xref: /freebsd/contrib/unbound/smallapp/unbound-host.c (revision 3823d5e198425b4f5e5a80267d195769d1063773)
1 /*
2  * checkconf/unbound-host.c - replacement for host that supports validation.
3  *
4  * Copyright (c) 2007, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * This file performs functionality like 'host', and also supports validation.
40  * It uses the libunbound library.
41  */
42 
43 #include "config.h"
44 #ifdef HAVE_GETOPT_H
45 #include <getopt.h>
46 #endif
47 /* remove alloc checks, not in this part of the code */
48 #ifdef UNBOUND_ALLOC_STATS
49 #undef malloc
50 #undef calloc
51 #undef free
52 #undef realloc
53 #endif
54 #ifdef UNBOUND_ALLOC_LITE
55 #undef malloc
56 #undef calloc
57 #undef free
58 #undef realloc
59 #undef strdup
60 #define unbound_lite_wrapstr(s) s
61 #endif
62 #include "libunbound/unbound.h"
63 #include "ldns/rrdef.h"
64 #include "ldns/wire2str.h"
65 #ifdef HAVE_NSS
66 /* nss3 */
67 #include "nss.h"
68 #endif
69 
70 /** verbosity for unbound-host app */
71 static int verb = 0;
72 
73 /** Give unbound-host usage, and exit (1). */
74 static void
75 usage()
76 {
77 	printf("Usage:	unbound-host [-vdhr46] [-c class] [-t type] hostname\n");
78 	printf("                     [-y key] [-f keyfile] [-F namedkeyfile]\n");
79 	printf("                     [-C configfile]\n");
80 	printf("  Queries the DNS for information.\n");
81 	printf("  The hostname is looked up for IP4, IP6 and mail.\n");
82 	printf("  If an ip-address is given a reverse lookup is done.\n");
83 	printf("  Use the -v option to see DNSSEC security information.\n");
84 	printf("    -t type		what type to look for.\n");
85 	printf("    -c class		what class to look for, if not class IN.\n");
86 	printf("    -y 'keystring'	specify trust anchor, DS or DNSKEY, like\n");
87 	printf("			-y 'example.com DS 31560 5 1 1CFED8478...'\n");
88 	printf("    -f keyfile		read trust anchors from file, with lines as -y.\n");
89 	printf("    -F keyfile		read named.conf-style trust anchors.\n");
90 	printf("    -C config		use the specified unbound.conf (none read by default)\n");
91 	printf("    -r			read forwarder information from /etc/resolv.conf\n");
92 	printf("      			breaks validation if the fwder does not do DNSSEC.\n");
93 	printf("    -v			be more verbose, shows nodata and security.\n");
94 	printf("    -d			debug, traces the action, -d -d shows more.\n");
95 	printf("    -4			use ipv4 network, avoid ipv6.\n");
96 	printf("    -6			use ipv6 network, avoid ipv4.\n");
97 	printf("    -h			show this usage help.\n");
98 	printf("Version %s\n", PACKAGE_VERSION);
99 	printf("BSD licensed, see LICENSE in source package for details.\n");
100 	printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
101 	exit(1);
102 }
103 
104 /** determine if str is ip4 and put into reverse lookup format */
105 static int
106 isip4(const char* nm, char** res)
107 {
108 	struct in_addr addr;
109 	/* ddd.ddd.ddd.ddd.in-addr.arpa. is less than 32 */
110 	char buf[32];
111 	if(inet_pton(AF_INET, nm, &addr) <= 0) {
112 		return 0;
113 	}
114 	snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa",
115 		(unsigned)((uint8_t*)&addr)[3], (unsigned)((uint8_t*)&addr)[2],
116 		(unsigned)((uint8_t*)&addr)[1], (unsigned)((uint8_t*)&addr)[0]);
117 	*res = strdup(buf);
118 	return 1;
119 }
120 
121 /** determine if str is ip6 and put into reverse lookup format */
122 static int
123 isip6(const char* nm, char** res)
124 {
125 	struct in6_addr addr;
126 	/* [nibble.]{32}.ip6.arpa. is less than 128 */
127 	const char* hex = "0123456789abcdef";
128 	char buf[128];
129 	char *p;
130 	int i;
131 	if(inet_pton(AF_INET6, nm, &addr) <= 0) {
132 		return 0;
133 	}
134 	p = buf;
135 	for(i=15; i>=0; i--) {
136 		uint8_t b = ((uint8_t*)&addr)[i];
137 		*p++ = hex[ (b&0x0f) ];
138 		*p++ = '.';
139 		*p++ = hex[ (b&0xf0) >> 4 ];
140 		*p++ = '.';
141 	}
142 	snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa");
143 	*res = strdup(buf);
144 	if(!*res) {
145 		fprintf(stderr, "error: out of memory\n");
146 		exit(1);
147 	}
148 	return 1;
149 }
150 
151 /** massage input name */
152 static char*
153 massage_qname(const char* nm, int* reverse)
154 {
155 	/* recognise IP4 and IP6, create reverse addresses if needed */
156 	char* res;
157 	if(isip4(nm, &res)) {
158 		*reverse = 1;
159 	} else if(isip6(nm, &res)) {
160 		*reverse = 1;
161 	} else {
162 		res = strdup(nm);
163 	}
164 	if(!res) {
165 		fprintf(stderr, "error: out of memory\n");
166 		exit(1);
167 	}
168 	return res;
169 }
170 
171 /** massage input type */
172 static int
173 massage_type(const char* t, int reverse, int* multi)
174 {
175 	if(t) {
176 		int r = sldns_get_rr_type_by_name(t);
177 		if(r == 0 && strcasecmp(t, "TYPE0") != 0 &&
178 			strcmp(t, "") != 0) {
179 			fprintf(stderr, "error unknown type %s\n", t);
180 			exit(1);
181 		}
182 		return r;
183 	}
184 	if(!t && reverse)
185 		return LDNS_RR_TYPE_PTR;
186 	*multi = 1;
187 	return LDNS_RR_TYPE_A;
188 }
189 
190 /** massage input class */
191 static int
192 massage_class(const char* c)
193 {
194 	if(c) {
195 		int r = sldns_get_rr_class_by_name(c);
196 		if(r == 0 && strcasecmp(c, "CLASS0") != 0 &&
197 			strcmp(c, "") != 0) {
198 			fprintf(stderr, "error unknown class %s\n", c);
199 			exit(1);
200 		}
201 		return r;
202 	}
203 	return LDNS_RR_CLASS_IN;
204 }
205 
206 /** nice security status string */
207 static const char*
208 secure_str(struct ub_result* result)
209 {
210 	if(result->secure) return "(secure)";
211 	if(result->bogus) return "(BOGUS (security failure))";
212 	return "(insecure)";
213 }
214 
215 /** nice string for type */
216 static void
217 pretty_type(char* s, size_t len, int t)
218 {
219 	char d[16];
220 	sldns_wire2str_type_buf((uint16_t)t, d, sizeof(d));
221 	snprintf(s, len, "%s", d);
222 }
223 
224 /** nice string for class */
225 static void
226 pretty_class(char* s, size_t len, int c)
227 {
228 	char d[16];
229 	sldns_wire2str_class_buf((uint16_t)c, d, sizeof(d));
230 	snprintf(s, len, "%s", d);
231 }
232 
233 /** nice string for rcode */
234 static void
235 pretty_rcode(char* s, size_t len, int r)
236 {
237 	char d[16];
238 	sldns_wire2str_rcode_buf(r, d, sizeof(d));
239 	snprintf(s, len, "%s", d);
240 }
241 
242 /** convert and print rdata */
243 static void
244 print_rd(int t, char* data, size_t len)
245 {
246 	char s[65535];
247 	sldns_wire2str_rdata_buf((uint8_t*)data, len, s, sizeof(s), (uint16_t)t);
248 	printf(" %s", s);
249 }
250 
251 /** pretty line of RR data for results */
252 static void
253 pretty_rdata(char* q, char* cstr, char* tstr, int t, const char* sec,
254 	char* data, size_t len)
255 {
256 	printf("%s", q);
257 	if(strcmp(cstr, "IN") != 0)
258 		printf(" in class %s", cstr);
259 	if(t == LDNS_RR_TYPE_A)
260 		printf(" has address");
261 	else if(t == LDNS_RR_TYPE_AAAA)
262 		printf(" has IPv6 address");
263 	else if(t == LDNS_RR_TYPE_MX)
264 		printf(" mail is handled by");
265 	else if(t == LDNS_RR_TYPE_PTR)
266 		printf(" domain name pointer");
267 	else	printf(" has %s record", tstr);
268 	print_rd(t, data, len);
269 	if(verb > 0)
270 		printf(" %s", sec);
271 	printf("\n");
272 }
273 
274 /** pretty line of output for results */
275 static void
276 pretty_output(char* q, int t, int c, struct ub_result* result, int docname)
277 {
278 	int i;
279 	const char *secstatus = secure_str(result);
280 	char tstr[16];
281 	char cstr[16];
282 	char rcodestr[16];
283 	pretty_type(tstr, 16, t);
284 	pretty_class(cstr, 16, c);
285 	pretty_rcode(rcodestr, 16, result->rcode);
286 
287 	if(!result->havedata && result->rcode) {
288 		printf("Host %s not found: %d(%s).",
289 			q, result->rcode, rcodestr);
290 		if(verb > 0)
291 			printf(" %s", secstatus);
292 		printf("\n");
293 		if(result->bogus && result->why_bogus)
294 			printf("%s\n", result->why_bogus);
295 		return;
296 	}
297 	if(docname && result->canonname &&
298 		result->canonname != result->qname) {
299 		printf("%s is an alias for %s", result->qname,
300 			result->canonname);
301 		if(verb > 0)
302 			printf(" %s", secstatus);
303 		printf("\n");
304 	}
305 	/* remove trailing . from long canonnames for nicer output */
306 	if(result->canonname && strlen(result->canonname) > 1 &&
307 		result->canonname[strlen(result->canonname)-1] == '.')
308 		result->canonname[strlen(result->canonname)-1] = 0;
309 	if(!result->havedata) {
310 		if(verb > 0) {
311 			printf("%s", result->canonname?result->canonname:q);
312 			if(strcmp(cstr, "IN") != 0)
313 				printf(" in class %s", cstr);
314 			if(t == LDNS_RR_TYPE_A)
315 				printf(" has no address");
316 			else if(t == LDNS_RR_TYPE_AAAA)
317 				printf(" has no IPv6 address");
318 			else if(t == LDNS_RR_TYPE_PTR)
319 				printf(" has no domain name ptr");
320 			else if(t == LDNS_RR_TYPE_MX)
321 				printf(" has no mail handler record");
322 			else if(t == LDNS_RR_TYPE_ANY) {
323 				char* s = sldns_wire2str_pkt(
324 					result->answer_packet,
325 					(size_t)result->answer_len);
326 				if(!s) {
327 					fprintf(stderr, "alloc failure\n");
328 					exit(1);
329 				}
330 				printf("%s\n", s);
331 			} else	printf(" has no %s record", tstr);
332 			printf(" %s\n", secstatus);
333 		}
334 		/* else: emptiness to indicate no data */
335 		if(result->bogus && result->why_bogus)
336 			printf("%s\n", result->why_bogus);
337 		return;
338 	}
339 	i=0;
340 	while(result->data[i])
341 	{
342 		pretty_rdata(
343 			result->canonname?result->canonname:q,
344 			cstr, tstr, t, secstatus, result->data[i],
345 			(size_t)result->len[i]);
346 		i++;
347 	}
348 	if(result->bogus && result->why_bogus)
349 		printf("%s\n", result->why_bogus);
350 }
351 
352 /** perform a lookup and printout return if domain existed */
353 static int
354 dnslook(struct ub_ctx* ctx, char* q, int t, int c, int docname)
355 {
356 	int ret;
357 	struct ub_result* result;
358 
359 	ret = ub_resolve(ctx, q, t, c, &result);
360 	if(ret != 0) {
361 		fprintf(stderr, "resolve error: %s\n", ub_strerror(ret));
362 		exit(1);
363 	}
364 	pretty_output(q, t, c, result, docname);
365 	ret = result->nxdomain;
366 	ub_resolve_free(result);
367 	return ret;
368 }
369 
370 /** perform host lookup */
371 static void
372 lookup(struct ub_ctx* ctx, const char* nm, const char* qt, const char* qc)
373 {
374 	/* massage input into a query name, type and class */
375 	int multi = 0;	 /* no type, so do A, AAAA, MX */
376 	int reverse = 0; /* we are doing a reverse lookup */
377 	char* realq = massage_qname(nm, &reverse);
378 	int t = massage_type(qt, reverse, &multi);
379 	int c = massage_class(qc);
380 
381 	/* perform the query */
382 	if(multi) {
383 		if(!dnslook(ctx, realq, LDNS_RR_TYPE_A, c, 1)) {
384 			/* domain exists, lookup more */
385 			(void)dnslook(ctx, realq, LDNS_RR_TYPE_AAAA, c, 0);
386 			(void)dnslook(ctx, realq, LDNS_RR_TYPE_MX, c, 0);
387 		}
388 	} else {
389 		(void)dnslook(ctx, realq, t, c, 1);
390 	}
391 	ub_ctx_delete(ctx);
392 	free(realq);
393 }
394 
395 /** print error if any */
396 static void
397 check_ub_res(int r)
398 {
399 	if(r != 0) {
400 		fprintf(stderr, "error: %s\n", ub_strerror(r));
401 		exit(1);
402 	}
403 }
404 
405 /** getopt global, in case header files fail to declare it. */
406 extern int optind;
407 /** getopt global, in case header files fail to declare it. */
408 extern char* optarg;
409 
410 /** Main routine for checkconf */
411 int main(int argc, char* argv[])
412 {
413 	int c;
414 	char* qclass = NULL;
415 	char* qtype = NULL;
416 	struct ub_ctx* ctx = NULL;
417 	int debuglevel = 0;
418 
419 	ctx = ub_ctx_create();
420 	if(!ctx) {
421 		fprintf(stderr, "error: out of memory\n");
422 		exit(1);
423 	}
424 
425 	/* parse the options */
426 	while( (c=getopt(argc, argv, "46F:c:df:hrt:vy:C:")) != -1) {
427 		switch(c) {
428 		case '4':
429 			check_ub_res(ub_ctx_set_option(ctx, "do-ip6:", "no"));
430 			break;
431 		case '6':
432 			check_ub_res(ub_ctx_set_option(ctx, "do-ip4:", "no"));
433 			break;
434 		case 'c':
435 			qclass = optarg;
436 			break;
437 		case 'C':
438 			check_ub_res(ub_ctx_config(ctx, optarg));
439 			break;
440 		case 'd':
441 			debuglevel++;
442 			if(debuglevel < 2)
443 				debuglevel = 2; /* at least VERB_DETAIL */
444 			break;
445 		case 'r':
446 			check_ub_res(ub_ctx_resolvconf(ctx, "/etc/resolv.conf"));
447 			break;
448 		case 't':
449 			qtype = optarg;
450 			break;
451 		case 'v':
452 			verb++;
453 			break;
454 		case 'y':
455 			check_ub_res(ub_ctx_add_ta(ctx, optarg));
456 			break;
457 		case 'f':
458 			check_ub_res(ub_ctx_add_ta_file(ctx, optarg));
459 			break;
460 		case 'F':
461 			check_ub_res(ub_ctx_trustedkeys(ctx, optarg));
462 			break;
463 		case '?':
464 		case 'h':
465 		default:
466 			usage();
467 		}
468 	}
469 	if(debuglevel != 0) /* set after possible -C options */
470 		check_ub_res(ub_ctx_debuglevel(ctx, debuglevel));
471 	if(ub_ctx_get_option(ctx, "use-syslog", &optarg) == 0) {
472 		if(strcmp(optarg, "yes") == 0) /* disable use-syslog */
473 			check_ub_res(ub_ctx_set_option(ctx,
474 				"use-syslog:", "no"));
475 		free(optarg);
476 	}
477 	argc -= optind;
478 	argv += optind;
479 	if(argc != 1)
480 		usage();
481 
482 #ifdef HAVE_NSS
483         if(NSS_NoDB_Init(".") != SECSuccess) {
484 		fprintf(stderr, "could not init NSS\n");
485 		return 1;
486 	}
487 #endif
488 	lookup(ctx, argv[0], qtype, qclass);
489 	return 0;
490 }
491