_set_ip6(cmdline_res, qfamily); ldns_resolver_set_fallback(cmdline_res, qfallback); ldns_resolver_set_usevc(cmdline_res, qusevc); + ldns_resolver_set_source(cmdline_res, src_rdf); cmdline_dname = ldns_dname_new_frm_str(serv); @@ -543,6 +555,7 @@ main(int argc, char *argv[]) } /* set the resolver options */ ldns_resolver_set_port(res, qport); + ldns_resolver_set_source(res, src_rdf); if (verbosity >= 5) { ldns_resolver_set_debug(res, true); } else { @@ -613,10 +626,17 @@ main(int argc, char *argv[]) ldns_resolver_set_dnssec_cd(res, true); /* set dnssec implies udp_size of 4096 */ ldns_resolver_set_edns_udp_size(res, 4096); - pkt = ldns_resolver_query(res, qname, type, clas, qflags); - + pkt = NULL; + status = ldns_resolver_query_status( + &pkt, res, qname, type, clas, qflags); + if (status != LDNS_STATUS_OK) { + error("error sending query: %s", + ldns_get_errorstr_by_id(status)); + } if (!pkt) { - error("%s", "error pkt sending"); + if (status == LDNS_STATUS_OK) { + error("%s", "error pkt sending"); + } result = EXIT_FAILURE; } else { if (verbosity >= 3) { @@ -742,9 +762,17 @@ main(int argc, char *argv[]) } /* create a packet and set the RD flag on it */ - pkt = ldns_resolver_query(res, qname, type, clas, qflags); + pkt = NULL; + status = ldns_resolver_query_status( + &pkt, res, qname, type, clas, qflags); + if (status != LDNS_STATUS_OK) { + error("error sending query: %s", + ldns_get_errorstr_by_id(status)); + } if (!pkt) { - error("%s", "pkt sending"); + if (status == LDNS_STATUS_OK) { + error("%s", "pkt sending"); + } result = EXIT_FAILURE; } else { if (verbosity != -1) { @@ -815,7 +843,15 @@ main(int argc, char *argv[]) goto exit; } else { /* create a packet and set the RD flag on it */ - pkt = ldns_resolver_query(res, qname, type, clas, qflags); + pkt = NULL; + status = ldns_resolver_query_status( + &pkt, res, qname, + type, clas, qflags); + if (status != LDNS_STATUS_OK) { + error("error sending query: %s" + , ldns_get_errorstr_by_id( + status)); + } } } @@ -926,6 +962,7 @@ main(int argc, char *argv[]) exit: ldns_rdf_deep_free(qname); + ldns_rdf_deep_free(src_rdf); ldns_resolver_deep_free(res); ldns_resolver_deep_free(cmdline_res); ldns_rr_list_deep_free(key_list); diff --git a/drill/drill_util.c b/drill/drill_util.c index db0433e77e1d..9cf90a50ff0a 100644 --- a/drill/drill_util.c +++ b/drill/drill_util.c @@ -17,10 +17,10 @@ static int read_line(FILE *input, char *line, size_t len) { int i; - - char c; + int c; + for (i = 0; i < (int)len-1; i++) { - c = (char)getc(input); + c = getc(input); if (c == EOF) { return -1; } else if (c != '\n') { diff --git a/drill/securetrace.c b/drill/securetrace.c index c6e7e588409a..5fc493a7275d 100644 --- a/drill/securetrace.c +++ b/drill/securetrace.c @@ -138,7 +138,7 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, size_t j; size_t k; size_t l; - uint8_t labels_count; + uint8_t labels_count = 0; /* dnssec */ ldns_rr_list *key_list; @@ -156,6 +156,9 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, /* empty non-terminal check */ bool ent; + ldns_rr *nsecrr; /* The nsec that proofs the non-terminal */ + ldns_rdf *hashed_name; /* The query hashed with nsec3 params */ + ldns_rdf *label0; /* The first label of an nsec3 owner name */ /* glue handling */ ldns_rr_list *new_ns_addr; @@ -220,6 +223,8 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, ldns_resolver_usevc(local_res)); ldns_resolver_set_random(res, ldns_resolver_random(local_res)); + ldns_resolver_set_source(res, + ldns_resolver_source(local_res)); ldns_resolver_set_recursive(local_res, true); ldns_resolver_set_recursive(res, false); @@ -380,8 +385,27 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, /* there might be an empty non-terminal, in which case we need to continue */ ent = false; for (j = 0; j < ldns_rr_list_rr_count(nsec_rrs); j++) { - if (ldns_dname_is_subdomain(ldns_rr_rdf(ldns_rr_list_rr(nsec_rrs, j), 0), labels[i])) { + nsecrr = ldns_rr_list_rr(nsec_rrs, j); + /* For NSEC when the next name is a subdomain of the question */ + if (ldns_rr_get_type(nsecrr) == LDNS_RR_TYPE_NSEC && + ldns_dname_is_subdomain(ldns_rr_rdf(nsecrr, 0), labels[i])) { ent = true; + + /* For NSEC3, the hash matches the name and the type bitmap is empty*/ + } else if (ldns_rr_get_type(nsecrr) == LDNS_RR_TYPE_NSEC3) { + hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsecrr, labels[i]); + label0 = ldns_dname_label(ldns_rr_owner(nsecrr), 0); + if (hashed_name && label0 && + ldns_dname_compare(hashed_name, label0) == 0 && + ldns_nsec3_bitmap(nsecrr) == NULL) { + ent = true; + } + if (label0) { + LDNS_FREE(label0); + } + if (hashed_name) { + LDNS_FREE(hashed_name); + } } } if (!ent) { diff --git a/drill/work.c b/drill/work.c index 653145fe522b..370d48b01b3e 100644 --- a/drill/work.c +++ b/drill/work.c @@ -235,6 +235,7 @@ dump_hex(const ldns_pkt *pkt, const char *filename) if (status != LDNS_STATUS_OK) { error("Unable to convert packet: error code %u", status); LDNS_FREE(wire); + fclose(fp); return; } |