1 /* update.c 2 * 3 * Functions for RFC 2136 Dynamic Update 4 * 5 * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. 6 * 7 * See LICENSE for the license. 8 */ 9 10 #include <ldns/config.h> 11 12 #include <ldns/ldns.h> 13 14 #include <strings.h> 15 #include <stdlib.h> 16 #include <limits.h> 17 18 /* 19 * RFC 2136 sections mapped to RFC 1035: 20 * zone/ZO -- QD/question 21 * prerequisites/PR -- AN/answers 22 * updates/UP -- NS/authority records 23 * additional data/AD -- AR/additional records 24 */ 25 26 ldns_pkt * 27 ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c, 28 const ldns_rr_list *pr_rrlist, const ldns_rr_list *up_rrlist, const ldns_rr_list *ad_rrlist) 29 { 30 ldns_pkt *p; 31 32 if (!zone_rdf || !up_rrlist) { 33 return NULL; 34 } 35 36 if (c == 0) { 37 c = LDNS_RR_CLASS_IN; 38 } 39 40 /* Create packet, fill in Zone Section. */ 41 p = ldns_pkt_query_new(zone_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); 42 if (!p) { 43 return NULL; 44 } 45 zone_rdf = NULL; /* No longer safe to use. */ 46 47 ldns_pkt_set_opcode(p, LDNS_PACKET_UPDATE); 48 49 ldns_rr_list_deep_free(p->_authority); 50 51 ldns_pkt_set_authority(p, ldns_rr_list_clone(up_rrlist)); 52 53 ldns_update_set_upcount(p, ldns_rr_list_rr_count(up_rrlist)); 54 55 if (pr_rrlist) { 56 ldns_rr_list_deep_free(p->_answer); /*XXX access function */ 57 ldns_pkt_set_answer(p, ldns_rr_list_clone(pr_rrlist)); 58 ldns_update_set_prcount(p, ldns_rr_list_rr_count(pr_rrlist)); 59 } 60 61 if (ad_rrlist) { 62 ldns_rr_list_deep_free(p->_additional); 63 ldns_pkt_set_additional(p, ldns_rr_list_clone(ad_rrlist)); 64 ldns_update_set_adcount(p, ldns_rr_list_rr_count(ad_rrlist)); 65 } 66 return p; 67 } 68 69 ldns_status 70 ldns_update_pkt_tsig_add(ldns_pkt *p, const ldns_resolver *r) 71 { 72 #ifdef HAVE_SSL 73 uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */ 74 if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) 75 return ldns_pkt_tsig_sign(p, ldns_resolver_tsig_keyname(r), 76 ldns_resolver_tsig_keydata(r), fudge, 77 ldns_resolver_tsig_algorithm(r), NULL); 78 #else 79 /* do nothing */ 80 (void)p; 81 (void)r; 82 #endif /* HAVE_SSL */ 83 /* No TSIG to do. */ 84 return LDNS_STATUS_OK; 85 } 86 87 /* Move to higher.c or similar? */ 88 /* XXX doc */ 89 ldns_status 90 ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, 91 ldns_rr_class c, ldns_rdf **mname) 92 { 93 ldns_rr *soa_rr; 94 ldns_pkt *query, *resp; 95 96 /* Nondestructive, so clone 'zone' here */ 97 query = ldns_pkt_query_new(ldns_rdf_clone(zone), LDNS_RR_TYPE_SOA, 98 c, LDNS_RD); 99 if (!query) { 100 return LDNS_STATUS_ERR; 101 } 102 103 ldns_pkt_set_random_id(query); 104 if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { 105 ldns_pkt_free(query); 106 return LDNS_STATUS_ERR; 107 } 108 ldns_pkt_free(query); 109 if (!resp) { 110 return LDNS_STATUS_ERR; 111 } 112 113 /* Expect a SOA answer. */ 114 *mname = NULL; 115 while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)))) { 116 if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA 117 || ldns_rr_rdf(soa_rr, 0) == NULL) 118 continue; 119 /* [RFC1035 3.3.13] */ 120 *mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); 121 break; 122 } 123 ldns_pkt_free(resp); 124 125 return *mname ? LDNS_STATUS_OK : LDNS_STATUS_ERR; 126 } 127 128 /* Try to get zone and MNAME from SOA queries. */ 129 ldns_status 130 ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, 131 ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf) 132 { 133 ldns_rr *soa_rr, *rr; 134 ldns_rdf *soa_zone = NULL, *soa_mname = NULL; 135 ldns_rdf *ipaddr, *fqdn_rdf, *tmp; 136 ldns_rdf **nslist; 137 ldns_pkt *query, *resp; 138 ldns_resolver *tmp_r; 139 size_t i; 140 141 /* 142 * XXX Ok, this cannot be the best way to find this...? 143 * XXX (I run into weird cache-related stuff here) 144 */ 145 146 /* Step 1 - first find a nameserver that should know *something* */ 147 fqdn_rdf = ldns_dname_new_frm_str(fqdn); 148 query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); 149 if (!query) { 150 return LDNS_STATUS_ERR; 151 } 152 fqdn_rdf = NULL; 153 154 ldns_pkt_set_random_id(query); 155 if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { 156 ldns_pkt_free(query); 157 return LDNS_STATUS_ERR; 158 } 159 ldns_pkt_free(query); 160 if (!resp) { 161 return LDNS_STATUS_ERR; 162 } 163 164 /* XXX Is it safe to only look in authority section here? */ 165 while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { 166 if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA 167 || ldns_rr_rdf(soa_rr, 0) == NULL) 168 continue; 169 /* [RFC1035 3.3.13] */ 170 soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); 171 break; 172 } 173 ldns_pkt_free(resp); 174 if (!soa_rr) { 175 return LDNS_STATUS_ERR; 176 } 177 178 /* Step 2 - find SOA MNAME IP address, add to resolver */ 179 query = ldns_pkt_query_new(soa_mname, LDNS_RR_TYPE_A, c, LDNS_RD); 180 if (!query) { 181 return LDNS_STATUS_ERR; 182 } 183 soa_mname = NULL; 184 185 ldns_pkt_set_random_id(query); 186 if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { 187 ldns_pkt_free(query); 188 return LDNS_STATUS_ERR; 189 } 190 ldns_pkt_free(query); 191 if (!resp) { 192 return LDNS_STATUS_ERR; 193 } 194 195 if (ldns_pkt_ancount(resp) == 0) { 196 ldns_pkt_free(resp); 197 return LDNS_STATUS_ERR; 198 } 199 200 /* XXX There may be more than one answer RR here. */ 201 rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)); 202 ipaddr = ldns_rr_rdf(rr, 0); 203 204 /* Put the SOA mname IP first in the nameserver list. */ 205 if (!(tmp_r = ldns_resolver_clone(r))) { 206 return LDNS_STATUS_MEM_ERR; 207 } 208 nslist = ldns_resolver_nameservers(tmp_r); 209 for (i = 0; i < ldns_resolver_nameserver_count(tmp_r); i++) { 210 if (ldns_rdf_compare(ipaddr, nslist[i]) == 0) { 211 if (i) { 212 tmp = nslist[0]; 213 nslist[0] = nslist[i]; 214 nslist[i] = tmp; 215 } 216 break; 217 } 218 } 219 if (i >= ldns_resolver_nameserver_count(tmp_r)) { 220 /* SOA mname was not part of the resolver so add it first. */ 221 (void) ldns_resolver_push_nameserver(tmp_r, ipaddr); 222 nslist = ldns_resolver_nameservers(tmp_r); 223 i = ldns_resolver_nameserver_count(tmp_r) - 1; 224 tmp = nslist[0]; 225 nslist[0] = nslist[i]; 226 nslist[i] = tmp; 227 } 228 ldns_pkt_free(resp); 229 230 /* Make sure to ask the first in the list, i.e SOA mname */ 231 ldns_resolver_set_random(tmp_r, false); 232 233 /* Step 3 - Redo SOA query, sending to SOA MNAME directly. */ 234 fqdn_rdf = ldns_dname_new_frm_str(fqdn); 235 query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); 236 if (!query) { 237 ldns_resolver_free(tmp_r); 238 return LDNS_STATUS_ERR; 239 } 240 fqdn_rdf = NULL; 241 242 ldns_pkt_set_random_id(query); 243 if (ldns_resolver_send_pkt(&resp, tmp_r, query) != LDNS_STATUS_OK) { 244 ldns_pkt_free(query); 245 ldns_resolver_free(tmp_r); 246 return LDNS_STATUS_ERR; 247 } 248 ldns_resolver_free(tmp_r); 249 ldns_pkt_free(query); 250 if (!resp) { 251 return LDNS_STATUS_ERR; 252 } 253 254 /* XXX Is it safe to only look in authority section here, too? */ 255 while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { 256 if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA 257 || ldns_rr_rdf(soa_rr, 0) == NULL) 258 continue; 259 /* [RFC1035 3.3.13] */ 260 soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); 261 soa_zone = ldns_rdf_clone(ldns_rr_owner(soa_rr)); 262 break; 263 } 264 ldns_pkt_free(resp); 265 if (!soa_rr) { 266 return LDNS_STATUS_ERR; 267 } 268 269 /* That seems to have worked, pass results to caller. */ 270 *zone_rdf = soa_zone; 271 *mname_rdf = soa_mname; 272 return LDNS_STATUS_OK; 273 } 274 275 /* 276 * ldns_update_{get,set}_{zo,pr,up,ad}count 277 */ 278 279 uint16_t 280 ldns_update_zocount(const ldns_pkt *p) 281 { 282 return ldns_pkt_qdcount(p); 283 } 284 285 uint16_t 286 ldns_update_prcount(const ldns_pkt *p) 287 { 288 return ldns_pkt_ancount(p); 289 } 290 291 uint16_t 292 ldns_update_upcount(const ldns_pkt *p) 293 { 294 return ldns_pkt_nscount(p); 295 } 296 297 uint16_t 298 ldns_update_ad(const ldns_pkt *p) 299 { 300 return ldns_pkt_arcount(p); 301 } 302 303 void 304 ldns_update_set_zo(ldns_pkt *p, uint16_t v) 305 { 306 ldns_pkt_set_qdcount(p, v); 307 } 308 309 void 310 ldns_update_set_prcount(ldns_pkt *p, uint16_t v) 311 { 312 ldns_pkt_set_ancount(p, v); 313 } 314 315 void 316 ldns_update_set_upcount(ldns_pkt *p, uint16_t v) 317 { 318 ldns_pkt_set_nscount(p, v); 319 } 320 321 void 322 ldns_update_set_adcount(ldns_pkt *p, uint16_t v) 323 { 324 ldns_pkt_set_arcount(p, v); 325 } 326