diff --git a/Dockerfile.backend b/Dockerfile.backend index 21849af..49cf313 100644 --- a/Dockerfile.backend +++ b/Dockerfile.backend @@ -7,8 +7,11 @@ FROM alpine:3.22 AS ldns-build RUN apk add --no-cache \ + autoconf \ + automake \ build-base \ libidn2-dev \ + libtool \ make \ openssl-dev \ perl-app-cpanminus \ diff --git a/zonemaster-ldns/ldns/.github/FUNDING.yml b/zonemaster-ldns/ldns/.github/FUNDING.yml new file mode 100644 index 0000000..2a357c0 --- /dev/null +++ b/zonemaster-ldns/ldns/.github/FUNDING.yml @@ -0,0 +1,2 @@ +github: [NLnetLabs] +custom: ['https://nlnetlabs.nl/funding/'] diff --git a/zonemaster-ldns/ldns/.github/workflows/testsuite.yml b/zonemaster-ldns/ldns/.github/workflows/testsuite.yml new file mode 100644 index 0000000..1a25e6d --- /dev/null +++ b/zonemaster-ldns/ldns/.github/workflows/testsuite.yml @@ -0,0 +1,137 @@ +on: + push: + branches: + - '*' + tags-ignore: + - '*' + pull_request: + +jobs: + linux: + name: Linux (Ubuntu) + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@main + with: + submodules: recursive + - run: libtoolize -vci + - run: autoreconf -vfi + - run: ./configure + env: + CFLAGS: -g2 -O0 -fsanitize=address,undefined -fno-sanitize-recover + - run: make test + + mac: + name: macOS + + runs-on: macos-latest + + steps: + - run: brew install automake libtool + - uses: actions/checkout@main + with: + submodules: recursive + - run: glibtoolize -vci + - run: autoreconf -vfi + + # macOS’s system OpenSSL (LibreSSL, actually) isn’t meant for linking, + # and Homebrew’s# OpenSSL isn’t CI-friendly. So build without OpenSSL. + - run: ./configure --without-ssl --disable-sha2 --disable-gost --disable-ecdsa --disable-dane + env: + CFLAGS: -g2 -O0 -fsanitize=address,undefined -fno-sanitize-recover + - run: make test + + # Pending https://github.com/NLnetLabs/ldns/issues/197, + # only builds succeed here. + cygwin: + name: Cygwin + + runs-on: windows-latest + + steps: + - name: Make git ignore line breaks + run: git config --global core.autocrlf false + - name: Set up Cygwin + uses: cygwin/cygwin-install-action@master + with: + packages: make gcc-g++ bash libtool automake autoconf libssl-devel bind-utils + - uses: actions/checkout@main + with: + submodules: recursive + - shell: C:\cygwin\bin\bash.exe --login --norc -eo pipefail -o igncr '{0}' + name: Build + run: | + cd $GITHUB_WORKSPACE + libtoolize -vci + autoreconf -vfi + ./configure + make + + qemu-alpine: + name: Linux (Alpine, ${{ matrix.platform }}) + + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + platform: + - i386 + - arm32v6 + - arm32v7 + - arm64v8 + - s390x + + steps: + - uses: actions/checkout@main + with: + submodules: recursive + - name: Get the qemu container + run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - name: "${{ matrix.platform }}: Build and test" + run: docker run --rm --interactive --mount type=bind,source=$(pwd),target=/host ${{ matrix.platform }}/alpine sh -c "apk add make gcc libc-dev libtool automake autoconf openssl-dev m4 indent bash bind-tools && cd /host && libtoolize -vci && autoreconf -vfi && ./configure && make test" + + +# BSDs: +# name: ${{ matrix.os.dispname }} ${{ matrix.os.version }} +# +# runs-on: macos-latest +# +# strategy: +# fail-fast: false +# matrix: +# os: +# - name: freebsd +# dispname: FreeBSD +# version: '13.0' +# pkginstall: pkg install -y libtool automake bind-tools gmake gindent +# env: +# configure_args: +# +# # OpenBSD seems to require explicit auto* versions. +# - name: openbsd +# dispname: OpenBSD +# version: '7.1' +# pkginstall: pkg_add -v libtool gmake gindent automake-1.16.3 autoconf-2.71 +# env: AUTOCONF_VERSION=2.71 AUTOMAKE_VERSION=1.16 +# configure_args: --disable-dane-verify +# +# steps: +# - uses: actions/checkout@main +# with: +# submodules: recursive +# - name: Build and test on ${{ matrix.os.name }} +# uses: cross-platform-actions/action@master +# with: +# operating_system: ${{ matrix.os.name }} +# version: ${{ matrix.os.version }} +# shell: bash +# run: | +# export DUMMY12345=1 ${{ matrix.os.env }} +# sudo ${{ matrix.os.pkginstall }} || ${{ matrix.os.pkginstall }} +# libtoolize -vci +# autoreconf -vfi +# ./configure ${{ matrix.os.configure_args }} +# gmake test diff --git a/zonemaster-ldns/ldns/.gitignore b/zonemaster-ldns/ldns/.gitignore new file mode 100644 index 0000000..7ab36ac --- /dev/null +++ b/zonemaster-ldns/ldns/.gitignore @@ -0,0 +1,214 @@ +/.libs/ +.*.swp +*~ +\#*\# +/_ldns.la +/Makefile +/aclocal.m4 +/autom4te.cache/ +/buffer.lo +/buffer.o +/compat/.libs/ +/compat/b64_ntop.lo +/compat/b64_ntop.o +/compat/b64_pton.lo +/compat/b64_pton.o +/compat/strlcpy.o +/compat/strlcpy.lo +/compat/timegm.o +/compat/timegm.lo +/compile +/config.guess +/config.h +/config.log +/config.status +/config.sub +/configure +/contrib/python/ldns.py +/contrib/python/ldns_wrapper.c +/dane.lo +/dane.o +/dname.lo +/dname.o +/dnssec.lo +/dnssec.o +/dnssec_sign.lo +/dnssec_sign.o +/dnssec_verify.lo +/dnssec_verify.o +/dnssec_zone.lo +/dnssec_zone.o +/doc/ldns_manpages +/doc/man/ +/drill/.libs/ +/drill/chasetrace.lo +/drill/chasetrace.o +/drill/dnssec.lo +/drill/dnssec.o +/drill/drill +/drill/drill.1 +/drill/drill.lo +/drill/drill.o +/drill/drill_util.lo +/drill/drill_util.o +/drill/error.lo +/drill/error.o +/drill/root.lo +/drill/root.o +/drill/securetrace.lo +/drill/securetrace.o +/drill/work.lo +/drill/work.o +/duration.lo +/duration.o +/error.lo +/error.o +/edns.lo +/edns.o +/examples/.libs/ +/examples/ldns-chaos +/examples/ldns-chaos.lo +/examples/ldns-chaos.o +/examples/ldns-compare-zones +/examples/ldns-compare-zones.lo +/examples/ldns-compare-zones.o +/examples/ldns-dane +/examples/ldns-dane.1 +/examples/ldns-dane.lo +/examples/ldns-dane.o +/examples/ldns-dpa +/examples/ldns-dpa.lo +/examples/ldns-dpa.o +/examples/ldns-gen-zone +/examples/ldns-gen-zone.lo +/examples/ldns-gen-zone.o +/examples/ldns-key2ds +/examples/ldns-key2ds.lo +/examples/ldns-key2ds.o +/examples/ldns-keyfetcher +/examples/ldns-keyfetcher.lo +/examples/ldns-keyfetcher.o +/examples/ldns-keygen +/examples/ldns-keygen.lo +/examples/ldns-keygen.o +/examples/ldns-mx +/examples/ldns-mx.lo +/examples/ldns-mx.o +/examples/ldns-notify +/examples/ldns-notify.lo +/examples/ldns-notify.o +/examples/ldns-nsec3-hash +/examples/ldns-nsec3-hash.lo +/examples/ldns-nsec3-hash.o +/examples/ldns-read-zone +/examples/ldns-read-zone.lo +/examples/ldns-read-zone.o +/examples/ldns-resolver +/examples/ldns-resolver.lo +/examples/ldns-resolver.o +/examples/ldns-revoke +/examples/ldns-revoke.lo +/examples/ldns-revoke.o +/examples/ldns-rrsig +/examples/ldns-rrsig.lo +/examples/ldns-rrsig.o +/examples/ldns-signzone +/examples/ldns-signzone.lo +/examples/ldns-signzone.o +/examples/ldns-test-edns +/examples/ldns-test-edns.lo +/examples/ldns-test-edns.o +/examples/ldns-testns +/examples/ldns-testns.lo +/examples/ldns-testns.o +/examples/ldns-testpkts.lo +/examples/ldns-testpkts.o +/examples/ldns-update +/examples/ldns-update.lo +/examples/ldns-update.o +/examples/ldns-verify-zone +/examples/ldns-verify-zone.1 +/examples/ldns-verify-zone.lo +/examples/ldns-verify-zone.o +/examples/ldns-version +/examples/ldns-version.lo +/examples/ldns-version.o +/examples/ldns-walk +/examples/ldns-walk.lo +/examples/ldns-walk.o +/examples/ldns-zcat +/examples/ldns-zcat.lo +/examples/ldns-zcat.o +/examples/ldns-zsplit +/examples/ldns-zsplit.lo +/examples/ldns-zsplit.o +/examples/ldnsd +/examples/ldnsd.lo +/examples/ldnsd.o +/higher.lo +/higher.o +/host2str.lo +/host2str.o +/host2wire.lo +/host2wire.o +/include/ +/install-sh +/keys.lo +/keys.o +/ldns/common.h +/ldns/config.h +/ldns/config.h.in +/ldns/net.h +/ldns/stamp-h1 +/ldns/util.h +/ldns_wrapper.lo +/ldns_wrapper.o +/lib +/libdns.doxygen +/libldns.la +/libtool +/linktest +/linktest.lo +/linktest.o +/ltmain.sh +/m4/lt*.m4 +/m4/libtool.m4 +/missing +/net.lo +/net.o +/packaging/ldns-config +/packaging/libldns.pc +/packet.lo +/packet.o +/parse.lo +/parse.o +/radix.lo +/radix.o +/rbtree.lo +/rbtree.o +/rdata.lo +/rdata.o +/resolver.lo +/resolver.o +/rr.lo +/rr.o +/rr_functions.lo +/rr_functions.o +/sha1.lo +/sha1.o +/sha2.lo +/sha2.o +/str2host.lo +/str2host.o +/test/.done-* +/test/result.* +/tsig.lo +/tsig.o +/update.lo +/update.o +/util.lo +/util.o +/wire2host.lo +/wire2host.o +/zone.lo +/zone.o diff --git a/zonemaster-ldns/ldns/.gitmodules b/zonemaster-ldns/ldns/.gitmodules new file mode 100644 index 0000000..76c8089 --- /dev/null +++ b/zonemaster-ldns/ldns/.gitmodules @@ -0,0 +1,6 @@ +[submodule "contrib/DNS-LDNS"] + path = contrib/DNS-LDNS + url = https://github.com/erikoest/DNS-LDNS +[submodule "test/tpkg"] + path = test/tpkg + url = https://github.com/NLnetLabs/tpkg.git diff --git a/zonemaster-ldns/ldns/Changelog b/zonemaster-ldns/ldns/Changelog new file mode 100644 index 0000000..c7f3676 --- /dev/null +++ b/zonemaster-ldns/ldns/Changelog @@ -0,0 +1,1129 @@ +1.8.4 2024-07-19 + * Fix building documentation in build directory. + Thanks Michael Tokarev + * Updated the configure script for split openssl directories. + * Fix for windows compile; asctime_r compat, search for inet_ntop + in ws2_32, avoid double decl of inet_ntop, check for symlink call, + include config.h in edns.c, have socket compare use correct + signedness, add -u repo option to makewin.sh, fix quoting in + makewin.sh and check return value of bind and connect in net.c + for failure instead of a socket type. And fix to install .exe files. + * Fix to compile with OpenSSL 3.2. Update acx_nlnetlabs.m4 to 48. + * Fix to compile DLLs, and pick out of the lib64 dir, and include + libssp-0.dll and ldns-config. + * bugfix #237: Resolver uses nameserver commented out in + /etc/resolv.conf. Thanks grembo. + * Added RESINFO rrtype. + * Added WALLET rrtype. + * PR #241: Fix coverity cited problems. Thanks Enji Cooper. + * PR #233: Several Python SWIG issues. Thanks Florian Weimer. + * PR #231: const ldns_rdf * typemap fixes to support swig-4.2.0 + Thanks William S Fulton + * PR #227: keys.c: fix build with libressl >= 3.8.1 + Thanks Fabrice Fontaine + * PR #224: Portable executable progs don't underlink to libldns + Thanks Ørjan Malde + * PR #216: Update declaration for function with no argument + Thanks Ed Maste + * PR #214: fix the build in FreeBSD's base system + Thanks Pierre Pronchery and Dag-Erling Smørgrav + * PR #206: improve 'next-label' algorithm in ldns-walk + Thanks Jelte Jansen + * PR #205: Add functions to extract RFC 8914 extended errors + Thanks Roland van Rijswijk-Deij + * PR #203: Expand CI: Cygwin, BSDs, musl libc, 32-bit, and big-endian + Thanks Felipe Gasper + * PR #191: 16-unit-tests-edns: Fix leak & warnings + Thanks Felipe Gasper + * Added NXNAME rrtype. + * PR #242: Openssl no engine improved support #242 + Thanks Petr Menšík + +1.8.3 2022-08-15 + * bugfix #183: Assertion failure with OPT record without rdata. + This caused packet creation with only a DO bit (for DNSSEC OK) + to crash. Thanks Anand Buddhdev and others for reporting this + so quickly. + * Fix for syntax error in pyldns + +1.8.2 2022-08-12 + * bugfix #147: Allow for tabs in whitespace before quoted rdata + fields. Thanks Felipe Gasper + * bugfix #149: Add some missing [out] annotations to doxygen + parameters. Thanks aldot. + * Fix build error on Solaris 10 with inet_ntop redeclaration error. + * Fix -U flag with ldns-signzone. Thanks Ulrich and Jonathan + * Enable compile of SVCB and HTTPS support by default. + * bugfix #179: Free line memory even if zone file parsing fails + Thanks Claudius Zingerli + * bugfix #166: Grow buffer when writing chars and fixed size + strings when converting to presentation format, preventing + potential assersion errors. + * bugfix #46: Print network errors when secure tracing. + Thanks reedjc + * EDNS0 Option handling and conversion into presentation format. + * bugfix #145: ldns-verify-zone should not call occluded records + glue. Thanks Habbie + +1.8.1 2021-12-03 + * bugfix #146: ldns-1.7.1 had soname 3.0, so ldns-1.8.x soname + needs to larger. Thanks Leah Neukirchen & Felipe Gasper + * Undo PR#123 fix ldns.pc installation when building out-of-source + Thanks Axel Xu + +1.8.0 2021-11-26 + * bugfix #38: Print "line" before line number when printing + zone parse errors. Thanks Petr Špaček. + * bugfix: Revert unused variables in ldns-config removal patch. + * bugfix #50: heap Out-of-bound Read vulnerability in + rr_frm_str_internal reported by pokerfacett. + * bugfix #51: Heap Out-of-bound Read vulnerability in + ldns_nsec3_salt_data reported by pokerfacett. + * Fix memory leak in examples/ldns-testns handle_tcp routine. + * Detect fixed time memory compare for openssl 0.9.8. + * Fix compile warning by variable initialisation for older gcc. + * Fix #92: ldns-testns.c:429:15: error: 'fork' is unavailable: not + available on tvOS. + * Fix for #93: fix packaging/libldns.pc Makefile rule. + * ZONEMD support in ldns-signzone and ldns-verify-zone + * ldns-testns can answer several queries over one tcp connection, + if they arrive within 100msec of each other. + * Fix so that ldns-testns does not leak sockets if the read fails. + * SVCB and HTTPS draft rrtypes. + Enable with --enable-rrtype-svcb-https. + * bugfix #117: Assertion failure with DNSSEC validating of + non existence of RR types at the root. Thanks ZjYwMj + * Set NSEC(3) ttls to the minimum of the MINIMUM field of the SOA + record and the TTL of the SOA itself. draft-ietf-dnsop-nsec-ttl + * bugfix #119: Let example tools read longer RR's than + LDNS_MAX_LINELEN + * Add SVCPARAMS to python ldns_rdf_type2str function. + * PR #134 Miscellaneous spelling fixes. Thanks jsoref! + * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l properly return + the $INCLUDE not implemented error. + * Fix that ldns-read-zone and ldns_zone_new_frm_fp_l count the line + number for an empty line after a comment. + * Fix #135: Fix compile with OpenSSL-3.0.0-beta2. + * PR #107: Added ldns_pkt2buffer_wire_compress() to make dname + compression optional when converting packets to wire format. + Thanks Eli Lindsey + * Option to ldns-keygen to create symlinks with known names + (i.e. without the key id) to the created files. + Thanks Andreas Schulze + * Fix #121: Correct handling of centimetres by LOC parser. + Thanks Felipe Gasper + * PR #126: Link with libldns.la in Makefile.in. + Thanks orbea + * PR #127: Added option -Q to drill to give short answer. + Thanks niknah + * PR #133: Update m4 files for python modules. + Thanks Petr Menšík + * Bufix CAA value fields may be empty: Thanks Robert Mortimer + * PR #108: Fix for ldns-compare-zones net detecting when first zone + has a RRset that shrinks from two to one RRs, or grows from one + to two RRs. Thanks Emilio Caballero + * Fix #131: Drill sig chasing breaks with gcc-11 and + strict-aliasing. Thanks Stanislav Levin + * Fix #130: Unless $TLL is defined, ttl defaults to the last + explicitly stated value. Thanks Benno + * Fix #48: Missing UNSIGNED legend with drill. Thanks reedjc + * Fix #143: EVP_PKEY_base_id became a macro with OpenSSL > 3.0 + Thanks Daniel J. Luke + * Let ldns-signzone warn for high NSEC3 iteration counts. + Thanks Andreas Schulze + +1.7.1 2019-07-26 + * bugfix: Manage verification paths for OpenSSL >= 1.1.0 + Thanks Marco Davids + * bugfix #4106: find the SDK on MacOS X <= 10.6 + Thanks Bill Cole + * bugfix #4155: ldns-config contains never used variables + Thanks Petr Menšík + * bugfix #4221: drill -x crashes with malformed IPv4 address + Thanks Oleksandr Tymoshenko + * bugfix #3437: CDS & CDNSKEY RRsets should be signed with the KSK + Thanks Tony Finch + * bugfix #1566, #1568, #1569, #1570: Potential NULL Dereferences + Thanks Bill Parker + * bugfix #1260: Anticipate strchr returning NULL on unfound char + Thanks Stephan Zeisberg + * bugfix #1257: Free after reallocing to 0 size (CVE-2017-1000232) + Thanks Stephan Zeisberg + * bugfix #1256: Check parse limit before t increment (CVE-2017-1000231) + Thanks Stephan Zeisberg + * bugfix #1245: Only one signature per RRset needs to be valid with + ldns-verify-zone. Thanks Emil Natan. + * ldns-notify can use all supported hash algorithms with -y. + * bugfix #1209: make install ldns.pc file + Thanks Oleksandr Natalenko + * bugfix #1218: Only chase DS if signer is parent of owner. + Thanks Emil Natan + * bugfix #617: Retry WKS service and protocol names lower case. + Thanks Siali Yan + * Spelling errors in binaries and man pages + Thanks Andreas Schulze + * removed duplicate condition in ldns_udp_send_query. + * ldns_wire2pkt: fix null pointer dereference if pkt allocation fails + and fix memory leak with more EDNS sections + Thanks Jan Vcelak + * bugfix #1399: ldns_pkt2wire() Python binding is broken. + Thanks James Raftery + * ED25519 and ED448 support. Default is to autodetect support in + OpenSSL. Disable with --disable-ed25519 and --disable-ed448. + * ldns-notify: can have IPv6 address as argument. + * Fix time sensitive TSIG compare vulnerability. + * Fix that ldns-testns ignores sigpipe. + * Fix that ldns-notify sets the query RR as question RR, this + removes the wrong TTL and 0 rdata from the packet printout. + * Allow -T flag to be used together with drill -x + * Python bindings compile with swig 4.0 + Thanks Jitka Plesníková + * bugfix #4248: drill -DT fails for CNAME domain + Thanks Thom Wiggers + * bugfix #4214: Various fixes and leaks found by coverity. + Thanks Petr Menšík + * Feature #3394: An -I option to ldns-notify to specify a source + IP address to send to notify from. Thanks Geert Hendrickx + * Bugfix #279: New API functions ldns_udp_connect2, + ldns_tcp_connect2, ldns_udp_bgsend2 and ldns_tcp_bgsend2, + that return -1 on failure and allow socket number 0 + to be returned too. Thanks Joerg Sonnenberger + * Bugfix #1447: More verbose reporting of chasing problems with + ldns-verify-zone. Thanks Stephane Guedon + * OpenSSL engine support with ldns-signzone. + See also https://penzin.net/ldns-signzone/ + Many thanks Vadim Penzin. + * Various improvements found with shellcheck. + Thanks Jeffrey Walton + * PR #36 Update manpage of ldns-notify to mention algorithm + support with TSIG. Thanks Anand Buddhdev + * Compile warnings with signed char input to to_lower() + and is_digit() with NetBSD. Thanks Håvard Eidnes + * Missing Makefile.PL in DNS-LDNS perl module contribution. + Thanks Jaap Akkerhuis + +1.7.0 2016-12-20 + * Fix lookup of relative names in ldns_resolver_search. + * bugfix #548: Double free for answers > 4096 in ldns_resolver_send_pkt + * Follow CNAME's when tracing with drill (TODO dnssec trace) + * Fix #551 change Regent to Copyright holder in BSD license in + some of the headings of the file, to match the opensource.org + BSD license. + * -e option makes ldns-compare-zones exit with status code 2 on difference + * Filter out specified RR types with ldns-read-zone -e and -E options + * bugfix #563: Correct DNSKEY from DSA private key. Thanks Peter Koch. + * bugfix #562: ldns-keygen match DSA key maximum size with library. + And check keysizes with all algorithms. Thanks Peter Koch. + * ldns-verify-zone accepts only one single zonefile as argument. + * bugfix #573: ldns-keygen write private keys with mode 0600. + Thanks Leon Weber + * Fix configure to make ldns compile with LibreSSL 2.0 + * drill now also accepts dig style -y option + (-y <[algo:]name:key> i.s.o. -y ) + * OPENPGPKEY draft rr types. Enable with: --enable-rrtype-openpgpkey + * bugfix #608: Correct comment about escaped characters + * CDS and CDNSKEY rr type from RFC 7344. + --enable-rrtype-cds configure option removed + * fix: Memory leak in ldns_pkt_rr_list_by_name() + Thanks Johannes Naab + * fix: Memory leak in ldns_dname2buffer_wire_compress() + Thanks Max Liebkies + * bugfix #613: Allow tab as whitespace too in last rdata field of types + of variable length. Thanks Xiali Yan + * bugfix: strip trailing whitespace from $ORIGIN lines in zone files + * Let ldns-keygen output .ds files only for KSK keys + * Parse RFC7218 TLSA mnemonics, but do not output them + * Let ldns-dane use SPKI as the default selector i.s.o. Cert + * bugfix: Fit left over NSEC3s once more before adding empty non + terminals. Thanks Stuart Browne + * bugfix #605: Determine default trust anchor location at compile time + Thanks Peter Koch + * bugfix #697: Double free with ldns-dane create + Thanks Carsten Strotmann + * bugfix #623: Do not redefine bool type and boolean values + Thanks Jakob Petsovits + * bugfix #570: Add TLSA, CDS, CDNSKEY and OPENPGPKEY RR types to ldnsx + Thanks Shussain + * bugfix #575: ldns_pkt_clone() does not copy timestamp field + Thanks Calle Dybedahl + * bugfix #584: ldns-update fixes. Send update to port 53, bring manpage + in sync with the usage text, and don't alter the ldns_resolver passed + to ldns_update_soa_zone_mname(). Created a ldns_resolver_clone() + function in the process. Thanks Nicholas Riley. + * bugfix #633: ldns_pkt_clone() parameter isn't const. + Thanks Jakop Petsovits + * bugfix: ldns-dane manpage correction + Thanks Erwin Lansing + * Spelling fixes. Thanks Andreas Schulze + * Hyphen used as minus in manpages. Thanks Andreas Schulze. + * RFC7553 RR Type URI is supported by default. + * Fix ECDSA signature generation, do not omit leading zeroes. + * bugfix: Get rid of superfluous newline in ldns-keyfetcher + Thanks Jan-Piet Mens + * bugfix: -U option to ldns-signzone to sign with every algorithm + Thanks Guido Kroon + * const function parameters whenever possible. + Thanks Ray Bellis + * bugfix #725: allow RR-types on the type bitmap window border + Thanks Pieter Lexis + * bugfix #726: 2 typos in drill manpage. + Thanks Hugo Lombard + * Add type CSYNC support, RFC 7477. + * Prepare for ED25519, ED448 support: todo convert* routines in + dnssec.h, once openssl has support for signing with these algorithms. + The dns algorithm number is not yet allocated. These features are + not fully implemented yet, openssl (1.1) does not support the + algorithms enough to generate keys and sign and verify with them. + * Fix _answerfrom comment in ldns_struct_pkt. + * Fix drill axfr ipv4/ipv6 queries. + * Fix comment referring to mk_query in packet.h to pkt_query_new. + * Fix description of QR flag in packet.h. + * Fix for openssl 1.1.0 API changes. + * Remove commented out macro. Thanks Thiago Farina + * bugfix #641: Include install-sh in .gitignore + * bugfix #825: Module import breaks with newer SWIG versions. + Thanks Christoph Egger + * bugfix #796 - #792: Fix miscellaneous compiler warning issues. + Thanks Ngie Cooper + * bugfix #769: Add support for :: in an IPv6 address + Thanks Hajimu UMEMOTO + * bugfix #760: Detect superfluous text in presentation format + Thanks Xiali Yan + * bugfix #708: warnings and errors with xcode 6.1/7.0 + * bugfix #754: Memory leak in ldns_str2rdf_ipseckey + Thanks Xiali Yan + * bugfix #661: Fail NSEC3 signing when NSEC domainname length + would overflow. Thanks Jan-Piet Mens. + * bugfix #771: hmac-sha224, hmac-sha384 and hmac-sha512 keys. + Thanks Harald Jenny + * bugfix #680: ldns fails to reject invalidly formatted + RFC 7553 URI RRs. Thanks Robert Edmonds + * bugfix #678: Use poll i.s.o. select to support > 1024 fds + Thanks William King + * Use OpenSSL DANE functions for verification (unless explicitly + disabled with --disable-dane-ta-usage). + * Bump .so version + * Include OPENPGPKEY RR type by default + * rdata processing for SMIMEA RR type + * Fix crash in displaying TLSA RR's. + Thanks Andreas Schulze + * Update ldns-key2ds man page to mention GOST and SHA384 hash + functions. Thanks Harald Jenny + * Add sha384 and sha512 tsig algorithm. Thanks Michael Weiser + * Clarify data ownership with consts for tsig parameters. + Thanks Michael Weiser + * bugfix: Fix detection of DSA support with OpenSSL >= 1.1.0 + * bugfix #1160: Provide sha256 for release tarballs + * --enable-gost-anyway compiles GOST support with OpenSSL >= 1.1.0 + even when the GOST engine is not available. + +1.6.17 2014-01-10 + * Fix ldns_dnssec_zone_new_frm_fp_l to allow the last parsed line of a + zone to be an NSEC3 (or its RRSIG) covering an empty non terminal. + * Add --disable-dane option to configure and check availability of the + for dane needed X509_check_ca function in openssl. + * bugfix #490: Get rid of type-punned pointer warnings. + Thanks Adam Tkac. + * Make sure executables are linked against libcrypto with the + LIBSSL_LDFLAGS. Thanks Leo Baltus. + * Miscellaneous prototype fixes. Thanks Dag-Erling Smørgrav. + * README now shows preferred way to configure for examples and drill. + * Bind to source address for resolvers. drill binds to source with -I. + Thanks Bryan Duff. + * -T option for ldns-dane that has specific exit status for PKIX + validated connections without (secure) TLSA records. + * Fix b{32,64}_{ntop,pton} detection and handling. + * New RR type TKEY, but without operational practice. + * New RR types HIP, NINFO, RKEY, CDS, EUI48, EUI64, URI, CAA and TA. + * New output format flag (and accompanying functions) to print certain + RR's as unknown type + * -u and -U parameter for ldns-read-zone to mark/unmark a RR type + for printing as unknown type + * bugfix #504: GPOS RR has three rdata fields. Thanks Jelte Jansen. + * bugfix #497: Properly test for EOF when reading key files with drill. + * New functions: ldns_pkt_ixfr_request_new and + ldns_pkt_ixfr_request_new_frm_str. + * Use SNI with ldns-dane + * bugfix #507: ldnsx Fix use of non-existent variables and not + properly referring to instance variable. Patch from shussain. + * bugfix #508: ldnsx Adding NSEC3PARAM to known/allowable RR type + dictionary. Patch from shussain. + * bugfix #517: ldns_resolver_new_frm_fp error when invoked using a NULL + file pointer. + * Fix memory leak in contrib/python: ldns_pkt.new_query. + * Fix buffer overflow in fget_token and bget_token. + * ldns-verify-zone NSEC3 checking from quadratic to linear performance. + Thanks NIC MX (nicmexico.mx) + * ldns-dane setup new ssl session for each new connect to prevent hangs + * bugfix #521: drill trace continue on empty non-terminals with NSEC3 + * bugfix #525: Fix documentation of ldns_resolver_set_retry + * Remove unused LDNS_RDF_TYPE_TSIG and associated functions. + * Fix ldns_nsec_covers_name for zones with an apex only. Thanks Miek. + * Configure option to build perl bindings: --with-p5-dns-ldns + (DNS::LDNS is a contribution from Erik Ostlyngen) + * bugfix #527: Move -lssl before -lcrypto when linking + * Optimize TSIG digest function name comparison (Thanks Marc Buijsman) + * Compare names case insensitive with ldns_pkt_rr_list_by_name and + ldns_pkt_rr_list_by_name_and_type (thanks Johannes Naab) + * A separate --enable for each draft RR type: --enable-rrtype-ninfo, + --enable-rrtype-rkey, --enable-rrtype-cds, --enable-rrtype-uri and + --enable-rrtype-ta + * bugfix #530: Don't sign and verify duplicate RRs (Thanks Jelte Jansen) + * bugfix #505: Manpage and usage output fixes (Thanks Tomas Hozza) + * Adjust ldns_sha1() so that the input data is not modified (Thanks + Marc Buijsman) + * Messages to stderr are now off by default and can be re-enabled with + the --enable-stderr-msgs configure option. + +1.6.16 2012-11-13 + * Fix Makefile to build pyldns with BSD make + * Fix typo in exporting b32_* symbols to make pyldns load again + * Allow leaving the RR owner name empty in ldns-testns datafiles. + * Fix fail to create NSEC3 bitmap for empty non-terminal (bug + introduced in 1.6.14). + +1.6.15 2012-10-25 + * Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns + binary compatible with earlier releases again. + +1.6.14 2012-10-23 + * DANE support (RFC6698), including ldns-dane example tool. + * Configurable default CA certificate repository for ldns-dane with + --with-ca-file=CAFILE and --with-ca-path=CAPATH + * Configurable default trust anchor with --with-trust-anchor=FILE + for drill, ldns-verify-zone and ldns-dane + * bugfix #474: Define socklen_t when undefined (like in Win32) + * bugfix #473: Dead code removal and resource leak fix in drill + * bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too. + * Various bugfixes from code reviews from CZ.NIC and Paul Wouters + * ldns-notify TSIG option argument checking + * Let ldns_resolver_nameservers_randomize keep nameservers and rtt's + in sync. + * Let ldns_pkt_push_rr now return false on (memory) errors. + * Make buffer_export comply to documentation and fix buffer2str + * Various improvements and fixes of pyldns from Karel Slany + now documented in their own Changelog. + * bugfix: Make ldns_resolver_pop_nameserver clear the array when + there was only one. + * bugfix #459: Remove ldns_symbols and export symbols based on regex + * bugfix #458: Track all newly created signatures when signing. + * bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given. + * bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm. + * pyldns memory handling fixes and the python3/ldns-signzone.py + examples script contribution from Karel Slany. + * bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed + to be bigger (or equal) P in ldns_key_dsa2bin. + * bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new. + * bugfix #448: Copy nameserver value (in stead of reference) of the + answering nameserver to the answer packet in ldns_send_buffer, so + the original value may be deep freed with the ldns_resolver struct. + * New -0 option for ldns-read-zone to replace inception, expiration + and signature rdata fields with (null). Thanks Paul Wouters. + * New -p option for ldns-read-zone to prepend-pad SOA serial to take + up ten characters. + * Return error if printing RR fails due to unknown/null RDATA. + +1.6.13 2012-05-21 + * New -S option for ldns-verify-zone to chase signatures online. + * New -k option for ldns-verify-zone to validate using a trusted key. + * New inception and expiration margin options (-i and -e) to + ldns-verify-zone. + * New ldns_dnssec_zone_new_frm_fp and ldns_dnssec_zone_new_frm_fp_l + functions. + * New ldns_duration* functions (copied from OpenDNSSEC source) + * fix ldns-verify-zone to allow NSEC3 signatures to come before + the NSEC3 RR in all cases. Thanks Wolfgang Nagele. + * Zero the correct flag (opt-out) when creating NSEC3PARAMS. + Thanks Peter van Dijk. + * Canonicalize RRSIG's Signer's name too when validating, because + bind and unbound do that too. Thanks Peter van Dijk. + * bugfix #433: Allocate rdf using ldns_rdf_new in ldns_dname_label + * bugfix #432: Use LDNS_MALLOC & LDNS_FREE i.s.o. malloc & free + * bugfix #431: Added error message for LDNS_STATUS_INVALID_B32_EXT + * bugfix #427: Explicitly link ssl with the programs that use it. + * Fix reading \DDD: Error on values that are outside range (>255). + * bugfix #429: fix doxyparse.pl fails on NetBSD because specified + path to perl. + * New ECDSA support (RFC 6605), use --disable-ecdsa for older openssl. + * fix verifying denial of existence for DS's in NSEC3 Opt-Out zones. + Thanks John Barnitz + +1.6.12 2012-01-11 + * bugfix #413: Fix manpage source for srcdir != builddir + * Canonicalize the signers name rdata field in RRSIGs when signing + * Ignore minor version of Private-key-format (so v1.3 may be used) + * Allow a check_time to be given in stead of always checking against + the current time. With ldns-verify-zone the check_time can be set + with the -t option. + * Added functions for updating and manipulating SOA serial numbers. + ldns-read-zone has an option -S for updating and manipulating the + serial numbers. + * The library Makefile is now GNU and BSD make compatible. + * bugfix #419: NSEC3 validation of a name covered by a wildcard with + no data. + * Two new options (--with-drill and --with-examples) to the main + configure script (in the root of the source tree) to build drill + and examples too. + * Fix days_since_epoch to year_yday calculation on 32bits systems. + +1.6.11 2011-09-29 + * bugfix #394: Fix socket leak on errors + * bugfix #392: Apex only and percentage checks for ldns-verify-zone + (thanks Miek Gieben) + * bugfix #398: Allow NSEC RRSIGs before the NSEC3 in ldns-verify-zone + * Fix python site package path from sitelib to sitearch for pyldns. + * Fix python api to support python2 and python3 (thanks Karel Slany). + * bugfix #401: Correction of date/time functions algorithm and + prevention of an infinite loop therein + * bugfix #402: Correct the minimum and maximum number of rdata fields + in TSIG. (thanks David Keeler) + * bugfix #403: Fix heap overflow (thanks David Keeler) + * bugfix #404: Make parsing APL strings more robust + (thanks David Keeler) + * bugfix #391: Complete library assessment to prevent assertion errors + through ldns_rdf_size usage. + * Slightly more specific error messaging on wrong number of rdata + fields with the LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG and + LDNS_STATUS_MISSING_RDATA_FIELDS_KEY result codes. + * bugfix #406: More rigorous openssl result code handling to prevent + future crashes within openssl. + * Fix ldns_fetch_valid_domain_keys to search deeper than just one level + for a DNSKEY that signed a DS RR. (this function was used in the + check_dnssec_trace nagios module) + * bugfix #407: Canonicalize TSIG dnames and algorithm fields + * A new output specifier to accommodate configuration of what to show + in comment texts when converting host and/or wire-format data to + string. All conversion to string and printing functions have a new + version that have such a format specifier as an extra argument. + The default is changed so that only DNSKEY RR's are annotated with + an comment show the Key Tag of the DNSKEY. + * Fixed the ldns resolver to not mark a nameserver unreachable when + edns0 is tried unsuccessfully with size 4096 (no return packet came), + but to still try TCP. A big UDP packet might have been corrupted by + fragments dropping firewalls. + * Update of libdns.vim (thanks Miek Gieben) + * Added the ldnsx Python module to our contrib section, which adds even + more pythonisticism to the usage of ldns with Python. (Many thanks + to Christopher Olah and Paul Wouters) + The ldnsx module is automatically installed when --with-pyldns is + used with configuring, but may explicitly be excluded with the + --without-pyldnsx option to configure. + * bugfix #410: Fix clearing out temporary data on stack in sha2.c + * bugfix #411: Don't let empty non-terminal NSEC3s cause assertion failure. + +1.6.10 2011-05-31 + * New example tool added: ldns-gen-zone. + * bugfix #359: Serial-arithmetic for the inception and expiration + fields of a RRSIG and correctly converting them to broken-out time + information. + * bugfix #364: Slight performance increase of ldns-verifyzone. + * bugfix #367: Fix to allow glue records with the same name as the + delegation. + * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* + glue when the zone is opt-out. + * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, + ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too. + * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit + performance) + * Better handling of reference variables in ldns_rr_new_frm_fp_l from + pyldns, with a very nice generator function by Bedrich Kosata. + * Decoupling of the rdfs in rrs in the python wrappers to enable + the python garbage collector by Bedrich Kosata. + * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at + build time and when used. + * bugfix #383: Fix detection of empty nonterminals of multiple labels. + * Fixed the omission of rrsets in nsec(3)s and rrsigs to all occluded + names (in stead of just the ones that contain glue only) and all + occluded records on the delegation points (in stead of just the glue). + * Clarify the operation of ldns_dnssec_mark_glue and the usage of + ldns_dnssec_node_next_nonglue functions in the documentation. + * Added function ldns_dnssec_mark_and_get_glue as an real fast + alternative for ldns_zone_glue_rr_list. + * Fix parse buffer overflow for max length domain names. + * Fix Makefile for U in environment, since wrong U is more common than + deansification necessity. + +1.6.9 2011-03-16 + * Fix creating NSEC(3) bitmaps: make array size 65536, + don't add doubles. + * Fix printout of escaped binary in TXT records. + * Parsing TXT records: don't skip starting whitespace that is quoted. + * bugfix #358: Check if memory was successfully allocated in + ldns_rdf2str(). + * Added more memory allocation checks in host2str.c + * python wrapper for ldns_fetch_valid_domain_keys by Bedrich Kosata. + * fix to compile python wrapper with swig 2.0.2. + * Don't fallback to SHA-1 when creating NSEC3 hash with another + algorithm identifier, fail instead (no other algorithm identifiers + are assigned yet). + +1.6.8 2011-01-24 + * Fix ldns zone, so that $TTL definition match RFC 2308. + * Fix lots of missing checks on allocation failures and parse of + NSEC with many types and max parse length in hosts_frm_fp routine + and off by one in read_anchor_file routine (thanks Dan Kaminsky and + Justin Ferguson). + * bugfix #335: Drill: Print both SHA-1 and SHA-256 corresponding DS + records. + * Print correct WHEN in query packet (is not always 1-1-1970) + * ldns-test-edns: new example tool that detects EDNS support. + * fix ldns_resolver_send without openssl. + * bugfix #342: patch for support for more CERT key types (RFC4398). + * bugfix #351: fix udp_send hang if UDP checksum error. + * fix set_bit (from NSEC3 sign) patch from Jan Komissar. + +1.6.7 2010-11-08 + * EXPERIMENTAL ecdsa implementation, please do not enable on real + servers. + * GOST code enabled by default (RFC 5933). + * bugfix #326: ignore whitespace between directives and their values. + * Header comment to advertise ldns_axfr_complete to check for + successfully completed zone transfers. + * read resolv.conf skips interface labels, e.g. %eth0. + * Fix drill verify NSEC3 denials. + * Use closesocket() on windows. + * Add ldns_get_signing_algorithm_by_name that understand aliases, + names changed to RFC names and aliases for compatibility added. + * bugfix: don't print final dot if the domain is relative. + * bugfix: resolver search continue when packet rcode != NOERROR. + * bugfix: resolver push all domains in search directive to list. + * bugfix: resolver search by default includes the root domain. + * bugfix: tcp read could fail on single octet recv. + * bugfix: read of RR in unknown syntax with missing fields. + * added ldns_pkt_tsig_sign_next() and ldns_pkt_tsig_verify_next() + to sign and verify TSIG RRs on subsequent messages + (section 4.4, RFC 2845, thanks to Michael Sheldon). + * bugfix: signer sigs nsecs with zsks only. + * bugfix #333: fix ldns_dname_absolute for name ending with backslash. + +1.6.6 2010-08-09 + * Fix ldns_rr_clone to copy question rrs properly. + * Fix ldns_sign_zone(_nsec3) to clone the soa for the new zone. + * Fix ldns_wire2dname size check from reading 1 byte beyond buffer end. + * Fix ldns_wire2dname from reading 1 byte beyond end for pointer. + * Fix crash using GOST for particular platform configurations. + * extern C declarations used in the header file. + * Removed debug fprintf from resolver.c. + * ldns-signzone checks if public key file is for the right zone. + * NETLDNS, .NET port of ldns functionality, by Alex Nicoll, in contrib. + * Fix handling of comments in resolv.conf parse. + * GOST code enabled if SSL recent, RFC 5933. + * bugfix #317: segfault util.c ldns_init_random() fixed. + * Fix ldns_tsig_mac_new: allocate enough memory for the hash, fix use of + b64_pton_calculate_size. + * Fix ldns_dname_cat: size calculation and handling of realloc(). + * Fix ldns_rr_pop_rdf: fix handling of realloc(). + * Fix ldns-signzone for single type key scheme: sign whole zone if there + are only KSKs. + * Fix ldns_resolver: also close socket if AXFR failed (if you don't, + it would block subsequent transfers (thanks Roland van Rijswijk). + * Fix drill: allow for a secure trace if you use DS records as trust + anchors (thanks Jan Komissar). + +1.6.5 2010-06-15 + * Catch \X where X is a digit as an error. + * Fix segfault when ip6 ldns resolver only has ip4 servers. + * Fix NSEC record after DNSKEY at zone apex not properly signed. + * Fix syntax error if last label too long and no dot at end of domain. + * Fix parse of \# syntax with space for type LOC. + * Fix ldns_dname_absolute for escape sequences, fixes some parse errs. + * bugfix #297: linking ssl, bug due to patch submitted as #296. + * bugfix #299: added missing declarations to host2str.h + * ldns-compare-zones -s to not exclude SOA record from comparison. + * --disable-rpath fix + * fix ldns_pkt_empty(), reported by Alex Nicoll. + * fix ldns_resolver_new_frm_fp not ignore lines after a comment. + * python code for ldns_rr.new_question_frm_str() + * Fix ldns_dnssec_verify_denial: the signature selection routine. + * Type TALINK parsed (draft-ietf-dnsop-trust-history). + * bugfix #304: fixed dead loop in ldns_tcp_read_wire() and + ldns_tcp_read_wire_timeout(). + * GOST support with correct algorithm numbers. The plan is to make it + enabled if openssl support is detected, but it is disabled by + default in this release because the RFC is not ready. + * Fixed comment in rbtree.h about being first member and data ptr. + * Fixed possibly leak in case of out of memory in ldns_native2rdf... + * ldns_dname_is_wildcard added. + * Fixed: signatures over wildcards had the wrong labelcount. + * Fixed ldns_verify() inconsistent return values. + * Fixed ldns_resolver to copy and free tsig name, data and algorithm. + * Fixed ldns_resolver to push search onto searchlist. + * A ldns resolver now defaults to a non-recursive resolver that handles + the TC bit. + * ldns_resolver_print() prints more details. + * Fixed ldns_rdf2buffer_str_time(), which did not print timestamps + on 64bit systems. + * Make ldns_resolver_nameservers_randomize() more random. + * bugfix #310: POSIX specifies NULL second argument of gettimeofday. + * fix compiler warnings from llvm clang compiler. + * bugfix #309: ldns_pkt_clone did not clone the tsig_rr. + * Fix gentoo ebuild for drill, 'no m4 directory'. + * bugfix #313: drill trace on an empty nonterminal continuation. + +1.6.4 2010-01-20 + * Imported pyldns contribution by Zdenek Vasicek and Karel Slany. + Changed its configure and Makefile to fit into ldns. + Added its dname_* methods to the rdf_* class (as is the ldns API). + Changed swig destroy of ldns_buffer class to ldns_buffer_free. + Declared ldns_pkt_all and ldns_pkt_all_noquestion so swig sees them. + * Bugfix: parse PTR target of .tomhendrikx.nl with error not crash. + * Bugfix: handle escaped characters in TXT rdata. + * bug292: no longer crash on malformed domain names where a label is + on position 255, which was a buffer overflow by one. + * Fix ldns_get_rr_list_hosts_frm_fp_l (strncpy to strlcpy change), + which fixes resolv.conf reading badly terminated string buffers. + * Fix ldns_pkt_set_random_id to be more random, and a little faster, + it did not do value 0 statistically correctly. + * Fix ldns_rdf2native_sockaddr_storage to set sockaddr type to zeroes, + for portability. + * bug295: nsec3-hash routine no longer case sensitive. + * bug298: drill failed nsec3 denial of existence proof. + +1.6.3 2009-12-04 + * Bugfix: allow for unknown resource records in zonefile with rdlen=0. + * Bugfix: also mark an RR as question if it comes from the wire + * Bugfix: NSEC3 bitmap contained NSEC + * Bugfix: Inherit class when creating signatures + +1.6.2 2009-11-12 + * Fix Makefile patch from Havard Eidnes, better install.sh usage. + * Fix parse error on SOA serial of 2910532839. + Fix print of ';' and readback of '\;' in names, also for '\\'. + Fix parse of '\(' and '\)' in names. Also for file read. Also '\.' + * Fix signature creation when TTLs are different for RRs in RRset. + * bug273: fix so EDNS rdata is included in pkt to wire conversion. + * bug274: fix use of c++ keyword 'class' for RR class in the code. + * bug275: fix memory leak of packet edns rdata. + * Fix timeout procedure for TCP and AXFR on Solaris. + * Fix occasional NSEC bitmap bogus + * Fix rr comparing (was in reversed order since 1.6.0) + * bug278: fix parsing HINFO rdata (and other cases). + * Fix previous owner name: also pick up if owner name is @. + * RFC5702: enabled sha2 functions by default. This requires OpenSSL 0.9.8 or higher. + Reason for this default is the root to be signed with RSASHA256. + * Fix various LDNS RR parsing issues: IPSECKEY, WKS, NSAP, very long lines + * Fix: Make ldns_dname_is_subdomain case insensitive. + * Fix ldns-verify-zone so that address records at zone NS set are not considered glue + (Or glue records fall below delegation) + * Fix LOC RR altitude printing. + * Feature: Added period (e.g. '3m6d') support at explicit TTLs. + * Feature: DNSKEY rrset by default signed with minimal signatures + but -A option for ldns-signzone to sign it with all keys. + This makes the DNSKEY responses smaller for signed domains. + +1.6.1 2009-09-14 + * --enable-gost : use the GOST algorithm (experimental). + * Added some missing options to drill manpage + * Some fixes to --without-ssl option + * Fixed quote parsing within strings + * Bitmask fix in EDNS handling + * Fixed non-fqdn domain name completion for rdata field domain + names of length 1 + * Fixed chain validation with SHA256 DS records + +1.6.0 + Additions: + * Addition of an ldns-config script which gives cflags and libs + values, for use in configure scripts for applications that use + use ldns. Can be disabled with ./configure --disable-ldns-config + * Added direct sha1, sha256, and sha512 support in ldns. + With these functions, all NSEC3 functionality can still be + used, even if ldns is built without OpenSSL. Thanks to OpenBSD, + Steve Reid, and Aaron D. Gifford for the code. + * Added reading/writing support for the SPF Resource Record + * Base32 functions are now exported + Bugfixes: + * ldns_is_rrset did not go through the complete rrset, but + only compared the first two records. Thanks to Olafur + Gudmundsson for report and patch + * Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(), + thanks to Marius Rieder for finding an patching this. + * --without-ssl should now work. Make sure that examples/ and + drill also get the --without-ssl flag on their configure, if + this is used. + * Some malloc() return value checks have been added + * NSEC3 creation has been improved wrt to empty nonterminals, + and opt-out. + * Fixed a bug in the parser when reading large NSEC3 salt + values. + * Made the allowed length for domain names on wire + and presentation format the same. + Example tools: + * ldns-key2ds can now also generate DS records for keys without + the SEP flag + * ldns-signzone now equalizes the TTL of the DNSKEY RRset (to + the first non-default DNSKEY TTL value it sees) + +1.5.1 + Example tools: + * ldns-signzone was broken in 1.5.0 for multiple keys, this + has been repaired + + Build system: + * Removed a small erroneous output warning in + examples/configure and drill/configure + +1.5.0 + Bug fixes: + * fixed a possible memory overflow in the RR parser + * build flag fix for Sun Studio + * fixed a building race condition in the copying of header + files + * EDNS0 extended rcode; the correct assembled code number + is now printed (still in the EDNS0 field, though) + * ldns_pkt_rr no longer leaks memory (in fact, it no longer + copies anything all) + + API addition: + * ldns_key now has support for 'external' data, in which + case the OpenSSL EVP structures are not used; + ldns_key_set_external_key() and ldns_key_external_key() + * added ldns_key_get_file_base_name() which creates a + 'default' filename base string for key storage, of the + form "K++" + * the ldns_dnssec_* family of structures now have deep_free() + functions, which also free the ldns_rr's contained in them + * there is now an ldns_match_wildcard() function, which checks + whether a domain name matches a wildcard name + * ldns_sign_public has been split up; this resulted in the + addition of ldns_create_empty_rrsig() and + ldns_sign_public_buffer() + + Examples: + * ldns-signzone can now automatically add DNSKEY records when + using an OpenSSL engine, as it already did when using key + files + * added new example tool: ldns-nsec3-hash + * ldns-dpa can now filter on specific query name and types + * ldnsd has fixes for the zone name, a fix for the return + value of recvfrom(), and an memory initialization fix + (Thanks to Colm MacCárthaigh for the patch) + * Fixed memory leaks in ldnsd + + + +1.4.1 + Bug fixes: + * fixed a build issue where ldns lib existence was done too early + * removed unnecessary check for pcap.h + * NSEC3 optout flag now correctly printed in string output + * inttypes.h moved to configured inclusion + * fixed NSEC3 type bitmaps for empty nonterminals and unsigned + delegations + + API addition: + * for that last fix, we added a new function + ldns_dname_add_from() that can clone parts of a dname + +1.4.0 + Bug fixes: + * sig chase return code fix (patch from Rafael Justo, bug id 189) + * rdata.c memory leaks on error and allocation checks fixed (patch + from Shane Kerr, bug id 188) + * zone.c memory leaks on error and allocation checks fixed (patch + from Shane Kerr, bug id 189) + * ldns-zsplit output and error messages fixed (patch from Shane Kerr, + bug id 190) + * Fixed potential buffer overflow in ldns_str2rdf_dname + * Signing code no longer signs delegation NS rrsets + * Some minor configure/makefile updates + * Fixed a bug in the randomness initialization + * Fixed a bug in the reading of resolv.conf + * Fixed a bug concerning whitespace in zone data (with patch from Ondrej + Sury, bug 213) + * Fixed a small fallback problem in axfr client code + + API CHANGES: + * added 2str convenience functions: + - ldns_rr_type2str + - ldns_rr_class2str + - ldns_rr_type2buffer_str + - ldns_rr_class2buffer_str + * buffer2str() is now called ldns_buffer2str + * base32 and base64 function names are now also prepended with ldns_ + * ldns_rr_new_frm_str() now returns an error on missing RDATA fields. + Since you cannot read QUESTION section RRs with this anymore, + there is now a function called ldns_rr_new_question_frm_str() + + LIBRARY FEATURES: + * DS RRs string representation now add bubblebabble in a comment + (patch from Jakob Schlyter) + * DLV RR type added + * TCP fallback system has been improved + * HMAC-SHA256 TSIG support has been added. + * TTLS are now correctly set in NSEC(3) records when signing zones + + EXAMPLE TOOLS: + * New example: ldns-revoke to revoke DNSKEYs according to RFC5011 + * ldns-testpkts has been fixed and updated + * ldns-signzone now has the option to not add the DNSKEY + * ldns-signzone now has an (full zone only) opt-out option for + NSEC3 + * ldns-keygen can create HMAC-SHA1 and HMAC-SHA256 symmetric keys + * ldns-walk output has been fixed + * ldns-compare-zones has been fixed, and now has an option + to show all differences (-a) + * ldns-read-zone now has an option to print DNSSEC records only + +1.3 + Base library: + + * Added a new family of functions based around ldns_dnssec_zone, + which is a new structure that keeps a zone sorted through an + rbtree and links signatures and NSEC(3) records directly to their + RRset. These functions all start with ldns_dnssec_ + + * ldns_zone_sign and ldns_zone_sign_nsec3 are now deprecated, but + have been changed to internally use the new + ldns_dnssec_zone_sign(_nsec3) + + * Moved some ldns_buffer functions inline, so a clean rebuild of + applications relying on those is needed (otherwise you'll get + linker errors) + * ldns_dname_label now returns one extra (zero) + byte, so it can be seen as an fqdn. + * NSEC3 type code update for signing algorithms. + * DSA key generation of DNSKEY RRs fixed (one byte too small). + + * Added support for RSA/SHA256 and RSA/SHA512, as specified in + draft-ietf-dnsext-dnssec-rsasha256-04. The typecodes are not + final, and this feature is not enabled by default. It can be + enabled at compilation time with the flag --with-sha2 + + * Added 2wire_canonical family of functions that lowercase dnames + in rdata fields in resource records of the types in the list in + rfc3597 + + * Added base32 conversion functions. + + * Fixed DSA RRSIG conversion when calling OpenSSL + + Drill: + + * Chase output is completely different, it shows, in ascii, the + relations in the trust hierarchy. + + Examples: + * Added ldns-verify-zone, that can verify the internal DNSSEC records + of a signed BIND-style zone file + + * ldns-keygen now takes an -a argument specifying the algorithm, + instead of -R or -D. -a list show a list of supported algorithms + + * ldns-keygen now defaults to the exponent RSA_F4 instead of RSA_3 + for RSA key generation + + * ldns-signzone now has support for HSMs + * ldns-signzone uses the new ldns_dnssec_ structures and functions + which improves its speed, and output; RRSIGS are now placed + directly after their RRset, NSEC(3) records directly after the + name they handle + + Contrib: + * new contrib/ dir with user contributions + * added compilation script for solaris (thanks to Jakob Schlyter) + +28 Nov 2007 1.2.2: + * Added support for HMAC-MD5 keys in generator + * Added a new example tool (written by Ondrej Sury): ldns-compare-zones + * ldns-keygen now checks key sizes for rfc conformance + * ldns-signzone outputs SSL error if present + * Fixed manpages (thanks to Ondrej Sury) + * Fixed Makefile for -j + * Fixed a $ORIGIN error when reading zones + * Fixed another off-by-one error + +03 Oct 2007 1.2.1: + * Fixed an offset error in rr comparison + * Fixed ldns-read-zone exit code + * Added check for availability of SHA256 hashing algorithm + * Fixed ldns-key2ds -2 argument + * Fixed $ORIGIN bug in .key files + * Output algorithms as an integer instead of their mnemonic + * Fixed a memory leak in dnssec code when SHA256 is not available + * Updated fedora .spec file + +11 Apr 2007 1.2.0: + * canonicalization of rdata in DNSSEC functions now adheres to the + rr type list in rfc3597, not rfc4035, which will be updated + (see http://www.ops.ietf.org/lists/namedroppers/namedroppers.2007/msg00183.html) + * ldns-walk now support dnames with maximum label length + * ldnsd now takes an extra argument containing the address to listen on + * signing no longer signs every rrset with KSK's, but only the DNSKEY rrset + * ported to Solaris 10 + * added ldns_send_buffer() function + * added ldns-testpkts fake packet server + * added ldns-notify to send NOTIFY packets + * ldns-dpa can now accurately calculate the number of matches per + second + * libtool is now used for compilation too (still gcc, but not directly) + * Bugfixes: + - TSIG signing buffer size + - resolv.conf reading (comments) + - dname comparison off by one error + - typo in keyfetchers output file name fixed (a . too much) + - fixed zone file parser when comments contain ( or ) + - fixed LOC RR type + - fixed CERT RR type + + Drill: + * drill prints error on failed axfr. + * drill now accepts mangled packets with -f + * old -c option (use tcp) changed to -t + * -c option to specify alternative resolv.conf file added + * feedback of signature chase improved + * chaser now stops at root when no trusted keys are found + instead of looping forever trying to find the DS for . + * Fixed bugs: + - wildcard on multiple labels signature verification + - error in -f packet writing for malformed packets + - made KSK check more resilient + +7 Jul 2006: 1.1.0: ldns-team + * Added tutorials and an introduction to the documentation + * Added include/ and lib/ dirs so that you can compile against ldns + without installing ldns on your system + * Makefile updates + * Starting usage of assert throughout the library to catch illegal calls + * Solaris 9 testing was carried out. Ldns now compiles on that + platform; some gnuism were identified and fixed. + * The ldns_zone structure was stress tested. The current setup + (ie. just a list of rrs) can scale to zone file in order of + megabytes. Sorting such zone is still difficult. + * Reading multiline b64 encoded rdata works. + * OpenSSL was made optional, configure --without-ssl. + Ofcourse all dnssec/tsig related functions are disabled + * Building of examples and drill now happens with the same + defines as the building of ldns itself. + * Preliminary sha-256 support was added. Currently is your + OpenSSL supports it, it is supported in the DS creation. + * ldns_resolver_search was implemented + * Fixed a lot of bugs + + Drill: + * -r was killed in favor of -o
which + allows for a header bits setting (and maybe more in the + future) + * DNSSEC is never automatically set, even when you query + for DNSKEY/RRSIG or DS. + * Implement a crude RTT check, it now distinguishes between + reachable and unreachable. + * A form of secure tracing was added + * Secure Chasing has been improved + * -x does a reverse lookup for the given IP address + + Examples: + * ldns-dpa was added to the examples - this is the Dns Packet + Analyzer tool. + * ldnsd - as very, very simple nameserver impl. + * ldns-zsplit - split zones for parallel signing + * ldns-zcat - cat split zones back together + * ldns-keyfetcher - Fetches DNSKEY records with a few (non-strong, + non-DNSSEC) anti-spoofing techniques. + * ldns-walk - 'Walks' a DNSSEC signed zone + * Added an all-static target to the makefile so you can use examples + without installing the library + * When building in the source tree or in a direct subdirectory of + the build dir, configure does not need --with-ldns=../ anymore + + Code: + * All networking code was moved to net.c + * rdata.c: added asserts to the rdf set/get functions + * const keyword was added to pointer arguments that + aren't changed + + API: + Changed: + * renamed ldns/dns.h to ldns/ldns.h + * ldns_rr_new_frm_str() is extended with an extra variable which + in common use may be NULL. This trickles through to: + o ldns_rr_new_frm_fp + o ldns_rr_new_frm_fp_l + Which also get an extra variable + Also the function has been changed to return a status message. + The compiled RR is returned in the first argument. + * ldns_zone_new_frm_fp_l() and ldns_zone_new_frm_fp() are + changed to return a status msg. + * ldns_key_new_frm_fp is changed to return ldns_status and + the actual key list in the first argument + * ldns_rdata_new_frm_fp[_l]() are changed to return a status. + the rdf is return in the first argument + * ldns_resolver_new_frm_fp: same treatment: return status and + the new resolver in the first argument + * ldns_pkt_query_new_frm_str(): same: return status and the + packet in the first arg + * tsig.h: internal used functions are now static: + ldns_digest_name and ldns_tsig_mac_new + * ldns_key_rr2ds has an extra argument to specify the hash to + use. + * ldns_pkt_rcode() is renamed to ldns_pkt_get_rcode, ldns_pkt_rcode + is now the rcode type, like ldns_pkt_opcode + New: + * ldns_resolver_searchlist_count: return the searchlist counter + * ldns_zone_sort: Sort a zone + * ldns_bgsend(): background send, returns a socket. + * ldns_pkt_empty(): check is a packet is empty + * ldns_rr_list_pop_rr_list(): pop multiple rr's from another rr_list + * ldns_rr_list_push_rr_list(): push multiple rr's to an rr_list + * ldns_rr_list_compare(): compare 2 ldns_rr_lists + * ldns_pkt_push_rr_list: rr_list equiv for rr + * ldns_pkt_safe_push_rr_list: rr_list equiv for rr + Removed: + * ldns_resolver_bgsend(): was not used in 1.0.0 and is not used now + * ldns_udp_server_connect(): was faulty and isn't really part of + the core ldns idea any how. + * ldns_rr_list_insert_rr(): obsoleted, because not used. + * char *_when was removed from the ldns_pkt structure + +18 Oct 2005: 1.0.0: ldns-team + * Committed a patch from Håkan Olsson + * Added UPDATE support (Jakob Schlyter and Håkan Olsson) + * License change: ldns is now BSD licensed + * ldns now depends on SSL + * Networking code cleanup, added (some) server udp/tcp support + * A zone type is introduced. Currently this is a list + of RRs, so it will not scale well. + * [beta] Zonefile parsing was added + * [tools] Drill was added to ldns - see drill/ + * [tools] experimental signer was added + * [building] better check for ssl + * [building] major revision of build system + * [building] added rpm .spec in packaging/ (thanks to Paul Wouters) + * [building] A lot of cleanup in the build scripts (thanks to Jakob Schlyter + and Paul Wouters) + +28 Jul 2005: 0.70: ldns-team + * [func] ldns_pkt_get_section now returns copies from the rrlists + in the packet. This can be freed by the user program + * [code] added ldns_ prefixes to function from util.h + * [inst] removed documentation from default make install + * Usual fixes in documentation and code + +20 Jun 2005: 0.66: ldns-team + Rel. Focus: drill-pre2 uses some functions which are + not in 0.65 + * dnssec_cd bit function was added + * Zone infrastructure was added + * Usual fixes in documentation and code + +13 Jun 2005: 0.65: ldns-team + * Repository is online at: + http://www.nlnetlabs.nl/ldns/svn/ + * Apply reference copying throughout ldns, except in 2 + places in the ldns_resolver structure (._domain and + ._nameservers) + * Usual array of bugfixes + * Documentation added + * keygen.c added as an example for DNSSEC programming + +23 May 2005: 0.60: ldns-team + * Removed config.h from the header installed files + (you're not supposed to include that in a library) + * Further tweaking + - DNSSEC signing/verification works + - Assorted bug fixes and tweaks (memory management) + +May 2005: 0.50: ldns-team + * First usable release + * Basic DNS functionality works + * DNSSEC validation works diff --git a/zonemaster-ldns/ldns/LICENSE b/zonemaster-ldns/ldns/LICENSE new file mode 100644 index 0000000..6d4c6be --- /dev/null +++ b/zonemaster-ldns/ldns/LICENSE @@ -0,0 +1,26 @@ +Copyright (c) 2005,2006, NLnetLabs +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of NLnetLabs nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/zonemaster-ldns/ldns/Makefile.in b/zonemaster-ldns/ldns/Makefile.in new file mode 100644 index 0000000..32b9157 --- /dev/null +++ b/zonemaster-ldns/ldns/Makefile.in @@ -0,0 +1,1141 @@ +# Standard installation pathnames +# See the file LICENSE for the license +SHELL = @SHELL@ +VERSION = @PACKAGE_VERSION@ +version_info = @VERSION_INFO@ +srcdir = @srcdir@ +prefix = @prefix@ +exec_prefix = @exec_prefix@ +bindir = @bindir@ +mandir = @mandir@ +datarootdir = @datarootdir@ +datadir = @datadir@ +libdir = @libdir@ +includedir = @includedir@ +sysconfdir = @sysconfdir@ +doxygen = @doxygen@ +pywrapdir = $(srcdir)/contrib/python +pyldnsxwrapdir = $(srcdir)/contrib/ldnsx +p5_dns_ldns_dir = $(srcdir)/contrib/DNS-LDNS +PERL = @PERL@ +swig = @swig@ +swigpy_flags = -python @SWIGPY3@ +python_site = @PYTHON_PLATFORM_SITE_PKG@ +pyldns_inst = @PYLDNSINST@ +pyldns_uninst = @PYLDNSUNINST@ +pyldnsx_inst = @PYLDNSXINST@ +pyldnsx_uninst = @PYLDNSXUNINST@ +libtool = @libtool@ +CONFIG_FILES = @CONFIG_FILES@ +top_builddir = @top_builddir@ + +LDNS_TRUST_ANCHOR_FILE = @LDNS_TRUST_ANCHOR_FILE@ +DEFAULT_CAFILE = @DEFAULT_CAFILE@ +DEFAULT_CAPATH = @DEFAULT_CAPATH@ + +edit = sed \ + -e 's|@LDNS_TRUST_ANCHOR_FILE[@]|$(LDNS_TRUST_ANCHOR_FILE)|g' \ + -e 's|@DEFAULT_CAFILE[@]|$(DEFAULT_CAFILE)|g' \ + -e 's|@DEFAULT_CAPATH[@]|$(DEFAULT_CAPATH)|g' + +# override $U variable which is used by autotools for deansification (for +# K&R C compilers), but causes problems if $U is defined in the env). +U= + +# set all of the tools due to cross-compiles. libtool uses most of them. +# https://www.gnu.org/software/make/manual/html_node/Implicit-Variables.html +CC = @CC@ +CXX = @CXX@ +CPP = @CPP@ +LD = @LD@ +AS = @AS@ +AR = @AR@ +RANLIB = @RANLIB@ +STRIP = @STRIP@ + +# Unbound project specific flags +CFLAGS = @CFLAGS@ +CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@ @DEFS@ -DLDNS_TRUST_ANCHOR_FILE="\"$(LDNS_TRUST_ANCHOR_FILE)\"" +ARFLAGS = @ARFLAGS@ +LDFLAGS = @LDFLAGS@ + +LIBS = @LIBS@ +LIBOBJDIR = compat/ +LIBOBJS = @LIBOBJS@ +PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ +PYTHON_LIBS = @PYTHON_LIBS@ +PYTHON_X_CFLAGS = @PYTHON_X_CFLAGS@ +LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@ +LIBSSL_LDFLAGS = @LIBSSL_LDFLAGS@ +LIBSSL_LIBS = @LIBSSL_LIBS@ +LIBSSL_SSL_LIBS = @LIBSSL_SSL_LIBS@ +LIBPCAP_LIBS = @LIBPCAP_LIBS@ +RUNTIME_PATH = @RUNTIME_PATH@ +LIBTOOL = $(libtool) --tag=CC --quiet +LINT = splint +LINTFLAGS = +quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list +# Extra flags from configure +LINTFLAGS += @LINTFLAGS@ +LINTFLAGS += "-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"EC_KEY=unsigned" -D"EC_POINT=unsigned" -D"EC_GROUP=unsigned" -D"EVP_PKEY_ASN1_METHOD=struct evp_pkey_asn1_method_st" -D"EVP_PKEY_CTX=struct evp_pkey_ctx_st" +# compat with OpenBSD +LINTFLAGS += "-Dsigset_t=long" +# FreeBSD8 +LINTFLAGS += "-D__uint16_t=uint16_t" -D"__pure2=" -D"__wchar_t=wchar_t" -D"__packed=" -D"__aligned(x)=" +# Ubuntu oneiric" +LINTFLAGS += -D"__BEGIN_DECLS=" -D"__ssize_t=ssize_t" -D"__intptr_t=intptr_t" -D"__nonnull(x)=" -D"__THROW=" -D"__wur=" -D"__off_t=unsigned" -D"__off64_t=unsigned" -D"__useconds_t=unsigned" -D"__uid_t=unsigned" -D"__gid_t=unsigned" -D"__attribute_deprecated__=" -D"__pid_t=unsigned" -D"__restrict=" -D"__END_DECLS=" -D"__BEGIN_NAMESPACE_STD=" -D"__END_NAMESPACE_STD=" -D"__BEGIN_NAMESPACE_C99=" -D"__END_NAMESPACE_C99=" -D"__socklen_t=unsigned" -D"sa_family_t=unsigned " -D"__mode_t=unsigned" -D"u_int16_t=uint16_t" -D"u_int32_t=uint32_t" -D"u_int8_t=uint8_t" -D"u_short=unsigned short" -D"__u16=uint16_t" -D"__u32=uint32_t" -D"__u64=uint64_t" +# FreeBSD 9 +LINTFLAGS += -D"_RuneLocale=int" +DEPFLAG = @DEPFLAG@ +EXEEXT=@EXEEXT@ + +INSTALL = $(srcdir)/install-sh + +LIBLOBJS = $(LIBOBJS:.o=.lo) +LDNS_LOBJS = buffer.lo dane.lo dname.lo dnssec.lo dnssec_sign.lo dnssec_verify.lo dnssec_zone.lo duration.lo error.lo higher.lo host2str.lo host2wire.lo keys.lo net.lo packet.lo parse.lo radix.lo rbtree.lo rdata.lo resolver.lo rr.lo rr_functions.lo sha1.lo sha2.lo str2host.lo tsig.lo update.lo util.lo wire2host.lo zone.lo edns.lo +LDNS_LOBJS_EX = ^linktest\.c$$ +LDNS_ALL_LOBJS = $(LDNS_LOBJS) $(LIBLOBJS) +LIB = libldns.la + +LDNS_HEADERS = buffer.h dane.h dname.h dnssec.h dnssec_sign.h dnssec_verify.h dnssec_zone.h duration.h error.h higher.h host2str.h host2wire.h keys.h ldns.h packet.h parse.h radix.h rbtree.h rdata.h resolver.h rr_functions.h rr.h sha1.h sha2.h str2host.h tsig.h update.h wire2host.h zone.h edns.h +LDNS_HEADERS_EX = ^config\.h|common\.h|util\.h|net\.h$$ +LDNS_HEADERS_GEN= common.h util.h net.h + +PYLDNS_I_FILES = $(pywrapdir)/file_py3.i $(pywrapdir)/ldns_buffer.i $(pywrapdir)/ldns_dname.i $(pywrapdir)/ldns_dnssec.i $(pywrapdir)/ldns.i $(pywrapdir)/ldns_key.i $(pywrapdir)/ldns_packet.i $(pywrapdir)/ldns_rdf.i $(pywrapdir)/ldns_resolver.i $(pywrapdir)/ldns_rr.i $(pywrapdir)/ldns_zone.i + +DRILL_LOBJS = drill/chasetrace.lo drill/dnssec.lo drill/drill.lo drill/drill_util.lo drill/error.lo drill/root.lo drill/securetrace.lo drill/work.lo + +EXAMPLE_LOBJS = examples/ldns-chaos.lo examples/ldns-compare-zones.lo examples/ldns-dane.lo examples/ldnsd.lo examples/ldns-dpa.lo examples/ldns-gen-zone.lo examples/ldns-key2ds.lo examples/ldns-keyfetcher.lo examples/ldns-keygen.lo examples/ldns-mx.lo examples/ldns-notify.lo examples/ldns-nsec3-hash.lo examples/ldns-read-zone.lo examples/ldns-resolver.lo examples/ldns-revoke.lo examples/ldns-rrsig.lo examples/ldns-signzone.lo examples/ldns-test-edns.lo examples/ldns-testns.lo examples/ldns-testpkts.lo examples/ldns-update.lo examples/ldns-verify-zone.lo examples/ldns-version.lo examples/ldns-walk.lo examples/ldns-zcat.lo examples/ldns-zsplit.lo +EXAMPLE_PROGS = examples/ldns-chaos examples/ldns-compare-zones examples/ldnsd examples/ldns-gen-zone examples/ldns-key2ds examples/ldns-keyfetcher examples/ldns-keygen examples/ldns-mx examples/ldns-notify examples/ldns-read-zone examples/ldns-resolver examples/ldns-rrsig examples/ldns-test-edns examples/ldns-update examples/ldns-version examples/ldns-walk examples/ldns-zcat examples/ldns-zsplit +EX_PROGS_BASENM = ldns-chaos ldns-compare-zones ldns-dane ldnsd ldns-dpa ldns-gen-zone ldns-key2ds ldns-keyfetcher ldns-keygen ldns-mx ldns-notify ldns-nsec3-hash ldns-read-zone ldns-resolver ldns-revoke ldns-rrsig ldns-signzone ldns-test-edns ldns-testns ldns-testpkts ldns-update ldns-verify-zone ldns-version ldns-walk ldns-zcat ldns-zsplit +EXAMPLE_PROGS_EX= ^examples/ldns-testpkts\.c|examples/ldns-testns\.c|examples/ldns-dane\.c|examples/ldns-dpa\.c|examples/ldns-nsec3-hash\.c|examples/ldns-revoke\.c|examples/ldns-signzone\.c|examples/ldns-verify-zone\.c$$ +TESTNS = examples/ldns-testns +TESTNS_LOBJS = examples/ldns-testns.lo examples/ldns-testpkts.lo +LDNS_DPA = examples/ldns-dpa +LDNS_DPA_LOBJS = examples/ldns-dpa.lo +LDNS_DANE = examples/ldns-dane +LDNS_DANE_LOBJS = examples/ldns-dane.lo +EX_SSL_PROGS = examples/ldns-nsec3-hash examples/ldns-revoke examples/ldns-signzone examples/ldns-verify-zone +EX_SSL_LOBJS = examples/ldns-nsec3-hash.lo examples/ldns-revoke.lo examples/ldns-signzone.lo examples/ldns-verify-zone.lo + +COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS) +COMP_LIB = $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS) +LINK = $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS) +LINK_LIB = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS) -version-info $(version_info) -no-undefined +LINK_EXE = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LIBSSL_LDFLAGS) + +.PHONY: clean realclean docclean manpages doc lint all lib pyldns test +.PHONY: install uninstall install-doc uninstall-doc uninstall-pyldns +.PHONY: install-h uninstall-h install-lib uninstall-lib install-pyldns + +all: setup-builddir lib linktest manpages @P5_DNS_LDNS@ @PYLDNS@ @DRILL@ @EXAMPLES@ + +.SUFFIXES: .c .o .a .lo .h .i + +.c.lo: + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@ + +# Need libtool compile +.c.o: + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< -o $@ + +$(LDNS_LOBJS) $(LIBLOBJS) $(DRILL_LOBJS) $(EXAMPLE_LOBJS): + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/$(@:.lo=.c) -o $@ + +setup-builddir: + @if test ! -d compat ; then mkdir compat ; fi + @if test ! -d drill ; then mkdir drill ; fi + @if test ! -d examples ; then mkdir examples ; fi + @if test ! -h config.h ; then ln -s ldns/config.h . ; fi + @if test ! -h lib ; then ln -s .libs lib ; fi ; + @if test ! -d include ; then $(INSTALL) -d include; fi + @if test ! -h include/ldns ; then ln -s ../ldns include/ldns || echo "include/ldns exists"; fi + +# builddir/ is used by 60-compile-builddir +putdown-builddir: + rm -rf include/ldns + rm -f lib config.h + test ! -d include || rmdir include || : + if test -d examples -a ! -f examples/README; then rmdir examples || : ; fi + if test -d drill -a ! -f drill/README ; then rmdir drill || : ; fi + if test -d compat -a ! -f compat/malloc.c; then rmdir compat || : ; fi + rm -rf builddir/ + +drill: setup-builddir no-drill-config-h drill/drill drill/drill.1 +no-drill-config-h: + @if test -e $(srcdir)/drill/config.h -o -e drill/config.h ; \ + then echo "A config.h was detected in the drill subdirectory." ; \ + echo "This does not work when building drill from here." ; \ + echo "Either remove the config.h from the subdirectory" ; \ + echo "or build drill there." ; \ + exit -1 ; \ + fi + +drill/drill: $(DRILL_LOBJS) $(LIB) $(LIBLOBJS) + $(LINK_EXE) $(DRILL_LOBJS) $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o drill/drill $(top_builddir)/libldns.la + +drill/drill.1: $(srcdir)/drill/drill.1.in + $(edit) $(srcdir)/drill/drill.1.in > drill/drill.1 + +install-drill: drill/drill drill/drill.1 + $(INSTALL) -m 755 -d $(DESTDIR)$(bindir) + $(INSTALL) -m 755 -d $(DESTDIR)$(mandir) + $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1 + $(LIBTOOL) --mode=install cp drill/drill$(EXEEXT) $(DESTDIR)$(bindir) + $(INSTALL) -m 644 drill/drill.1 $(DESTDIR)$(mandir)/man1/drill.1 + +uninstall-drill: + rm -f $(DESTDIR)$(bindir)/drill$(EXEEXT) $(DESTDIR)$(mandir)/man1/drill.1 + test ! -d $(DESTDIR)$(mandir) || rmdir -p $(DESTDIR)$(mandir)/man1 || :; + test ! -d $(DESTDIR)$(bindir) || rmdir -p $(DESTDIR)$(bindir) || : ; + +clean-drill: + $(LIBTOOL) --mode clean rm -f $(DRILL_LOBJS) drill/drill$(EXEEXT) drill/drill.1 + +examples: setup-builddir no-examples-config-h $(LIB) $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS) examples/ldns-dane.1 examples/ldns-verify-zone.1 +no-examples-config-h: + @if test -e $(srcdir)/examples/config.h -o -e examples/config.h ; \ + then echo "A config.h was detected in the examples subdirectory." ; \ + echo "This does not work when building examples from here." ; \ + echo "Either remove the config.h from the subdirectory" ; \ + echo "or build examples there." ; \ + exit -1 ; \ + fi + +# Need LIBSSL_LIBS +$(EXAMPLE_PROGS): + $(LINK_EXE) $@.lo $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o $@ $(top_builddir)/libldns.la + +# Need LIBSSL_LIBS +$(TESTNS): + $(LINK_EXE) $(TESTNS_LOBJS) $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o $(TESTNS) $(top_builddir)/libldns.la + +# Need LIBSSL_LIBS +$(LDNS_DPA): + $(LINK_EXE) $(LDNS_DPA_LOBJS) $(LIBLOBJS) $(LIB) $(LIBPCAP_LIBS) $(LIBSSL_LIBS) $(LIBS) \ + -o $(LDNS_DPA) $(top_builddir)/libldns.la + +$(LDNS_DANE): + $(LINK_EXE) $(LDNS_DANE_LOBJS) $(LIBLOBJS) $(LIB) $(LIBSSL_SSL_LIBS) $(LIBS) \ + -o $(LDNS_DANE) $(top_builddir)/libldns.la + +$(EX_SSL_PROGS): + $(LINK_EXE) $@.lo $(LIBLOBJS) $(LIB) $(LIBSSL_LIBS) $(LIBS) -o $@ $(top_builddir)/libldns.la + +examples/ldns-dane.1: $(srcdir)/examples/ldns-dane.1.in + $(edit) $(srcdir)/examples/ldns-dane.1.in > examples/ldns-dane.1 + +examples/ldns-verify-zone.1: $(srcdir)/examples/ldns-verify-zone.1.in + $(edit) $(srcdir)/examples/ldns-verify-zone.1.in > examples/ldns-verify-zone.1 + +install-examples: $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS) examples/ldns-dane.1 examples/ldns-verify-zone.1 + $(INSTALL) -m 755 -d $(DESTDIR)$(bindir) + $(INSTALL) -m 755 -d $(DESTDIR)$(mandir) + $(INSTALL) -m 755 -d $(DESTDIR)$(mandir)/man1 + for p in $(EXAMPLE_PROGS) $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS) ; do \ + $(LIBTOOL) --mode=install cp $$p$(EXEEXT) $(DESTDIR)$(bindir) ; \ + if test -f $$p.1 ; \ + then $(INSTALL) -m 644 $$p.1 $(DESTDIR)$(mandir)/man1 ; \ + else $(INSTALL) -m 644 $(srcdir)/$$p.1 $(DESTDIR)$(mandir)/man1 ; \ + fi ; \ + done + +uninstall-examples: + for p in $(EX_PROGS_BASENM) ; do \ + rm -f $(DESTDIR)$(bindir)/$$p$(EXEEXT) $(DESTDIR)$(mandir)/man1/$$p.1 ;\ + done + test ! -d $(DESTDIR)$(mandir) || rmdir -p $(DESTDIR)$(mandir)/man1 || :; + test ! -d $(DESTDIR)$(bindir) || rmdir -p $(DESTDIR)$(bindir) || : ; + +clean-examples: + for p in $(EX_PROGS_BASENM) ; do \ + $(LIBTOOL) --mode clean rm -f $$p$(EXEEXT) ;\ + done + $(LIBTOOL) --mode clean rm -f $(TESTNS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS) + $(LIBTOOL) --mode clean rm -f $(EXAMPLE_LOBJS) + $(LIBTOOL) --mode clean rm -f examples/ldns-dane.1 examples/ldns-verify-zone.1 + +linktest: $(srcdir)/linktest.c libldns.la + $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $(srcdir)/linktest.c -o linktest.lo + $(LINK_EXE) linktest.lo $(LIB) $(LIBSSL_LIBS) $(LIBS) -o linktest $(top_builddir)/libldns.la + +lib: libldns.la + +lib-export-all: libldns.la-export-all + +libldns.la: $(LDNS_ALL_LOBJS) + $(LINK_LIB) $(LIBSSL_LDFLAGS) $(LIBSSL_LIBS) -export-symbols-regex '^(ldns_|b32_[pn]to[pn]|mktime_from_utc|qsort_rr_compare_nsec3)' -o libldns.la $(LDNS_ALL_LOBJS) -rpath $(libdir) $(RUNTIME_PATH) + +libldns.la-export-all: $(LDNS_ALL_LOBJS) + $(LINK_LIB) -o libldns.la $(LDNS_ALL_LOBJS) -rpath $(libdir) $(RUNTIME_PATH) + +mancheck: + sh -c 'find . -name \*.\[13\] -exec troff -z {} \;' 2>&1 | sed "s/^\.\///" | sed "s/\(:[0\-9]\+:\)/\1 warning:/g" + +doxygen: + @if test ! -e doc/header.html ; then \ + $(INSTALL) -c -m 644 $(srcdir)/doc/header.html doc/ ; \ + fi ; + $(doxygen) libdns.doxygen + +doc: manpages $(doxygen) + @$(INSTALL) -d doc + +manpages: $(srcdir)/doc/function_manpages + @$(INSTALL) -d doc/man/man3 + @if [ -f $(srcdir)/doc/man/man3/ldns_rr.3 ] ; \ + then \ + if test -d ldns ; then \ + echo "is builddir srcdir" > ldns/YES ; \ + if [ ! -f $(srcdir)/ldns/YES ]; then \ + echo "Copying manpages..."; \ + for m in $(srcdir)/doc/man/man3/*.3 ; \ + do \ + $(INSTALL) -c -C -m 444 $${m} doc/man/man3/ ; \ + done; \ + fi ;\ + rm -f ldns/YES; \ + fi; \ + else \ + echo "Generating manpages..."; \ + cat $(srcdir)/ldns/*.h \ + | $(srcdir)/doc/doxyparse.pl -m $(srcdir)/doc/function_manpages \ + | grep -v ^doxygen | grep -v ^cat > doc/ldns_manpages; \ + fi + +manpage-create-errors: $(srcdir)/doc/function_manpages + @$(INSTALL) -d doc + @cat $(srcdir)/ldns/*.h \ + | $(srcdir)/doc/doxyparse.pl -e \ + -m $(srcdir)/doc/function_manpages >/dev/null + +manpage-errors: + @man --version >/dev/null 2>&1 && \ + for m in `cat $(srcdir)/ldns/*.h | $(srcdir)/doc/doxyparse.pl -m $(srcdir)/doc/function_manpages 2>&1 | grep -v ^doxygen | grep -v ^cat` ; do\ + LC_ALL=en_US.UTF-8 MANROFFSEQ='' MANWIDTH=80 \ + man --warnings -E UTF-8 -l -Tutf8 -Z doc/man/man3/$${m}.3 2>&1 >/dev/null \ + | awk "-vpage=$${m}.3" '{printf("%s: ", page);print}'; \ + if ! lexgrog doc/man/man3/$${m}.3 >/dev/null 2>&1 ; \ + then \ + echo doc/man/man3/$${m}.3: manpage-has-bad-whatis-entry; \ + fi; \ + done || echo "WARNING!: Cannot detect manpage errors on `uname`" + +pyldns: _ldns.la + +$(pywrapdir)/ldns_wrapper.c: $(PYLDNS_I_FILES) ldns/config.h + $(swig) $(swigpy_flags) -o $@ $(PYTHON_CPPFLAGS) $(pywrapdir)/ldns.i + +ldns_wrapper.lo: $(pywrapdir)/ldns_wrapper.c ldns/config.h + $(COMP_LIB) -I./include/ldns $(LIBSSL_CPPFLAGS) $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $(pywrapdir)/ldns_wrapper.c -o $@ + +_ldns.la: ldns_wrapper.lo libldns.la + $(LIBTOOL) --tag=CC --mode=link $(CC) $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) -module -version-info $(version_info) -no-undefined -o $@ ldns_wrapper.lo -rpath $(python_site) -L. -L.libs $(LIB) $(PYTHON_LIBS) $(LIBS) + +$(p5_dns_ldns_dir)/Makefile: $(p5_dns_ldns_dir)/Makefile.PL + BUILDDIR=`pwd`; cd $(p5_dns_ldns_dir); LD_LIBRARY_PATH="$$BUILDDIR/.libs:$$LD_LIBRARY_PATH" DYLD_LIBRARY_PATH="$$BUILDDIR/.libs:$$DYLD_LIBRARY_PATH" $(PERL) Makefile.PL LIBS="-L$$BUILDDIR/.libs -lldns" INC="-I$$BUILDDIR" + +$(p5_dns_ldns_dir)/blib/arch/auto/DNS/LDNS/LDNS.so: $(p5_dns_ldns_dir)/Makefile + cd $(p5_dns_ldns_dir); $(MAKE) + +p5-dns-ldns: $(p5_dns_ldns_dir)/blib/arch/auto/DNS/LDNS/LDNS.so + +install-p5-dns-ldns: $(p5_dns_ldns_dir)/Makefile + cd $(p5_dns_ldns_dir); $(MAKE) install + +uninstall-p5-dns-ldns: $(p5_dns_ldns_dir)/Makefile + cd $(p5_dns_ldns_dir); $(MAKE) uninstall + +clean-p5-dns-ldns: $(p5_dns_ldns_dir)/Makefile + cd $(p5_dns_ldns_dir); $(MAKE) clean + +test-p5-dns-ldns: $(p5_dns_ldns_dir)/Makefile + cd $(p5_dns_ldns_dir); $(MAKE) test + +install: install-h install-lib install-pc @INSTALL_CONFIG@ install-manpages $(pyldns_inst) $(pyldnsx_inst) @INSTALL_P5_DNS_LDNS@ @INSTALL_DRILL@ @INSTALL_EXAMPLES@ + +uninstall: uninstall-manpages @UNINSTALL_CONFIG@ uninstall-h uninstall-lib uninstall-pc $(pyldns_uninst) $(pyldnsx_uninst) @UNINSTALL_P5_DNS_LDNS@ @UNINSTALL_DRILL@ @UNINSTALL_EXAMPLES@ + +destclean: uninstall + +install-config: + $(INSTALL) -d $(DESTDIR)$(bindir) + $(INSTALL) -c -m 755 packaging/ldns-config $(DESTDIR)$(bindir) + +uninstall-config: + rm -f $(DESTDIR)$(bindir)/ldns-config + test ! -d $(DESTDIR)$(bindir) || rmdir -p $(DESTDIR)$(bindir) || echo "ok, dir already gone" + +install-config-manpage: + ${INSTALL} -d $(DESTDIR)$(mandir)/man1 + ${INSTALL} -c -m 444 $(srcdir)/packaging/ldns-config.1 $(DESTDIR)$(mandir)/man1/ + + +uninstall-config-manpage: + rm -f $(DESTDIR)$(mandir)/man1/ldns-config.1 + test ! -d $(DESTDIR)$(mandir)/man1 || rmdir -p $(DESTDIR)$(mandir)/man1 || echo "ok, dir already gone" + +install-manpages: manpages @INSTALL_CONFIG_MANPAGE@ + ${INSTALL} -d $(DESTDIR)$(mandir)/man3 + for f in doc/man/man3/*; do \ + ${INSTALL} -c -m 444 $$f $(DESTDIR)$(mandir)/man3/; \ + done + +uninstall-manpages: @UNINSTALL_CONFIG_MANPAGE@ + for m in `cat $(srcdir)/ldns/*.h | perl $(srcdir)/doc/doxyparse.pl -m $(srcdir)/doc/function_manpages 2>&1 | grep -v ^doxygen | grep -v ^cat` ; do \ + rm -f $(DESTDIR)$(mandir)/man3/$$m.3 ; done + test ! -d $(DESTDIR)$(mandir)/man3 || rmdir -p $(DESTDIR)$(mandir)/man3 || echo "ok, dir already gone" + +install-h: lib + $(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/ldns + for i in $(LDNS_HEADERS); do \ + $(INSTALL) -c -m 644 $(srcdir)/ldns/$$i $(DESTDIR)$(includedir)/ldns/; done + for i in $(LDNS_HEADERS_GEN); do \ + $(INSTALL) -c -m 644 ldns/$$i $(DESTDIR)$(includedir)/ldns/; done + +uninstall-h: + for i in $(LDNS_HEADERS) $(LDNS_HEADERS_GEN); do \ + rm -f $(DESTDIR)$(includedir)/ldns/$$i; done + test ! -d $(DESTDIR)$(includedir)/ldns || rmdir -p $(DESTDIR)$(includedir)/ldns || echo "ok, dir already gone" + exit 0 + +packaging/libldns.pc: $(srcdir)/packaging/libldns.pc.in + ./config.status --file=$@ + +install-pc: packaging/libldns.pc + $(INSTALL) -m 644 packaging/libldns.pc $(DESTDIR)$(libdir)/pkgconfig/ldns.pc + +uninstall-pc: + $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/pkgconfig/ldns.pc + test ! -d $(DESTDIR)$(libdir)/pkgconfig || rmdir -p $(DESTDIR)$(libdir)/pkgconfig || echo "ok, dir already gone" + +install-lib: lib + $(INSTALL) -m 755 -d $(DESTDIR)$(libdir) + $(LIBTOOL) --mode=install cp libldns.la $(DESTDIR)$(libdir) + $(LIBTOOL) --mode=finish $(DESTDIR)$(libdir) + +uninstall-lib: + $(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libldns.la + test ! -d $(DESTDIR)$(libdir) || rmdir -p $(DESTDIR)$(libdir) || echo "ok, dir already gone" + +install-pyldns: @PYLDNS@ + $(INSTALL) -m 755 -d $(DESTDIR)$(python_site)/ldns + $(INSTALL) -c -m 644 $(pywrapdir)/ldns.py $(DESTDIR)$(python_site)/ldns.py + $(LIBTOOL) --mode=install cp _ldns.la $(DESTDIR)$(python_site) + $(LIBTOOL) --mode=finish $(DESTDIR)$(python_site) + +uninstall-pyldns: + rm -f $(DESTDIR)$(python_site)/ldns/* + test ! -d $(DESTDIR)$(python_site)/ldns || rmdir $(DESTDIR)$(python_site)/ldns || echo "ok, dir already gone" + +install-pyldnsx: + $(INSTALL) -c -m 644 $(pyldnsxwrapdir)/ldnsx.py $(DESTDIR)$(python_site)/ldnsx.py + +uninstall-pyldnsx: + rm -f $(DESTDIR)$(python_site)/ldnsx.py + +clean-manpages: + for m in `cat $(srcdir)/ldns/*.h | $(srcdir)/doc/doxyparse.pl -m $(srcdir)/doc/function_manpages 2>&1 | grep -v ^doxygen | grep -v ^cat` ; do\ + rm -f doc/man/man3/$${m}.3 ; done + rm -f doc/ldns_manpages + test ! -d doc/man/man3 || rmdir -p doc/man/man3 || : + +clean-lib: + $(LIBTOOL) --mode clean rm -f $(LDNS_LOBJS) $(LIBLOBJS) + $(LIBTOOL) --mode clean rm -f linktest libldns.la + $(LIBTOOL) --mode clean rm -f $(pywrapdir)/ldns_wrapper.c + $(LIBTOOL) --mode clean rm -f $(pywrapdir)/ldns.py + +clean: @CLEAN_DRILL@ @CLEAN_EXAMPLES@ @CLEAN_P5_DNS_LDNS@ clean-manpages clean-lib putdown-builddir + +realclean: clean docclean + rm -f config.status + rm -f config.log + rm -f $(CONFIG_FILES) + rm -f ldns/config.h + if test -d packaging -a ! -f packaging/ldns-config.in ; then \ + rmdir packaging || : ; fi + rm -f libtool + if test -d ldns ; then \ + echo "is builddir srcdir" > ldns/YES ; \ + if test -f $(srcdir)/ldns/YES ; then \ + echo Leaving headers files because srcdir == builddir;\ + rm -f ldns/YES; \ + else \ + echo Removing header files in builddir;\ + for f in `(cd $(srcdir); echo ldns/*.h)`; do \ + rm -f $$f ; done ; \ + rm -f ldns/YES; \ + test ! -d ldns || rmdir ldns || : ; \ + fi ;\ + fi + +docclean: + rm -rf doc/html/ + rm -rf doc/man/ + rm -rf doc/latex/ + rm -f doc/*.txt + rm -f doc/*.tex + rm -f doc/ldns_manpages + +distclean: realclean + rm -fr autom4te.cache + rm -f config.guess config.sub configure ltmain.sh ldns/config.h.in + +## No need for changes here + +lint: lint-lib @LINT_DRILL@ @LINT_EXAMPLES@ +lint-lib: + for i in $(srcdir)/*.c; do \ + $(LINT) $(LINTFLAGS) -I. -I$(srcdir) $(srcdir)/$$i ; \ + if test $$? -ne 0 ; then exit 1 ; fi ; \ + done + +lint-drill: + for i in $(srcdir)/drill/*.c; do \ + $(LINT) $(LINTFLAGS) -I. -I$(srcdir) $(srcdir)/$$i ; \ + if test $$? -ne 0 ; then exit 1 ; fi ; \ + done + +lint-examples: + for i in $(srcdir)/examples/*.c; do \ + $(LINT) $(LINTFLAGS) -I. -I$(srcdir) $(srcdir)/$$i ; \ + if test $$? -ne 0 ; then exit 1 ; fi ; \ + done + +tags: $(srcdir)/*.c ldns/*.[ch] + ctags -f $(srcdir)/tags $(srcdir)/*.[ch] ldns/*.[ch] + +allclean: test-clean clean + +test-clean: + tpkg -b test clean + +test: examples drill @TEST_P5_DNS_LDNS@ + ./test/test_all.sh + + +# Recreate symbols file, only needed when API changes +# make clean first (and after this make clean; make again) +symbols: lib-export-all + nm -g lib/libldns.so | cut -d " " -f 3 | grep ldns | sort > $(srcdir)/ldns_symbols.def + +TMP_FILE=temporary.tmp +sources: + for mf in $(srcdir)/Makefile.in Makefile ; do \ + if test -e $$mf ; then \ + cp $$mf $$mf.bak ;\ + sed -e 's/^LDNS_LOBJS[ ]*=.*$$/LDNS_LOBJS = '"`(cd $(srcdir); ls -1 *.c | egrep -v '$(LDNS_LOBJS_EX)' | sed 's/\.c/\.lo/g' | tr '\n' ' ')`"'/g' \ + -e 's/^LDNS_HEADERS[ ]*=.*$$/LDNS_HEADERS = '"`(cd $(srcdir)/ldns; ls -1 *.h | egrep -v '$(LDNS_HEADERS_EX)' | tr '\n' ' ')`"'/g' \ + -e 's?^PYLDNS_I_FILES[ ]*=.*$$?PYLDNS_I_FILES = '"`(cd $(srcdir)/contrib; echo python/*.i | sed 's/python/\$$(pywrapdir)/g')`"'?g' \ + -e 's?^DRILL_LOBJS[ ]*=.*$$?DRILL_LOBJS = '"`(cd $(srcdir); echo drill/*.c | sed 's/\.c/\.lo/g')`"'?g' \ + -e 's?^EXAMPLE_LOBJS[ ]*=.*$$?EXAMPLE_LOBJS = '"`(cd $(srcdir); echo examples/*.c | sed 's/\.c/\.lo/g')`"'?g' \ + -e 's?^EXAMPLE_PROGS[ ]*=.*$$?EXAMPLE_PROGS = '"`(cd $(srcdir); ls -1 examples/*.c | egrep -v '$(EXAMPLE_PROGS_EX)' | sed 's/\.c//g' | tr '\n' ' ')`"'?g' \ + -e 's?^EX_PROGS_BASENM[ ]*=.*$$?EX_PROGS_BASENM = '"`(cd $(srcdir); ls -1 examples/*.c | sed -e 's/\.c//g' -e 's?examples/??g' | tr '\n' ' ')`"'?g' \ + $$mf > $(TMP_FILE) ;\ + mv $(TMP_FILE) $$mf ;\ + fi;\ + done + + +# dependency generation +DEPEND_TMP=depend1073.tmp +DEPEND_TMP2=depend1074.tmp +DEPEND_TARGET=Makefile +DEPEND_TARGET2=$(srcdir)/Makefile.in +# actions: generate deplines from gcc, +# then, filter out home/xx, /usr/xx and /opt/xx lines (some cc already do this) +# then, remove empty " \" lines +# then, add srcdir before .c and .h in deps. +# then, remove srcdir from the (generated) parser and lexer. +# and mention the .lo +depend: + if test ! -e config.h ; then ln -s ldns/config.h . ; fi + echo "" > $(DEPEND_TMP) + for builddir in `pwd` ; do \ + for subdir in . compat examples drill; do \ + (cd $(srcdir) ; $(CC) $(DEPFLAG) $(CPPFLAGS) $(CFLAGS) -I$$builddir -I$$subdir $$subdir/*.c) | \ + sed -e 's!'$$HOME'[^ ]* !!g' -e 's!'$$HOME'[^ ]*$$!!g' \ + -e 's!/usr[^ ]* !!g' -e 's!/usr[^ ]*$$!!g' \ + -e 's!/opt[^ ]* !!g' -e 's!/opt[^ ]*$$!!g' | \ + sed -e '/^ \\$$/d' | \ + sed -e 's? *\([^ ]*\.[ch]\)? $$(srcdir)/\1?g' | \ + sed -e 's? *\([^ ]*\.inc\)? $$(srcdir)/\1?g' | \ + sed -e 's?$$(srcdir)/ldns/config.h?ldns/config.h?g' \ + -e 's?$$(srcdir)/config.h?ldns/config.h?g' \ + -e 's?$$(srcdir)/ldns/common.h?ldns/common.h?g' \ + -e 's?$$(srcdir)/ldns/util.h?ldns/util.h?g' \ + -e 's?$$(srcdir)/ldns/net.h?ldns/net.h?g' \ + -e 's!\(.*\)\.o[ :]*!'"$$subdir/"'\1.lo '"$$subdir/"'\1.o: !g' \ + -e 's?^\.\/??g' -e 's? \.\/? ?g' \ + >> $(DEPEND_TMP) ;\ + done; \ + done + for p in $(EXAMPLE_PROGS) $(LDNS_DPA) $(LDNS_DANE) $(EX_SSL_PROGS); do \ + echo "$$p: $$p.lo $$p.o \$$(LIB)" >> $(DEPEND_TMP) ; done + echo "$(TESTNS): `for o in $(TESTNS_LOBJS) ; do \ + echo -n "$$o $${o%lo}o " ; done` \$$(LIB)" \ + >> $(DEPEND_TMP) + cp $(DEPEND_TARGET) $(DEPEND_TMP2) + head -`egrep -n "# Dependencies" $(DEPEND_TARGET) | tail -1 | sed -e 's/:.*$$//'` $(DEPEND_TMP2) > $(DEPEND_TARGET) + cat $(DEPEND_TMP) >> $(DEPEND_TARGET) + @if diff $(DEPEND_TARGET) $(DEPEND_TMP2); then echo " $(DEPEND_TARGET) unchanged"; else echo " Updated $(DEPEND_TARGET))"; fi + @if test -f $(DEPEND_TARGET2); then \ + cp $(DEPEND_TARGET2) $(DEPEND_TMP2); \ + head -`egrep -n "# Dependencies" $(DEPEND_TARGET2) | tail -1 | sed -e 's/:.*$$//'` $(DEPEND_TMP2) > $(DEPEND_TARGET2); \ + cat $(DEPEND_TMP) >> $(DEPEND_TARGET2); \ + if diff $(DEPEND_TARGET2) $(DEPEND_TMP2); then echo " $(DEPEND_TARGET2) unchanged"; else echo " Updated $(DEPEND_TARGET2))"; fi; \ + fi + rm -f $(DEPEND_TMP) $(DEPEND_TMP2) + +# Dependencies + +buffer.lo buffer.o: $(srcdir)/buffer.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +dane.lo dane.o: $(srcdir)/dane.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +dname.lo dname.o: $(srcdir)/dname.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +dnssec.lo dnssec.o: $(srcdir)/dnssec.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +dnssec_sign.lo dnssec_sign.o: $(srcdir)/dnssec_sign.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +dnssec_verify.lo dnssec_verify.o: $(srcdir)/dnssec_verify.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +dnssec_zone.lo dnssec_zone.o: $(srcdir)/dnssec_zone.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +duration.lo duration.o: $(srcdir)/duration.c ldns/config.h $(srcdir)/ldns/duration.h +edns.lo edns.o: $(srcdir)/edns.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +error.lo error.o: $(srcdir)/error.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +higher.lo higher.o: $(srcdir)/higher.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +host2str.lo host2str.o: $(srcdir)/host2str.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +host2wire.lo host2wire.o: $(srcdir)/host2wire.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +keys.lo keys.o: $(srcdir)/keys.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +linktest.lo linktest.o: $(srcdir)/linktest.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +net.lo net.o: $(srcdir)/net.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +packet.lo packet.o: $(srcdir)/packet.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +parse.lo parse.o: $(srcdir)/parse.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +radix.lo radix.o: $(srcdir)/radix.c ldns/config.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/error.h ldns/util.h \ + ldns/common.h +rbtree.lo rbtree.o: $(srcdir)/rbtree.c ldns/config.h $(srcdir)/ldns/rbtree.h ldns/util.h ldns/common.h +rdata.lo rdata.o: $(srcdir)/rdata.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +resolver.lo resolver.o: $(srcdir)/resolver.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +rr.lo rr.o: $(srcdir)/rr.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +rr_functions.lo rr_functions.o: $(srcdir)/rr_functions.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +sha1.lo sha1.o: $(srcdir)/sha1.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +sha2.lo sha2.o: $(srcdir)/sha2.c ldns/config.h $(srcdir)/ldns/sha2.h +str2host.lo str2host.o: $(srcdir)/str2host.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +tsig.lo tsig.o: $(srcdir)/tsig.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +update.lo update.o: $(srcdir)/update.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +util.lo util.o: $(srcdir)/util.c ldns/config.h $(srcdir)/ldns/rdata.h ldns/common.h $(srcdir)/ldns/error.h \ + ldns/util.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/buffer.h +wire2host.lo wire2host.o: $(srcdir)/wire2host.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +zone.lo zone.o: $(srcdir)/zone.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +compat/asctime_r.lo compat/asctime_r.o: $(srcdir)/compat/asctime_r.c ldns/config.h +compat/b64_ntop.lo compat/b64_ntop.o: $(srcdir)/compat/b64_ntop.c ldns/config.h +compat/b64_pton.lo compat/b64_pton.o: $(srcdir)/compat/b64_pton.c ldns/config.h +compat/calloc.lo compat/calloc.o: $(srcdir)/compat/calloc.c ldns/config.h +compat/ctime_r.lo compat/ctime_r.o: $(srcdir)/compat/ctime_r.c ldns/config.h +compat/fake-rfc2553.lo compat/fake-rfc2553.o: $(srcdir)/compat/fake-rfc2553.c ldns/config.h ldns/common.h \ + $(srcdir)/compat/fake-rfc2553.h +compat/gmtime_r.lo compat/gmtime_r.o: $(srcdir)/compat/gmtime_r.c ldns/config.h +compat/inet_aton.lo compat/inet_aton.o: $(srcdir)/compat/inet_aton.c ldns/config.h +compat/inet_ntop.lo compat/inet_ntop.o: $(srcdir)/compat/inet_ntop.c ldns/config.h +compat/inet_pton.lo compat/inet_pton.o: $(srcdir)/compat/inet_pton.c ldns/config.h +compat/isascii.lo compat/isascii.o: $(srcdir)/compat/isascii.c ldns/config.h +compat/isblank.lo compat/isblank.o: $(srcdir)/compat/isblank.c ldns/config.h +compat/localtime_r.lo compat/localtime_r.o: $(srcdir)/compat/localtime_r.c ldns/config.h +compat/malloc.lo compat/malloc.o: $(srcdir)/compat/malloc.c ldns/config.h +compat/memmove.lo compat/memmove.o: $(srcdir)/compat/memmove.c ldns/config.h +compat/realloc.lo compat/realloc.o: $(srcdir)/compat/realloc.c ldns/config.h +compat/snprintf.lo compat/snprintf.o: $(srcdir)/compat/snprintf.c ldns/config.h +compat/strlcpy.lo compat/strlcpy.o: $(srcdir)/compat/strlcpy.c ldns/config.h +compat/timegm.lo compat/timegm.o: $(srcdir)/compat/timegm.c ldns/config.h +examples/ldns-chaos.lo examples/ldns-chaos.o: $(srcdir)/examples/ldns-chaos.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-compare-zones.lo examples/ldns-compare-zones.o: $(srcdir)/examples/ldns-compare-zones.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-dane.lo examples/ldns-dane.o: $(srcdir)/examples/ldns-dane.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldnsd.lo examples/ldnsd.o: $(srcdir)/examples/ldnsd.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h \ + $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h \ + $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h \ + $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-dpa.lo examples/ldns-dpa.o: $(srcdir)/examples/ldns-dpa.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-gen-zone.lo examples/ldns-gen-zone.o: $(srcdir)/examples/ldns-gen-zone.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-key2ds.lo examples/ldns-key2ds.o: $(srcdir)/examples/ldns-key2ds.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-keyfetcher.lo examples/ldns-keyfetcher.o: $(srcdir)/examples/ldns-keyfetcher.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-keygen.lo examples/ldns-keygen.o: $(srcdir)/examples/ldns-keygen.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-mx.lo examples/ldns-mx.o: $(srcdir)/examples/ldns-mx.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-notify.lo examples/ldns-notify.o: $(srcdir)/examples/ldns-notify.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-nsec3-hash.lo examples/ldns-nsec3-hash.o: $(srcdir)/examples/ldns-nsec3-hash.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-read-zone.lo examples/ldns-read-zone.o: $(srcdir)/examples/ldns-read-zone.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-resolver.lo examples/ldns-resolver.o: $(srcdir)/examples/ldns-resolver.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-revoke.lo examples/ldns-revoke.o: $(srcdir)/examples/ldns-revoke.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-rrsig.lo examples/ldns-rrsig.o: $(srcdir)/examples/ldns-rrsig.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-signzone.lo examples/ldns-signzone.o: $(srcdir)/examples/ldns-signzone.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-test-edns.lo examples/ldns-test-edns.o: $(srcdir)/examples/ldns-test-edns.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-testns.lo examples/ldns-testns.o: $(srcdir)/examples/ldns-testns.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h \ + $(srcdir)/examples/ldns-testpkts.h +examples/ldns-testpkts.lo examples/ldns-testpkts.o: $(srcdir)/examples/ldns-testpkts.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h \ + $(srcdir)/examples/ldns-testpkts.h +examples/ldns-update.lo examples/ldns-update.o: $(srcdir)/examples/ldns-update.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-verify-zone.lo examples/ldns-verify-zone.o: $(srcdir)/examples/ldns-verify-zone.c ldns/config.h $(srcdir)/ldns/ldns.h \ + ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h \ + $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h \ + $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h \ + $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h \ + $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h \ + ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h \ + $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-version.lo examples/ldns-version.o: $(srcdir)/examples/ldns-version.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-walk.lo examples/ldns-walk.o: $(srcdir)/examples/ldns-walk.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-zcat.lo examples/ldns-zcat.o: $(srcdir)/examples/ldns-zcat.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-zsplit.lo examples/ldns-zsplit.o: $(srcdir)/examples/ldns-zsplit.c ldns/config.h $(srcdir)/ldns/ldns.h ldns/util.h \ + ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h \ + $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h \ + $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h \ + $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h \ + $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h \ + $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h \ + $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +drill/chasetrace.lo drill/chasetrace.o: $(srcdir)/drill/chasetrace.c $(srcdir)/drill/drill.h ldns/config.h \ + $(srcdir)/drill/drill_util.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h \ + $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h \ + $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h \ + $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +drill/dnssec.lo drill/dnssec.o: $(srcdir)/drill/dnssec.c $(srcdir)/drill/drill.h ldns/config.h $(srcdir)/drill/drill_util.h \ + $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h \ + $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h \ + $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h \ + $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h \ + $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h \ + $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +drill/drill.lo drill/drill.o: $(srcdir)/drill/drill.c $(srcdir)/drill/drill.h ldns/config.h $(srcdir)/drill/drill_util.h \ + $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h \ + $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h \ + $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h \ + $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h \ + $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h \ + $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +drill/drill_util.lo drill/drill_util.o: $(srcdir)/drill/drill_util.c $(srcdir)/drill/drill.h ldns/config.h \ + $(srcdir)/drill/drill_util.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h \ + $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h \ + $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h \ + $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +drill/error.lo drill/error.o: $(srcdir)/drill/error.c $(srcdir)/drill/drill.h ldns/config.h $(srcdir)/drill/drill_util.h \ + $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h \ + $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h \ + $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h \ + $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h \ + $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h \ + $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +drill/root.lo drill/root.o: $(srcdir)/drill/root.c $(srcdir)/drill/drill.h ldns/config.h $(srcdir)/drill/drill_util.h \ + $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h \ + $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h \ + $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h \ + $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h \ + $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h \ + $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +drill/securetrace.lo drill/securetrace.o: $(srcdir)/drill/securetrace.c $(srcdir)/drill/drill.h ldns/config.h \ + $(srcdir)/drill/drill_util.h $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h \ + $(srcdir)/ldns/error.h $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h \ + $(srcdir)/ldns/dnssec.h $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h \ + $(srcdir)/ldns/resolver.h $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h \ + $(srcdir)/ldns/host2str.h $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h \ + $(srcdir)/ldns/higher.h $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +drill/work.lo drill/work.o: $(srcdir)/drill/work.c $(srcdir)/drill/drill.h ldns/config.h $(srcdir)/drill/drill_util.h \ + $(srcdir)/ldns/ldns.h ldns/util.h ldns/common.h $(srcdir)/ldns/buffer.h $(srcdir)/ldns/error.h \ + $(srcdir)/ldns/dane.h $(srcdir)/ldns/rdata.h $(srcdir)/ldns/rr.h $(srcdir)/ldns/dname.h $(srcdir)/ldns/dnssec.h \ + $(srcdir)/ldns/packet.h $(srcdir)/ldns/edns.h $(srcdir)/ldns/keys.h $(srcdir)/ldns/zone.h $(srcdir)/ldns/resolver.h \ + $(srcdir)/ldns/tsig.h $(srcdir)/ldns/dnssec_zone.h $(srcdir)/ldns/rbtree.h $(srcdir)/ldns/host2str.h \ + $(srcdir)/ldns/dnssec_verify.h $(srcdir)/ldns/dnssec_sign.h $(srcdir)/ldns/duration.h $(srcdir)/ldns/higher.h \ + $(srcdir)/ldns/host2wire.h ldns/net.h $(srcdir)/ldns/str2host.h $(srcdir)/ldns/update.h \ + $(srcdir)/ldns/wire2host.h $(srcdir)/ldns/rr_functions.h $(srcdir)/ldns/parse.h $(srcdir)/ldns/radix.h \ + $(srcdir)/ldns/sha1.h $(srcdir)/ldns/sha2.h +examples/ldns-chaos: examples/ldns-chaos.lo examples/ldns-chaos.o $(LIB) +examples/ldns-compare-zones: examples/ldns-compare-zones.lo examples/ldns-compare-zones.o $(LIB) +examples/ldnsd: examples/ldnsd.lo examples/ldnsd.o $(LIB) +examples/ldns-gen-zone: examples/ldns-gen-zone.lo examples/ldns-gen-zone.o $(LIB) +examples/ldns-key2ds: examples/ldns-key2ds.lo examples/ldns-key2ds.o $(LIB) +examples/ldns-keyfetcher: examples/ldns-keyfetcher.lo examples/ldns-keyfetcher.o $(LIB) +examples/ldns-keygen: examples/ldns-keygen.lo examples/ldns-keygen.o $(LIB) +examples/ldns-mx: examples/ldns-mx.lo examples/ldns-mx.o $(LIB) +examples/ldns-notify: examples/ldns-notify.lo examples/ldns-notify.o $(LIB) +examples/ldns-read-zone: examples/ldns-read-zone.lo examples/ldns-read-zone.o $(LIB) +examples/ldns-resolver: examples/ldns-resolver.lo examples/ldns-resolver.o $(LIB) +examples/ldns-rrsig: examples/ldns-rrsig.lo examples/ldns-rrsig.o $(LIB) +examples/ldns-test-edns: examples/ldns-test-edns.lo examples/ldns-test-edns.o $(LIB) +examples/ldns-update: examples/ldns-update.lo examples/ldns-update.o $(LIB) +examples/ldns-version: examples/ldns-version.lo examples/ldns-version.o $(LIB) +examples/ldns-walk: examples/ldns-walk.lo examples/ldns-walk.o $(LIB) +examples/ldns-zcat: examples/ldns-zcat.lo examples/ldns-zcat.o $(LIB) +examples/ldns-zsplit: examples/ldns-zsplit.lo examples/ldns-zsplit.o $(LIB) +examples/ldns-dpa: examples/ldns-dpa.lo examples/ldns-dpa.o $(LIB) +examples/ldns-dane: examples/ldns-dane.lo examples/ldns-dane.o $(LIB) +examples/ldns-nsec3-hash: examples/ldns-nsec3-hash.lo examples/ldns-nsec3-hash.o $(LIB) +examples/ldns-revoke: examples/ldns-revoke.lo examples/ldns-revoke.o $(LIB) +examples/ldns-signzone: examples/ldns-signzone.lo examples/ldns-signzone.o $(LIB) +examples/ldns-verify-zone: examples/ldns-verify-zone.lo examples/ldns-verify-zone.o $(LIB) +examples/ldns-testns: examples/ldns-testns.lo examples/ldns-testns.o examples/ldns-testpkts.lo examples/ldns-testpkts.o $(LIB) diff --git a/zonemaster-ldns/ldns/README b/zonemaster-ldns/ldns/README new file mode 100644 index 0000000..e07fdc0 --- /dev/null +++ b/zonemaster-ldns/ldns/README @@ -0,0 +1,108 @@ + +Contents: + REQUIREMENTS + INSTALLATION + libdns + examples + drill + INFORMATION FOR SPECIFIC OPERATING SYSTEMS + Mac OS X + Solaris + KNOWN ISSUES + pyldns + Your Support + +Project page: +http://www.nlnetlabs.nl/ldns/ +On that page you can also subscribe to the ldns mailing list. + +* Development +ldns is mainly developed on Linux and FreeBSD. It is regularly tested to +compile on other systems like Solaris and Mac OS X. + +REQUIREMENTS +- OpenSSL (Optional, but needed for features like DNSSEC) + - OpenSSL >= 0.9.7f for DANE support + - OpenSSL >= 1.0.0 for ECDSA and GOST support +- libpcap (Optional, but needed for examples/ldns-dpa) +- (GNU) libtool (in OSX, that's glibtool, not libtool) +- GNU make + +INSTALLATION +1. Unpack the tarball +2. cd ldns- +3. ./configure --with-examples --with-drill + (optionally compile python bindings too with: --with-pyldns) +4. make +5. make install + + +* Building from repository + +If you are building from the repository you will need to have (gnu) +autotools like libtool and autoreconf installed. A list of all the commands +needed to build everything can be found in README.git. Note that the actual +commands may be a little bit different on your machine. Most notably, you'll +need to run libtoolize (or glibtoolize). If you skip this step, you'll get +an error about missing config.sub. + +* Developers +ldns is developed by the ldns team at NLnet Labs. This team currently +consists of: + o Willem Toorop + o Wouter Wijngaards + +Former main developers: + o Jelte Jansen + o Miek Gieben + o Matthijs Mekking + +* Credits +We have received patches from the following people, thanks! + o Bedrich Kosata + o Erik Rozendaal + o Håkan Olsson + o Jakob Schlyter + o Paul Wouters + o Simon Vallet + o Ondřej Surý + o Karel Slany + o Havard Eidnes + o Leo Baltus + o Dag-Erling Smørgrav + o Felipe Gasper + + +INFORMATION FOR SPECIFIC OPERATING SYSTEMS + +MAC OS X + +For MACOSX 10.4 and later, it seems that you have to set the +MACOSX_DEPLOYMENT_TARGET environment variable to 10.4 before running +make. Apparently it defaults to 10.1. + +This appears to be a known problem in 10.2 to 10.4, see: +http://developer.apple.com/qa/qa2001/qa1233.html +for more information. + + +SOLARIS + +In Solaris multi-architecture systems (which have both 32-bit and +64-bit support), it can be a bit taxing to convince the system to +compile in 64-bit mode. Jakob Schlyter has kindly contributed a build +script that sets the right build and link options. You can find it in +contrib/build-solaris.sh + +KNOWN ISSUES + +A complete list of currently known open issues can be found here: +https://github.com/NLnetLabs/ldns/issues + +* pyldns +Compiling pyldns produces many ``unused parameter'' warnings. Those are +harmless and may safely be ignored. +Also, when building with SWIG older than 2.0.4, compiling +pyldns produces many ``missing initializer'' warnings. Those are harmless +too. + diff --git a/zonemaster-ldns/ldns/README.git b/zonemaster-ldns/ldns/README.git new file mode 100644 index 0000000..2d4162b --- /dev/null +++ b/zonemaster-ldns/ldns/README.git @@ -0,0 +1,23 @@ +# The ldns git repository can found at: +# git.nlnetlabs.nl/ldns/ + +# small list of commands to build all on a linux system +# libtoolize is needed for most other targets + +# on Solaris, and other systems that may not have +# the default 'automake' and 'aclocal' script aliases, +# the correct versions may need to be set. On those +# systems, the 'autoreconf' line should be changed to: +# AUTOMAKE=automake-1.10 ACLOCAL=aclocal-1.10 autoreconf + +# older versions of libtoolize do not support --install +# so you might need to remove that (with newer versions +# it is needed) +git submodule update --init +libtoolize -ci +autoreconf -fi +./configure --with-examples --with-drill # --with-pyldns --with-p5-dns-ldns +make +make doc # needs doxygen for the html pages +(cd pcat && autoreconf && ./configure && make) +(cd examples/nsd-test && autoreconf && ./configure && make) diff --git a/zonemaster-ldns/ldns/README.snapshots b/zonemaster-ldns/ldns/README.snapshots new file mode 100644 index 0000000..df7ee00 --- /dev/null +++ b/zonemaster-ldns/ldns/README.snapshots @@ -0,0 +1,8 @@ +ldns - snapshot releases + +Snapshot releases are not official released. They can be released to +interested parties for development. + +Snapshots can be recognized from the date in the tar file name. + +They should not be used for packaging in distributions. diff --git a/zonemaster-ldns/ldns/acx_nlnetlabs.m4 b/zonemaster-ldns/ldns/acx_nlnetlabs.m4 new file mode 100644 index 0000000..6a01dc5 --- /dev/null +++ b/zonemaster-ldns/ldns/acx_nlnetlabs.m4 @@ -0,0 +1,1544 @@ +# acx_nlnetlabs.m4 - common macros for configure checks +# Copyright 2009, Wouter Wijngaards, NLnet Labs. +# BSD licensed. +# +# Version 48 +# 2024-01-16 fix to add -l:libssp.a to -lcrypto link check. +# and check for getaddrinfo with only header. +# 2024-01-15 fix to add crypt32 to -lcrypto link check when checking for gdi32. +# 2023-05-04 fix to remove unused whitespace. +# 2023-01-26 fix -Wstrict-prototypes. +# 2022-09-01 fix checking if nonblocking sockets work on OpenBSD. +# 2021-08-17 fix sed script in ssldir split handling. +# 2021-08-17 fix for openssl to detect split version, with ssldir_include +# and ssldir_lib output directories. +# 2021-07-30 fix for openssl use of lib64 directory. +# 2021-06-14 fix nonblocking test to use host instead of target for mingw test. +# 2021-05-17 fix nonblocking socket test from grep on mingw32 to mingw for +# 64bit compatibility. +# 2021-03-24 fix ACX_FUNC_DEPRECATED to use CPPFLAGS and CFLAGS. +# 2021-01-05 fix defun for aclocal +# 2021-01-05 autoconf 2.70 autoupdate and fixes, no AC_TRY_COMPILE +# 2020-08-24 Use EVP_sha256 instead of HMAC_Update (for openssl-3.0.0). +# 2016-03-21 Check -ldl -pthread for libcrypto for ldns and openssl 1.1.0. +# 2016-03-21 Use HMAC_Update instead of HMAC_CTX_Init (for openssl-1.1.0). +# 2016-01-04 -D_DEFAULT_SOURCE defined with -D_BSD_SOURCE for Linux glibc 2.20 +# 2015-12-11 FLTO check for new OSX, clang. +# 2015-11-18 spelling check fix. +# 2015-11-05 ACX_SSL_CHECKS no longer adds -ldl needlessly. +# 2015-08-28 ACX_CHECK_PIE and ACX_CHECK_RELRO_NOW added. +# 2015-03-17 AHX_CONFIG_REALLOCARRAY added +# 2013-09-19 FLTO help text improved. +# 2013-07-18 Enable ACX_CHECK_COMPILER_FLAG to test for -Wstrict-prototypes +# 2013-06-25 FLTO has --disable-flto option. +# 2013-05-03 Update W32_SLEEP for newer mingw that links but not defines it. +# 2013-03-22 Fix ACX_RSRC_VERSION for long version numbers. +# 2012-02-09 Fix AHX_MEMCMP_BROKEN with undef in compat/memcmp.h. +# 2012-01-20 Fix COMPILER_FLAGS_UNBOUND for gcc 4.6.2 assigned-not-used-warns. +# 2011-12-05 Fix getaddrinfowithincludes on windows with fedora16 mingw32-gcc. +# Fix ACX_MALLOC for redefined malloc error. +# Fix GETADDRINFO_WITH_INCLUDES to add -lws2_32 +# 2011-11-10 Fix FLTO test to not drop a.out in current directory. +# 2011-11-01 Fix FLTO test for llvm on Lion. +# 2011-08-01 Fix nonblock test (broken at v13). +# 2011-08-01 Fix autoconf 2.68 warnings +# 2011-06-23 Add ACX_CHECK_FLTO to check -flto. +# 2010-08-16 Fix FLAG_OMITTED for AS_TR_CPP changes in autoconf-2.66. +# 2010-07-02 Add check for ss_family (for minix). +# 2010-04-26 Fix to use CPPFLAGS for CHECK_COMPILER_FLAGS. +# 2010-03-01 Fix RPATH using CONFIG_COMMANDS to run at the very end. +# 2010-02-18 WITH_SSL outputs the LIBSSL_LDFLAGS, LIBS, CPPFLAGS separate, -ldl +# 2010-02-01 added ACX_CHECK_MEMCMP_SIGNED, AHX_MEMCMP_BROKEN +# 2010-01-20 added AHX_COONFIG_STRLCAT +# 2009-07-14 U_CHAR detection improved for windows crosscompile. +# added ACX_FUNC_MALLOC +# fixup some #if to #ifdef +# NONBLOCKING test for mingw crosscompile. +# 2009-07-13 added ACX_WITH_SSL_OPTIONAL +# 2009-07-03 fixup LDFLAGS for empty ssl dir. +# +# Automates some of the checking constructs. Aims at portability for POSIX. +# Documentation for functions is below. +# +# the following macro's are provided in this file: +# (see below for details on each macro). +# +# ACX_ESCAPE_BACKSLASH - escape backslashes in var for C-preproc. +# ACX_RSRC_VERSION - create windows resource version number. +# ACX_CHECK_COMPILER_FLAG - see if cc supports a flag. +# ACX_CHECK_ERROR_FLAGS - see which flag is -werror (used below). +# ACX_CHECK_COMPILER_FLAG_NEEDED - see if flags make the code compile cleanly. +# ACX_DEPFLAG - find cc dependency flags. +# ACX_DETERMINE_EXT_FLAGS_UNBOUND - find out which flags enable BSD and POSIX. +# ACX_CHECK_FORMAT_ATTRIBUTE - find cc printf format syntax. +# ACX_CHECK_UNUSED_ATTRIBUTE - find cc variable unused syntax. +# ACX_CHECK_FLTO - see if cc supports -flto and use it if so. +# ACX_LIBTOOL_C_ONLY - create libtool for C only, improved. +# ACX_TYPE_U_CHAR - u_char type. +# ACX_TYPE_RLIM_T - rlim_t type. +# ACX_TYPE_SOCKLEN_T - socklen_t type. +# ACX_TYPE_IN_ADDR_T - in_addr_t type. +# ACX_TYPE_IN_PORT_T - in_port_t type. +# ACX_ARG_RPATH - add --disable-rpath option. +# ACX_WITH_SSL - add --with-ssl option, link -lcrypto. +# ACX_WITH_SSL_OPTIONAL - add --with-ssl option, link -lcrypto, +# where --without-ssl is also accepted +# ACX_LIB_SSL - setup to link -lssl. +# ACX_SYS_LARGEFILE - improved sys_largefile, fseeko, >2G files. +# ACX_CHECK_GETADDRINFO_WITH_INCLUDES - find getaddrinfo, portably. +# ACX_FUNC_DEPRECATED - see if func is deprecated. +# ACX_CHECK_NONBLOCKING_BROKEN - see if nonblocking sockets really work. +# ACX_MKDIR_ONE_ARG - determine mkdir(2) number of arguments. +# ACX_FUNC_IOCTLSOCKET - find ioctlsocket, portably. +# ACX_FUNC_MALLOC - check malloc, define replacement . +# AHX_CONFIG_FORMAT_ATTRIBUTE - config.h text for format. +# AHX_CONFIG_UNUSED_ATTRIBUTE - config.h text for unused. +# AHX_CONFIG_FSEEKO - define fseeko, ftello fallback. +# AHX_CONFIG_RAND_MAX - define RAND_MAX if needed. +# AHX_CONFIG_MAXHOSTNAMELEN - define MAXHOSTNAMELEN if needed. +# AHX_CONFIG_IPV6_MIN_MTU - define IPV6_MIN_MTU if needed. +# AHX_CONFIG_SNPRINTF - snprintf compat prototype +# AHX_CONFIG_INET_PTON - inet_pton compat prototype +# AHX_CONFIG_INET_NTOP - inet_ntop compat prototype +# AHX_CONFIG_INET_ATON - inet_aton compat prototype +# AHX_CONFIG_MEMMOVE - memmove compat prototype +# AHX_CONFIG_STRLCAT - strlcat compat prototype +# AHX_CONFIG_STRLCPY - strlcpy compat prototype +# AHX_CONFIG_GMTIME_R - gmtime_r compat prototype +# AHX_CONFIG_W32_SLEEP - w32 compat for sleep +# AHX_CONFIG_W32_USLEEP - w32 compat for usleep +# AHX_CONFIG_W32_RANDOM - w32 compat for random +# AHX_CONFIG_W32_SRANDOM - w32 compat for srandom +# AHX_CONFIG_W32_FD_SET_T - w32 detection of FD_SET_T. +# ACX_CFLAGS_STRIP - strip one flag from CFLAGS +# ACX_STRIP_EXT_FLAGS - strip extension flags from CFLAGS +# AHX_CONFIG_FLAG_OMITTED - define omitted flag +# AHX_CONFIG_FLAG_EXT - define omitted extension flag +# AHX_CONFIG_EXT_FLAGS - define the stripped extension flags +# ACX_CHECK_MEMCMP_SIGNED - check if memcmp uses signed characters. +# AHX_MEMCMP_BROKEN - replace memcmp func for CHECK_MEMCMP_SIGNED. +# ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family +# ACX_CHECK_PIE - add --enable-pie option and check if works +# ACX_CHECK_RELRO_NOW - add --enable-relro-now option and check it +# + +dnl Escape backslashes as \\, for C:\ paths, for the C preprocessor defines. +dnl for example, ACX_ESCAPE_BACKSLASH($from_var, to_var) +dnl $1: the text to change. +dnl $2: the result. +AC_DEFUN([ACX_ESCAPE_BACKSLASH], [$2="`echo $1 | sed -e 's/\\\\/\\\\\\\\/g'`" +]) + +dnl Calculate comma separated windows-resource numbers from package version. +dnl Picks the first three(,0) or four numbers out of the name. +dnl $1: variable for the result +AC_DEFUN([ACX_RSRC_VERSION], +[$1=[`echo $PACKAGE_VERSION | sed -e 's/^[^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\).*$/\1,\2,\3,\4/' -e 's/^[^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9][^0-9]*\([0-9][0-9]*\)[^0-9]*$/\1,\2,\3,0/' `] +]) + +dnl Routine to help check for compiler flags. +dnl Checks if the compiler will accept the flag. +dnl $1: the flag without a - in front, so g to check -g. +dnl $2: executed if yes +dnl $3: executed if no +AC_DEFUN([ACX_CHECK_COMPILER_FLAG], +[ +AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(whether $CC supports -$1) +cache=`echo $1 | sed 'y%.=/+-%___p_%'` +AC_CACHE_VAL(cv_prog_cc_flag_$cache, +[ +echo 'void f(void){}' >conftest.c +if test -z "`$CC $CPPFLAGS $CFLAGS -$1 -c conftest.c 2>&1`"; then +eval "cv_prog_cc_flag_$cache=yes" +else +eval "cv_prog_cc_flag_$cache=no" +fi +rm -f conftest conftest.o conftest.c +]) +if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then +AC_MSG_RESULT(yes) +: +$2 +else +AC_MSG_RESULT(no) +: +$3 +fi +]) + +dnl setup flags for ACX_CHECK_COMPILER_FLAG_NEEDED +dnl ERRFLAG: result, compiler flag to turn warnings into errors +AC_DEFUN([ACX_CHECK_ERROR_FLAGS], +[ +ACX_CHECK_COMPILER_FLAG(Werror, [ERRFLAG="-Werror"], [ERRFLAG="-errwarn"]) +ACX_CHECK_COMPILER_FLAG(Wall, [ERRFLAG="$ERRFLAG -Wall"], + [ERRFLAG="$ERRFLAG -errfmt"]) +]) + +dnl Routine to help check for needed compiler flags. +dnl $1: flags for CC +dnl $2: the includes and code +dnl $3: if the given code only compiles with the flag, execute argument 3 +dnl $4: if the given code compiles without the flag, execute argument 4 +dnl $5: with and without flag the compile fails, execute argument 5. +AC_DEFUN([ACX_CHECK_COMPILER_FLAG_NEEDED], +[ +AC_REQUIRE([AC_PROG_CC]) +AC_REQUIRE([ACX_CHECK_ERROR_FLAGS]) +AC_MSG_CHECKING(whether we need $1 as a flag for $CC) +cache=AS_TR_SH($1) +dnl cache=`echo $1 | sed 'y%.=/+- %___p__%'` +AC_CACHE_VAL(cv_prog_cc_flag_needed_$cache, +[ +echo '$2' > conftest.c +echo 'void f(void){}' >>conftest.c +if test -z "`$CC $CPPFLAGS $CFLAGS $ERRFLAG -c conftest.c 2>&1`"; then +eval "cv_prog_cc_flag_needed_$cache=no" +else +[ +if test -z "`$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1`"; then +eval "cv_prog_cc_flag_needed_$cache=yes" +else +eval "cv_prog_cc_flag_needed_$cache=fail" +#echo 'Test with flag fails too!' +#cat conftest.c +#echo "$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" +#echo `$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` +#exit 1 +fi +] +fi +rm -f conftest conftest.c conftest.o +]) +if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = yes"; then +AC_MSG_RESULT(yes) +: +$3 +else +if eval "test \"`echo '$cv_prog_cc_flag_needed_'$cache`\" = no"; then +AC_MSG_RESULT(no) +#echo 'Test with flag is no!' +#cat conftest.c +#echo "$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1" +#echo `$CC $CPPFLAGS $CFLAGS $1 $ERRFLAG -c conftest.c 2>&1` +#exit 1 +: +$4 +else +AC_MSG_RESULT(failed) +: +$5 +fi +fi +]) + +dnl Check for CC dependency flag +dnl DEPFLAG: set to flag that generates dependencies. +AC_DEFUN([ACX_DEPFLAG], +[ +AC_MSG_CHECKING([$CC dependency flag]) +echo 'void f(void){}' >conftest.c +if test "`$CC -MM conftest.c 2>&1`" = "conftest.o: conftest.c"; then + DEPFLAG="-MM" +else + if test "`$CC -xM1 conftest.c 2>&1`" = "conftest.o: conftest.c"; then + DEPFLAG="-xM1" + else + DEPFLAG="-MM" # dunno do something + fi +fi +AC_MSG_RESULT($DEPFLAG) +rm -f conftest.c +AC_SUBST(DEPFLAG) +]) + +dnl Determine flags that gives POSIX and BSD functionality. +dnl CFLAGS is modified for the result. +AC_DEFUN([ACX_DETERMINE_EXT_FLAGS_UNBOUND], +[ +ACX_CHECK_COMPILER_FLAG(std=c99, [C99FLAG="-std=c99"]) +ACX_CHECK_COMPILER_FLAG(xc99, [C99FLAG="-xc99"]) + +AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT]) + +ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE, +[ +#include "confdefs.h" +#include +#include +#include +#ifdef HAVE_TIME_H +#include +#endif +#include +#include +#ifdef HAVE_GETOPT_H +#include +#endif + +int test(void) { + int a; + char **opts = NULL; + struct timeval tv; + char *t; + time_t time = 0; + char *buf = NULL; + const char* str = NULL; + struct msghdr msg; + msg.msg_control = 0; + t = ctime_r(&time, buf); + tv.tv_usec = 10; + srandom(32); + a = getopt(2, opts, "a"); + a = isascii(32); + str = gai_strerror(0); + if(str && t && tv.tv_usec && msg.msg_control) + a = 0; + return a; +} +], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED=1 -D_ALL_SOURCE"]) + +ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE, +[ +#include "confdefs.h" +#include +#include +#include +#ifdef HAVE_TIME_H +#include +#endif +#include +#include +#ifdef HAVE_GETOPT_H +#include +#endif + +int test(void) { + int a; + char **opts = NULL; + struct timeval tv; + char *t; + time_t time = 0; + char *buf = NULL; + const char* str = NULL; + struct msghdr msg; + msg.msg_control = 0; + t = ctime_r(&time, buf); + tv.tv_usec = 10; + srandom(32); + a = getopt(2, opts, "a"); + a = isascii(32); + str = gai_strerror(0); + if(str && t && tv.tv_usec && msg.msg_control) + a = 0; + return a; +} +], [CFLAGS="$CFLAGS $C99FLAG -D__EXTENSIONS__ -D_BSD_SOURCE -D_DEFAULT_SOURCE -D_POSIX_C_SOURCE=200112 -D_XOPEN_SOURCE=600 -D_ALL_SOURCE"]) + +ACX_CHECK_COMPILER_FLAG_NEEDED($C99FLAG, +[ +#include +#include +int test(void) { + int a = 0; + return a; +} +], [CFLAGS="$CFLAGS $C99FLAG"]) + +ACX_CHECK_COMPILER_FLAG_NEEDED(-D_BSD_SOURCE -D_DEFAULT_SOURCE, +[ +#include + +int test(void) { + int a; + a = isascii(32); + return a; +} +], [CFLAGS="$CFLAGS -D_BSD_SOURCE -D_DEFAULT_SOURCE"]) + +ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE, +[ +#include + +int test(void) { + struct in6_pktinfo inf; + int a = (int)sizeof(inf); + return a; +} +], [CFLAGS="$CFLAGS -D_GNU_SOURCE"]) + +# check again for GNU_SOURCE for setresgid. May fail if setresgid +# is not available at all. -D_FRSRESGID is to make this check unique. +# otherwise we would get the previous cached result. +ACX_CHECK_COMPILER_FLAG_NEEDED(-D_GNU_SOURCE -D_FRSRESGID, +[ +#include + +int test(void) { + int a = setresgid(0,0,0); + a = setresuid(0,0,0); + return a; +} +], [CFLAGS="$CFLAGS -D_GNU_SOURCE"]) + +ACX_CHECK_COMPILER_FLAG_NEEDED(-D_POSIX_C_SOURCE=200112, +[ +#include "confdefs.h" +#ifdef HAVE_TIME_H +#include +#endif +#include + +int test(void) { + int a = 0; + char *t; + time_t time = 0; + char *buf = NULL; + const char* str = NULL; + t = ctime_r(&time, buf); + str = gai_strerror(0); + if(t && str) + a = 0; + return a; +} +], [CFLAGS="$CFLAGS -D_POSIX_C_SOURCE=200112"]) + +ACX_CHECK_COMPILER_FLAG_NEEDED(-D__EXTENSIONS__, +[ +#include "confdefs.h" +#include +#include +#include +#ifdef HAVE_TIME_H +#include +#endif +#include +#ifdef HAVE_GETOPT_H +#include +#endif + +int test(void) { + int a; + char **opts = NULL; + struct timeval tv; + tv.tv_usec = 10; + srandom(32); + a = getopt(2, opts, "a"); + a = isascii(32); + if(tv.tv_usec) + a = 0; + return a; +} +], [CFLAGS="$CFLAGS -D__EXTENSIONS__"]) + +])dnl End of ACX_DETERMINE_EXT_FLAGS_UNBOUND + +dnl Check if CC supports -flto. +dnl in a way that supports clang and suncc (that flag does something else, +dnl but fails to link). It sets it in CFLAGS if it works. +AC_DEFUN([ACX_CHECK_FLTO], [ + AC_ARG_ENABLE([flto], AS_HELP_STRING([--disable-flto], [Disable link-time optimization (gcc specific option)])) + AS_IF([test "x$enable_flto" != "xno"], [ + AC_MSG_CHECKING([if $CC supports -flto]) + BAKCFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -flto" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ + if $CC $CFLAGS -o conftest conftest.c 2>&1 | $GREP -e "warning: no debug symbols in executable" -e "warning: object" >/dev/null; then + CFLAGS="$BAKCFLAGS" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi + rm -f conftest conftest.c conftest.o + ], [CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) + ]) +]) + +dnl Check the printf-format attribute (if any) +dnl result in HAVE_ATTR_FORMAT. +dnl Make sure you also include the AHX_CONFIG_FORMAT_ATTRIBUTE. +AC_DEFUN([ACX_CHECK_FORMAT_ATTRIBUTE], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "format" attribute) +AC_CACHE_VAL(ac_cv_c_format_attribute, +[ac_cv_c_format_attribute=no +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include +void f (char *format, ...) __attribute__ ((format (printf, 1, 2))); +void (*pf) (char *format, ...) __attribute__ ((format (printf, 1, 2))); +]], [[ + f ("%s", "str"); +]])],[ac_cv_c_format_attribute="yes"],[ac_cv_c_format_attribute="no"]) +]) + +AC_MSG_RESULT($ac_cv_c_format_attribute) +if test $ac_cv_c_format_attribute = yes; then + AC_DEFINE(HAVE_ATTR_FORMAT, 1, [Whether the C compiler accepts the "format" attribute]) +fi +])dnl End of ACX_CHECK_FORMAT_ATTRIBUTE + +dnl Setup ATTR_FORMAT config.h parts. +dnl make sure you call ACX_CHECK_FORMAT_ATTRIBUTE also. +AC_DEFUN([AHX_CONFIG_FORMAT_ATTRIBUTE], +[ +#ifdef HAVE_ATTR_FORMAT +# define ATTR_FORMAT(archetype, string_index, first_to_check) \ + __attribute__ ((format (archetype, string_index, first_to_check))) +#else /* !HAVE_ATTR_FORMAT */ +# define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ +#endif /* !HAVE_ATTR_FORMAT */ +]) + +dnl Check how to mark function arguments as unused. +dnl result in HAVE_ATTR_UNUSED. +dnl Make sure you include AHX_CONFIG_UNUSED_ATTRIBUTE also. +AC_DEFUN([ACX_CHECK_UNUSED_ATTRIBUTE], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(whether the C compiler (${CC-cc}) accepts the "unused" attribute) +AC_CACHE_VAL(ac_cv_c_unused_attribute, +[ac_cv_c_unused_attribute=no +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[#include +void f (char *u __attribute__((unused))); +]], [[ + f ("x"); +]])],[ac_cv_c_unused_attribute="yes"],[ac_cv_c_unused_attribute="no"]) +]) + +dnl Setup ATTR_UNUSED config.h parts. +dnl make sure you call ACX_CHECK_UNUSED_ATTRIBUTE also. +AC_DEFUN([AHX_CONFIG_UNUSED_ATTRIBUTE], +[ +#if defined(DOXYGEN) +# define ATTR_UNUSED(x) x +#elif defined(__cplusplus) +# define ATTR_UNUSED(x) +#elif defined(HAVE_ATTR_UNUSED) +# define ATTR_UNUSED(x) x __attribute__((unused)) +#else /* !HAVE_ATTR_UNUSED */ +# define ATTR_UNUSED(x) x +#endif /* !HAVE_ATTR_UNUSED */ +]) + +AC_MSG_RESULT($ac_cv_c_unused_attribute) +if test $ac_cv_c_unused_attribute = yes; then + AC_DEFINE(HAVE_ATTR_UNUSED, 1, [Whether the C compiler accepts the "unused" attribute]) +fi +])dnl + +dnl Pre-fun for ACX_LIBTOOL_C_ONLY +AC_DEFUN([ACX_LIBTOOL_C_PRE], [ +# skip these tests, we do not need them. +AC_DEFUN([AC_PROG_F77], [:]) +AC_DEFUN([AC_PROG_FC], [:]) +AC_DEFUN([AC_PROG_CXX], [:]) +AC_DEFUN([AC_PROG_CXXCPP], [:]) +AC_DEFUN([AC_PROG_OBJC], [:]) +AC_DEFUN([AC_PROG_OBJCCPP], [:]) +AC_DEFUN([AC_LIBTOOL_CXX], [:]) +AC_DEFUN([AC_LIBTOOL_F77], [:]) +# always use ./libtool unless override from commandline (libtool=mylibtool) +if test -z "$libtool"; then + libtool="./libtool" +fi +AC_SUBST(libtool) +# avoid libtool max commandline length test on systems that fork slowly. +AC_CANONICAL_HOST +if echo "$host_os" | grep "sunos4" >/dev/null; then + lt_cv_sys_max_cmd_len=32750; +fi +AC_PATH_TOOL(AR, ar, [false]) +if test $AR = false; then + AC_MSG_ERROR([Cannot find 'ar', please extend PATH to include it]) +fi +]) + +dnl Perform libtool check, portably, only for C +AC_DEFUN([ACX_LIBTOOL_C_ONLY], [ +dnl as a requirement so that is gets called before LIBTOOL +dnl because libtools 'AC_REQUIRE' names are right after this one, before +dnl this function contents. +AC_REQUIRE([ACX_LIBTOOL_C_PRE]) +LT_INIT +]) + +dnl Detect if u_char type is defined, otherwise define it. +AC_DEFUN([ACX_TYPE_U_CHAR], +[AC_CHECK_TYPE([u_char], , + [AC_DEFINE([u_char], [unsigned char], [Define to 'unsigned char if not defined])], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_WINSOCK2_H +# include +#endif +]) ]) + +dnl Detect if rlim_t type is defined, otherwise define it. +AC_DEFUN([ACX_TYPE_RLIM_T], +[AC_CHECK_TYPE(rlim_t, , + [AC_DEFINE([rlim_t], [unsigned long], [Define to 'int' if not defined])], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_RESOURCE_H +# include +#endif +]) ]) + +dnl Detect if socklen_t type is defined, otherwise define it. +AC_DEFUN([ACX_TYPE_SOCKLEN_T], +[ +AC_CHECK_TYPE(socklen_t, , + [AC_DEFINE([socklen_t], [int], [Define to 'int' if not defined])], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_SOCKET_H +# include +#endif +#ifdef HAVE_WS2TCPIP_H +# include +#endif +]) ]) + +dnl Detect if in_addr_t type is defined, otherwise define it. +AC_DEFUN([ACX_TYPE_IN_ADDR_T], +[ AC_CHECK_TYPE(in_addr_t, [], [AC_DEFINE([in_addr_t], [uint32_t], [in_addr_t])], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_NETINET_IN_H +# include +#endif +]) ]) + +dnl Detect if in_port_t type is defined, otherwise define it. +AC_DEFUN([ACX_TYPE_IN_PORT_T], +[ AC_CHECK_TYPE(in_port_t, [], [AC_DEFINE([in_port_t], [uint16_t], [in_port_t])], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_SYS_TYPES_H +# include +#endif +#ifdef HAVE_NETINET_IN_H +# include +#endif +]) ]) + +dnl Add option to disable the evil rpath. Check whether to use rpath or not. +dnl Adds the --disable-rpath option. Uses trick to edit the ./libtool. +AC_DEFUN([ACX_ARG_RPATH], +[ +AC_ARG_ENABLE(rpath, + [ --disable-rpath disable hardcoded rpath (default=enabled)], + enable_rpath=$enableval, enable_rpath=yes) +if test "x$enable_rpath" = xno; then + dnl AC_MSG_RESULT([Fixing libtool for -rpath problems.]) + AC_CONFIG_COMMANDS([disable-rpath], [ + sed < libtool > libtool-2 \ + 's/^hardcode_libdir_flag_spec.*$'/'hardcode_libdir_flag_spec=" -D__LIBTOOL_RPATH_SED__ "/' + mv libtool-2 libtool + chmod 755 libtool + libtool="./libtool" + ]) +fi +]) + +dnl Add a -R to the RUNTIME_PATH. Only if rpath is enabled and it is +dnl an absolute path. +dnl $1: the pathname to add. +AC_DEFUN([ACX_RUNTIME_PATH_ADD], [ + if test "x$enable_rpath" = xyes; then + if echo "$1" | grep "^/" >/dev/null; then + RUNTIME_PATH="$RUNTIME_PATH -R$1" + fi + fi +]) + +dnl Common code for both ACX_WITH_SSL and ACX_WITH_SSL_OPTIONAL +dnl Takes one argument; the withval checked in those 2 functions +dnl sets up the environment for the given openssl path +AC_DEFUN([ACX_SSL_CHECKS], [ + withval=$1 + if test x_$withval != x_no; then + AC_MSG_CHECKING(for SSL) + if test -n "$withval"; then + dnl look for openssl install with different version, eg. + dnl in /usr/include/openssl11/openssl/ssl.h + dnl and /usr/lib64/openssl11/libssl.so + dnl with the --with-ssl=/usr/include/openssl11 + if test ! -f "$withval/include/openssl/ssl.h" -a -f "$withval/openssl/ssl.h"; then + ssldir="$withval" + found_ssl="yes" + withval="" + ssldir_include="$ssldir" + dnl find the libdir + ssldir_lib=`echo $ssldir | sed -e 's/include/lib/'` + if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then + : # found here + else + ssldir_lib=`echo $ssldir | sed -e 's/include/lib64/'` + if test -f "$ssldir_lib/libssl.a" -o -f "$ssldir_lib/libssl.so"; then + : # found here + else + AC_MSG_ERROR([Could not find openssl lib file, $ssldir_lib/libssl.[so,a], pass like "/usr/local" or "/usr/include/openssl11"]) + fi + fi + fi + fi + if test x_$withval = x_ -o x_$withval = x_yes; then + withval="/usr/local/ssl /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr" + fi + for dir in $withval; do + ssldir="$dir" + if test -f "$dir/include/openssl/ssl.h"; then + found_ssl="yes" + ssldir_include="$ssldir/include" + if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then + ssldir_lib="$ssldir/lib64" + else + ssldir_lib="$ssldir/lib" + fi + break; + fi + done + if test x_$found_ssl != x_yes; then + AC_MSG_ERROR(Cannot find the SSL libraries in $withval) + else + AC_MSG_RESULT(found in $ssldir) + AC_DEFINE_UNQUOTED([HAVE_SSL], [], [Define if you have the SSL libraries installed.]) + HAVE_SSL=yes + dnl assume /usr is already in the include, lib and dynlib paths. + if test "$ssldir" != "/usr"; then + CPPFLAGS="$CPPFLAGS -I$ssldir_include" + LIBSSL_CPPFLAGS="$LIBSSL_CPPFLAGS -I$ssldir_include" + LDFLAGS="$LDFLAGS -L$ssldir_lib" + LIBSSL_LDFLAGS="$LIBSSL_LDFLAGS -L$ssldir_lib" + ACX_RUNTIME_PATH_ADD([$ssldir_lib]) + fi + + AC_MSG_CHECKING([for EVP_sha256 in -lcrypto]) + LIBS="$LIBS -lcrypto" + LIBSSL_LIBS="$LIBSSL_LIBS -lcrypto" + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + ],[ + AC_MSG_RESULT(no) + # check if -lwsock32 or -lgdi32 are needed. + BAKLIBS="$LIBS" + BAKSSLLIBS="$LIBSSL_LIBS" + LIBS="$LIBS -lgdi32 -lws2_32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32" + AC_MSG_CHECKING([if -lcrypto needs -lgdi32]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32" + AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + LIBSSL_LIBS="$LIBSSL_LIBS -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a" + AC_MSG_CHECKING([if -lcrypto needs -lgdi32 -lws2_32 -lcrypt32 -l:libssp.a]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + + LIBS="$LIBS -ldl" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl" + AC_MSG_CHECKING([if -lcrypto needs -ldl]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + LIBS="$BAKLIBS" + LIBSSL_LIBS="$BAKSSLLIBS" + LIBS="$LIBS -ldl -pthread" + LIBSSL_LIBS="$LIBSSL_LIBS -ldl -pthread" + AC_MSG_CHECKING([if -lcrypto needs -ldl -pthread]) + AC_LINK_IFELSE([AC_LANG_PROGRAM([[]], [[ + int EVP_sha256(void); + (void)EVP_sha256(); + ]])],[ + AC_DEFINE([HAVE_EVP_SHA256], 1, + [If you have EVP_sha256]) + AC_MSG_RESULT(yes) + ],[ + AC_MSG_RESULT(no) + AC_MSG_ERROR([OpenSSL found in $ssldir, but version 0.9.7 or higher is required]) + ]) + ]) + ]) + ]) + ]) + ]) + fi + AC_SUBST(HAVE_SSL) + AC_SUBST(RUNTIME_PATH) + fi +AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT]) +])dnl End of ACX_SSL_CHECKS + +dnl Check for SSL, where SSL is mandatory +dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found +dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. +dnl Checks main header files of SSL. +dnl +AC_DEFUN([ACX_WITH_SSL], +[ +AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl + /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr or specify like /usr/include/openssl11)]),[ + ],[ + withval="yes" + ]) + if test x_$withval = x_no; then + AC_MSG_ERROR([Need SSL library to do digital signature cryptography]) + fi + ACX_SSL_CHECKS($withval) +])dnl End of ACX_WITH_SSL + +dnl Check for SSL, where ssl is optional (--without-ssl is allowed) +dnl Adds --with-ssl option, searches for openssl and defines HAVE_SSL if found +dnl Setup of CPPFLAGS, CFLAGS. Adds -lcrypto to LIBS. +dnl Checks main header files of SSL. +dnl +AC_DEFUN([ACX_WITH_SSL_OPTIONAL], +[ +AC_ARG_WITH(ssl, AS_HELP_STRING([--with-ssl=pathname],[enable SSL (will check /usr/local/ssl + /usr/lib/ssl /usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw /usr or specify like /usr/include/openssl11)]),[ + ],[ + withval="yes" + ]) + ACX_SSL_CHECKS($withval) +])dnl End of ACX_WITH_SSL_OPTIONAL + +dnl Setup to use -lssl +dnl To use -lcrypto, use the ACX_WITH_SSL setup (before this one). +AC_DEFUN([ACX_LIB_SSL], +[ +# check if libssl needs libdl +BAKLIBS="$LIBS" +LIBS="-lssl $LIBS" +AC_MSG_CHECKING([if libssl needs libdl]) +AC_TRY_LINK_FUNC([SSL_CTX_new], [ + AC_MSG_RESULT([no]) + LIBS="$BAKLIBS" +] , [ + AC_MSG_RESULT([yes]) + LIBS="$BAKLIBS" + AC_SEARCH_LIBS([dlopen], [dl]) +]) ])dnl End of ACX_LIB_SSL + +dnl Setup to use very large files (>2Gb). +dnl setups fseeko and its own +AC_DEFUN([ACX_SYS_LARGEFILE], +[ +AC_SYS_LARGEFILE +dnl try to see if an additional _LARGEFILE_SOURCE 1 is needed to get fseeko +ACX_CHECK_COMPILER_FLAG_NEEDED(-D_LARGEFILE_SOURCE=1, +[ +#include +int test(void) { + int a = fseeko(stdin, 0, 0); + return a; +} +], [CFLAGS="$CFLAGS -D_LARGEFILE_SOURCE=1"]) +]) + +dnl Check getaddrinfo. +dnl Works on linux, solaris, bsd and windows(links winsock). +dnl defines HAVE_GETADDRINFO, USE_WINSOCK. +AC_DEFUN([ACX_CHECK_GETADDRINFO_WITH_INCLUDES], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(for getaddrinfo) +ac_cv_func_getaddrinfo=no +AC_LINK_IFELSE( +[AC_LANG_SOURCE([[ +#ifdef __cplusplus +extern "C" +{ +#endif +char* getaddrinfo(); +char* (*f) () = getaddrinfo; +#ifdef __cplusplus +} +#endif +int main(void) { + ; + return 0; +} +]])], +dnl this case on linux, solaris, bsd +[ac_cv_func_getaddrinfo="yes" +dnl see if on windows +if test "$ac_cv_header_windows_h" = "yes"; then + AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) + USE_WINSOCK="1" + if echo "$LIBS" | grep 'lws2_32' >/dev/null; then + : + else + LIBS="$LIBS -lws2_32" + fi +fi +], +dnl no quick getaddrinfo, try mingw32 and winsock2 library. +dnl perhaps getaddrinfo needs only the include +AC_LINK_IFELSE( +[AC_LANG_PROGRAM( +[ +#ifdef HAVE_WS2TCPIP_H +#include +#endif +], +[ + (void)getaddrinfo(NULL, NULL, NULL, NULL); +] +)], +[ +ac_cv_func_getaddrinfo="yes" +AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) +USE_WINSOCK="1" +], + +ORIGLIBS="$LIBS" +LIBS="$LIBS -lws2_32" +AC_LINK_IFELSE( +[AC_LANG_PROGRAM( +[ +#ifdef HAVE_WS2TCPIP_H +#include +#endif +], +[ + (void)getaddrinfo(NULL, NULL, NULL, NULL); +] +)], +[ +ac_cv_func_getaddrinfo="yes" +dnl already: LIBS="$LIBS -lws2_32" +AC_DEFINE(USE_WINSOCK, 1, [Whether the windows socket API is used]) +USE_WINSOCK="1" +], +[ +ac_cv_func_getaddrinfo="no" +LIBS="$ORIGLIBS" +]) +) +) + +AC_MSG_RESULT($ac_cv_func_getaddrinfo) +if test $ac_cv_func_getaddrinfo = yes; then + AC_DEFINE(HAVE_GETADDRINFO, 1, [Whether getaddrinfo is available]) +fi +])dnl Endof AC_CHECK_GETADDRINFO_WITH_INCLUDES + +dnl check if a function is deprecated. defines DEPRECATED_func in config.h. +dnl $1: function name +dnl $2: C-statement that calls the function. +dnl $3: includes for the program. +dnl $4: executes if yes +dnl $5: executes if no +AC_DEFUN([ACX_FUNC_DEPRECATED], +[ +AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING(if $1 is deprecated) +cache=`echo $1 | sed 'y%.=/+-%___p_%'` +AC_CACHE_VAL(cv_cc_deprecated_$cache, +[ +echo '$3' >conftest.c +echo 'void f(void){ $2 }' >>conftest.c +if test -z "`$CC $CPPFLAGS $CFLAGS -c conftest.c 2>&1 | grep -e deprecated -e unavailable`"; then +eval "cv_cc_deprecated_$cache=no" +else +eval "cv_cc_deprecated_$cache=yes" +fi +rm -f conftest conftest.o conftest.c +]) +if eval "test \"`echo '$cv_cc_deprecated_'$cache`\" = yes"; then +AC_MSG_RESULT(yes) +AC_DEFINE_UNQUOTED(AS_TR_CPP([DEPRECATED_$1]), 1, [Whether $1 is deprecated]) +: +$4 +else +AC_MSG_RESULT(no) +: +$5 +fi +])dnl end of ACX_FUNC_DEPRECATED + +dnl check if select and nonblocking sockets actually work. +dnl Needs fork(2) and select(2). +dnl defines NONBLOCKING_IS_BROKEN, and if that is true multiple reads from +dnl a nonblocking socket do not work, a new call to select is necessary. +AC_DEFUN([ACX_CHECK_NONBLOCKING_BROKEN], +[ +AC_MSG_CHECKING([if nonblocking sockets work]) +if echo $host | grep mingw >/dev/null; then + AC_MSG_RESULT([no (windows)]) + AC_DEFINE([NONBLOCKING_IS_BROKEN], 1, [Define if the network stack does not fully support nonblocking io (causes lower performance).]) +else +AC_RUN_IFELSE([ +AC_LANG_SOURCE([[ +#include +#include +#include +#include +#include +#ifdef HAVE_SYS_TYPES_H +#include +#endif +#ifdef HAVE_SYS_SELECT_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#ifdef HAVE_UNISTD_H +#include +#endif +#ifdef HAVE_TIME_H +#include +#endif + +int main(void) +{ + int port; + int sfd, cfd; + int num = 10; + int i, p; + struct sockaddr_in a; + /* test if select and nonblocking reads work well together */ + /* open port. + fork child to send 10 messages. + select to read. + then try to nonblocking read the 10 messages + then, nonblocking read must give EAGAIN + */ + + port = 12345 + (time(0)%32); + sfd = socket(PF_INET, SOCK_DGRAM, 0); + if(sfd == -1) { + perror("socket"); + return 1; + } + memset(&a, 0, sizeof(a)); + a.sin_family = AF_INET; + a.sin_port = htons(port); + a.sin_addr.s_addr = inet_addr("127.0.0.1"); + if(bind(sfd, (struct sockaddr*)&a, sizeof(a)) < 0) { + perror("bind"); + return 1; + } + if(fcntl(sfd, F_SETFL, O_NONBLOCK) == -1) { + perror("fcntl"); + return 1; + } + + cfd = socket(PF_INET, SOCK_DGRAM, 0); + if(cfd == -1) { + perror("client socket"); + return 1; + } + a.sin_port = 0; + if(bind(cfd, (struct sockaddr*)&a, sizeof(a)) < 0) { + perror("client bind"); + return 1; + } + a.sin_port = htons(port); + + /* no handler, causes exit in 10 seconds */ + alarm(10); + + /* send and receive on the socket */ + if((p=fork()) == 0) { + for(i=0; i +#include +#ifdef HAVE_WINSOCK2_H +#include +#endif +#ifdef HAVE_SYS_STAT_H +#include +#endif +]], [[ + (void)mkdir("directory"); +]])],[AC_MSG_RESULT(yes) +AC_DEFINE(MKDIR_HAS_ONE_ARG, 1, [Define if mkdir has one argument.]) +],[AC_MSG_RESULT(no) +]) +])dnl end of ACX_MKDIR_ONE_ARG + +dnl Check for ioctlsocket function. works on mingw32 too. +AC_DEFUN([ACX_FUNC_IOCTLSOCKET], +[ +# check ioctlsocket +AC_MSG_CHECKING(for ioctlsocket) +AC_LINK_IFELSE([AC_LANG_PROGRAM([ +#ifdef HAVE_WINSOCK2_H +#include +#endif +], [ + (void)ioctlsocket(0, 0, NULL); +])], [ +AC_MSG_RESULT(yes) +AC_DEFINE(HAVE_IOCTLSOCKET, 1, [if the function 'ioctlsocket' is available]) +],[AC_MSG_RESULT(no)]) +])dnl end of ACX_FUNC_IOCTLSOCKET + +dnl detect malloc and provide malloc compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([ACX_FUNC_MALLOC], +[ + AC_MSG_CHECKING([for GNU libc compatible malloc]) + AC_RUN_IFELSE([AC_LANG_PROGRAM( +[[#if defined STDC_HEADERS || defined HAVE_STDLIB_H +#include +#else +char *malloc (); +#endif +]], [ if(malloc(0) != 0) return 1;]) +], + [AC_MSG_RESULT([no]) + AC_LIBOBJ(malloc) + AC_DEFINE_UNQUOTED([malloc], [rpl_malloc_$1], [Define if replacement function should be used.])] , + [AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_MALLOC], 1, [If have GNU libc compatible malloc])], + [AC_MSG_RESULT([no (crosscompile)]) + AC_LIBOBJ(malloc) + AC_DEFINE_UNQUOTED([malloc], [rpl_malloc_$1], [Define if replacement function should be used.])] ) +]) + +dnl Define fallback for fseeko and ftello if needed. +AC_DEFUN([AHX_CONFIG_FSEEKO], +[ +#ifndef HAVE_FSEEKO +#define fseeko fseek +#define ftello ftell +#endif /* HAVE_FSEEKO */ +]) + +dnl Define RAND_MAX if not defined +AC_DEFUN([AHX_CONFIG_RAND_MAX], +[ +#ifndef RAND_MAX +#define RAND_MAX 2147483647 +#endif +]) + +dnl Define MAXHOSTNAMELEN if not defined +AC_DEFUN([AHX_CONFIG_MAXHOSTNAMELEN], +[ +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 256 +#endif +]) + +dnl Define IPV6_MIN_MTU if not defined +AC_DEFUN([AHX_CONFIG_IPV6_MIN_MTU], +[ +#ifndef IPV6_MIN_MTU +#define IPV6_MIN_MTU 1280 +#endif /* IPV6_MIN_MTU */ +]) + +dnl provide snprintf, vsnprintf compat prototype +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_SNPRINTF], +[ +#ifndef HAVE_SNPRINTF +#define snprintf snprintf_$1 +#define vsnprintf vsnprintf_$1 +#include +int snprintf (char *str, size_t count, const char *fmt, ...); +int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); +#endif /* HAVE_SNPRINTF */ +]) + +dnl provide inet_pton compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_INET_PTON], +[ +#ifndef HAVE_INET_PTON +#define inet_pton inet_pton_$1 +int inet_pton(int af, const char* src, void* dst); +#endif /* HAVE_INET_PTON */ +]) + +dnl provide inet_ntop compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_INET_NTOP], +[ +#ifndef HAVE_INET_NTOP +#define inet_ntop inet_ntop_$1 +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif +]) + +dnl provide inet_aton compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_INET_ATON], +[ +#ifndef HAVE_INET_ATON +#define inet_aton inet_aton_$1 +int inet_aton(const char *cp, struct in_addr *addr); +#endif +]) + +dnl provide memmove compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_MEMMOVE], +[ +#ifndef HAVE_MEMMOVE +#define memmove memmove_$1 +void *memmove(void *dest, const void *src, size_t n); +#endif +]) + +dnl provide strlcat compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_STRLCAT], +[ +#ifndef HAVE_STRLCAT +#define strlcat strlcat_$1 +size_t strlcat(char *dst, const char *src, size_t siz); +#endif +]) + +dnl provide strlcpy compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_STRLCPY], +[ +#ifndef HAVE_STRLCPY +#define strlcpy strlcpy_$1 +size_t strlcpy(char *dst, const char *src, size_t siz); +#endif +]) + +dnl provide gmtime_r compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_GMTIME_R], +[ +#ifndef HAVE_GMTIME_R +#define gmtime_r gmtime_r_$1 +struct tm *gmtime_r(const time_t *timep, struct tm *result); +#endif +]) + +dnl provide reallocarray compat prototype. +dnl $1: unique name for compat code +AC_DEFUN([AHX_CONFIG_REALLOCARRAY], +[ +#ifndef HAVE_REALLOCARRAY +#define reallocarray reallocarray$1 +void* reallocarray(void *ptr, size_t nmemb, size_t size); +#endif +]) + +dnl provide w32 compat definition for sleep +AC_DEFUN([AHX_CONFIG_W32_SLEEP], +[ +#if !defined(HAVE_SLEEP) || defined(HAVE_WINDOWS_H) +#define sleep(x) Sleep((x)*1000) /* on win32 */ +#endif /* HAVE_SLEEP */ +]) + +dnl provide w32 compat definition for usleep +AC_DEFUN([AHX_CONFIG_W32_USLEEP], +[ +#ifndef HAVE_USLEEP +#define usleep(x) Sleep((x)/1000 + 1) /* on win32 */ +#endif /* HAVE_USLEEP */ +]) + +dnl provide w32 compat definition for random +AC_DEFUN([AHX_CONFIG_W32_RANDOM], +[ +#ifndef HAVE_RANDOM +#define random rand /* on win32, for tests only (bad random) */ +#endif /* HAVE_RANDOM */ +]) + +dnl provide w32 compat definition for srandom +AC_DEFUN([AHX_CONFIG_W32_SRANDOM], +[ +#ifndef HAVE_SRANDOM +#define srandom(x) srand(x) /* on win32, for tests only (bad random) */ +#endif /* HAVE_SRANDOM */ +]) + +dnl provide w32 compat definition for FD_SET_T +AC_DEFUN([AHX_CONFIG_W32_FD_SET_T], +[ +/* detect if we need to cast to unsigned int for FD_SET to avoid warnings */ +#ifdef HAVE_WINSOCK2_H +#define FD_SET_T (u_int) +#else +#define FD_SET_T +#endif +]) + +dnl Remove an extension flag from CFLAGS, define replacement to be made. +dnl Used by ACX_STRIP_EXT_FLAGS. +dnl $1: the name of the flag, for example -D_GNU_SOURCE. +AC_DEFUN([ACX_CFLAGS_STRIP], +[ + if echo $CFLAGS | grep " $1" >/dev/null 2>&1; then + CFLAGS="`echo $CFLAGS | sed -e 's/ $1//g'`" + AC_DEFINE(m4_bpatsubst(OMITTED_$1,[[-=]],_), 1, Put $1 define in config.h) + fi +]) + +dnl Remove EXT flags from the CFLAGS and set them to be defined in config.h +dnl use with ACX_DETERMINE_EXT_FLAGS. +AC_DEFUN([ACX_STRIP_EXT_FLAGS], +[ + AC_MSG_NOTICE([Stripping extension flags...]) + ACX_CFLAGS_STRIP(-D_GNU_SOURCE) + ACX_CFLAGS_STRIP(-D_BSD_SOURCE) + ACX_CFLAGS_STRIP(-D_DEFAULT_SOURCE) + ACX_CFLAGS_STRIP(-D__EXTENSIONS__) + ACX_CFLAGS_STRIP(-D_POSIX_C_SOURCE=200112) + ACX_CFLAGS_STRIP(-D_XOPEN_SOURCE=600) + ACX_CFLAGS_STRIP(-D_XOPEN_SOURCE_EXTENDED=1) + ACX_CFLAGS_STRIP(-D_ALL_SOURCE) + ACX_CFLAGS_STRIP(-D_LARGEFILE_SOURCE=1) +]) dnl End of ACX_STRIP_EXT_FLAGS + +dnl define one omitted flag for config.h +dnl $1: flag name. -D_GNU_SOURCE +dnl $2: replacement define. _GNU_SOURCE +dnl $3: define value, 1 +AC_DEFUN([AHX_CONFIG_FLAG_OMITTED], +[#if defined($1) && !defined($2) +#define $2 $3 +[#]endif]) + +dnl Wrapper for AHX_CONFIG_FLAG_OMITTED for -D style flags +dnl $1: the -DNAME or -DNAME=value string. +AC_DEFUN([AHX_CONFIG_FLAG_EXT], +[AHX_CONFIG_FLAG_OMITTED(m4_bpatsubst(OMITTED_$1,[[-=]],_),m4_bpatsubst(m4_bpatsubst($1,-D,),=.*$,),m4_if(m4_bregexp($1,=),-1,1,m4_bpatsubst($1,^.*=,))) +]) + +dnl config.h part to define omitted cflags, use with ACX_STRIP_EXT_FLAGS. +AC_DEFUN([AHX_CONFIG_EXT_FLAGS], +[AHX_CONFIG_FLAG_EXT(-D_GNU_SOURCE) +AHX_CONFIG_FLAG_EXT(-D_BSD_SOURCE) +AHX_CONFIG_FLAG_EXT(-D_DEFAULT_SOURCE) +AHX_CONFIG_FLAG_EXT(-D__EXTENSIONS__) +AHX_CONFIG_FLAG_EXT(-D_POSIX_C_SOURCE=200112) +AHX_CONFIG_FLAG_EXT(-D_XOPEN_SOURCE=600) +AHX_CONFIG_FLAG_EXT(-D_XOPEN_SOURCE_EXTENDED=1) +AHX_CONFIG_FLAG_EXT(-D_ALL_SOURCE) +AHX_CONFIG_FLAG_EXT(-D_LARGEFILE_SOURCE=1) +]) + +dnl check if memcmp is using signed characters and replace if so. +AC_DEFUN([ACX_CHECK_MEMCMP_SIGNED], +[AC_MSG_CHECKING([if memcmp compares unsigned]) +AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include +#include +#include +int main(void) +{ + char a = 255, b = 0; + if(memcmp(&a, &b, 1) < 0) + return 1; + return 0; +} +]])], [AC_MSG_RESULT([yes]) ], +[ AC_MSG_RESULT([no]) + AC_DEFINE([MEMCMP_IS_BROKEN], [1], [Define if memcmp() does not compare unsigned bytes]) + AC_LIBOBJ([memcmp]) +], [ AC_MSG_RESULT([cross-compile no]) + AC_DEFINE([MEMCMP_IS_BROKEN], [1], [Define if memcmp() does not compare unsigned bytes]) + AC_LIBOBJ([memcmp]) +]) ]) + +dnl define memcmp to its replacement, pass unique id for program as arg +AC_DEFUN([AHX_MEMCMP_BROKEN], [ +#ifdef MEMCMP_IS_BROKEN +#include "compat/memcmp.h" +#define memcmp memcmp_$1 +int memcmp(const void *x, const void *y, size_t n); +#endif +]) + +dnl ACX_CHECK_SS_FAMILY - check for sockaddr_storage.ss_family +AC_DEFUN([ACX_CHECK_SS_FAMILY], +[AC_CHECK_MEMBER([struct sockaddr_storage.ss_family], [], [ + AC_CHECK_MEMBER([struct sockaddr_storage.__ss_family], [ + AC_DEFINE([ss_family], [__ss_family], [Fallback member name for socket family in struct sockaddr_storage]) + ],, [AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + ]) +], [AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +]) ]) + +dnl Check if CC and linker support -fPIE and -pie. +dnl If so, sets them in CFLAGS / LDFLAGS. +AC_DEFUN([ACX_CHECK_PIE], [ + AC_ARG_ENABLE([pie], AS_HELP_STRING([--enable-pie], [Enable Position-Independent Executable (eg. to fully benefit from ASLR, small performance penalty)])) + AS_IF([test "x$enable_pie" = "xyes"], [ + AC_MSG_CHECKING([if $CC supports PIE]) + BAKLDFLAGS="$LDFLAGS" + BAKCFLAGS="$CFLAGS" + LDFLAGS="$LDFLAGS -pie" + CFLAGS="$CFLAGS -fPIE" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi + rm -f conftest conftest.c conftest.o + ], [LDFLAGS="$BAKLDFLAGS" ; CFLAGS="$BAKCFLAGS" ; AC_MSG_RESULT(no)]) + ]) +]) + +dnl Check if linker supports -Wl,-z,relro,-z,now. +dnl If so, adds it to LDFLAGS. +AC_DEFUN([ACX_CHECK_RELRO_NOW], [ + AC_ARG_ENABLE([relro_now], AS_HELP_STRING([--enable-relro-now], [Enable full relocation binding at load-time (RELRO NOW, to protect GOT and .dtor areas)])) + AS_IF([test "x$enable_relro_now" = "xyes"], [ + AC_MSG_CHECKING([if $CC supports -Wl,-z,relro,-z,now]) + BAKLDFLAGS="$LDFLAGS" + LDFLAGS="$LDFLAGS -Wl,-z,relro,-z,now" + AC_LINK_IFELSE([AC_LANG_PROGRAM([], [])], [ + if $CC $CFLAGS $LDFLAGS -o conftest conftest.c 2>&1 | grep "warning: no debug symbols in executable" >/dev/null; then + LDFLAGS="$BAKLDFLAGS" + AC_MSG_RESULT(no) + else + AC_MSG_RESULT(yes) + fi + rm -f conftest conftest.c conftest.o + ], [LDFLAGS="$BAKLDFLAGS" ; AC_MSG_RESULT(no)]) + ]) +]) + +dnl End of file diff --git a/zonemaster-ldns/ldns/ax_pkg_swig.m4 b/zonemaster-ldns/ldns/ax_pkg_swig.m4 new file mode 100644 index 0000000..1d467de --- /dev/null +++ b/zonemaster-ldns/ldns/ax_pkg_swig.m4 @@ -0,0 +1,135 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_pkg_swig.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PKG_SWIG([major.minor.micro], [action-if-found], [action-if-not-found]) +# +# DESCRIPTION +# +# This macro searches for a SWIG installation on your system. If found, +# then SWIG is AC_SUBST'd; if not found, then $SWIG is empty. If SWIG is +# found, then SWIG_LIB is set to the SWIG library path, and AC_SUBST'd. +# +# You can use the optional first argument to check if the version of the +# available SWIG is greater than or equal to the value of the argument. It +# should have the format: N[.N[.N]] (N is a number between 0 and 999. Only +# the first N is mandatory.) If the version argument is given (e.g. +# 1.3.17), AX_PKG_SWIG checks that the swig package is this version number +# or higher. +# +# As usual, action-if-found is executed if SWIG is found, otherwise +# action-if-not-found is executed. +# +# In configure.in, use as: +# +# AX_PKG_SWIG(1.3.17, [], [ AC_MSG_ERROR([SWIG is required to build..]) ]) +# AX_SWIG_ENABLE_CXX +# AX_SWIG_MULTI_MODULE_SUPPORT +# AX_SWIG_PYTHON +# +# LICENSE +# +# Copyright (c) 2008 Sebastian Huber +# Copyright (c) 2008 Alan W. Irwin +# Copyright (c) 2008 Rafael Laboissiere +# Copyright (c) 2008 Andrew Collier +# Copyright (c) 2011 Murray Cumming +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation; either version 2 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 13 + +AC_DEFUN([AX_PKG_SWIG],[ + # Find path to the "swig" executable. + AC_PATH_PROGS([SWIG],[swig swig3.0 swig2.0]) + if test -z "$SWIG" ; then + m4_ifval([$3],[$3],[:]) + elif test -n "$1" ; then + AC_MSG_CHECKING([SWIG version]) + [swig_version=`$SWIG -version 2>&1 | grep 'SWIG Version' | sed 's/.*\([0-9][0-9]*\.[0-9][0-9]*\.[0-9][0-9]*\).*/\1/g'`] + AC_MSG_RESULT([$swig_version]) + if test -n "$swig_version" ; then + # Calculate the required version number components + [required=$1] + [required_major=`echo $required | sed 's/[^0-9].*//'`] + if test -z "$required_major" ; then + [required_major=0] + fi + [required=`echo $required | sed 's/[0-9]*[^0-9]//'`] + [required_minor=`echo $required | sed 's/[^0-9].*//'`] + if test -z "$required_minor" ; then + [required_minor=0] + fi + [required=`echo $required | sed 's/[0-9]*[^0-9]//'`] + [required_patch=`echo $required | sed 's/[^0-9].*//'`] + if test -z "$required_patch" ; then + [required_patch=0] + fi + # Calculate the available version number components + [available=$swig_version] + [available_major=`echo $available | sed 's/[^0-9].*//'`] + if test -z "$available_major" ; then + [available_major=0] + fi + [available=`echo $available | sed 's/[0-9]*[^0-9]//'`] + [available_minor=`echo $available | sed 's/[^0-9].*//'`] + if test -z "$available_minor" ; then + [available_minor=0] + fi + [available=`echo $available | sed 's/[0-9]*[^0-9]//'`] + [available_patch=`echo $available | sed 's/[^0-9].*//'`] + if test -z "$available_patch" ; then + [available_patch=0] + fi + # Convert the version tuple into a single number for easier comparison. + # Using base 100 should be safe since SWIG internally uses BCD values + # to encode its version number. + required_swig_vernum=`expr $required_major \* 10000 \ + \+ $required_minor \* 100 \+ $required_patch` + available_swig_vernum=`expr $available_major \* 10000 \ + \+ $available_minor \* 100 \+ $available_patch` + + if test $available_swig_vernum -lt $required_swig_vernum; then + AC_MSG_WARN([SWIG version >= $1 is required. You have $swig_version.]) + SWIG='' + m4_ifval([$3],[$3],[]) + else + AC_MSG_CHECKING([for SWIG library]) + SWIG_LIB=`$SWIG -swiglib` + AC_MSG_RESULT([$SWIG_LIB]) + m4_ifval([$2],[$2],[]) + fi + else + AC_MSG_WARN([cannot determine SWIG version]) + SWIG='' + m4_ifval([$3],[$3],[]) + fi + fi + AC_SUBST([SWIG_LIB]) +]) diff --git a/zonemaster-ldns/ldns/ax_python_devel.m4 b/zonemaster-ldns/ldns/ax_python_devel.m4 new file mode 100644 index 0000000..780584e --- /dev/null +++ b/zonemaster-ldns/ldns/ax_python_devel.m4 @@ -0,0 +1,416 @@ +# =========================================================================== +# https://www.gnu.org/software/autoconf-archive/ax_python_devel.html +# =========================================================================== +# +# SYNOPSIS +# +# AX_PYTHON_DEVEL([version]) +# +# DESCRIPTION +# +# Note: Defines as a precious variable "PYTHON_VERSION". Don't override it +# in your configure.ac. +# +# This macro checks for Python and tries to get the include path to +# 'Python.h'. It provides the $(PYTHON_CPPFLAGS) and $(PYTHON_LIBS) output +# variables. It also exports $(PYTHON_EXTRA_LIBS) and +# $(PYTHON_EXTRA_LDFLAGS) for embedding Python in your code. +# +# You can search for some particular version of Python by passing a +# parameter to this macro, for example ">= '2.3.1'", or "== '2.4'". Please +# note that you *have* to pass also an operator along with the version to +# match, and pay special attention to the single quotes surrounding the +# version number. Don't use "PYTHON_VERSION" for this: that environment +# variable is declared as precious and thus reserved for the end-user. +# +# This macro should work for all versions of Python >= 2.1.0. As an end +# user, you can disable the check for the python version by setting the +# PYTHON_NOVERSIONCHECK environment variable to something else than the +# empty string. +# +# If you need to use this macro for an older Python version, please +# contact the authors. We're always open for feedback. +# +# LICENSE +# +# Copyright (c) 2009 Sebastian Huber +# Copyright (c) 2009 Alan W. Irwin +# Copyright (c) 2009 Rafael Laboissiere +# Copyright (c) 2009 Andrew Collier +# Copyright (c) 2009 Matteo Settenvini +# Copyright (c) 2009 Horst Knorr +# Copyright (c) 2013 Daniel Mullner +# +# This program is free software: you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by the +# Free Software Foundation, either version 3 of the License, or (at your +# option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General +# Public License for more details. +# +# You should have received a copy of the GNU General Public License along +# with this program. If not, see . +# +# As a special exception, the respective Autoconf Macro's copyright owner +# gives unlimited permission to copy, distribute and modify the configure +# scripts that are the output of Autoconf when processing the Macro. You +# need not follow the terms of the GNU General Public License when using +# or distributing such scripts, even though portions of the text of the +# Macro appear in them. The GNU General Public License (GPL) does govern +# all other use of the material that constitutes the Autoconf Macro. +# +# This special exception to the GPL applies to versions of the Autoconf +# Macro released by the Autoconf Archive. When you make and distribute a +# modified version of the Autoconf Macro, you may extend this special +# exception to the GPL to apply to your modified version as well. + +#serial 32 + +AU_ALIAS([AC_PYTHON_DEVEL], [AX_PYTHON_DEVEL]) +AC_DEFUN([AX_PYTHON_DEVEL],[ + # + # Allow the use of a (user set) custom python version + # + AC_ARG_VAR([PYTHON_VERSION],[The installed Python + version to use, for example '2.3'. This string + will be appended to the Python interpreter + canonical name.]) + + AC_PATH_PROG([PYTHON],[python[$PYTHON_VERSION]]) + if test -z "$PYTHON"; then + AC_MSG_ERROR([Cannot find python$PYTHON_VERSION in your system path]) + PYTHON_VERSION="" + fi + + # + # Check for a version of Python >= 2.1.0 + # + AC_MSG_CHECKING([for a version of Python >= '2.1.0']) + ac_supports_python_ver=`$PYTHON -c "import sys; \ + ver = sys.version.split ()[[0]]; \ + print (ver >= '2.1.0')"` + if test "$ac_supports_python_ver" != "True"; then + if test -z "$PYTHON_NOVERSIONCHECK"; then + AC_MSG_RESULT([no]) + AC_MSG_FAILURE([ +This version of the AC@&t@_PYTHON_DEVEL macro +doesn't work properly with versions of Python before +2.1.0. You may need to re-run configure, setting the +variables PYTHON_CPPFLAGS, PYTHON_LIBS, PYTHON_SITE_PKG, +PYTHON_EXTRA_LIBS and PYTHON_EXTRA_LDFLAGS by hand. +Moreover, to disable this check, set PYTHON_NOVERSIONCHECK +to something else than an empty string. +]) + else + AC_MSG_RESULT([skip at user request]) + fi + else + AC_MSG_RESULT([yes]) + fi + + # + # If the macro parameter ``version'' is set, honour it. + # A Python shim class, VPy, is used to implement correct version comparisons via + # string expressions, since e.g. a naive textual ">= 2.7.3" won't work for + # Python 2.7.10 (the ".1" being evaluated as less than ".3"). + # + if test -n "$1"; then + AC_MSG_CHECKING([for a version of Python $1]) + cat << EOF > ax_python_devel_vpy.py +class VPy: + def vtup(self, s): + return tuple(map(int, s.strip().replace("rc", ".").split("."))) + def __init__(self): + import sys + self.vpy = tuple(sys.version_info) + def __eq__(self, s): + return self.vpy == self.vtup(s) + def __ne__(self, s): + return self.vpy != self.vtup(s) + def __lt__(self, s): + return self.vpy < self.vtup(s) + def __gt__(self, s): + return self.vpy > self.vtup(s) + def __le__(self, s): + return self.vpy <= self.vtup(s) + def __ge__(self, s): + return self.vpy >= self.vtup(s) +EOF + ac_supports_python_ver=`$PYTHON -c "import ax_python_devel_vpy; \ + ver = ax_python_devel_vpy.VPy(); \ + print (ver $1)"` + rm -rf ax_python_devel_vpy*.py* __pycache__/ax_python_devel_vpy*.py* + if test "$ac_supports_python_ver" = "True"; then + AC_MSG_RESULT([yes]) + else + AC_MSG_RESULT([no]) + AC_MSG_ERROR([this package requires Python $1. +If you have it installed, but it isn't the default Python +interpreter in your system path, please pass the PYTHON_VERSION +variable to configure. See ``configure --help'' for reference. +]) + PYTHON_VERSION="" + fi + fi + + # + # Check if you have distutils, else fail + # + AC_MSG_CHECKING([for the sysconfig Python package]) + ac_sysconfig_result=`$PYTHON -c "import sysconfig" 2>&1` + if test $? -eq 0; then + AC_MSG_RESULT([yes]) + IMPORT_SYSCONFIG="import sysconfig" + else + AC_MSG_RESULT([no]) + + AC_MSG_CHECKING([for the distutils Python package]) + ac_sysconfig_result=`$PYTHON -c "from distutils import sysconfig" 2>&1` + if test $? -eq 0; then + AC_MSG_RESULT([yes]) + IMPORT_SYSCONFIG="from distutils import sysconfig" + else + AC_MSG_ERROR([cannot import Python module "distutils". +Please check your Python installation. The error was: +$ac_sysconfig_result]) + PYTHON_VERSION="" + fi + fi + + # + # Check for Python include path + # + AC_MSG_CHECKING([for Python include path]) + if test -z "$PYTHON_CPPFLAGS"; then + if test "$IMPORT_SYSCONFIG" = "import sysconfig"; then + # sysconfig module has different functions + python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \ + print (sysconfig.get_path ('include'));"` + plat_python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \ + print (sysconfig.get_path ('platinclude'));"` + else + # old distutils way + python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \ + print (sysconfig.get_python_inc ());"` + plat_python_path=`$PYTHON -c "$IMPORT_SYSCONFIG; \ + print (sysconfig.get_python_inc (plat_specific=1));"` + fi + if test -n "${python_path}"; then + if test "${plat_python_path}" != "${python_path}"; then + python_path="-I$python_path -I$plat_python_path" + else + python_path="-I$python_path" + fi + fi + PYTHON_CPPFLAGS=$python_path + fi + AC_MSG_RESULT([$PYTHON_CPPFLAGS]) + AC_SUBST([PYTHON_CPPFLAGS]) + + # + # Check for Python library path + # + AC_MSG_CHECKING([for Python library path]) + if test -z "$PYTHON_LIBS"; then + # (makes two attempts to ensure we've got a version number + # from the interpreter) + ac_python_version=`cat<]], + [[Py_Initialize();]]) + ],[pythonexists=yes],[pythonexists=no]) + AC_LANG_POP([C]) + # turn back to default flags + CPPFLAGS="$ac_save_CPPFLAGS" + LIBS="$ac_save_LIBS" + LDFLAGS="$ac_save_LDFLAGS" + + AC_MSG_RESULT([$pythonexists]) + + if test ! "x$pythonexists" = "xyes"; then + AC_MSG_FAILURE([ + Could not link test program to Python. Maybe the main Python library has been + installed in some non-standard library path. If so, pass it to configure, + via the LIBS environment variable. + Example: ./configure LIBS="-L/usr/non-standard-path/python/lib" + ============================================================================ + ERROR! + You probably have to install the development version of the Python package + for your distribution. The exact name of this package varies among them. + ============================================================================ + ]) + PYTHON_VERSION="" + fi + + # + # all done! + # +]) diff --git a/zonemaster-ldns/ldns/buffer.c b/zonemaster-ldns/ldns/buffer.c new file mode 100644 index 0000000..8f6aab5 --- /dev/null +++ b/zonemaster-ldns/ldns/buffer.c @@ -0,0 +1,177 @@ +/* + * buffer.c -- generic memory buffer . + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. + * + */ + +#include + +#include +#include + +ldns_buffer * +ldns_buffer_new(size_t capacity) +{ + ldns_buffer *buffer = LDNS_MALLOC(ldns_buffer); + + if (!buffer) { + return NULL; + } + + buffer->_data = (uint8_t *) LDNS_XMALLOC(uint8_t, capacity); + if (!buffer->_data) { + LDNS_FREE(buffer); + return NULL; + } + + buffer->_position = 0; + buffer->_limit = buffer->_capacity = capacity; + buffer->_fixed = 0; + buffer->_status = LDNS_STATUS_OK; + + ldns_buffer_invariant(buffer); + + return buffer; +} + +void +ldns_buffer_new_frm_data(ldns_buffer *buffer, const void *data, size_t size) +{ + assert(data != NULL); + + buffer->_position = 0; + buffer->_limit = buffer->_capacity = size; + buffer->_fixed = 0; + buffer->_data = LDNS_XMALLOC(uint8_t, size); + if(!buffer->_data) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return; + } + memcpy(buffer->_data, data, size); + buffer->_status = LDNS_STATUS_OK; + + ldns_buffer_invariant(buffer); +} + +bool +ldns_buffer_set_capacity(ldns_buffer *buffer, size_t capacity) +{ + void *data; + + ldns_buffer_invariant(buffer); + assert(buffer->_position <= capacity); + assert(!buffer->_fixed); + + data = (uint8_t *) LDNS_XREALLOC(buffer->_data, uint8_t, capacity); + if (!data) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return false; + } else { + buffer->_data = data; + buffer->_limit = buffer->_capacity = capacity; + return true; + } +} + +bool +ldns_buffer_reserve(ldns_buffer *buffer, size_t amount) +{ + ldns_buffer_invariant(buffer); + if (buffer->_capacity < buffer->_position + amount) { + size_t new_capacity = buffer->_capacity * 3 / 2; + + if (new_capacity < buffer->_position + amount) { + new_capacity = buffer->_position + amount; + } + if (!ldns_buffer_set_capacity(buffer, new_capacity)) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return false; + } + } + buffer->_limit = buffer->_capacity; + return true; +} + +int +ldns_buffer_printf(ldns_buffer *buffer, const char *format, ...) +{ + va_list args; + int written = 0; + size_t remaining; + + if (ldns_buffer_status_ok(buffer)) { + ldns_buffer_invariant(buffer); + assert(buffer->_limit == buffer->_capacity); + + remaining = ldns_buffer_remaining(buffer); + va_start(args, format); + written = vsnprintf((char *) ldns_buffer_current(buffer), remaining, + format, args); + va_end(args); + if (written == -1) { + buffer->_status = LDNS_STATUS_INTERNAL_ERR; + return -1; + } else if ((size_t) written >= remaining) { + if (!ldns_buffer_reserve(buffer, (size_t) written + 1)) { + buffer->_status = LDNS_STATUS_MEM_ERR; + return -1; + } + va_start(args, format); + written = vsnprintf((char *) ldns_buffer_current(buffer), + ldns_buffer_remaining(buffer), format, args); + va_end(args); + if (written == -1) { + buffer->_status = LDNS_STATUS_INTERNAL_ERR; + return -1; + } + } + buffer->_position += written; + } + return written; +} + +void +ldns_buffer_free(ldns_buffer *buffer) +{ + if (!buffer) { + return; + } + + if (!buffer->_fixed) + LDNS_FREE(buffer->_data); + + LDNS_FREE(buffer); +} + +void * +ldns_buffer_export(ldns_buffer *buffer) +{ + buffer->_fixed = 1; + return buffer->_data; +} + +int +ldns_bgetc(ldns_buffer *buffer) +{ + if (!ldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) { + ldns_buffer_set_position(buffer, ldns_buffer_limit(buffer)); + /* ldns_buffer_rewind(buffer);*/ + return EOF; + } + return (int)ldns_buffer_read_u8(buffer); +} + +void +ldns_buffer_copy(ldns_buffer* result, const ldns_buffer* from) +{ + size_t tocopy = ldns_buffer_limit(from); + + if(tocopy > ldns_buffer_capacity(result)) + tocopy = ldns_buffer_capacity(result); + ldns_buffer_clear(result); + ldns_buffer_write(result, ldns_buffer_begin(from), tocopy); + ldns_buffer_flip(result); +} diff --git a/zonemaster-ldns/ldns/compat/asctime_r.c b/zonemaster-ldns/ldns/compat/asctime_r.c new file mode 100644 index 0000000..63e5355 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/asctime_r.c @@ -0,0 +1,16 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_TIME_H +#include +#endif + +char *asctime_r(const struct tm *tm, char *buf) +{ + /* no thread safety. */ + char* result = asctime(tm); + if(buf && result) + strcpy(buf, result); + return result; +} diff --git a/zonemaster-ldns/ldns/compat/b64_ntop.c b/zonemaster-ldns/ldns/compat/b64_ntop.c new file mode 100644 index 0000000..6895aca --- /dev/null +++ b/zonemaster-ldns/ldns/compat/b64_ntop.c @@ -0,0 +1,185 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ +#include +#include +#include +#include + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +int +ldns_b64_ntop(uint8_t const *src, size_t srclength, char *target, size_t targsize) { + size_t datalength = 0; + uint8_t input[3]; + uint8_t output[4]; + size_t i; + + if (srclength == 0) { + if (targsize > 0) { + target[0] = '\0'; + return 0; + } else { + return -1; + } + } + + while (2 < srclength) { + input[0] = *src++; + input[1] = *src++; + input[2] = *src++; + srclength -= 3; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + output[3] = input[2] & 0x3f; + assert(output[0] < 64); + assert(output[1] < 64); + assert(output[2] < 64); + assert(output[3] < 64); + + if (datalength + 4 > targsize) { + return (-1); + } + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + target[datalength++] = Base64[output[2]]; + target[datalength++] = Base64[output[3]]; + } + + /* Now we worry about padding. */ + if (0 != srclength) { + /* Get what's left. */ + input[0] = input[1] = input[2] = (uint8_t) '\0'; + for (i = 0; i < srclength; i++) + input[i] = *src++; + + output[0] = input[0] >> 2; + output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4); + output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6); + assert(output[0] < 64); + assert(output[1] < 64); + assert(output[2] < 64); + + if (datalength + 4 > targsize) { + return (-2); + } + target[datalength++] = Base64[output[0]]; + target[datalength++] = Base64[output[1]]; + if (srclength == 1) { + target[datalength++] = Pad64; + } else { + target[datalength++] = Base64[output[2]]; + } + target[datalength++] = Pad64; + } + if (datalength >= targsize) { + return (-3); + } + target[datalength] = '\0'; /* Returned value doesn't count \0. */ + return (int) (datalength); +} diff --git a/zonemaster-ldns/ldns/compat/b64_pton.c b/zonemaster-ldns/ldns/compat/b64_pton.c new file mode 100644 index 0000000..18d8c8e --- /dev/null +++ b/zonemaster-ldns/ldns/compat/b64_pton.c @@ -0,0 +1,244 @@ +/* + * Copyright (c) 1996, 1998 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* + * Portions Copyright (c) 1995 by International Business Machines, Inc. + * + * International Business Machines, Inc. (hereinafter called IBM) grants + * permission under its copyrights to use, copy, modify, and distribute this + * Software with or without fee, provided that the above copyright notice and + * all paragraphs of this notice appear in all copies, and that the name of IBM + * not be used in connection with the marketing of any product incorporating + * the Software or modifications thereof, without specific, written prior + * permission. + * + * To the extent it has a right to do so, IBM grants an immunity from suit + * under its patents, if any, for the use, sale or manufacture of products to + * the extent that such products are used for performing Domain Name System + * dynamic updates in TCP/IP networks by means of the Software. No immunity is + * granted for any product per se or for any other function of any product. + * + * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES, + * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A + * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL, + * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING + * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN + * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES. + */ +#include +#include +#include +#include + +static const char Base64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; +static const char Pad64 = '='; + +/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt) + The following encoding technique is taken from RFC 1521 by Borenstein + and Freed. It is reproduced here in a slightly edited form for + convenience. + + A 65-character subset of US-ASCII is used, enabling 6 bits to be + represented per printable character. (The extra 65th character, "=", + is used to signify a special processing function.) + + The encoding process represents 24-bit groups of input bits as output + strings of 4 encoded characters. Proceeding from left to right, a + 24-bit input group is formed by concatenating 3 8-bit input groups. + These 24 bits are then treated as 4 concatenated 6-bit groups, each + of which is translated into a single digit in the base64 alphabet. + + Each 6-bit group is used as an index into an array of 64 printable + characters. The character referenced by the index is placed in the + output string. + + Table 1: The Base64 Alphabet + + Value Encoding Value Encoding Value Encoding Value Encoding + 0 A 17 R 34 i 51 z + 1 B 18 S 35 j 52 0 + 2 C 19 T 36 k 53 1 + 3 D 20 U 37 l 54 2 + 4 E 21 V 38 m 55 3 + 5 F 22 W 39 n 56 4 + 6 G 23 X 40 o 57 5 + 7 H 24 Y 41 p 58 6 + 8 I 25 Z 42 q 59 7 + 9 J 26 a 43 r 60 8 + 10 K 27 b 44 s 61 9 + 11 L 28 c 45 t 62 + + 12 M 29 d 46 u 63 / + 13 N 30 e 47 v + 14 O 31 f 48 w (pad) = + 15 P 32 g 49 x + 16 Q 33 h 50 y + + Special processing is performed if fewer than 24 bits are available + at the end of the data being encoded. A full encoding quantum is + always completed at the end of a quantity. When fewer than 24 input + bits are available in an input group, zero bits are added (on the + right) to form an integral number of 6-bit groups. Padding at the + end of the data is performed using the '=' character. + + Since all base64 input is an integral number of octets, only the + ------------------------------------------------- + following cases can arise: + + (1) the final quantum of encoding input is an integral + multiple of 24 bits; here, the final unit of encoded + output will be an integral multiple of 4 characters + with no "=" padding, + (2) the final quantum of encoding input is exactly 8 bits; + here, the final unit of encoded output will be two + characters followed by two "=" padding characters, or + (3) the final quantum of encoding input is exactly 16 bits; + here, the final unit of encoded output will be three + characters followed by one "=" padding character. + */ + +/* skips all whitespace anywhere. + converts characters, four at a time, starting at (or after) + src from base - 64 numbers into three 8 bit bytes in the target area. + it returns the number of data bytes stored at the target, or -1 on error. + */ + +int +ldns_b64_pton(char const *origsrc, uint8_t *target, size_t targsize) +{ + unsigned char const* src = (unsigned char*)origsrc; + int tarindex, state, ch; + char *pos; + + state = 0; + tarindex = 0; + + if (strlen(origsrc) == 0) { + return 0; + } + + while ((ch = *src++) != '\0') { + if (isspace((unsigned char)ch)) /* Skip whitespace anywhere. */ + continue; + + if (ch == Pad64) + break; + + pos = strchr(Base64, ch); + if (pos == 0) { + /* A non-base64 character. */ + return (-1); + } + + switch (state) { + case 0: + if (target) { + if ((size_t)tarindex >= targsize) + return (-1); + target[tarindex] = (pos - Base64) << 2; + } + state = 1; + break; + case 1: + if (target) { + if ((size_t)tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 4; + target[tarindex+1] = ((pos - Base64) & 0x0f) + << 4 ; + } + tarindex++; + state = 2; + break; + case 2: + if (target) { + if ((size_t)tarindex + 1 >= targsize) + return (-1); + target[tarindex] |= (pos - Base64) >> 2; + target[tarindex+1] = ((pos - Base64) & 0x03) + << 6; + } + tarindex++; + state = 3; + break; + case 3: + if (target) { + if ((size_t)tarindex >= targsize) + return (-1); + target[tarindex] |= (pos - Base64); + } + tarindex++; + state = 0; + break; + default: + abort(); + } + } + + /* + * We are done decoding Base-64 chars. Let's see if we ended + * on a byte boundary, and/or with erroneous trailing characters. + */ + + if (ch == Pad64) { /* We got a pad char. */ + ch = *src++; /* Skip it, get next. */ + switch (state) { + case 0: /* Invalid = in first position */ + case 1: /* Invalid = in second position */ + return (-1); + + case 2: /* Valid, means one byte of info */ + /* Skip any number of spaces. */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!isspace((unsigned char)ch)) + break; + /* Make sure there is another trailing = sign. */ + if (ch != Pad64) + return (-1); + ch = *src++; /* Skip the = */ + /* Fall through to "single trailing =" case. */ + /* FALLTHROUGH */ + + case 3: /* Valid, means two bytes of info */ + /* + * We know this char is an =. Is there anything but + * whitespace after it? + */ + for ((void)NULL; ch != '\0'; ch = *src++) + if (!isspace((unsigned char)ch)) + return (-1); + + /* + * Now make sure for cases 2 and 3 that the "extra" + * bits that slopped past the last full byte were + * zeros. If we don't check them, they become a + * subliminal channel. + */ + if (target && target[tarindex] != 0) + return (-1); + } + } else { + /* + * We ended by seeing the end of the string. Make sure we + * have no partial bytes lying around. + */ + if (state != 0) + return (-1); + } + + return (tarindex); +} diff --git a/zonemaster-ldns/ldns/compat/calloc.c b/zonemaster-ldns/ldns/compat/calloc.c new file mode 100644 index 0000000..c86b956 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/calloc.c @@ -0,0 +1,24 @@ +/* Just a replacement, if the original malloc is not + GNU-compliant. See autoconf documentation. */ + +#if HAVE_CONFIG_H +#include +#endif + +void *calloc(); + +#if !HAVE_BZERO && HAVE_MEMSET +# define bzero(buf, bytes) ((void) memset (buf, 0, bytes)) +#endif + +void * +calloc(size_t num, size_t size) +{ + void *new = malloc(num * size); + if (!new) { + return NULL; + } + bzero(new, num * size); + return new; +} + diff --git a/zonemaster-ldns/ldns/compat/ctime_r.c b/zonemaster-ldns/ldns/compat/ctime_r.c new file mode 100644 index 0000000..4ffd8b7 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/ctime_r.c @@ -0,0 +1,16 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_TIME_H +#include +#endif + +char *ctime_r(const time_t *timep, char *buf) +{ + /* no thread safety. */ + char* result = ctime(timep); + if(buf && result) + strcpy(buf, result); + return result; +} diff --git a/zonemaster-ldns/ldns/compat/fake-rfc2553.c b/zonemaster-ldns/ldns/compat/fake-rfc2553.c new file mode 100644 index 0000000..431e04a --- /dev/null +++ b/zonemaster-ldns/ldns/compat/fake-rfc2553.c @@ -0,0 +1,229 @@ +/* From openssh 4.3p2 filename openbsd-compat/fake-rfc2553.h */ +/* + * Copyright (C) 2000-2003 Damien Miller. All rights reserved. + * Copyright (C) 1999 WIDE Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Pseudo-implementation of RFC2553 name / address resolution functions + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For example, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#include +#include +#include +#include +#include +#include +#include "compat/fake-rfc2553.h" + +#ifndef HAVE_GETNAMEINFO +int getnameinfo(const struct sockaddr *sa, size_t ATTR_UNUSED(salen), char *host, + size_t hostlen, char *serv, size_t servlen, int flags) +{ + struct sockaddr_in *sin = (struct sockaddr_in *)sa; + struct hostent *hp; + char tmpserv[16]; + + if (serv != NULL) { + snprintf(tmpserv, sizeof(tmpserv), "%d", ntohs(sin->sin_port)); + if (strlcpy(serv, tmpserv, servlen) >= servlen) + return (EAI_MEMORY); + } + + if (host != NULL) { + if (flags & NI_NUMERICHOST) { + if (strlcpy(host, inet_ntoa(sin->sin_addr), + hostlen) >= hostlen) + return (EAI_MEMORY); + else + return (0); + } else { + hp = gethostbyaddr((char *)&sin->sin_addr, + sizeof(struct in_addr), AF_INET); + if (hp == NULL) + return (EAI_NODATA); + + if (strlcpy(host, hp->h_name, hostlen) >= hostlen) + return (EAI_MEMORY); + else + return (0); + } + } + return (0); +} +#endif /* !HAVE_GETNAMEINFO */ + +#ifndef HAVE_GAI_STRERROR +#ifdef HAVE_CONST_GAI_STRERROR_PROTO +const char * +#else +char * +#endif +gai_strerror(int err) +{ + switch (err) { + case EAI_NODATA: + return ("no address associated with name"); + case EAI_MEMORY: + return ("memory allocation failure."); + case EAI_NONAME: + return ("nodename nor servname provided, or not known"); + default: + return ("unknown/invalid error."); + } +} +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +void +freeaddrinfo(struct addrinfo *ai) +{ + struct addrinfo *next; + + for(; ai != NULL;) { + next = ai->ai_next; + free(ai); + ai = next; + } +} +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETADDRINFO +static struct +addrinfo *malloc_ai(int port, u_long addr, const struct addrinfo *hints) +{ + struct addrinfo *ai; + + ai = malloc(sizeof(*ai) + sizeof(struct sockaddr_in)); + if (ai == NULL) + return (NULL); + + memset(ai, '\0', sizeof(*ai) + sizeof(struct sockaddr_in)); + + ai->ai_addr = (struct sockaddr *)(ai + 1); + /* XXX -- ssh doesn't use sa_len */ + ai->ai_addrlen = sizeof(struct sockaddr_in); + ai->ai_addr->sa_family = ai->ai_family = AF_INET; + + ((struct sockaddr_in *)(ai)->ai_addr)->sin_port = port; + ((struct sockaddr_in *)(ai)->ai_addr)->sin_addr.s_addr = addr; + + /* XXX: the following is not generally correct, but does what we want */ + if (hints->ai_socktype) + ai->ai_socktype = hints->ai_socktype; + else + ai->ai_socktype = SOCK_STREAM; + + if (hints->ai_protocol) + ai->ai_protocol = hints->ai_protocol; + + return (ai); +} + +int +getaddrinfo(const char *hostname, const char *servname, + const struct addrinfo *hints, struct addrinfo **res) +{ + struct hostent *hp; + struct servent *sp; + struct in_addr in; + int i; + long int port; + u_long addr; + + port = 0; + if (servname != NULL) { + char *cp; + + port = strtol(servname, &cp, 10); + if (port > 0 && port <= 65535 && *cp == '\0') + port = htons(port); + else if ((sp = getservbyname(servname, NULL)) != NULL) + port = sp->s_port; + else + port = 0; + } + + if (hints && hints->ai_flags & AI_PASSIVE) { + addr = htonl(0x00000000); + if (hostname && inet_aton(hostname, &in) != 0) + addr = in.s_addr; + *res = malloc_ai(port, addr, hints); + if (*res == NULL) + return (EAI_MEMORY); + return (0); + } + + if (!hostname) { + *res = malloc_ai(port, htonl(0x7f000001), hints); + if (*res == NULL) + return (EAI_MEMORY); + return (0); + } + + if (inet_aton(hostname, &in)) { + *res = malloc_ai(port, in.s_addr, hints); + if (*res == NULL) + return (EAI_MEMORY); + return (0); + } + + /* Don't try DNS if AI_NUMERICHOST is set */ + if (hints && hints->ai_flags & AI_NUMERICHOST) + return (EAI_NONAME); + + hp = gethostbyname(hostname); + if (hp && hp->h_name && hp->h_name[0] && hp->h_addr_list[0]) { + struct addrinfo *cur, *prev; + + cur = prev = *res = NULL; + for (i = 0; hp->h_addr_list[i]; i++) { + struct in_addr *in = (struct in_addr *)hp->h_addr_list[i]; + + cur = malloc_ai(port, in->s_addr, hints); + if (cur == NULL) { + if (*res != NULL) + freeaddrinfo(*res); + return (EAI_MEMORY); + } + if (prev) + prev->ai_next = cur; + else + *res = cur; + + prev = cur; + } + return (0); + } + + return (EAI_NODATA); +} +#endif /* !HAVE_GETADDRINFO */ diff --git a/zonemaster-ldns/ldns/compat/fake-rfc2553.h b/zonemaster-ldns/ldns/compat/fake-rfc2553.h new file mode 100644 index 0000000..4c277ee --- /dev/null +++ b/zonemaster-ldns/ldns/compat/fake-rfc2553.h @@ -0,0 +1,183 @@ +/* From openssh 4.3p2 filename openbsd-compat/fake-rfc2553.h */ +/* + * Copyright (C) 2000-2003 Damien Miller. All rights reserved. + * Copyright (C) 1999 WIDE Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Pseudo-implementation of RFC2553 name / address resolution functions + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For example, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#ifndef _FAKE_RFC2553_H +#define _FAKE_RFC2553_H + +#include +#include +#include +#include + +#ifdef __cplusplus +extern "C" { +#endif + +/* + * First, socket and INET6 related definitions + */ +#ifndef HAVE_STRUCT_SOCKADDR_STORAGE +#ifndef _SS_MAXSIZE +# define _SS_MAXSIZE 128 /* Implementation specific max size */ +# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) +struct sockaddr_storage { + struct sockaddr ss_sa; + char __ss_pad2[_SS_PADSIZE]; +}; +# define ss_family ss_sa.sa_family +#endif /* _SS_MAXSIZE */ +#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ + +#ifndef IN6_IS_ADDR_LOOPBACK +# define IN6_IS_ADDR_LOOPBACK(a) \ + (((uint32_t *)(a))[0] == 0 && ((uint32_t *)(a))[1] == 0 && \ + ((uint32_t *)(a))[2] == 0 && ((uint32_t *)(a))[3] == htonl(1)) +#endif /* !IN6_IS_ADDR_LOOPBACK */ + +#ifndef HAVE_STRUCT_IN6_ADDR +struct in6_addr { + uint8_t s6_addr[16]; +}; +#endif /* !HAVE_STRUCT_IN6_ADDR */ + +#ifndef HAVE_STRUCT_SOCKADDR_IN6 +struct sockaddr_in6 { + unsigned short sin6_family; + uint16_t sin6_port; + uint32_t sin6_flowinfo; + struct in6_addr sin6_addr; +}; +#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */ + +#ifndef AF_INET6 +/* Define it to something that should never appear */ +#define AF_INET6 AF_MAX +#endif + +/* + * Next, RFC2553 name / address resolution API + */ + +#ifndef NI_NUMERICHOST +# define NI_NUMERICHOST (1) +#endif +#ifndef NI_NAMEREQD +# define NI_NAMEREQD (1<<1) +#endif +#ifndef NI_NUMERICSERV +# define NI_NUMERICSERV (1<<2) +#endif + +#ifndef AI_PASSIVE +# define AI_PASSIVE (1) +#endif +#ifndef AI_CANONNAME +# define AI_CANONNAME (1<<1) +#endif +#ifndef AI_NUMERICHOST +# define AI_NUMERICHOST (1<<2) +#endif + +#ifndef NI_MAXSERV +# define NI_MAXSERV 32 +#endif /* !NI_MAXSERV */ +#ifndef NI_MAXHOST +# define NI_MAXHOST 1025 +#endif /* !NI_MAXHOST */ + +#ifndef INT_MAX +#define INT_MAX 0xffffffff +#endif + +#ifndef EAI_NODATA +# define EAI_NODATA (INT_MAX - 1) +#endif +#ifndef EAI_MEMORY +# define EAI_MEMORY (INT_MAX - 2) +#endif +#ifndef EAI_NONAME +# define EAI_NONAME (INT_MAX - 3) +#endif +#ifndef EAI_SYSTEM +# define EAI_SYSTEM (INT_MAX - 4) +#endif + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + size_t ai_addrlen; /* length of ai_addr */ + char *ai_canonname; /* canonical name for hostname */ + struct sockaddr *ai_addr; /* binary address */ + struct addrinfo *ai_next; /* next structure in linked list */ +}; +#endif /* !HAVE_STRUCT_ADDRINFO */ + +#ifndef HAVE_GETADDRINFO +#ifdef getaddrinfo +# undef getaddrinfo +#endif +#define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d)) +int getaddrinfo(const char *, const char *, + const struct addrinfo *, struct addrinfo **); +#endif /* !HAVE_GETADDRINFO */ + +#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO) +#define gai_strerror(a) (ssh_gai_strerror(a)) +char *gai_strerror(int); +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +#define freeaddrinfo(a) (ssh_freeaddrinfo(a)) +void freeaddrinfo(struct addrinfo *); +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETNAMEINFO +#define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g)) +int getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +#endif /* !HAVE_GETNAMEINFO */ + +#ifdef __cplusplus +} +#endif + +#endif /* !_FAKE_RFC2553_H */ + diff --git a/zonemaster-ldns/ldns/compat/gmtime_r.c b/zonemaster-ldns/ldns/compat/gmtime_r.c new file mode 100644 index 0000000..7062e7d --- /dev/null +++ b/zonemaster-ldns/ldns/compat/gmtime_r.c @@ -0,0 +1,14 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_TIME_H +#include +#endif + +struct tm *gmtime_r(const time_t *timep, struct tm *result) +{ + /* no thread safety. */ + *result = *gmtime(timep); + return result; +} diff --git a/zonemaster-ldns/ldns/compat/inet_aton.c b/zonemaster-ldns/ldns/compat/inet_aton.c new file mode 100644 index 0000000..e8c3a57 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/inet_aton.c @@ -0,0 +1,182 @@ +/* From openssh4.3p2 compat/inet_aton.c */ +/* + * Copyright (c) 1983, 1990, 1993 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the University nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * - + * Portions Copyright (c) 1993 by Digital Equipment Corporation. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies, and that + * the name of Digital Equipment Corporation not be used in advertising or + * publicity pertaining to distribution of the document or software without + * specific, written prior permission. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL + * WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL DIGITAL EQUIPMENT + * CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + * - + * --Copyright-- + */ + +/* OPENBSD ORIGINAL: lib/libc/net/inet_addr.c */ + +#include + +#if !defined(HAVE_INET_ATON) + +#include +#include +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#include + +#if 0 +/* + * Ascii internet address interpretation routine. + * The value returned is in network order. + */ +in_addr_t +inet_addr(const char *cp) +{ + struct in_addr val; + + if (inet_aton(cp, &val)) + return (val.s_addr); + return (INADDR_NONE); +} +#endif + +/* + * Check whether "cp" is a valid ascii representation + * of an Internet address and convert to a binary address. + * Returns 1 if the address is valid, 0 if not. + * This replaces inet_addr, the return value from which + * cannot distinguish between failure and a local broadcast address. + */ +int +inet_aton(const char *cp, struct in_addr *addr) +{ + uint32_t val; + int base, n; + char c; + unsigned int parts[4]; + unsigned int *pp = parts; + + c = *cp; + for (;;) { + /* + * Collect number up to ``.''. + * Values are specified as for C: + * 0x=hex, 0=octal, isdigit=decimal. + */ + if (!isdigit((int) c)) + return (0); + val = 0; base = 10; + if (c == '0') { + c = *++cp; + if (c == 'x' || c == 'X') + base = 16, c = *++cp; + else + base = 8; + } + for (;;) { + if (isascii((int) c) && isdigit((int) c)) { + val = (val * base) + (c - '0'); + c = *++cp; + } else if (base == 16 && isascii((int) c) && isxdigit((int) c)) { + val = (val << 4) | + (c + 10 - (islower((int) c) ? 'a' : 'A')); + c = *++cp; + } else + break; + } + if (c == '.') { + /* + * Internet format: + * a.b.c.d + * a.b.c (with c treated as 16 bits) + * a.b (with b treated as 24 bits) + */ + if (pp >= parts + 3) + return (0); + *pp++ = val; + c = *++cp; + } else + break; + } + /* + * Check for trailing characters. + */ + if (c != '\0' && (!isascii((int) c) || !isspace((int) c))) + return (0); + /* + * Concoct the address according to + * the number of parts specified. + */ + n = pp - parts + 1; + switch (n) { + + case 0: + return (0); /* initial nondigit */ + + case 1: /* a -- 32 bits */ + break; + + case 2: /* a.b -- 8.24 bits */ + if ((val > 0xffffff) || (parts[0] > 0xff)) + return (0); + val |= parts[0] << 24; + break; + + case 3: /* a.b.c -- 8.8.16 bits */ + if ((val > 0xffff) || (parts[0] > 0xff) || (parts[1] > 0xff)) + return (0); + val |= (parts[0] << 24) | (parts[1] << 16); + break; + + case 4: /* a.b.c.d -- 8.8.8.8 bits */ + if ((val > 0xff) || (parts[0] > 0xff) || (parts[1] > 0xff) || (parts[2] > 0xff)) + return (0); + val |= (parts[0] << 24) | (parts[1] << 16) | (parts[2] << 8); + break; + } + if (addr) + addr->s_addr = htonl(val); + return (1); +} + +#endif /* !defined(HAVE_INET_ATON) */ diff --git a/zonemaster-ldns/ldns/compat/inet_ntop.c b/zonemaster-ldns/ldns/compat/inet_ntop.c new file mode 100644 index 0000000..52197d0 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/inet_ntop.c @@ -0,0 +1,218 @@ +/* From openssh 4.3p2 compat/inet_ntop.c */ +/* Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/net/inet_ntop.c */ + +#include + +#ifndef HAVE_INET_NTOP + +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#include +#include +#include + +#ifndef IN6ADDRSZ +#define IN6ADDRSZ 16 /* IPv6 T_AAAA */ +#endif + +#ifndef INT16SZ +#define INT16SZ 2 /* for systems without 16-bit ints */ +#endif + +/* + * WARNING: Don't even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + */ + +static const char *inet_ntop4(const u_char *src, char *dst, size_t size); +static const char *inet_ntop6(const u_char *src, char *dst, size_t size); + +/* char * + * inet_ntop(af, src, dst, size) + * convert a network format address to presentation format. + * return: + * pointer to presentation format address (`dst'), or NULL (see errno). + * author: + * Paul Vixie, 1996. + */ +const char * +inet_ntop(int af, const void *src, char *dst, size_t size) +{ + switch (af) { + case AF_INET: + return (inet_ntop4(src, dst, size)); + case AF_INET6: + return (inet_ntop6(src, dst, size)); + default: +#ifdef EAFNOSUPPORT + errno = EAFNOSUPPORT; +#else + errno = ENOSYS; +#endif + return (NULL); + } + /* NOTREACHED */ +} + +/* const char * + * inet_ntop4(src, dst, size) + * format an IPv4 address, more or less like inet_ntoa() + * return: + * `dst' (as a const) + * notes: + * (1) uses no statics + * (2) takes a u_char* not an in_addr as input + * author: + * Paul Vixie, 1996. + */ +static const char * +inet_ntop4(const u_char *src, char *dst, size_t size) +{ + static const char fmt[] = "%u.%u.%u.%u"; + char tmp[sizeof "255.255.255.255"]; + int l; + + l = snprintf(tmp, size, fmt, src[0], src[1], src[2], src[3]); + if (l <= 0 || l >= (int)size) { + errno = ENOSPC; + return (NULL); + } + strlcpy(dst, tmp, size); + return (dst); +} + +/* const char * + * inet_ntop6(src, dst, size) + * convert IPv6 binary address into presentation (printable) format + * author: + * Paul Vixie, 1996. + */ +static const char * +inet_ntop6(const u_char *src, char *dst, size_t size) +{ + /* + * Note that int32_t and int16_t need only be "at least" large enough + * to contain a value of the specified size. On some systems, like + * Crays, there is no such thing as an integer variable with 16 bits. + * Keep this in mind if you think this function should have been coded + * to use pointer overlays. All the world's not a VAX. + */ + char tmp[sizeof "ffff:ffff:ffff:ffff:ffff:ffff:255.255.255.255"]; + char *tp, *ep; + struct { int base, len; } best, cur; + u_int words[IN6ADDRSZ / INT16SZ]; + int i; + int advance; + + /* + * Preprocess: + * Copy the input (bytewise) array into a wordwise array. + * Find the longest run of 0x00's in src[] for :: shorthanding. + */ + memset(words, '\0', sizeof words); + for (i = 0; i < IN6ADDRSZ; i++) + words[i / 2] |= (src[i] << ((1 - (i % 2)) << 3)); + best.base = -1; + best.len = 0; + cur.base = -1; + cur.len = 0; + for (i = 0; i < (IN6ADDRSZ / INT16SZ); i++) { + if (words[i] == 0) { + if (cur.base == -1) + cur.base = i, cur.len = 1; + else + cur.len++; + } else { + if (cur.base != -1) { + if (best.base == -1 || cur.len > best.len) + best = cur; + cur.base = -1; + } + } + } + if (cur.base != -1) { + if (best.base == -1 || cur.len > best.len) + best = cur; + } + if (best.base != -1 && best.len < 2) + best.base = -1; + + /* + * Format the result. + */ + tp = tmp; + ep = tmp + sizeof(tmp); + for (i = 0; i < (IN6ADDRSZ / INT16SZ) && tp < ep; i++) { + /* Are we inside the best run of 0x00's? */ + if (best.base != -1 && i >= best.base && + i < (best.base + best.len)) { + if (i == best.base) { + if (tp + 1 >= ep) + return (NULL); + *tp++ = ':'; + } + continue; + } + /* Are we following an initial run of 0x00s or any real hex? */ + if (i != 0) { + if (tp + 1 >= ep) + return (NULL); + *tp++ = ':'; + } + /* Is this address an encapsulated IPv4? */ + if (i == 6 && best.base == 0 && + (best.len == 6 || (best.len == 5 && words[5] == 0xffff))) { + if (!inet_ntop4(src+12, tp, (size_t)(ep - tp))) + return (NULL); + tp += strlen(tp); + break; + } + advance = snprintf(tp, ep - tp, "%x", words[i]); + if (advance <= 0 || advance >= ep - tp) + return (NULL); + tp += advance; + } + /* Was it a trailing run of 0x00's? */ + if (best.base != -1 && (best.base + best.len) == (IN6ADDRSZ / INT16SZ)) { + if (tp + 1 >= ep) + return (NULL); + *tp++ = ':'; + } + if (tp + 1 >= ep) + return (NULL); + *tp++ = '\0'; + + /* + * Check for overflow, copy, and we're done. + */ + if ((size_t)(tp - tmp) > size) { + errno = ENOSPC; + return (NULL); + } + strlcpy(dst, tmp, size); + return (dst); +} + +#endif /* !HAVE_INET_NTOP */ diff --git a/zonemaster-ldns/ldns/compat/inet_pton.c b/zonemaster-ldns/ldns/compat/inet_pton.c new file mode 100644 index 0000000..7a4f576 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/inet_pton.c @@ -0,0 +1,230 @@ +/* $KAME: inet_pton.c,v 1.5 2001/08/20 02:32:40 itojun Exp $ */ + +/* Copyright (c) 1996 by Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS + * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES + * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE + * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL + * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR + * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS + * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS + * SOFTWARE. + */ + +#include + +#include +#include +#include + +/* + * WARNING: Don't even consider trying to compile this on a system where + * sizeof(int) < 4. sizeof(int) > 4 is fine; all the world's not a VAX. + */ + +static int inet_pton4 (const char *src, uint8_t *dst); +static int inet_pton6 (const char *src, uint8_t *dst); + +/* + * + * The definitions we might miss. + * + */ +#ifndef NS_INT16SZ +#define NS_INT16SZ 2 +#endif + +#ifndef NS_IN6ADDRSZ +#define NS_IN6ADDRSZ 16 +#endif + +#ifndef NS_INADDRSZ +#define NS_INADDRSZ 4 +#endif + +/* int + * inet_pton(af, src, dst) + * convert from presentation format (which usually means ASCII printable) + * to network format (which is usually some kind of binary format). + * return: + * 1 if the address was valid for the specified address family + * 0 if the address wasn't valid (`dst' is untouched in this case) + * -1 if some other error occurred (`dst' is untouched in this case, too) + * author: + * Paul Vixie, 1996. + */ +int +inet_pton(af, src, dst) + int af; + const char *src; + void *dst; +{ + switch (af) { + case AF_INET: + return (inet_pton4(src, dst)); + case AF_INET6: + return (inet_pton6(src, dst)); + default: +#ifdef EAFNOSUPPORT + errno = EAFNOSUPPORT; +#else + errno = ENOSYS; +#endif + return (-1); + } + /* NOTREACHED */ +} + +/* int + * inet_pton4(src, dst) + * like inet_aton() but without all the hexadecimal and shorthand. + * return: + * 1 if `src' is a valid dotted quad, else 0. + * notice: + * does not touch `dst' unless it's returning 1. + * author: + * Paul Vixie, 1996. + */ +static int +inet_pton4(src, dst) + const char *src; + uint8_t *dst; +{ + static const char digits[] = "0123456789"; + int saw_digit, octets, ch; + uint8_t tmp[NS_INADDRSZ], *tp; + + saw_digit = 0; + octets = 0; + *(tp = tmp) = 0; + while ((ch = *src++) != '\0') { + const char *pch; + + if ((pch = strchr(digits, ch)) != NULL) { + uint32_t new = *tp * 10 + (pch - digits); + + if (new > 255) + return (0); + *tp = new; + if (! saw_digit) { + if (++octets > 4) + return (0); + saw_digit = 1; + } + } else if (ch == '.' && saw_digit) { + if (octets == 4) + return (0); + *++tp = 0; + saw_digit = 0; + } else + return (0); + } + if (octets < 4) + return (0); + + memcpy(dst, tmp, NS_INADDRSZ); + return (1); +} + +/* int + * inet_pton6(src, dst) + * convert presentation level address to network order binary form. + * return: + * 1 if `src' is a valid [RFC1884 2.2] address, else 0. + * notice: + * (1) does not touch `dst' unless it's returning 1. + * (2) :: in a full address is silently ignored. + * credit: + * inspired by Mark Andrews. + * author: + * Paul Vixie, 1996. + */ +static int +inet_pton6(src, dst) + const char *src; + uint8_t *dst; +{ + static const char xdigits_l[] = "0123456789abcdef", + xdigits_u[] = "0123456789ABCDEF"; + uint8_t tmp[NS_IN6ADDRSZ], *tp, *endp, *colonp; + const char *xdigits, *curtok; + int ch, saw_xdigit; + uint32_t val; + + memset((tp = tmp), '\0', NS_IN6ADDRSZ); + endp = tp + NS_IN6ADDRSZ; + colonp = NULL; + /* Leading :: requires some special handling. */ + if (*src == ':') + if (*++src != ':') + return (0); + curtok = src; + saw_xdigit = 0; + val = 0; + while ((ch = *src++) != '\0') { + const char *pch; + + if ((pch = strchr((xdigits = xdigits_l), ch)) == NULL) + pch = strchr((xdigits = xdigits_u), ch); + if (pch != NULL) { + val <<= 4; + val |= (pch - xdigits); + if (val > 0xffff) + return (0); + saw_xdigit = 1; + continue; + } + if (ch == ':') { + curtok = src; + if (!saw_xdigit) { + if (colonp) + return (0); + colonp = tp; + continue; + } + if (tp + NS_INT16SZ > endp) + return (0); + *tp++ = (uint8_t) (val >> 8) & 0xff; + *tp++ = (uint8_t) val & 0xff; + saw_xdigit = 0; + val = 0; + continue; + } + if (ch == '.' && ((tp + NS_INADDRSZ) <= endp) && + inet_pton4(curtok, tp) > 0) { + tp += NS_INADDRSZ; + saw_xdigit = 0; + break; /* '\0' was seen by inet_pton4(). */ + } + return (0); + } + if (saw_xdigit) { + if (tp + NS_INT16SZ > endp) + return (0); + *tp++ = (uint8_t) (val >> 8) & 0xff; + *tp++ = (uint8_t) val & 0xff; + } + if (colonp != NULL) { + /* + * Since some memmove()'s erroneously fail to handle + * overlapping regions, we'll do the shift by hand. + */ + const int n = tp - colonp; + int i; + + for (i = 1; i <= n; i++) { + endp[- i] = colonp[n - i]; + colonp[n - i] = 0; + } + tp = endp; + } + if (tp != endp) + return (0); + memcpy(dst, tmp, NS_IN6ADDRSZ); + return (1); +} diff --git a/zonemaster-ldns/ldns/compat/isascii.c b/zonemaster-ldns/ldns/compat/isascii.c new file mode 100644 index 0000000..8a4ab37 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/isascii.c @@ -0,0 +1,15 @@ +/* Just a replacement, if the original isascii is not + present */ + +#if HAVE_CONFIG_H +#include +#endif + +int isascii(int c); + +/* true if character is ascii. */ +int +isascii(int c) +{ + return c >= 0 && c < 128; +} diff --git a/zonemaster-ldns/ldns/compat/isblank.c b/zonemaster-ldns/ldns/compat/isblank.c new file mode 100644 index 0000000..3b38154 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/isblank.c @@ -0,0 +1,15 @@ +/* Just a replacement, if the original isblank is not + present */ + +#if HAVE_CONFIG_H +#include +#endif + +int isblank(int c); + +/* true if character is a blank (space or tab). C99. */ +int +isblank(int c) +{ + return (c == ' ') || (c == '\t'); +} diff --git a/zonemaster-ldns/ldns/compat/localtime_r.c b/zonemaster-ldns/ldns/compat/localtime_r.c new file mode 100644 index 0000000..017c6e4 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/localtime_r.c @@ -0,0 +1,14 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#ifdef HAVE_TIME_H +#include +#endif + +struct tm *localtime_r(const time_t *timep, struct tm *result) +{ + /* no thread safety. */ + *result = *localtime(timep); + return result; +} diff --git a/zonemaster-ldns/ldns/compat/malloc.c b/zonemaster-ldns/ldns/compat/malloc.c new file mode 100644 index 0000000..352c6d4 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/malloc.c @@ -0,0 +1,22 @@ +/* Just a replacement, if the original malloc is not + GNU-compliant. See autoconf documentation. */ + +#if HAVE_CONFIG_H +#include +#endif +#undef malloc + +#include + +void *malloc (size_t n); + +/* Allocate an N-byte block of memory from the heap. + If N is zero, allocate a 1-byte block. */ + +void * +rpl_malloc (size_t n) +{ + if (n == 0) + n = 1; + return malloc (n); +} diff --git a/zonemaster-ldns/ldns/compat/memmove.c b/zonemaster-ldns/ldns/compat/memmove.c new file mode 100644 index 0000000..e458092 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/memmove.c @@ -0,0 +1,43 @@ +/* + * memmove.c: memmove compat implementation. + * + * Copyright (c) 2001-2008, NLnet Labs. All rights reserved. + * + * See LICENSE for the license. +*/ + +#include +#include + +void *memmove(void *dest, const void *src, size_t n); + +void *memmove(void *dest, const void *src, size_t n) +{ + uint8_t* from = (uint8_t*) src; + uint8_t* to = (uint8_t*) dest; + + if (from == to || n == 0) + return dest; + if (to > from && to-from < (int)n) { + /* to overlaps with from */ + /* */ + /* */ + /* copy in reverse, to avoid overwriting from */ + int i; + for(i=n-1; i>=0; i--) + to[i] = from[i]; + return dest; + } + if (from > to && from-to < (int)n) { + /* to overlaps with from */ + /* */ + /* */ + /* copy forwards, to avoid overwriting from */ + size_t i; + for(i=0; i +#endif +#undef realloc + +#include + +void *realloc (void*, size_t); +void *malloc (size_t); + +/* Changes allocation to new sizes, copies over old data. + * if oldptr is NULL, does a malloc. + * if size is zero, allocate 1-byte block.... + * (does not return NULL and free block) + */ + +void * +rpl_realloc (void* ptr, size_t n) +{ + if (n == 0) + n = 1; + if(ptr == 0) { + return malloc(n); + } + return realloc(ptr, n); +} + diff --git a/zonemaster-ldns/ldns/compat/snprintf.c b/zonemaster-ldns/ldns/compat/snprintf.c new file mode 100644 index 0000000..67ae7eb --- /dev/null +++ b/zonemaster-ldns/ldns/compat/snprintf.c @@ -0,0 +1,1036 @@ +/* snprintf - compatibility implementation of snprintf, vsnprintf + * + * Copyright (c) 2013, NLnet Labs. All rights reserved. + * + * This software is open source. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * + * Redistributions in binary form must reproduce the above copyright notice, + * this list of conditions and the following disclaimer in the documentation + * and/or other materials provided with the distribution. + * + * Neither the name of the NLNET LABS nor the names of its contributors may + * be used to endorse or promote products derived from this software without + * specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED + * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR + * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF + * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING + * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS + * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ + +#include +#include +#include +#include +#include +#include +#include +#ifdef HAVE_STDINT_H +#include +#endif + +/* for test */ +/* #define SNPRINTF_TEST 1 */ +#ifdef SNPRINTF_TEST +#define snprintf my_snprintf +#define vsnprintf my_vsnprintf +#endif /* SNPRINTF_TEST */ + +int snprintf(char* str, size_t size, const char* format, ...); +int vsnprintf(char* str, size_t size, const char* format, va_list arg); + +/** + * Very portable snprintf implementation, limited in functionality, + * esp. for %[capital] %[nonportable] and so on. Reduced float functionality, + * mostly in formatting and range (e+-16), for %f and %g. + * + * %s, %d, %u, %i, %x, %c, %n and %% are fully supported. + * This includes width, precision, flags 0- +, and *(arg for wid,prec). + * %f, %g, %m, %p have reduced support, support for wid,prec,flags,*, but + * less floating point range, no %e formatting for %g. + */ +int snprintf(char* str, size_t size, const char* format, ...) +{ + int r; + va_list args; + va_start(args, format); + r = vsnprintf(str, size, format, args); + va_end(args); + return r; +} + +/** add padding to string */ +static void +print_pad(char** at, size_t* left, int* ret, char p, int num) +{ + while(num--) { + if(*left > 1) { + *(*at)++ = p; + (*left)--; + } + (*ret)++; + } +} + +/** get negative symbol, 0 if none */ +static char +get_negsign(int negative, int plus, int space) +{ + if(negative) + return '-'; + if(plus) + return '+'; + if(space) + return ' '; + return 0; +} + +#define PRINT_DEC_BUFSZ 32 /* 20 is enough for 64 bit decimals */ +/** print decimal into buffer, returns length */ +static int +print_dec(char* buf, int max, unsigned int value) +{ + int i = 0; + if(value == 0) { + if(max > 0) { + buf[0] = '0'; + i = 1; + } + } else while(value && i < max) { + buf[i++] = '0' + value % 10; + value /= 10; + } + return i; +} + +/** print long decimal into buffer, returns length */ +static int +print_dec_l(char* buf, int max, unsigned long value) +{ + int i = 0; + if(value == 0) { + if(max > 0) { + buf[0] = '0'; + i = 1; + } + } else while(value && i < max) { + buf[i++] = '0' + value % 10; + value /= 10; + } + return i; +} + +/** print long decimal into buffer, returns length */ +static int +print_dec_ll(char* buf, int max, unsigned long long value) +{ + int i = 0; + if(value == 0) { + if(max > 0) { + buf[0] = '0'; + i = 1; + } + } else while(value && i < max) { + buf[i++] = '0' + value % 10; + value /= 10; + } + return i; +} + +/** print hex into buffer, returns length */ +static int +print_hex(char* buf, int max, unsigned int value) +{ + const char* h = "0123456789abcdef"; + int i = 0; + if(value == 0) { + if(max > 0) { + buf[0] = '0'; + i = 1; + } + } else while(value && i < max) { + buf[i++] = h[value & 0x0f]; + value >>= 4; + } + return i; +} + +/** print long hex into buffer, returns length */ +static int +print_hex_l(char* buf, int max, unsigned long value) +{ + const char* h = "0123456789abcdef"; + int i = 0; + if(value == 0) { + if(max > 0) { + buf[0] = '0'; + i = 1; + } + } else while(value && i < max) { + buf[i++] = h[value & 0x0f]; + value >>= 4; + } + return i; +} + +/** print long long hex into buffer, returns length */ +static int +print_hex_ll(char* buf, int max, unsigned long long value) +{ + const char* h = "0123456789abcdef"; + int i = 0; + if(value == 0) { + if(max > 0) { + buf[0] = '0'; + i = 1; + } + } else while(value && i < max) { + buf[i++] = h[value & 0x0f]; + value >>= 4; + } + return i; +} + +/** copy string into result, reversed */ +static void +spool_str_rev(char** at, size_t* left, int* ret, const char* buf, int len) +{ + int i = len; + while(i) { + if(*left > 1) { + *(*at)++ = buf[--i]; + (*left)--; + } else --i; + (*ret)++; + } +} + +/** copy string into result */ +static void +spool_str(char** at, size_t* left, int* ret, const char* buf, int len) +{ + int i; + for(i=0; i 1) { + *(*at)++ = buf[i]; + (*left)--; + } + (*ret)++; + } +} + +/** print number formatted */ +static void +print_num(char** at, size_t* left, int* ret, int minw, int precision, + int prgiven, int zeropad, int minus, int plus, int space, + int zero, int negative, char* buf, int len) +{ + int w = len; /* excludes minus sign */ + char s = get_negsign(negative, plus, space); + if(minus) { + /* left adjust the number into the field, space padding */ + /* calc numw = [sign][zeroes][number] */ + int numw = w; + if(precision == 0 && zero) numw = 0; + if(numw < precision) numw = precision; + if(s) numw++; + + /* sign */ + if(s) print_pad(at, left, ret, s, 1); + + /* number */ + if(precision == 0 && zero) { + /* "" for the number */ + } else { + if(w < precision) + print_pad(at, left, ret, '0', precision - w); + spool_str_rev(at, left, ret, buf, len); + } + /* spaces */ + if(numw < minw) + print_pad(at, left, ret, ' ', minw - numw); + } else { + /* pad on the left of the number */ + /* calculate numw has width of [sign][zeroes][number] */ + int numw = w; + if(precision == 0 && zero) numw = 0; + if(numw < precision) numw = precision; + if(!prgiven && zeropad && numw < minw) numw = minw; + else if(s) numw++; + + /* pad with spaces */ + if(numw < minw) + print_pad(at, left, ret, ' ', minw - numw); + /* print sign (and one less zeropad if so) */ + if(s) { + print_pad(at, left, ret, s, 1); + numw--; + } + /* pad with zeroes */ + if(w < numw) + print_pad(at, left, ret, '0', numw - w); + if(precision == 0 && zero) + return; + /* print the characters for the value */ + spool_str_rev(at, left, ret, buf, len); + } +} + +/** print %d and %i */ +static void +print_num_d(char** at, size_t* left, int* ret, int value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = (value < 0); + int zero = (value == 0); + int len = print_dec(buf, (int)sizeof(buf), + (unsigned int)(negative?-value:value)); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %ld and %li */ +static void +print_num_ld(char** at, size_t* left, int* ret, long value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = (value < 0); + int zero = (value == 0); + int len = print_dec_l(buf, (int)sizeof(buf), + (unsigned long)(negative?-value:value)); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %lld and %lli */ +static void +print_num_lld(char** at, size_t* left, int* ret, long long value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = (value < 0); + int zero = (value == 0); + int len = print_dec_ll(buf, (int)sizeof(buf), + (unsigned long long)(negative?-value:value)); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %u */ +static void +print_num_u(char** at, size_t* left, int* ret, unsigned int value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = 0; + int zero = (value == 0); + int len = print_dec(buf, (int)sizeof(buf), value); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %lu */ +static void +print_num_lu(char** at, size_t* left, int* ret, unsigned long value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = 0; + int zero = (value == 0); + int len = print_dec_l(buf, (int)sizeof(buf), value); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %llu */ +static void +print_num_llu(char** at, size_t* left, int* ret, unsigned long long value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = 0; + int zero = (value == 0); + int len = print_dec_ll(buf, (int)sizeof(buf), value); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %x */ +static void +print_num_x(char** at, size_t* left, int* ret, unsigned int value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = 0; + int zero = (value == 0); + int len = print_hex(buf, (int)sizeof(buf), value); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %lx */ +static void +print_num_lx(char** at, size_t* left, int* ret, unsigned long value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = 0; + int zero = (value == 0); + int len = print_hex_l(buf, (int)sizeof(buf), value); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %llx */ +static void +print_num_llx(char** at, size_t* left, int* ret, unsigned long long value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = 0; + int zero = (value == 0); + int len = print_hex_ll(buf, (int)sizeof(buf), value); + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/** print %llp */ +static void +print_num_llp(char** at, size_t* left, int* ret, void* value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_DEC_BUFSZ]; + int negative = 0; + int zero = (value == 0); +#if defined(UINTPTR_MAX) && defined(UINT32_MAX) && (UINTPTR_MAX == UINT32_MAX) + /* avoid warning about upcast on 32bit systems */ + unsigned long long llvalue = (unsigned long)value; +#else + unsigned long long llvalue = (unsigned long long)value; +#endif + int len = print_hex_ll(buf, (int)sizeof(buf), llvalue); + if(zero) { + buf[0]=')'; + buf[1]='l'; + buf[2]='i'; + buf[3]='n'; + buf[4]='('; + len = 5; + } else { + /* put '0x' in front of the (reversed) buffer result */ + if(len < PRINT_DEC_BUFSZ) + buf[len++] = 'x'; + if(len < PRINT_DEC_BUFSZ) + buf[len++] = '0'; + } + print_num(at, left, ret, minw, precision, prgiven, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +#define PRINT_FLOAT_BUFSZ 64 /* xx.yy with 20.20 about the max */ +/** spool remainder after the decimal point to buffer, in reverse */ +static int +print_remainder(char* buf, int max, double r, int prec) +{ + unsigned long long cap = 1; + unsigned long long value; + int len, i; + if(prec > 19) prec = 19; /* max we can do */ + if(max < prec) return 0; + for(i=0; i= 5) { + value++; + /* that might carry to numbers before the comma, if so, + * just ignore that rounding. failure because 64bitprintout */ + if(value >= cap) + value = cap-1; + } + len = print_dec_ll(buf, max, value); + while(len < prec) { /* pad with zeroes, e.g. if 0.0012 */ + buf[len++] = '0'; + } + if(len < max) + buf[len++] = '.'; + return len; +} + +/** spool floating point to buffer */ +static int +print_float(char* buf, int max, double value, int prec) +{ + /* as xxx.xxx if prec==0, no '.', with prec decimals after . */ + /* no conversion for NAN and INF, because we do not want to require + linking with -lm. */ + /* Thus, the conversions use 64bit integers to convert the numbers, + * which makes 19 digits before and after the decimal point the max */ + unsigned long long whole = (unsigned long long)value; + double remain = value - (double)whole; + int len = 0; + if(prec != 0) + len = print_remainder(buf, max, remain, prec); + len += print_dec_ll(buf+len, max-len, whole); + return len; +} + +/** print %f */ +static void +print_num_f(char** at, size_t* left, int* ret, double value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_FLOAT_BUFSZ]; + int negative = (value < 0); + int zero = 0; + int len; + if(!prgiven) precision = 6; + len = print_float(buf, (int)sizeof(buf), negative?-value:value, + precision); + print_num(at, left, ret, minw, 1, 0, zeropad, minus, + plus, space, zero, negative, buf, len); +} + +/* rudimentary %g support */ +static int +print_float_g(char* buf, int max, double value, int prec) +{ + unsigned long long whole = (unsigned long long)value; + double remain = value - (double)whole; + int before = 0; + int len = 0; + + /* number of digits before the decimal point */ + while(whole > 0) { + before++; + whole /= 10; + } + whole = (unsigned long long)value; + + if(prec > before && remain != 0.0) { + /* see if the last decimals are zero, if so, skip them */ + len = print_remainder(buf, max, remain, prec-before); + while(len > 0 && buf[0]=='0') { + memmove(buf, buf+1, --len); + } + } + len += print_dec_ll(buf+len, max-len, whole); + return len; +} + + +/** print %g */ +static void +print_num_g(char** at, size_t* left, int* ret, double value, + int minw, int precision, int prgiven, int zeropad, int minus, + int plus, int space) +{ + char buf[PRINT_FLOAT_BUFSZ]; + int negative = (value < 0); + int zero = 0; + int len; + if(!prgiven) precision = 6; + if(precision == 0) precision = 1; + len = print_float_g(buf, (int)sizeof(buf), negative?-value:value, + precision); + print_num(at, left, ret, minw, 1, 0, zeropad, minus, + plus, space, zero, negative, buf, len); +} + + +/** strnlen (compat implementation) */ +static int +my_strnlen(const char* s, int max) +{ + int i; + for(i=0; i 1) { + *at++ = *fmt++; + left--; + } else fmt++; + ret++; + } + + /* see if we are at end */ + if(!*fmt) break; + + /* fetch next argument % designation from format string */ + fmt++; /* skip the '%' */ + + /********************************/ + /* get the argument designation */ + /********************************/ + /* we must do this vararg stuff inside this function for + * portability. Hence, get_designation, and print_designation + * are not their own functions. */ + + /* printout designation: + * conversion specifier: x, d, u, s, c, n, m, p + * flags: # not supported + * 0 zeropad (on the left) + * - left adjust (right by default) + * ' ' printspace for positive number (in - position). + * + alwayssign + * fieldwidth: [1-9][0-9]* minimum field width. + * if this is * then type int next argument specifies the minwidth. + * if this is negative, the - flag is set (with positive width). + * precision: period[digits]*, %.2x. + * if this is * then type int next argument specifies the precision. + * just '.' or negative value means precision=0. + * this is mindigits to print for d, i, u, x + * this is aftercomma digits for f + * this is max number significant digits for g + * maxnumber characters to be printed for s + * length: 0-none (int), 1-l (long), 2-ll (long long) + * notsupported: hh (char), h (short), L (long double), q, j, z, t + * Does not support %m$ and *m$ argument designation as array indices. + * Does not support %#x + * + */ + minw = 0; + precision = 1; + prgiven = 0; + zeropad = 0; + minus = 0; + plus = 0; + space = 0; + length = 0; + + /* get flags in any order */ + for(;;) { + if(*fmt == '0') + zeropad = 1; + else if(*fmt == '-') + minus = 1; + else if(*fmt == '+') + plus = 1; + else if(*fmt == ' ') + space = 1; + else break; + fmt++; + } + + /* field width */ + if(*fmt == '*') { + fmt++; /* skip char */ + minw = va_arg(arg, int); + if(minw < 0) { + minus = 1; + minw = -minw; + } + } else while(*fmt >= '0' && *fmt <= '9') { + minw = minw*10 + (*fmt++)-'0'; + } + + /* precision */ + if(*fmt == '.') { + fmt++; /* skip period */ + prgiven = 1; + precision = 0; + if(*fmt == '*') { + fmt++; /* skip char */ + precision = va_arg(arg, int); + if(precision < 0) + precision = 0; + } else while(*fmt >= '0' && *fmt <= '9') { + precision = precision*10 + (*fmt++)-'0'; + } + } + + /* length */ + if(*fmt == 'l') { + fmt++; /* skip char */ + length = 1; + if(*fmt == 'l') { + fmt++; /* skip char */ + length = 2; + } + } + + /* get the conversion */ + if(!*fmt) conv = 0; + else conv = *fmt++; + + /***********************************/ + /* print that argument designation */ + /***********************************/ + switch(conv) { + case 'i': + case 'd': + if(length == 0) + print_num_d(&at, &left, &ret, va_arg(arg, int), + minw, precision, prgiven, zeropad, minus, plus, space); + else if(length == 1) + print_num_ld(&at, &left, &ret, va_arg(arg, long), + minw, precision, prgiven, zeropad, minus, plus, space); + else if(length == 2) + print_num_lld(&at, &left, &ret, + va_arg(arg, long long), + minw, precision, prgiven, zeropad, minus, plus, space); + break; + case 'u': + if(length == 0) + print_num_u(&at, &left, &ret, + va_arg(arg, unsigned int), + minw, precision, prgiven, zeropad, minus, plus, space); + else if(length == 1) + print_num_lu(&at, &left, &ret, + va_arg(arg, unsigned long), + minw, precision, prgiven, zeropad, minus, plus, space); + else if(length == 2) + print_num_llu(&at, &left, &ret, + va_arg(arg, unsigned long long), + minw, precision, prgiven, zeropad, minus, plus, space); + break; + case 'x': + if(length == 0) + print_num_x(&at, &left, &ret, + va_arg(arg, unsigned int), + minw, precision, prgiven, zeropad, minus, plus, space); + else if(length == 1) + print_num_lx(&at, &left, &ret, + va_arg(arg, unsigned long), + minw, precision, prgiven, zeropad, minus, plus, space); + else if(length == 2) + print_num_llx(&at, &left, &ret, + va_arg(arg, unsigned long long), + minw, precision, prgiven, zeropad, minus, plus, space); + break; + case 's': + print_str(&at, &left, &ret, va_arg(arg, char*), + minw, precision, prgiven, minus); + break; + case 'c': + print_char(&at, &left, &ret, va_arg(arg, int), + minw, minus); + break; + case 'n': + *va_arg(arg, int*) = ret; + break; + case 'm': + print_str(&at, &left, &ret, strerror(errno), + minw, precision, prgiven, minus); + break; + case 'p': + print_num_llp(&at, &left, &ret, va_arg(arg, void*), + minw, precision, prgiven, zeropad, minus, plus, space); + break; + case '%': + print_pad(&at, &left, &ret, '%', 1); + break; + case 'f': + print_num_f(&at, &left, &ret, va_arg(arg, double), + minw, precision, prgiven, zeropad, minus, plus, space); + break; + case 'g': + print_num_g(&at, &left, &ret, va_arg(arg, double), + minw, precision, prgiven, zeropad, minus, plus, space); + break; + /* unknown */ + default: + case 0: break; + } + } + + /* zero terminate */ + if(left > 0) + *at = 0; + return ret; +} + +#ifdef SNPRINTF_TEST + +/** do tests */ +#undef snprintf +#define DOTEST(bufsz, result, retval, ...) do { \ + char buf[bufsz]; \ + printf("now test %s\n", #__VA_ARGS__); \ + int r=my_snprintf(buf, sizeof(buf), __VA_ARGS__); \ + if(r != retval || strcmp(buf, result) != 0) { \ + printf("error test(%s) was \"%s\":%d\n", \ + ""#bufsz", "#result", "#retval", "#__VA_ARGS__, \ + buf, r); \ + exit(1); \ + } \ + r=snprintf(buf, sizeof(buf), __VA_ARGS__); \ + if(r != retval || strcmp(buf, result) != 0) { \ + printf("error test(%s) differs with system, \"%s\":%d\n", \ + ""#bufsz", "#result", "#retval", "#__VA_ARGS__, \ + buf, r); \ + exit(1); \ + } \ + printf("test(\"%s\":%d) passed\n", buf, r); \ + } while(0); + +/** test program */ +int main(void) +{ + int x = 0; + + /* bufsize, expectedstring, expectedretval, snprintf arguments */ + DOTEST(1024, "hello", 5, "hello"); + DOTEST(1024, "h", 1, "h"); + /* warning from gcc for format string, but it does work + * DOTEST(1024, "", 0, ""); */ + + DOTEST(3, "he", 5, "hello"); + DOTEST(1, "", 7, "%d", 7823089); + + /* test positive numbers */ + DOTEST(1024, "0", 1, "%d", 0); + DOTEST(1024, "1", 1, "%d", 1); + DOTEST(1024, "9", 1, "%d", 9); + DOTEST(1024, "15", 2, "%d", 15); + DOTEST(1024, "ab15cd", 6, "ab%dcd", 15); + DOTEST(1024, "167", 3, "%d", 167); + DOTEST(1024, "7823089", 7, "%d", 7823089); + DOTEST(1024, " 12", 3, "%3d", 12); + DOTEST(1024, "012", 3, "%.3d", 12); + DOTEST(1024, "012", 3, "%3.3d", 12); + DOTEST(1024, "012", 3, "%03d", 12); + DOTEST(1024, " 012", 4, "%4.3d", 12); + DOTEST(1024, "", 0, "%.0d", 0); + + /* test negative numbers */ + DOTEST(1024, "-1", 2, "%d", -1); + DOTEST(1024, "-12", 3, "%3d", -12); + DOTEST(1024, " -2", 3, "%3d", -2); + DOTEST(1024, "-012", 4, "%.3d", -12); + DOTEST(1024, "-012", 4, "%3.3d", -12); + DOTEST(1024, "-012", 4, "%4.3d", -12); + DOTEST(1024, " -012", 5, "%5.3d", -12); + DOTEST(1024, "-12", 3, "%03d", -12); + DOTEST(1024, "-02", 3, "%03d", -2); + DOTEST(1024, "-15", 3, "%d", -15); + DOTEST(1024, "-7307", 5, "%d", -7307); + DOTEST(1024, "-12 ", 5, "%-5d", -12); + DOTEST(1024, "-00012", 6, "%-.5d", -12); + + /* test + and space flags */ + DOTEST(1024, "+12", 3, "%+d", 12); + DOTEST(1024, " 12", 3, "% d", 12); + + /* test %u */ + DOTEST(1024, "12", 2, "%u", 12); + DOTEST(1024, "0", 1, "%u", 0); + DOTEST(1024, "4294967295", 10, "%u", 0xffffffff); + + /* test %x */ + DOTEST(1024, "0", 1, "%x", 0); + DOTEST(1024, "c", 1, "%x", 12); + DOTEST(1024, "12ab34cd", 8, "%x", 0x12ab34cd); + + /* test %llu, %lld */ + DOTEST(1024, "18446744073709551615", 20, "%llu", + (long long)0xffffffffffffffff); + DOTEST(1024, "-9223372036854775808", 20, "%lld", + (long long)0x8000000000000000); + DOTEST(1024, "9223372036854775808", 19, "%llu", + (long long)0x8000000000000000); + + /* test %s */ + DOTEST(1024, "hello", 5, "%s", "hello"); + DOTEST(1024, " hello", 10, "%10s", "hello"); + DOTEST(1024, "hello ", 10, "%-10s", "hello"); + DOTEST(1024, "he", 2, "%.2s", "hello"); + DOTEST(1024, " he", 4, "%4.2s", "hello"); + DOTEST(1024, " h", 4, "%4.2s", "h"); + + /* test %c */ + DOTEST(1024, "a", 1, "%c", 'a'); + /* warning from gcc for format string, but it does work + DOTEST(1024, " a", 5, "%5c", 'a'); + DOTEST(1024, "a", 1, "%.0c", 'a'); */ + + /* test %n */ + DOTEST(1024, "hello", 5, "hello%n", &x); + if(x != 5) { printf("the %%n failed\n"); exit(1); } + + /* test %m */ + errno = 0; + DOTEST(1024, "Success", 7, "%m"); + + /* test %p */ + DOTEST(1024, "0x10", 4, "%p", (void*)0x10); + DOTEST(1024, "(nil)", 5, "%p", (void*)0x0); + + /* test %% */ + DOTEST(1024, "%", 1, "%%"); + + /* test %f */ + DOTEST(1024, "0.000000", 8, "%f", 0.0); + DOTEST(1024, "0.00", 4, "%.2f", 0.0); + /* differs, "-0.00" DOTEST(1024, "0.00", 4, "%.2f", -0.0); */ + DOTEST(1024, "234.00", 6, "%.2f", 234.005); + DOTEST(1024, "8973497.1246", 12, "%.4f", 8973497.12456); + DOTEST(1024, "-12.000000", 10, "%f", -12.0); + DOTEST(1024, "6", 1, "%.0f", 6.0); + + DOTEST(1024, "6", 1, "%g", 6.0); + DOTEST(1024, "6.1", 3, "%g", 6.1); + DOTEST(1024, "6.15", 4, "%g", 6.15); + + /* These format strings are from the code of NSD, Unbound, ldns */ + + DOTEST(1024, "abcdef", 6, "%s", "abcdef"); + DOTEST(1024, "005", 3, "%03u", 5); + DOTEST(1024, "12345", 5, "%03u", 12345); + DOTEST(1024, "5", 1, "%d", 5); + DOTEST(1024, "(nil)", 5, "%p", NULL); + DOTEST(1024, "12345", 5, "%ld", (long)12345); + DOTEST(1024, "12345", 5, "%lu", (long)12345); + DOTEST(1024, " 12345", 12, "%12u", (unsigned)12345); + DOTEST(1024, "12345", 5, "%u", (unsigned)12345); + DOTEST(1024, "12345", 5, "%llu", (unsigned long long)12345); + DOTEST(1024, "12345", 5, "%x", 0x12345); + DOTEST(1024, "12345", 5, "%llx", (long long)0x12345); + DOTEST(1024, "012345", 6, "%6.6d", 12345); + DOTEST(1024, "012345", 6, "%6.6u", 12345); + DOTEST(1024, "1234.54", 7, "%g", 1234.54); + DOTEST(1024, "123456789.54", 12, "%.12g", 123456789.54); + DOTEST(1024, "3456789123456.54", 16, "%.16g", 3456789123456.54); + /* %24g does not work with 24 digits, not enough accuracy, + * the first 16 digits are correct */ + DOTEST(1024, "12345", 5, "%3.3d", 12345); + DOTEST(1024, "000", 3, "%3.3d", 0); + DOTEST(1024, "001", 3, "%3.3d", 1); + DOTEST(1024, "012", 3, "%3.3d", 12); + DOTEST(1024, "-012", 4, "%3.3d", -12); + DOTEST(1024, "he", 2, "%.2s", "hello"); + DOTEST(1024, "helloworld", 10, "%s%s", "hello", "world"); + DOTEST(1024, "he", 2, "%.*s", 2, "hello"); + DOTEST(1024, " hello", 7, "%*s", 7, "hello"); + DOTEST(1024, "hello ", 7, "%*s", -7, "hello"); + DOTEST(1024, "0", 1, "%c", '0'); + DOTEST(1024, "A", 1, "%c", 'A'); + DOTEST(1024, "", 1, "%c", 0); + DOTEST(1024, "\010", 1, "%c", 8); + DOTEST(1024, "%", 1, "%%"); + DOTEST(1024, "0a", 2, "%02x", 0x0a); + DOTEST(1024, "bd", 2, "%02x", 0xbd); + DOTEST(1024, "12", 2, "%02ld", (long)12); + DOTEST(1024, "02", 2, "%02ld", (long)2); + DOTEST(1024, "02", 2, "%02u", (unsigned)2); + DOTEST(1024, "765432", 6, "%05u", (unsigned)765432); + DOTEST(1024, "10.234", 6, "%0.3f", 10.23421); + DOTEST(1024, "123456.234", 10, "%0.3f", 123456.23421); + DOTEST(1024, "123456789.234", 13, "%0.3f", 123456789.23421); + DOTEST(1024, "123456.23", 9, "%.2f", 123456.23421); + DOTEST(1024, "123456", 6, "%.0f", 123456.23421); + DOTEST(1024, "0123", 4, "%.4x", 0x0123); + DOTEST(1024, "00000123", 8, "%.8x", 0x0123); + DOTEST(1024, "ffeb0cde", 8, "%.8x", 0xffeb0cde); + DOTEST(1024, " 987654321", 10, "%10lu", (unsigned long)987654321); + DOTEST(1024, " 987654321", 12, "%12lu", (unsigned long)987654321); + DOTEST(1024, "987654321", 9, "%i", 987654321); + DOTEST(1024, "-87654321", 9, "%i", -87654321); + DOTEST(1024, "hello ", 16, "%-16s", "hello"); + DOTEST(1024, " ", 16, "%-16s", ""); + DOTEST(1024, "a ", 16, "%-16s", "a"); + DOTEST(1024, "foobarfoobar ", 16, "%-16s", "foobarfoobar"); + DOTEST(1024, "foobarfoobarfoobar", 18, "%-16s", "foobarfoobarfoobar"); + + /* combined expressions */ + DOTEST(1024, "foo 1.0 size 512 edns", 21, + "foo %s size %d %s%s", "1.0", 512, "", "edns"); + DOTEST(15, "foo 1.0 size 5", 21, + "foo %s size %d %s%s", "1.0", 512, "", "edns"); + DOTEST(1024, "packet 1203ceff id", 18, + "packet %2.2x%2.2x%2.2x%2.2x id", 0x12, 0x03, 0xce, 0xff); + DOTEST(1024, "/tmp/testbound_123abcd.tmp", 26, "/tmp/testbound_%u%s%s.tmp", 123, "ab", "cd"); + + return 0; +} +#endif /* SNPRINTF_TEST */ diff --git a/zonemaster-ldns/ldns/compat/strlcpy.c b/zonemaster-ldns/ldns/compat/strlcpy.c new file mode 100644 index 0000000..d6c34c1 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/strlcpy.c @@ -0,0 +1,57 @@ +/* from openssh 4.3p2 compat/strlcpy.c */ +/* + * Copyright (c) 1998 Todd C. Miller + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + +/* OPENBSD ORIGINAL: lib/libc/string/strlcpy.c */ + +#include +#ifndef HAVE_STRLCPY + +#include +#include + +/* + * Copy src to string dst of size siz. At most siz-1 characters + * will be copied. Always NUL terminates (unless siz == 0). + * Returns strlen(src); if retval >= siz, truncation occurred. + */ +size_t +strlcpy(char *dst, const char *src, size_t siz) +{ + char *d = dst; + const char *s = src; + size_t n = siz; + + /* Copy as many bytes as will fit */ + if (n != 0 && --n != 0) { + do { + if ((*d++ = *s++) == 0) + break; + } while (--n != 0); + } + + /* Not enough room in dst, add NUL and traverse rest of src */ + if (n == 0) { + if (siz != 0) + *d = '\0'; /* NUL-terminate dst */ + while (*s++) + ; + } + + return(s - src - 1); /* count does not include NUL */ +} + +#endif /* !HAVE_STRLCPY */ diff --git a/zonemaster-ldns/ldns/compat/timegm.c b/zonemaster-ldns/ldns/compat/timegm.c new file mode 100644 index 0000000..97e1e54 --- /dev/null +++ b/zonemaster-ldns/ldns/compat/timegm.c @@ -0,0 +1,31 @@ +#ifdef HAVE_CONFIG_H +#include +#endif + +#include + +#ifdef HAVE_STDLIB_H +#include +#endif + +#include + +time_t +timegm (struct tm *tm) { + time_t ret; + char *tz; + + tz = getenv("TZ"); + putenv((char*)"TZ="); + tzset(); + ret = mktime(tm); + if (tz) { + char buf[256]; + snprintf(buf, sizeof(buf), "TZ=%s", tz); + putenv(tz); + } + else + putenv((char*)"TZ"); + tzset(); + return ret; +} diff --git a/zonemaster-ldns/ldns/configure.ac b/zonemaster-ldns/ldns/configure.ac new file mode 100644 index 0000000..9bf9823 --- /dev/null +++ b/zonemaster-ldns/ldns/configure.ac @@ -0,0 +1,1234 @@ +# -*- Autoconf -*- +# Process this file with autoconf to produce a configure script. +AC_PREREQ([2.71]) +sinclude(acx_nlnetlabs.m4) + +# must be numbers. ac_defun because of later processing. +m4_define([VERSION_MAJOR],[1]) +m4_define([VERSION_MINOR],[8]) +m4_define([VERSION_MICRO],[4]) +AC_INIT([ldns],m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),[dns-team@nlnetlabs.nl],[libdns]) +AC_CONFIG_SRCDIR([packet.c]) +# needed to build correct soname +AC_SUBST(LDNS_VERSION_MAJOR, [VERSION_MAJOR]) +AC_SUBST(LDNS_VERSION_MINOR, [VERSION_MINOR]) +AC_SUBST(LDNS_VERSION_MICRO, [VERSION_MICRO]) + +# Library version +# --------------- +# current:revision:age +# (binary-api-number):(which-binary-api-version):(how-many-nrs-backwardscompat) +# if source code changes increment revision +# if any interfaces have been added/removed/changed since last update then +# increment current and set revision to 0 +# if any interfaces have been added since the last public release then increment age +# if any interfaces have been removed or changed since the last public release then +# set age to 0 +# +# ldns-1.6.17 and before had a .so with version same as VERSION_INFO +# ldns-1.7.0 had libversion 2:0:0 +# ldns-1.7.1 had libversion 3:0:0 (though it should have had 3:0:1) +# ldns-1.8.0 had libversion 4:0:2 (though it should have had 4:0:1) +# ldns-1.8.1 had libversion 5:0:2 +# ldns-1.8.1 had libversion 6:0:3 +# ldns-1.8.2 had libversion 7:0:4 +# ldns-1.8.3 has libversion 8:0:5 +# +AC_SUBST(VERSION_INFO, [9:0:6]) + +AC_USE_SYSTEM_EXTENSIONS +if test "$ac_cv_header_minix_config_h" = "yes"; then + AC_DEFINE(_NETBSD_SOURCE,1, [Enable for compile on Minix]) +fi +LT_INIT +AC_CONFIG_MACRO_DIR([m4]) + +OURCPPFLAGS='' +CPPFLAGS=${CPPFLAGS:-${OURCPPFLAGS}} +CFLAGS="$CFLAGS" + +# Checks for programs. +AC_PROG_CC +ACX_DEPFLAG +AC_PROG_MAKE_SET + +# Extra (sp)lint flags for NetBSD +AC_CANONICAL_HOST +case "$host_os" in + netbsd*) LINTFLAGS="'-D__RENAME(x)=' -D_NETINET_IN_H_ $LINTFLAGS" + ;; + *) LINTFLAGS="$LINTFLAGS" + ;; +esac +AC_SUBST(LINTFLAGS) + +AC_DEFINE(WINVER, 0x0502, [the version of the windows API enabled]) + +ACX_CHECK_COMPILER_FLAG(std=c99, [C99FLAG="-std=c99"]) +ACX_CHECK_COMPILER_FLAG(xc99, [C99FLAG="-xc99"]) + +# routine to copy files +# argument 1 is a list of files (relative to the source dir) +# argument 2 is a destination directory (relative to the current +# working directory +AC_DEFUN([COPY_FILES], +[ +for file in $1; do + sh $srcdir/install-sh -m 644 $file $2 +done +]) + +# copy all .h files in the dir at argument 1 +# (relative to source) to the dir at argument 2 +# (relative to current dir) +AC_DEFUN([COPY_HEADER_FILES], +[ +echo "copying header files" +COPY_FILES($srcdir/$1/*.h, $2) +]) + +# Checks for typedefs, structures, and compiler characteristics. +AC_C_CONST +AC_LANG([C]) +if test "x$CFLAGS" = "x" ; then +ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="-g"]) +ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="-O2 $CFLAGS"]) +fi +ACX_CHECK_COMPILER_FLAG(Wall, [CFLAGS="-Wall $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(W, [CFLAGS="-W $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(Wwrite-strings, [CFLAGS="-Wwrite-strings $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(Wstrict-prototypes, [CFLAGS="-Wstrict-prototypes $CFLAGS"]) +#ACX_CHECK_COMPILER_FLAG(Wshadow, [CFLAGS="-Wshadow $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(Wunused-function, [CFLAGS="-Wunused-function $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(Wmissing-prototypes, [CFLAGS="-Wmissing-prototypes $CFLAGS"]) +ACX_CHECK_COMPILER_FLAG(fno-strict-aliasing, [CFLAGS="-fno-strict-aliasing $CFLAGS"]) + +AC_CHECK_HEADERS([getopt.h time.h],,, [AC_INCLUDES_DEFAULT]) + +# MinGW32 tests +AC_CHECK_HEADERS([winsock2.h ws2tcpip.h],,, [AC_INCLUDES_DEFAULT]) +# end mingw32 tests + +# Check for Apple header. This uncovers TARGET_OS_IPHONE, TARGET_OS_TV or TARGET_OS_WATCH +AC_CHECK_HEADERS([TargetConditionals.h]) + +ACX_DETERMINE_EXT_FLAGS_UNBOUND + +AC_C_INLINE +AC_CHECK_TYPE(int8_t, char) +AC_CHECK_TYPE(int16_t, short) +AC_CHECK_TYPE(int32_t, int) +AC_CHECK_TYPE(int64_t, long long) +AC_CHECK_TYPE(uint8_t, unsigned char) +AC_CHECK_TYPE(uint16_t, unsigned short) +AC_CHECK_TYPE(uint32_t, unsigned int) +AC_CHECK_TYPE(uint64_t, unsigned long long) + +# my own checks +AC_CHECK_PROG(doxygen, doxygen, doxygen) + +# check to see if libraries are needed for these functions. +AC_CHECK_FUNC([socket], + [], + [AC_SEARCH_LIBS([socket], [socket]) +]) + +# modern Linux provides inet_ntop in -lsocket. +# modern OS X provides inet_ntop in -lc. +# modern Solaris provides inet_ntop in -lsocket -lnsl. +# older Solaris provides inet_ntop in -lresolv. +# Windows provides inet_ntop in -lws2_32. +AC_CHECK_FUNC([inet_ntop], + [], + [AC_SEARCH_LIBS([inet_ntop], [socket c nsl resolv ws2_32], [ac_cv_func_inet_ntop=yes]) +]) + +# modern Linux provides inet_pton in -lsocket. +# modern OS X provides inet_pton in -lc. +# modern Solaris provides inet_pton in -lsocket -lnsl. +# older Solaris provides inet_pton in -lresolv. +# Windows provides inet_pton in -lws2_32. +AC_CHECK_FUNC([inet_pton], + [], + [AC_SEARCH_LIBS([inet_pton], [socket c nsl resolv ws2_32], [ac_cv_func_inet_pton=yes]) +]) + +AC_ARG_WITH(drill, AS_HELP_STRING([--with-drill],[Also build drill.]), + [],[with_drill="no"]) +if test x_$with_drill != x_no ; then + AC_SUBST(DRILL,[drill]) + AC_SUBST(INSTALL_DRILL,[install-drill]) + AC_SUBST(UNINSTALL_DRILL,[uninstall-drill]) + AC_SUBST(CLEAN_DRILL,[clean-drill]) + AC_SUBST(LINT_DRILL,[lint-drill]) + if test -e $srcdir/drill/config.h -o -e drill/config.h ; then + AC_MSG_ERROR([ +A config.h was detected in the drill subdirectory. +This does not work with the --with-drill option. +Please remove the config.h from the drill subdirectory +or do not use the --with-drill option.]) + fi +else + AC_SUBST(DRILL,[""]) + AC_SUBST(INSTALL_DRILL,[""]) + AC_SUBST(UNINSTALL_DRILL,[""]) + AC_SUBST(CLEAN_DRILL,[""]) + AC_SUBST(LINT_DRILL,[""]) +fi + + +AC_ARG_WITH(examples, AS_HELP_STRING([--with-examples],[Also build examples.]), + [],[with_examples="no"]) +if test x_$with_examples != x_no ; then + AC_SUBST(EXAMPLES,[examples]) + AC_SUBST(INSTALL_EXAMPLES,[install-examples]) + AC_SUBST(UNINSTALL_EXAMPLES,[uninstall-examples]) + AC_SUBST(CLEAN_EXAMPLES,[clean-examples]) + AC_SUBST(LINT_EXAMPLES,[lint-examples]) + if test -e $srcdir/examples/config.h -o -e examples/config.h ; then + AC_MSG_ERROR([ +A config.h was detected in the examples subdirectory. +This does not work with the --with-examples option. +Please remove the config.h from the examples subdirectory +or do not use the --with-examples option.]) + fi +else + AC_SUBST(EXAMPLES,[""]) + AC_SUBST(INSTALL_EXAMPLES,[""]) + AC_SUBST(UNINSTALL_EXAMPLES,[""]) + AC_SUBST(CLEAN_EXAMPLES,[""]) + AC_SUBST(LINT_EXAMPLES,[""]) +fi + +# add option to disable installation of ldns-config script +AC_ARG_ENABLE(ldns-config, AS_HELP_STRING([--disable-ldns-config],[disable installation of ldns-config (default=enabled)]), + enable_ldns_config=$enableval, enable_ldns_config=yes) +if test "x$enable_ldns_config" = xyes; then + AC_SUBST(INSTALL_CONFIG, [install-config]) + AC_SUBST(INSTALL_CONFIG_MANPAGE, [install-config-manpage]) + AC_SUBST(UNINSTALL_CONFIG, [uninstall-config]) + AC_SUBST(UNINSTALL_CONFIG_MANPAGE, [uninstall-config-manpage]) +else + AC_SUBST(INSTALL_CONFIG, [""]) + AC_SUBST(INSTALL_CONFIG_MANPAGE, [""]) + AC_SUBST(UNINSTALL_CONFIG, [""]) + AC_SUBST(UNINSTALL_CONFIG_MANPAGE, [""]) +fi + +# add option to disable library printing to stderr +AC_ARG_ENABLE(stderr-msgs, AS_HELP_STRING([--enable-stderr-msgs],[Enable printing to stderr (default=disabled)]), enable_stderr_msgs=$enableval, enable_stderr_msgs=no) +case "$enable_stderr_msgs" in + no) dnl default + ;; + *) + AC_DEFINE_UNQUOTED([STDERR_MSGS], [1], [Define this to enable messages to stderr.]) + ;; +esac + +AX_HAVE_POLL( + [AX_CONFIG_FEATURE_ENABLE(poll)], + [AX_CONFIG_FEATURE_DISABLE(poll)]) +AX_CONFIG_FEATURE( + [poll], [This platform supports poll(7)], + [HAVE_POLL], [This platform supports poll(7).]) + +# check for python +PYTHON_X_CFLAGS="" +ldns_with_pyldns=no +ldns_with_pyldnsx=no +AC_ARG_WITH(pyldns, AS_HELP_STRING([--with-pyldns],[generate python library, or --without-pyldns to disable Python support.]), + [],[ withval="no" ]) +ldns_have_python=no +if test x_$withval != x_no; then + sinclude(ax_python_devel.m4) + ac_save_LIBS="$LIBS" dnl otherwise AC_PYTHON_DEVEL thrashes $LIBS + + AX_PYTHON_DEVEL([>= '2.4.0']) + if test ! -z "$ac_python_version"; then + ldns_have_python=yes + fi + + # pass additional Python 3 option to SWIG + if test `$PYTHON -c "import sys; \ + ver = sys.version.split()[[0]]; \ + print(ver >= '3')"` = "True"; then + AC_SUBST(SWIGPY3, ["-py3 -DPY3"]) + fi + + # check for SWIG + if test x_$ldns_have_python != x_no; then + sinclude(ax_pkg_swig.m4) + + # check for >=SWIG-2.0.4 if Python 3.2 used + if test `$PYTHON -c "import sys; \ + ver = sys.version.split()[[0]]; \ + print(ver >= '3.2')"` = "True"; then + AX_PKG_SWIG(2.0.4, [], [AC_MSG_ERROR([SWIG-2.0.4 is required to build pyldns for Python 3.2 and greater.])]) + else + AX_PKG_SWIG + fi + + if test ! -x "$SWIG"; then + AC_MSG_ERROR([failed to find SWIG tool, install it, or do not build pyldns]) + else + AC_DEFINE(HAVE_SWIG,1,[Define if you have SWIG libraries and header files.]) + AC_SUBST(PYLDNS, "pyldns") + AC_SUBST(swig, "$SWIG") + ldns_with_pyldns=yes + fi + else + AC_MSG_RESULT([*** don't have Python, skipping SWIG, no pyldns ***]) # ' + fi + + # xtra cflags for pyldns + if test x_$ldns_have_python != x_no; then + ACX_CHECK_COMPILER_FLAG(fno-strict-aliasing, [PYTHON_X_CFLAGS="-fno-strict-aliasing"]) + ACX_CHECK_COMPILER_FLAG(Wno-missing-field-initializers, [PYTHON_X_CFLAGS="-Wno-missing-field-initializers $PYTHON_X_CFLAGS"]) + ACX_CHECK_COMPILER_FLAG(Wno-unused-parameter, [PYTHON_X_CFLAGS="-Wno-unused-parameter $PYTHON_X_CFLAGS"]) + ACX_CHECK_COMPILER_FLAG(Wno-unused-variable, [PYTHON_X_CFLAGS="-Wno-unused-variable $PYTHON_X_CFLAGS"]) + fi +fi +AC_SUBST(PYTHON_X_CFLAGS) + +# Check for pyldnsx +AC_ARG_WITH(pyldnsx, AS_HELP_STRING([--without-pyldnsx],[Do not install the ldnsx python module, or --with-pyldnsx to install it.]), + [],[ withval="with_pyldns" ]) +if test x_$withval != x_no; then + if test x_$ldns_with_pyldns != x_no; then + AC_SUBST(PYLDNSX, "pyldnsx") + ldns_with_pyldnsx=yes + else + if test x_$withval != x_with_pyldns; then + AC_MSG_ERROR([--with-pyldns is needed for the ldnsx python module]) + fi + fi +fi + +if test x_$ldns_with_pyldns != x_no; then + AC_SUBST(PYLDNSINST, "install-pyldns")dnl + AC_SUBST(PYLDNSUNINST, "uninstall-pyldns") +else + AC_SUBST(PYLDNSINST, "")dnl + AC_SUBST(PYLDNSUNINST, "") +fi +if test x_$ldns_with_pyldnsx != x_no; then + AC_SUBST(PYLDNSXINST, "install-pyldnsx")dnl + AC_SUBST(PYLDNSXUNINST, "uninstall-pyldnsx") +else + AC_SUBST(PYLDNSXINST, "")dnl + AC_SUBST(PYLDNSXUNINST, "") +fi + +# check for perl +ldns_with_p5_dns_ldns=no +AC_ARG_WITH(p5-dns-ldns, AS_HELP_STRING([--with-p5-dns-ldns],[generate DNS::LDNS perl bindings]), + [],[ withval="no" ]) +ldns_have_perl=no +if test x_$withval != x_no; then + AC_PATH_PROG([PERL], [perl]) + if test -z "$PERL"; then + AC_MSG_ERROR([Cannot find perl in your system path]) + fi + AC_SUBST(P5_DNS_LDNS, "p5-dns-ldns")dnl + AC_SUBST(TEST_P5_DNS_LDNS, "test-p5-dns-ldns")dnl + AC_SUBST(INSTALL_P5_DNS_LDNS, "install-p5-dns-ldns")dnl + AC_SUBST(UNINSTALL_P5_DNS_LDNS, "uninstall-p5-dns-ldns")dnl + AC_SUBST(CLEAN_P5_DNS_LDNS, "clean-p5-dns-ldns") +else + AC_SUBST(P5_DNS_LDNS, "")dnl + AC_SUBST(TEST_P5_DNS_LDNS, "")dnl + AC_SUBST(INSTALL_P5_DNS_LDNS, "")dnl + AC_SUBST(UNINSTALL_P5_DNS_LDNS, "")dnl + AC_SUBST(CLEAN_P5_DNS_LDNS, "") +fi + +# Use libtool +ACX_LIBTOOL_C_ONLY + +tmp_CPPFLAGS=$CPPFLAGS +tmp_LDFLAGS=$LDFLAGS +tmp_LIBS=$LIBS + +ACX_WITH_SSL_OPTIONAL +AC_MSG_CHECKING([for LibreSSL]) +if grep VERSION_TEXT $ssldir/include/openssl/opensslv.h | grep "LibreSSL" >/dev/null; then + AC_MSG_RESULT([yes]) + AC_DEFINE([HAVE_LIBRESSL], [1], [Define if we have LibreSSL]) +else + AC_MSG_RESULT([no]) +fi +AC_CHECK_HEADERS([openssl/ssl.h openssl/evp.h openssl/engine.h openssl/conf.h]) +AC_CHECK_FUNCS([EVP_sha256 EVP_sha384 EVP_sha512 EVP_PKEY_keygen ECDSA_SIG_get0 EVP_MD_CTX_new DSA_SIG_set0 DSA_SIG_get0 EVP_dss1 DSA_get0_pqg DSA_get0_key EVP_cleanup ENGINE_cleanup ENGINE_free CRYPTO_cleanup_all_ex_data ERR_free_strings CONF_modules_unload OPENSSL_init_ssl OPENSSL_init_crypto ERR_load_crypto_strings CRYPTO_memcmp EVP_PKEY_get_base_id]) +AC_CHECK_DECLS([EVP_PKEY_base_id], [ + AC_DEFINE_UNQUOTED([HAVE_EVP_PKEY_BASE_ID], [1], [Define to 1 if you have the EVP_PKEY_base_id function or macro.]) +], [], [AC_INCLUDES_DEFAULT +#include +]) +AC_MSG_CHECKING([Checking for OpenSSL >= 3.0.0]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#include +#if OPENSSL_VERSION_MAJOR >= 3 +#define SOMETHING +#else +This fails compiling. +So either no OpenSSL at all (the include already failed), or the version < 3.0.0 +#endif +], [ +])], [ + AC_MSG_RESULT(yes) + CFLAGS="-DOPENSSL_API_COMPAT=10100 $CFLAGS" +], [ AC_MSG_RESULT(no) +]) + + +# for macosx, see if glibtool exists and use that +# BSD's need to know the version... +#AC_CHECK_PROG(glibtool, glibtool, [glibtool], ) +#AC_CHECK_PROGS(libtool, [libtool15 libtool], [./libtool]) + +AC_ARG_ENABLE(sha2, AS_HELP_STRING([--disable-sha2],[Disable SHA256 and SHA512 RRSIG support])) +case "$enable_sha2" in + no) + ;; + yes|*) + if test "x$HAVE_SSL" != "xyes"; then + AC_MSG_ERROR([SHA2 enabled, but no SSL support]) + fi + AC_MSG_CHECKING(for SHA256 and SHA512) + AC_CHECK_FUNC(SHA256_Init, [], [ + AC_MSG_ERROR([No SHA2 functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-sha2]) + ]) + AC_DEFINE_UNQUOTED([USE_SHA2], [1], [Define this to enable SHA256 and SHA512 support.]) + ;; +esac + +# check whether gost also works +AC_DEFUN([AC_CHECK_GOST_WORKS], +[AC_REQUIRE([AC_PROG_CC]) +AC_MSG_CHECKING([if GOST works]) +if test c${cross_compiling} = cno; then +BAKCFLAGS="$CFLAGS" +if test -n "$ssldir"; then + if test ! -d "$ssldir/lib" -a -d "$ssldir/lib64"; then + CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib64" + else + CFLAGS="$CFLAGS -Wl,-rpath,$ssldir/lib" + fi +fi +AC_RUN_IFELSE([AC_LANG_SOURCE([[ +#include +#ifdef HAVE_OPENSSL_SSL_H +#include +#endif +#ifdef HAVE_OPENSSL_EVP_H +#include +#endif +#ifdef HAVE_OPENSSL_ENGINE_H +#include +#endif +#ifdef HAVE_OPENSSL_CONF_H +#include +#endif +/* routine to load gost (from sldns) */ +int load_gost_id(void) +{ + static int gost_id = 0; + const EVP_PKEY_ASN1_METHOD* meth; + ENGINE* e; + + if(gost_id) return gost_id; + + /* see if configuration loaded gost implementation from other engine*/ + meth = EVP_PKEY_asn1_find_str(NULL, "gost2001", -1); + if(meth) { + EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); + return gost_id; + } + + /* see if engine can be loaded already */ + e = ENGINE_by_id("gost"); + if(!e) { + /* load it ourself, in case statically linked */ + ENGINE_load_builtin_engines(); + ENGINE_load_dynamic(); + e = ENGINE_by_id("gost"); + } + if(!e) { + /* no gost engine in openssl */ + return 0; + } + if(!ENGINE_set_default(e, ENGINE_METHOD_ALL)) { + ENGINE_finish(e); + ENGINE_free(e); + return 0; + } + + meth = EVP_PKEY_asn1_find_str(&e, "gost2001", -1); + if(!meth) { + /* algo not found */ + ENGINE_finish(e); + ENGINE_free(e); + return 0; + } + EVP_PKEY_asn1_get0_info(&gost_id, NULL, NULL, NULL, NULL, meth); + return gost_id; +} +int main(void) { + EVP_MD_CTX* ctx; + const EVP_MD* md; + unsigned char digest[64]; /* its a 256-bit digest, so uses 32 bytes */ + const char* str = "Hello world"; + const unsigned char check[] = { + 0x40 , 0xed , 0xf8 , 0x56 , 0x5a , 0xc5 , 0x36 , 0xe1 , + 0x33 , 0x7c , 0x7e , 0x87 , 0x62 , 0x1c , 0x42 , 0xe0 , + 0x17 , 0x1b , 0x5e , 0xce , 0xa8 , 0x46 , 0x65 , 0x4d , + 0x8d , 0x3e , 0x22 , 0x9b , 0xe1 , 0x30 , 0x19 , 0x9d + }; + OPENSSL_config(NULL); + (void)load_gost_id(); + md = EVP_get_digestbyname("md_gost94"); + if(!md) return 1; + memset(digest, 0, sizeof(digest)); + ctx = EVP_MD_CTX_create(); + if(!ctx) return 2; + if(!EVP_DigestInit_ex(ctx, md, NULL)) return 3; + if(!EVP_DigestUpdate(ctx, str, 10)) return 4; + if(!EVP_DigestFinal_ex(ctx, digest, NULL)) return 5; + /* uncomment to see the hash calculated. + {int i; + for(i=0; i<32; i++) + printf(" %2.2x", (int)digest[i]); + printf("\n");} + */ + if(memcmp(digest, check, sizeof(check)) != 0) + return 6; + return 0; +} +]])] , [eval "ac_cv_c_gost_works=yes"], [eval "ac_cv_c_gost_works=no"]) +CFLAGS="$BAKCFLAGS" +else +eval "ac_cv_c_gost_works=maybe" +fi +])dnl + +AC_ARG_ENABLE(gost, AS_HELP_STRING([--disable-gost],[Disable GOST support])) +case "$enable_gost" in + no) + ;; + *) dnl default + if test "x$HAVE_SSL" != "xyes"; then + AC_MSG_ERROR([GOST enabled, but no SSL support]) + fi + AC_MSG_CHECKING(for GOST) + AC_CHECK_FUNC(EVP_PKEY_set_type_str, [],[AC_MSG_ERROR([OpenSSL >= 1.0.0 is needed for GOST support or rerun with --disable-gost])]) + AC_CHECK_FUNC(EC_KEY_new, [], [AC_MSG_ERROR([No ECC functions found in OpenSSL: please upgrade OpenSSL or rerun with --disable-gost])]) + AC_CHECK_GOST_WORKS + AC_ARG_ENABLE(gost-anyway, AS_HELP_STRING([--enable-gost-anyway],[Enable GOST even without a GOST engine installed])) + if test "$ac_cv_c_gost_works" != "no" -o "$enable_gost_anyway" = "yes"; then + if test "$ac_cv_c_gost_works" = "no"; then + AC_MSG_RESULT([no, but compiling with GOST support anyway]) + else + AC_MSG_RESULT([yes]) + fi + use_gost="yes" + AC_DEFINE([USE_GOST], [1], [Define this to enable GOST support.]) + else + AC_MSG_RESULT([no]) + AC_MSG_WARN([Gost support does not work because the engine is missing.]) + AC_MSG_WARN([Install gost-engine first or use the --enable-gost-anyway to compile with GOST support anyway]) + AC_MSG_WARN([See also https://github.com/gost-engine/engine/wiki for information about gost-engine]) + fi + ;; +esac + +AC_ARG_ENABLE(ecdsa, AS_HELP_STRING([--disable-ecdsa],[Disable ECDSA support])) +case "$enable_ecdsa" in + no) + ;; + *) dnl default + if test "x$HAVE_SSL" != "xyes"; then + AC_MSG_ERROR([ECDSA enabled, but no SSL support]) + fi + AC_CHECK_FUNC(ECDSA_sign, [], [AC_MSG_ERROR([OpenSSL does not support ECDSA: please upgrade OpenSSL or rerun with --disable-ecdsa])]) + AC_CHECK_FUNC(SHA384_Init, [], [AC_MSG_ERROR([OpenSSL does not support SHA384: please upgrade OpenSSL or rerun with --disable-ecdsa])]) + AC_CHECK_DECLS([NID_X9_62_prime256v1, NID_secp384r1], [], [AC_MSG_ERROR([OpenSSL does not support the ECDSA curves: please upgrade OpenSSL or rerun with --disable-ecdsa])], [AC_INCLUDES_DEFAULT +#include + ]) + # we now know we have ECDSA and the required curves. + AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.]) + ;; +esac + +AC_ARG_ENABLE(dsa, AS_HELP_STRING([--disable-dsa],[Disable DSA support])) +case "$enable_dsa" in + no) + AC_SUBST(ldns_build_config_use_dsa, 0) + ;; + *) dnl default + # detect if DSA is supported, and turn it off if not. + AC_CHECK_FUNC(DSA_SIG_new, [ + AC_DEFINE_UNQUOTED([USE_DSA], [1], [Define this to enable DSA support.]) + AC_SUBST(ldns_build_config_use_dsa, 1) + ], [if test "x$enable_dsa" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support DSA and you used --enable-dsa.]) + fi + AC_SUBST(ldns_build_config_use_dsa, 0)]) + ;; +esac + +AC_ARG_ENABLE(ed25519, AS_HELP_STRING([--disable-ed25519],[Disable (experimental) ED25519 support. Default is detect])) +case "$enable_ed25519" in + no) + AC_SUBST(ldns_build_config_use_ed25519, 0) + ;; + *) dnl default + AC_CHECK_DECLS([NID_ED25519], [ + AC_DEFINE_UNQUOTED([USE_ED25519], [1], [Define this to enable ED25519 support.]) + AC_SUBST(ldns_build_config_use_ed25519, 1) + ], [if test "x$enable_ed25519" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED25519 and you used --enable-ed25519.]) + fi + AC_SUBST(ldns_build_config_use_ed25519, 0)], [AC_INCLUDES_DEFAULT +#include + ]) + ;; +esac + +AC_ARG_ENABLE(ed448, AS_HELP_STRING([--disable-ed448],[Disable (experimental) ED448 support. Default is detect])) +case "$enable_ed448" in + no) + AC_SUBST(ldns_build_config_use_ed448, 0) + ;; + *) dnl default + AC_CHECK_DECLS([NID_ED448], [ + AC_DEFINE_UNQUOTED([USE_ED448], [1], [Define this to enable ED448 support.]) + AC_SUBST(ldns_build_config_use_ed448, 1) + ], [if test "x$enable_ed448" = "xyes"; then AC_MSG_ERROR([OpenSSL does not support ED448 and you used --enable-ed448.]) + fi + AC_SUBST(ldns_build_config_use_ed448, 0)], [AC_INCLUDES_DEFAULT +#include + ]) + ;; +esac + +AC_ARG_ENABLE(dane, AS_HELP_STRING([--disable-dane],[Disable DANE support])) +AC_ARG_ENABLE(dane-verify, AS_HELP_STRING([--disable-dane-verify],[Disable DANE verify support])) +AC_ARG_ENABLE(dane-ta-usage, AS_HELP_STRING([--disable-dane-ta-usage],[Disable DANE-TA usage type support])) + +AC_ARG_ENABLE(full-dane,, [ + enable_dane_ta_usage=yes + enable_dane_verify=yes + enable_dane=yes +]) +AC_ARG_ENABLE(no-dane-ta-usage,, [ + enable_dane_ta_usage=no + enable_dane_verify=yes + enable_dane=yes +]) +AC_ARG_ENABLE(no-dane-verify,, [ + enable_dane_ta_usage=no + enable_dane_verify=no + enable_dane=yes +]) +case "$enable_dane" in + no) + AC_SUBST(ldns_build_config_use_dane, 0) + AC_SUBST(ldns_build_config_use_dane_verify, 0) + AC_SUBST(ldns_build_config_use_dane_ta_usage, 0) + ;; + *) dnl default + if test "x$HAVE_SSL" != "xyes"; then + AC_MSG_ERROR([DANE enabled, but no SSL support]) + fi + AC_CHECK_FUNC(X509_check_ca, [], [AC_MSG_ERROR([OpenSSL does not support DANE: please upgrade OpenSSL or rerun with --disable-dane])]) + AC_SUBST(ldns_build_config_use_dane, 1) + AC_DEFINE_UNQUOTED([USE_DANE], [1], [Define this to enable DANE support.]) + case "$enable_dane_verify" in + no) + AC_SUBST(ldns_build_config_use_dane_verify, 0) + AC_SUBST(ldns_build_config_use_dane_ta_usage, 0) + ;; + *) + AC_SUBST(ldns_build_config_use_dane_verify, 1) + AC_DEFINE_UNQUOTED([USE_DANE_VERIFY], [1], [Define this to enable DANE verify support.]) + case "$enable_dane_ta_usage" in + no) + AC_SUBST(ldns_build_config_use_dane_ta_usage, 0) + ;; + *) dnl default + danetmpLIBS="$LIBS" + LIBS="-lssl -lcrypto $LIBS" + AC_CHECK_FUNC(SSL_get0_dane, [], [AC_MSG_ERROR([OpenSSL does not support offline DANE verification (Needed for the DANE-TA usage type). Please upgrade OpenSSL to version >= 1.1.0 or rerun with --disable-dane-verify or --disable-dane-ta-usage])]) + LIBSSL_LIBS="-lssl $LIBSSL_LIBS" + LIBS="$danetmpLIBS" + AC_SUBST(ldns_build_config_use_dane_ta_usage, 1) + AC_DEFINE_UNQUOTED([USE_DANE_TA_USAGE], [1], [Define this to enable DANE-TA usage type support.]) + ;; + esac + esac + ;; +esac + +AC_ARG_ENABLE(rrtype-ninfo, AS_HELP_STRING([--enable-rrtype-ninfo],[Enable draft RR type ninfo.])) +case "$enable_rrtype_ninfo" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_NINFO], [], [Define this to enable RR type NINFO.]) + ;; + no|*) + ;; +esac +AC_ARG_ENABLE(rrtype-rkey, AS_HELP_STRING([--enable-rrtype-rkey],[Enable draft RR type rkey.])) +case "$enable_rrtype_rkey" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_RKEY], [], [Define this to enable RR type RKEY.]) + ;; + no|*) + ;; +esac +AC_ARG_ENABLE(rrtype-openpgpkey, AS_HELP_STRING([--disable-rrtype-openpgpkey],[Disable openpgpkey RR type.])) +case "$enable_rrtype_openpgpkey" in + no) + ;; + yes|*) + AC_DEFINE_UNQUOTED([RRTYPE_OPENPGPKEY], [], [Define this to enable RR type OPENPGPKEY.]) + ;; +esac +AC_ARG_ENABLE(rrtype-ta, AS_HELP_STRING([--enable-rrtype-ta],[Enable draft RR type ta.])) +case "$enable_rrtype_ta" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_TA], [], [Define this to enable RR type TA.]) + ;; + no|*) + ;; +esac +AC_ARG_ENABLE(rrtype-avc, AS_HELP_STRING([--enable-rrtype-avc],[Enable draft RR type avc.])) +case "$enable_rrtype_avc" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_AVC], [], [Define this to enable RR type AVC.]) + ;; + no|*) + ;; +esac +AC_ARG_ENABLE(rrtype-doa, AS_HELP_STRING([--enable-rrtype-doa],[Enable draft RR type DOA.])) +case "$enable_rrtype_doa" in + yes) + AC_DEFINE_UNQUOTED([RRTYPE_DOA], [], [Define this to enable RR type DOA.]) + ;; + no|*) + ;; +esac +AC_ARG_ENABLE(rrtype-amtrelay, AS_HELP_STRING([--disable-rrtype-amtrelay],[Disable RR type AMTRELAY.])) +case "$enable_rrtype_amtrelay" in + no) + ;; + yes|*) + AC_DEFINE_UNQUOTED([RRTYPE_AMTRELAY], [], [Define this to enable RR type AMTRELAY.]) + ;; +esac +AC_ARG_ENABLE(rrtype-svcb-https, AS_HELP_STRING([--disable-rrtype-svcb-https],[Disable RR types SVCB and HTTPS.])) +case "$enable_rrtype_svcb_https" in + no) + ;; + yes|*) + AC_DEFINE_UNQUOTED([RRTYPE_SVCB_HTTPS], [], [Define this to enable RR types SVCB and HTTPS.]) + ;; +esac +AC_ARG_ENABLE(rrtype-resinfo, AS_HELP_STRING([--enable-rrtype-resinfo],[Disable RR type RESINFO.])) +case "$enable_rrtype_resinfo" in + no) + ;; + yes|*) + AC_DEFINE_UNQUOTED([RRTYPE_RESINFO], [], [Define this to enable RR type RESINFO.]) + ;; +esac + + +if echo "$tmp_LIBS" | grep "ws2_32" >/dev/null; then + if echo "$LIBSSL_LIBS" | grep "ws2_32" >/dev/null; then + # only need it once. + LIBSSL_LIBS=`echo "$LIBSSL_LIBS" | sed -e 's/ -lws2_32//' -e 's/^-lws2_32//'` + fi +fi + +AC_SUBST(LIBSSL_CPPFLAGS) +AC_SUBST(LIBSSL_LDFLAGS) +AC_SUBST(LIBSSL_LIBS) +if test "x$HAVE_SSL" = "xyes"; then + if echo "$LIBSSL_LIBS" | grep -- "-lssl" >/dev/null 2>&1; then + LIBSSL_SSL_LIBS="$LIBSSL_LIBS" + else + LIBSSL_SSL_LIBS="-lssl $LIBSSL_LIBS" + fi + AC_SUBST(LIBSSL_SSL_LIBS, "$LIBSSL_SSL_LIBS") +fi +CPPFLAGS=$tmp_CPPFLAGS +LDFLAGS=$tmp_LDFLAGS +LIBS=$tmp_LIBS + + +# add option to disable the evil rpath +ACX_ARG_RPATH + +#AC_RUN_IFELSE([AC_LANG_SOURCE( +#[ +#int main() +#{ +#short one = 1; +#char *cp = (char*)&one; +#if ( *cp == 0 ) +#return(0); +#else +#return(1); +#} +#])], [],[ +#AC_DEFINE(CONFCHECK_LITTLE_ENDIAN, 1, [system appears to be little-endian]) +#],[]) + +# should define WORDS_BIGENDIAN if the system is big-endian +AC_C_BIGENDIAN + +# Checks for header files. +m4_warn([obsolete], +[The preprocessor macro `STDC_HEADERS' is obsolete. + Except in unusual embedded environments, you can safely include all + ISO C90 headers unconditionally.])dnl +# Autoupdate added the next two lines to ensure that your configure +# script's behavior did not change. They are probably safe to remove. +AC_CHECK_INCLUDES_DEFAULT +AC_PROG_EGREP + +AC_HEADER_STDBOOL +#AC_HEADER_SYS_WAIT +#AC_CHECK_HEADERS([getopt.h fcntl.h stdlib.h string.h strings.h unistd.h]) +# do the very minimum - we can always extend this +AC_CHECK_HEADERS([getopt.h stdarg.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS(sys/param.h sys/mount.h,,, +[AC_INCLUDES_DEFAULT + [ + #if HAVE_SYS_PARAM_H + # include + #endif + ] +]) +AC_CHECK_HEADER(sys/socket.h, +[ +include_sys_socket_h='#include ' +AC_DEFINE(HAVE_SYS_SOCKET_H, 1, [define if you have sys/socket.h]) +],[ +include_sys_socket_h='' +],[AC_INCLUDES_DEFAULT + [ + #if HAVE_SYS_PARAM_H + # include + #endif + ] +]) +AC_SUBST(include_sys_socket_h) +AC_CHECK_HEADER(inttypes.h, +[ +include_inttypes_h='#include ' +AC_DEFINE(HAVE_INTTYPES_H, 1, [define if you have inttypes.h]) +AC_SUBST(ldns_build_config_have_inttypes_h, 1) +],[ +include_inttypes_h='' +AC_SUBST(ldns_build_config_have_inttypes_h, 0) +],[AC_INCLUDES_DEFAULT +]) +AC_SUBST(include_inttypes_h) +AC_CHECK_HEADER(sys/types.h, +[ +include_systypes_h='#include ' +AC_DEFINE(HAVE_SYS_TYPES_H, 1, [define if you have sys/types.h]) +],[ +include_systypes_h='' +],[AC_INCLUDES_DEFAULT +]) +AC_SUBST(include_systypes_h) +AC_CHECK_HEADER(unistd.h, +[ +include_unistd_h='#include ' +AC_DEFINE(HAVE_UNISTD_H, 1, [define if you have unistd.h]) +],[ +include_unistd_h='' +],[AC_INCLUDES_DEFAULT +]) +AC_SUBST(include_unistd_h) + +AC_CHECK_SIZEOF(time_t,,[ +AC_INCLUDES_DEFAULT +#ifdef TIME_WITH_SYS_TIME +# include +# include +#else +# ifdef HAVE_SYS_TIME_H +# include +# else +# include +# endif +#endif +]) + +if test x_$with_examples != x_no; then +AC_CHECK_HEADERS([pcap.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_LIB(pcap, pcap_open_offline, [ + AC_DEFINE([HAVE_LIBPCAP], [1], [Define to 1 if you have the `pcap' library (-lpcap).])dnl` + AC_SUBST([LIBPCAP_LIBS], [-lpcap]) + ], [ + AC_MSG_WARN([Can't find pcap library (needed for ldns-dpa, will not build dpa now.)])dnl' + AC_SUBST([LIBPCAP_LIBS], []) + ] +) +AC_CHECK_HEADERS([netinet/in_systm.h net/if.h netinet/ip.h netinet/udp.h netinet/igmp.h netinet/if_ether.h netinet/ip6.h net/ethernet.h netinet/ip_compat.h],,, [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NET_IF_H +#include +#endif]) +fi + +ACX_TYPE_SOCKLEN_T +if test "x$ac_cv_type_socklen_t" = xyes; then + AC_SUBST(ldns_build_config_have_socklen_t, 1) +else + AC_SUBST(ldns_build_config_have_socklen_t, 0) +fi +AC_TYPE_SIZE_T +AC_CHECK_TYPE(ssize_t, int) +dnl AC_TYPE_INTPTR_T does not work on all platforms (autoconf) +AC_CHECK_TYPE(intptr_t, size_t) +AC_CHECK_TYPE(in_addr_t, [], [AC_DEFINE([in_addr_t], [uint32_t], [in_addr_t])], [ +#if HAVE_SYS_TYPES_H +# include +#endif +#if HAVE_NETINET_IN_H +# include +#endif]) +AC_CHECK_TYPE(in_port_t, [], [AC_DEFINE([in_port_t], [uint16_t], [in_port_t])], [ +#if HAVE_SYS_TYPES_H +# include +#endif +#if HAVE_NETINET_IN_H +# include +#endif]) +ACX_CHECK_SS_FAMILY + +AC_CHECK_DECLS([inet_pton,inet_ntop], [], [], [ +AC_INCLUDES_DEFAULT +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_NETINET_TCP_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#ifdef HAVE_WINSOCK2_H +#include +#endif + +#ifdef HAVE_WS2TCPIP_H +#include +#endif +]) + +# AC_FUNC_MALLOC suffers false failures and causes Asan failures. +# AC_FUNC_MALLOC +# AC_FUNC_REALLOC + +AC_REPLACE_FUNCS(b64_pton) +AC_REPLACE_FUNCS(b64_ntop) +AC_REPLACE_FUNCS(calloc) +AC_REPLACE_FUNCS(timegm) +AC_REPLACE_FUNCS(gmtime_r) +AC_REPLACE_FUNCS(asctime_r) +AC_REPLACE_FUNCS(ctime_r) +AC_REPLACE_FUNCS(localtime_r) +AC_REPLACE_FUNCS(isblank) +AC_REPLACE_FUNCS(isascii) +AC_REPLACE_FUNCS(inet_aton) +AC_REPLACE_FUNCS(inet_pton) +AC_REPLACE_FUNCS(inet_ntop) +AC_REPLACE_FUNCS(snprintf) +AC_REPLACE_FUNCS(strlcpy) +AC_REPLACE_FUNCS(memmove) +AC_FUNC_FORK +AC_MSG_CHECKING([compile of fork]) +AC_COMPILE_IFELSE([AC_LANG_PROGRAM([ +#include +], [ + (void)fork(); +])], [ + AC_MSG_RESULT(yes) + AC_DEFINE([HAVE_FORK_AVAILABLE], 1, [if fork is available for compile]) +], [ AC_MSG_RESULT(no) +]) +AC_CHECK_FUNCS([endprotoent endservent sleep random fcntl strtoul bzero memset b32_ntop b32_pton symlink]) +if test "x$HAVE_B32_NTOP" = "xyes"; then + AC_SUBST(ldns_build_config_have_b32_ntop, 1) +else + AC_SUBST(ldns_build_config_have_b32_ntop, 0) +fi +if test "x$HAVE_B32_PTON" = "xyes"; then + AC_SUBST(ldns_build_config_have_b32_pton, 1) +else + AC_SUBST(ldns_build_config_have_b32_pton, 0) +fi + +ACX_CHECK_GETADDRINFO_WITH_INCLUDES +if test $ac_cv_func_getaddrinfo = no; then + AC_LIBOBJ([fake-rfc2553]) +fi +if test "$USE_WINSOCK" = 1; then + AC_CHECK_TOOL(WINDRES, windres) +fi +ACX_FUNC_IOCTLSOCKET + +#AC_SEARCH_LIBS(RSA_new, [crypto]) + +ACX_CHECK_FORMAT_ATTRIBUTE +ACX_CHECK_UNUSED_ATTRIBUTE + +AC_ARG_WITH(xcode-sdk, AS_HELP_STRING([--with-xcode-sdk],[Set xcode SDK version. Default is autodetect]), + [],[with_xcode_sdk="yes"]) +if test "x_$with_xcode_sdk" != "x_no" ; then + # check OSX deployment target, if needed + if echo $target_os | grep darwin > /dev/null; then + sdk_p=`xcode-select -print-path`; + if test "x_$with_xcode_sdk" = "x_yes" ; then + sdk_v="$( /usr/bin/xcrun --show-sdk-version 2>/dev/null )" + else + sdk_v="$with_xcode_sdk" + fi + # xcrun only got that option in 10.7 + if test -z "$sdk_v" ; then + sdk_c="10.6" + sdk_v="10.6" + fi + SYSROOT="$( find ${sdk_p} -name MacOSX${sdk_v}.sdk )" + case $sdk_v in + 10.9|10.8) sdk_c="10.7";; + 10.11|10.10|*) sdk_c="10.10";; + esac + export MACOSX_DEPLOYMENT_TARGET="${sdk_c}"; + export CFLAGS="$CFLAGS -mmacosx-version-min=${sdk_c} -isysroot ${SYSROOT}" + fi +fi + +AC_DEFINE([SYSCONFDIR], [sysconfdir], [System configuration dir]) + +AC_ARG_WITH(trust-anchor, AS_HELP_STRING([--with-trust-anchor=KEYFILE],[Default location of the trust anchor file for drill and ldns-dane. [default=SYSCONFDIR/unbound/root.key]]), [ + AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["$withval"]) + AC_MSG_NOTICE([Default trust anchor: $withval]) +],[ + AC_SUBST([LDNS_TRUST_ANCHOR_FILE], ["\$(sysconfdir)/unbound/root.key"]) +]) + +AC_ARG_WITH(ca-file, AS_HELP_STRING([--with-ca-file=CAFILE],[File containing CA certificates for ldns-dane]), [ + AC_DEFINE([HAVE_DANE_CA_FILE], [1], [Is a CAFILE given at configure time]) + AC_DEFINE_UNQUOTED([LDNS_DANE_CA_FILE], ["$withval"], [Is a CAFILE given at configure time]) + AC_MSG_NOTICE([Using CAfile: $withval]) + AC_SUBST(DEFAULT_CAFILE, ["Default is $withval"]) +],[ + AC_DEFINE([HAVE_DANE_CA_FILE], [0], [Is a CAFILE given at configure time]) + AC_SUBST(DEFAULT_CAFILE, []) +]) + +AC_ARG_WITH(ca-path, AS_HELP_STRING([--with-ca-path=CAPATH],[Directory containing CA certificate files for ldns-dane]), [ + AC_DEFINE([HAVE_DANE_CA_PATH], [1], [Is a CAPATH given at configure time]) + AC_DEFINE_UNQUOTED([LDNS_DANE_CA_PATH], ["$withval"], [Is a CAPATH given at configure time]) + AC_MSG_NOTICE([Using CApath: $withval]) + AC_SUBST(DEFAULT_CAPATH, ["Default is $withval"]) +],[ + AC_DEFINE([HAVE_DANE_CA_PATH], [0], [Is a CAPATH given at configure time]) + AC_SUBST(DEFAULT_CAPATH, []) +]) + +AH_BOTTOM([ +#include +#include +#include +#include + +#ifndef LITTLE_ENDIAN +#define LITTLE_ENDIAN 1234 +#endif + +#ifndef BIG_ENDIAN +#define BIG_ENDIAN 4321 +#endif + +#ifndef BYTE_ORDER +#ifdef WORDS_BIGENDIAN +#define BYTE_ORDER BIG_ENDIAN +#else +#define BYTE_ORDER LITTLE_ENDIAN +#endif /* WORDS_BIGENDIAN */ +#endif /* BYTE_ORDER */ + +#if STDC_HEADERS +#include +#include +#endif + +#ifdef HAVE_STDINT_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#ifdef HAVE_WINSOCK2_H +#include +#endif + +#ifdef HAVE_WS2TCPIP_H +#include +#endif +] +AHX_CONFIG_W32_FD_SET_T +) + +AH_BOTTOM([ +#ifdef __cplusplus +extern "C" { +#endif + +int ldns_b64_ntop(uint8_t const *src, size_t srclength, + char *target, size_t targsize); +/** + * calculates the size needed to store the result of b64_ntop + */ +/*@unused@*/ +static inline size_t ldns_b64_ntop_calculate_size(size_t srcsize) +{ + return ((((srcsize + 2) / 3) * 4) + 1); +} +int ldns_b64_pton(char const *src, uint8_t *target, size_t targsize); +/** + * calculates the size needed to store the result of ldns_b64_pton + */ +/*@unused@*/ +static inline size_t ldns_b64_pton_calculate_size(size_t srcsize) +{ + return (((((srcsize + 3) / 4) * 3)) + 1); +} + +/** + * Given in dnssec_zone.c, also used in dnssec_sign.c:w + + */ +int ldns_dname_compare_v(const void *a, const void *b); + +#ifndef HAVE_SLEEP +/* use windows sleep, in millisecs, instead */ +#define sleep(x) Sleep((x)*1000) +#endif + +#ifndef HAVE_RANDOM +#define srandom(x) srand(x) +#define random(x) rand(x) +#endif + +#ifndef HAVE_TIMEGM +#include +time_t timegm (struct tm *tm); +#endif /* !TIMEGM */ +#ifndef HAVE_GMTIME_R +struct tm *gmtime_r(const time_t *timep, struct tm *result); +#endif +#ifndef HAVE_ASCTIME_R +char *asctime_r(const struct tm *tm, char *buf); +#endif +#ifndef HAVE_LOCALTIME_R +struct tm *localtime_r(const time_t *timep, struct tm *result); +#endif +#ifndef HAVE_ISBLANK +int isblank(int c); +#endif /* !HAVE_ISBLANK */ +#ifndef HAVE_ISASCII +int isascii(int c); +#endif /* !HAVE_ISASCII */ +#ifndef HAVE_SNPRINTF +#include +int snprintf (char *str, size_t count, const char *fmt, ...); +int vsnprintf (char *str, size_t count, const char *fmt, va_list arg); +#endif /* HAVE_SNPRINTF */ +#if !defined(HAVE_INET_PTON) && !HAVE_DECL_INET_PTON +int inet_pton(int af, const char* src, void* dst); +#endif /* HAVE_INET_PTON */ +#if !defined(HAVE_INET_NTOP) && !HAVE_DECL_INET_NTOP +const char *inet_ntop(int af, const void *src, char *dst, size_t size); +#endif +#ifndef HAVE_INET_ATON +int inet_aton(const char *cp, struct in_addr *addr); +#endif +#ifndef HAVE_MEMMOVE +void *memmove(void *dest, const void *src, size_t n); +#endif +#ifndef HAVE_STRLCPY +size_t strlcpy(char *dst, const char *src, size_t siz); +#endif + +#ifdef USE_WINSOCK +#define SOCK_INVALID ((INT_PTR)INVALID_SOCKET) +#define close_socket(_s) do { if (_s != SOCK_INVALID) {closesocket(_s); _s = -1;} } while(0) +#else +#define SOCK_INVALID -1 +#define close_socket(_s) do { if (_s != SOCK_INVALID) {close(_s); _s = -1;} } while(0) +#endif + +#ifdef __cplusplus +} +#endif +#ifndef HAVE_GETADDRINFO +#include "compat/fake-rfc2553.h" +#endif +#ifndef HAVE_STRTOUL +#define strtoul (unsigned long)strtol +#endif +]) + +if test "x$HAVE_SSL" = "xyes"; then + AC_SUBST(ldns_build_config_have_ssl, 1) +else + AC_SUBST(ldns_build_config_have_ssl, 0) +fi +if test "x$ac_cv_c_format_attribute" = "xyes"; then + AC_SUBST(ldns_build_config_have_attr_format, 1) +else + AC_SUBST(ldns_build_config_have_attr_format, 0) +fi +if test "x$ac_cv_c_unused_attribute" = "xyes"; then + AC_SUBST(ldns_build_config_have_attr_unused, 1) +else + AC_SUBST(ldns_build_config_have_attr_unused, 0) +fi + +CONFIG_FILES="Makefile libdns.doxygen ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config" +AC_SUBST(CONFIG_FILES) +AC_CONFIG_FILES([$CONFIG_FILES]) + +AC_CONFIG_HEADERS([ldns/config.h]) +AC_OUTPUT +COPY_HEADER_FILES(ldns/, ldns/) + +dnl AC_CONFIG_SUBDIRS([drill]) diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/Changes b/zonemaster-ldns/ldns/contrib/DNS-LDNS/Changes new file mode 100644 index 0000000..fbdcb2e --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/Changes @@ -0,0 +1,53 @@ +Revision history for Perl extension DNS::LDNS. + +0.01 Thu Nov 22 12:48:29 2012 + - original version; created by h2xs 1.23 with options + -A -n LDNS + +0.02 Fri Jan 18 09:47:57 2013 + - Support for DNSSec and Resolver. Added some more constants from + the header files; created by h2xs 1.23 with options + -n LDNS /usr/include/ldns/ldns.h /usr/include/ldns/error.h /usr/include/ldns/rr.h /usr/include/ldns/keys.h /usr/include/ldns/packet.h /usr/include/ldns/resolver.h /usr/include/ldns/rdata.h /usr/include/ldns/dnssec.h + +0.03 Fri Apr 19 13:40:57 2013 + - Renamed module to Net::LDNS + +0.04 Fri Dec 13 14:15:26 2013 + - Renamed module to DNS::LDNS + +0.05 Mon Dec 30 10:14:00 2013 + - Corrected versioning variable in all classes. + - Cleaned up the base class documentation. + +0.06 Tue Dec 31 12:17:00 2013 + - Corrected pod syntax + +0.50 Sun Mar 30 11:05:23 2014 + - Added prev parameter to the DNS::LDNS::RR::new(str) constructor. + - Corrected DNS::LDNS::RR::new(file/filename) constructor. Added prev + parameter, changed the default_ttl and origin parameters to + references so they can return data back to the caller as intended. + Using the 'built-in' default values for ttl and origin, rather than + my own values. + - Corrected the DNS::LDNS::Zone::new() constructor. Corrected file + option for reading zone from stream. Using the 'built-in' default + values for ttl and origin, rather than my own values. + - Removed the $DNS::LDNS::DEFAULT_* variables, they proved to be less + useful after modifying the Zone and RR constructors. + - More robust Makefile.PL. Check for existence of ldns library + and perl modules required for the test suite. + +0.51 Wed Apr 2 09:12:00 2014 + - Added META.yml, and added some more package dependencies. + - Compatibility with ldns < 1.6.12. + +0.52 Tue May 5 09:13:00 2015 + - Fixed typo in META.yml + +0.60 Thu Dec 29 11:15:00 2016 + - Compatibility with ldns 1.7 + - Dist::zilla build management + +0.61 Fri Dec 30 14:32:00 2016 + - Bugfixes for ldns 1.7 compatibility + - Compatibility with perl 5.25 diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/LDNS.xs b/zonemaster-ldns/ldns/contrib/DNS-LDNS/LDNS.xs new file mode 100644 index 0000000..ad59144 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/LDNS.xs @@ -0,0 +1,3434 @@ +#include "EXTERN.h" +#include "perl.h" +#include "XSUB.h" + +#include "ppport.h" + +#include "ldns/ldns.h" +#include "ldns/error.h" +#include "ldns/rr.h" +#include "ldns/keys.h" +#include "ldns/dname.h" +#include "ldns/host2str.h" +#include "ldns/rdata.h" +#include "ldns/rbtree.h" +#include "ldns/resolver.h" +#include "ldns/packet.h" +#include "ldns/dnssec.h" + +#include "ldns/dnssec_zone.h" +#include "ldns/dnssec_verify.h" +#include "ldns/dnssec_sign.h" +#include "ldns/rr_functions.h" + +#if LDNS_REVISION < ((1<<16)|(6<<8)|(17)) + #define LDNS_RDF_TYPE_HIP LDNS_RDF_TYPE_TSIG +#endif + +#include "const-c.inc" + +typedef ldns_zone * DNS__LDNS__Zone; +typedef ldns_rr_list * DNS__LDNS__RRList; +typedef ldns_rr * DNS__LDNS__RR; +typedef ldns_rr * DNS__LDNS__RR__Opt; +typedef ldns_rdf * DNS__LDNS__RData; +typedef ldns_rdf * DNS__LDNS__RData__Opt; +typedef ldns_dnssec_zone * DNS__LDNS__DNSSecZone; +typedef ldns_dnssec_rrsets * DNS__LDNS__DNSSecRRSets; +typedef ldns_dnssec_rrs * DNS__LDNS__DNSSecRRs; +typedef ldns_dnssec_name * DNS__LDNS__DNSSecName; +typedef ldns_rbtree_t * DNS__LDNS__RBTree; +typedef ldns_rbnode_t * DNS__LDNS__RBNode; +typedef ldns_resolver * DNS__LDNS__Resolver; +typedef ldns_pkt * DNS__LDNS__Packet; +typedef ldns_key * DNS__LDNS__Key; +typedef ldns_key_list * DNS__LDNS__KeyList; +typedef ldns_dnssec_data_chain * DNS__LDNS__DNSSecDataChain; +typedef ldns_dnssec_trust_tree * DNS__LDNS__DNSSecTrustTree; +typedef const char * Mortal_PV; + +typedef ldns_pkt_opcode LDNS_Pkt_Opcode; +typedef ldns_pkt_rcode LDNS_Pkt_Rcode; +typedef ldns_pkt_section LDNS_Pkt_Section; +typedef ldns_pkt_type LDNS_Pkt_Type; +typedef ldns_rr_type LDNS_RR_Type; +typedef ldns_rr_class LDNS_RR_Class; +typedef ldns_rdf_type LDNS_RDF_Type; +typedef ldns_hash LDNS_Hash; +typedef ldns_status LDNS_Status; +typedef ldns_signing_algorithm LDNS_Signing_Algorithm; + +/* callback function used by the signing methods */ +int sign_policy(ldns_rr *sig, void *n) { + return *(uint16_t*)n; +} + +/* utility methods */ +void add_cloned_rrs_to_list(ldns_rr_list * list, ldns_rr_list * add) { + size_t count; + size_t i; + + count = ldns_rr_list_rr_count(add); + + for(i = 0; i < count; i++) { + ldns_rr_list_push_rr(list, ldns_rr_clone(ldns_rr_list_rr(add, i))); + } +} + + +#if LDNS_REVISION < ((1<<16)|(6<<8)|(12)) +ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree_time( + ldns_dnssec_data_chain *data_chain, + ldns_rr *rr, time_t check_time); +ldns_rr_list *ldns_fetch_valid_domain_keys_time(const ldns_resolver * res, + const ldns_rdf * domain, const ldns_rr_list * keys, + time_t check_time, ldns_status *status); +ldns_rr_list *ldns_validate_domain_dnskey_time( + const ldns_resolver *res, const ldns_rdf *domain, + const ldns_rr_list *keys, time_t check_time); +ldns_rr_list *ldns_validate_domain_ds_time( + const ldns_resolver *res, const ldns_rdf *domain, + const ldns_rr_list * keys, time_t check_time); +ldns_status ldns_verify_rrsig_keylist_time( + ldns_rr_list *rrset, ldns_rr *rrsig, + const ldns_rr_list *keys, time_t check_time, + ldns_rr_list *good_keys); +ldns_status ldns_verify_trusted_time( + ldns_resolver *res, ldns_rr_list *rrset, + ldns_rr_list *rrsigs, time_t check_time, + ldns_rr_list *validating_keys); +ldns_status ldns_verify_rrsig_time( + ldns_rr_list *rrset, ldns_rr *rrsig, + ldns_rr *key, time_t check_time); +ldns_status ldns_verify_time(ldns_rr_list *rrset, + ldns_rr_list *rrsig, + const ldns_rr_list *keys, + time_t check_time, + ldns_rr_list *good_keys); + +ldns_dnssec_trust_tree *ldns_dnssec_derive_trust_tree_time( + ldns_dnssec_data_chain *data_chain, + ldns_rr *rr, time_t check_time) { + Perl_croak(aTHX_ "function ldns_dnssec_derive_trust_tree_time is not implemented in this version of ldns"); +} + +ldns_rr_list *ldns_fetch_valid_domain_keys_time(const ldns_resolver * res, + const ldns_rdf * domain, const ldns_rr_list * keys, + time_t check_time, ldns_status *status) { + Perl_croak(aTHX_ "function ldns_fetch_valid_domain_keys_time is not implemented in this version of ldns"); +} + +ldns_rr_list *ldns_validate_domain_dnskey_time( + const ldns_resolver *res, const ldns_rdf *domain, + const ldns_rr_list *keys, time_t check_time) { + Perl_croak(aTHX_ "function ldns_validate_domain_dnskey_time is not implemented in this version of ldns"); +} + +ldns_rr_list *ldns_validate_domain_ds_time( + const ldns_resolver *res, const ldns_rdf *domain, + const ldns_rr_list * keys, time_t check_time) { + Perl_croak(aTHX_ "function ldns_validate_domain_ds_time is not implemented in this version of ldns"); +} + +ldns_status ldns_verify_rrsig_keylist_time( + ldns_rr_list *rrset, ldns_rr *rrsig, + const ldns_rr_list *keys, time_t check_time, + ldns_rr_list *good_keys) { + Perl_croak(aTHX_ "function ldns_verify_rrsig_keylist_time is not implemented in this version of ldns"); +} + +ldns_status ldns_verify_trusted_time( + ldns_resolver *res, ldns_rr_list *rrset, + ldns_rr_list *rrsigs, time_t check_time, + ldns_rr_list *validating_keys) { + Perl_croak(aTHX_ "function ldns_verify_trusted_time is not implemented in this version of ldns"); +} + +ldns_status ldns_verify_rrsig_time( + ldns_rr_list *rrset, ldns_rr *rrsig, + ldns_rr *key, time_t check_time) { + Perl_croak(aTHX_ "function ldns_verify_rrsig_time is not implemented in this version of ldns"); +} + +ldns_status ldns_verify_time(ldns_rr_list *rrset, + ldns_rr_list *rrsig, + const ldns_rr_list *keys, + time_t check_time, + ldns_rr_list *good_keys) { + Perl_croak(aTHX_ "function ldns_verify_time is not implemented in this version of ldns"); +} + +#endif + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS + +INCLUDE: const-xs.inc + +const char * +ldns_get_errorstr_by_id(s) + LDNS_Status s + ALIAS: + errorstr_by_id = 1 + +Mortal_PV +ldns_rr_type2str(type) + LDNS_RR_Type type; + ALIAS: + rr_type2str = 1 + +Mortal_PV +ldns_rr_class2str(class) + LDNS_RR_Class class; + ALIAS: + rr_class2str = 1 + +Mortal_PV +ldns_pkt_opcode2str(opcode) + LDNS_Pkt_Opcode opcode; + ALIAS: + pkt_opcode2str = 1 + +Mortal_PV +ldns_pkt_rcode2str(rcode) + LDNS_Pkt_Rcode rcode; + ALIAS: + pkt_rcode2str = 1 + +LDNS_RR_Type +ldns_get_rr_type_by_name(name) + char * name; + ALIAS: + rr_type_by_name = 1 + +LDNS_RR_Class +ldns_get_rr_class_by_name(name) + char * name; + ALIAS: + rr_class_by_name = 1 + +DNS__LDNS__RR +ldns_dnssec_create_nsec(from, to, nsec_type) + DNS__LDNS__DNSSecName from; + DNS__LDNS__DNSSecName to; + LDNS_RR_Type nsec_type; + ALIAS: + dnssec_create_nsec = 1 + +DNS__LDNS__RR +dnssec_create_nsec3(from, to, zone_name, algorithm, flags, iterations, salt) + DNS__LDNS__DNSSecName from; + DNS__LDNS__DNSSecName to; + DNS__LDNS__RData zone_name; + uint8_t algorithm; + uint8_t flags; + uint16_t iterations; + char * salt; + CODE: + RETVAL = ldns_dnssec_create_nsec3(from, to, zone_name, algorithm, flags, iterations, strlen(salt), (uint8_t*)salt); + OUTPUT: + RETVAL + +DNS__LDNS__RR +ldns_create_nsec(current, next, rrs) + DNS__LDNS__RData current; + DNS__LDNS__RData next; + DNS__LDNS__RRList rrs; + ALIAS: + create_nsec = 1 + +DNS__LDNS__RR +create_nsec3(cur_owner, cur_zone, rrs, algorithm, flags, iterations, salt, emptynonterminal) + DNS__LDNS__RData cur_owner; + DNS__LDNS__RData cur_zone; + DNS__LDNS__RRList rrs; + uint8_t algorithm; + uint8_t flags; + uint16_t iterations; + char * salt; + bool emptynonterminal; + CODE: + RETVAL = ldns_create_nsec3(cur_owner, cur_zone, rrs, algorithm, + flags, iterations, strlen(salt), (uint8_t*)salt, emptynonterminal); + OUTPUT: + RETVAL + +LDNS_Signing_Algorithm +ldns_get_signing_algorithm_by_name(name) + const char * name; + ALIAS: + signing_algorithm_by_name = 1 + +int +ldns_key_algo_supported(algorithm) + int algorithm; + ALIAS: + key_algorithm_supported = 1 + +DNS__LDNS__RR +ldns_read_anchor_file(filename) + char * filename; + ALIAS: + read_anchor_file = 1 + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::GC + +void +ldns_zone_deep_free(zone) + DNS__LDNS__Zone zone; + ALIAS: + _zone_deep_free = 1 + +void +ldns_rr_list_deep_free(list) + DNS__LDNS__RRList list; + ALIAS: + _rrlist_deep_free = 1 + +void +ldns_rr_free(rr) + DNS__LDNS__RR rr; + ALIAS: + _rr_free = 1 + +void +ldns_rdf_deep_free(rdf) + DNS__LDNS__RData rdf; + ALIAS: + _rdata_deep_free = 1 + +void +ldns_dnssec_zone_deep_free(zone) + DNS__LDNS__DNSSecZone zone; + ALIAS: + _dnssec_zone_deep_free = 1 + +void +ldns_dnssec_name_deep_free(name) + DNS__LDNS__DNSSecName name; + ALIAS: + _dnssec_name_deep_free = 1 + +void +ldns_resolver_deep_free(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + _resolver_deep_free = 1 + +void +ldns_pkt_free(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + _packet_free = 1 + +void +ldns_key_deep_free(key) + DNS__LDNS__Key key; + ALIAS: + _key_deep_free = 1 + +void +ldns_key_list_free(keylist) + DNS__LDNS__KeyList keylist; + ALIAS: + _keylist_free = 1 + +void +ldns_dnssec_data_chain_deep_free(chain) + DNS__LDNS__DNSSecDataChain chain; + ALIAS: + _dnssec_datachain_deep_free = 1 + +void +ldns_dnssec_trust_tree_free(tree) + DNS__LDNS__DNSSecTrustTree tree; + ALIAS: + _dnssec_trusttree_free = 1 + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::Zone + +PROTOTYPES: ENABLE + +DNS__LDNS__Zone +ldns_zone_new() + ALIAS: + _new = 1 + +DNS__LDNS__Zone +_new_from_file(fp, origin, ttl, c, s, line_nr) + FILE* fp; + DNS__LDNS__RData__Opt origin; + uint32_t ttl; + LDNS_RR_Class c; + LDNS_Status s; + int line_nr; + PREINIT: + ldns_zone *z; + CODE: + if (ttl == 0) { ttl = 0; } + RETVAL = NULL; + s = ldns_zone_new_frm_fp_l(&z, fp, origin, ttl, c, &line_nr); + + if (s == LDNS_STATUS_OK) { + RETVAL = z; + } + + OUTPUT: + RETVAL + s + line_nr + +void +print(zone, fp) + DNS__LDNS__Zone zone; + FILE* fp; + CODE: + ldns_zone_print(fp, zone); + +void +canonicalize(zone) + DNS__LDNS__Zone zone; + PREINIT: + ldns_rr_list *list; + size_t count; + size_t i; + CODE: + list = ldns_zone_rrs(zone); + count = ldns_rr_list_rr_count(list); + + ldns_rr2canonical(ldns_zone_soa(zone)); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(zone), i)); + } + +void +ldns_zone_sort(zone) + DNS__LDNS__Zone zone; + ALIAS: + sort = 1 + +DNS__LDNS__RR +ldns_zone_soa(zone) + DNS__LDNS__Zone zone; + ALIAS: + _soa = 1 + +void +ldns_zone_set_soa(zone, soa) + DNS__LDNS__Zone zone; + DNS__LDNS__RR soa; + ALIAS: + _set_soa = 1 + +DNS__LDNS__RRList +ldns_zone_rrs(zone) + DNS__LDNS__Zone zone; + ALIAS: + _rrs = 1 + +void +ldns_zone_set_rrs(zone, list) + DNS__LDNS__Zone zone; + DNS__LDNS__RRList list; + ALIAS: + _set_rrs = 1 + +DNS__LDNS__Zone +ldns_zone_sign(zone, keylist) + DNS__LDNS__Zone zone; + DNS__LDNS__KeyList keylist; + ALIAS: + sign = 1 + +DNS__LDNS__Zone +sign_nsec3(zone, keylist, algorithm, flags, iterations, salt) + DNS__LDNS__Zone zone; + DNS__LDNS__KeyList keylist; + uint8_t algorithm; + uint8_t flags; + uint16_t iterations; + unsigned char * salt; + CODE: + RETVAL = ldns_zone_sign_nsec3(zone, keylist, algorithm, flags, iterations, strlen(salt), (uint8_t*)salt); + OUTPUT: + RETVAL + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::RRList + +PROTOTYPES: ENABLE + +DNS__LDNS__RRList +ldns_rr_list_new() + ALIAS: + _new = 1 + +DNS__LDNS__RRList +_new_hosts_from_file(fp, line_nr) + FILE * fp; + int line_nr; + CODE: + RETVAL = ldns_get_rr_list_hosts_frm_fp_l(fp, &line_nr); + OUTPUT: + RETVAL + +DNS__LDNS__RRList +ldns_rr_list_clone(list) + DNS__LDNS__RRList list; + ALIAS: + clone = 1 + +void +print(list, fp) + DNS__LDNS__RRList list; + FILE* fp; + CODE: + ldns_rr_list_print(fp, list); + +Mortal_PV +ldns_rr_list2str(list) + DNS__LDNS__RRList list; + ALIAS: + to_string = 1 + +DNS__LDNS__RR +ldns_rr_list_rr(list, i) + DNS__LDNS__RRList list; + size_t i; + ALIAS: + _rr = 1 + +DNS__LDNS__RR +ldns_rr_list_pop_rr(list) + DNS__LDNS__RRList list; + ALIAS: + pop = 1 + +bool +ldns_rr_list_push_rr(list, rr) + DNS__LDNS__RRList list; + DNS__LDNS__RR rr; + ALIAS: + _push = 1 + +size_t +ldns_rr_list_rr_count(list) + DNS__LDNS__RRList list; + ALIAS: + rr_count = 1 + +int +ldns_rr_list_compare(list, otherlist) + DNS__LDNS__RRList list; + DNS__LDNS__RRList otherlist; + ALIAS: + compare = 1 + +DNS__LDNS__RRList +ldns_rr_list_subtype_by_rdf(list, rdf, pos) + DNS__LDNS__RRList list; + DNS__LDNS__RData rdf; + size_t pos; + ALIAS: + subtype_by_rdata = 1 + +DNS__LDNS__RRList +ldns_rr_list_pop_rrset(list) + DNS__LDNS__RRList list; + ALIAS: + pop_rrset = 1 + +bool +ldns_is_rrset(list) + DNS__LDNS__RRList list; + ALIAS: + is_rrset = 1 + +bool +ldns_rr_list_contains_rr(list, rr) + DNS__LDNS__RRList list; + DNS__LDNS__RR rr; + ALIAS: + contains_rr = 1 + +DNS__LDNS__RRList +ldns_rr_list_pop_rr_list(list, count) + DNS__LDNS__RRList list; + size_t count; + ALIAS: + pop_list = 1 + +bool +_push_list(list, otherlist) + DNS__LDNS__RRList list; + DNS__LDNS__RRList otherlist; + PREINIT: + bool ret; + CODE: + ret = ldns_rr_list_push_rr_list(list, otherlist); + if (ret) { + ldns_rr_list_free(otherlist); + } + OUTPUT: + RETVAL + +LDNS_Status +_verify_rrsig_keylist(rrset, rrsig, keys, good_keys) + DNS__LDNS__RRList rrset; + DNS__LDNS__RR rrsig; + DNS__LDNS__RRList keys; + DNS__LDNS__RRList good_keys; + PREINIT: + DNS__LDNS__RRList gk; + CODE: + gk = ldns_rr_list_new(); + RETVAL = ldns_verify_rrsig_keylist(rrset, rrsig, keys, good_keys); + add_cloned_rrs_to_list(good_keys, gk); + ldns_rr_list_free(gk); + OUTPUT: + RETVAL + +LDNS_Status +_verify_rrsig_keylist_time(rrset, rrsig, keys, check_time, good_keys) + DNS__LDNS__RRList rrset; + DNS__LDNS__RR rrsig; + DNS__LDNS__RRList keys; + time_t check_time; + DNS__LDNS__RRList good_keys; + PREINIT: + DNS__LDNS__RRList gk; + CODE: + gk = ldns_rr_list_new(); + RETVAL = ldns_verify_rrsig_keylist_time( + rrset, rrsig, keys, check_time, good_keys); + add_cloned_rrs_to_list(good_keys, gk); + ldns_rr_list_free(gk); + OUTPUT: + RETVAL + +LDNS_Status +_verify_rrsig_keylist_notime(rrset, rrsig, keys, good_keys) + DNS__LDNS__RRList rrset; + DNS__LDNS__RR rrsig; + DNS__LDNS__RRList keys; + DNS__LDNS__RRList good_keys; + PREINIT: + DNS__LDNS__RRList gk; + CODE: + gk = ldns_rr_list_new(); + RETVAL = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, NULL); + add_cloned_rrs_to_list(good_keys, gk); + ldns_rr_list_free(gk); + OUTPUT: + RETVAL + +LDNS_Status +ldns_verify_rrsig(rrset, rrsig, key) + DNS__LDNS__RRList rrset; + DNS__LDNS__RR rrsig; + DNS__LDNS__RR key; + ALIAS: + _verify_rrsig = 1 + +LDNS_Status +ldns_verify_rrsig_time(rrset, rrsig, key, check_time) + DNS__LDNS__RRList rrset; + DNS__LDNS__RR rrsig; + DNS__LDNS__RR key; + time_t check_time; + ALIAS: + _verify_rrsig_time = 1 + +LDNS_Status +_verify(rrset, rrsig, keys, good_keys) + DNS__LDNS__RRList rrset; + DNS__LDNS__RRList rrsig; + DNS__LDNS__RRList keys; + DNS__LDNS__RRList good_keys; + PREINIT: + DNS__LDNS__RRList gk; + CODE: + gk = ldns_rr_list_new(); + RETVAL = ldns_verify(rrset, rrsig, keys, gk); + add_cloned_rrs_to_list(good_keys, gk); + ldns_rr_list_free(gk); + OUTPUT: + RETVAL + +LDNS_Status +_verify_time(rrset, rrsig, keys, check_time, good_keys) + DNS__LDNS__RRList rrset; + DNS__LDNS__RRList rrsig; + DNS__LDNS__RRList keys; + time_t check_time; + DNS__LDNS__RRList good_keys; + PREINIT: + DNS__LDNS__RRList gk; + CODE: + gk = ldns_rr_list_new(); + RETVAL = ldns_verify_time(rrset, rrsig, keys, check_time, gk); + add_cloned_rrs_to_list(good_keys, gk); + ldns_rr_list_free(gk); + OUTPUT: + RETVAL + +LDNS_Status +_verify_notime(rrset, rrsig, keys, good_keys) + DNS__LDNS__RRList rrset; + DNS__LDNS__RRList rrsig; + DNS__LDNS__RRList keys; + DNS__LDNS__RRList good_keys; + PREINIT: + DNS__LDNS__RRList gk; + CODE: + gk = ldns_rr_list_new(); + RETVAL = ldns_verify_notime(rrset, rrsig, keys, gk); + add_cloned_rrs_to_list(good_keys, gk); + ldns_rr_list_free(gk); + OUTPUT: + RETVAL + +DNS__LDNS__RR +ldns_create_empty_rrsig(rrset, current_key) + DNS__LDNS__RRList rrset; + DNS__LDNS__Key current_key; + ALIAS: + create_empty_rrsig = 1 + +DNS__LDNS__RRList +ldns_sign_public(rrset, keys) + DNS__LDNS__RRList rrset; + DNS__LDNS__KeyList keys; + ALIAS: + sign_public = 1 + +void +ldns_rr_list_sort(list) + DNS__LDNS__RRList list; + ALIAS: + sort = 1 + +void +ldns_rr_list_sort_nsec3(list) + DNS__LDNS__RRList list; + ALIAS: + sort_nsec3 = 1 + +void +ldns_rr_list2canonical(list) + DNS__LDNS__RRList list; + ALIAS: + canonicalize = 1 + +DNS__LDNS__RR +ldns_dnssec_get_dnskey_for_rrsig(rr, rrlist) + DNS__LDNS__RR rr; + DNS__LDNS__RRList rrlist; + ALIAS: + _get_dnskey_for_rrsig = 1 + +DNS__LDNS__RR +ldns_dnssec_get_rrsig_for_name_and_type(name, type, rrsigs) + DNS__LDNS__RData name; + LDNS_RR_Type type; + DNS__LDNS__RRList rrsigs; + ALIAS: + _get_rrsig_for_name_and_type = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::RR + +PROTOTYPES: ENABLE + +DNS__LDNS__RR +ldns_rr_new() + ALIAS: + _new = 1 + +DNS__LDNS__RR +ldns_rr_new_frm_type(t) + LDNS_RR_Type t; + ALIAS: + _new_from_type = 1 + +DNS__LDNS__RR +_new_from_str(str, default_ttl, origin, prev, s) + const char* str; + uint32_t default_ttl; + DNS__LDNS__RData__Opt origin; + DNS__LDNS__RData__Opt prev; + LDNS_Status s; + PREINIT: + DNS__LDNS__RR rr = NULL; + ldns_rdf *pclone = NULL; + CODE: + + if (prev != NULL) { + pclone = ldns_rdf_clone(prev); + } + + s = ldns_rr_new_frm_str(&rr, str, default_ttl, origin, &prev); + if (prev != NULL) { + prev = pclone; + } + + if (s == LDNS_STATUS_OK) { + RETVAL = rr; + } + OUTPUT: + RETVAL + s + prev + +DNS__LDNS__RR +_new_from_file(fp, default_ttl, origin, prev, s, line_nr) + FILE* fp; + uint32_t default_ttl; + DNS__LDNS__RData__Opt origin; + DNS__LDNS__RData__Opt prev; + LDNS_Status s; + int line_nr; + PREINIT: + ldns_rr *rr; + ldns_rdf *oclone = NULL; + ldns_rdf *pclone = NULL; + CODE: + + /* Must clone origin and prev because new_frm_fp_l may change + them and may not (we do not know for certain). The perl layer + will take care of freeing the old structs. */ + if (origin != NULL) { + oclone = ldns_rdf_clone(origin); + } + if (prev != NULL) { + pclone = ldns_rdf_clone(prev); + } + + RETVAL = NULL; + s = ldns_rr_new_frm_fp_l(&rr, fp, &default_ttl, &oclone, &pclone, + &line_nr); + + /* Replace the input origin with our new clone. The perl layer will + take care of freeing it later. */ + if (origin != NULL) { + origin = oclone; + } + if (prev != NULL) { + prev = pclone; + } + + if (s == LDNS_STATUS_OK) { + RETVAL = rr; + } + + OUTPUT: + RETVAL + s + line_nr + default_ttl + origin + prev + +DNS__LDNS__RR +ldns_rr_clone(rr) + DNS__LDNS__RR rr; + ALIAS: + clone = 1 + +void +ldns_rr_set_owner(rr, owner) + DNS__LDNS__RR rr; + DNS__LDNS__RData owner; + ALIAS: + _set_owner = 1 + +void +ldns_rr_set_ttl(rr, ttl) + DNS__LDNS__RR rr; + uint32_t ttl; + ALIAS: + set_ttl = 1 + +void +ldns_rr_set_type(rr, type) + DNS__LDNS__RR rr; + LDNS_RR_Type type; + ALIAS: + set_type = 1 + +void +ldns_rr_set_class(rr, class) + DNS__LDNS__RR rr; + LDNS_RR_Class class; + ALIAS: + set_class = 1 + +void +print(rr, fp) + DNS__LDNS__RR rr; + FILE* fp; + CODE: + ldns_rr_print(fp, rr); + +Mortal_PV +ldns_rr2str(rr) + DNS__LDNS__RR rr; + ALIAS: + to_string = 1 + +int +ldns_rr_compare(rr, otherrr) + DNS__LDNS__RR rr; + DNS__LDNS__RR otherrr; + ALIAS: + compare = 1 + +int +ldns_rr_compare_no_rdata(rr, otherrr) + DNS__LDNS__RR rr; + DNS__LDNS__RR otherrr; + ALIAS: + compare_no_rdata = 1 + +int +ldns_rr_compare_ds(rr, otherrr) + DNS__LDNS__RR rr; + DNS__LDNS__RR otherrr; + ALIAS: + compare_ds = 1 + +int +compare_dname(rr, otherrr) + DNS__LDNS__RR rr; + DNS__LDNS__RR otherrr; + CODE: + RETVAL = ldns_dname_compare( + ldns_rr_owner(rr), ldns_rr_owner(otherrr)); + OUTPUT: + RETVAL + +DNS__LDNS__RData +ldns_rr_owner(rr) + DNS__LDNS__RR rr; + ALIAS: + _owner = 1 + +size_t +ldns_rr_rd_count(rr); + DNS__LDNS__RR rr; + ALIAS: + rd_count = 1 + +DNS__LDNS__RData +ldns_rr_rdf(rr, i) + DNS__LDNS__RR rr; + size_t i; + ALIAS: + _rdata = 1 + +DNS__LDNS__RData +ldns_rr_set_rdf(rr, rdf, i) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + size_t i; + ALIAS: + _set_rdata = 1 + +uint32_t +ldns_rr_ttl(rr) + DNS__LDNS__RR rr; + ALIAS: + ttl = 1 + +LDNS_RR_Class +ldns_rr_get_class(rr) + DNS__LDNS__RR rr; + ALIAS: + class = 1 + +LDNS_RR_Type +ldns_rr_get_type(rr) + DNS__LDNS__RR rr; + ALIAS: + type = 1 + +DNS__LDNS__RData +ldns_rr_pop_rdf(rr) + DNS__LDNS__RR rr; + ALIAS: + pop_rdata = 1 + +bool +ldns_rr_push_rdf(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _push_rdata = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_typecovered(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_typecovered = 1 + +bool +ldns_rr_rrsig_set_typecovered(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_typecovered = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_algorithm(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_algorithm = 1 + +bool +ldns_rr_rrsig_set_algorithm(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_algorithm = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_expiration(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_expiration = 1 + +bool +ldns_rr_rrsig_set_expiration(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_expiration = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_inception(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_inception = 1 + +bool +ldns_rr_rrsig_set_inception(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_inception = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_keytag(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_keytag = 1 + +bool +ldns_rr_rrsig_set_keytag(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_keytag = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_sig(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_sig = 1 + +bool +ldns_rr_rrsig_set_sig(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_sig = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_labels(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_labels = 1 + +bool +ldns_rr_rrsig_set_labels(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_labels = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_origttl(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_origttl = 1 + +bool +ldns_rr_rrsig_set_origttl(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_origttl = 1 + +DNS__LDNS__RData +ldns_rr_rrsig_signame(rr) + DNS__LDNS__RR rr; + ALIAS: + _rrsig_signame = 1 + +bool +ldns_rr_rrsig_set_signame(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _rrsig_set_signame = 1 + +DNS__LDNS__RData +ldns_rr_dnskey_algorithm(rr) + DNS__LDNS__RR rr; + ALIAS: + _dnskey_algorithm = 1 + +bool +ldns_rr_dnskey_set_algorithm(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _dnskey_set_algorithm = 1 + +DNS__LDNS__RData +ldns_rr_dnskey_flags(rr) + DNS__LDNS__RR rr; + ALIAS: + _dnskey_flags = 1 + +bool +ldns_rr_dnskey_set_flags(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _dnskey_set_flags = 1 + +DNS__LDNS__RData +ldns_rr_dnskey_protocol(rr) + DNS__LDNS__RR rr; + ALIAS: + _dnskey_protocol = 1 + +bool +ldns_rr_dnskey_set_protocol(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _dnskey_set_protocol = 1 + +DNS__LDNS__RData +ldns_rr_dnskey_key(rr) + DNS__LDNS__RR rr; + ALIAS: + _dnskey_key = 1 + +bool +ldns_rr_dnskey_set_key(rr, rdf) + DNS__LDNS__RR rr; + DNS__LDNS__RData rdf; + ALIAS: + _dnskey_set_key = 1 + +size_t +ldns_rr_dnskey_key_size(rr) + DNS__LDNS__RR rr; + ALIAS: + dnskey_key_size = 1 + +uint16_t +ldns_calc_keytag(key) + DNS__LDNS__RR key; + ALIAS: + calc_keytag = 1 + +DNS__LDNS__RData +ldns_nsec3_hash_name_frm_nsec3(rr, name) + DNS__LDNS__RR rr; + DNS__LDNS__RData name; + ALIAS: + _hash_name_from_nsec3 = 1 + +DNS__LDNS__RData +_nsec3_hash_name(name, algorithm, iterations, salt) + DNS__LDNS__RData name; + uint8_t algorithm; + uint16_t iterations; + char * salt; + CODE: + RETVAL = ldns_nsec3_hash_name(name, algorithm, iterations, + strlen(salt), (uint8_t *)salt); + OUTPUT: + RETVAL + +LDNS_Status +ldns_dnssec_verify_denial(rr, nsecs, rrsigs) + DNS__LDNS__RR rr; + DNS__LDNS__RRList nsecs; + DNS__LDNS__RRList rrsigs; + ALIAS: + _verify_denial = 1 + +LDNS_Status +ldns_dnssec_verify_denial_nsec3(rr, nsecs, rrsigs, packet_rcode, packet_qtype, packet_nodata) + DNS__LDNS__RR rr; + DNS__LDNS__RRList nsecs; + DNS__LDNS__RRList rrsigs; + LDNS_Pkt_Rcode packet_rcode; + LDNS_RR_Type packet_qtype; + signed char packet_nodata; + ALIAS: + _verify_denial_nsec3 = 1 + +DNS__LDNS__RR +_verify_denial_nsec3_match(rr, nsecs, rrsigs, packet_rcode, packet_qtype, packet_nodata, status) + DNS__LDNS__RR rr; + DNS__LDNS__RRList nsecs; + DNS__LDNS__RRList rrsigs; + LDNS_Pkt_Rcode packet_rcode; + LDNS_RR_Type packet_qtype; + signed char packet_nodata; + LDNS_Status status; + PREINIT: + ldns_rr ** match; + CODE: + RETVAL = NULL; + status = ldns_dnssec_verify_denial_nsec3_match(rr, nsecs, rrsigs, + packet_rcode, packet_qtype, packet_nodata, match); + if (status == LDNS_STATUS_OK) { + RETVAL = *match; + } + OUTPUT: + status + RETVAL + +void +nsec3_add_param_rdfs(rr, algorithm, flags, iterations, salt) + DNS__LDNS__RR rr; + uint8_t algorithm; + uint8_t flags; + uint16_t iterations; + char * salt; + CODE: + ldns_nsec3_add_param_rdfs(rr, algorithm, flags, iterations, strlen(salt), (uint8_t*)salt); + +uint8_t +ldns_nsec3_algorithm(nsec3) + DNS__LDNS__RR nsec3; + ALIAS: + nsec3_algorithm = 1 + +uint8_t +ldns_nsec3_flags(nsec3) + DNS__LDNS__RR nsec3; + ALIAS: + nsec3_flags = 1 + +bool +ldns_nsec3_optout(nsec3) + DNS__LDNS__RR nsec3; + ALIAS: + nsec3_optout = 1 + +uint16_t +ldns_nsec3_iterations(nsec3) + DNS__LDNS__RR nsec3; + ALIAS: + nsec3_iterations = 1 + +DNS__LDNS__RData +ldns_nsec3_next_owner(nsec3) + DNS__LDNS__RR nsec3; + ALIAS: + _nsec3_next_owner = 1 + +DNS__LDNS__RData +ldns_nsec3_bitmap(nsec3) + DNS__LDNS__RR nsec3; + ALIAS: + _nsec3_bitmap = 1 + +DNS__LDNS__RData +ldns_nsec3_salt(nsec3) + DNS__LDNS__RR nsec3; + ALIAS: + _nsec3_salt = 1 + +DNS__LDNS__RR +ldns_key_rr2ds(key, hash) + DNS__LDNS__RR key; + LDNS_Hash hash; + ALIAS: + key_to_ds = 1 + +bool +ldns_rr_is_question(rr) + DNS__LDNS__RR rr; + ALIAS: + is_question = 1 + +uint8_t +ldns_rr_label_count(rr) + DNS__LDNS__RR rr; + ALIAS: + label_count = 1 + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::RData + +PROTOTYPES: ENABLE + +DNS__LDNS__RData +ldns_rdf_new_frm_str(type, str) + LDNS_RDF_Type type; + const char *str; + ALIAS: + _new = 1 + +DNS__LDNS__RData +ldns_rdf_clone(rdf) + DNS__LDNS__RData rdf; + ALIAS: + clone = 1 + +Mortal_PV +ldns_rdf2str(rdf) + DNS__LDNS__RData rdf; + ALIAS: + to_string = 1 + +void +print(rdf, fp) + DNS__LDNS__RData rdf; + FILE* fp; + CODE: + ldns_rdf_print(fp, rdf); + +LDNS_RDF_Type +ldns_rdf_get_type(rdf) + DNS__LDNS__RData rdf; + ALIAS: + type = 1 + +void +ldns_rdf_set_type(rdf, type) + DNS__LDNS__RData rdf; + LDNS_RDF_Type type + ALIAS: + set_type = 1 + +int +ldns_rdf_compare(rd1, rd2) + DNS__LDNS__RData rd1; + DNS__LDNS__RData rd2; + ALIAS: + compare = 1 + +DNS__LDNS__RData +ldns_rdf_address_reverse(rdf) + DNS__LDNS__RData rdf; + ALIAS: + address_reverse = 1 + +uint8_t +ldns_dname_label_count(rdf) + DNS__LDNS__RData rdf; + ALIAS: + label_count = 1 + +DNS__LDNS__RData +ldns_dname_label(rdf, labelpos) + DNS__LDNS__RData rdf; + uint8_t labelpos; + ALIAS: + label = 1 + +int +ldns_dname_is_wildcard(rdf) + DNS__LDNS__RData rdf; + ALIAS: + is_wildcard = 1 + +int +ldns_dname_match_wildcard(rdf, wildcard) + DNS__LDNS__RData rdf; + DNS__LDNS__RData wildcard; + ALIAS: + matches_wildcard = 1 + +signed char +ldns_dname_is_subdomain(rdf, parent) + DNS__LDNS__RData rdf; + DNS__LDNS__RData parent; + ALIAS: + is_subdomain = 1 + +DNS__LDNS__RData +ldns_dname_left_chop(rdf) + DNS__LDNS__RData rdf + ALIAS: + left_chop = 1 + +LDNS_Status +ldns_dname_cat(rdata, otherrd) + DNS__LDNS__RData rdata; + DNS__LDNS__RData otherrd; + ALIAS: + _cat = 1 + +int +ldns_dname_compare(dname, otherdname) + DNS__LDNS__RData dname; + DNS__LDNS__RData otherdname; + ALIAS: + compare = 1 + +LDNS_RR_Type +ldns_rdf2rr_type(rdf) + DNS__LDNS__RData rdf; + ALIAS: + to_rr_type = 1 + +DNS__LDNS__RData +ldns_dname_reverse(rdf) + DNS__LDNS__RData rdf; + ALIAS: + dname_reverse = 1 + +void +ldns_dname2canonical(rdf) + DNS__LDNS__RData rdf; + ALIAS: + dname2canonical = 1 + +time_t +ldns_rdf2native_time_t(rdf) + DNS__LDNS__RData rdf; + ALIAS: + to_unix_time = 1 + 2native_time_t = 2 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::DNSSecZone + +PROTOTYPES: ENABLE + +DNS__LDNS__DNSSecZone +ldns_dnssec_zone_new() + ALIAS: + _new = 1 + +DNS__LDNS__DNSSecZone +_new_from_file(fp, origin, ttl, c, s, line_nr) + FILE* fp; + DNS__LDNS__RData__Opt origin; + uint32_t ttl; + LDNS_RR_Class c; + LDNS_Status s; + int line_nr; + PREINIT: + ldns_dnssec_zone *z; + CODE: + RETVAL = NULL; +#if LDNS_REVISION < ((1<<16)|(6<<8)|(13)) + Perl_croak(aTHX_ "function ldns_dnssec_zone_new_frm_fp_l is not implemented in this version of ldns"); +#else + s = ldns_dnssec_zone_new_frm_fp_l(&z, fp, origin, ttl, c, &line_nr); +#endif + + if (s == LDNS_STATUS_OK) { + RETVAL = z; + } + + OUTPUT: + RETVAL + s + line_nr + +LDNS_Status +create_from_zone(dnssec_zone, zone) + DNS__LDNS__DNSSecZone dnssec_zone; + DNS__LDNS__Zone zone; + PREINIT: + size_t i; + ldns_rr *cur_rr; + ldns_status status; + ldns_rr_list *failed_nsec3s; + ldns_rr_list *failed_nsec3_rrsigs; + ldns_status result = LDNS_STATUS_OK; + CODE: + failed_nsec3s = ldns_rr_list_new(); + failed_nsec3_rrsigs = ldns_rr_list_new(); + + status = ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_clone(ldns_zone_soa(zone))); + if (result == LDNS_STATUS_OK) { + result = status; + } + + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i); + status = ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_clone(cur_rr)); + if (status != LDNS_STATUS_OK) { + if (LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND == status) { + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG + && ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(cur_rr)) + == LDNS_RR_TYPE_NSEC3) { + ldns_rr_list_push_rr(failed_nsec3_rrsigs, cur_rr); + } else { + ldns_rr_list_push_rr(failed_nsec3s, cur_rr); + } + } + if (result == LDNS_STATUS_OK) { + result = status; + } + } + } + + if (ldns_rr_list_rr_count(failed_nsec3s) > 0) { + (void) ldns_dnssec_zone_add_empty_nonterminals(dnssec_zone); + for (i = 0; i < ldns_rr_list_rr_count(failed_nsec3s); i++) { + cur_rr = ldns_rr_list_rr(failed_nsec3s, i); + status = ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_clone(cur_rr)); + if (result == LDNS_STATUS_OK) { + result = status; + } + } + for (i = 0; i < ldns_rr_list_rr_count(failed_nsec3_rrsigs); i++) { + cur_rr = ldns_rr_list_rr(failed_nsec3_rrsigs, i); + status = ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_clone(cur_rr)); + if (result == LDNS_STATUS_OK) { + result = status; + } + } + } + + ldns_rr_list_free(failed_nsec3_rrsigs); + ldns_rr_list_free(failed_nsec3s); + RETVAL = result; + OUTPUT: + RETVAL + +void +print(zone, fp) + DNS__LDNS__DNSSecZone zone; + FILE* fp; + CODE: + ldns_dnssec_zone_print(fp, zone); + +LDNS_Status +ldns_dnssec_zone_add_rr(zone, rr) + DNS__LDNS__DNSSecZone zone; + DNS__LDNS__RR rr; + ALIAS: + _add_rr = 1 + +LDNS_Status +ldns_dnssec_zone_add_empty_nonterminals(zone) + DNS__LDNS__DNSSecZone zone; + ALIAS: + _add_empty_nonterminals = 1 + +LDNS_Status +ldns_dnssec_zone_mark_glue(zone) + DNS__LDNS__DNSSecZone zone; + ALIAS: + _mark_glue = 1 + +DNS__LDNS__DNSSecName +_soa(zone) + DNS__LDNS__DNSSecZone zone; + CODE: + RETVAL = zone->soa; + OUTPUT: + RETVAL + +DNS__LDNS__RBTree +_names(zone) + DNS__LDNS__DNSSecZone zone; + CODE: + RETVAL = zone->names; + OUTPUT: + RETVAL + +DNS__LDNS__DNSSecRRSets +ldns_dnssec_zone_find_rrset(zone, rdf, type) + DNS__LDNS__DNSSecZone zone; + DNS__LDNS__RData rdf; + LDNS_RR_Type type; + ALIAS: + _find_rrset = 1 + +LDNS_Status +_sign(zone, key_list, policy, flags) + DNS__LDNS__DNSSecZone zone; + DNS__LDNS__KeyList key_list; + uint16_t policy; + int flags; + PREINIT: + ldns_rr_list * new_rrs; + CODE: + new_rrs = ldns_rr_list_new(); + RETVAL = ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, + sign_policy, (void*)&policy, flags); + ldns_rr_list_free(new_rrs); + OUTPUT: + RETVAL + +LDNS_Status +_sign_nsec3(zone, key_list, policy, algorithm, flags, iterations, salt, signflags) + DNS__LDNS__DNSSecZone zone; + DNS__LDNS__KeyList key_list; + uint16_t policy; + uint8_t algorithm; + uint8_t flags; + uint16_t iterations; + char * salt; + int signflags; + PREINIT: + ldns_rr_list * new_rrs; + CODE: + new_rrs = ldns_rr_list_new(); + RETVAL = ldns_dnssec_zone_sign_nsec3_flg(zone, new_rrs, key_list, + sign_policy, (void*)&policy, algorithm, flags, iterations, + strlen(salt), (uint8_t*)salt, signflags); + ldns_rr_list_free(new_rrs); + OUTPUT: + RETVAL + +LDNS_Status +create_nsecs(zone) + DNS__LDNS__DNSSecZone zone; + PREINIT: + ldns_rr_list * new_rrs; + CODE: + new_rrs = ldns_rr_list_new(); + RETVAL = ldns_dnssec_zone_create_nsecs(zone, new_rrs); + ldns_rr_list_free(new_rrs); + OUTPUT: + RETVAL + +LDNS_Status +create_nsec3s(zone, algorithm, flags, iterations, salt) + DNS__LDNS__DNSSecZone zone; + uint8_t algorithm; + uint8_t flags; + uint8_t iterations; + char * salt; + PREINIT: + ldns_rr_list * new_rrs; + CODE: + new_rrs = ldns_rr_list_new(); + RETVAL = ldns_dnssec_zone_create_nsec3s(zone, new_rrs, algorithm, + flags, iterations, strlen(salt), (uint8_t*)salt); + ldns_rr_list_free(new_rrs); + OUTPUT: + RETVAL + +LDNS_Status +create_rrsigs(zone, key_list, policy, flags) + DNS__LDNS__DNSSecZone zone; + DNS__LDNS__KeyList key_list; + uint16_t policy; + int flags; + PREINIT: + ldns_rr_list * new_rrs; + CODE: + new_rrs = ldns_rr_list_new(); + RETVAL = ldns_dnssec_zone_create_rrsigs_flg(zone, new_rrs, key_list, + sign_policy, (void*)&policy, flags); + ldns_rr_list_free(new_rrs); + OUTPUT: + RETVAL + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::DNSSecRRSets + +DNS__LDNS__DNSSecRRs +_rrs(rrsets) + DNS__LDNS__DNSSecRRSets rrsets; + CODE: + RETVAL = rrsets->rrs; + OUTPUT: + RETVAL + +DNS__LDNS__DNSSecRRs +_signatures(rrsets) + DNS__LDNS__DNSSecRRSets rrsets; + CODE: + RETVAL = rrsets->signatures; + OUTPUT: + RETVAL + +bool +ldns_dnssec_rrsets_contains_type(rrsets, type) + DNS__LDNS__DNSSecRRSets rrsets; + LDNS_RR_Type type; + ALIAS: + contains_type = 1 + +LDNS_RR_Type +ldns_dnssec_rrsets_type(rrsets) + DNS__LDNS__DNSSecRRSets rrsets; + ALIAS: + type = 1 + +LDNS_Status +ldns_dnssec_rrsets_set_type(rrsets, type) + DNS__LDNS__DNSSecRRSets rrsets; + LDNS_RR_Type type; + ALIAS: + _set_type = 1 + +DNS__LDNS__DNSSecRRSets +_next(rrsets) + DNS__LDNS__DNSSecRRSets rrsets; + CODE: + RETVAL = rrsets->next; + OUTPUT: + RETVAL + +LDNS_Status +ldns_dnssec_rrsets_add_rr(rrsets, rr) + DNS__LDNS__DNSSecRRSets rrsets; + DNS__LDNS__RR rr; + ALIAS: + _add_rr = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::DNSSecRRs + +DNS__LDNS__DNSSecRRs +ldns_dnssec_rrs_new() + ALIAS: + _new = 1 + +DNS__LDNS__RR +_rr(rrs) + DNS__LDNS__DNSSecRRs rrs; + CODE: + RETVAL = rrs->rr; + OUTPUT: + RETVAL + +DNS__LDNS__DNSSecRRs +_next(rrs) + DNS__LDNS__DNSSecRRs rrs; + CODE: + RETVAL = rrs->next; + OUTPUT: + RETVAL + +LDNS_Status +ldns_dnssec_rrs_add_rr(rrs, rr) + DNS__LDNS__DNSSecRRs rrs; + DNS__LDNS__RR rr; + ALIAS: + _add_rr = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::DNSSecName + +DNS__LDNS__DNSSecName +ldns_dnssec_name_new() + ALIAS: + _new = 1 + +DNS__LDNS__RData +ldns_dnssec_name_name(name) + DNS__LDNS__DNSSecName name; + ALIAS: + _name = 1 + +bool +ldns_dnssec_name_is_glue(name) + DNS__LDNS__DNSSecName name; + ALIAS: + is_glue = 1 + +DNS__LDNS__DNSSecRRSets +_rrsets(name) + DNS__LDNS__DNSSecName name; + CODE: + RETVAL = name->rrsets; + OUTPUT: + RETVAL + +DNS__LDNS__RR +_nsec(name) + DNS__LDNS__DNSSecName name; + CODE: + RETVAL = name->nsec; + OUTPUT: + RETVAL + +DNS__LDNS__RData +_hashed_name(name) + DNS__LDNS__DNSSecName name; + CODE: + RETVAL = name->hashed_name; + OUTPUT: + RETVAL + +DNS__LDNS__DNSSecRRs +_nsec_signatures(name) + DNS__LDNS__DNSSecName name; + CODE: + RETVAL = name->nsec_signatures; + OUTPUT: + RETVAL + +void +ldns_dnssec_name_set_name(name, dname) + DNS__LDNS__DNSSecName name; + DNS__LDNS__RData dname; + ALIAS: + _set_name = 1 + +void +ldns_dnssec_name_set_nsec(name, nsec) + DNS__LDNS__DNSSecName name; + DNS__LDNS__RR nsec; + ALIAS: + _set_nsec = 1 + +int +ldns_dnssec_name_cmp(a, b) + DNS__LDNS__DNSSecName a; + DNS__LDNS__DNSSecName b; + ALIAS: + compare = 1 + +LDNS_Status +ldns_dnssec_name_add_rr(name, rr) + DNS__LDNS__DNSSecName name; + DNS__LDNS__RR rr; + ALIAS: + _add_rr = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::RBTree + +DNS__LDNS__RBNode +ldns_rbtree_first(tree) + DNS__LDNS__RBTree tree; + ALIAS: + _first = 1 + +DNS__LDNS__RBNode +ldns_rbtree_last(tree) + DNS__LDNS__RBTree tree; + ALIAS: + _last = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::RBNode + +DNS__LDNS__RBNode +ldns_rbtree_next(node) + DNS__LDNS__RBNode node; + ALIAS: + _next = 1 + +DNS__LDNS__RBNode +ldns_rbtree_previous(node) + DNS__LDNS__RBNode node; + ALIAS: + _previous = 1 + +DNS__LDNS__RBNode +ldns_dnssec_name_node_next_nonglue(node) + DNS__LDNS__RBNode node; + ALIAS: + _next_nonglue = 1 + +bool +is_null(node) + DNS__LDNS__RBNode node; + CODE: + RETVAL = (node == LDNS_RBTREE_NULL); + OUTPUT: + RETVAL + +DNS__LDNS__DNSSecName +_name(node) + DNS__LDNS__RBNode node; + CODE: + RETVAL = (ldns_dnssec_name*)node->data; + OUTPUT: + RETVAL + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::Resolver + +DNS__LDNS__Resolver +_new_from_file(fp, s) + FILE* fp; + LDNS_Status s; + PREINIT: + ldns_resolver *r; + CODE: + RETVAL = NULL; + s = ldns_resolver_new_frm_fp(&r, fp); + if (s == LDNS_STATUS_OK) { + RETVAL = r; + } + OUTPUT: + RETVAL + s + +DNS__LDNS__Resolver +ldns_resolver_new() + ALIAS: + _new = 1 + +bool +ldns_resolver_dnssec(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + dnssec = 1 + +void +ldns_resolver_set_dnssec(resolver, d) + DNS__LDNS__Resolver resolver; + bool d; + ALIAS: + set_dnssec = 1 + +bool +ldns_resolver_dnssec_cd(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + dnssec_cd = 1 + +void +ldns_resolver_set_dnssec_cd(resolver, d) + DNS__LDNS__Resolver resolver; + bool d; + ALIAS: + set_dnssec_cd = 1 + +uint16_t +ldns_resolver_port(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + port = 1 + +void +ldns_resolver_set_port(resolver, port) + DNS__LDNS__Resolver resolver; + uint16_t port; + ALIAS: + set_port = 1 + +bool +ldns_resolver_recursive(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + recursive = 1 + +void +ldns_resolver_set_recursive(resolver, b) + DNS__LDNS__Resolver resolver; + bool b; + ALIAS: + set_recursive = 1 + +bool +ldns_resolver_debug(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + debug = 1 + +void +ldns_resolver_set_debug(resolver, b) + DNS__LDNS__Resolver resolver; + bool b; + ALIAS: + set_debug = 1 + +uint8_t +ldns_resolver_retry(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + retry = 1 + +void +ldns_resolver_set_retry(resolver, re) + DNS__LDNS__Resolver resolver; + uint8_t re; + ALIAS: + set_retry = 1 + +uint8_t +ldns_resolver_retrans(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + retrans = 1 + +void +ldns_resolver_set_retrans(resolver, re) + DNS__LDNS__Resolver resolver; + uint8_t re; + ALIAS: + set_retrans = 1 + +bool +ldns_resolver_fallback(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + fallback = 1 + +void +ldns_resolver_set_fallback(resolver, f) + DNS__LDNS__Resolver resolver; + bool f; + ALIAS: + set_fallback = 1 + +uint8_t +ldns_resolver_ip6(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + ip6 = 1 + +void +ldns_resolver_set_ip6(resolver, i) + DNS__LDNS__Resolver resolver; + uint8_t i; + ALIAS: + set_ip6 = 1 + +uint16_t +ldns_resolver_edns_udp_size(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + edns_udp_size = 1 + +void +ldns_resolver_set_edns_udp_size(resolver, s) + DNS__LDNS__Resolver resolver; + uint16_t s; + ALIAS: + set_edns_udp_size = 1 + +bool +ldns_resolver_usevc(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + usevc = 1 + +void +ldns_resolver_set_usevc(resolver, b) + DNS__LDNS__Resolver resolver; + bool b; + ALIAS: + set_usevc = 1 + +bool +ldns_resolver_fail(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + fail = 1 + +void +ldns_resolver_set_fail(resolver, b) + DNS__LDNS__Resolver resolver; + bool b; + ALIAS: + set_fail = 1 + +bool +ldns_resolver_defnames(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + defnames = 1 + +void +ldns_resolver_set_defnames(resolver, b) + DNS__LDNS__Resolver resolver; + bool b; + ALIAS: + set_defnames = 1 + +bool +ldns_resolver_dnsrch(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + dnsrch = 1 + +void +ldns_resolver_set_dnsrch(resolver, b) + DNS__LDNS__Resolver resolver; + bool b; + ALIAS: + set_dnsrch = 1 + +bool +ldns_resolver_igntc(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + igntc = 1 + +void +ldns_resolver_set_igntc(resolver, b) + DNS__LDNS__Resolver resolver; + bool b; + ALIAS: + set_igntc = 1 + +bool +ldns_resolver_random(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + random = 1 + +void +ldns_resolver_set_random(resolver, b) + DNS__LDNS__Resolver resolver; + bool b; + ALIAS: + set_random = 1 + +bool +ldns_resolver_trusted_key(resolver, keys, trusted_key) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RRList keys; + DNS__LDNS__RRList trusted_key; + ALIAS: + trusted_key = 1 + +DNS__LDNS__RRList +ldns_resolver_dnssec_anchors(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + _dnssec_anchors = 1 + +void +ldns_resolver_set_dnssec_anchors(resolver, list) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RRList list; + ALIAS: + _set_dnssec_anchors = 1 + +void +ldns_resolver_push_dnssec_anchor(resolver, rr) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RR rr; + ALIAS: + _push_dnssec_anchor = 1 + +DNS__LDNS__RData +ldns_resolver_domain(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + _domain = 1 + +void +ldns_resolver_set_domain(resolver, rd) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData rd; + ALIAS: + _set_domain = 1 + +AV * +_nameservers(resolver) + DNS__LDNS__Resolver resolver; + PREINIT: + ldns_rdf** list; + AV * result; + int i; + SV * elem; + CODE: + result = (AV *)sv_2mortal((SV *)newAV()); + list = ldns_resolver_nameservers(resolver); + + /* FIXME: Make a typemap for this ? */ + for (i = 0; i < ldns_resolver_nameserver_count(resolver); i++) { + elem = newSVpv(0, 0); + sv_setref_pv(elem, "LDNS::RData", list[i]); + av_push(result, elem); + } + RETVAL = result; + OUTPUT: + RETVAL + +size_t +ldns_resolver_nameserver_count(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + nameserver_count = 1 + +LDNS_Status +ldns_resolver_push_nameserver(resolver, n) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData n; + ALIAS: + _push_nameserver = 1 + +DNS__LDNS__RData +ldns_resolver_pop_nameserver(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + _pop_nameserver = 1 + +void +ldns_resolver_nameservers_randomize(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + nameservers_randomize = 1 + +const char* +ldns_resolver_tsig_keyname(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + tsig_keyname = 1 + +void +ldns_resolver_set_tsig_keyname(resolver, tsig_keyname) + DNS__LDNS__Resolver resolver; + char* tsig_keyname; + ALIAS: + set_tsig_keyname = 1 + +const char* +ldns_resolver_tsig_algorithm(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + tsig_algorithm = 1 + +void +ldns_resolver_set_tsig_algorithm(resolver, tsig_algorithm) + DNS__LDNS__Resolver resolver; + char* tsig_algorithm; + ALIAS: + set_tsig_algorithm = 1 + +const char* +ldns_resolver_tsig_keydata(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + tsig_keydata = 1 + +void +ldns_resolver_set_tsig_keydata(resolver, tsig_keydata) + DNS__LDNS__Resolver resolver; + char* tsig_keydata; + ALIAS: + set_tsig_keydata = 1 + +size_t +ldns_resolver_searchlist_count(resolver) + DNS__LDNS__Resolver resolver; + ALIAS: + searchlist_count = 1 + +void +ldns_resolver_push_searchlist(resolver, rd) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData rd; + ALIAS: + _push_searchlist = 1 + +AV * +_searchlist(resolver) + DNS__LDNS__Resolver resolver; + PREINIT: + ldns_rdf** list; + AV * result; + int i; + SV * elem; + CODE: + result = (AV *)sv_2mortal((SV *)newAV()); + list = ldns_resolver_searchlist(resolver); + + /* FIXME: Make a typemap for this ? */ + for (i = 0; i < ldns_resolver_searchlist_count(resolver); i++) { + elem = newSVpv(0, 0); + sv_setref_pv(elem, "LDNS::RData", list[i]); + av_push(result, elem); + } + RETVAL = result; + OUTPUT: + RETVAL + +size_t +ldns_resolver_nameserver_rtt(resolver, pos) + DNS__LDNS__Resolver resolver; + size_t pos; + ALIAS: + nameserver_rtt = 1 + +void +ldns_resolver_set_nameserver_rtt(resolver, pos, val) + DNS__LDNS__Resolver resolver; + size_t pos; + size_t val; + ALIAS: + set_nameserver_rtt = 1 + +AV * +_timeout(resolver) + DNS__LDNS__Resolver resolver; + PREINIT: + struct timeval t; + AV * result; + CODE: + t = ldns_resolver_timeout(resolver); + result = (AV *)sv_2mortal((SV *)newAV()); + av_push(result, newSVuv(t.tv_sec)); + av_push(result, newSVuv(t.tv_usec)); + RETVAL = result; + OUTPUT: + RETVAL + +void +set_timeout(resolver, sec, usec) + DNS__LDNS__Resolver resolver; + uint32_t sec; + uint32_t usec; + PREINIT: + struct timeval t; + CODE: + t.tv_sec = sec; + t.tv_usec = usec; + ldns_resolver_set_timeout(resolver, t); + +void +_set_rtt(resolver, rtt) + DNS__LDNS__Resolver resolver; + AV * rtt; + PREINIT: + size_t *buff; + int i; + SV** elem; + CODE: + buff = malloc(sizeof(size_t)*(av_len(rtt)+1)); + for (i = 0; i <= av_len(rtt); i++) { + elem = av_fetch(rtt, i, 0); + buff[i] = SvUV(*elem); + } + ldns_resolver_set_rtt(resolver, buff); + +AV * +_rtt(resolver) + DNS__LDNS__Resolver resolver; + PREINIT: + int i; + size_t *rtt; + AV * result; + CODE: + result = (AV *)sv_2mortal((SV *)newAV()); + rtt = ldns_resolver_rtt(resolver); + + for (i = 0; i < ldns_resolver_nameserver_count(resolver); i++) { + av_push(result, newSVuv(rtt[i])); + } + RETVAL = result; + OUTPUT: + RETVAL + +DNS__LDNS__RRList +ldns_validate_domain_ds(resolver, domain, keys) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData domain; + DNS__LDNS__RRList keys; + ALIAS: + validate_domain_ds = 1 + +DNS__LDNS__RRList +ldns_validate_domain_ds_time(resolver, domain, keys, check_time) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData domain; + DNS__LDNS__RRList keys; + time_t check_time; + ALIAS: + validate_domain_ds_time = 1 + +DNS__LDNS__RRList +ldns_validate_domain_dnskey(resolver, domain, keys) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData domain; + DNS__LDNS__RRList keys; + ALIAS: + validate_domain_dnskey = 1 + +DNS__LDNS__RRList +ldns_validate_domain_dnskey_time(resolver, domain, keys, check_time) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData domain; + DNS__LDNS__RRList keys; + time_t check_time; + ALIAS: + validate_domain_dnskey_time = 1 + +LDNS_Status +ldns_verify_trusted(resolver, rrset, rrsigs, validating_keys) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RRList rrset; + DNS__LDNS__RRList rrsigs; + DNS__LDNS__RRList validating_keys; + ALIAS: + _verify_trusted = 1 + +LDNS_Status +ldns_verify_trusted_time(resolver, rrset, rrsigs, check_time, validating_keys) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RRList rrset; + DNS__LDNS__RRList rrsigs; + time_t check_time; + DNS__LDNS__RRList validating_keys; + ALIAS: + _verify_trusted_time = 1 + +DNS__LDNS__RRList +_fetch_valid_domain_keys(resolver, domain, keys, s) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData domain; + DNS__LDNS__RRList keys; + LDNS_Status s; + PREINIT: + DNS__LDNS__RRList trusted; + DNS__LDNS__RRList ret; + size_t i; + CODE: + RETVAL = NULL; + trusted = ldns_fetch_valid_domain_keys(resolver, domain, keys, &s); + if (s == LDNS_STATUS_OK) { + RETVAL = ldns_rr_list_clone(trusted); + ldns_rr_list_free(trusted); + } + OUTPUT: + RETVAL + s + +DNS__LDNS__RRList +_fetch_valid_domain_keys_time(resolver, domain, keys, check_time, s) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData domain; + DNS__LDNS__RRList keys; + time_t check_time; + LDNS_Status s; + PREINIT: + DNS__LDNS__RRList trusted; + DNS__LDNS__RRList ret; + size_t i; + CODE: + RETVAL = NULL; + trusted = ldns_fetch_valid_domain_keys_time( + resolver, domain, keys, check_time, &s); + if (s == LDNS_STATUS_OK) { + RETVAL = ldns_rr_list_clone(trusted); + ldns_rr_list_free(trusted); + } + OUTPUT: + RETVAL + s + +DNS__LDNS__Packet +ldns_resolver_query(resolver, name, type, class, flags) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData name; + LDNS_RR_Type type; + LDNS_RR_Class class; + uint16_t flags; + ALIAS: + query = 1 + +DNS__LDNS__Packet +_send(resolver, name, type, class, flags, s) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData name; + LDNS_RR_Type type; + LDNS_RR_Class class; + uint16_t flags; + LDNS_Status s; + PREINIT: + DNS__LDNS__Packet packet; + CODE: + s = ldns_resolver_send(&packet, resolver, name, type, class, flags); + if (s == LDNS_STATUS_OK) { + RETVAL = packet; + } + OUTPUT: + RETVAL + s + +DNS__LDNS__Packet +_send_pkt(resolver, packet, s) + DNS__LDNS__Resolver resolver; + DNS__LDNS__Packet packet; + LDNS_Status s; + PREINIT: + DNS__LDNS__Packet answer; + CODE: + s = ldns_resolver_send_pkt(&answer, resolver, packet); + if (s == LDNS_STATUS_OK) { + RETVAL = answer; + } + OUTPUT: + RETVAL + s + +DNS__LDNS__Packet +_prepare_query_pkt(resolver, name, type, class, flags, s) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData name; + LDNS_RR_Type type; + LDNS_RR_Class class; + uint16_t flags; + LDNS_Status s; + PREINIT: + DNS__LDNS__Packet packet; + CODE: + s = ldns_resolver_prepare_query_pkt(&packet, resolver, name, type, class, flags); + if (s == LDNS_STATUS_OK) { + RETVAL = packet; + } + OUTPUT: + RETVAL + s + +DNS__LDNS__Packet +ldns_resolver_search(resolver, name, type, class, flags) + DNS__LDNS__Resolver resolver; + DNS__LDNS__RData name; + LDNS_RR_Type type; + LDNS_RR_Class class; + uint16_t flags; + ALIAS: + search = 1 + +DNS__LDNS__DNSSecDataChain +build_data_chain(res, qflags, data_set, pkt, orig_rr) + DNS__LDNS__Resolver res; + uint16_t qflags; + DNS__LDNS__RRList data_set; + DNS__LDNS__Packet pkt; + DNS__LDNS__RR__Opt orig_rr; + CODE: + RETVAL = ldns_dnssec_build_data_chain(res, qflags, data_set, pkt, orig_rr); + OUTPUT: + RETVAL + +DNS__LDNS__RRList +ldns_get_rr_list_addr_by_name(res, name, class, flags) + DNS__LDNS__Resolver res; + DNS__LDNS__RData name; + LDNS_RR_Class class; + uint16_t flags; + ALIAS: + get_rr_list_addr_by_name = 1 + +DNS__LDNS__RRList +ldns_get_rr_list_name_by_addr(res, addr, class, flags) + DNS__LDNS__Resolver res; + DNS__LDNS__RData addr; + LDNS_RR_Class class; + uint16_t flags; + ALIAS: + get_rr_list_addr_by_addr = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::Packet + +Mortal_PV +ldns_pkt2str(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + to_string = 1 + +DNS__LDNS__RRList +ldns_pkt_question(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + _question = 1 + +void +ldns_pkt_set_question(pkt, l) + DNS__LDNS__Packet pkt; + DNS__LDNS__RRList l; + ALIAS: + _set_question = 1 + +DNS__LDNS__RRList +ldns_pkt_answer(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + _answer = 1 + +void +ldns_pkt_set_answer(pkt, l) + DNS__LDNS__Packet pkt; + DNS__LDNS__RRList l; + ALIAS: + _set_answer = 1 + +DNS__LDNS__RRList +ldns_pkt_authority(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + _authority = 1 + +void +ldns_pkt_set_authority(pkt, l) + DNS__LDNS__Packet pkt; + DNS__LDNS__RRList l; + ALIAS: + _set_authority = 1 + +DNS__LDNS__RRList +ldns_pkt_additional(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + _additional = 1 + +void +ldns_pkt_set_additional(pkt, l) + DNS__LDNS__Packet pkt; + DNS__LDNS__RRList l; + ALIAS: + _set_additional = 1 + +DNS__LDNS__RRList +ldns_pkt_all(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + all = 1 + +DNS__LDNS__RRList +ldns_pkt_all_noquestion(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + all_noquestion = 1 + +signed char +ldns_pkt_qr(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + qr = 1 + +void +ldns_pkt_set_qr(pkt, b) + DNS__LDNS__Packet pkt; + signed char b; + ALIAS: + set_qr = 1 + +signed char +ldns_pkt_aa(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + aa = 1 + +void +ldns_pkt_set_aa(pkt, b) + DNS__LDNS__Packet pkt; + signed char b; + ALIAS: + set_aa = 1 + +signed char +ldns_pkt_tc(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + tc = 1 + +void +ldns_pkt_set_tc(pkt, b) + DNS__LDNS__Packet pkt; + signed char b; + ALIAS: + set_tc = 1 + +signed char +ldns_pkt_rd(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + rd = 1 + +void +ldns_pkt_set_rd(pkt, b) + DNS__LDNS__Packet pkt; + signed char b; + ALIAS: + set_rd = 1 + +bool +ldns_pkt_cd(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + cd = 1 + +void +ldns_pkt_set_cd(pkt, b) + DNS__LDNS__Packet pkt; + signed char b; + ALIAS: + set_cd = 1 + +signed char +ldns_pkt_ra(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + ra = 1 + +void +ldns_pkt_set_ra(pkt, b) + DNS__LDNS__Packet pkt; + signed char b; + ALIAS: + set_ra = 1 + +signed char +ldns_pkt_ad(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + ad = 1 + +void +ldns_pkt_set_ad(pkt, b) + DNS__LDNS__Packet pkt; + signed char b; + ALIAS: + set_ad = 1 + +uint16_t +ldns_pkt_id(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + id = 1 + +void +ldns_pkt_set_id(pkt, id) + DNS__LDNS__Packet pkt; + uint16_t id; + ALIAS: + set_id = 1 + +void +ldns_pkt_set_random_id(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + set_random_id = 1 + +uint16_t +ldns_pkt_qdcount(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + qdcount = 1 + +uint16_t +ldns_pkt_ancount(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + ancount = 1 + +uint16_t +ldns_pkt_nscount(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + nscount = 1 + +uint16_t +ldns_pkt_arcount(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + arcount = 1 + +LDNS_Pkt_Opcode +ldns_pkt_get_opcode(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + opcode = 1 + +void +ldns_pkt_set_opcode(pkt, c) + DNS__LDNS__Packet pkt; + LDNS_Pkt_Opcode c; + ALIAS: + set_opcode = 1 + +uint8_t +ldns_pkt_get_rcode(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + rcode = 1 + +void +ldns_pkt_set_rcode(pkt, r) + DNS__LDNS__Packet pkt; + uint8_t r; + ALIAS: + set_rcode = 1 + +size_t +ldns_pkt_size(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + size = 1 + +uint32_t +ldns_pkt_querytime(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + querytime = 1 + +void +ldns_pkt_set_querytime(pkt, t) + DNS__LDNS__Packet pkt; + uint32_t t; + ALIAS: + set_querytime = 1 + +DNS__LDNS__RData +ldns_pkt_answerfrom(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + _answerfrom = 1 + +AV * +_timestamp(pkt) + DNS__LDNS__Packet pkt; + PREINIT: + struct timeval t; + AV * result; + CODE: + t = ldns_pkt_timestamp(pkt); + result = (AV *)sv_2mortal((SV *)newAV()); + av_push(result, newSVuv(t.tv_sec)); + av_push(result, newSVuv(t.tv_usec)); + RETVAL = result; + OUTPUT: + RETVAL + +void +set_timestamp(pkt, sec, usec) + DNS__LDNS__Packet pkt; + uint32_t sec; + uint32_t usec; + PREINIT: + struct timeval t; + CODE: + t.tv_sec = sec; + t.tv_usec = usec; + ldns_pkt_set_timestamp(pkt, t); + +void +ldns_pkt_set_answerfrom(pkt, a) + DNS__LDNS__Packet pkt; + DNS__LDNS__RData a; + ALIAS: + _set_answerfrom = 1 + +bool +ldns_pkt_set_flags(pkt, f) + DNS__LDNS__Packet pkt; + uint16_t f; + ALIAS: + set_flags = 1 + +DNS__LDNS__RRList +ldns_pkt_rr_list_by_name(pkt, name, sec) + DNS__LDNS__Packet pkt; + DNS__LDNS__RData name; + LDNS_Pkt_Section sec; + ALIAS: + rr_list_by_name = 1 + +DNS__LDNS__RRList +ldns_pkt_rr_list_by_type(pkt, type, sec) + DNS__LDNS__Packet pkt; + LDNS_RR_Type type; + LDNS_Pkt_Section sec; + ALIAS: + rr_list_by_type = 1 + +DNS__LDNS__RRList +ldns_pkt_rr_list_by_name_and_type(pkt, name, type, sec) + DNS__LDNS__Packet pkt; + DNS__LDNS__RData name; + LDNS_RR_Type type; + LDNS_Pkt_Section sec; + ALIAS: + rr_list_by_name_and_type = 1 + +bool +ldns_pkt_rr(pkt, sec, rr) + DNS__LDNS__Packet pkt; + LDNS_Pkt_Section sec; + DNS__LDNS__RR rr; + ALIAS: + rr = 1 + +bool +ldns_pkt_push_rr(pkt, sec, rr) + DNS__LDNS__Packet pkt; + LDNS_Pkt_Section sec; + DNS__LDNS__RR rr; + ALIAS: + _push_rr = 1 + +bool +ldns_pkt_safe_push_rr(pkt, sec, rr) + DNS__LDNS__Packet pkt; + LDNS_Pkt_Section sec; + DNS__LDNS__RR rr; + ALIAS: + _safe_push_rr = 1 + +uint16_t +ldns_pkt_section_count(pkt, sec) + DNS__LDNS__Packet pkt; + LDNS_Pkt_Section sec; + ALIAS: + section_count = 1 + +signed char +ldns_pkt_empty(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + empty = 1 + +DNS__LDNS__RR +ldns_pkt_tsig(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + _tsig = 1 + +void +ldns_pkt_set_tsig(pkt, rr) + DNS__LDNS__Packet pkt; + DNS__LDNS__RR rr; + ALIAS: + _set_tsig = 1 + +DNS__LDNS__Packet +ldns_pkt_clone(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + clone = 1 + +LDNS_Pkt_Type +ldns_pkt_reply_type(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + reply_type = 1 + +DNS__LDNS__Packet +ldns_pkt_new() + ALIAS: + _new = 1 + +DNS__LDNS__Packet +ldns_pkt_query_new(name, type, class, flags) + DNS__LDNS__RData name; + LDNS_RR_Type type; + LDNS_RR_Class class; + uint16_t flags; + ALIAS: + _query_new = 1 + +DNS__LDNS__RRList +ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt, name, type) + DNS__LDNS__Packet pkt; + DNS__LDNS__RData name; + LDNS_RR_Type type; + ALIAS: + get_rrsigs_for_name_and_type = 1 + +DNS__LDNS__RRList +ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type) + DNS__LDNS__Packet pkt; + LDNS_RR_Type type; + ALIAS: + get_rrsigs_for_type = 1 + +uint16_t +ldns_pkt_edns_udp_size(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + edns_udp_size = 1 + +void +ldns_pkt_set_edns_udp_size(pkt, s) + DNS__LDNS__Packet pkt; + uint16_t s; + ALIAS: + set_edns_udp_size = 1 + +uint8_t +ldns_pkt_edns_extended_rcode(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + edns_extended_rcode = 1 + +void +ldns_pkt_set_edns_extended_rcode(pkt, c) + DNS__LDNS__Packet pkt; + uint8_t c; + ALIAS: + set_edns_extended_rcode = 1 + +uint8_t +ldns_pkt_edns_version(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + edns_version = 1 + +void +ldns_pkt_set_edns_version(pkt, v) + DNS__LDNS__Packet pkt; + uint8_t v; + ALIAS: + set_edns_version = 1 + +uint16_t +ldns_pkt_edns_z(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + edns_z = 1 + +void +ldns_pkt_set_edns_z(pkt, z) + DNS__LDNS__Packet pkt; + uint16_t z; + ALIAS: + set_edns_z = 1 + +signed char +ldns_pkt_edns_do(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + edns_do = 1 + +DNS__LDNS__RData +ldns_pkt_edns_data(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + _edns_data = 1 + +void +ldns_pkt_set_edns_data(pkt, data) + DNS__LDNS__Packet pkt; + DNS__LDNS__RData data; + ALIAS: + _set_edns_data = 1 + +void +ldns_pkt_set_edns_do(pkt, val) + DNS__LDNS__Packet pkt; + signed char val; + ALIAS: + set_edns_do = 1 + +bool +ldns_pkt_edns(pkt) + DNS__LDNS__Packet pkt; + ALIAS: + edns = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::Key + +DNS__LDNS__Key +_new_from_file(fp, line_nr, s) + FILE* fp; + int line_nr; + LDNS_Status s; + PREINIT: + ldns_key *key; + CODE: + RETVAL = NULL; + s = ldns_key_new_frm_fp_l(&key, fp, &line_nr); + + if (s == LDNS_STATUS_OK) { + RETVAL = key; + } + OUTPUT: + RETVAL + s + line_nr + +DNS__LDNS__Key +ldns_key_new() + ALIAS: + _new = 1 + +void +print(key, fp) + DNS__LDNS__Key key; + FILE* fp; + CODE: + ldns_key_print(fp, key); + +Mortal_PV +ldns_key2str(key) + DNS__LDNS__Key key; + ALIAS: + to_string = 1 + +void +ldns_key_set_algorithm(key, algorithm) + DNS__LDNS__Key key; + LDNS_Signing_Algorithm algorithm; + ALIAS: + set_algorithm = 1 + +LDNS_Signing_Algorithm +ldns_key_algorithm(key) + DNS__LDNS__Key key; + ALIAS: + algorithm = 1 + +void +ldns_key_set_flags(key, flags) + DNS__LDNS__Key key; + uint16_t flags; + ALIAS: + set_flags = 1 + +uint16_t +ldns_key_flags(key) + DNS__LDNS__Key key; + ALIAS: + flags = 1 + +void +ldns_key_set_hmac_key(key, hmac) + DNS__LDNS__Key key; + unsigned char* hmac; + ALIAS: + set_hmac_key = 1 + +unsigned char * +ldns_key_hmac_key(key) + DNS__LDNS__Key key; + ALIAS: + hmac_key = 1 + +void +ldns_key_set_hmac_size(key, size) + DNS__LDNS__Key key; + size_t size; + ALIAS: + set_hmac_size = 1 + +size_t +ldns_key_hmac_size(key) + DNS__LDNS__Key key; + ALIAS: + hmac_size = 1 + +void +ldns_key_set_origttl(key, t) + DNS__LDNS__Key key; + uint32_t t; + ALIAS: + set_origttl = 1 + +uint32_t +ldns_key_origttl(key) + DNS__LDNS__Key key; + ALIAS: + origttl = 1 + +void +ldns_key_set_inception(key, i) + DNS__LDNS__Key key; + uint32_t i; + ALIAS: + set_inception = 1 + +uint32_t +ldns_key_inception(key) + DNS__LDNS__Key key; + ALIAS: + inception = 1 + +void +ldns_key_set_expiration(key, e) + DNS__LDNS__Key key; + uint32_t e; + ALIAS: + set_expiration = 1 + +uint32_t +ldns_key_expiration(key) + DNS__LDNS__Key key; + ALIAS: + expiration = 1 + +void +ldns_key_set_pubkey_owner(key, r) + DNS__LDNS__Key key; + DNS__LDNS__RData r; + ALIAS: + _set_pubkey_owner = 1 + +DNS__LDNS__RData +ldns_key_pubkey_owner(key) + DNS__LDNS__Key key; + ALIAS: + _pubkey_owner = 1 + +void +ldns_key_set_keytag(key, tag) + DNS__LDNS__Key key; + uint16_t tag; + ALIAS: + set_keytag = 1 + +uint16_t +ldns_key_keytag(key) + DNS__LDNS__Key key; + ALIAS: + keytag = 1 + +void +ldns_key_set_use(key, v) + DNS__LDNS__Key key; + signed char v; + ALIAS: + set_use = 1 + +signed char +ldns_key_use(key) + DNS__LDNS__Key key; + ALIAS: + use = 1 + +char * +ldns_key_get_file_base_name(key) + DNS__LDNS__Key key; + ALIAS: + get_file_base_name = 1 + +DNS__LDNS__RR +ldns_key2rr(key) + DNS__LDNS__Key key; + ALIAS: + to_rr = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::KeyList + +DNS__LDNS__KeyList +ldns_key_list_new() + ALIAS: + _new = 1 + +void +ldns_key_list_set_use(keys, v) + DNS__LDNS__KeyList keys; + bool v; + ALIAS: + set_use = 1 + +DNS__LDNS__Key +ldns_key_list_pop_key(keylist) + DNS__LDNS__KeyList keylist; + ALIAS: + pop = 1 + +void +ldns_key_list_push_key(keylist, key) + DNS__LDNS__KeyList keylist; + DNS__LDNS__Key key; + ALIAS: + _push = 1 + +size_t +ldns_key_list_key_count(keylist) + DNS__LDNS__KeyList keylist; + ALIAS: + count = 1 + +DNS__LDNS__Key +ldns_key_list_key(keylist, nr) + DNS__LDNS__KeyList keylist; + size_t nr; + ALIAS: + _key = 1 + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::DNSSecDataChain + +DNS__LDNS__DNSSecDataChain +ldns_dnssec_data_chain_new() + ALIAS: + _new = 1 + +void +print(chain, fp) + DNS__LDNS__DNSSecDataChain chain; + FILE* fp; + CODE: + ldns_dnssec_data_chain_print(fp, chain); + +DNS__LDNS__DNSSecTrustTree +ldns_dnssec_derive_trust_tree(chain, rr) + DNS__LDNS__DNSSecDataChain chain; + DNS__LDNS__RR rr; + ALIAS: + _derive_trust_tree = 1 + +DNS__LDNS__DNSSecTrustTree +ldns_dnssec_derive_trust_tree_time(chain, rr, check_time) + DNS__LDNS__DNSSecDataChain chain; + DNS__LDNS__RR rr; + time_t check_time; + ALIAS: + _derive_trust_tree_time = 1 + +DNS__LDNS__RRList +_rrset(chain) + DNS__LDNS__DNSSecDataChain chain; + CODE: + RETVAL = chain->rrset; + OUTPUT: + RETVAL + +DNS__LDNS__RRList +_signatures(chain) + DNS__LDNS__DNSSecDataChain chain; + CODE: + RETVAL = chain->signatures; + OUTPUT: + RETVAL + +LDNS_RR_Type +parent_type(chain) + DNS__LDNS__DNSSecDataChain chain; + CODE: + RETVAL = chain->parent_type; + OUTPUT: + RETVAL + +DNS__LDNS__DNSSecDataChain +_parent(chain) + DNS__LDNS__DNSSecDataChain chain; + CODE: + RETVAL = chain->parent; + OUTPUT: + RETVAL + +LDNS_Pkt_Rcode +packet_rcode(chain) + DNS__LDNS__DNSSecDataChain chain; + CODE: + RETVAL = chain->packet_rcode; + OUTPUT: + RETVAL + +LDNS_RR_Type +packet_qtype(chain) + DNS__LDNS__DNSSecDataChain chain; + CODE: + RETVAL = chain->packet_qtype; + OUTPUT: + RETVAL + +signed char +packet_nodata(chain) + DNS__LDNS__DNSSecDataChain chain; + CODE: + RETVAL = chain->packet_nodata; + OUTPUT: + RETVAL + + +MODULE = DNS::LDNS PACKAGE = DNS::LDNS::DNSSecTrustTree + +DNS__LDNS__DNSSecTrustTree +ldns_dnssec_trust_tree_new() + ALIAS: + _new = 1 + +void +print(tree, fp, tabs, extended) + DNS__LDNS__DNSSecTrustTree tree; + FILE* fp; + size_t tabs; + bool extended; + CODE: + ldns_dnssec_trust_tree_print(fp, tree, tabs, extended); + +size_t +ldns_dnssec_trust_tree_depth(tree) + DNS__LDNS__DNSSecTrustTree tree; + ALIAS: + depth = 1 + +LDNS_Status +ldns_dnssec_trust_tree_add_parent(tree, parent, signature, parent_status) + DNS__LDNS__DNSSecTrustTree tree; + DNS__LDNS__DNSSecTrustTree parent; + DNS__LDNS__RR signature; + LDNS_Status parent_status; + ALIAS: + _add_parent = 1 + +LDNS_Status +ldns_dnssec_trust_tree_contains_keys(tree, trusted_keys) + DNS__LDNS__DNSSecTrustTree tree; + DNS__LDNS__RRList trusted_keys; + ALIAS: + _contains_keys = 1 + +DNS__LDNS__RR +_rr(tree) + DNS__LDNS__DNSSecTrustTree tree; + CODE: + RETVAL = tree->rr; + OUTPUT: + RETVAL + +DNS__LDNS__RRList +_rrset(tree) + DNS__LDNS__DNSSecTrustTree tree; + CODE: + RETVAL = tree->rrset; + OUTPUT: + RETVAL + +DNS__LDNS__DNSSecTrustTree +_parent(tree, i) + DNS__LDNS__DNSSecTrustTree tree; + size_t i; + CODE: + RETVAL = tree->parents[i]; + OUTPUT: + RETVAL + +LDNS_Status +_parent_status(tree, i) + DNS__LDNS__DNSSecTrustTree tree; + size_t i; + CODE: + RETVAL = tree->parent_status[i]; + OUTPUT: + RETVAL + +DNS__LDNS__RR +_parent_signature(tree, i) + DNS__LDNS__DNSSecTrustTree tree; + size_t i; + CODE: + RETVAL = tree->parent_signature[i]; + OUTPUT: + RETVAL + +size_t +parent_count(tree) + DNS__LDNS__DNSSecTrustTree tree; + CODE: + RETVAL = tree->parent_count; + OUTPUT: + RETVAL diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/MANIFEST b/zonemaster-ldns/ldns/contrib/DNS-LDNS/MANIFEST new file mode 100644 index 0000000..7cfbae9 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/MANIFEST @@ -0,0 +1,38 @@ +Changes +constants.PL +dist.ini +LDNS.xs +lib/DNS/LDNS.pm +lib/DNS/LDNS/DNSSecDataChain.pm +lib/DNS/LDNS/DNSSecName.pm +lib/DNS/LDNS/DNSSecRRs.pm +lib/DNS/LDNS/DNSSecRRSets.pm +lib/DNS/LDNS/DNSSecTrustTree.pm +lib/DNS/LDNS/DNSSecZone.pm +lib/DNS/LDNS/GC.pm +lib/DNS/LDNS/Key.pm +lib/DNS/LDNS/KeyList.pm +lib/DNS/LDNS/Packet.pm +lib/DNS/LDNS/RBNode.pm +lib/DNS/LDNS/RBTree.pm +lib/DNS/LDNS/RData.pm +lib/DNS/LDNS/Resolver.pm +lib/DNS/LDNS/RR.pm +lib/DNS/LDNS/RRList.pm +lib/DNS/LDNS/Zone.pm +MANIFEST +ppport.h +README +t/dnssec_datachain.t +t/dnssec_zone.t +t/key.t +t/DNS-LDNS.t +t/rdata.t +t/resolver.t +t/rr.t +t/rrlist.t +t/testdata/key.private +t/testdata/myzone.org +t/testdata/resolv.conf +t/zone.t +typemap diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/README b/zonemaster-ldns/ldns/contrib/DNS-LDNS/README new file mode 100644 index 0000000..035d08b --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/README @@ -0,0 +1,36 @@ +DNS::LDNS version 0.61 +====================== + +DESCRIPTION + +DNS::LDNS is a perl OO-wrapper for the ldns library. For a detailed +description on how this library works, you are advised to read the ldns +documentation. For a functional description of the wrapper classes, +please read the perldoc for DNS::LDNS and subclasses. + +INSTALLATION + +To install this module type the following: + + perl Makefile.PL + make + make test + make install + +DEPENDENCIES + +This module requires these other modules and libraries: + + ldns + +AUTHOR + +Erik Pihl Ostlyngen, erik.ostlyngen@uninett.no + +COPYRIGHT AND LICENCE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.8.8 or, +at your option, any later version of Perl 5 you may have available. diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/constants.PL b/zonemaster-ldns/ldns/contrib/DNS-LDNS/constants.PL new file mode 100644 index 0000000..78885aa --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/constants.PL @@ -0,0 +1,280 @@ +use ExtUtils::Constant; + +# If you edit these definitions to change the constants used by this module, +# you will need to use the generated const-c.inc and const-xs.inc +# files to replace their "fallback" counterparts before distributing your +# changes. +my @names = (qw(LDNS_AA LDNS_AD LDNS_CD LDNS_DEFAULT_EXP_TIME + LDNS_DEFAULT_TTL LDNS_DNSSEC_KEYPROTO LDNS_IP4ADDRLEN + LDNS_IP6ADDRLEN LDNS_KEY_REVOKE_KEY LDNS_KEY_SEP_KEY + LDNS_KEY_ZONE_KEY LDNS_MAX_DOMAINLEN LDNS_MAX_KEYLEN + LDNS_MAX_LABELLEN LDNS_MAX_PACKETLEN LDNS_MAX_POINTERS + LDNS_MAX_RDFLEN LDNS_NSEC3_MAX_ITERATIONS + LDNS_NSEC3_VARS_OPTOUT_MASK LDNS_PORT LDNS_QR LDNS_RA LDNS_RD + LDNS_RDATA_FIELD_DESCRIPTORS_COMMON LDNS_RDF_SIZE_16BYTES + LDNS_RDF_SIZE_6BYTES LDNS_RDF_SIZE_BYTE + LDNS_RDF_SIZE_DOUBLEWORD LDNS_RDF_SIZE_WORD LDNS_RESOLV_ANCHOR + LDNS_RESOLV_DEFDOMAIN LDNS_RESOLV_INET LDNS_RESOLV_INET6 + LDNS_RESOLV_INETANY LDNS_RESOLV_KEYWORD LDNS_RESOLV_KEYWORDS + LDNS_RESOLV_NAMESERVER LDNS_RESOLV_OPTIONS LDNS_RESOLV_RTT_INF + LDNS_RESOLV_RTT_MIN LDNS_RESOLV_SEARCH LDNS_RESOLV_SORTLIST + LDNS_RR_OVERHEAD LDNS_SIGNATURE_LEAVE_ADD_NEW + LDNS_SIGNATURE_LEAVE_NO_ADD LDNS_SIGNATURE_REMOVE_ADD_NEW + LDNS_SIGNATURE_REMOVE_NO_ADD LDNS_TC), + {name=>"LDNS_CERT_ACPKIX", macro=>"1"}, + {name=>"LDNS_CERT_IACPKIX", macro=>"1"}, + {name=>"LDNS_CERT_IPGP", macro=>"1"}, + {name=>"LDNS_CERT_IPKIX", macro=>"1"}, + {name=>"LDNS_CERT_ISPKI", macro=>"1"}, + {name=>"LDNS_CERT_OID", macro=>"1"}, + {name=>"LDNS_CERT_PGP", macro=>"1"}, + {name=>"LDNS_CERT_PKIX", macro=>"1"}, + {name=>"LDNS_CERT_SPKI", macro=>"1"}, + {name=>"LDNS_CERT_URI", macro=>"1"}, + {name=>"LDNS_DH", macro=>"1"}, + {name=>"LDNS_DSA", macro=>"1"}, + {name=>"LDNS_DSA_NSEC3", macro=>"1"}, + {name=>"LDNS_ECC", macro=>"1"}, + {name=>"LDNS_ECC_GOST", macro=>"1"}, + {name=>"LDNS_HASH_GOST", macro=>"1"}, + {name=>"LDNS_PACKET_ANSWER", macro=>"1"}, + {name=>"LDNS_PACKET_IQUERY", macro=>"1"}, + {name=>"LDNS_PACKET_NODATA", macro=>"1"}, + {name=>"LDNS_PACKET_NOTIFY", macro=>"1"}, + {name=>"LDNS_PACKET_NXDOMAIN", macro=>"1"}, + {name=>"LDNS_PACKET_QUERY", macro=>"1"}, + {name=>"LDNS_PACKET_QUESTION", macro=>"1"}, + {name=>"LDNS_PACKET_REFERRAL", macro=>"1"}, + {name=>"LDNS_PACKET_STATUS", macro=>"1"}, + {name=>"LDNS_PACKET_UNKNOWN", macro=>"1"}, + {name=>"LDNS_PACKET_UPDATE", macro=>"1"}, + {name=>"LDNS_PRIVATEDNS", macro=>"1"}, + {name=>"LDNS_PRIVATEOID", macro=>"1"}, + {name=>"LDNS_RCODE_FORMERR", macro=>"1"}, + {name=>"LDNS_RCODE_NOERROR", macro=>"1"}, + {name=>"LDNS_RCODE_NOTAUTH", macro=>"1"}, + {name=>"LDNS_RCODE_NOTIMPL", macro=>"1"}, + {name=>"LDNS_RCODE_NOTZONE", macro=>"1"}, + {name=>"LDNS_RCODE_NXDOMAIN", macro=>"1"}, + {name=>"LDNS_RCODE_NXRRSET", macro=>"1"}, + {name=>"LDNS_RCODE_REFUSED", macro=>"1"}, + {name=>"LDNS_RCODE_SERVFAIL", macro=>"1"}, + {name=>"LDNS_RCODE_YXDOMAIN", macro=>"1"}, + {name=>"LDNS_RCODE_YXRRSET", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_A", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_AAAA", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_ALG", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_APL", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_ATMA", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_B32_EXT", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_B64", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_CERT_ALG", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_CLASS", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_DNAME", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_HEX", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_INT16", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_INT16_DATA", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_INT32", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_INT8", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_IPSECKEY", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_LOC", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_NONE", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_NSAP", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_NSEC", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_NSEC3_NEXT_OWNER", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_NSEC3_SALT", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_PERIOD", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_SERVICE", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_STR", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_TIME", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_HIP", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_TSIGTIME", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_TYPE", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_UNKNOWN", macro=>"1"}, + {name=>"LDNS_RDF_TYPE_WKS", macro=>"1"}, + {name=>"LDNS_RR_CLASS_ANY", macro=>"1"}, + {name=>"LDNS_RR_CLASS_CH", macro=>"1"}, + {name=>"LDNS_RR_CLASS_COUNT", macro=>"1"}, + {name=>"LDNS_RR_CLASS_FIRST", macro=>"1"}, + {name=>"LDNS_RR_CLASS_HS", macro=>"1"}, + {name=>"LDNS_RR_CLASS_IN", macro=>"1"}, + {name=>"LDNS_RR_CLASS_LAST", macro=>"1"}, + {name=>"LDNS_RR_CLASS_NONE", macro=>"1"}, + {name=>"LDNS_RR_COMPRESS", macro=>"1"}, + {name=>"LDNS_RR_NO_COMPRESS", macro=>"1"}, + {name=>"LDNS_RR_TYPE_A", macro=>"1"}, + {name=>"LDNS_RR_TYPE_A6", macro=>"1"}, + {name=>"LDNS_RR_TYPE_AAAA", macro=>"1"}, + {name=>"LDNS_RR_TYPE_AFSDB", macro=>"1"}, + {name=>"LDNS_RR_TYPE_ANY", macro=>"1"}, + {name=>"LDNS_RR_TYPE_APL", macro=>"1"}, + {name=>"LDNS_RR_TYPE_ATMA", macro=>"1"}, + {name=>"LDNS_RR_TYPE_AXFR", macro=>"1"}, + {name=>"LDNS_RR_TYPE_CERT", macro=>"1"}, + {name=>"LDNS_RR_TYPE_CNAME", macro=>"1"}, + {name=>"LDNS_RR_TYPE_COUNT", macro=>"1"}, + {name=>"LDNS_RR_TYPE_DHCID", macro=>"1"}, + {name=>"LDNS_RR_TYPE_DLV", macro=>"1"}, + {name=>"LDNS_RR_TYPE_DNAME", macro=>"1"}, + {name=>"LDNS_RR_TYPE_DNSKEY", macro=>"1"}, + {name=>"LDNS_RR_TYPE_DS", macro=>"1"}, + {name=>"LDNS_RR_TYPE_EID", macro=>"1"}, + {name=>"LDNS_RR_TYPE_FIRST", macro=>"1"}, + {name=>"LDNS_RR_TYPE_GID", macro=>"1"}, + {name=>"LDNS_RR_TYPE_GPOS", macro=>"1"}, + {name=>"LDNS_RR_TYPE_HINFO", macro=>"1"}, + {name=>"LDNS_RR_TYPE_IPSECKEY", macro=>"1"}, + {name=>"LDNS_RR_TYPE_ISDN", macro=>"1"}, + {name=>"LDNS_RR_TYPE_IXFR", macro=>"1"}, + {name=>"LDNS_RR_TYPE_KEY", macro=>"1"}, + {name=>"LDNS_RR_TYPE_KX", macro=>"1"}, + {name=>"LDNS_RR_TYPE_LAST", macro=>"1"}, + {name=>"LDNS_RR_TYPE_LOC", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MAILA", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MAILB", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MB", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MD", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MF", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MG", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MINFO", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MR", macro=>"1"}, + {name=>"LDNS_RR_TYPE_MX", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NAPTR", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NIMLOC", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NS", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NSAP", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NSAP_PTR", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NSEC", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NSEC3", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NSEC3PARAM", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NSEC3PARAMS", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NULL", macro=>"1"}, + {name=>"LDNS_RR_TYPE_NXT", macro=>"1"}, + {name=>"LDNS_RR_TYPE_OPT", macro=>"1"}, + {name=>"LDNS_RR_TYPE_PTR", macro=>"1"}, + {name=>"LDNS_RR_TYPE_PX", macro=>"1"}, + {name=>"LDNS_RR_TYPE_RP", macro=>"1"}, + {name=>"LDNS_RR_TYPE_RRSIG", macro=>"1"}, + {name=>"LDNS_RR_TYPE_RT", macro=>"1"}, + {name=>"LDNS_RR_TYPE_SIG", macro=>"1"}, + {name=>"LDNS_RR_TYPE_SINK", macro=>"1"}, + {name=>"LDNS_RR_TYPE_SOA", macro=>"1"}, + {name=>"LDNS_RR_TYPE_SPF", macro=>"1"}, + {name=>"LDNS_RR_TYPE_SRV", macro=>"1"}, + {name=>"LDNS_RR_TYPE_SSHFP", macro=>"1"}, + {name=>"LDNS_RR_TYPE_TALINK", macro=>"1"}, + {name=>"LDNS_RR_TYPE_TSIG", macro=>"1"}, + {name=>"LDNS_RR_TYPE_TXT", macro=>"1"}, + {name=>"LDNS_RR_TYPE_UID", macro=>"1"}, + {name=>"LDNS_RR_TYPE_UINFO", macro=>"1"}, + {name=>"LDNS_RR_TYPE_UNSPEC", macro=>"1"}, + {name=>"LDNS_RR_TYPE_WKS", macro=>"1"}, + {name=>"LDNS_RR_TYPE_X25", macro=>"1"}, + {name=>"LDNS_RSAMD5", macro=>"1"}, + {name=>"LDNS_RSASHA1", macro=>"1"}, + {name=>"LDNS_RSASHA1_NSEC3", macro=>"1"}, + {name=>"LDNS_RSASHA256", macro=>"1"}, + {name=>"LDNS_RSASHA512", macro=>"1"}, + {name=>"LDNS_SECTION_ADDITIONAL", macro=>"1"}, + {name=>"LDNS_SECTION_ANSWER", macro=>"1"}, + {name=>"LDNS_SECTION_ANY", macro=>"1"}, + {name=>"LDNS_SECTION_ANY_NOQUESTION", macro=>"1"}, + {name=>"LDNS_SECTION_AUTHORITY", macro=>"1"}, + {name=>"LDNS_SECTION_QUESTION", macro=>"1"}, + {name=>"LDNS_SHA1", macro=>"1"}, + {name=>"LDNS_SHA256", macro=>"1"}, + {name=>"LDNS_SIGN_DSA", macro=>"1"}, + {name=>"LDNS_SIGN_DSA_NSEC3", macro=>"1"}, + {name=>"LDNS_SIGN_ECC_GOST", macro=>"1"}, + {name=>"LDNS_SIGN_HMACSHA1", macro=>"1"}, + {name=>"LDNS_SIGN_HMACSHA256", macro=>"1"}, + {name=>"LDNS_SIGN_RSAMD5", macro=>"1"}, + {name=>"LDNS_SIGN_RSASHA1", macro=>"1"}, + {name=>"LDNS_SIGN_RSASHA1_NSEC3", macro=>"1"}, + {name=>"LDNS_SIGN_RSASHA256", macro=>"1"}, + {name=>"LDNS_SIGN_RSASHA512", macro=>"1"}, + {name=>"LDNS_STATUS_ADDRESS_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_CERT_BAD_ALGORITHM", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_BOGUS", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_NO_DNSKEY", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_NO_DS", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_NO_RRSIG", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_NO_TRUSTED_DS", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_SIG_EXPIRED", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_TSIG_BOGUS", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_TSIG_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_UNKNOWN_ALGO", macro=>"1"}, + {name=>"LDNS_STATUS_CRYPTO_VALIDATED", macro=>"1"}, + {name=>"LDNS_STATUS_DDD_OVERFLOW", macro=>"1"}, + {name=>"LDNS_STATUS_DNSSEC_EXISTENCE_DENIED", macro=>"1"}, + {name=>"LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND", macro=>"1"}, + {name=>"LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED", macro=>"1"}, + {name=>"LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED", macro=>"1"}, + {name=>"LDNS_STATUS_DOMAINNAME_OVERFLOW", macro=>"1"}, + {name=>"LDNS_STATUS_DOMAINNAME_UNDERFLOW", macro=>"1"}, + {name=>"LDNS_STATUS_EMPTY_LABEL", macro=>"1"}, + {name=>"LDNS_STATUS_ENGINE_KEY_NOT_LOADED", macro=>"1"}, + {name=>"LDNS_STATUS_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_FILE_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_INTERNAL_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_B32_EXT", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_B64", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_HEX", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_INT", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_IP4", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_IP6", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_POINTER", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_STR", macro=>"1"}, + {name=>"LDNS_STATUS_INVALID_TIME", macro=>"1"}, + {name=>"LDNS_STATUS_LABEL_OVERFLOW", macro=>"1"}, + {name=>"LDNS_STATUS_MEM_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_MISSING_RDATA_FIELDS_KEY", macro=>"1"}, + {name=>"LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG", macro=>"1"}, + {name=>"LDNS_STATUS_NETWORK_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_NOT_IMPL", macro=>"1"}, + {name=>"LDNS_STATUS_NO_DATA", macro=>"1"}, + {name=>"LDNS_STATUS_NSEC3_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_NULL", macro=>"1"}, + {name=>"LDNS_STATUS_OK", macro=>"1"}, + {name=>"LDNS_STATUS_PACKET_OVERFLOW", macro=>"1"}, + {name=>"LDNS_STATUS_RES_NO_NS", macro=>"1"}, + {name=>"LDNS_STATUS_RES_QUERY", macro=>"1"}, + {name=>"LDNS_STATUS_SOCKET_ERROR", macro=>"1"}, + {name=>"LDNS_STATUS_SSL_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_ALG_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_BAD_ESCAPE", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_CLASS_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_DNAME_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_EMPTY", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_INCLUDE", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_KEYWORD_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_ORIGIN", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_RDATA_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_TTL", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_TTL_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_TYPE_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_SYNTAX_VERSION_ERR", macro=>"1"}, + {name=>"LDNS_STATUS_UNKNOWN_INET", macro=>"1"}, + {name=>"LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL", macro=>"1"}, + {name=>"LDNS_STATUS_WIRE_INCOMPLETE_ANSWER", macro=>"1"}, + {name=>"LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY", macro=>"1"}, + {name=>"LDNS_STATUS_WIRE_INCOMPLETE_HEADER", macro=>"1"}, + {name=>"LDNS_STATUS_WIRE_INCOMPLETE_QUESTION", macro=>"1"}); +ExtUtils::Constant::WriteConstants( + NAME => 'LDNS', + NAMES => \@names, + DEFAULT_TYPE => 'IV', + C_FILE => 'const-c.inc', + XS_FILE => 'const-xs.inc', +); diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/dist.ini b/zonemaster-ldns/ldns/contrib/DNS-LDNS/dist.ini new file mode 100644 index 0000000..553fb86 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/dist.ini @@ -0,0 +1,18 @@ +name = DNS-LDNS +author = Erik Ostlyngen +copyright_holder = UNINETT Norid AS +copyright_year = 2013 +license = None +version = 0.61 + +[AutoPrereqs] +[GatherDir] +[MetaYAML] +[MakeMaker::Awesome] +WriteMakefile_arg = LIBS => ['-lldns'] +footer_file = constants.PL +[CheckLib] +lib = ldns +header = ldns/ldns.h +[License] +[PruneCruft] diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS.pm new file mode 100644 index 0000000..5f01849 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS.pm @@ -0,0 +1,1298 @@ +package DNS::LDNS; + +use 5.014002; +use strict; +use warnings; +use Carp; + +require Exporter; +use AutoLoader; + +our @ISA = qw(Exporter); + +# Items to export into callers namespace by default. Note: do not export +# names by default without a very good reason. Use EXPORT_OK instead. +# Do not simply export all your public functions/methods/constants. + +our %EXPORT_TAGS = ( 'all' => [ qw( + LDNS_AA + LDNS_AD + LDNS_CD + LDNS_CERT_ACPKIX + LDNS_CERT_IACPKIX + LDNS_CERT_IPGP + LDNS_CERT_IPKIX + LDNS_CERT_ISPKI + LDNS_CERT_OID + LDNS_CERT_PGP + LDNS_CERT_PKIX + LDNS_CERT_SPKI + LDNS_CERT_URI + LDNS_DEFAULT_EXP_TIME + LDNS_DEFAULT_TTL + LDNS_DH + LDNS_DNSSEC_KEYPROTO + LDNS_DSA + LDNS_DSA_NSEC3 + LDNS_ECC + LDNS_ECC_GOST + LDNS_HASH_GOST + LDNS_IP4ADDRLEN + LDNS_IP6ADDRLEN + LDNS_KEY_REVOKE_KEY + LDNS_KEY_SEP_KEY + LDNS_KEY_ZONE_KEY + LDNS_MAX_DOMAINLEN + LDNS_MAX_KEYLEN + LDNS_MAX_LABELLEN + LDNS_MAX_PACKETLEN + LDNS_MAX_POINTERS + LDNS_MAX_RDFLEN + LDNS_NSEC3_MAX_ITERATIONS + LDNS_NSEC3_VARS_OPTOUT_MASK + LDNS_PACKET_ANSWER + LDNS_PACKET_IQUERY + LDNS_PACKET_NODATA + LDNS_PACKET_NOTIFY + LDNS_PACKET_NXDOMAIN + LDNS_PACKET_QUERY + LDNS_PACKET_QUESTION + LDNS_PACKET_REFERRAL + LDNS_PACKET_STATUS + LDNS_PACKET_UNKNOWN + LDNS_PACKET_UPDATE + LDNS_PORT + LDNS_PRIVATEDNS + LDNS_PRIVATEOID + LDNS_QR + LDNS_RA + LDNS_RCODE_FORMERR + LDNS_RCODE_NOERROR + LDNS_RCODE_NOTAUTH + LDNS_RCODE_NOTIMPL + LDNS_RCODE_NOTZONE + LDNS_RCODE_NXDOMAIN + LDNS_RCODE_NXRRSET + LDNS_RCODE_REFUSED + LDNS_RCODE_SERVFAIL + LDNS_RCODE_YXDOMAIN + LDNS_RCODE_YXRRSET + LDNS_RD + LDNS_RDATA_FIELD_DESCRIPTORS_COMMON + LDNS_RDF_SIZE_16BYTES + LDNS_RDF_SIZE_6BYTES + LDNS_RDF_SIZE_BYTE + LDNS_RDF_SIZE_DOUBLEWORD + LDNS_RDF_SIZE_WORD + LDNS_RDF_TYPE_A + LDNS_RDF_TYPE_AAAA + LDNS_RDF_TYPE_ALG + LDNS_RDF_TYPE_APL + LDNS_RDF_TYPE_ATMA + LDNS_RDF_TYPE_B32_EXT + LDNS_RDF_TYPE_B64 + LDNS_RDF_TYPE_CERT_ALG + LDNS_RDF_TYPE_CLASS + LDNS_RDF_TYPE_DNAME + LDNS_RDF_TYPE_HEX + LDNS_RDF_TYPE_INT16 + LDNS_RDF_TYPE_INT16_DATA + LDNS_RDF_TYPE_INT32 + LDNS_RDF_TYPE_INT8 + LDNS_RDF_TYPE_IPSECKEY + LDNS_RDF_TYPE_LOC + LDNS_RDF_TYPE_NONE + LDNS_RDF_TYPE_NSAP + LDNS_RDF_TYPE_NSEC + LDNS_RDF_TYPE_NSEC3_NEXT_OWNER + LDNS_RDF_TYPE_NSEC3_SALT + LDNS_RDF_TYPE_PERIOD + LDNS_RDF_TYPE_SERVICE + LDNS_RDF_TYPE_STR + LDNS_RDF_TYPE_TIME + LDNS_RDF_TYPE_HIP + LDNS_RDF_TYPE_TSIGTIME + LDNS_RDF_TYPE_TYPE + LDNS_RDF_TYPE_UNKNOWN + LDNS_RDF_TYPE_WKS + LDNS_RESOLV_ANCHOR + LDNS_RESOLV_DEFDOMAIN + LDNS_RESOLV_INET + LDNS_RESOLV_INET6 + LDNS_RESOLV_INETANY + LDNS_RESOLV_KEYWORD + LDNS_RESOLV_KEYWORDS + LDNS_RESOLV_NAMESERVER + LDNS_RESOLV_OPTIONS + LDNS_RESOLV_RTT_INF + LDNS_RESOLV_RTT_MIN + LDNS_RESOLV_SEARCH + LDNS_RESOLV_SORTLIST + LDNS_RR_CLASS_ANY + LDNS_RR_CLASS_CH + LDNS_RR_CLASS_COUNT + LDNS_RR_CLASS_FIRST + LDNS_RR_CLASS_HS + LDNS_RR_CLASS_IN + LDNS_RR_CLASS_LAST + LDNS_RR_CLASS_NONE + LDNS_RR_COMPRESS + LDNS_RR_NO_COMPRESS + LDNS_RR_OVERHEAD + LDNS_RR_TYPE_A + LDNS_RR_TYPE_A6 + LDNS_RR_TYPE_AAAA + LDNS_RR_TYPE_AFSDB + LDNS_RR_TYPE_ANY + LDNS_RR_TYPE_APL + LDNS_RR_TYPE_ATMA + LDNS_RR_TYPE_AXFR + LDNS_RR_TYPE_CERT + LDNS_RR_TYPE_CNAME + LDNS_RR_TYPE_COUNT + LDNS_RR_TYPE_DHCID + LDNS_RR_TYPE_DLV + LDNS_RR_TYPE_DNAME + LDNS_RR_TYPE_DNSKEY + LDNS_RR_TYPE_DS + LDNS_RR_TYPE_EID + LDNS_RR_TYPE_FIRST + LDNS_RR_TYPE_GID + LDNS_RR_TYPE_GPOS + LDNS_RR_TYPE_HINFO + LDNS_RR_TYPE_IPSECKEY + LDNS_RR_TYPE_ISDN + LDNS_RR_TYPE_IXFR + LDNS_RR_TYPE_KEY + LDNS_RR_TYPE_KX + LDNS_RR_TYPE_LAST + LDNS_RR_TYPE_LOC + LDNS_RR_TYPE_MAILA + LDNS_RR_TYPE_MAILB + LDNS_RR_TYPE_MB + LDNS_RR_TYPE_MD + LDNS_RR_TYPE_MF + LDNS_RR_TYPE_MG + LDNS_RR_TYPE_MINFO + LDNS_RR_TYPE_MR + LDNS_RR_TYPE_MX + LDNS_RR_TYPE_NAPTR + LDNS_RR_TYPE_NIMLOC + LDNS_RR_TYPE_NS + LDNS_RR_TYPE_NSAP + LDNS_RR_TYPE_NSAP_PTR + LDNS_RR_TYPE_NSEC + LDNS_RR_TYPE_NSEC3 + LDNS_RR_TYPE_NSEC3PARAM + LDNS_RR_TYPE_NSEC3PARAMS + LDNS_RR_TYPE_NULL + LDNS_RR_TYPE_NXT + LDNS_RR_TYPE_OPT + LDNS_RR_TYPE_PTR + LDNS_RR_TYPE_PX + LDNS_RR_TYPE_RP + LDNS_RR_TYPE_RRSIG + LDNS_RR_TYPE_RT + LDNS_RR_TYPE_SIG + LDNS_RR_TYPE_SINK + LDNS_RR_TYPE_SOA + LDNS_RR_TYPE_SPF + LDNS_RR_TYPE_SRV + LDNS_RR_TYPE_SSHFP + LDNS_RR_TYPE_TALINK + LDNS_RR_TYPE_TSIG + LDNS_RR_TYPE_TXT + LDNS_RR_TYPE_UID + LDNS_RR_TYPE_UINFO + LDNS_RR_TYPE_UNSPEC + LDNS_RR_TYPE_WKS + LDNS_RR_TYPE_X25 + LDNS_RSAMD5 + LDNS_RSASHA1 + LDNS_RSASHA1_NSEC3 + LDNS_RSASHA256 + LDNS_RSASHA512 + LDNS_SECTION_ADDITIONAL + LDNS_SECTION_ANSWER + LDNS_SECTION_ANY + LDNS_SECTION_ANY_NOQUESTION + LDNS_SECTION_AUTHORITY + LDNS_SECTION_QUESTION + LDNS_SHA1 + LDNS_SHA256 + LDNS_SIGNATURE_LEAVE_ADD_NEW + LDNS_SIGNATURE_LEAVE_NO_ADD + LDNS_SIGNATURE_REMOVE_ADD_NEW + LDNS_SIGNATURE_REMOVE_NO_ADD + LDNS_SIGN_DSA + LDNS_SIGN_DSA_NSEC3 + LDNS_SIGN_ECC_GOST + LDNS_SIGN_HMACSHA1 + LDNS_SIGN_HMACSHA256 + LDNS_SIGN_RSAMD5 + LDNS_SIGN_RSASHA1 + LDNS_SIGN_RSASHA1_NSEC3 + LDNS_SIGN_RSASHA256 + LDNS_SIGN_RSASHA512 + LDNS_STATUS_ADDRESS_ERR + LDNS_STATUS_CERT_BAD_ALGORITHM + LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL + LDNS_STATUS_CRYPTO_BOGUS + LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION + LDNS_STATUS_CRYPTO_NO_DNSKEY + LDNS_STATUS_CRYPTO_NO_DS + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY + LDNS_STATUS_CRYPTO_NO_RRSIG + LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY + LDNS_STATUS_CRYPTO_NO_TRUSTED_DS + LDNS_STATUS_CRYPTO_SIG_EXPIRED + LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED + LDNS_STATUS_CRYPTO_TSIG_BOGUS + LDNS_STATUS_CRYPTO_TSIG_ERR + LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR + LDNS_STATUS_CRYPTO_UNKNOWN_ALGO + LDNS_STATUS_CRYPTO_VALIDATED + LDNS_STATUS_DDD_OVERFLOW + LDNS_STATUS_DNSSEC_EXISTENCE_DENIED + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND + LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED + LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED + LDNS_STATUS_DOMAINNAME_OVERFLOW + LDNS_STATUS_DOMAINNAME_UNDERFLOW + LDNS_STATUS_EMPTY_LABEL + LDNS_STATUS_ENGINE_KEY_NOT_LOADED + LDNS_STATUS_ERR + LDNS_STATUS_FILE_ERR + LDNS_STATUS_INTERNAL_ERR + LDNS_STATUS_INVALID_B32_EXT + LDNS_STATUS_INVALID_B64 + LDNS_STATUS_INVALID_HEX + LDNS_STATUS_INVALID_INT + LDNS_STATUS_INVALID_IP4 + LDNS_STATUS_INVALID_IP6 + LDNS_STATUS_INVALID_POINTER + LDNS_STATUS_INVALID_STR + LDNS_STATUS_INVALID_TIME + LDNS_STATUS_LABEL_OVERFLOW + LDNS_STATUS_MEM_ERR + LDNS_STATUS_MISSING_RDATA_FIELDS_KEY + LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG + LDNS_STATUS_NETWORK_ERR + LDNS_STATUS_NOT_IMPL + LDNS_STATUS_NO_DATA + LDNS_STATUS_NSEC3_ERR + LDNS_STATUS_NULL + LDNS_STATUS_OK + LDNS_STATUS_PACKET_OVERFLOW + LDNS_STATUS_RES_NO_NS + LDNS_STATUS_RES_QUERY + LDNS_STATUS_SOCKET_ERROR + LDNS_STATUS_SSL_ERR + LDNS_STATUS_SYNTAX_ALG_ERR + LDNS_STATUS_SYNTAX_BAD_ESCAPE + LDNS_STATUS_SYNTAX_CLASS_ERR + LDNS_STATUS_SYNTAX_DNAME_ERR + LDNS_STATUS_SYNTAX_EMPTY + LDNS_STATUS_SYNTAX_ERR + LDNS_STATUS_SYNTAX_INCLUDE + LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL + LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW + LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW + LDNS_STATUS_SYNTAX_KEYWORD_ERR + LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR + LDNS_STATUS_SYNTAX_ORIGIN + LDNS_STATUS_SYNTAX_RDATA_ERR + LDNS_STATUS_SYNTAX_TTL + LDNS_STATUS_SYNTAX_TTL_ERR + LDNS_STATUS_SYNTAX_TYPE_ERR + LDNS_STATUS_SYNTAX_VERSION_ERR + LDNS_STATUS_UNKNOWN_INET + LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL + LDNS_STATUS_WIRE_INCOMPLETE_ANSWER + LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY + LDNS_STATUS_WIRE_INCOMPLETE_HEADER + LDNS_STATUS_WIRE_INCOMPLETE_QUESTION + LDNS_TC + + dnssec_create_nsec + dnssec_create_nsec3 + create_nsec + create_nsec3 + + rr_type2str + rr_class2str + rr_type_by_name + rr_class_by_name + pkt_opcode2str + pkt_rcode2str + + errorstr_by_id + signing_algorithm_by_name + key_algorithm_supported + read_anchor_file +) ] ); + +our @EXPORT_OK = ( @{ $EXPORT_TAGS{'all'} } ); + +our @EXPORT = qw( + LDNS_AA + LDNS_AD + LDNS_CD + LDNS_CERT_ACPKIX + LDNS_CERT_IACPKIX + LDNS_CERT_IPGP + LDNS_CERT_IPKIX + LDNS_CERT_ISPKI + LDNS_CERT_OID + LDNS_CERT_PGP + LDNS_CERT_PKIX + LDNS_CERT_SPKI + LDNS_CERT_URI + LDNS_DEFAULT_EXP_TIME + LDNS_DEFAULT_TTL + LDNS_DH + LDNS_DNSSEC_KEYPROTO + LDNS_DSA + LDNS_DSA_NSEC3 + LDNS_ECC + LDNS_ECC_GOST + LDNS_HASH_GOST + LDNS_IP4ADDRLEN + LDNS_IP6ADDRLEN + LDNS_KEY_REVOKE_KEY + LDNS_KEY_SEP_KEY + LDNS_KEY_ZONE_KEY + LDNS_MAX_DOMAINLEN + LDNS_MAX_KEYLEN + LDNS_MAX_LABELLEN + LDNS_MAX_PACKETLEN + LDNS_MAX_POINTERS + LDNS_MAX_RDFLEN + LDNS_NSEC3_MAX_ITERATIONS + LDNS_NSEC3_VARS_OPTOUT_MASK + LDNS_PACKET_ANSWER + LDNS_PACKET_IQUERY + LDNS_PACKET_NODATA + LDNS_PACKET_NOTIFY + LDNS_PACKET_NXDOMAIN + LDNS_PACKET_QUERY + LDNS_PACKET_QUESTION + LDNS_PACKET_REFERRAL + LDNS_PACKET_STATUS + LDNS_PACKET_UNKNOWN + LDNS_PACKET_UPDATE + LDNS_PORT + LDNS_PRIVATEDNS + LDNS_PRIVATEOID + LDNS_QR + LDNS_RA + LDNS_RCODE_FORMERR + LDNS_RCODE_NOERROR + LDNS_RCODE_NOTAUTH + LDNS_RCODE_NOTIMPL + LDNS_RCODE_NOTZONE + LDNS_RCODE_NXDOMAIN + LDNS_RCODE_NXRRSET + LDNS_RCODE_REFUSED + LDNS_RCODE_SERVFAIL + LDNS_RCODE_YXDOMAIN + LDNS_RCODE_YXRRSET + LDNS_RD + LDNS_RDATA_FIELD_DESCRIPTORS_COMMON + LDNS_RDF_SIZE_16BYTES + LDNS_RDF_SIZE_6BYTES + LDNS_RDF_SIZE_BYTE + LDNS_RDF_SIZE_DOUBLEWORD + LDNS_RDF_SIZE_WORD + LDNS_RDF_TYPE_A + LDNS_RDF_TYPE_AAAA + LDNS_RDF_TYPE_ALG + LDNS_RDF_TYPE_APL + LDNS_RDF_TYPE_ATMA + LDNS_RDF_TYPE_B32_EXT + LDNS_RDF_TYPE_B64 + LDNS_RDF_TYPE_CERT_ALG + LDNS_RDF_TYPE_CLASS + LDNS_RDF_TYPE_DNAME + LDNS_RDF_TYPE_HEX + LDNS_RDF_TYPE_INT16 + LDNS_RDF_TYPE_INT16_DATA + LDNS_RDF_TYPE_INT32 + LDNS_RDF_TYPE_INT8 + LDNS_RDF_TYPE_IPSECKEY + LDNS_RDF_TYPE_LOC + LDNS_RDF_TYPE_NONE + LDNS_RDF_TYPE_NSAP + LDNS_RDF_TYPE_NSEC + LDNS_RDF_TYPE_NSEC3_NEXT_OWNER + LDNS_RDF_TYPE_NSEC3_SALT + LDNS_RDF_TYPE_PERIOD + LDNS_RDF_TYPE_SERVICE + LDNS_RDF_TYPE_STR + LDNS_RDF_TYPE_TIME + LDNS_RDF_TYPE_HIP + LDNS_RDF_TYPE_TSIGTIME + LDNS_RDF_TYPE_TYPE + LDNS_RDF_TYPE_UNKNOWN + LDNS_RDF_TYPE_WKS + LDNS_RESOLV_ANCHOR + LDNS_RESOLV_DEFDOMAIN + LDNS_RESOLV_INET + LDNS_RESOLV_INET6 + LDNS_RESOLV_INETANY + LDNS_RESOLV_KEYWORD + LDNS_RESOLV_KEYWORDS + LDNS_RESOLV_NAMESERVER + LDNS_RESOLV_OPTIONS + LDNS_RESOLV_RTT_INF + LDNS_RESOLV_RTT_MIN + LDNS_RESOLV_SEARCH + LDNS_RESOLV_SORTLIST + LDNS_RR_CLASS_ANY + LDNS_RR_CLASS_CH + LDNS_RR_CLASS_COUNT + LDNS_RR_CLASS_FIRST + LDNS_RR_CLASS_HS + LDNS_RR_CLASS_IN + LDNS_RR_CLASS_LAST + LDNS_RR_CLASS_NONE + LDNS_RR_COMPRESS + LDNS_RR_NO_COMPRESS + LDNS_RR_OVERHEAD + LDNS_RR_TYPE_A + LDNS_RR_TYPE_A6 + LDNS_RR_TYPE_AAAA + LDNS_RR_TYPE_AFSDB + LDNS_RR_TYPE_ANY + LDNS_RR_TYPE_APL + LDNS_RR_TYPE_ATMA + LDNS_RR_TYPE_AXFR + LDNS_RR_TYPE_CERT + LDNS_RR_TYPE_CNAME + LDNS_RR_TYPE_COUNT + LDNS_RR_TYPE_DHCID + LDNS_RR_TYPE_DLV + LDNS_RR_TYPE_DNAME + LDNS_RR_TYPE_DNSKEY + LDNS_RR_TYPE_DS + LDNS_RR_TYPE_EID + LDNS_RR_TYPE_FIRST + LDNS_RR_TYPE_GID + LDNS_RR_TYPE_GPOS + LDNS_RR_TYPE_HINFO + LDNS_RR_TYPE_IPSECKEY + LDNS_RR_TYPE_ISDN + LDNS_RR_TYPE_IXFR + LDNS_RR_TYPE_KEY + LDNS_RR_TYPE_KX + LDNS_RR_TYPE_LAST + LDNS_RR_TYPE_LOC + LDNS_RR_TYPE_MAILA + LDNS_RR_TYPE_MAILB + LDNS_RR_TYPE_MB + LDNS_RR_TYPE_MD + LDNS_RR_TYPE_MF + LDNS_RR_TYPE_MG + LDNS_RR_TYPE_MINFO + LDNS_RR_TYPE_MR + LDNS_RR_TYPE_MX + LDNS_RR_TYPE_NAPTR + LDNS_RR_TYPE_NIMLOC + LDNS_RR_TYPE_NS + LDNS_RR_TYPE_NSAP + LDNS_RR_TYPE_NSAP_PTR + LDNS_RR_TYPE_NSEC + LDNS_RR_TYPE_NSEC3 + LDNS_RR_TYPE_NSEC3PARAM + LDNS_RR_TYPE_NSEC3PARAMS + LDNS_RR_TYPE_NULL + LDNS_RR_TYPE_NXT + LDNS_RR_TYPE_OPT + LDNS_RR_TYPE_PTR + LDNS_RR_TYPE_PX + LDNS_RR_TYPE_RP + LDNS_RR_TYPE_RRSIG + LDNS_RR_TYPE_RT + LDNS_RR_TYPE_SIG + LDNS_RR_TYPE_SINK + LDNS_RR_TYPE_SOA + LDNS_RR_TYPE_SPF + LDNS_RR_TYPE_SRV + LDNS_RR_TYPE_SSHFP + LDNS_RR_TYPE_TALINK + LDNS_RR_TYPE_TSIG + LDNS_RR_TYPE_TXT + LDNS_RR_TYPE_UID + LDNS_RR_TYPE_UINFO + LDNS_RR_TYPE_UNSPEC + LDNS_RR_TYPE_WKS + LDNS_RR_TYPE_X25 + LDNS_RSAMD5 + LDNS_RSASHA1 + LDNS_RSASHA1_NSEC3 + LDNS_RSASHA256 + LDNS_RSASHA512 + LDNS_SECTION_ADDITIONAL + LDNS_SECTION_ANSWER + LDNS_SECTION_ANY + LDNS_SECTION_ANY_NOQUESTION + LDNS_SECTION_AUTHORITY + LDNS_SECTION_QUESTION + LDNS_SHA1 + LDNS_SHA256 + LDNS_SIGNATURE_LEAVE_ADD_NEW + LDNS_SIGNATURE_LEAVE_NO_ADD + LDNS_SIGNATURE_REMOVE_ADD_NEW + LDNS_SIGNATURE_REMOVE_NO_ADD + LDNS_SIGN_DSA + LDNS_SIGN_DSA_NSEC3 + LDNS_SIGN_ECC_GOST + LDNS_SIGN_HMACSHA1 + LDNS_SIGN_HMACSHA256 + LDNS_SIGN_RSAMD5 + LDNS_SIGN_RSASHA1 + LDNS_SIGN_RSASHA1_NSEC3 + LDNS_SIGN_RSASHA256 + LDNS_SIGN_RSASHA512 + LDNS_STATUS_ADDRESS_ERR + LDNS_STATUS_CERT_BAD_ALGORITHM + LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL + LDNS_STATUS_CRYPTO_BOGUS + LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION + LDNS_STATUS_CRYPTO_NO_DNSKEY + LDNS_STATUS_CRYPTO_NO_DS + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY + LDNS_STATUS_CRYPTO_NO_RRSIG + LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY + LDNS_STATUS_CRYPTO_NO_TRUSTED_DS + LDNS_STATUS_CRYPTO_SIG_EXPIRED + LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED + LDNS_STATUS_CRYPTO_TSIG_BOGUS + LDNS_STATUS_CRYPTO_TSIG_ERR + LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR + LDNS_STATUS_CRYPTO_UNKNOWN_ALGO + LDNS_STATUS_CRYPTO_VALIDATED + LDNS_STATUS_DDD_OVERFLOW + LDNS_STATUS_DNSSEC_EXISTENCE_DENIED + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND + LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED + LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED + LDNS_STATUS_DOMAINNAME_OVERFLOW + LDNS_STATUS_DOMAINNAME_UNDERFLOW + LDNS_STATUS_EMPTY_LABEL + LDNS_STATUS_ENGINE_KEY_NOT_LOADED + LDNS_STATUS_ERR + LDNS_STATUS_FILE_ERR + LDNS_STATUS_INTERNAL_ERR + LDNS_STATUS_INVALID_B32_EXT + LDNS_STATUS_INVALID_B64 + LDNS_STATUS_INVALID_HEX + LDNS_STATUS_INVALID_INT + LDNS_STATUS_INVALID_IP4 + LDNS_STATUS_INVALID_IP6 + LDNS_STATUS_INVALID_POINTER + LDNS_STATUS_INVALID_STR + LDNS_STATUS_INVALID_TIME + LDNS_STATUS_LABEL_OVERFLOW + LDNS_STATUS_MEM_ERR + LDNS_STATUS_MISSING_RDATA_FIELDS_KEY + LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG + LDNS_STATUS_NETWORK_ERR + LDNS_STATUS_NOT_IMPL + LDNS_STATUS_NO_DATA + LDNS_STATUS_NSEC3_ERR + LDNS_STATUS_NULL + LDNS_STATUS_OK + LDNS_STATUS_PACKET_OVERFLOW + LDNS_STATUS_RES_NO_NS + LDNS_STATUS_RES_QUERY + LDNS_STATUS_SOCKET_ERROR + LDNS_STATUS_SSL_ERR + LDNS_STATUS_SYNTAX_ALG_ERR + LDNS_STATUS_SYNTAX_BAD_ESCAPE + LDNS_STATUS_SYNTAX_CLASS_ERR + LDNS_STATUS_SYNTAX_DNAME_ERR + LDNS_STATUS_SYNTAX_EMPTY + LDNS_STATUS_SYNTAX_ERR + LDNS_STATUS_SYNTAX_INCLUDE + LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL + LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW + LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW + LDNS_STATUS_SYNTAX_KEYWORD_ERR + LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR + LDNS_STATUS_SYNTAX_ORIGIN + LDNS_STATUS_SYNTAX_RDATA_ERR + LDNS_STATUS_SYNTAX_TTL + LDNS_STATUS_SYNTAX_TTL_ERR + LDNS_STATUS_SYNTAX_TYPE_ERR + LDNS_STATUS_SYNTAX_VERSION_ERR + LDNS_STATUS_UNKNOWN_INET + LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL + LDNS_STATUS_WIRE_INCOMPLETE_ANSWER + LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY + LDNS_STATUS_WIRE_INCOMPLETE_HEADER + LDNS_STATUS_WIRE_INCOMPLETE_QUESTION + LDNS_TC + + dnssec_create_nsec + dnssec_create_nsec3 + create_nsec + create_nsec3 + + rr_type2str + rr_class2str + pkt_opcode2str + pkt_rcode2str + rr_type_by_name + rr_class_by_name + errorstr_by_id + signing_algorithm_by_name + key_algorithm_supported + read_anchor_file +); + +our $VERSION = '0.61'; + +sub AUTOLOAD { + # This AUTOLOAD is used to 'autoload' constants from the constant() + # XS function. + + my $constname; + our $AUTOLOAD; + ($constname = $AUTOLOAD) =~ s/.*:://; + croak "&DNS::LDNS::constant not defined" if $constname eq 'constant'; + my ($error, $val) = constant($constname); + if ($error) { croak $error; } + { + no strict 'refs'; + # Fixed between 5.005_53 and 5.005_61 +#XXX if ($] >= 5.00561) { +#XXX *$AUTOLOAD = sub () { $val }; +#XXX } +#XXX else { + *$AUTOLOAD = sub { $val }; +#XXX } + } + goto &$AUTOLOAD; +} + +require XSLoader; +XSLoader::load('DNS::LDNS', $VERSION); + +# Preloaded methods go here. + +our $last_status; +our $line_nr; + +sub last_error { + return errorstr_by_id($DNS::LDNS::last_status); +} + +require DNS::LDNS::RR; +require DNS::LDNS::GC; +require DNS::LDNS::RData; +require DNS::LDNS::Zone; +require DNS::LDNS::RRList; +require DNS::LDNS::DNSSecZone; +require DNS::LDNS::DNSSecRRSets; +require DNS::LDNS::DNSSecRRs; +require DNS::LDNS::DNSSecName; +require DNS::LDNS::RBTree; +require DNS::LDNS::RBNode; +require DNS::LDNS::Resolver; +require DNS::LDNS::Packet; +require DNS::LDNS::Key; +require DNS::LDNS::KeyList; +require DNS::LDNS::DNSSecDataChain; +require DNS::LDNS::DNSSecTrustTree; + +# Autoload methods go after =cut, and are processed by the autosplit program. + +1; +__END__ + +=head1 NAME + +DNS::LDNS - Perl extension for the ldns library + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + +=head1 DESCRIPTION + +DNS::LDNS is a perl OO-wrapper for the ldns library. A complete list +of object methods is found in the perldoc for each of the individual +classes. You may also read the documentation of the ldns library +(http://www.nlnetlabs.nl/projects/ldns). + +=head2 Brief examples of usage + + use DNS::LDNS ':all'; + + my $z = new DNS::LDNS::Zone(filename => '/path/to/myzone'); + print DNS::LDNS::last_error; + my $rr = new DNS::LDNS::RR('mylabel 3600 IN A 168.10.10.10'); + print $z->soa->to_string; + my $rrlist = $z->rrs->push($rr); + print $z->to_string; + + my $kl = new DNS::LDNS::KeyList; + $kl->push(new DNS::LDNS::Key(filename => 'key'); + $kl->key(0)->set_pubkey_owner( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone.org')); + my $signedz = $z->sign($kl); + print $signedz->to_string; + + my $r = new DNS::LDNS::Resolver(filename => '/my/resolv.conf'); + my $p = $r->send( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'www.google.com'), + LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN, LDNS_RD); + print $p->answer->to_string; + print $p->authority->to_string; + +=head2 Classes + +A description of the classes included and how they map to the ldns +library structures: + +=over 20 + +=item B + +Base class with static functions and constants + +=item B + +Represents a parsed zonefile (maps to the ldns_zone struct) + +=item B + +Represents a list of RRs. This class is also used to represent an +RRSet if all the dnames and types are equal, (maps to the the +ldns_rr_list struct) + +=item B + +Represents a resource record (RR), (maps to the ldns_rr struct) + +=item B + +Represents an rdata field or a dname in an RR (maps to the ldns_rdf +struct) + +=item B + +Represents a DNS resolver (maps to the ldns_resolver struct) + +=item B + +Represents a DNS package (maps to the ldns_pkt struct) + +=item B + +Represents a DNSSec private key (maps to the ldns_key struct) + +=item B + +Represents a linked list of keys (maps to the ldns_key_list struct) + +=item B + +Represents a zone with dnssec data (maps to the ldns_dnssec_zone +struct) + +=item B + +Represents a tree of DNSSecName nodes (maps to the ldns_rbtree struct) + +=item B + +Represents a node in the RBTree (maps to the ldns_rbnode struct) + +=item B + +Represents a dname in a DNSSecZone and holds a DNSSecRRSets list for +this dname, possibly with signatures (maps to the ldns_dnssec_name +struct) + +=item B + +Represents a linked list of DNSSec RR sets, possibly with signatures +(maps to the ldns_dnssec_rrsets struct) + +=item B + +Represents a linked list of RRs (maps to the ldns_dnssec_rrs struct) + +=item B + +Represents a chain of RR, DNSKEY, and DS data used for building a +dnssec trust tree (maps to the ldns_dnssec_data_chain struct) + +=item B + +Represents a tree of chained trust relationships from a signed RR to a +set of trust anchors (maps to the ldns_dnssec_trust_tree struct). + +=item B + +Garbage collector. Handles ownership dependencies and freeing data +used by the other classes. Used internally only. + +=back + +One thing to note is that some of the classes have a seemingly +overlapping functionality. The Zone and RRList are used to represent +a generic zone. It may contain dnssec data but treats it like any +other dns data and does not have any knowledge of its structure. The +DNSSec* and RB* classes are building blocks for representing a signed +zone in a more structured way. + +=head2 Static functions + + str = rr_type2str(type) + str = rr_class2str(class) + type = rr_type_by_name(str) + class = rr_class_by_name(str) + str = pkt_opcode2str(opcode) + str = pkt_rcode2str(rcode) + error = errorstr_by_id(status) + str = DNS::LDNS::last_error + status = DNS::LDNS::last_status + rr = dnssec_create_nsec(from, to, type) + rr = dnssec_create_nsec3(from, to, algorithm, flags, iterations, salt) + rr = create_nsec(current, next, rrs) + rr = create_nsec3(cur_owner, cur_zone, algorithm, flags, + iterations, salt, empty_nonterminals) + algo = signing_algorithm_by_name(name) + bool = key_algorithm_supported(algorithm) + rr = read_anchor_file(filename) + +=head2 Object references and cloning + +Since some of the objects are found as sub objects within other +objects, it is important to know how the wrapper classes handle +object references, dependencies and cloning. The general rule is that +accessor methods just return a reference to the object while methods +inserting data inserts inserts a clone of the object. Most classes +have a clone method which can be used if a cloned object is what you +really want. + +=head3 Examples + +DNS::LDNS::Zone::rrs returns a reference to the DNS::LDNS::RRList +within the zone, so if you make changes to the RRList you also +changes the Zone object. + +DNS::LDNS::RRList::push(rr) clones the rr, then pushes the cloned rr +to the list. Changing the rr afterwards will not change the list. + +An exception is the Key class which does not have a clone +mechanism. In this case we allow a free Key to be added to only one +KeyList. Adding it to multiple lists will provoke an error. + +The wrapper keeps track of allocated data structures and references. +Whenever data is no longer referred to by a perl object, it will be +freed. + +=head2 ERROR HANDLING + +The purpose for writing this wrapper class has been to be able to +process zone file data with good time performance. Data checking and +error handling is a bit sparse. + +Most constructors will update the DNS::LDNS::last_status variable if +they fail (return undef). Wrapper methods to ldns functions which would +return a status will update the static DNS::LDNS::last_status variable. +Most methods do not return a status and will not reset this variable +even though they succeeds. + +=head2 EXPORT + +None by default. + +=head2 Exportable constants + +=head3 Status + + LDNS_STATUS_ADDRESS_ERR + LDNS_STATUS_CERT_BAD_ALGORITHM + LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL + LDNS_STATUS_CRYPTO_BOGUS + LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION + LDNS_STATUS_CRYPTO_NO_DNSKEY + LDNS_STATUS_CRYPTO_NO_DS + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY + LDNS_STATUS_CRYPTO_NO_RRSIG + LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY + LDNS_STATUS_CRYPTO_NO_TRUSTED_DS + LDNS_STATUS_CRYPTO_SIG_EXPIRED + LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED + LDNS_STATUS_CRYPTO_TSIG_BOGUS + LDNS_STATUS_CRYPTO_TSIG_ERR + LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR + LDNS_STATUS_CRYPTO_UNKNOWN_ALGO + LDNS_STATUS_CRYPTO_VALIDATED + LDNS_STATUS_DDD_OVERFLOW + LDNS_STATUS_DNSSEC_EXISTENCE_DENIED + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND + LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED + LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED + LDNS_STATUS_DOMAINNAME_OVERFLOW + LDNS_STATUS_DOMAINNAME_UNDERFLOW + LDNS_STATUS_EMPTY_LABEL + LDNS_STATUS_ENGINE_KEY_NOT_LOADED + LDNS_STATUS_ERR + LDNS_STATUS_FILE_ERR + LDNS_STATUS_INTERNAL_ERR + LDNS_STATUS_INVALID_B32_EXT + LDNS_STATUS_INVALID_B64 + LDNS_STATUS_INVALID_HEX + LDNS_STATUS_INVALID_INT + LDNS_STATUS_INVALID_IP4 + LDNS_STATUS_INVALID_IP6 + LDNS_STATUS_INVALID_POINTER + LDNS_STATUS_INVALID_STR + LDNS_STATUS_INVALID_TIME + LDNS_STATUS_LABEL_OVERFLOW + LDNS_STATUS_MEM_ERR + LDNS_STATUS_MISSING_RDATA_FIELDS_KEY + LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG + LDNS_STATUS_NETWORK_ERR + LDNS_STATUS_NOT_IMPL + LDNS_STATUS_NO_DATA + LDNS_STATUS_NSEC3_ERR + LDNS_STATUS_NULL + LDNS_STATUS_OK + LDNS_STATUS_PACKET_OVERFLOW + LDNS_STATUS_RES_NO_NS + LDNS_STATUS_RES_QUERY + LDNS_STATUS_SOCKET_ERROR + LDNS_STATUS_SSL_ERR + LDNS_STATUS_SYNTAX_ALG_ERR + LDNS_STATUS_SYNTAX_BAD_ESCAPE + LDNS_STATUS_SYNTAX_CLASS_ERR + LDNS_STATUS_SYNTAX_DNAME_ERR + LDNS_STATUS_SYNTAX_EMPTY + LDNS_STATUS_SYNTAX_ERR + LDNS_STATUS_SYNTAX_INCLUDE + LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL + LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW + LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW + LDNS_STATUS_SYNTAX_KEYWORD_ERR + LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR + LDNS_STATUS_SYNTAX_ORIGIN + LDNS_STATUS_SYNTAX_RDATA_ERR + LDNS_STATUS_SYNTAX_TTL + LDNS_STATUS_SYNTAX_TTL_ERR + LDNS_STATUS_SYNTAX_TYPE_ERR + LDNS_STATUS_SYNTAX_VERSION_ERR + LDNS_STATUS_UNKNOWN_INET + LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL + LDNS_STATUS_WIRE_INCOMPLETE_ANSWER + LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY + LDNS_STATUS_WIRE_INCOMPLETE_HEADER + LDNS_STATUS_WIRE_INCOMPLETE_QUESTION + +=head3 Resolver flags and constants + + LDNS_RESOLV_ANCHOR + LDNS_RESOLV_DEFDOMAIN + LDNS_RESOLV_INET + LDNS_RESOLV_INET6 + LDNS_RESOLV_INETANY + LDNS_RESOLV_KEYWORD + LDNS_RESOLV_KEYWORDS + LDNS_RESOLV_NAMESERVER + LDNS_RESOLV_OPTIONS + LDNS_RESOLV_RTT_INF + LDNS_RESOLV_RTT_MIN + LDNS_RESOLV_SEARCH + LDNS_RESOLV_SORTLIST + +=head3 Resolver query flags + + LDNS_AA + LDNS_AD + LDNS_CD + LDNS_QR + LDNS_RA + LDNS_RD + LDNS_TC + +=head3 Resolver rcodes + + LDNS_RCODE_FORMERR + LDNS_RCODE_NOERROR + LDNS_RCODE_NOTAUTH + LDNS_RCODE_NOTIMPL + LDNS_RCODE_NOTZONE + LDNS_RCODE_NXDOMAIN + LDNS_RCODE_NXRRSET + LDNS_RCODE_REFUSED + LDNS_RCODE_SERVFAIL + LDNS_RCODE_YXDOMAIN + LDNS_RCODE_YXRRSET + +=head3 Packet types + + LDNS_PACKET_ANSWER + LDNS_PACKET_NODATA + LDNS_PACKET_NXDOMAIN + LDNS_PACKET_QUESTION + LDNS_PACKET_REFERRAL + LDNS_PACKET_UNKNOWN + +=head3 Packet opcodes + + LDNS_PACKET_IQUERY + LDNS_PACKET_NOTIFY + LDNS_PACKET_QUERY + LDNS_PACKET_STATUS + LDNS_PACKET_UPDATE + +=head3 Packet sections + + LDNS_SECTION_ADDITIONAL + LDNS_SECTION_ANSWER + LDNS_SECTION_ANY + LDNS_SECTION_ANY_NOQUESTION + LDNS_SECTION_AUTHORITY + LDNS_SECTION_QUESTION + +=head3 DNSSec constants + + LDNS_DEFAULT_EXP_TIME + LDNS_MAX_KEYLEN + LDNS_DNSSEC_KEYPROTO + +=head3 DNSSec sign policies + + LDNS_SIGNATURE_LEAVE_ADD_NEW + LDNS_SIGNATURE_LEAVE_NO_ADD + LDNS_SIGNATURE_REMOVE_ADD_NEW + LDNS_SIGNATURE_REMOVE_NO_ADD + LDNS_NSEC3_MAX_ITERATIONS + +=head3 Key flags + + LDNS_KEY_REVOKE_KEY + LDNS_KEY_SEP_KEY + LDNS_KEY_ZONE_KEY + +=head3 Key algorithms + + LDNS_DH + LDNS_DSA + LDNS_DSA_NSEC3 + LDNS_ECC + LDNS_RSAMD5 + LDNS_RSASHA1 + LDNS_RSASHA1_NSEC3 + LDNS_RSASHA256 + LDNS_RSASHA512 + LDNS_ECC_GOST + LDNS_PRIVATEDNS + LDNS_PRIVATEOID + +=head3 Signing algorithms + + LDNS_SIGN_DSA + LDNS_SIGN_DSA_NSEC3 + LDNS_SIGN_ECC_GOST + LDNS_SIGN_HMACSHA1 + LDNS_SIGN_HMACSHA256 + LDNS_SIGN_RSAMD5 + LDNS_SIGN_RSASHA1 + LDNS_SIGN_RSASHA1_NSEC3 + LDNS_SIGN_RSASHA256 + LDNS_SIGN_RSASHA512 + +=head3 Hashing algorithm + + LDNS_SHA1 + LDNS_SHA256 + LDNS_HASH_GOST + +=head3 Rdata constants + + LDNS_MAX_RDFLEN + LDNS_NSEC3_VARS_OPTOUT_MASK + + LDNS_RDF_SIZE_16BYTES + LDNS_RDF_SIZE_6BYTES + LDNS_RDF_SIZE_BYTE + LDNS_RDF_SIZE_DOUBLEWORD + LDNS_RDF_SIZE_WORD + +=head3 Rdata types + + LDNS_RDF_TYPE_A + LDNS_RDF_TYPE_AAAA + LDNS_RDF_TYPE_ALG + LDNS_RDF_TYPE_APL + LDNS_RDF_TYPE_ATMA + LDNS_RDF_TYPE_B32_EXT + LDNS_RDF_TYPE_B64 + LDNS_RDF_TYPE_CERT_ALG + LDNS_RDF_TYPE_CLASS + LDNS_RDF_TYPE_DNAME + LDNS_RDF_TYPE_HEX + LDNS_RDF_TYPE_INT16 + LDNS_RDF_TYPE_INT16_DATA + LDNS_RDF_TYPE_INT32 + LDNS_RDF_TYPE_INT8 + LDNS_RDF_TYPE_IPSECKEY + LDNS_RDF_TYPE_LOC + LDNS_RDF_TYPE_NONE + LDNS_RDF_TYPE_NSAP + LDNS_RDF_TYPE_NSEC + LDNS_RDF_TYPE_NSEC3_NEXT_OWNER + LDNS_RDF_TYPE_NSEC3_SALT + LDNS_RDF_TYPE_PERIOD + LDNS_RDF_TYPE_SERVICE + LDNS_RDF_TYPE_STR + LDNS_RDF_TYPE_TIME + LDNS_RDF_TYPE_HIP + LDNS_RDF_TYPE_TSIGTIME + LDNS_RDF_TYPE_TYPE + LDNS_RDF_TYPE_UNKNOWN + LDNS_RDF_TYPE_WKS + +=head3 Algorithms used in CERT RRs. + + LDNS_CERT_ACPKIX + LDNS_CERT_IACPKIX + LDNS_CERT_IPGP + LDNS_CERT_IPKIX + LDNS_CERT_ISPKI + LDNS_CERT_OID + LDNS_CERT_PGP + LDNS_CERT_PKIX + LDNS_CERT_SPKI + LDNS_CERT_URI + +=head3 RR compress flag + + LDNS_RR_COMPRESS + LDNS_RR_NO_COMPRESS + +=head3 RR classes + + LDNS_RR_CLASS_ANY + LDNS_RR_CLASS_CH + LDNS_RR_CLASS_COUNT + LDNS_RR_CLASS_FIRST + LDNS_RR_CLASS_HS + LDNS_RR_CLASS_IN + LDNS_RR_CLASS_LAST + LDNS_RR_CLASS_NONE + +=head3 RR types + + LDNS_RR_TYPE_A + LDNS_RR_TYPE_A6 + LDNS_RR_TYPE_AAAA + LDNS_RR_TYPE_AFSDB + LDNS_RR_TYPE_ANY + LDNS_RR_TYPE_APL + LDNS_RR_TYPE_ATMA + LDNS_RR_TYPE_AXFR + LDNS_RR_TYPE_CERT + LDNS_RR_TYPE_CNAME + LDNS_RR_TYPE_COUNT + LDNS_RR_TYPE_DHCID + LDNS_RR_TYPE_DLV + LDNS_RR_TYPE_DNAME + LDNS_RR_TYPE_DNSKEY + LDNS_RR_TYPE_DS + LDNS_RR_TYPE_EID + LDNS_RR_TYPE_FIRST + LDNS_RR_TYPE_GID + LDNS_RR_TYPE_GPOS + LDNS_RR_TYPE_HINFO + LDNS_RR_TYPE_IPSECKEY + LDNS_RR_TYPE_ISDN + LDNS_RR_TYPE_IXFR + LDNS_RR_TYPE_KEY + LDNS_RR_TYPE_KX + LDNS_RR_TYPE_LAST + LDNS_RR_TYPE_LOC + LDNS_RR_TYPE_MAILA + LDNS_RR_TYPE_MAILB + LDNS_RR_TYPE_MB + LDNS_RR_TYPE_MD + LDNS_RR_TYPE_MF + LDNS_RR_TYPE_MG + LDNS_RR_TYPE_MINFO + LDNS_RR_TYPE_MR + LDNS_RR_TYPE_MX + LDNS_RR_TYPE_NAPTR + LDNS_RR_TYPE_NIMLOC + LDNS_RR_TYPE_NS + LDNS_RR_TYPE_NSAP + LDNS_RR_TYPE_NSAP_PTR + LDNS_RR_TYPE_NSEC + LDNS_RR_TYPE_NSEC3 + LDNS_RR_TYPE_NSEC3PARAM + LDNS_RR_TYPE_NSEC3PARAMS + LDNS_RR_TYPE_NULL + LDNS_RR_TYPE_NXT + LDNS_RR_TYPE_OPT + LDNS_RR_TYPE_PTR + LDNS_RR_TYPE_PX + LDNS_RR_TYPE_RP + LDNS_RR_TYPE_RRSIG + LDNS_RR_TYPE_RT + LDNS_RR_TYPE_SIG + LDNS_RR_TYPE_SINK + LDNS_RR_TYPE_SOA + LDNS_RR_TYPE_SPF + LDNS_RR_TYPE_SRV + LDNS_RR_TYPE_SSHFP + LDNS_RR_TYPE_TALINK + LDNS_RR_TYPE_TSIG + LDNS_RR_TYPE_TXT + LDNS_RR_TYPE_UID + LDNS_RR_TYPE_UINFO + LDNS_RR_TYPE_UNSPEC + LDNS_RR_TYPE_WKS + LDNS_RR_TYPE_X25 + +=head3 Various defaults and other constants + + LDNS_DEFAULT_TTL + LDNS_PORT + LDNS_IP4ADDRLEN + LDNS_IP6ADDRLEN + LDNS_MAX_DOMAINLEN + LDNS_MAX_LABELLEN + LDNS_MAX_PACKETLEN + LDNS_MAX_POINTERS + LDNS_RR_OVERHEAD + LDNS_RDATA_FIELD_DESCRIPTORS_COMMON + +=head1 BUGS + +This package is still in the beta stage of development. There no known bugs, +although parts of the code has not yet been very well tested. Bugreports will +be greatly appreciated. + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecDataChain.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecDataChain.pm new file mode 100644 index 0000000..661e0f6 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecDataChain.pm @@ -0,0 +1,87 @@ +package DNS::LDNS::DNSSecDataChain; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +sub rrset { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrset, $self); +} + +sub signatures { + my $self = shift; + return DNS::LDNS::GC::own($self->_signatures, $self); +} + +sub parent { + my $self = shift; + return DNS::LDNS::GC::own($self->_parent, $self); +} + +sub derive_trust_tree { + my ($self, $rr) = @_; + + if (!DNS::LDNS::GC::is_owned($rr) or DNS::LDNS::GC::owner($rr) ne $self) { + die "The rr ($rr) must be in the data chain ($self)"; + } + return DNS::LDNS::GC::own($self->_derive_trust_tree($rr), $self); +} + +sub derive_trust_tree_time { + my ($self, $rr, $checktime) = @_; + + if (!DNS::LDNS::GC::is_owned($rr) or DNS::LDNS::GC::owner($rr) ne $self) { + die "The rr ($rr) must be in the data chain ($self)"; + } + return DNS::LDNS::GC::own( + $self->_derive_trust_tree_time($rr, $checktime), $self); +} + + +1; +__END__ + +=head1 NAME + +DNS::LDNS::DNSSecDataChain - DNSSec data chain element + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + chain = new DNS::LDNS::DNSSecDataChain + chain->print(fp) + chain->derive_trust_tree(rr) + chain->derive_trust_tree_time(rr, checktime) + + # Node attributes + rrset = chain->rrset + rrset = chain->signatures + rrtype = chain->parent_type + pchain = chain->parent + rcode = chain->packet_rcode + rrtype = chain->packet_qtype + bool = chain->packet_nodata + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecName.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecName.pm new file mode 100644 index 0000000..8d94f6e --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecName.pm @@ -0,0 +1,110 @@ +package DNS::LDNS::DNSSecName; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS ':all'; + +our $VERSION = '0.61'; + +sub new { + my $class = shift; + return _new; +} + +sub name { + my $self = shift; + return DNS::LDNS::GC::own($self->_name, $self); +} + +sub set_name { + my ($self, $name) = @_; + + DNS::LDNS::GC::disown(my $old = $self->name); + _set_name($self, my $copy = $name->clone); + DNS::LDNS::GC::own($copy, $self); +} + +sub rrsets { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsets, $self); +} + +sub add_rr { + my ($self, $rr) = @_; + + my $s = _add_rr($self, my $copy = $rr->clone); + DNS::LDNS::GC::own($copy, $self); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub nsec { + my $self = shift; + return DNS::LDNS::GC::own($self->_nsec, $self); +} + +sub set_nsec { + my ($self, $nsec) = @_; + + DNS::LDNS::GC::disown(my $old = $self->nsec); + _set_nsec($self, my $copy = $nsec->clone); + DNS::LDNS::GC::own($copy, $self); +} + +sub hashed_name { + my $self = shift; + return DNS::LDNS::GC::own($self->_hashed_name, $self); +} + +sub nsec_signatures { + my $self = shift; + return DNS::LDNS::GC::own($self->_nsec_signatures, $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::DNSSecName - Dname with rrsets in a dnssec zone + +=head1 SYNOPSIS + + use LDNS ':all' + + my name = new DNS::LDNS::DNSSecName + + rdata = name->name + name->set_name(rdata) + bool = name->is_glue + rrsets = name->rrsets + name->add_rr(rr) + + rr = name->nsec + name->set_nsec(rr) + hash = name->hashed_name + rrs = name->nsec_signatures + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecRRSets.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecRRSets.pm new file mode 100644 index 0000000..1dabd0c --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecRRSets.pm @@ -0,0 +1,85 @@ +package DNS::LDNS::DNSSecRRSets; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +# Note: Since this class does not have a constructor, we can let its child +# objects be owned by the parent. This reduces the recursion depth on +# DESTROY. + +sub rrs { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrs, DNS::LDNS::GC::owner($self)); +} + +sub signatures { + my $self = shift; + return DNS::LDNS::GC::own($self->_signatures, DNS::LDNS::GC::owner($self)); +} + +sub next { + my $self = shift; + return DNS::LDNS::GC::own($self->_next, DNS::LDNS::GC::owner($self)); +} + +sub set_type { + my ($self, $type) = @_; + my $s = _set_type($self, $type); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub add_rr { + my ($self, $rr) = @_; + + my $s = _add_rr($self, my $copy = $rr->clone); + $DNS::LDNS::last_status = $s; + DNS::LDNS::GC::own($copy, $self); + return $s; +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::DNSSecRRSets - Linked list of rrsets in a dnssec zone + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + rrs = rrsets->rrs + rrs = rrsets->signatures + rrsets2 = rrsets->next + rrsets->add_rr(rr) + bool = rrsets->contains_type(rr_type) + rr_type = rrsets->type + rrsets->set_type(rr_type) + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecRRs.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecRRs.pm new file mode 100644 index 0000000..3a6b1ca --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecRRs.pm @@ -0,0 +1,82 @@ +package DNS::LDNS::DNSSecRRs; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +# Note: This class does not have a constructor. Thus, it can not be created +# as an individual object. The data structure of the node is owned +# and freed by the owner of the parent rather than the parent node. This +# is to prevent deep recursion on DESTROY. + +sub to_string { + my $self = shift; + my $ret = ''; + while ($self and $self->rr) { + $ret .= $self->rr->to_string; + $self = $self->next; + } + + return $ret; +} + +sub add_rr { + my ($self, $rr) = @_; + + my $s = _add_rr($self, my $copy = $rr->clone); + DNS::LDNS::GC::own($self, $copy); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub rr { + my $self = shift; + return DNS::LDNS::GC::own($self->_rr, DNS::LDNS::GC::owner($self)); +} + +sub next { + my $self = shift; + return DNS::LDNS::GC::own($self->_next, DNS::LDNS::GC::owner($self)); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::DNSSecRRs - Linked list of rrs in a dnssec zone + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + rrs->to_string + rrs->add_rr(rr) + rr = rrs->rr + rrs2 = rrs->next + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecTrustTree.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecTrustTree.pm new file mode 100644 index 0000000..7e0d443 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecTrustTree.pm @@ -0,0 +1,99 @@ +package DNS::LDNS::DNSSecTrustTree; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +sub add_parent { + my ($self, $parent, $sig, $parent_status) = @_; + + if (DNS::LDNS::GC::is_owned($parent)) { + die "Cannot add to multiple trees."; + } + my $s = _add_parent($self, $parent, $sig, $parent_status); + DNS::LDNS::GC::own($parent, $self); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub contains_keys { + my ($self, $trusted_keys) = @_; + + my $s = _contains_keys($self, $trusted_keys); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub rr { + my $self = shift; + return DNS::LDNS::GC::own($self->_rr, $self); +} + +sub rrset { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrset, $self); +} + +sub parent { + my ($self, $i) = @_; + return DNS::LDNS::GC::own($self->_parent($i), $self); +} + +sub parent_status { + my ($self, $i) = @_; + my $s = _parent_status($self, $i); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub parent_signature { + my ($self, $i) = @_; + return DNS::LDNS::GC::own($self->_parent_signature($i), $self); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::DNSSecTrustTree - Trust tree from signed RR to trust anchors + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + tree = new DNS::LDNS::DNSSecTrustTree + tree->print(fp) + d = tree->depth + status = tree->add_parent(parent, sig, parent_status) + status = tree->contains_keys(trusted_keys) + + # Node attributes + rr = tree->rr; + rrset = tree->rrset + ptree = tree->parent(i) + pstatus = tree->parent_status(i) + rr = tree->parent_signature(i) + count = tree->parent_count + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecZone.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecZone.pm new file mode 100644 index 0000000..15e2b46 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/DNSSecZone.pm @@ -0,0 +1,176 @@ +package DNS::LDNS::DNSSecZone; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS ':all'; + +our $VERSION = '0.61'; + +sub new { + my ($class, %args) = @_; + + my $line_nr; + my $status = &LDNS_STATUS_OK; + my $zone; + my $file; + + if ($args{filename}) { + unless (open FILE, $args{filename}) { + $DNS::LDNS::last_status = &LDNS_STATUS_FILE_ERR; + $DNS::LDNS::line_nr = 0; + return; + } + + $file = \*FILE; + } + elsif ($args{file}) { + $file = $args{file}; + } + + if ($file) { + $zone = _new_from_file($file, + $args{origin}, + $args{ttl} || 0, + $args{class} || 0, + $status, $line_nr); + } + else { + $zone = _new(); + } + + if ($args{filename}) { + close $file; + } + + $DNS::LDNS::last_status = $status; + $DNS::LDNS::line_nr = $line_nr; + if (!defined $zone) { + return; + } + + return $zone; +} + +sub soa { + my $self = shift; + return DNS::LDNS::GC::own($self->_soa, $self); +} + +sub names { + my $self = shift; + return DNS::LDNS::GC::own($self->_names, $self); +} + +sub find_rrset { + my ($self, $name, $type) = @_; + return DNS::LDNS::GC::own($self->_find_rrset($name, $type), $self); +} + +sub add_rr { + my ($self, $rr) = @_; + + # Set a copy of the rr in case it is already owned + my $s = _add_rr($self, my $copy = $rr->clone); + $DNS::LDNS::last_status = $s; + DNS::LDNS::GC::own($copy, $self); + return $s; +} + +sub add_empty_nonterminals { + my $self = shift; + my $s = _add_empty_nonterminals($self); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub mark_glue { + my $self = shift; + my $s = _mark_glue($self); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub sign { + my ($self, $keylist, $policy, $flags) = @_; + my $s = _sign($self, $keylist, $policy, $flags); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub sign_nsec3 { + my ($self, $keylist, $policy, $algorithm, $flags, $iterations, $salt, + $signflags) = @_; + my $s = _sign_nsec3($self, $keylist, $policy, $algorithm, $flags, + $iterations, $salt, $signflags); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub to_string { + return "DNS::LDNS::DNSSecZone::to_string is not yet implemented"; +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::DNSSecZone - Zone with dnssec data + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + my z = new DNS::LDNS::DNSSecZone( + filename => '/path/to/myzone', + origin => new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone'), #optional + ttl => 3600, #optional + class => LDNS_RR_CLASS_, #optional + ) + my z = new DNS::LDNS::DNSSecZone( + file => \*FILE, + origin => ..., ttl => ..., class => ... + ) + my z = new DNS::LDNS::DNSSecZone + + rr = z->soa + rbtree = z->names + rrsets = z->find_rrset + z->add_rr(rr) + z->create_from_zone(zone) + z->add_empty_nonterminals + + z->sign(keylist, policy) + z->sign_nsec3(keylist, policy, algorithm, flags, iterations, salt) + + z->create_nsecs + z->create_nsec3s(algorithm, flags, iterations, salt) + z->create_rrsigs(key_list, policy, flags) + +=head1 TODO + + z->to_string + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/GC.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/GC.pm new file mode 100644 index 0000000..877c15c --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/GC.pm @@ -0,0 +1,122 @@ +package DNS::LDNS::GC; + +use strict; +use warnings; + +our $VERSION = '0.61'; + +my %ref_count; +my %owned_by; + +sub own { + my ($obj, $owner) = @_; + +# print STDERR "Owning $obj -> $owner\n"; + return unless (defined $obj); + + if ($owned_by{$$owner}) { + # If the owner is an owned object, let obj be owned by + # the owners owner. We want to avoid recursive ownerships. + $owner = $owned_by{$$owner}; + } + + if (exists $owned_by{$$obj}) { + $ref_count{$$obj}++; + } + else { + $ref_count{$$obj} = 1; + $owned_by{$$obj} = $owner; + } + return $obj; +} + +# Return true if the object is owned by someone +sub is_owned { + return (exists $owned_by{${$_[0]}}); +} + +sub owner { + return $owned_by{${$_[0]}}; +} + +sub disown { + return unless (defined $_[0]); + delete $owned_by{${$_[0]}}; +} + +my %free_method = ( + 'DNS::LDNS::Zone' => '_zone_deep_free', + 'DNS::LDNS::RRList' => '_rrlist_deep_free', + 'DNS::LDNS::RR' => '_rr_free', + 'DNS::LDNS::RData' => '_rdata_deep_free', + 'DNS::LDNS::DNSSecZone' => '_dnssec_zone_deep_free', + 'DNS::LDNS::DNSSecName' => '_dnssec_name_deep_free', + 'DNS::LDNS::Resolver' => '_resolver_deep_free', + 'DNS::LDNS::Packet' => '_packet_free', + 'DNS::LDNS::Key' => '_key_deep_free', + 'DNS::LDNS::KeyList' => '_keylist_free', + 'DNS::LDNS::DNSSecDataChain' => '_dnssec_datachain', +); + +my %not_deleted_by_owner = ( + 'DNS::LDNS::DNSSecTrustChain' => 1, +); + +sub free { + my $obj = shift; + +# print STDERR "Freeing $obj\n"; + + if (exists $ref_count{$$obj}) { +# print STDERR "Derefing $obj\n"; + $ref_count{$$obj}--; + return if ($ref_count{$$obj} > 0); + } + +# print STDERR "Deleting $obj\n"; + + delete $ref_count{$$obj}; + + if (exists $owned_by{$$obj}) { + delete $owned_by{$$obj}; + return unless ($not_deleted_by_owner{ref $obj}); + } + + my $class = ref $obj; + my $free = $free_method{ref $obj}; + + die "Internal error: No freeing method for $obj (".ref $obj.")" + unless ($free); + + no strict; + &$free($obj); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::GC - Garbage collector, used internally by the DNS::LDNS modules + +=head1 SYNOPSIS + +Garbage collector class for DNS::LDNS objects. + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Key.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Key.pm new file mode 100644 index 0000000..250373c --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Key.pm @@ -0,0 +1,122 @@ +package DNS::LDNS::Key; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS ':all'; + +our $VERSION = '0.61'; + +sub new { + my ($class, %args) = @_; + + my $key; + + if ($args{filename} or $args{file}) { + my $status = &LDNS_STATUS_OK; + my $line_nr = 0; + my $file = $args{file}; + if ($args{filename}) { + unless (open FILE, $args{filename}) { + $DNS::LDNS::last_status = &LDNS_STATUS_FILE_ERR; + return; + } + $file = \*FILE; + } + + $key = _new_from_file($file, $line_nr, $status); + if ($args{filename}) { + close $file; + } + + $DNS::LDNS::last_status = $status; + $DNS::LDNS::line_nr = $line_nr; + if (!defined $key) { + return; + } + } + else { + $key = _new(); + } + + return $key; +} + +sub set_pubkey_owner { + my ($self, $owner) = @_; + my $oldowner = $self->pubkey_owner; + DNS::LDNS::GC::disown(my $old = $self->pubkey_owner); + $self->_set_pubkey_owner($owner); + return DNS::LDNS::GC::own($owner, $self); +} + +sub pubkey_owner { + my $self = shift; + return DNS::LDNS::GC::own($self->_pubkey_owner, $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::Key - DNSSec private key + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + key = new DNS::LDNS::Key + key = new DNS::LDNS::Key(file => \*FILE) + key = new DNS::LDNS::Key(filename => 'keyfile') + + str = key->to_string + key->print(\*OUTPUT) + + key->set_algorithm(alg) + alg = key->algorithm + key->set_flags(flags) + flags = key->flags + key->set_hmac_key(hmac) + hmac = key->hmac_key + key->set_hmac_size(size) + size = key->hmac_size + key->set_origttl(ttl) + ttl = key->origttl + key->set_inception(epoch) + epoch = key->inception + key->set_expiration(epoch) + epoch = key->expiration + key->set_pubkey_owner(rdata) + rdata = key->pubkey_owner + key->set_keytag(tag) + tag = key->keytag + key->set_use(bool) + bool = key->use + + str = key->get_file_base_name + + rr = key->to_rr + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/KeyList.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/KeyList.pm new file mode 100644 index 0000000..e25093a --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/KeyList.pm @@ -0,0 +1,72 @@ +package DNS::LDNS::KeyList; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS ':all'; + +our $VERSION = '0.61'; + +sub new { + my $class = shift; + + return _new(); +} + +sub push { + my ($self, @keys) = @_; + + for my $k (@keys) { + if (DNS::LDNS::GC::is_owned($k)) { + die "Cannot push a key on multiple lists."; + } + $self->_push($k); + DNS::LDNS::GC::own($k, $self); + } +} + +sub key { + my ($self, $index) = @_; + return DNS::LDNS::GC::own($self->_key($index), $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::KeyList - Linked list of dnssec keys + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + my l = new DNS::LDNS::KeyList + l->set_use(bool) + l->push(@keys) + key = l->pop + c = l->count + key = l->key(index) + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Packet.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Packet.pm new file mode 100644 index 0000000..f975eae --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Packet.pm @@ -0,0 +1,259 @@ +package DNS::LDNS::Packet; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +sub new { + my ($class, %args) = @_; + + if ($args{name}) { + return _query_new( + $args{name}, $args{type}, $args{class}, $args{flags}); + } + else { + return _new; + } +} + +sub question { + my $self = shift; + return DNS::LDNS::GC::own($self->_question, $self); +} + +sub set_question { + my ($self, $l) = @_; + DNS::LDNS::GC::disown(my $old = $self->question); + $self->_set_question($l); + return DNS::LDNS::GC::own($l, $self); +} + +sub answer { + my $self = shift; + return DNS::LDNS::GC::own($self->_answer, $self); +} + +sub set_answer { + my ($self, $l) = @_; + DNS::LDNS::GC::disown(my $old = $self->answer); + $self->_set_answer($l); + return DNS::LDNS::GC::own($l, $self); +} + +sub authority { + my $self = shift; + return DNS::LDNS::GC::own($self->_authority, $self); +} + +sub set_authority { + my ($self, $l) = @_; + DNS::LDNS::GC::disown(my $old = $self->authority); + $self->_set_authority($l); + return DNS::LDNS::GC::own($l, $self); +} + +sub additional { + my $self = shift; + return DNS::LDNS::GC::own($self->_additional, $self); +} + +sub set_additional { + my ($self, $l) = @_; + DNS::LDNS::GC::disown(my $old = $self->additional); + $self->_set_additional($l); + return DNS::LDNS::GC::own($l, $self); +} + +sub answerfrom { + my $self = shift; + return DNS::LDNS::GC::own($self->_answerfrom, $self); +} + +sub set_answerfrom { + my ($self, $a) = @_; + DNS::LDNS::GC::disown(my $old = $self->answerfrom); + $self->_set_answerfrom($a); + return DNS::LDNS::GC::own($a, $self); +} + + +sub timestamp { + my $self = shift; + my $t = _timestamp($self); + return wantarray ? @$t : $t; +} + +sub edns_data { + my $self = shift; + return DNS::LDNS::GC::own($self->_edns_data, $self); +} + +sub set_edns_data { + my ($self, $data) = @_; + DNS::LDNS::GC::disown(my $old = $self->edns_data); + $self->_set_edns_data($data); + return DNS::LDNS::GC::own($data, $self); +} + +sub push_rr { + my ($self, $sec, $rr) = @_; + + my $ret = $self->_push_rr($sec, my $copy = $_->clone); + DNS::LDNS::GC::own($copy, $self); + return $ret; +} + +sub safe_push_rr { + my ($self, $sec, $rr) = @_; + + my $ret = $self->_safe_push_rr($sec, my $copy = $_->clone); + if ($ret) { + DNS::LDNS::GC::own($copy, $self); + } + return $ret; +} + +sub tsig { + my $self = shift; + return DNS::LDNS::GC::own($self->_tsig, $self); +} + +sub set_tsig { + my ($self, $rr) = @_; + DNS::LDNS::GC::disown(my $old = $self->tsig); + $self->_set_tsig($rr); + return DNS::LDNS::GC::own($rr, $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::Packet - DNS packet + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + my pkt = new DNS::LDNS::Packet(name => rdata, type => LDNS_RR_TYPE_..., + class => LDNS_RR_CLASS_..., flags => ...) + my pkt = new DNS::LDNS::Packet + + pkt2 = pkt->clone + + pkt->to_string + + rrlist = pkt->question + pkt->set_question(rrlist) +' + rrlist = pkt->answer + pkt->set_answer(rrlist) + + rrlist = pkt->authority + pkt->set_authority(rrlist) + + rrlist = pkt->additional + pkt->set_additional(rrlist) + + rrlist = pkt->all + rrlist = pkt->all_noquestion + + for (qw/qr aa tc rd cd ra ad/) { + bool = pkt->$_ + pkt->set_$_(bool) + } + + id = pkt->id + pkt->set_id(id) + pkt->set_random_id + + count = pkt->qdcount + count = pkt->ancount + count = pkt->nscount + count = pkt->arcount + + opcode = pkt->opcode + pkt->set_opcode(opcode) + + rcode = pkt->rcode # Response code + pkt->set_rcode(rcode) + + size = pkt->size + + epoch = pkt->querytime + pkt->set_querytime(epoch) + + rdata = pkt->answerfrom + pkt->set_answerfrom(rdata) + + (sec, usec) = pkt->timestamp + pkt->set_timestamp(sec, usec) + + bool = pkt->edns + + size = pkt->edns_udp_size + pkt->set_edns_udp_size(size) + + rcode = pkt->edns_extended_rcode + pkt->set_edns_extended_rcode(rcode) + + v = pkt->edns_version + pkt->set_edns_version(v) + + z = pkt->edns_z + pkt->set_edns_z(z) + + do = pkt->edns_do + pkt->set_edns_do(do) + + rdata = pkt->edns_data + pkt->set_edns_data(rdata) + + pkt->set_flags(flags) + + rrlist = pkt->rr_list_by_name(rdata, section) + rrlist = pkt->rr_list_by_type(type, section) + rrlist = pkt->rr_list_by_name_and_type(rdata, type, section) + + bool = pkt->rr(section, rr) # Check if rr exists + + pkt->push_rr(section, rr) + pkt->safe_push_rr(section, rr) + + count = pkt->section_count(section) + bool = pkt->empty + + rr = pkt->tsig + pkt->set_tsig(rr) + + type = pkt->reply_type + + rrlist = pkt->get_rrsigs_for_name_and_type(rdata, rrtype) + rrlist = pkt->get_rrsigs_for_type(rrtype) + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RBNode.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RBNode.pm new file mode 100644 index 0000000..b12547a --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RBNode.pm @@ -0,0 +1,71 @@ +package DNS::LDNS::RBNode; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +# Note: This class does not have a constructor. Thus, it can not be created +# as an individual object. The data structure of the object will always be +# owned and freed by its parent object. + +sub next { + my $self = shift; + return DNS::LDNS::GC::own($self->_next, $self); +} + +sub previous { + my $self = shift; + return DNS::LDNS::GC::own($self->_previous, $self); +} + +sub next_nonglue { + my $self = shift; + return DNS::LDNS::GC::own($self->_next_nonglue, $self); +} + +sub name { + my ($self) = @_; + return DNS::LDNS::GC::own($self->_name, $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::RBNode - Node in the RBTree + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + node2 = node->next + node2 = node->next_nonglue + bool = node->is_null + dnssec_name = node->name + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RBTree.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RBTree.pm new file mode 100644 index 0000000..e6e7619 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RBTree.pm @@ -0,0 +1,59 @@ +package DNS::LDNS::RBTree; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +# Note: Since this class does not have a constructor, we can let its child +# objects be owned by the parent. This reduces the recursion depth on +# DESTROY. + +sub first { + my $self = shift; + return DNS::LDNS::GC::own($self->_first, $self); +} + +sub last { + my $self = shift; + return DNS::LDNS::GC::own($self->_last, $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::RBTree - Tree of DNSSecName nodes + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + rbnode = rbtree->first + rbnode = rbtree->last + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RData.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RData.pm new file mode 100644 index 0000000..8b29aec --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RData.pm @@ -0,0 +1,91 @@ +package DNS::LDNS::RData; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +sub new { + my ($class, $type, $str) = @_; + return _new($type, $str); +} + +sub cat { + my ($self, $other) = @_; + + my $s = _cat($self, $other); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub nsec3_hash_name { + my ($self, $algorithm, $iterations, $salt) = @_; + return DNS::LDNS::GC::own( + $self->_nsec3_hash_name($algorithm, $iterations, $salt), $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::RData - Rdata field or a dname in an rr + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + my rd = new DNS::LDNS::RData(rdf_type, str) + rd2 = rd->clone + + rdf_type = rd->type + rd->set_type(rdf_type) + + rd->print(\*FILE) + str = rd->to_string + + count = rd->label_count + rd2 = rd->label(pos) + + bool = rd->is_wildcard + bool = rd->matches_wildcard(wildcard) + bool = rd->is_subdomain(parent) + + rd2 = rd->left_chop + + status = rd->cat(rd2) + rd->compare(rd2) + rd2 = rd->address_reverse + rd2 = rd->dname_reverse + + rd2 = rd->nsec3_hash_name(name, algorithm, iterations, salt) + + epoch = rd->to_unix_time +( epoch = rd->2native_time_t ) + + rr_type = rd->to_rr_type + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RR.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RR.pm new file mode 100644 index 0000000..95d663c --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RR.pm @@ -0,0 +1,493 @@ +package DNS::LDNS::RR; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS ':all'; + +our $VERSION = '0.61'; + +sub new { + my $class = shift; + + my $rr; + my $status = &LDNS_STATUS_OK; + + if (scalar(@_) == 0) { + $rr = _new; + } + elsif (scalar(@_) == 1) { + $rr = _new_from_str($_[0], 0, + undef, undef, + $status); + } + else { + my %args = @_; + # Perl 5.25 does not allow us to pass read-only undef into a + # parameter changing function. So we must send it with a variable. + my $undef = undef; + + if ($args{str}) { + $rr = _new_from_str($args{str}, + $args{default_ttl} || 0, + $args{origin}, + $args{prev} ? ${$args{prev}} : $undef, + $status); + } + elsif ($args{filename} or $args{file}) { + my $line_nr = 0; + my $file = $args{file}; + if ($args{filename}) { + unless (open FILE, $args{filename}) { + $DNS::LDNS::last_status = &LDNS_STATUS_FILE_ERR; + $DNS::LDNS::line_nr = 0; + return; + } + $file = \*FILE; + } + + my $ttl = 0; + $rr = _new_from_file($file, + $args{default_ttl} ? ${$args{default_ttl}} : $ttl, + $args{origin} ? ${$args{origin}} : $undef, + $args{prev} ? ${$args{prev}} : $undef, + $status, + $line_nr); + if ($args{filename}) { + close $file; + } + + $DNS::LDNS::line_nr = $line_nr; + } + elsif ($args{type}) { + $rr = _new_from_type($args{type}); + if ($args{owner}) { + $rr->set_owner(ref $args{owner} ? $args{owner} : + new DNS::LDNS::RData(&LDNS_RDF_TYPE_DNAME, $args{owner})); + } + $rr->set_ttl($args{ttl}) if ($args{ttl}); + $rr->set_class($args{class}) if ($args{class}); + + if ($args{rdata}) { + if (!$rr->set_rdata(@{$args{rdata}})) { + $DNS::LDNS::last_status = &LDNS_STATUS_SYNTAX_RDATA_ERR; + return; + } + } + } + } + + if (!defined $rr) { + $DNS::LDNS::last_status = $status; + return; + } + return $rr; +} + +sub owner { + my $self = shift; + return DNS::LDNS::GC::own($self->_owner, $self); +} + +sub set_owner { + my ($self, $owner) = @_; + DNS::LDNS::GC::disown(my $old = $self->owner); + $self->_set_owner($owner); + return DNS::LDNS::GC::own($owner, $self); +} + +sub dname { + return $_[0]->owner->to_string; +} + +sub rdata { + my ($self, $index) = @_; + return DNS::LDNS::GC::own($self->_rdata($index), $self); +} + +# replace all existing rdata with new ones. Requires the +# input array to be exactly same length as rd_count +sub set_rdata { + my ($self, @rdata) = @_; + + if (scalar @rdata != $self->rd_count) { + # Hopefully this is a proper error to return here... + $DNS::LDNS::last_status = LDNS_STATUS_SYNTAX_RDATA_ERR; + return; + } + my $i = 0; + for (@rdata) { + my $oldrd = _set_rdata($self, my $copy = $_->clone, $i); + DNS::LDNS::GC::disown(my $old = $oldrd); + DNS::LDNS::GC::own($copy, $self); + $i++; + } + + return 1; +} + +sub push_rdata { + my ($self, @rdata) = @_; + + for (@rdata) { + # Push a copy in case the input rdata are already owned + $self->_push_rdata(my $copy = $_->clone); + DNS::LDNS::GC::own($copy, $self); + } +} + +sub rrsig_typecovered { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_typecovered, $self); +} + +sub rrsig_set_typecovered { + my ($self, $type) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_typecovered); + my $result = $self->_rrsig_set_typecovered(my $copy = $type->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub rrsig_algorithm { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_algorithm, $self); +} + +sub rrsig_set_algorithm { + my ($self, $algo) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_algorithm); + my $result = $self->_rrsig_set_algorithm(my $copy = $algo->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub rrsig_expiration { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_expiration, $self); +} + +sub rrsig_set_expiration { + my ($self, $date) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_expiration); + my $result = $self->_rrsig_set_expiration(my $copy = $date->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub rrsig_inception { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_inception, $self); +} + +sub rrsig_set_inception { + my ($self, $date) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_inception); + my $result = $self->_rrsig_set_inception(my $copy = $date->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub rrsig_keytag { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_keytag, $self); +} + +sub rrsig_set_keytag { + my ($self, $tag) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_keytag); + my $result = $self->_rrsig_set_keytag(my $copy = $tag->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub rrsig_sig { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_sig, $self); +} + +sub rrsig_set_sig { + my ($self, $sig) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_sig); + my $result = $self->_rrsig_set_sig(my $copy = $sig->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub rrsig_labels { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_labels, $self); +} + +sub rrsig_set_labels { + my ($self, $lab) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_labels); + my $result = $self->_rrsig_set_labels(my $copy = $lab->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub rrsig_origttl { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_origttl, $self); +} + +sub rrsig_set_origttl { + my ($self, $ttl) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_origttl); + my $result = $self->_rrsig_set_origttl(my $copy = $ttl->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub rrsig_signame { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrsig_signame, $self); +} + +sub rrsig_set_signame { + my ($self, $name) = shift; + DNS::LDNS::GC::disown(my $old = $self->rrsig_signame); + my $result = $self->_rrsig_set_signame(my $copy = $name->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub dnskey_algorithm { + my $self = shift; + return DNS::LDNS::GC::own($self->_dnskey_algorithm, $self); +} + +sub dnskey_set_algorithm { + my ($self, $algo) = shift; + DNS::LDNS::GC::disown(my $old = $self->dnskey_algorithm); + my $result = $self->_dnskey_set_algorithm(my $copy = $algo->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub dnskey_flags { + my $self = shift; + return DNS::LDNS::GC::own($self->_dnskey_flags, $self); +} + +sub dnskey_set_flags { + my ($self, $flags) = shift; + DNS::LDNS::GC::disown(my $old = $self->flags); + my $result = $self->_dnskey_set_flags(my $copy = $flags->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub dnskey_protocol { + my $self = shift; + return DNS::LDNS::GC::own($self->_dnskey_protocol, $self); +} + +sub dnskey_set_protocol { + my ($self, $proto) = shift; + DNS::LDNS::GC::disown(my $old = $self->dnskey_protocol); + my $result = $self->_dnskey_set_protocol(my $copy = $proto->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub dnskey_key { + my $self = shift; + return DNS::LDNS::GC::own($self->_dnskey_key, $self); +} + +sub dnskey_set_key { + my ($self, $key) = shift; + DNS::LDNS::GC::disown(my $old = $self->dnskey_key); + my $result = $self->_dnskey_set_key(my $copy = $key->clone); + DNS::LDNS::GC::own($copy, $self); + return $result; +} + +sub nsec3_next_owner { + my $self = shift; + return DNS::LDNS::GC::own($self->_nsec3_next_owner, $self); +} + +sub nsec3_bitmap { + my $self = shift; + return DNS::LDNS::GC::own($self->_nsec3_bitmap, $self); +} + +sub nsec3_salt { + my $self = shift; + return DNS::LDNS::GC::own($self->_nsec3_salt, $self); +} + +sub hash_name_from_nsec3 { + my ($self, $name) = @_; + my $hash = $self->_hash_name_from_nsec3($name); + return DNS::LDNS::GC::own($self->_hash_name_from_nsec3($name), $self); +} + +sub verify_denial { + my ($self, $nsecs, $rrsigs) = @_; + my $s = _verify_denial($self, $nsecs, $rrsigs); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub verify_denial_nsec3 { + my ($self, $nsecs, $rrsigs, $packet_rcode, $packet_qtype, + $packet_nodata) = @_; + my $s = _verify_denial_nsec3($self, $nsecs, $rrsigs, $packet_rcode, + $packet_qtype, $packet_nodata); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub verify_denial_nsec3_match { + my ($self, $nsecs, $rrsigs, $packet_rcode, $packet_qtype, + $packet_nodata) = @_; + + my $status; + my $match = _verify_denial_nsec3_match($self, $nsecs, $rrsigs, $packet_rcode, $packet_qtype, $packet_nodata, $status); + $DNS::LDNS::last_status = $status; + if ($status != &LDNS_STATUS_OK) { + return; + } + + # $match is an RR owned by the $nsecs list. + return DNS::LDNS::GC::own($match, $nsecs); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::RR - Resource record + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + my rr = new DNS::LDNS::RR('mylabel 3600 IN A 168.10.10.10') + my rr = new DNS::LDNS::RR( + str => 'mylabel 3600 IN A 168.10.10.10', + default_ttl => 3600, # optional + origin => $origin_rdata, # optional + prev => \$prev_rdata, # optional + ) + my rr = new DNS::LDNS::RR( + filename => '/path/to/rr', + default_ttl => \$ttl, # optional + origin => \$origin_rdata, # optional + prev => \$prev_rdata) # optional + my rr = new DNS::LDNS::RR( + file => \*FILE, + default_ttl => \$ttl, # optional + origin => \$origin_rdata, # optional + prev => \$prev_rdata) # optional + my rr = new DNS::LDNS::RR( + type => LDNS_RR_TYPE_A, + rdata => [new DNS::LDNS::RData(...), new DNS::LDNS::RData(...), ...], + class => LDNS_RR_CLASS_IN, # optional + ttl => 3600, # optional + owner => new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'mylabel'), # optional) + my rr = new DNS::LDNS::RR + + rr2 = rr->clone + + rr->print(\*FILE) + rr->to_string + + ttl = rr->ttl + rr->set_ttl(ttl) + + type = rr->type + rr->set_type(type) + + class = rr->class + rr->set_class(class) + + rdata = rr->owner + rr->set_owner(rdata) + str = rr->dname + + count = rr->rd_count + rdata = rr->rdata(index) + rr->set_rdata(rd1, rd2, rd3, ...) + rr->push_rdata(rd1, rd2, rd3, ...) + rdata = rr->pop_rdata + + rr->compare(rr2) + rr->compare_dname(rr2) + rr->compare_no_rdata(rr2) + rr->compare_ds(rr2) + + hash = rr->hash_name_from_nsec3(dname) + + status = rr->verify_denial(nsecs, rrsigs) + status = rr->verify_denial_nsec3(nsecs, rrsigs, packet_rcode, packet_qtype, packet_nodata) + match = rr->verify_denial_nsec3_match(nsecs, rrsigs, packet_rcode, packet_qtype, packet_nodata) + + rr->nsec3_add_param_rdfs(algorithm, flags, iterations, salt) + a = rr->nsec3_algorithm + f = rr->nsec3_flags + o = rr->nsec3_optout + i = rr->nsec3_iterations + rdata = rr->nsec3_next_owner + rdata = rr->nsec3_bitmap + rdata = rr->nsec3_salt + + rdata = rr->rrsig_keytag + bool = rr->rrsig_set_keytag(rdata) + rdata = rr->rrsig_signame + bool = rr->rrsig_set_signame(rdata) + rdata = rr->rrsig_sig + bool = rr->rrsig_set_sig(rdata) + rdata = rr->rrsig_algorithm + bool = rr->rrsig_set_algorithm(rdata) + rdata = rr->rrsig_inception + bool = rr->rrsig_set_inception(rdata) + rdata = rr->rrsig_expiration + bool = rr->rrsig_set_expiration(rdata) + rdata = rr->rrsig_labels + bool = rr->rrsig_set_labels(rdata) + rdata = rr->rrsig_origttl + bool = rr->rrsig_set_origttl(rdata) + key = rr->get_dnskey_for_rrsig(rrlist) + + rdata = rr->dnskey_algorithm + bool = rr->dnskey_set_algorithm(rdata) + rdata = rr->dnskey_flags + bool = rr->dnskey_set_flags(rdata) + rdata = rr->dnskey_protocol + bool = rr->dnskey_set_protocol(rdata) + rdata = rr->dnskey_key + bool = rr->dnskey_set_key(rdata) + bits = rr->dnskey_key_size + tag = rr->calc_keytag + ds = rr->key_to_ds(hash) + + rr->is_question + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RRList.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RRList.pm new file mode 100644 index 0000000..69b8d56 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/RRList.pm @@ -0,0 +1,183 @@ +package DNS::LDNS::RRList; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS; + +our $VERSION = '0.61'; + +sub new { + my ($class, %args) = @_; + + if ($args{hosts_filename} or $args{hosts_file}) { + my $file = $args{hosts_file}; + if ($args{hosts_filename}) { + unless (open FILE, $args{hosts_filename}) { + $DNS::LDNS::last_status = &LDNS_STATUS_FILE_ERR; + $DNS::LDNS::line_nr = 0; + return; + } + $file = \*FILE; + } + my $list = _new_hosts_from_file($file, $DNS::LDNS::line_nr); + if ($args{hosts_filename}) { + close $file; + } + return $list; + } + + return _new(); +} + +sub rr { + my ($self, $index) = @_; + return DNS::LDNS::GC::own($self->_rr($index), $self); +} + +sub push { + my ($self, @rrs) = @_; + + for my $rr (@rrs) { + # Push a copy of the rr in case it is already owned + $self->_push(my $copy = $rr->clone); + DNS::LDNS::GC::own($copy, $self); + } +} + +sub push_list { + my ($self, $list) = @_; + + $self->_push_list(my $copy = $list->clone); + DNS::LDNS::GC::own($copy, $self); +} + +sub verify { + my ($self, $sig, $keys) = @_; + my $goodkeys = new DNS::LDNS::RRList; + my $s = _verify($self, $sig, $keys, $goodkeys); + $DNS::LDNS::last_status = $s; + return wantarray ? ($s, $goodkeys) : $s; +} + +sub verify_time { + my ($self, $sig, $keys, $checktime) = @_; + my $goodkeys = new DNS::LDNS::RRList; + my $s = _verify_time($self, $sig, $keys, $checktime, $goodkeys); + $DNS::LDNS::last_status = $s; + return wantarray ? ($s, $goodkeys) : $s; +} + +sub verify_notime { + my ($self, $sig, $keys) = @_; + my $goodkeys = new DNS::LDNS::RRList; + my $s = _verify_notime($self, $sig, $keys, $goodkeys); + $DNS::LDNS::last_status = $s; + return wantarray ? ($s, $goodkeys) : $s; +} + +sub verify_rrsig_keylist { + my ($self, $sig, $keys) = @_; + my $goodkeys = new DNS::LDNS::RRList; + my $s = _verify_rrsig_keylist($self, $sig, $keys, $goodkeys); + $DNS::LDNS::last_status = $s; + return wantarray ? ($s, $goodkeys) : $s; +} + +sub verify_rrsig_keylist_notime { + my ($self, $sig, $keys, $check_time) = @_; + my $goodkeys = new DNS::LDNS::RRList; + my $s = _verify_rrsig_keylist_notime($self, $sig, $keys, $goodkeys); + $DNS::LDNS::last_status = $s; + return wantarray ? ($s, $goodkeys) : $s; +} + +sub get_dnskey_for_rrsig { + my ($self, $rrsig) = @_; + return DNS::LDNS::GC::own(_get_dnskey_for_rrsig($rrsig, $self), $self); +} + +sub get_rrsig_for_name_and_type { + my ($self, $name, $type) = @_; + return DNS::LDNS::GC::own( + _get_dnskey_for_name_and_type($name, $type, $self), $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::RRList - List of rrs + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + my l = new DNS::LDNS::RRList + my l = new DNS::LDNS::RRList(hosts_file => \*FILE) + my l = new DNS::LDNS::RRList(hosts_filename => fname) + my l2 = l->clone + + l->to_string + + l->print(\*FILE) + count = l->rr_count + + rr = l->rr(index) + l->push(@rr) + rr = l->pop + + l->push_list(l2) + l2 = l->pop_list(count) + l2 = l->pop_rrset + + l->compare(l2) + + l2 = l->subtype_by_rdata(rdata, pos) + + bool = l->is_rrset + + bool = l->contains_rr(rr) + + (status, goodkeys) = l->verify(sig, keys) + (status, goodkeys) = l->verify_time(sig, keys, checktime) + (status, goodkeys) = l->verify_notime(sig, keys) + (status, goodkeys) = l->verify_rrsig_keylist(sig, keys) + (status, goodkeys) = l->verify_rrsig_keylist_time(sig, keys, checktime) + (status, goodkeys) = l->verify_rrsig_keylist_notime(sig, keys) + status = l->verify_rrsig(sig, keys) + status = l->verify_rrsig_time(sig, keys, checktime) + + rr = l->create_empty_rrsig(key) + rrlist = l->sign_public(keylist) + + rrlist->canonicalize + rrlist->sort + rrlist->sort_nsec3 # the list must contain only nsec3 rrs + + rr = keylist->get_dnskey_for_rrsig(rrsig) + rr = keylist->get_rrsig_for_name_and_type(name, type) + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Resolver.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Resolver.pm new file mode 100644 index 0000000..e389a04 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Resolver.pm @@ -0,0 +1,355 @@ +package DNS::LDNS::Resolver; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS ':all'; + +our $VERSION = '0.61'; + +sub new { + my ($class, %args) = @_; + + my $file; + my $status = &LDNS_STATUS_OK; + + if ($args{filename}) { + unless (open FILE, $args{filename}) { + $DNS::LDNS::last_status = &LDNS_STATUS_FILE_ERR; + $DNS::LDNS::line_nr = 0; + return; + } + + $file = \*FILE; + } + elsif ($args{file}) { + $file = $args{file}; + } + + my $resolver; + if ($file) { + $resolver = _new_from_file($file, $status); + } + else { + $resolver = _new(); + } + + if ($args{filename}) { + close $file; + } + + $DNS::LDNS::last_status = $status; + if (!defined $resolver) { + return; + } + + return $resolver; +} + +sub dnssec_anchors { + my $self = shift; + return DNS::LDNS::GC::own($self->_dnssec_anchors, $self); +} + +sub push_dnssec_anchor { + my ($self, $rr) = @_; + + _push_dnssec_anchor($self, my $copy = $rr->clone); + DNS::LDNS::GC::own($copy, $self); +} + +sub set_dnssec_anchors { + my ($self, $l) = @_; + DNS::LDNS::GC::disown(my $old = $self->dnssec_anchors); + $self->_set_dnssec_anchors($l); + DNS::LDNS::GC::own($l, $self); + return $l; +} + +sub domain { + my $self = shift; + return DNS::LDNS::GC::own($self->_domain, $self); +} + +sub set_domain { + my ($self, $dom) = @_; + DNS::LDNS::GC::disown(my $old = $self->domain); + _set_domain($self, my $copy = $dom->clone); + DNS::LDNS::GC::own($copy, $self); +} + +sub nameservers { + my $self = shift; + my $list = _nameservers($self); + for my $r (@$list) { + DNS::LDNS::GC::own($r, $self); + } + return wantarray ? @$list : $list; +} + +sub push_nameserver { + my ($self, $n) = @_; + + my $s = _push_nameserver($self, my $copy = $n->clone); + DNS::LDNS::GC::own($copy, $self); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub pop_nameserver { + my $self = shift; + return DNS::LDNS::GC::own($self->_pop_nameserver); +} + +sub push_searchlist { + my ($self, $rd) = @_; + + _push_searchlist($self, my $copy = $rd->clone); + DNS::LDNS::GC::own($copy, $self); +} + +sub searchlist { + my $self = shift; + my $list = _searchlist($self); + for my $r (@$list) { + DNS::LDNS::GC::own($r, $self); + } + return wantarray ? @$list : $list; +} + +sub timeout { + my $self = shift; + my $t = _timeout($self); + return wantarray ? @$t : $t; +} + +sub rtt { + my $self = shift; + my $list = _rtt($self); + return wantarray ? @$list : $list; +} + +sub set_rtt { + my ($self, @rtt) = @_; + # FIXME: Validate @rtt, existence, size + _set_rtt($self, \@rtt); +} + +sub fetch_valid_domain_keys { + my ($self, $domain, $keys) = @_; + + my $status; + my $trusted = _fetch_valid_domain_keys($self, $domain, $keys, $status); + $DNS::LDNS::last_status = $status; + if (!$trusted) { + return; + } + + return DNS::LDNS::GC::own($trusted, $self); +} + +sub fetch_valid_domain_keys_time { + my ($self, $domain, $keys, $checktime) = @_; + + my $status; + my $trusted = _fetch_valid_domain_keys_time( + $self, $domain, $keys, $checktime, $status); + $DNS::LDNS::last_status = $status; + if (!$trusted) { + return; + } + + return DNS::LDNS::GC::own($trusted, $self); +} + +sub prepare_query_pkt { + my ($self, $rdata, $type, $class, $flags) = @_; + + my $s = &LDNS_STATUS_OK; + my $qry = _prepare_query_pkt($self, $rdata, $type, $class, $flags, $s); + $DNS::LDNS::last_status = $s; + if ($s != LDNS_STATUS_OK) { + return; + } + return $qry; +} + +sub send { + my ($self, $rdata, $type, $class, $flags) = @_; + + my $s = &LDNS_STATUS_OK; + my $ans = _send($self, $rdata, $type, $class, $flags, $s); + $DNS::LDNS::last_status = $s; + if ($s != LDNS_STATUS_OK) { + return; + } + return $ans; +} + +sub send_pkt { + my ($self, $qry) = @_; + + my $s = &LDNS_STATUS_OK; + my $ans = _send_pkt($self, $qry, $s); + $DNS::LDNS::last_status = $s; + if ($s != LDNS_STATUS_OK) { + return; + } + return $ans; +} + +sub verify_trusted { + my ($self, $rrset, $rrsigs, $validating_keys) = @_; + my $s = _verify_trusted($self, $rrset, $rrsigs, $validating_keys); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub verify_trusted_time { + my ($self, $rrset, $rrsigs, $check_time, $validating_keys) = @_; + my $s = _verify_trusted_time($self, $rrset, $rrsigs, $check_time, + $validating_keys); + $DNS::LDNS::last_status = $s; + return $s; +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::Resolver - DNS resolver + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + my r = new DNS::LDNS::Resolver(filename => '/my/resolv.conf') + my r = new DNS::LDNS::Resolver(file => \*FILE) + my r = new DNS::LDNS::Resolver + + bool = r->dnssec + r->set_dnssec(bool) + + bool = r->dnssec_cd # Resolver sets the CD bit + r->set_dnssec_cd(bool) + + port = r->port + r->set_port(port) + + bool = r->recursive + r->set_recursive(bool) + + bool = r->debug + r->set_debug(bool) + + count = r->retry + r->set_retry(count) + + count = r->retrans + r->set_retrans(count) + + bool = r->fallback # Resolver truncation fallback mechanism + r->set_fallback(bool) + + bool = r->ip6 + r->set_ip6(bool) + + size = r->edns_udp_size + r->set_edns_udp_size(size) + + bool = r->usevc # Use virtual circuit (TCP) + r->set_usevc(bool) + + r->fail + r->set_fail + + r->defnames + r->set_defnames + + r->dnsrch + r->set_dnsrch + + r->igntc + r->set_igntc + + bool = r->random # randomize nameserver before usage + r->set_random(bool) + + rrlist = r->dnssec_anchors # list of trusted DNSSEC anchors + r->push_dnssec_anchor(rr) + r->set_dnssec_anchors(rrlist) + + rdata = r->domain # Domain to add to relative queries + r->set_domain(rdata) + + @rdata = r->nameservers + count = r->nameserver_count + r->push_nameserver(rdata) + rdata = r->pop_nameserver + r->nameservers_randomize + + str = r->tsig_keyname + r->set_tsig_keyname(str) + + str = r->tsig_algorithm + r->set_tsig_algorithm(str) + + str = r->tsig_keydata + r->set_tsig_keydata(str) + + count = r->searchlist_count + r->push_searchlist(rdata) + @rdata = r->searchlist + + @times = r->rtt # Round trip times + r->set_rtt(@rtt) + time = r->nameserver_rtt(pos) + r->set_nameserver_rtt(pos, time) + + (sec, usec) = r->timeout + r->set_timeout(sec, usec) + + # DNSSec validation + rrlist = r->fetch_valid_domain_keys(domain, keys) + rrlist = r->fetch_valid_domain_keys_time(domain, keys, checktime) + rrlist = r->validate_domain_ds(domain, keys) + rrlist = r->validate_domain_ds_time(domain, keys, checktime) + rrlist = r->validate_domain_dnskey(domain, keys) + rrlist = r->validate_domain_dnskey_time(domain, keys, checktime) + status = r->verify_trusted(rrset, rrsigs, validation_keys) + status = r->verify_trusted_time(rrset, rrsigs, checktime, validation_keys) + bool = r->trusted_key(keys, trusted_keys) + chain = r->build_data_chain(qflags, dataset, pkt, orig_rr) + + # Query + pkt = r->query(rdata, type, class, flags) + pkt = r->search(rdata, type, class, flags) + query = r->prepare_query_pkt(rdata, type, class, flags) + answer = r->send(rdata, type, class, flags) + answer = r->send_pkt(query) + rrlist = r->get_rr_list_addr_by_name(name, class, flags) + rrlist = r->get_rr_list_name_by_addr(addr, class, flags) + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Zone.pm b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Zone.pm new file mode 100644 index 0000000..cb48186 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/lib/DNS/LDNS/Zone.pm @@ -0,0 +1,140 @@ +package DNS::LDNS::Zone; + +use 5.008008; +use strict; +use warnings; + +use DNS::LDNS ':all'; + +our $VERSION = '0.61'; + +sub new { + my ($class, %args) = @_; + + my $line_nr = 0; + my $status = &LDNS_STATUS_OK; + my $zone; + my $file; + + if ($args{filename}) { + unless (open FILE, $args{filename}) { + $DNS::LDNS::last_status = &LDNS_STATUS_FILE_ERR; + $DNS::LDNS::line_nr = 0; + return; + } + + $file = \*FILE; + } + elsif ($args{file}) { + $file = $args{file}; + } + + if ($file) { + $zone = _new_from_file($file, + $args{origin}, + $args{default_ttl} || 0, + $args{class} || 0, + $status, $line_nr); + } + else { + $zone = _new(); + } + + if ($args{filename}) { + close $file; + } + + $DNS::LDNS::last_status = $status; + $DNS::LDNS::line_nr = $line_nr; + if (!defined $zone) { + return; + } + + return $zone; +} + +sub to_string { + my $self = shift; + + return join('', map { $self->$_ ? $self->$_->to_string : '' } qw/soa rrs/); +} + +sub soa { + my $self = shift; + return DNS::LDNS::GC::own($self->_soa, $self); +} + +sub set_soa { + my ($self, $soa) = @_; + DNS::LDNS::GC::disown(my $old = $self->soa); + $self->_set_soa(my $copy = $soa->clone); + return DNS::LDNS::GC::own($copy, $self); +} + +sub rrs { + my $self = shift; + return DNS::LDNS::GC::own($self->_rrs, $self); +} + +sub set_rrs { + my ($self, $list) = @_; + DNS::LDNS::GC::disown(my $old = $self->rrs); + $self->_set_rrs(my $copy = $list->clone); + return DNS::LDNS::GC::own($copy, $self); +} + +sub DESTROY { + DNS::LDNS::GC::free($_[0]); +} + +1; +__END__ + +=head1 NAME + +DNS::LDNS::Zone - Parsed zonefile + +=head1 SYNOPSIS + + use DNS::LDNS ':all' + + my z = new DNS::LDNS::Zone( + filename => '/path/to/myzone', + origin => new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone'), #optional + default_ttl => 3600, #optional + class => LDNS_RR_CLASS_IN, #optional + ) + my z = new DNS::LDNS::Zone( + file => \*FILE, + origin => ..., default_ttl => ..., class => ... + ) + my z = new DNS::LDNS::Zone + + z->to_string + z->print(\*FILE) + z->canonicalize + z->sort + rr = z->soa + z->set_soa(rr) + rrlist = z->rrs + z->set_rrs(rrlist) + z->sign(keylist) + z->sign_nsec3(keylist, algorithm, flags, iterations, salt) + +=head1 SEE ALSO + +http://www.nlnetlabs.nl/projects/ldns + +=head1 AUTHOR + +Erik Pihl Ostlyngen, Eerik.ostlyngen@uninett.noE + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2013 by UNINETT Norid AS + +This library is free software; you can redistribute it and/or modify +it under the same terms as Perl itself, either Perl version 5.14.2 or, +at your option, any later version of Perl 5 you may have available. + +=cut diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/DNS-LDNS.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/DNS-LDNS.t new file mode 100644 index 0000000..eeae54c --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/DNS-LDNS.t @@ -0,0 +1,136 @@ +# Before `make install' is performed this script should be runnable with +# `make test'. After `make install' it should work as `perl DNS-LDNS.t' + +######################### + +# change 'tests => 2' to 'tests => last_test_to_print'; + +use strict; +use warnings; + +use Test::More tests => 2; +BEGIN { use_ok('DNS::LDNS') }; + + +my $fail = 0; +foreach my $constname (qw( + LDNS_AA LDNS_AD LDNS_CD LDNS_CERT_ACPKIX LDNS_CERT_IACPKIX + LDNS_CERT_IPGP LDNS_CERT_IPKIX LDNS_CERT_ISPKI LDNS_CERT_OID + LDNS_CERT_PGP LDNS_CERT_PKIX LDNS_CERT_SPKI LDNS_CERT_URI + LDNS_DEFAULT_TTL LDNS_DH LDNS_DSA LDNS_DSA_NSEC3 LDNS_ECC LDNS_ECC_GOST + LDNS_HASH_GOST LDNS_IP4ADDRLEN LDNS_IP6ADDRLEN + LDNS_KEY_REVOKE_KEY LDNS_KEY_SEP_KEY LDNS_KEY_ZONE_KEY + LDNS_MAX_DOMAINLEN LDNS_MAX_LABELLEN LDNS_MAX_PACKETLEN + LDNS_MAX_POINTERS LDNS_MAX_RDFLEN LDNS_NSEC3_VARS_OPTOUT_MASK + LDNS_PACKET_ANSWER LDNS_PACKET_IQUERY LDNS_PACKET_NODATA + LDNS_PACKET_NOTIFY LDNS_PACKET_NXDOMAIN LDNS_PACKET_QUERY + LDNS_PACKET_QUESTION LDNS_PACKET_REFERRAL LDNS_PACKET_STATUS + LDNS_PACKET_UNKNOWN LDNS_PACKET_UPDATE LDNS_PORT LDNS_PRIVATEDNS + LDNS_PRIVATEOID LDNS_QR LDNS_RA LDNS_RCODE_FORMERR LDNS_RCODE_NOERROR + LDNS_RCODE_NOTAUTH LDNS_RCODE_NOTIMPL LDNS_RCODE_NOTZONE + LDNS_RCODE_NXDOMAIN LDNS_RCODE_NXRRSET LDNS_RCODE_REFUSED + LDNS_RCODE_SERVFAIL LDNS_RCODE_YXDOMAIN LDNS_RCODE_YXRRSET LDNS_RD + LDNS_RDATA_FIELD_DESCRIPTORS_COMMON LDNS_RDF_SIZE_16BYTES + LDNS_RDF_SIZE_6BYTES LDNS_RDF_SIZE_BYTE LDNS_RDF_SIZE_DOUBLEWORD + LDNS_RDF_SIZE_WORD LDNS_RDF_TYPE_A LDNS_RDF_TYPE_AAAA LDNS_RDF_TYPE_ALG + LDNS_RDF_TYPE_APL LDNS_RDF_TYPE_ATMA LDNS_RDF_TYPE_B32_EXT + LDNS_RDF_TYPE_B64 LDNS_RDF_TYPE_CERT_ALG LDNS_RDF_TYPE_CLASS + LDNS_RDF_TYPE_DNAME LDNS_RDF_TYPE_HEX LDNS_RDF_TYPE_INT16 + LDNS_RDF_TYPE_INT16_DATA LDNS_RDF_TYPE_INT32 LDNS_RDF_TYPE_INT8 + LDNS_RDF_TYPE_IPSECKEY LDNS_RDF_TYPE_LOC LDNS_RDF_TYPE_NONE + LDNS_RDF_TYPE_NSAP LDNS_RDF_TYPE_NSEC LDNS_RDF_TYPE_NSEC3_NEXT_OWNER + LDNS_RDF_TYPE_NSEC3_SALT LDNS_RDF_TYPE_PERIOD LDNS_RDF_TYPE_SERVICE + LDNS_RDF_TYPE_STR LDNS_RDF_TYPE_TIME LDNS_RDF_TYPE_HIP + LDNS_RDF_TYPE_TSIGTIME LDNS_RDF_TYPE_TYPE LDNS_RDF_TYPE_UNKNOWN + LDNS_RDF_TYPE_WKS LDNS_RESOLV_ANCHOR LDNS_RESOLV_DEFDOMAIN + LDNS_RESOLV_INET LDNS_RESOLV_INET6 LDNS_RESOLV_INETANY + LDNS_RESOLV_KEYWORD LDNS_RESOLV_KEYWORDS LDNS_RESOLV_NAMESERVER + LDNS_RESOLV_OPTIONS LDNS_RESOLV_RTT_INF LDNS_RESOLV_RTT_MIN + LDNS_RESOLV_SEARCH LDNS_RESOLV_SORTLIST LDNS_RR_CLASS_ANY + LDNS_RR_CLASS_CH LDNS_RR_CLASS_COUNT LDNS_RR_CLASS_FIRST + LDNS_RR_CLASS_HS LDNS_RR_CLASS_IN LDNS_RR_CLASS_LAST LDNS_RR_CLASS_NONE + LDNS_RR_COMPRESS LDNS_RR_NO_COMPRESS LDNS_RR_OVERHEAD LDNS_RR_TYPE_A + LDNS_RR_TYPE_A6 LDNS_RR_TYPE_AAAA LDNS_RR_TYPE_AFSDB LDNS_RR_TYPE_ANY + LDNS_RR_TYPE_APL LDNS_RR_TYPE_ATMA LDNS_RR_TYPE_AXFR LDNS_RR_TYPE_CERT + LDNS_RR_TYPE_CNAME LDNS_RR_TYPE_COUNT LDNS_RR_TYPE_DHCID + LDNS_RR_TYPE_DLV LDNS_RR_TYPE_DNAME LDNS_RR_TYPE_DNSKEY LDNS_RR_TYPE_DS + LDNS_RR_TYPE_EID LDNS_RR_TYPE_FIRST LDNS_RR_TYPE_GID LDNS_RR_TYPE_GPOS + LDNS_RR_TYPE_HINFO LDNS_RR_TYPE_IPSECKEY LDNS_RR_TYPE_ISDN + LDNS_RR_TYPE_IXFR LDNS_RR_TYPE_KEY LDNS_RR_TYPE_KX LDNS_RR_TYPE_LAST + LDNS_RR_TYPE_LOC LDNS_RR_TYPE_MAILA LDNS_RR_TYPE_MAILB LDNS_RR_TYPE_MB + LDNS_RR_TYPE_MD LDNS_RR_TYPE_MF LDNS_RR_TYPE_MG LDNS_RR_TYPE_MINFO + LDNS_RR_TYPE_MR LDNS_RR_TYPE_MX LDNS_RR_TYPE_NAPTR LDNS_RR_TYPE_NIMLOC + LDNS_RR_TYPE_NS LDNS_RR_TYPE_NSAP LDNS_RR_TYPE_NSAP_PTR + LDNS_RR_TYPE_NSEC LDNS_RR_TYPE_NSEC3 LDNS_RR_TYPE_NSEC3PARAM + LDNS_RR_TYPE_NSEC3PARAMS LDNS_RR_TYPE_NULL LDNS_RR_TYPE_NXT + LDNS_RR_TYPE_OPT LDNS_RR_TYPE_PTR LDNS_RR_TYPE_PX LDNS_RR_TYPE_RP + LDNS_RR_TYPE_RRSIG LDNS_RR_TYPE_RT LDNS_RR_TYPE_SIG LDNS_RR_TYPE_SINK + LDNS_RR_TYPE_SOA LDNS_RR_TYPE_SPF LDNS_RR_TYPE_SRV LDNS_RR_TYPE_SSHFP + LDNS_RR_TYPE_TALINK LDNS_RR_TYPE_TSIG LDNS_RR_TYPE_TXT LDNS_RR_TYPE_UID + LDNS_RR_TYPE_UINFO LDNS_RR_TYPE_UNSPEC LDNS_RR_TYPE_WKS + LDNS_RR_TYPE_X25 LDNS_RSAMD5 LDNS_RSASHA1 LDNS_RSASHA1_NSEC3 + LDNS_RSASHA256 LDNS_RSASHA512 LDNS_SECTION_ADDITIONAL + LDNS_SECTION_ANSWER LDNS_SECTION_ANY LDNS_SECTION_ANY_NOQUESTION + LDNS_SECTION_AUTHORITY LDNS_SECTION_QUESTION LDNS_SHA1 LDNS_SHA256 + LDNS_SIGN_DSA LDNS_SIGN_DSA_NSEC3 LDNS_SIGN_ECC_GOST + LDNS_SIGN_HMACSHA1 LDNS_SIGN_HMACSHA256 + LDNS_SIGN_RSAMD5 LDNS_SIGN_RSASHA1 LDNS_SIGN_RSASHA1_NSEC3 + LDNS_SIGN_RSASHA256 LDNS_SIGN_RSASHA512 LDNS_STATUS_ADDRESS_ERR + LDNS_STATUS_CERT_BAD_ALGORITHM LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL + LDNS_STATUS_CRYPTO_BOGUS LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION + LDNS_STATUS_CRYPTO_NO_DNSKEY LDNS_STATUS_CRYPTO_NO_DS + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY + LDNS_STATUS_CRYPTO_NO_RRSIG LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY + LDNS_STATUS_CRYPTO_NO_TRUSTED_DS LDNS_STATUS_CRYPTO_SIG_EXPIRED + LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED LDNS_STATUS_CRYPTO_TSIG_BOGUS + LDNS_STATUS_CRYPTO_TSIG_ERR LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR + LDNS_STATUS_CRYPTO_UNKNOWN_ALGO LDNS_STATUS_CRYPTO_VALIDATED + LDNS_STATUS_DDD_OVERFLOW LDNS_STATUS_DNSSEC_EXISTENCE_DENIED + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND + LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED + LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED + LDNS_STATUS_DOMAINNAME_OVERFLOW LDNS_STATUS_DOMAINNAME_UNDERFLOW + LDNS_STATUS_EMPTY_LABEL LDNS_STATUS_ENGINE_KEY_NOT_LOADED + LDNS_STATUS_ERR LDNS_STATUS_FILE_ERR LDNS_STATUS_INTERNAL_ERR + LDNS_STATUS_INVALID_B32_EXT LDNS_STATUS_INVALID_B64 + LDNS_STATUS_INVALID_HEX LDNS_STATUS_INVALID_INT LDNS_STATUS_INVALID_IP4 + LDNS_STATUS_INVALID_IP6 LDNS_STATUS_INVALID_POINTER + LDNS_STATUS_INVALID_STR LDNS_STATUS_INVALID_TIME + LDNS_STATUS_LABEL_OVERFLOW LDNS_STATUS_MEM_ERR + LDNS_STATUS_MISSING_RDATA_FIELDS_KEY + LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG LDNS_STATUS_NETWORK_ERR + LDNS_STATUS_NOT_IMPL LDNS_STATUS_NO_DATA LDNS_STATUS_NSEC3_ERR + LDNS_STATUS_NULL LDNS_STATUS_OK LDNS_STATUS_PACKET_OVERFLOW + LDNS_STATUS_RES_NO_NS LDNS_STATUS_RES_QUERY LDNS_STATUS_SOCKET_ERROR + LDNS_STATUS_SSL_ERR LDNS_STATUS_SYNTAX_ALG_ERR + LDNS_STATUS_SYNTAX_BAD_ESCAPE LDNS_STATUS_SYNTAX_CLASS_ERR + LDNS_STATUS_SYNTAX_DNAME_ERR LDNS_STATUS_SYNTAX_EMPTY + LDNS_STATUS_SYNTAX_ERR LDNS_STATUS_SYNTAX_INCLUDE + LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL + LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW + LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW LDNS_STATUS_SYNTAX_KEYWORD_ERR + LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR LDNS_STATUS_SYNTAX_ORIGIN + LDNS_STATUS_SYNTAX_RDATA_ERR LDNS_STATUS_SYNTAX_TTL + LDNS_STATUS_SYNTAX_TTL_ERR LDNS_STATUS_SYNTAX_TYPE_ERR + LDNS_STATUS_SYNTAX_VERSION_ERR LDNS_STATUS_UNKNOWN_INET + LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL + LDNS_STATUS_WIRE_INCOMPLETE_ANSWER + LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY + LDNS_STATUS_WIRE_INCOMPLETE_HEADER LDNS_STATUS_WIRE_INCOMPLETE_QUESTION + LDNS_TC)) { + next if (eval "my \$a = $constname; 1"); + if ($@ =~ /^Your vendor has not defined LDNS macro $constname/) { + print "# pass: $@"; + } else { + print "# fail: $@"; + $fail = 1; + } + +} + +ok( $fail == 0 , 'Constants' ); +######################### + +# Insert your test code below, the Test::More module is use()ed here so read +# its man page ( perldoc Test::More ) for help writing this test script. + diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_datachain.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_datachain.t new file mode 100644 index 0000000..2a1e262 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_datachain.t @@ -0,0 +1,60 @@ +use Test::More tests => 10; +use Test::Exception; + +use FindBin qw/$Bin/; + +use DNS::LDNS ':all'; + +BEGIN { use_ok('DNS::LDNS') }; + +# Note: This test makes queries on real internet dns data, and assumes +# that the iis.se domain is signed. + +my $r = new DNS::LDNS::Resolver(filename => "/etc/resolv.conf"); +$r->set_dnssec(1); +$r->set_random(0); + +my $p = $r->query( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'iis.se.'), + LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, LDNS_RD); + +SKIP: { + skip "Resolver is not dnssec able. Skip this test.", 9 unless ($p->ad); + + isa_ok($p, 'DNS::LDNS::Packet'); + + my $rrset = $p->rr_list_by_type(LDNS_RR_TYPE_SOA, LDNS_SECTION_ANSWER); + + ok($rrset->rr_count > 0, 'Got an answer with some content'); + + my $chain = $r->build_data_chain(LDNS_RD, $rrset, $p, undef); + + isa_ok($chain, 'DNS::LDNS::DNSSecDataChain'); + + isa_ok($chain->parent, 'DNS::LDNS::DNSSecDataChain'); + + dies_ok { + my $new_rr = new DNS::LDNS::RR(str => 'test.test. 1234 IN A 10.0.0.1'); + my $t = $chain->derive_trust_tree($new_rr); + } 'Making a trust tree with foreign rr fails.'; + + my $rr = $chain->rrset->rr(0); + + my $tree = $chain->derive_trust_tree($rr); + + isa_ok($tree, 'DNS::LDNS::DNSSecTrustTree'); + + # Get root keys. + my $root_keys_pk = $r->query( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, '.'), + LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD); + my $root_keys = $root_keys_pk->rr_list_by_type( + LDNS_RR_TYPE_DNSKEY, LDNS_SECTION_ANSWER); + + is($tree->contains_keys($root_keys), LDNS_STATUS_OK, + 'Root key found in trust chain'); + + ok($tree->depth > 1, 'The trust tree is more than one node.'); + + isa_ok($tree->parent(0), 'DNS::LDNS::DNSSecTrustTree'); +} diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_zone.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_zone.t new file mode 100644 index 0000000..48115aa --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/dnssec_zone.t @@ -0,0 +1,35 @@ +use Test::More tests => 7; + +use FindBin qw/$Bin/; + +use DNS::LDNS ':all'; + +BEGIN { use_ok('DNS::LDNS') }; + +# Create a new dnssec zone +my $z = new DNS::LDNS::DNSSecZone; +isa_ok($z, 'DNS::LDNS::DNSSecZone', 'Create an empty zone'); + +# Read a zone from file and create a dnssec zone from it +my $z2 = new DNS::LDNS::Zone( + filename => "$Bin/testdata/myzone.org"); + +$z->create_from_zone($z2); + +my $rrset = $z->find_rrset( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'ns1.myzone.org.'), + LDNS_RR_TYPE_A); + +is($rrset->rrs->rr->type, LDNS_RR_TYPE_A, 'Found an A record'); +is($rrset->rrs->rr->dname, 'ns1.myzone.org.', 'Dname is ns1.myzone.org.'); + +is($z->add_empty_nonterminals, LDNS_STATUS_OK, 'Add empty non-terminals'); + +my $klist = new DNS::LDNS::KeyList; +$klist->push(new DNS::LDNS::Key(filename => "$Bin/testdata/key.private")); +$klist->key(0)->set_pubkey_owner( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone.org')); + +is($z->sign($klist, LDNS_SIGNATURE_REMOVE_ADD_NEW, 0), LDNS_STATUS_OK, 'Sign'); +is($z->sign_nsec3($klist, LDNS_SIGNATURE_REMOVE_ADD_NEW, 1, 0, 10, 'ABBA', 0), + LDNS_STATUS_OK, 'Sign nsec3'); diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/key.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/key.t new file mode 100644 index 0000000..f0aa08d --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/key.t @@ -0,0 +1,25 @@ +use Test::More tests => 8; + +use FindBin qw/$Bin/; + +use DNS::LDNS ':all'; + +BEGIN { use_ok('DNS::LDNS') }; + +my $key = new DNS::LDNS::Key(filename => "$Bin/testdata/key.private"); +ok($key, 'Created new key object from file'); +is($key->algorithm, 7, 'Algorithm is NSEC3RSASHA1'); +my $now = time; +$key->set_inception($now); +$key->set_expiration($now + 10000); +is($key->inception, $now, 'Inception time'); +is($key->expiration, $now + 10000, 'Expiration time'); +like($key->to_rr->to_string, qr|3600\s+IN\s+DNSKEY\s+256\s+3\s+7\s+AwEAAfg/ghOkk|, 'Got rr representation of key'); + +my $klist = new DNS::LDNS::KeyList; +$klist->push($key); +is($klist->count, 1, 'Keylist has one key'); +is($$key, ${$klist->key(0)}, 'Key in keylist is the one we pushed'); +# FIXME: pop is buggy in ldns 1.6.12, uncomment when this starts working +# is($klist->pop(), $$key, 'Pop key from list'); +# is($klist->count, 0, 'No keys left in list'); diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rdata.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rdata.t new file mode 100644 index 0000000..81931c2 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rdata.t @@ -0,0 +1,47 @@ +use Test::More tests => 18; + +use DNS::LDNS ':all'; + +BEGIN { use_ok('DNS::LDNS') }; + +# Integer data +my $i = new DNS::LDNS::RData(LDNS_RDF_TYPE_INT32, '1237654'); +is($i->to_string, '1237654', 'Integer value rdata'); + +my $ii = new DNS::LDNS::RData(LDNS_RDF_TYPE_INT32, '1237654X'); +is($ii, undef, '1237654X is invalid'); + +# Period data +my $p1 = new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '3h3m3s'); +is($p1->to_string, sprintf("%d", 3600*3 + 60*3 + 3), 'Normalizing period'); + +my $pi = new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '3h3X3s'); +is($pi, undef, 'Invalid period value 3h3X3s'); + +# DNames +my $dn1 = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'azone.org'); +my $dn2 = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'other.org'); +my $dn3 = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'sub.other.org'); +my $dn4 = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'adder.org'); + +$dn1->cat($dn2); +is($dn1->to_string, 'azone.org.other.org.', 'Concatenating two domain names'); +my $chopped = $dn1->left_chop; +is($chopped->to_string, 'org.other.org.', 'Chop off left domain name label'); +ok($dn3->is_subdomain($dn2), 'sub.other.org is subdomain of other.org'); +ok(!$dn2->is_subdomain($dn3), 'other.org is not subdomain of sub.other.org'); +is($dn3->label_count, 3, 'sub.other.org has 3 labels'); +is($dn3->label(1)->to_string, 'other.', 'label 1 of sub.other.org is other.'); + +my $dni = new DNS::LDNS::RData( + LDNS_RDF_TYPE_DNAME, 'not..valid.org'); +is($dni, undef, 'Invalid dname not_valid.org'); + +my $wc = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, '*.other.org'); +ok($wc->is_wildcard, '*.other.org is a wildcard'); +ok(!$dn3->is_wildcard, 'sub.other.org is not a wildcard'); +ok($dn3->matches_wildcard($wc), 'sub.other.org matches *.other.org'); +ok(!$dn4->matches_wildcard($wc), 'adder.org does not match *.other.org'); + +is($dn3->compare($dn4), 1, 'sub.other.org > adder.org'); +is($dn4->compare($dn3), -1, 'adder.org < sub.other.org'); diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/resolver.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/resolver.t new file mode 100644 index 0000000..4716a8c --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/resolver.t @@ -0,0 +1,23 @@ +use Test::More tests => 3; + +use FindBin qw/$Bin/; + +use DNS::LDNS ':all'; + +BEGIN { use_ok('DNS::LDNS') }; + +my $r = new DNS::LDNS::Resolver(filename => "/etc/resolv.conf"); + +$r->set_random(0); + +my $p = $r->query( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'org'), + LDNS_RR_TYPE_SOA, LDNS_RR_CLASS_IN, LDNS_RD); + +isa_ok($p, 'DNS::LDNS::Packet', 'Make a simple query'); + +my $r2 = new DNS::LDNS::Resolver(filename => "$Bin/testdata/resolv.conf"); + +$r2->set_rtt(2, 3); +my @rtt = $r2->rtt; +is_deeply(\@rtt, [2, 3], "set_rtt and rtt"); diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rr.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rr.t new file mode 100644 index 0000000..f3bae29 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rr.t @@ -0,0 +1,74 @@ +use Test::More tests => 19; + +use FindBin qw/$Bin/; + +use DNS::LDNS ':all'; + +BEGIN { use_ok('DNS::LDNS') }; + +my $rr1 = new DNS::LDNS::RR; +isa_ok($rr1, 'DNS::LDNS::RR', 'Create empty rr'); + +$rr1 = new DNS::LDNS::RR( + type => LDNS_RR_TYPE_SOA, + class => LDNS_RR_CLASS_CH, + ttl => 1234, + owner => 'myzone.org', + rdata => [ + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'hostmaster.myzone.org'), + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'master.myzone.org'), + new DNS::LDNS::RData(LDNS_RDF_TYPE_INT32, '2012113030'), + new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '12345'), + new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '1827'), + new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '2345678'), + new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '87654') + ], +); + +isa_ok($rr1, 'DNS::LDNS::RR', 'Create SOA rr with rdata'); + +like($rr1->to_string, qr/^myzone\.org\.\s+1234\s+CH\s+SOA\s+hostmaster\.myzone\.org\.\s+master\.myzone\.org\.\s+2012113030\s+12345\s+1827\s+2345678\s+87654$/, + 'Format SOA rr as string'); + +is($rr1->pop_rdata->to_string, '87654', 'pop rdata'); +$rr1->push_rdata(new DNS::LDNS::RData(LDNS_RDF_TYPE_PERIOD, '55667')); +is($rr1->rdata(6)->to_string, '55667', 'push_rdata and access rdata by index'); + +my $rr2 = new DNS::LDNS::RR(str => 'myzone.org. 1234 IN SOA hostmaster.myzone.org. master.myzone.org. 2012 12345 1827 2345678 87654'); +isa_ok($rr2, 'DNS::LDNS::RR', 'Create SOA rr from string'); +like($rr2->to_string, qr/^myzone\.org\.\s+1234\s+IN\s+SOA\s+hostmaster\.myzone\.org\.\s+master\.myzone\.org\.\s+2012\s+12345\s+1827\s+2345678\s+87654$/, + 'Format it back to string'); + +ok($rr1->compare($rr2) > 0, 'Compare rr, greater than'); +ok($rr2->compare($rr1) < 0, 'Compare rr, less than'); +is($rr1->compare($rr1), 0, 'Compare rr, equal'); + +my $rr3 = new DNS::LDNS::RR(str => 'ozone.org. 1234 IN SOA hostmaster.ozone.org. master.ozone.org. 2012 12345 1827 2345678 87654'); + +ok($rr3->compare_dname($rr1) > 0, 'Compare dname, greater than'); +ok($rr1->compare_dname($rr3) < 0, 'Compare dname, less than'); +is($rr1->compare_dname($rr2), 0, 'Compare dname, equal'); + +# Read records from a zonefile +my $origin = new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, '.'); +my $prev = $origin->clone; +my $ttl = 0; +my $count = 0; +open(ZONE, "$Bin/testdata/myzone.org"); +my $rr4 = new DNS::LDNS::RR(file => \*ZONE, default_ttl => \$ttl, + origin => \$origin, prev => \$prev); +is($DNS::LDNS::last_status, LDNS_STATUS_SYNTAX_TTL, "Read ttl statement."); +is($ttl, 4500, "TTL is 4500"); + +$rr4 = new DNS::LDNS::RR(file => \*ZONE, default_ttl => \$ttl, + origin => \$origin, prev => \$prev); +is($DNS::LDNS::last_status, LDNS_STATUS_SYNTAX_ORIGIN, "Read origin statement."); +is($origin->to_string, "myzone.org.", "Origin is myzone.org."); + +while (!eof(\*ZONE)) { + $rr4 = new DNS::LDNS::RR(file => \*ZONE, default_ttl => \$ttl, + origin => \$origin, prev => \$prev); + last unless ($rr4); + $count++; +} +is($count, 6); diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rrlist.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rrlist.t new file mode 100644 index 0000000..1ff0b48 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/rrlist.t @@ -0,0 +1,84 @@ +use Test::More tests => 24; + +use FindBin qw/$Bin/; + +use DNS::LDNS ':all'; + +BEGIN { use_ok('DNS::LDNS') }; + +# Create list +my $list = new DNS::LDNS::RRList; +isa_ok($list, 'DNS::LDNS::RRList', 'Create an empty rr list'); + +# Push/pop/count rr +$list->push(new DNS::LDNS::RR(str => 'ns.myzone.org 3600 IN AAAA ::1')); +is($list->rr_count, 1, 'Added one rr'); +like($list->rr(0)->to_string, qr/^ns\.myzone\.org\.\s+3600\s+IN\s+AAAA\s+::1$/, 'Added rr is at position 0'); +$list->push(new DNS::LDNS::RR(str => 'ns.myzone.org 7200 IN A 192.168.100.2')); +is($list->rr_count, 2, 'Added another rr'); +like($list->rr(1)->to_string, qr/^ns\.myzone\.org\.\s+7200\s+IN\s+A\s+192\.168\.100\.2$/, 'Last added rr is at position 1'); +like($list->pop->to_string, qr/^ns\.myzone\.org\.\s+7200\s+IN\s+A\s+192\.168\.100\.2$/, 'pop the last element'); +is($list->rr_count, 1, '1 element left in the list'); + +# Push/pop list +my $l2 = new DNS::LDNS::RRList; +$l2->push(new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.0')); +$l2->push(new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.1')); +$list->push_list($l2); +is($list->rr_count, 3, 'Pushed two elements. List count is now 3.'); +$list->push_list($l2); +$list->push_list($l2); +my $l3 = $list->pop_list(1); +is($list->rr_count, 6, 'Pushed 4 elements, popped 1, count is now 6'); +is($l3->rr_count, 1, 'Popped list contains 1 elements'); +$l3 = $list->pop_list(3); +is($list->rr_count, 3, 'Popped 3 elements, count is now 3'); +is($l3->rr_count, 3, 'Popped list contains 3 elements'); + +# RRSets +ok($l2->is_rrset, 'List is rrset'); +ok(!$list->is_rrset, 'List is no longer an rrset'); +my $rrset = $list->pop_rrset; +ok($rrset->is_rrset, 'Popped list is rrset'); +is($rrset->rr_count, 2, 'Popped rrset has two elements.'); + +# Compare, contains, subtype +my $rr = new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.0'); +ok($rrset->contains_rr($rr), 'RRSet contains rr '.$rr->to_string); +is($list->compare($l2), -1, '$list < $l2'); +is($l2->compare($list), 1, '$l2 > $list'); + +$list->push(new DNS::LDNS::RR(str => 'ns3.myzone.org 3600 IN A 192.168.100.0'), + new DNS::LDNS::RR(str => 'ns3.myzone.org 3600 IN A 192.168.100.1'), + new DNS::LDNS::RR(str => 'ns4.myzone.org 3600 IN A 192.168.100.1')); +my $subtype = $list->subtype_by_rdata( + new DNS::LDNS::RData(LDNS_RDF_TYPE_A, '192.168.100.1'), 0); +is($subtype->to_string, "ns3.myzone.org.\t3600\tIN\tA\t192.168.100.1\nns4.myzone.org.\t3600\tIN\tA\t192.168.100.1\n", 'Filter rrs by rdata'); + +# DNSSec signature verification +my $keylist = new DNS::LDNS::RRList; +$keylist->push( + new DNS::LDNS::RR(str => 'trondheim.no. 3600 IN DNSKEY 256 3 8 AwEAAZIDdRI8I+F/J6OT8xX7CbGQYRr8rWH9dvloUlRJXcEVE2pRAez6 pJC5Odg+i2WvDUeE4tUO1gwwjU83TIinZxxsDnqr7FzvqpHeJbVd2N3d S4zaJcbjSnwMqdebmTEXSrflp8DeIAH0GQGNQjhOPubbb/nADYP2RS1i CoOADa8P'), + new DNS::LDNS::RR(str => 'trondheim.no. 3600 IN DNSKEY 257 3 8 AwEAAax9EgKyRsMpU2B0E2dZ+nkWnmZHjlBO3uXBI+2x33dG8bk+XSqr kyWTelhhsqLqIxsaYSwYgzLtn+/qzlFjKwcaU95p+Tp95MOVXYqUtRyC VyLGkzA7ZDbx7TFCi3PyLDM/Arx+DvOx6nNvA/erqIU5gYEo9Nm1KXEy rhfSn3xc96p1AOhmTuSo6EfYlPY4gxHDgJdHFv7Fi9zV6VFmJ29h0rsG 5g3pV1lvCcGcxfRLJ1u7JRw2BWMo9lgHzGuypEVV7iLnvbfDlXhF+jAS owR2JxlESC3dOgNiNWvc4pbyVXBXpP6h/5JpcxkzF7BNJMZiLN14qvam G1+LuZM8qfc=') +); + +my $soalist = new DNS::LDNS::RRList; +$soalist->push( + new DNS::LDNS::RR(str => 'trondheim.no. 3600 IN SOA charm.norid.no. hostmaster.norid.no. 2013021137 14400 1800 2419200 3600') +); + +my $siglist = new DNS::LDNS::RRList; +$siglist->push( + new DNS::LDNS::RR(str => 'trondheim.no. 3600 IN RRSIG SOA 8 2 3600 20130227105101 20130213090318 36381 trondheim.no. NbeN8E4pvQSDk3Dn0i8B4e2A3KAY8JrX+zcJazPTgHbT6wjzCncn3ANn 6rs+HdcCLtptyX1QbzlZD/lOY8kjJw5TEUoFX2Q/2sBYdt1aT6qgt/+H o71iUz3bk1V73zjSG/OpqG0oXmjCWSBZgzK6UI+zGlgG0Kvrc7H1pw5S ZBA=') +); + +my ($status, $goodkeys) = $soalist->verify_notime($siglist, $keylist); +is ($status, LDNS_STATUS_OK, 'Verification returned status ok.'); +is ($goodkeys->rr_count, 1, 'One key matched the signature.'); + +my $klist = new DNS::LDNS::KeyList; +$klist->push(new DNS::LDNS::Key(filename => "$Bin/testdata/key.private")); +$klist->key(0)->set_pubkey_owner( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone.org')); +my $sigs = $l2->sign_public($klist); +is($sigs->rr_count, 1, 'Sign public, got 1 rrsig'); diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/key.private b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/key.private new file mode 100644 index 0000000..5b6601b --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/key.private @@ -0,0 +1,13 @@ +Private-key-format: v1.2 +Algorithm: 7 (NSEC3RSASHA1) +Modulus: +D+CE6ST+vFtbnXLdNESSprWSpbpRqEyri20vOx/JIViYdflGQyT0SDWSAE0JqtRlq73qSTDNuR3KWG/57oQQQ5P/wdQaF4TXA/nGjQJPEnhwKVUPVl5WRvqJLpW3C5xSSkhUkwjCp8y6z4NkbX0x7kum9ZTyTai6hkAhjyXu56yXAHX80DWadGK7RmX4JNlJalp2O33hJmakw8BVpgM9yaN4TixVsmZyHLi4hLjMAsjkEEJnfV8WoMEyyjs4kdKDHQAIa854loRcOluT1FiBKgecVAjDu/mkxnqYedN68Yx/wi7D+eClGf/gZjsmuoKKxCxnvDkRCKxrdMJtrsduw== +PublicExponent: AQAB +PrivateExponent: A8m0SmhweZvFd7IEcLvf85N5QZob5SAAjffUki1poz0Fy0hoDoHKn55IpsCd8xkaHZp93O7aq7PAvbjoHLkSFmwJfHK4H1+QHA+CDzxMB8d40l+zcVw0Jc/vOrA9Mw7iW6NtBrxyrG7RcBV6T4bfPUzuESKsFJ3oznmjMGksR4iUrnYAoUgi1pCQlxhSkPM74YhNWbUxYr4gRlL2xGGcJ2qMM8KG06or/Ok+d4bxnxiDBo41THik8ptfu/DL3HrJLOJ1CrvZGy9Q3uFiCvfD9Sk+eOZz1XPkJrUDKGYGoUvZc8enStXSM+TKd3EQy5owjJt+j2h0JdYJM8pxF2EWwQ== +Prime1: /5r4e+6kJS/+UJ0DMenJGm0vxfgFHvk5yLfz+1sKd6C9qQJN5da1m6kWuPdtBG7XGhZb8cJPOfK//g9hVS9GYEDyYmhYZsPTL+1vkiecDpeEQkrf4RCtU7NXLNT/AVNe01iEnIGuKbva6z19P1hjNO23d7LXHil1oULM1W8O1Z8= +Prime2: +KGhJOe+dB5Ud9cFlspMIIpZKHvoDc8VUb2avnhicDX5YC8dVS3nBoyc1cBNgxi4nSvBSl8/fwNT1cHJsPj7Xp2FOAsIBITRnmQt2P5JDpTEuMkEjMT8h/gJ8WnJ0+/VQhLG6rfsSAXdXvVhP4VYttPdiQ0fAe8b5v2MH1VzamU= +Exponent1: UWCEVeifR9ukywOCHeUBirFScWPKNZdBR18RhWfxyC5b07ARHuihvyIxQsg7ZBrpzrtpoGmtkZRwfbFl2poHfOOQh7YS1vzngq3ERLLpo1en2vc9mckWdbx2N6bEXSau3Pikl7NNwKm3RAe6lW1NgG9iZvCAPnESqzm6PwVxop8= +Exponent2: FMsnt/dttTZoKBGilQbcMQiBBmK+eJEuHkT2MSHOUcYh0gp+sIYDQUf3QeUwVlt17ScgpkCrBctYcpMfdB6On04bOyGpDP+yrEWClBhIMeD9RtsA92juGc0Dv93yFDiFpF3/pte0+h0Lc4qgFHjpf3jemTywsC+4LKxd0K0L1wU= +Coefficient: klnXksRr0Z8HPLASytPt4EeBK3Md7MM+Ihm6DIM5PA/KO9k0s8231hspcxBDj37HYwJ7eD77svUJFzdUOqIT8gChc6uq9VI9NFggs8rn4EndoEe+zU477NpL4U09LMfbAN+NATkhDWabVIQBeGqpIAR0fxFIqGhDtkiLyNqhq3c= +Created: 20120614100023 +Publish: 20120614100023 +Activate: 20120614100023 diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/myzone.org b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/myzone.org new file mode 100644 index 0000000..a99a9fe --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/myzone.org @@ -0,0 +1,17 @@ +$TTL 4500 +$ORIGIN myzone.org. + +myzone.org. 1000 IN SOA ( + ldns.myzone.org. + ns.ldns.myzone.org. + 2012113030 + 12345 + 1827 + 2345678 + 87654 ) + +ns.ldns A 192.168.100.2 +ns2 5600 IN AAAA 2001:dead:dead::2 +ns2 6600 IN A 192.168.100.7 +ns1 3600 IN A 192.168.100.2 +ns1 4600 IN AAAA 2001:dead:dead::1 diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/resolv.conf b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/resolv.conf new file mode 100644 index 0000000..b66ae57 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/testdata/resolv.conf @@ -0,0 +1,3 @@ +nameserver 127.0.0.1 +nameserver 192.168.100.1 +search foo.bar.org diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/zone.t b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/zone.t new file mode 100644 index 0000000..522a856 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/t/zone.t @@ -0,0 +1,75 @@ +use Test::More tests => 16; + +use FindBin qw/$Bin/; + +use DNS::LDNS ':all'; + +BEGIN { use_ok('DNS::LDNS') }; + +# Create a new zone +my $z = new DNS::LDNS::Zone; +isa_ok($z, 'DNS::LDNS::Zone', 'Create an empty zone'); + +# Fill inn a soa and some rrs +$z->set_soa(new DNS::LDNS::RR(str => join(' ', qw/myzone.org 1000 IN SOA + hostmaster.myzone.org. master.myzone.org. 2012113030 12345 1827 2345678 + 87654/))); + +is($z->soa->dname, 'myzone.org.', 'Found soa record'); + +my $rrs = new DNS::LDNS::RRList; +$rrs->push(new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.2'), + new DNS::LDNS::RR(str => 'ns2.myzone.org 3600 IN A 192.168.100.9'), + new DNS::LDNS::RR(str => 'ns3.myzone.org 3600 IN A 192.168.100.2'), + new DNS::LDNS::RR(str => 'ns1.myzone.org 3600 IN A 192.168.100.7')); + +$z->set_rrs($rrs); +is($z->rrs->rr(0)->to_string, "ns2.myzone.org.\t3600\tIN\tA\t192.168.100.2\n", + 'Check first rr'); +is($z->rrs->rr(3)->to_string, "ns1.myzone.org.\t3600\tIN\tA\t192.168.100.7\n", + 'Check last rr'); + +$z->sort; +is($z->rrs->rr(0)->to_string, "ns1.myzone.org.\t3600\tIN\tA\t192.168.100.7\n", + 'Check first rr after sorting'); +is($z->rrs->rr(3)->to_string, "ns3.myzone.org.\t3600\tIN\tA\t192.168.100.2\n", + 'Check last rr after sorting'); + +# Read a zone from file +my $z2 = new DNS::LDNS::Zone( + filename => "$Bin/testdata/myzone.org", ttl => 100); + +$z2->canonicalize; + +like($z2->to_string, qr/\nns.ldns.myzone.org.\s+/, 'Canonicalize'); + +like($z2->to_string, qr/^myzone.org.\s+1000\s+IN\s+SOA\s+ldns.myzone.org.\s+ns.ldns.myzone.org.\s+2012113030\s+12345\s+1827\s+2345678\s+87654\s+/, 'Found soa rec'); + +like($z2->to_string, qr/ns.ldns.myzone.org.\s+4500\s+IN\s+A\s+192.168.100.2/, 'Found ns rec'); + +like($z2->to_string, qr/ns2.myzone.org.\s+5600\s+IN\s+AAAA\s+2001:dead:dead::2/, 'Found yet another ns rec'); + +is($z2->rrs->rr_count, 5, 'Zone has 5 rrs'); + +my $klist = new DNS::LDNS::KeyList; +$klist->push(new DNS::LDNS::Key(filename => "$Bin/testdata/key.private")); +$klist->key(0)->set_pubkey_owner( + new DNS::LDNS::RData(LDNS_RDF_TYPE_DNAME, 'myzone.org')); + +my $z3 = $z2->sign($klist); + +my $sigc = grep { $z3->rrs->rr($_)->type == LDNS_RR_TYPE_RRSIG } + (0 .. $z3->rrs->rr_count - 1); +is($sigc, 10, 'Signed zone has 10 signatures'); +my $nsecc = grep { $z3->rrs->rr($_)->type == LDNS_RR_TYPE_NSEC } + (0 .. $z3->rrs->rr_count - 1); +is($nsecc, 4, 'Signed zone has 3 nsec recs'); + +my $z4 = $z2->sign_nsec3($klist, 1, 0, 2, 'ABC'); + +my $sigc3 = grep { $z4->rrs->rr($_)->type == LDNS_RR_TYPE_RRSIG } + (0 .. $z4->rrs->rr_count - 1); +is($sigc3, 12, 'NSEC3-signed zone has 12 signatures'); +my $nsecc3 = grep { $z4->rrs->rr($_)->type == LDNS_RR_TYPE_NSEC3 } + (0 .. $z4->rrs->rr_count - 1); +is($nsecc3, 5, 'NSEC3-signed zone has 5 nsec recs'); diff --git a/zonemaster-ldns/ldns/contrib/DNS-LDNS/typemap b/zonemaster-ldns/ldns/contrib/DNS-LDNS/typemap new file mode 100644 index 0000000..7bafc61 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/DNS-LDNS/typemap @@ -0,0 +1,71 @@ +TYPEMAP +DNS__LDNS__Zone LDNS_GENERIC_STRUCT +DNS__LDNS__RRList LDNS_GENERIC_STRUCT +DNS__LDNS__RR LDNS_GENERIC_STRUCT +DNS__LDNS__RData LDNS_GENERIC_STRUCT +DNS__LDNS__DNSSecZone LDNS_GENERIC_STRUCT +DNS__LDNS__DNSSecRRSets LDNS_GENERIC_STRUCT +DNS__LDNS__DNSSecRRs LDNS_GENERIC_STRUCT +DNS__LDNS__DNSSecName LDNS_GENERIC_STRUCT +DNS__LDNS__RBTree LDNS_GENERIC_STRUCT +DNS__LDNS__RBNode LDNS_GENERIC_STRUCT +DNS__LDNS__Resolver LDNS_GENERIC_STRUCT +DNS__LDNS__Packet LDNS_GENERIC_STRUCT +DNS__LDNS__Key LDNS_GENERIC_STRUCT +DNS__LDNS__KeyList LDNS_GENERIC_STRUCT +DNS__LDNS__DNSSecDataChain LDNS_GENERIC_STRUCT +DNS__LDNS__DNSSecTrustTree LDNS_GENERIC_STRUCT +Mortal_PV Mortal_PV + +DNS__LDNS__RR__Opt LDNS_GENERIC_STRUCT_OPT +DNS__LDNS__RData__Opt LDNS_GENERIC_STRUCT_OPT + +LDNS_Pkt_Opcode T_ENUM +LDNS_Pkt_Rcode T_ENUM +LDNS_Pkt_Section T_ENUM +LDNS_Pkt_Type T_ENUM +LDNS_RR_Type T_ENUM +LDNS_RR_Class T_ENUM +LDNS_RDF_Type T_ENUM +LDNS_Hash T_ENUM +LDNS_Status T_ENUM +LDNS_Signing_Algorithm T_ENUM + +uint32_t T_UV +uint16_t T_UV +uint8_t T_UV +signed char T_UV + +INPUT +LDNS_GENERIC_STRUCT_OPT + if (!SvOK($arg)) { + $var = NULL; + } + else if (sv_derived_from($arg, \"${(my $ntt=$ntype)=~s/__/::/g;$ntt=~s/::Opt$//;\$ntt}\")){ + IV tmp = SvIV((SV*)SvRV($arg)); + $var = INT2PTR($type, tmp); + } + else + croak(\"$var is not of type ${(my $ntt=$ntype)=~s/__/::/g;$ntt=~s/::Opt$//;\$ntt}\") + +INPUT +LDNS_GENERIC_STRUCT + if (sv_derived_from($arg, \"${(my $ntt=$ntype)=~s/__/::/g;\$ntt}\")){ + IV tmp = SvIV((SV*)SvRV($arg)); + $var = INT2PTR($type, tmp); + } + else + croak(\"$var is not of type ${(my $ntt=$ntype)=~s/__/::/g;\$ntt}\") + +OUTPUT +LDNS_GENERIC_STRUCT + sv_setref_pv($arg, \"${(my $ntt=$ntype)=~s/__/::/g;\$ntt}\", (void*)$var); + +OUTPUT +LDNS_GENERIC_STRUCT_OPT + sv_setref_pv($arg, \"${(my $ntt=$ntype)=~s/__/::/g;$ntt=~s/::Opt$//;\$ntt}\", (void*)$var); + +OUTPUT +Mortal_PV + sv_setsv($arg, sv_2mortal(newSVpv($var, 0))); + free((void *)$var); diff --git a/zonemaster-ldns/ldns/contrib/NETLDNS.readme.txt b/zonemaster-ldns/ldns/contrib/NETLDNS.readme.txt new file mode 100644 index 0000000..29069b6 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/NETLDNS.readme.txt @@ -0,0 +1,10 @@ +NETLDNS is a functionality port of NLnet Labs' LDNS to the .NET +2.0 framework, contributed by Alex Nicoll of the Carnegie Mellon +University Software Engineering Institute. NETLDNS is released +under the BSD license. NETLDNS uses Mihnea Radulescu's BigInteger +Library (http://www.codeproject.com/KB/cs/BigInteger_Library.aspx) +from CodeProject to help with key manipulation. Please contact Alex at +anicoll@cert.org with inquiries or requests for newer versions. + +This project is not supported by NLnet Labs. + diff --git a/zonemaster-ldns/ldns/contrib/NETLDNS.tar.gz b/zonemaster-ldns/ldns/contrib/NETLDNS.tar.gz new file mode 100644 index 0000000..b9d51a1 Binary files /dev/null and b/zonemaster-ldns/ldns/contrib/NETLDNS.tar.gz differ diff --git a/zonemaster-ldns/ldns/contrib/build-solaris.sh b/zonemaster-ldns/ldns/contrib/build-solaris.sh new file mode 100644 index 0000000..c4719de --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/build-solaris.sh @@ -0,0 +1,50 @@ +#!/bin/ksh +# +# $Id$ + + +PREFIX=/opt/ldns +OPENSSL=/usr/sfw +SUDO=sudo + +MAKE_PROGRAM=gmake +MAKE_ARGS="-j 4" + +OBJ32=obj32 +OBJ64=obj64 + +SRCDIR=`pwd` + + +test -d $OBJ32 && $SUDO rm -fr $OBJ32 +mkdir $OBJ32 + +export CFLAGS="" +export LDFLAGS="-L${OPENSSL}/lib -R${OPENSSL}/lib" + +(cd $OBJ32; \ +${SRCDIR}/configure --with-ssl=${OPENSSL} --prefix=${PREFIX} --libdir=${PREFIX}/lib; \ +$MAKE_PROGRAM $MAKE_ARGS) + +if [ `isainfo -k` = amd64 ]; then + test -d $OBJ64 && $SUDO rm -fr $OBJ64 + mkdir $OBJ64 + + export CFLAGS="-m64" + export LDFLAGS="-L${OPENSSL}/lib/amd64 -R${OPENSSL}/lib/amd64" + + (cd $OBJ64; \ + ${SRCDIR}/configure --with-ssl=${OPENSSL} --prefix=${PREFIX} --libdir=${PREFIX}/lib/amd64; \ + $MAKE_PROGRAM $MAKE_ARGS) +fi + +# optionally install +# +if [ x$1 = xinstall ]; then + (cd $OBJ32; $SUDO $MAKE_PROGRAM install-h) + (cd $OBJ32; $SUDO $MAKE_PROGRAM install-doc) + (cd $OBJ32; $SUDO $MAKE_PROGRAM install-lib) + if [ `isainfo -k` = amd64 ]; then + (cd $OBJ64; $SUDO $MAKE_PROGRAM install-lib) + fi +fi diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/LICENSE b/zonemaster-ldns/ldns/contrib/ldnsx/LICENSE new file mode 100644 index 0000000..070658d --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/LICENSE @@ -0,0 +1,28 @@ +Copyright (c) 2011, Xelerance +Author: Christopher Olah + +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of Xelerance nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/Makefile b/zonemaster-ldns/ldns/contrib/ldnsx/Makefile new file mode 100644 index 0000000..92e70ce --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/Makefile @@ -0,0 +1,89 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = build + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source + +.PHONY: help clean html dirhtml pickle json htmlhelp qthelp latex changes linkcheck doctest + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + +clean: + -rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/ldnsx.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/ldnsx.qhc" + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \ + "run these through (pdf)latex." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/README b/zonemaster-ldns/ldns/contrib/ldnsx/README new file mode 100644 index 0000000..780cf83 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/README @@ -0,0 +1,36 @@ +LDNSX: Easy DNS (including DNSSEC) via ldns. + +ldns is a great library. It is a powerful tool for +working with DNS. python-ldns it is a straight up clone of the C +interface, however that is not a very good interface for python. Its +documentation is incomplete and some functions don't work as +described. And some objects don't have a full python API. + +ldnsx aims to fix this. It wraps around the ldns python bindings, +working around its limitations and providing a well-documented, more +pythonistic interface. + +Written by Christopher Olah + +Examples +======== + +Query the default resolver for google.com's A records. Print the response +packet. + +>>> import ldnsx +>>> resolver = ldnsx.resolver() +>>> print resolver.query("google.com","A") + +Print the NS records for com. from f.root-servers.net if we get a +response, else an error message. + +>>> import ldnsx +>>> pkt = ldnsx.resolver("f.root-servers.net").query("com.","NS") +>>> if pkt: +>>> for rr in pkt.answer(): +>>> print rr +>>> else: +>>> print "response not received" + + diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-axfr.py b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-axfr.py new file mode 100644 index 0000000..224bb57 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-axfr.py @@ -0,0 +1,30 @@ +#!/usr/bin/python +# vim:fileencoding=utf-8 +# +# AXFR client with IDN (Internationalized Domain Names) support +# + +import ldns +import encodings.idna + +def utf2name(name): + return '.'.join([encodings.idna.ToASCII(a) for a in name.split('.')]) +def name2utf(name): + return '.'.join([encodings.idna.ToUnicode(a) for a in name.split('.')]) + +resolver = ldnsx.resolver("zone.nic.cz") + +#Print results +for rr in resolver.AXFR(utf2name(u"háčkyčárky.cz")): + # rdf = rr.owner() + # if (rdf.get_type() == ldns.LDNS_RDF_TYPE_DNAME): + # print "RDF owner: type=",rr.type(),"data=",name2utf(rr.owner()) + # else: + # print "RDF owner: type=",rdf.get_type_str(),"data=",str(rdf) + # print " RR type=", rr.get_type_str()," ttl=",rr.ttl() + # for rdf in rr.rdfs(): + # if (rdf.get_type() == ldns.LDNS_RDF_TYPE_DNAME): + # print " RDF: type=",rdf.get_type_str(),"data=",name2utf(str(rdf)) + # else: + # print " RDF: type=",rdf.get_type_str(),"data=",str(rdf) + diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-dnssec.py b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-dnssec.py new file mode 100644 index 0000000..c28ad5c --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-dnssec.py @@ -0,0 +1,39 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +import ldnsx +import sys + +debug = True + +if len(sys.argv) < 2: + print "Usage:", sys.argv[0], "domain [resolver_addr]" + sys.exit(1) + +name = sys.argv[1] + +# Create resolver +resolver = ldnsx.resolver(dnssec=True) + +# Custom resolver +if len(sys.argv) > 2: + # Clear previous nameservers + resolver.set_nameservers(sys.argv[2:]) + +# Resolve DNS name +pkt = resolver.query(name, "A") + +if pkt and pkt.answer(): + + # Debug + if debug: + print "NS returned:", pkt.rcode(), "(AA: %d AD: %d)" % ( "AA" in pkt.flags(), "AD" in pkt.flags() ) + + # SERVFAIL indicated bogus name + if pkt.rcode() == "SERVFAIL": + print name, "failed to resolve" + + # Check AD (Authenticated) bit + if pkt.rcode() == "NOERROR": + if "AD" in pkt.flags(): print name, "is secure" + else: print name, "is insecure" + diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-mx1.py b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-mx1.py new file mode 100644 index 0000000..60dfc42 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-mx1.py @@ -0,0 +1,11 @@ +import ldnsx + +resolver = ldnsx.resolver() + +pkt = resolver.query("nic.cz", "MX") + +if (pkt): + mx = pkt.answer() + if (mx): + mx.sort() + print mx diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-mx2.py b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-mx2.py new file mode 100644 index 0000000..8bee67f --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-mx2.py @@ -0,0 +1,17 @@ +#!/usr/bin/python +# +# MX is a small program that prints out the mx records for a particular domain +# +import ldnsx + +resolver = ldnsx.resolver() + +pkt = resolver.query("nic.cz", "MX") +if pkt: + for rr in pkt.answer(rr_type = "MX"): + rdf = rr.owner() + print rr + #Could also do: + #print rr[0], rr[1], rr[2], rr[3], " ".join(rr[4:]) + #print rr.owner(), rr.ttl(), rr.rr_clas(), rr.rr_type(), " ".join(rr[4:]) + diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-walk.py b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-walk.py new file mode 100755 index 0000000..9810939 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/examples/ldnsx-walk.py @@ -0,0 +1,25 @@ +#!/usr/bin/python +# vim:fileencoding=utf-8 +# +# Walk a domain that's using NSEC and print in zonefile format. + +import sys +import ldnsx + +def walk(domain): + res = ldnsx.resolver("193.110.157.136", dnssec=True) + pkt = res.query(domain, 666) + try: + nsec_rr = pkt.authority(rr_type="NSEC")[0] + except: + print "no NSEC found, domain is not signed or using NSEC3" + sys.exit() + for rr_type in nsec_rr[5].split(' ')[:-1]: + for rr in ldnsx.get_rrs(domain, rr_type): + print str(rr)[:-1] + next_rec = nsec_rr[4] + if (next_rec != domain) and (next_rec[-len(domain):] == domain): + walk(next_rec) + +walk("xelerance.com") + diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/ldnsx.py b/zonemaster-ldns/ldns/contrib/ldnsx/ldnsx.py new file mode 100644 index 0000000..57400cf --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/ldnsx.py @@ -0,0 +1,921 @@ +# Copyright (C) Xelerance Corp. . +# Author: Christopher Olah +# License: BSD + +""" Easy DNS (including DNSSEC) via ldns. + +ldns is a great library. It is a powerful tool for +working with DNS. python-ldns it is a straight up clone of the C +interface, however that is not a very good interface for python. Its +documentation is incomplete and some functions don't work as +described. And some objects don't have a full python API. + +ldnsx aims to fix this. It wraps around the ldns python bindings, +working around its limitations and providing a well-documented, more +pythonistic interface. + +**WARNING:** + +**API subject to change.** No backwards compatibility guarantee. Write software using this version at your own risk! + +Examples +-------- + +Query the default resolver for google.com's A records. Print the response +packet. + +>>> import ldnsx +>>> resolver = ldnsx.resolver() +>>> print resolver.query("google.com","A") + + +Print the root NS records from f.root-servers.net; if we get a +response, else an error message. + +>>> import ldnsx +>>> pkt = ldnsx.resolver("f.root-servers.net").query(".", "NS") +>>> if pkt: +>>> for rr in pkt.answer(): +>>> print rr +>>> else: +>>> print "response not received" + +""" + +import time, sys, calendar, warnings, socket +try: + import ldns +except ImportError: + print >> sys.stderr, "ldnsx requires the ldns-python sub-package from http://www.nlnetlabs.nl/projects/ldns/" + print >> sys.stderr, "Fedora/CentOS: yum install ldns-python" + print >> sys.stderr, "Debian/Ubuntu: apt-get install python-ldns" + print >> sys.stderr, "openSUSE: zypper in python-ldns" + sys.exit(1) + +__version__ = "0.1" + +def isValidIP(ipaddr): + try: + v4 = socket.inet_pton(socket.AF_INET,ipaddr) + return 4 + except: + try: + v6 = socket.inet_pton(socket.AF_INET6,ipaddr) + return 6 + except: + return 0 + +def query(name, rr_type, rr_class="IN", flags=["RD"], tries = 3, res=None): + """Convenience function. Creates a resolver and then queries it. Refer to resolver.query() + * name -- domain to query for + * rr_type -- rr_type to query for + * flags -- flags for query (list of strings) + * tries -- number of times to retry the query on failure + * res -- configurations for the resolver as a dict -- see resolver() + """ + if isinstance(res, list) or isinstance(res, tuple): + res = resolver(*res) + elif isinstance(res, dict): + res = resolver(**res) + else: + res = resolver(res) + return res.query(name, rr_type, rr_class, flags, tries) + +def get_rrs(name, rr_type, rr_class="IN", tries = 3, strict = False, res=None, **kwds): + """Convenience function. Gets RRs for name of type rr_type trying tries times. + If strict, it raises and exception on failure, otherwise it returns []. + * name -- domain to query for + * rr_type -- rr_type to query for + * flags -- flags for query (list of strings) + * tries -- number of times to retry the query on failure + * strict -- if the query fails, do we return [] or raise an exception? + * res -- configurations for the resolver as a dict -- see resolver() + * kwds -- query filters, refer to packet.answer() + """ + if isinstance(res, list) or isinstance(res, tuple): + res = resolver(*res) + elif isinstance(res, dict): + res = resolver(**res) + else: + res = resolver(res) + if "|" in rr_type: + pkt = res.query(name, "ANY", rr_class=rr_class, tries=tries) + else: + pkt = res.query(name, rr_type, rr_class=rr_class, tries=tries) + if pkt: + if rr_type in ["", "ANY", "*"]: + return pkt.answer( **kwds) + else: + return pkt.answer(rr_type=rr_type, **kwds) + else: + if strict: + raise Exception("LDNS couldn't complete query") + else: + return [] + +def secure_query(name, rr_type, rr_class="IN", flags=["RD"], tries = 1, flex=False, res=None): + """Convenience function. Creates a resolver and then does a DNSSEC query. Refer to resolver.query() + * name -- domain to query for + * rr_type -- rr_type to query for + * flags -- flags for query (list of strings) + * tries -- number of times to retry the query on failure + * flex -- if we can't verify data, exception or warning? + * res -- configurations for the resolver as a dict -- see resolver()""" + if isinstance(res, list) or isinstance(res, tuple): + res = resolver(*res) + elif isinstance(res, dict): + res = resolver(**res) + else: + res = resolver(res) + pkt = res.query(name, rr_type, rr_class, flags, tries) + if pkt.rcode() == "SERVFAIL": + raise Exception("%s lookup failed (server error or dnssec validation failed)" % name) + if pkt.rcode() == "NXDOMAIN": + if "AD" in pkt.flags(): + raise Exception("%s lookup failed (non-existence proven by DNSSEC)" % name ) + else: + raise Exception("%s lookup failed" % name ) + if pkt.rcode() == "NOERROR": + if "AD" not in pkt.flags(): + if not flex: + raise Exception("DNS lookup was insecure") + else: + warnings.warn("DNS lookup was insecure") + return pkt + else: + raise Exception("unknown ldns error, %s" % pkt.rcode()) + + + +class resolver: + """ A wrapper around ldns.ldns_resolver. + + **Examples** + + Making resolvers is easy! + + >>> from ldnsx import resolver + >>> resolver() # from /etc/resolv.conf + + >>> resolver("") # resolver with no nameservers + + >>> resolver("193.110.157.135") #resolver pointing to ip addr + + >>> resolver("f.root-servers.net") # resolver pointing ip address(es) resolved from name + + >>> resolver("193.110.157.135, 193.110.157.136") + >>> # resolver pointing to multiple ip addr, first takes precedence. + + + So is playing around with their nameservers! + + >>> import ldnsx + >>> res = ldnsx.resolver("192.168.1.1") + >>> res.add_nameserver("192.168.1.2") + >>> res.add_nameserver("192.168.1.3") + >>> res.nameservers_ip() + ["192.168.1.1","192.168.1.2","192.168.1.3"] + + And querying! + + >>> from ldnsx import resolver + >>> res= resolver() + >>> res.query("cow.com","A") + ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 7663 + ;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + ;; QUESTION SECTION: + ;; cow.com. IN A + ;; ANSWER SECTION: + cow.com. 300 IN A 208.87.34.18 + ;; AUTHORITY SECTION: + ;; ADDITIONAL SECTION: + ;; Query time: 313 msec + ;; SERVER: 192.168.111.9 + ;; WHEN: Fri Jun 3 11:01:02 2011 + ;; MSG SIZE rcvd: 41 + + + """ + + def __init__(self, ns = None, dnssec = False, tcp = False, port = 53): + """resolver constructor + + * ns -- the nameserver/comma delimited nameserver list + defaults to settings from /etc/resolv.conf + * dnssec -- should the resolver try and use dnssec or not? + * tcp -- should the resolver use TCP + 'auto' is a deprecated work around for old ldns problems + * port -- the port to use, must be the same for all nameservers + + """ + # We construct based on a file and dump the nameservers rather than using + # ldns_resolver_new() to avoid environment/configuration/magic specific + # bugs. + self._ldns_resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + if ns != None: + self.drop_nameservers() + nm_list = ns.split(',') + nm_list = map(lambda s: s.strip(), nm_list) + nm_list = list(filter(lambda s: s != "", nm_list)) + nm_list.reverse() + for nm in nm_list: + self.add_nameserver(nm) + # Configure DNSSEC, tcp and port + self.set_dnssec(dnssec) + if tcp == 'auto': + self.autotcp = True + self._ldns_resolver.set_usevc(False) + else: + self.autotcp = False + self._ldns_resolver.set_usevc(tcp) + self._ldns_resolver.set_port(port) + + + def query(self, name, rr_type, rr_class="IN", flags=["RD"], tries = 3): + """Run a query on the resolver. + + * name -- name to query for + * rr_type -- the record type to query for + * rr_class -- the class to query for, defaults to IN (Internet) + * flags -- the flags to send the query with + * tries -- the number of times to attempt to achieve query in case of packet loss, etc + + **Examples** + + Let's get some A records! + + >>> google_a_records = resolver.query("google.com","A").answer() + + Using DNSSEC is easy :) + + >>> dnssec_pkt = ldnsx.resolver(dnssec=True).query("xelerance.com") + + We let you use strings to make things easy, but if you prefer stay close to DNS... + + >>> AAAA = 28 + >>> resolver.query("ipv6.google.com", AAAA) + + **More about rr_type** + + rr_type must be a supported resource record type. There are a large number of RR types: + + =========== =================================== ================== + TYPE Value and meaning Reference + =========== =================================== ================== + A 1 a host address [RFC1035] + NS 2 an authoritative name server [RFC1035] + ... + AAAA 28 IP6 Address [RFC3596] + ... + DS 43 Delegation Signer [RFC4034][RFC3658] + ... + DNSKEY 48 DNSKEY [RFC4034][RFC3755] + ... + Unassigned 32770-65279 + Private use 65280-65534 + Reserved 65535 + =========== =================================== ================== + + (From http://www.iana.org/assignments/dns-parameters) + + RR types are given as a string (eg. "A"). In the case of Unassigned/Private use/Reserved ones, + they are given as "TYPEXXXXX" where XXXXX is the number. ie. RR type 65280 is "TYPE65280". You + may also pass the integer, but you always be given the string. + + If the version of ldnsx you are using is old, it is possible that there could be new rr_types that + we don't recognise mnemonic for. You can still use the number XXX or the string "TYPEXXX". To + determine what rr_type mnemonics we support, please refer to resolver.supported_rr_types() + + """ + # Determine rr_type int + if rr_type in _rr_types.keys(): + _rr_type = _rr_types[rr_type] + elif isinstance(rr_type,int): + _rr_type = rr_type + elif isinstance(rr_type,str) and rr_type[0:4] == "TYPE": + try: + _rr_type = int(rr_type[4:]) + except: + raise Exception("%s is a bad RR type. TYPEXXXX: XXXX must be a number") + else: + raise Exception("ldnsx (version %s) does not support the RR type %s." % (__version__, str(rr_type)) ) + # Determine rr_class int + if rr_class == "IN": _rr_class = ldns.LDNS_RR_CLASS_IN + elif rr_class == "CH": _rr_class = ldns.LDNS_RR_CLASS_CH + elif rr_class == "HS": _rr_class = ldns.LDNS_RR_CLASS_HS + else: + raise Exception("ldnsx (version %s) does not support the RR class %s." % (__version__, str(rr_class)) ) + # Determine flags int + _flags = 0 + if "QR" in flags: _flags |= ldns.LDNS_QR + if "AA" in flags: _flags |= ldns.LDNS_AA + if "TC" in flags: _flags |= ldns.LDNS_TC + if "RD" in flags: _flags |= ldns.LDNS_RD + if "CD" in flags: _flags |= ldns.LDNS_CD + if "RA" in flags: _flags |= ldns.LDNS_RA + if "AD" in flags: _flags |= ldns.LDNS_AD + # Query + if tries == 0: return None + try: + pkt = self._ldns_resolver.query(name, _rr_type, _rr_class, _flags) + except KeyboardInterrupt: #Since so much time is spent waiting on ldns, this is very common place for Ctr-C to fall + raise + except: #Since the ldns exception is not very descriptive... + raise Exception("ldns backend ran into problems. Likely, the name you were querying for, %s, was invalid." % name) + #Deal with failed queries + if not pkt: + if tries <= 1: + return None + else: + # One of the major causes of none-packets is truncation of packets + # When autotcp is set, we are in a flexible enough position to try and use tcp + # to get around this. + # Either way, we want to replace the resolver, since resolvers will sometimes + # just freeze up. + if self.autotcp: + self = resolver( ",".join(self.nameservers_ip()),tcp=True, dnssec = self._ldns_resolver.dnssec()) + self.autotcp = True + pkt = self.query(name, rr_type, rr_class=rr_class, flags=flags, tries = tries-1) + self._ldns_resolver.set_usevc(False) + return pkt + else: + self = resolver( ",".join(self.nameservers_ip()), tcp = self._ldns_resolver.usevc(), dnssec = self._ldns_resolver.dnssec() ) + time.sleep(1) # It could be that things are failing because of a brief outage + return self.query(name, rr_type, rr_class=rr_class, flags=flags, tries = tries-1) + elif self.autotcp: + pkt = packet(pkt) + if "TC" in pkt.flags(): + self._ldns_resolver.set_usevc(True) + pkt2 = self.query(name, rr_type, rr_class=rr_class, flags=flags, tries = tries-1) + self._ldns_resolver.set_usevc(False) + if pkt2: return packet(pkt2) + return pkt + return packet(pkt) + #ret = [] + #for rr in pkt.answer().rrs(): + # ret.append([str(rr.owner()),rr.ttl(),rr.get_class_str(),rr.get_type_str()]+[str(rdf) for rdf in rr.rdfs()]) + #return ret + + def suported_rr_types(self): + """ Returns the supported DNS resource record types. + + Refer to resolver.query() for thorough documentation of resource + record types or refer to: + + http://www.iana.org/assignments/dns-parameters + + """ + return _rr_types.keys() + + def AXFR(self,name): + """AXFR for name + + * name -- name to AXFR for + + This function is a generator. As it AXFRs it will yield you the records. + + **Example** + + Let's get a list of the tlds (gotta catch em all!): + + >>> tlds = [] + >>> for rr in resolver("f.root-servers.net").AXFR("."): + >>> if rr.rr_type() == "NS": + >>> tlds.append(rr.owner()) + + """ + #Dname seems to be unnecessary on some computers, but it is on others. Avoid bugs. + if self._ldns_resolver.axfr_start(ldns.ldns_dname(name), ldns.LDNS_RR_CLASS_IN) != ldns.LDNS_STATUS_OK: + raise Exception("Starting AXFR failed. Error: %s" % ldns.ldns_get_errorstr_by_id(status)) + pres = self._ldns_resolver.axfr_next() + while pres: + yield resource_record(pres) + pres = self._ldns_resolver.axfr_next() + + def nameservers_ip(self): + """ returns a list of the resolvers nameservers (as IP addr) + + """ + nm_stack2 =[] + nm_str_stack2=[] + nm = self._ldns_resolver.pop_nameserver() + while nm: + nm_stack2.append(nm) + nm_str_stack2.append(str(nm)) + nm = self._ldns_resolver.pop_nameserver() + for nm in nm_stack2: + self._ldns_resolver.push_nameserver(nm) + nm_str_stack2.reverse() + return nm_str_stack2 + + + def add_nameserver(self,ns): + """ Add a nameserver, IPv4/IPv6/name. + + """ + if isValidIP(ns) == 4: + address = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A,ns) + self._ldns_resolver.push_nameserver(address) + elif isValidIP(ns) == 6: + address = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_AAAA,ns) + self._ldns_resolver.push_nameserver(address) + else: + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + #address = resolver.get_addr_by_name(ns) + address = resolver.get_addr_by_name(ldns.ldns_dname(ns)) + if not address: + address = resolver.get_addr_by_name(ldns.ldns_dname(ns)) + if not address: + raise Exception("Failed to resolve address for %s" % ns) + for rr in address.rrs(): + self._ldns_resolver.push_nameserver_rr(rr) + + def drop_nameservers(self): + """Drops all nameservers. + This function causes the resolver to forget all nameservers. + + """ + while self._ldns_resolver.pop_nameserver(): + pass + + def set_nameservers(self, nm_list): + """Takes a list of nameservers and sets the resolver to use them + + """ + self.drop_nameservers() + for nm in nm_list: + self.add_nameserver(nm) + + def __repr__(self): + return "" % ", ".join(self.nameservers_ip()) + __str__ = __repr__ + + def set_dnssec(self,new_dnssec_status): + """Set whether the resolver uses DNSSEC. + + """ + self._ldns_resolver.set_dnssec(new_dnssec_status) + +class packet: + + def _construct_rr_filter(self, **kwds): + def match(pattern, target): + if pattern[0] in ["<",">","!"]: + rel = pattern[0] + pattern=pattern[1:] + elif pattern[0:2] in ["<=","=>"]: + rel = pattern[0:2] + pattern=pattern[2:] + else: + rel = "=" + for val in pattern.split("|"): + if {"<" : target < val, + ">" : target > val, + "!" : target != val, + "=" : target == val, + ">=": target >= val, + "<=": target <= val}[rel]: + return True + return False + def f(rr): + for key in kwds.keys(): + if ( ( isinstance(kwds[key], list) and str(rr[key]) not in map(str,kwds[key]) ) + or ( not isinstance(kwds[key], list) and not match(str(kwds[key]), str(rr[key])))): + return False + return True + return f + + def __init__(self, pkt): + self._ldns_pkt = pkt + + def __repr__(self): + return str(self._ldns_pkt) + __str__ = __repr__ + + def rcode(self): + """Returns the rcode. + + Example returned value: "NOERROR" + + possible rcodes (via ldns): "FORMERR", "MASK", "NOERROR", + "NOTAUTH", "NOTIMPL", "NOTZONE", "NXDOMAIN", + "NXRSET", "REFUSED", "SERVFAIL", "SHIFT", + "YXDOMAIN", "YXRRSET" + + Refer to http://www.iana.org/assignments/dns-parameters + section: DNS RCODEs + """ + return self._ldns_pkt.rcode2str() + + def opcode(self): + """Returns the rcode. + + Example returned value: "QUERY" + + """ + return self._ldns_pkt.opcode2str() + + def flags(self): + """Return packet flags (as list of strings). + + Example returned value: ['QR', 'RA', 'RD'] + + **What are the flags?** + + ======== ==== ===================== ========= + Bit Flag Description Reference + ======== ==== ===================== ========= + bit 5 AA Authoritative Answer [RFC1035] + bit 6 TC Truncated Response [RFC1035] + bit 7 RD Recursion Desired [RFC1035] + bit 8 RA Recursion Allowed [RFC1035] + bit 9 Reserved + bit 10 AD Authentic Data [RFC4035] + bit 11 CD Checking Disabled [RFC4035] + ======== ==== ===================== ========= + + (from http://www.iana.org/assignments/dns-parameters) + + There is also QR. It is mentioned in other sources, + though not the above page. It being false means that + the packet is a query, it being true means that it is + a response. + + """ + ret = [] + if self._ldns_pkt.aa(): ret += ["AA"] + if self._ldns_pkt.ad(): ret += ["AD"] + if self._ldns_pkt.cd(): ret += ["CD"] + if self._ldns_pkt.qr(): ret += ["QR"] + if self._ldns_pkt.ra(): ret += ["RA"] + if self._ldns_pkt.rd(): ret += ["RD"] + if self._ldns_pkt.tc(): ret += ["TC"] + return ret + + def answer(self, **filters): + """Returns the answer section. + + * filters -- a filtering mechanism + + Since a very common desire is to filter the resource records in a packet + section, we provide a special tool for doing this: filters. They are a + lot like regular python filters, but more convenient. If you set a + field equal to some value, you will only receive resource records for which + it holds true. + + **Examples** + + >>> res = ldnsx.resolver() + >>> pkt = res.query("google.ca","A") + >>> pkt.answer() + [google.ca. 28 IN A 74.125.91.99 + , google.ca. 28 IN A 74.125.91.105 + , google.ca. 28 IN A 74.125.91.147 + , google.ca. 28 IN A 74.125.91.103 + , google.ca. 28 IN A 74.125.91.104 + , google.ca. 28 IN A 74.125.91.106 + ] + + To understand filters, consider the following: + + >>> pkt = ldnsx.query("cow.com","ANY") + >>> pkt.answer() + [cow.com. 276 IN A 208.87.32.75 + , cow.com. 3576 IN NS sell.internettraffic.com. + , cow.com. 3576 IN NS buy.internettraffic.com. + , cow.com. 3576 IN SOA buy.internettraffic.com. hostmaster.hostingnet.com. 1308785320 10800 3600 604800 3600 + ] + >>> pkt.answer(rr_type="A") + [cow.com. 276 IN A 208.87.32.75 + ] + >>> pkt.answer(rr_type="A|NS") + [cow.com. 276 IN A 208.87.32.75 + , cow.com. 3576 IN NS sell.internettraffic.com. + , cow.com. 3576 IN NS buy.internettraffic.com. + ] + >>> pkt.answer(rr_type="!NS") + [cow.com. 276 IN A 208.87.32.75 + , cow.com. 3576 IN SOA buy.internettraffic.com. hostmaster.hostingnet.com. 1308785320 10800 3600 604800 3600 + ] + + fields are the same as when indexing a resource record. + note: ordering is alphabetical. + """ + ret = [resource_record(rr) for rr in self._ldns_pkt.answer().rrs()] + return filter(self._construct_rr_filter(**filters), ret) + + def authority(self, **filters): + """Returns the authority section. + + * filters -- a filtering mechanism + + Since a very common desire is to filter the resource records in a packet + section, we provide a special tool for doing this: filters. They are a + lot like regular python filters, but more convenient. If you set a + field equal to some value, you will only receive resource records for which + it holds true. See answer() for details. + + **Examples** + + >>> res = ldnsx.resolver() + >>> pkt = res.query("google.ca","A") + >>> pkt.authority() + [google.ca. 251090 IN NS ns3.google.com. + , google.ca. 251090 IN NS ns1.google.com. + , google.ca. 251090 IN NS ns2.google.com. + , google.ca. 251090 IN NS ns4.google.com. + ] + + """ + ret = [resource_record(rr) for rr in self._ldns_pkt.authority().rrs()] + return filter(self._construct_rr_filter(**filters), ret) + + def additional(self, **filters): + """Returns the additional section. + + * filters -- a filtering mechanism + + Since a very common desire is to filter the resource records in a packet + section, we provide a special tool for doing this: filters. They are a + lot like regular python filters, but more convenient. If you set a + field equal to some value, you will only receive resource records for which + it holds true. See answer() for details. + + **Examples** + + >>> res = ldnsx.resolver() + >>> pkt = res.query("google.ca","A") + >>> pkt.additional() + [ns3.google.com. 268778 IN A 216.239.36.10 + , ns1.google.com. 262925 IN A 216.239.32.10 + , ns2.google.com. 255659 IN A 216.239.34.10 + , ns4.google.com. 264489 IN A 216.239.38.10 + ] + + """ + ret = [resource_record(rr) for rr in self._ldns_pkt.additional().rrs()] + return filter(self._construct_rr_filter(**filters), ret) + + def question(self, **filters): + """Returns the question section. + + * filters -- a filtering mechanism + + Since a very common desire is to filter the resource records in a packet + section, we provide a special tool for doing this: filters. They are a + lot like regular python filters, but more convenient. If you set a + field equal to some value, you will only receive resource records for which + it holds true. See answer() for details. + + """ + ret = [resource_record(rr) for rr in self._ldns_pkt.question().rrs()] + return filter(self._construct_rr_filter(**filters), ret) + +class resource_record: + + _rdfs = None + _iter_pos = None + + def __init__(self, rr): + self._ldns_rr = rr + self._rdfs = [str(rr.owner()),rr.ttl(),rr.get_class_str(),rr.get_type_str()]+[str(rdf) for rdf in rr.rdfs()] + + def __repr__(self): + return str(self._ldns_rr) + + __str__ = __repr__ + + def __iter__(self): + self._iter_pos = 0 + return self + + def next(self): + if self._iter_pos < len(self._rdfs): + self._iter_pos += 1 + return self._rdfs[self._iter_pos-1] + else: + raise StopIteration + + def __len__(self): + try: + return len(self._rdfs) + except: + return 0 + + def __getitem__(self, n): + if isinstance(n, int): + return self._rdfs[n] + elif isinstance(n, str): + n = n.lower() + if n in ["owner"]: + return self.owner() + elif n in ["rr_type", "rr type", "type"]: + return self.rr_type() + elif n in ["rr_class", "rr class", "class"]: + return self.rr_class() + elif n in ["covered_type", "covered type", "type2"]: + return self.covered_type() + elif n in ["ttl"]: + return self.ttl() + elif n in ["ip"]: + return self.ip() + elif n in ["alg", "algorithm"]: + return self.alg() + elif n in ["protocol"]: + return self.protocol() + elif n in ["flags"]: + return self.flags() + else: + raise Exception("ldnsx (version %s) does not recognize the rr field %s" % (__version__,n) ) + else: + raise TypeError("bad type %s for index resource record" % type(n) ) + + + #def rdfs(self): + # return self._rdfs.clone() + + def owner(self): + """Get the RR's owner""" + return str(self._ldns_rr.owner()) + + def rr_type(self): + """Get a RR's type """ + return self._ldns_rr.get_type_str() + + def covered_type(self): + """Get an RRSIG RR's covered type""" + if self.rr_type() == "RRSIG": + return self[4] + else: + return "" + + def rr_class(self): + """Get the RR's collapse""" + return self._ldns_rr.get_class_str() + + def ttl(self): + """Get the RR's TTL""" + return self._ldns_rr.ttl() + + def inception(self, out_format="UTC"): + """returns the inception time in format out_format, defaulting to a UTC string. + options for out_format are: + + UTC -- a UTC string eg. 20110712192610 (2011/07/12 19:26:10) + unix -- number of seconds since the epoch, Jan 1, 1970 + struct_time -- the format used by python's time library + """ + # Something very strange is going on with inception/expiration dates in DNS. + # According to RFC 4034 section 3.1.5 (http://tools.ietf.org/html/rfc4034#page-9) + # the inception/expiration fields should be in seconds since Jan 1, 1970, the Unix + # epoch (as is standard in unix). Yet all the packets I've seen provide UTC encoded + # as a string instead, eg. "20110712192610" which is 2011/07/12 19:26:10. + # + # It turns out that this is a standard thing that ldns is doing before the data gets + # to us. + if self.rr_type() == "RRSIG": + if out_format.lower() in ["utc", "utc str", "utc_str"]: + return self[9] + elif out_format.lower() in ["unix", "posix", "ctime"]: + return calendar.timegm(time.strptime(self[9], "%Y%m%d%H%M%S")) + elif out_format.lower() in ["relative"]: + return calendar.timegm(time.strptime(self[9], "%Y%m%d%H%M%S")) - time.time() + elif out_format.lower() in ["struct_time", "time.struct_time"]: + return time.strptime(self[9], "%Y%m%d%H%M%S") + else: + raise Exception("unrecognized time format") + else: + return "" + + def expiration(self, out_format="UTC"): + """get expiration time. see inception() for more information""" + if self.rr_type() == "RRSIG": + if out_format.lower() in ["utc", "utc str", "utc_str"]: + return self[8] + elif out_format.lower() in ["unix", "posix", "ctime"]: + return calendar.timegm(time.strptime(self[8], "%Y%m%d%H%M%S")) + elif out_format.lower() in ["relative"]: + return calendar.timegm(time.strptime(self[8], "%Y%m%d%H%M%S")) - time.time() + elif out_format.lower() in ["struct_time", "time.struct_time"]: + return time.strptime(self[8], "%Y%m%d%H%M%S") + else: + raise Exception("unrecognized time format") + else: + return "" + + def ip(self): + """ IP address form A/AAAA record""" + if self.rr_type() in ["A", "AAAA"]: + return self[4] + else: + raise Exception("ldnsx does not support ip for records other than A/AAAA") + + def alg(self): + """Returns algorithm of RRSIG/DNSKEY/DS""" + t = self.rr_type() + if t == "RRSIG": + return int(self[5]) + elif t == "DNSKEY": + return int(self[6]) + elif t == "DS": + return int(self[5]) + else: + return -1 + + def protocol(self): + """ Returns protocol of the DNSKEY""" + t = self.rr_type() + if t == "DNSKEY": + return int(self[5]) + else: + return -1 + + def flags(self): + """Return RR flags for DNSKEY """ + t = self.rr_type() + if t == "DNSKEY": + ret = [] + n = int(self[4]) + for m in range(1): + if 2**(15-m) & n: + if m == 7: ret.append("ZONE") + elif m == 8: ret.append("REVOKE") + elif m ==15: ret.append("SEP") + else: ret.append(m) + return ret + else: + return [] + +_rr_types={ + "A" : ldns.LDNS_RR_TYPE_A, + "A6" : ldns.LDNS_RR_TYPE_A6, + "AAAA" : ldns.LDNS_RR_TYPE_AAAA, + "AFSDB": ldns.LDNS_RR_TYPE_AFSDB, + "ANY" : ldns.LDNS_RR_TYPE_ANY, + "APL" : ldns.LDNS_RR_TYPE_APL, + "ATMA" : ldns.LDNS_RR_TYPE_ATMA, + "AXFR" : ldns.LDNS_RR_TYPE_AXFR, + "CDNSKEY" : ldns.LDNS_RR_TYPE_CDNSKEY, + "CDS" : ldns.LDNS_RR_TYPE_CDS, + "CERT" : ldns.LDNS_RR_TYPE_CERT, + "CNAME": ldns.LDNS_RR_TYPE_CNAME, + "COUNT": ldns.LDNS_RR_TYPE_COUNT, + "DHCID": ldns.LDNS_RR_TYPE_DHCID, + "DLV" : ldns.LDNS_RR_TYPE_DLV, + "DNAME": ldns.LDNS_RR_TYPE_DNAME, + "DNSKEY": ldns.LDNS_RR_TYPE_DNSKEY, + "DS" : ldns.LDNS_RR_TYPE_DS, + "EID" : ldns.LDNS_RR_TYPE_EID, + "FIRST": ldns.LDNS_RR_TYPE_FIRST, + "GID" : ldns.LDNS_RR_TYPE_GID, + "GPOS" : ldns.LDNS_RR_TYPE_GPOS, + "HINFO": ldns.LDNS_RR_TYPE_HINFO, + "IPSECKEY": ldns.LDNS_RR_TYPE_IPSECKEY, + "ISDN" : ldns.LDNS_RR_TYPE_ISDN, + "IXFR" : ldns.LDNS_RR_TYPE_IXFR, + "KEY" : ldns.LDNS_RR_TYPE_KEY, + "KX" : ldns.LDNS_RR_TYPE_KX, + "LAST" : ldns.LDNS_RR_TYPE_LAST, + "LOC" : ldns.LDNS_RR_TYPE_LOC, + "MAILA": ldns.LDNS_RR_TYPE_MAILA, + "MAILB": ldns.LDNS_RR_TYPE_MAILB, + "MB" : ldns.LDNS_RR_TYPE_MB, + "MD" : ldns.LDNS_RR_TYPE_MD, + "MF" : ldns.LDNS_RR_TYPE_MF, + "MG" : ldns.LDNS_RR_TYPE_MG, + "MINFO": ldns.LDNS_RR_TYPE_MINFO, + "MR" : ldns.LDNS_RR_TYPE_MR, + "MX" : ldns.LDNS_RR_TYPE_MX, + "NAPTR": ldns.LDNS_RR_TYPE_NAPTR, + "NIMLOC": ldns.LDNS_RR_TYPE_NIMLOC, + "NS" : ldns.LDNS_RR_TYPE_NS, + "NSAP" : ldns.LDNS_RR_TYPE_NSAP, + "NSAP_PTR" : ldns.LDNS_RR_TYPE_NSAP_PTR, + "NSEC" : ldns.LDNS_RR_TYPE_NSEC, + "NSEC3": ldns.LDNS_RR_TYPE_NSEC3, + "NSEC3PARAM" : ldns.LDNS_RR_TYPE_NSEC3PARAM, + "NSEC3PARAMS" : ldns.LDNS_RR_TYPE_NSEC3PARAMS, + "NULL" : ldns.LDNS_RR_TYPE_NULL, + "NXT" : ldns.LDNS_RR_TYPE_NXT, + "OPENPGPKEY" : ldns.LDNS_RR_TYPE_OPENPGPKEY, + "OPT" : ldns.LDNS_RR_TYPE_OPT, + "PTR" : ldns.LDNS_RR_TYPE_PTR, + "PX" : ldns.LDNS_RR_TYPE_PX, + "RP" : ldns.LDNS_RR_TYPE_RP, + "RRSIG": ldns.LDNS_RR_TYPE_RRSIG, + "RT" : ldns.LDNS_RR_TYPE_RT, + "SIG" : ldns.LDNS_RR_TYPE_SIG, + "SINK" : ldns.LDNS_RR_TYPE_SINK, + "SOA" : ldns.LDNS_RR_TYPE_SOA, + "SRV" : ldns.LDNS_RR_TYPE_SRV, + "SSHFP": ldns.LDNS_RR_TYPE_SSHFP, + "TLSA" : ldns.LDNS_RR_TYPE_TLSA, + "TSIG" : ldns.LDNS_RR_TYPE_TSIG, + "TXT" : ldns.LDNS_RR_TYPE_TXT, + "UID" : ldns.LDNS_RR_TYPE_UID, + "UINFO": ldns.LDNS_RR_TYPE_UINFO, + "UNSPEC": ldns.LDNS_RR_TYPE_UNSPEC, + "WKS" : ldns.LDNS_RR_TYPE_WKS, + "X25" : ldns.LDNS_RR_TYPE_X25 +} + diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/api/ldnsx.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/api/ldnsx.rst new file mode 100644 index 0000000..7610adb --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/api/ldnsx.rst @@ -0,0 +1,15 @@ +LDNSX API Reference +=================== + +.. automodule:: ldnsx + :members: query, get_rrs, secure_query + +Classes +------- +.. toctree:: + :maxdepth: 1 + :glob: + + resolver + packet + resource_record diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/api/packet.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/api/packet.rst new file mode 100644 index 0000000..8149940 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/api/packet.rst @@ -0,0 +1,6 @@ +Class packet +============== + +.. autoclass:: ldnsx.packet + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/api/resolver.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/api/resolver.rst new file mode 100644 index 0000000..2e2fba0 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/api/resolver.rst @@ -0,0 +1,6 @@ +Class resolver +=============== + +.. autoclass:: ldnsx.resolver + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/api/resource_record.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/api/resource_record.rst new file mode 100644 index 0000000..429df0d --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/api/resource_record.rst @@ -0,0 +1,6 @@ +Class resource_record +===================== + +.. autoclass:: ldnsx.resource_record + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/conf.py b/zonemaster-ldns/ldns/contrib/ldnsx/source/conf.py new file mode 100644 index 0000000..5b856d4 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/conf.py @@ -0,0 +1,194 @@ +# -*- coding: utf-8 -*- +# +# ldnsx documentation build configuration file, created by +# sphinx-quickstart on Mon May 30 16:56:19 2011. +# +# This file is execfile()d with the current directory set to its containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +import sys, os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +sys.path.append(os.path.abspath('..')) + +# -- General configuration ----------------------------------------------------- + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest']#, 'sphinx.ext.jsmath'] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +#source_encoding = 'utf-8' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = u'ldnsx' +copyright = u'2011, Christopher Olah' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +version = '0.0' +# The full version, including alpha/beta/rc tags. +release = '-1' + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +#language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +#today_fmt = '%B %d, %Y' + +# List of documents that shouldn't be included in the build. +#unused_docs = [] + +# List of directories, relative to source directory, that shouldn't be searched +# for source files. +exclude_trees = [] + +# The reST default role (used for this markup: `text`) to use for all documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +#modindex_common_prefix = [] + + +# -- Options for HTML output --------------------------------------------------- + +# The theme to use for HTML and HTML Help pages. Major themes that come with +# Sphinx are currently 'default' and 'sphinxdoc'. +html_theme = 'default' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +#html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +#html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +#html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +#html_use_modindex = True + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +#html_split_index = False + +# If true, links to the reST sources are added to the pages. +#html_show_sourcelink = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = '' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'ldnsxdoc' + + +# -- Options for LaTeX output -------------------------------------------------- + +# The paper size ('letter' or 'a4'). +#latex_paper_size = 'letter' + +# The font size ('10pt', '11pt' or '12pt'). +#latex_font_size = '10pt' + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, documentclass [howto/manual]). +latex_documents = [ + ('index', 'ldnsx.tex', u'ldnsx Documentation', + u'Christopher Olah', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# Additional stuff for the LaTeX preamble. +#latex_preamble = '' + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_use_modindex = True diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-axfr.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-axfr.rst new file mode 100644 index 0000000..de51038 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-axfr.rst @@ -0,0 +1,6 @@ +AXFR Example +============ + +.. literalinclude:: ../../examples/ldnsx-axfr.py + :language: python + :linenos: diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-dnssec.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-dnssec.rst new file mode 100644 index 0000000..b936999 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-dnssec.rst @@ -0,0 +1,6 @@ +DNSSEC Example +============== + +.. literalinclude:: ../../examples/ldnsx-dnssec.py + :language: python + :linenos: diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-mx1.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-mx1.rst new file mode 100644 index 0000000..a6d7bbb --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-mx1.rst @@ -0,0 +1,6 @@ +MX1 +=== + +.. literalinclude:: ../../examples/ldnsx-mx1.py + :language: python + :linenos: diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-mx2.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-mx2.rst new file mode 100644 index 0000000..105c75e --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-mx2.rst @@ -0,0 +1,6 @@ +MX2 +=== + +.. literalinclude:: ../../examples/ldnsx-mx2.py + :language: python + :linenos: diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-walk.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-walk.rst new file mode 100644 index 0000000..6cfb103 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/examples/ldnsx-walk.rst @@ -0,0 +1,6 @@ +NSEC Walker +=========== + +.. literalinclude:: ../../examples/ldnsx-walk.py + :language: python + :linenos: diff --git a/zonemaster-ldns/ldns/contrib/ldnsx/source/index.rst b/zonemaster-ldns/ldns/contrib/ldnsx/source/index.rst new file mode 100644 index 0000000..efa2a77 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/ldnsx/source/index.rst @@ -0,0 +1,57 @@ +Welcome to ldnsx's documentation! +================================= + +LDNSX: Easy DNS (including DNSSEC) via ldns. + +ldns is a great library. It is a powerful tool for +working with DNS. python-ldns it is a straight up clone of the C +interface, however that is not a very good interface for python. Its +documentation is incomplete and some functions don't work as +described. And some objects don't have a full python API. + +ldnsx aims to fix this. It wraps around the ldns python bindings, +working around its limitations and providing a well-documented, more +pythonistic interface. + +Reference +========= + +.. toctree:: + :maxdepth: 1 + + api/ldnsx + +.. toctree:: + :maxdepth: 2 + + api/resolver + api/packet + api/resource_record + +Examples +======== + +Examples translated from ldns examples: + +.. toctree:: + :maxdepth: 1 + + examples/ldnsx-axfr + examples/ldnsx-dnssec + examples/ldnsx-mx1 + examples/ldnsx-mx2 + +Others: + +.. toctree:: + :maxdepth: 1 + + examples/ldnsx-walk + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`search` + diff --git a/zonemaster-ldns/ldns/contrib/python/Changelog b/zonemaster-ldns/ldns/contrib/python/Changelog new file mode 100644 index 0000000..4b449a8 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/Changelog @@ -0,0 +1,92 @@ +1.6.17 2014-01-10 + * Added ldns_rdf.data_as_bytearray(). The method returns a bytearray object + containing rdf data. + * Changed the behaviour of ldns_resolver.trusted_key() in order to prevent + memory corruption and leaks. + * Fixed memory leaks when destroying ldns_resolver. + * Removed ldns_pkt.section_count(), ldns_resolver.set_searchlist_count() + because it is marked static in the library. + * Added ldns_pkt.new(), ldns_resolver.new(). + * Marked as returning new object ldns_pkt.get_section_clone(), + ldns_resolver.get_addr_by_name(), ldns_resolver.get_name_by_addr(), + ldns_resolver.search(). + * Added push cloning for ldns_pkt.safe_push_rr(), + ldns_pkt.safe_push_rr_list(), ldns_pkt.set_additional(), + ldns_pkt.set_answer(), ldns_pkt.set_answerfrom(), + ldns_pkt.set_authority(), ldns_pkt.set_edns_data(), + ldns_pkt.set_question(), ldns_pkt.set_tsig(), + ldns_resolver.set_dnssec_anchors(), ldns_resolver.set_domain(). + * Added pull cloning for ldns_pkt.answerfrom(), ldns_pkt.edns_data(), + ldns_pkt.tsig(), ldns_resolver.axfr_last_pkt(), + ldns_resolver.dnssec_anchors(), ldns_resolver.domain(), + ldns_resolver.tsig_algorithm(), ldns_resolver.tsig_keydata(), + ldns_resolver.tsig_keyname(). + * Method ldns_rdf.reverse() now throws an exception when not applied + on dname rdfs. This is to prevent assertion fails in ldns' C code. + +1.6.16 2012-11-13 + * Fix typo in ldns_struct_pkt.opcode2str + +1.6.14 2012-10-23 + * Added rich comparison methods for ldns_dname, ldns_rdf, ldns_rr and + ldns_rr_list classes. + * Added deprecation warnings into ldns_rr.new_frm_fp() and + ldns_rr.new_frm_fp_l() and others. + * Fixed ldns_rr.set_rdf(), which may cause memory leaks, because it + returns new objects (in the scope of Python). Also it leaked memory, + when the call was not successful. + * Fixed ldns_get_rr_list_hosts_frm_file, marked as newobject. + * Fixed ldns_rr_list.cat() to return bool as mentioned in documentation. + * Fixed ldns_rr_list_cat_clone, marked as newobject. + * Fixed ldns_rr_list.new_frm_file(). Exception argument was invalid. + * Fixed ldns_rr_list.push_rr() to return bool as mentioned in + documentation. + * Fixed ldns_rr_list.push_rr_list() to return bool as mentioned in + documentation. + * Fixed ldns_rr_list.set_rr(), which caused memory corruption, double free + problems and memory leaks. (The wrapper used original function instead + of its push cloned variant which was missing.) + * Fixed ldns_rr_list.set_rr_count(), added python exception raise in order + to avoid assertion failure. + * Fixed ldns_rr_list.subtype_by_rdf(), marked as newobject. + * Added ldns_rr.to_canonical(), ldns_rr.is_question(), + ldns_rr.type_by_name(), ldns_rr.class_by_name(), ldns_rr_list.new(), + ldns_rr.set_question(). + * Modified ldns_rr_list.owner() and ldns_rr.owner(), now returns ldns_dname. + * Fixed assertion failures for several methods when receiving incorrect but + syntactically valid arguments (i.e., ldns_rr.a_address(), + ldns_rr.dnskey_algorithm(), ldns_rr.dnskey_flags(), + ldns_rr.dnskey_key(), ldns_rr.dnskey_protocol(), + ldns_rr.mx_exchange(), ldns_rr.mx_preference(), ldns_rr.ns_nsdname(), + ldns_rr.owner(), ldns_rr.rdf(), ldns_rr.rrsig_algorithm(), + ldns_rr.rrsig_expiration(), ldns_rr.rrsig_inception(), + ldns_rr.rrsig_keytag(), ldns_rr.rrsig_labels(), ldns_rr.rrsig_origttl(), + ldns_rr.rrsig_sig(), ldns_rr.rrsig_signame(), + ldns_rr.rrsig_typecovered(), ldns_rr_list.owner(), ldns_rr_list.rr()) + * Fixed ldns_rr.a_address(), which was asserting when called + on non A or AAAA type rr. Now returns None when fails. + * Added scripts for testing the basic functionality of the ldns_rr, + ldns_rr_descriptor and ldns_rr_list class code. + * Improved documentation of ldns_rr, ldns_rr_descriptor and ldns_rr_list. + * Fixed automatic conversion from Python string to ldns_rdf and + ldns_dname. Caused memory corruption when using Python 3. + * The Python 3 wrapper code now raises TypeError instead of ValueError + when receiving a non FILE * argument when it should be a FILE *. + * Fixed wrong handling of _ldns_rr_list_free() and + _ldns_rr_list_deep_free() when compiling with LDNS_DEBUG directive. + * Fixed malfunctioning ldns.ldns_rdf_new_frm_fp_l(). + * Fixed malfunctioning ldns_drf.absolute() and ldns_dname.absolute(). + * Marked several functions related to ldns_rdf and ldns_buffer as + returning new objects. + * Method operating on ldns_dnames and returning dname ldns_rdfs now + return ldns_dname instances. + * Improved documentation of ldns_buffer, ldns_rdf and ldns_dname + classes. + * Methods ldns_buffer.available() and ldns_buffer.available_at() now + return bool types as described in the documentation. + * Added scripts for testing the basic functionality of the ldns_buffer, + ldns_rdf, ldns_dname class code. + * Added deprecation warnings to ldns_rdf methods operating on dname + rdfs. The user is encouraged to converts dname ldns_rdfs to + ldns_dnames. + * Extended ldns_dname constructor to accept ldns_rdfs containing dnames. diff --git a/zonemaster-ldns/ldns/contrib/python/LICENSE b/zonemaster-ldns/ldns/contrib/python/LICENSE new file mode 100644 index 0000000..1eb01e1 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/LICENSE @@ -0,0 +1,27 @@ +Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + Karel Slany (slany AT fit.vutbr.cz) +All rights reserved. + +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions are met: + + * Redistributions of source code must retain the above copyright notice, + this list of conditions and the following disclaimer. + * Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + * Neither the name of the organization nor the names of its + contributors may be used to endorse or promote products derived from this + software without specific prior written permission. + +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +POSSIBILITY OF SUCH DAMAGE. diff --git a/zonemaster-ldns/ldns/contrib/python/Makefile b/zonemaster-ldns/ldns/contrib/python/Makefile new file mode 100644 index 0000000..172ab20 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/Makefile @@ -0,0 +1,110 @@ +# Makefile: compilation of sources and documentation, test environment +# +# Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) +# Karel Slany (slany AT fit.vutbr.cz) +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# * Redistributions of source code must retain the above copyright notice, +# this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the organization nor the names of its +# contributors may be used to endorse or promote products derived from this +# software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" +# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE +# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. + + +.PHONY: help clean testenv test doc te bw bw3 sw sw3 + +help: + @echo "Please use \`make ' where is one of" + @echo " testenv to make test environment and run bash " + @echo " useful in case you don't want to install ldns but want to test examples" + @echo " doc to make documentation" + @echo " clean clean all" + +../../Makefile: ../../configure + cd ../.. && ./configure --with-python + +_ldns.so: ../../Makefile + $(MAKE) -C ../.. + +../../.libs/libldns.so.1: ../../Makefile + $(MAKE) -C ../.. + +clean: + rm -rf examples/ldns + rm -f _ldns.so ldns_wrapper.o + $(MAKE) -C ../.. clean + +testenv: ../../.libs/libldns.so.1 _ldns.so + rm -rf examples/ldns + cd examples && mkdir ldns && ln -s ../../ldns.py ldns/__init__.py && ln -s ../../../../.libs/_ldns.so ldns/_ldns.so && ln -s ../../../../.libs/libldns.so.1 ldns/libldns.so.1 && ls -la + @echo "Run a script by typing ./script_name.py" + cd examples && LD_LIBRARY_PATH=ldns bash + rm -rf examples/ldns + +test: ../../.libs/libldns.so.1 _ldns.so examples/test_buffer.py examples/test_rdf.py examples/test_dname.py examples/test_rr.py examples/test_pkt.py examples/test_resolver.py + @rm -rf examples/ldns + @cd examples && mkdir ldns && ln -s ../../ldns.py ldns/__init__.py && ln -s ../../../../.libs/_ldns.so ldns/_ldns.so && ln -s ../../../../.libs/libldns.so.1 ldns/libldns.so.1 + @cd examples && LD_LIBRARY_PATH=ldns ./test_buffer.py 2>/dev/null + @cd examples && LD_LIBRARY_PATH=ldns ./test_rdf.py 2>/dev/null + @cd examples && LD_LIBRARY_PATH=ldns ./test_dname.py 2>/dev/null + @cd examples && LD_LIBRARY_PATH=ldns ./test_rr.py 2>/dev/null + @cd examples && LD_LIBRARY_PATH=ldns ./test_pkt.py 2>/dev/null + @cd examples && LD_LIBRARY_PATH=ldns ./test_resolver.py 2>/dev/null + @rm -rf examples/ldns + +doc: ../../.libs/libldns.so.1 _ldns.so + echo @VERSION_MAJOR@ + rm -f _ldns.so + ln -s ../../.libs/_ldns.so + $(MAKE) -C docs html + rm -f _ldns.so + +# For development only: + +# Test environment, does not build the wrapper from dependencies. +te: + rm -rf examples/ldns + cd examples && mkdir ldns && ln -s ../../ldns.py ldns/__init__.py && ln -s ../../../../.libs/_ldns.so ldns/_ldns.so && ln -s ../../../../.libs/libldns.so.1 ldns/libldns.so.1 && ls -la + @echo "Run a script by typing ./script_name.py" + cd examples && LD_LIBRARY_PATH=ldns bash + rm -rf examples/ldns + +# Builds Python 2 wrapper from present wrapper C code. +bw: + gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/include/python2.7 -I. -o ldns_wrapper.o + mkdir -p ../../.libs + ld -shared ldns_wrapper.o -L../../.libs -lldns -o ../../.libs/_ldns.so + +# Builds Python 3 wrapper from present wrapper C code. +bw3: + gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/include/python3.2 -I. -o ldns_wrapper.o + mkdir -p ../../.libs + ld -shared ldns_wrapper.o -L../../.libs -ldns -o ../../.libs/_ldns.so + +# Builds Python 2 wrapper from interface file. +sw: ldns.i + swig -python -o ldns_wrapper.c -I../.. ldns.i + $(MAKE) bw + +# Builds Python 3 wrapper from interface file. +sw3: ldns.i + swig -python -py3 -DPY3 -o ldns_wrapper.c -I../.. ldns.i + $(MAKE) bw3 diff --git a/zonemaster-ldns/ldns/contrib/python/docs/Makefile b/zonemaster-ldns/ldns/contrib/python/docs/Makefile new file mode 100644 index 0000000..856ecd4 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/Makefile @@ -0,0 +1,70 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d build/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source + +.PHONY: help clean html web pickle htmlhelp latex changes linkcheck + +help: + @echo "Please use \`make ' where is one of" + @echo " html to make standalone HTML files" + @echo " pickle to make pickle files (usable by e.g. sphinx-web)" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " changes to make an overview over all changed/added/deprecated items" + @echo " linkcheck to check all external links for integrity" + +clean: + -rm -rf build/* + +html: + mkdir -p build/html build/doctrees + LD_LIBRARY_PATH=../../../.libs $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) build/html + @echo + @echo "Build finished. The HTML pages are in build/html." + +pickle: + mkdir -p build/pickle build/doctrees + LD_LIBRARY_PATH=../../../.libs $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) build/pickle + @echo + @echo "Build finished; now you can process the pickle files or run" + @echo " sphinx-web build/pickle" + @echo "to start the sphinx-web server." + +web: pickle + +htmlhelp: + mkdir -p build/htmlhelp build/doctrees + LD_LIBRARY_PATH=../../../.libs $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) build/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in build/htmlhelp." + +latex: + mkdir -p build/latex build/doctrees + LD_LIBRARY_PATH=../../../.libs $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) build/latex + @echo + @echo "Build finished; the LaTeX files are in build/latex." + @echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \ + "run these through (pdf)latex." + +changes: + mkdir -p build/changes build/doctrees + LD_LIBRARY_PATH=../../../.libs $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) build/changes + @echo + @echo "The overview file is in build/changes." + +linkcheck: + mkdir -p build/linkcheck build/doctrees + LD_LIBRARY_PATH=../../../.libs $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) build/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in build/linkcheck/output.txt." diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/conf.py b/zonemaster-ldns/ldns/contrib/python/docs/source/conf.py new file mode 100644 index 0000000..468b827 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/conf.py @@ -0,0 +1,180 @@ +# -*- coding: utf-8 -*- +# +# Unbound documentation build configuration file, created by +# sphinx-quickstart on Fri Jan 2 19:14:13 2009. +# +# This file is execfile()d with the current directory set to its containing dir. +# +# The contents of this file are pickled, so don't put values in the namespace +# that aren't pickleable (module imports are okay, they're removed automatically). +# +# All configuration values have a default value; values that are commented out +# serve to show the default value. + +import sys, os + +# If your extensions are in another directory, add it here. If the directory +# is relative to the documentation root, use os.path.abspath to make it +# absolute, like shown here. +sys.path.append(os.path.abspath(os.path.join(os.path.dirname(__file__),'../../'))) +#print sys.path + +# General configuration +# --------------------- + +# Add any Sphinx extension module names here, as strings. They can be extensions +# coming with Sphinx (named 'sphinx.ext.*') or your custom ones. +extensions = ['sphinx.ext.autodoc', 'sphinx.ext.doctest'] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The master toctree document. +master_doc = 'index' + +# General substitutions. +project = 'pyLDNS' +copyright = '2009-2013, Karel Slany, Zdenek Vasicek' + +# The default replacements for |version| and |release|, also used in various +# other places throughout the built documents. +# +# The short X.Y version. +version = '1.6' +# The full version, including alpha/beta/rc tags. +release = '1.6.17' + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +#today = '' +# Else, today_fmt is used as the format for a strftime call. +today_fmt = '%B %d, %Y' + +# List of documents that shouldn't be included in the build. +#unused_docs = [] + +# List of directories, relative to source directories, that shouldn't be searched +# for source files. +#exclude_dirs = [] + +# The reST default role (used for this markup: `text`) to use for all documents. +#default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +#add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +#add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +#show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + + +# Options for HTML output +# ----------------------- + +# The style sheet to use for HTML and HTML Help pages. A file of that name +# must exist either in Sphinx' static/ path, or in one of the custom paths +# given in html_static_path. +html_style = 'default.css' + +# The name for this set of Sphinx documents. If None, it defaults to +# " v documentation". +#html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +#html_short_title = None + +# The name of an image file (within the static path) to place at the top of +# the sidebar. +#html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +#html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +#html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +#html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +#html_additional_pages = {} + +# If false, no module index is generated. +html_use_modindex = False + +# If false, no index is generated. +#html_use_index = True + +# If true, the index is split into individual pages for each letter. +html_split_index = False + +# If true, the reST sources are included in the HTML build as _sources/. +html_copy_source = False + +# If true, an OpenSearch description file will be output, and all pages will +# contain a tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +#html_use_opensearch = '' + +# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml"). +#html_file_suffix = '' + +# Output file base name for HTML help builder. +htmlhelp_basename = 'ldnsdoc' + + +# Options for LaTeX output +# ------------------------ + +# The paper size ('letter' or 'a4'). +#latex_paper_size = 'letter' + +# The font size ('10pt', '11pt' or '12pt'). +#latex_font_size = '10pt' + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, author, document class [howto/manual]). +latex_documents = [ + ('index', 'ldns-doc.tex', 'LDNS Documentation', + 'Karel Slany, Zdenek Vasicek', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +#latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +#latex_use_parts = False + +# Additional stuff for the LaTeX preamble. +#latex_preamble = '' + +# Documents to append as an appendix to all manuals. +#latex_appendices = [] + +# If false, no module index is generated. +#latex_use_modindex = True diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example1.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example1.rst new file mode 100644 index 0000000..891e085 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example1.rst @@ -0,0 +1,68 @@ +Resolving the MX records +============================== + +This basic example shows how to create a resolver which asks for MX records which contain the information about mail servers. + +:: + + #!/usr/bin/python + # + # MX is a small program that prints out the mx records for a particular domain + # + import ldns + + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + + dname = ldns.ldns_dname("nic.cz") + + pkt = resolver.query(dname, ldns.LDNS_RR_TYPE_MX, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + if (pkt): + mx = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_MX, ldns.LDNS_SECTION_ANSWER) + if (mx): + mx.sort() + print mx + +Resolving step by step +------------------------ + +First of all we import :mod:`ldns` extension module which make LDNS functions and classes accessible:: + + import ldns + +If importing fails, it means that Python cannot find the module or ldns library. + +Then we create the resolver by :meth:`ldns.ldns_resolver.new_frm_file` constructor :: + + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +and domain name variable dname:: + + dname = ldns.ldns_dname("nic.cz") + +To create a resolver you may also use:: + + resolver = ldns.ldns_resolver.new_frm_file(None) + +which behaves in the same manner as the command above. + +In the third step we tell the resolver to query for our domain, type MX, of class IN:: + + pkt = resolver.query(dname, ldns.LDNS_RR_TYPE_MX, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + +The function should return a packet if everything goes well and this packet will contain resource records we asked for. +Note that there exists a simpler way. Instead of using a dname variable, we can use a string which will be automatically converted. +:: + + pkt = resolver.query("fit.vutbr.cz", ldns.LDNS_RR_TYPE_MX, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + +Now, we test whether the resolver returns a packet and then get all RRs of type MX from the answer packet and store them in list mx:: + + if (pkt): + mx = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_MX, ldns.LDNS_SECTION_ANSWER) + +If this list is not empty, we sort and print the content to stdout:: + + if (mx): + mx.sort() + print mx + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example2.py b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example2.py new file mode 100755 index 0000000..7dabb91 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example2.py @@ -0,0 +1,45 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +import ldns +import sys + +debug = True + +# Check args +argc = len(sys.argv) +name = "www.nic.cz" +if argc < 2: + print("Usage:", sys.argv[0], "domain [resolver_addr]") + sys.exit(1) +else: + name = sys.argv[1] + +# Create resolver +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") +resolver.set_dnssec(True) + +# Custom resolver +if argc > 2: + # Clear previous nameservers + ns = resolver.pop_nameserver() + while ns != None: + ns = resolver.pop_nameserver() + ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A) + resolver.push_nameserver(ip) + +# Resolve DNS name +pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) +if pkt and pkt.answer(): + + # Debug + if debug: + print("NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() )) + + # SERVFAIL indicated bogus name + if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL: + print(name, "is bogus") + + # Check AD (Authenticated) bit + if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR: + if pkt.ad(): print(name, "is secure") + else: print(name, "is insecure") diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example2.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example2.rst new file mode 100644 index 0000000..b173438 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example2.rst @@ -0,0 +1,100 @@ +.. _ex_dnssec: + +Querying DNS-SEC validators +=========================== + +This basic example shows how to query validating resolver and +evaluate answer. + +Resolving step by step +------------------------ + +For DNS queries, we need to initialize ldns resolver (covered in previous example). + +:: + + # Create resolver + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_dnssec(True) + + # Custom resolver + if argc > 2: + # Clear previous nameservers + ns = resolver.pop_nameserver() + while ns != None: + ns = resolver.pop_nameserver() + ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A) + resolver.push_nameserver(ip) + +Note the second line :meth:`resolver.set_dnssec`, which enables DNSSEC OK bit +in queries in order to get meaningful results. + +As we have resolver initialized, we can start querying for domain names : + +:: + + # Resolve DNS name + pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) + if pkt and pkt.answer(): + +Now we evaluate result, where two flags are crucial : + + * Return code + * AD flag (authenticated) + +When return code is `SERVFAIL`, it means that validating resolver marked requested +name as **bogus** (or bad configuration). + +**AD** flag is set if domain name is authenticated **(secure)** or false if +it's insecure. + +Complete source code +-------------------- + + .. literalinclude:: ../../../examples/ldns-dnssec.py + :language: python + + +Testing +------- + +In order to get meaningful results, you have to enter IP address of validating +resolver or setup your own (see howto). + +Execute `./example2.py` with options `domain name` and `resolver IP`, +example: + +:: + + user@localhost# ./example2.py www.dnssec.cz 127.0.0.1 # Secure (Configured Unbound running on localhost) + user@localhost# ./example2.py www.rhybar.cz 127.0.0.1 # Bogus + +Howto setup Unbound as validating resolver +~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + +Install Unbound according to instructions. +Modify following options in `unbound.conf` (located in `/etc` or `/usr/local/etc`)/ + + +Uncomment `module-config` and set `validator` before iterator. + +:: + + module-config: "validator iterator" + +Download DLV keys and update path in `unbound.conf`:: + + # DLV keys + # Download from http://ftp.isc.org/www/dlv/dlv.isc.org.key + dlv-anchor-file: "/usr/local/etc/unbound/dlv.isc.org.key" + +Update trusted keys (`.cz` for example):: + + # Trusted keys + # For current key, see www.dnssec.cz + trusted-keys-file: "/usr/local/etc/unbound/trusted.key" + +Now you should have well configured Unbound, so run it:: + + user@localhost# unbound -dv + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example3.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example3.rst new file mode 100644 index 0000000..91f5e9d --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example3.rst @@ -0,0 +1,7 @@ +High-level functions +=========================== + +This basic example shows how to get name by addr and vice versa. + +.. literalinclude:: ../../../examples/ldns-higher.py + :language: python diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example4.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example4.rst new file mode 100644 index 0000000..2f41f76 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example4.rst @@ -0,0 +1,7 @@ +AXFR client with IDN support +=============================== + +This example shows how to get AXFR working and how to get involved Internationalized Domain Names (IDN) + +.. literalinclude:: ../../../examples/ldns-axfr.py + :language: python diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example5.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example5.rst new file mode 100644 index 0000000..787c169 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example5.rst @@ -0,0 +1,14 @@ +Examine the results +=============================== + +This example shows how to go through the obtained results + +.. literalinclude:: ../../../examples/ldns-mx2.py + :language: python + +This snippet of code prints:: + + nic.cz. 1761 IN MX 20 mx.cznic.org. + nic.cz. 1761 IN MX 10 mail.nic.cz. + nic.cz. 1761 IN MX 15 mail4.nic.cz. + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example6.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example6.rst new file mode 100644 index 0000000..d0fd689 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example6.rst @@ -0,0 +1,12 @@ +Read zone file +=============================== + +This example shows how to read the content of a zone file + +.. literalinclude:: ../../../examples/ldns-zone.py + :language: python + +Zone file ``zone.txt``: + +.. literalinclude:: ../../../examples/zone.txt + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example7.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example7.rst new file mode 100644 index 0000000..3e3e2dc --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example7.rst @@ -0,0 +1,8 @@ +Generate public/private key pair +======================================= + +This example shows how generate keys for DNSSEC (i.e. for signing a zone file according DNSSECbis). + +.. literalinclude:: ../../../examples/ldns-keygen.py + :language: python + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example8.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example8.rst new file mode 100644 index 0000000..2cd1daf --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/example8.rst @@ -0,0 +1,17 @@ +Signing of a zone file +=============================== + +This example shows how to sign the content of the given zone file + +.. literalinclude:: ../../../examples/ldns-signzone.py + :language: python + +In order to be able sign a zone file, you have to generate a key-pair using ``ldns-keygen.py``. Don't forget to modify tag number. + +Signing consists of three steps + +1. In the first step, the content of a zone file is read and parsed. This can be done using :class:`ldns.ldns_zone` class. + +2. In the second step, the private and public key is read and public key is inserted into zone (as DNSKEY). + +3. In the last step, the DNSSEC zone instance is created and all the RRs from zone file are copied here. Then, all the records are signed using :meth:`ldns.ldns_zone.sign` method. If the signing was successful, the content of DNSSEC zone is written to a file. diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/examples/index.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/index.rst new file mode 100644 index 0000000..8f7f381 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/examples/index.rst @@ -0,0 +1,12 @@ +Tutorials +============================== + +Here you can find a set of simple applications which utilizes the ldns library in Python environment. + +`Tutorials` + +.. toctree:: + :maxdepth: 1 + :glob: + + example* diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/index.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/index.rst new file mode 100644 index 0000000..d00b639 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/index.rst @@ -0,0 +1,22 @@ +PyLDNS documentation +======================================= + +PyLDNS provides an `LDNS`_ wrapper (Python extension module) - the thinnest layer over the library possible. Everything you can do from the C API, you can do from Python, but with less effort. The purpose of porting LDNS library to Python is to simplify DNS programming and usage of LDNS, however, still preserve the performance of this library as the speed represents the main benefit of LDNS. The proposed object approach allows the users to be concentrated at the essential part of application only and don't bother with deallocation of objects and so on. + +.. _LDNS: http://www.nlnetlabs.nl/projects/ldns/ + +Contents +---------- +.. toctree:: + :maxdepth: 2 + + install.rst + examples/index.rst + modules/ldns + +Indices and tables +------------------- + +* :ref:`genindex` +* :ref:`search` + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/install.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/install.rst new file mode 100644 index 0000000..27bf076 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/install.rst @@ -0,0 +1,72 @@ +Installation +=================================== + +**Prerequisites** + +SWIG 1.3 and GNU make are required to build modules for Python 2.4 and higher +(but lower than 3). In order to build modules for Python 3.2 or higher, +SWIG in version 2.0.4 or higher is required. + +Note that Python 3.0 and 3.1 are not supported. + +In order to build this documentation the Sphinx Python documentation generator +is required. + +**Download** + +The latest source codes can be downloaded from `here`_. + +.. _here: http://nlnetlabs.nl/projects/ldns/ + +**Compiling** + +After downloading the source code archive (this example uses +ldns-1.6.13.tar.gz), pyLDNS can be enabled and compiled by typing:: + + > tar -xzf ldns-1.6.13.tar.gz + > cd ldns-1.6.13 + > ./configure --with-pyldns + > make + +You need GNU make to compile pyLDNS; SWIG and Python development libraries to +compile the extension module. + +**Selecting Target Python Interpreter** + +By default, the pyLDNS module builds for the default Python interpreter (i.e., +the Python interpreter which can be accessed by just typing ``python`` in +the command line). If you desire to build the pyLDNS module for a different +Python version then you must specify the desired Python version by setting +the ``PYTHON_VERSION`` variable during the configure phase:: + + > PYTHON_VERSION=3.2 ./configure --with-pyldns + > make + +By default the pyLDNS compiles from sources for a single Python interpreter. +Remember to execute scripts requiring pyLDNS in those Python interpreters which +have pyLDNS installed. + +**Testing** + +If the compilation is successful, you can test the python LDNS extension module +by executing the commands:: + + > cd contrib/python + > make testenv + > ./ldns-mx.py + +Again, remember to use the Python interpreter version which the pyLDNS module +has been compiled with. + +The commands will start a new shell, in which several symbolic links will be +set-up. When you exit the shell, then symbolic links will be deleted. + +In ``contrib/python/examples`` several simple Python scripts utilising pyLDNS +can be found. These scripts demonstrate the capabilities of the LDNS library. + +**Installation** + +To install the libraries and it's extensions type:: + + > cd ldns-1.6.13 + > make install diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns.rst new file mode 100644 index 0000000..2c5e7b2 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns.rst @@ -0,0 +1,40 @@ +LDNS module documentation +================================ + +Here you can find the documentation of pyLDNS extension module. This module consists of several classes and a couple of functions. + +.. toctree:: + :maxdepth: 1 + :glob: + + ldns_resolver + ldns_pkt + ldns_rr + ldns_rdf + ldns_dname + ldns_rr_list + ldns_zone + ldns_key + ldns_key_list + ldns_buffer + ldns_dnssec + ldns_func + + + + +**Differences against libLDNS** + +* You don't need to use ldns-compare functions, instances can be compared using standard operators <, >, = :: + + if (some_rr.owner() == another_rr.rdf(1)): + pass + +* Classes contain static methods that create new instances, the name of these methods starts with the new\_ prefix (e.g. :meth:`ldns.ldns_pkt.new_frm_file`). + +* Is it possible to print the content of an object using ``print objinst`` (see :meth:`ldns.ldns_resolver.get_addr_by_name`). + +* Classes contain write_to_buffer method that writes the content into buffer. + +* All the methods that consume parameter of (const ldns_rdf) type allows to use string instead (see :meth:`ldns.ldns_resolver.query`). + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_buffer.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_buffer.rst new file mode 100644 index 0000000..7f59e75 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_buffer.rst @@ -0,0 +1,11 @@ +Class ldns_buffer +================================ + + +.. automodule:: ldns + +Class ldns_buffer +------------------------------ +.. autoclass:: ldns_buffer + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_dname.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_dname.rst new file mode 100644 index 0000000..18373bf --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_dname.rst @@ -0,0 +1,11 @@ +Class ldns_dname +================================ + + +.. automodule:: ldns + +Class ldns_dname +------------------------------ +.. autoclass:: ldns_dname + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_dnssec.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_dnssec.rst new file mode 100644 index 0000000..bc5719d --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_dnssec.rst @@ -0,0 +1,28 @@ +Class ldns_dnssec_zone +================================ + +.. automodule:: ldns + +Class ldns_dnssec_zone +------------------------------ +.. autoclass:: ldns_dnssec_zone + :members: + :undoc-members: + +Class ldns_dnssec_name +------------------------------ +.. autoclass:: ldns_dnssec_name + :members: + :undoc-members: + +Class ldns_dnssec_rrsets +------------------------------ +.. autoclass:: ldns_dnssec_rrsets + :members: + :undoc-members: + +Class ldns_dnssec_rrs +------------------------------ +.. autoclass:: ldns_dnssec_rrs + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_func.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_func.rst new file mode 100644 index 0000000..7a9b8a8 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_func.rst @@ -0,0 +1,253 @@ +Various functions +================================ + +Here you can find list of functions that are not assigned to the classes. +These functions have the same parameters as LDNS functions of the same name. +You are encouraged to read the LDNS documentation. + +**List of functions** + + * ldns_algorithm2buffer_str + * ldns_bget_keyword_data + * ldns_bget_token + * ldns_bgetc + * ldns_bskipcs + * ldns_bubblebabble + * ldns_buffer2pkt_wire + * ldns_buffer2str + * ldns_calc_keytag + * ldns_calc_keytag_raw + * ldns_cert_algorithm2buffer_str + * ldns_convert_dsa_rrsig_asn12rdf + * ldns_convert_dsa_rrsig_rdf2asn1 + * ldns_create_nsec + * ldns_create_nsec3 + * ldns_dname2buffer_wire + * ldns_dname2canonical + * ldns_dnssec_build_data_chain + * ldns_dnssec_chain_nsec3_list + * ldns_dnssec_create_nsec + * ldns_dnssec_create_nsec3 + * ldns_dnssec_create_nsec_bitmap + * ldns_dnssec_data_chain_deep_free + * ldns_dnssec_data_chain_free + * ldns_dnssec_data_chain_new + * ldns_dnssec_data_chain_print + * ldns_dnssec_default_add_to_signatures + * ldns_dnssec_default_delete_signatures + * ldns_dnssec_default_leave_signatures + * ldns_dnssec_default_replace_signatures + * ldns_dnssec_derive_trust_tree + * ldns_dnssec_derive_trust_tree_dnskey_rrset + * ldns_dnssec_derive_trust_tree_ds_rrset + * ldns_dnssec_derive_trust_tree_no_sig + * ldns_dnssec_derive_trust_tree_normal_rrset + * ldns_dnssec_get_dnskey_for_rrsig + * ldns_dnssec_get_rrsig_for_name_and_type + * ldns_dnssec_nsec3_closest_encloser + * ldns_dnssec_pkt_get_rrsigs_for_name_and_type + * ldns_dnssec_pkt_get_rrsigs_for_type + * ldns_dnssec_pkt_has_rrsigs + * ldns_dnssec_remove_signatures + * ldns_dnssec_trust_tree_add_parent + * ldns_dnssec_trust_tree_contains_keys + * ldns_dnssec_trust_tree_depth + * ldns_dnssec_trust_tree_free + * ldns_dnssec_trust_tree_new + * ldns_dnssec_trust_tree_print + * ldns_dnssec_verify_denial + * ldns_dnssec_verify_denial_nsec3 + * ldns_fetch_valid_domain_keys + * ldns_fget_keyword_data + * ldns_fget_keyword_data_l + * ldns_fget_token + * ldns_fget_token_l + * ldns_fskipcs + * ldns_fskipcs_l + * ldns_get_bit + * ldns_get_bit_r + * ldns_get_errorstr_by_id + * ldns_get_rr_class_by_name + * ldns_get_rr_list_addr_by_name + * ldns_get_rr_list_hosts_frm_file + * ldns_get_rr_list_hosts_frm_fp + * ldns_get_rr_list_hosts_frm_fp_l + * ldns_get_rr_list_name_by_addr + * ldns_get_rr_type_by_name + * ldns_getaddrinfo + * ldns_hexdigit_to_int + * ldns_hexstring_to_data + * ldns_init_random + * ldns_int_to_hexdigit + * ldns_is_rrset + * ldns_key2buffer_str + * ldns_key2rr + * ldns_key2str + * ldns_lookup_by_id + * ldns_lookup_by_name + * ldns_native2rdf_int16 + * ldns_native2rdf_int16_data + * ldns_native2rdf_int32 + * ldns_native2rdf_int8 + * ldns_nsec3_add_param_rdfs + * ldns_nsec3_algorithm + * ldns_nsec3_bitmap + * ldns_nsec3_flags + * ldns_nsec3_hash_name + * ldns_nsec3_hash_name_frm_nsec3 + * ldns_nsec3_iterations + * ldns_nsec3_next_owner + * ldns_nsec3_optout + * ldns_nsec3_salt + * ldns_nsec3_salt_data + * ldns_nsec3_salt_length + * ldns_nsec_bitmap_covers_type + * ldns_nsec_covers_name + * ldns_nsec_get_bitmap + * ldns_nsec_type_check + * ldns_octet + * ldns_pkt2buffer_str + * ldns_pkt2buffer_wire + * ldns_pkt2str + * ldns_pkt2wire + * ldns_pktheader2buffer_str + * ldns_power + * ldns_print_rr_rdf + * ldns_rbtree_create + * ldns_rbtree_delete + * ldns_rbtree_find_less_equal + * ldns_rbtree_first + * ldns_rbtree_free + * ldns_rbtree_init + * ldns_rbtree_insert + * ldns_rbtree_insert_vref + * ldns_rbtree_last + * ldns_rbtree_next + * ldns_rbtree_previous + * ldns_rbtree_search + * ldns_rdf2buffer_str + * ldns_rdf2buffer_str_a + * ldns_rdf2buffer_str_aaaa + * ldns_rdf2buffer_str_alg + * ldns_rdf2buffer_str_apl + * ldns_rdf2buffer_str_b64 + * ldns_rdf2buffer_str_cert_alg + * ldns_rdf2buffer_str_class + * ldns_rdf2buffer_str_dname + * ldns_rdf2buffer_str_hex + * ldns_rdf2buffer_str_int16 + * ldns_rdf2buffer_str_int16_data + * ldns_rdf2buffer_str_ipseckey + * ldns_rdf2buffer_str_loc + * ldns_rdf2buffer_str_nsap + * ldns_rdf2buffer_str_nsec + * ldns_rdf2buffer_str_period + * ldns_rdf2buffer_str_str + * ldns_rdf2buffer_str_tsig + * ldns_rdf2buffer_str_tsigtime + * ldns_rdf2buffer_str_type + * ldns_rdf2buffer_str_unknown + * ldns_rdf2buffer_str_wks + * ldns_rdf2buffer_wire + * ldns_rdf2buffer_wire_canonical + * ldns_rdf2native_int16 + * ldns_rdf2native_int32 + * ldns_rdf2native_int8 + * ldns_rdf2native_sockaddr_storage + * ldns_rdf2native_time_t + * ldns_rdf2rr_type + * ldns_rdf2str + * ldns_rdf2wire + * ldns_read_anchor_file + * ldns_read_uint16 + * ldns_read_uint32 + * ldns_rr2buffer_str + * ldns_rr2buffer_wire + * ldns_rr2buffer_wire_canonical + * ldns_rr2canonical + * ldns_rr2str + * ldns_rr2wire + * ldns_rrsig2buffer_wire + * ldns_send + * ldns_send_buffer + * ldns_set_bit + * ldns_sign_public + * ldns_sockaddr_storage2rdf + * ldns_str2period + * ldns_str2rdf_a + * ldns_str2rdf_aaaa + * ldns_str2rdf_alg + * ldns_str2rdf_apl + * ldns_str2rdf_b32_ext + * ldns_str2rdf_b64 + * ldns_str2rdf_cert_alg + * ldns_str2rdf_class + * ldns_str2rdf_dname + * ldns_str2rdf_hex + * ldns_str2rdf_int16 + * ldns_str2rdf_int32 + * ldns_str2rdf_int8 + * ldns_str2rdf_loc + * ldns_str2rdf_nsap + * ldns_str2rdf_nsec + * ldns_str2rdf_nsec3_salt + * ldns_str2rdf_period + * ldns_str2rdf_service + * ldns_str2rdf_str + * ldns_str2rdf_time + * ldns_str2rdf_tsig + * ldns_str2rdf_type + * ldns_str2rdf_unknown + * ldns_str2rdf_wks + * ldns_tcp_bgsend + * ldns_tcp_connect + * ldns_tcp_read_wire + * ldns_tcp_send + * ldns_tcp_send_query + * ldns_traverse_postorder + * ldns_tsig_algorithm + * ldns_tsig_keydata + * ldns_tsig_keydata_clone + * ldns_tsig_keyname + * ldns_tsig_keyname_clone + * ldns_udp_bgsend + * ldns_udp_connect + * ldns_udp_read_wire + * ldns_udp_send + * ldns_udp_send_query + * ldns_update_pkt_new + * ldns_update_pkt_tsig_add + * ldns_update_prcount + * ldns_update_set_adcount + * ldns_update_set_prcount + * ldns_update_set_upcount + * ldns_update_soa_mname + * ldns_update_soa_zone_mname + * ldns_update_upcount + * ldns_update_zocount + * ldns_validate_domain_dnskey + * ldns_validate_domain_ds + * ldns_verify + * ldns_verify_rrsig + * ldns_verify_rrsig_buffers + * ldns_verify_rrsig_buffers_raw + * ldns_verify_rrsig_dsa + * ldns_verify_rrsig_dsa_raw + * ldns_verify_rrsig_keylist + * ldns_verify_rrsig_rsamd5 + * ldns_verify_rrsig_rsamd5_raw + * ldns_verify_rrsig_rsasha1 + * ldns_verify_rrsig_rsasha1_raw + * ldns_verify_rrsig_rsasha256_raw + * ldns_verify_rrsig_rsasha512_raw + * ldns_verify_trusted + * ldns_version + * ldns_wire2dname + * ldns_wire2pkt + * ldns_wire2rdf + * ldns_wire2rr + * ldns_write_uint16 + * ldns_write_uint32 + * ldns_write_uint64_as_uint48 + * mktime_from_utc + * qsort_rr_compare_nsec3 diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_key.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_key.rst new file mode 100644 index 0000000..4d35766 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_key.rst @@ -0,0 +1,11 @@ +Class ldns_key +================================ + + +.. automodule:: ldns + +Class ldns_key +------------------------------ +.. autoclass:: ldns_key + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_key_list.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_key_list.rst new file mode 100644 index 0000000..e8e4474 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_key_list.rst @@ -0,0 +1,11 @@ +Class ldns_key_list +================================ + + +.. automodule:: ldns + +Class ldns_key_list +------------------------------ +.. autoclass:: ldns_key_list + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_pkt.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_pkt.rst new file mode 100644 index 0000000..eb00a0b --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_pkt.rst @@ -0,0 +1,11 @@ +Class ldns_pkt +================================ + + +.. automodule:: ldns + +Class ldns_pkt +------------------------------ +.. autoclass:: ldns_pkt + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rdf.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rdf.rst new file mode 100644 index 0000000..4a482e4 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rdf.rst @@ -0,0 +1,47 @@ +Class ldns_rdf +================================ + + +.. automodule:: ldns + +Class ldns_rdf +------------------------------ +.. autoclass:: ldns_rdf + :members: + :undoc-members: + +Predefined constants +------------------------------ + +**RDF TYPE** + * LDNS_RDF_TYPE_NONE, + * LDNS_RDF_TYPE_DNAME, + * LDNS_RDF_TYPE_INT8, + * LDNS_RDF_TYPE_INT16, + * LDNS_RDF_TYPE_INT32, + * LDNS_RDF_TYPE_A, + * LDNS_RDF_TYPE_AAAA, + * LDNS_RDF_TYPE_STR, + * LDNS_RDF_TYPE_APL, + * LDNS_RDF_TYPE_B32_EXT, + * LDNS_RDF_TYPE_B64, + * LDNS_RDF_TYPE_HEX, + * LDNS_RDF_TYPE_NSEC, + * LDNS_RDF_TYPE_TYPE, + * LDNS_RDF_TYPE_CLASS, + * LDNS_RDF_TYPE_CERT_ALG, + * LDNS_RDF_TYPE_ALG, + * LDNS_RDF_TYPE_UNKNOWN, + * LDNS_RDF_TYPE_TIME, + * LDNS_RDF_TYPE_PERIOD, + * LDNS_RDF_TYPE_TSIGTIME, + * LDNS_RDF_TYPE_HIP, + * LDNS_RDF_TYPE_INT16_DATA, + * LDNS_RDF_TYPE_SERVICE, + * LDNS_RDF_TYPE_LOC, + * LDNS_RDF_TYPE_WKS, + * LDNS_RDF_TYPE_NSAP, + * LDNS_RDF_TYPE_IPSECKEY, + * LDNS_RDF_TYPE_NSEC3_SALT, + * LDNS_RDF_TYPE_NSEC3_NEXT_OWNER + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_resolver.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_resolver.rst new file mode 100644 index 0000000..2fda23a --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_resolver.rst @@ -0,0 +1,13 @@ +Class ldns_resolver +================================ + +.. automodule:: ldns + +Class ldns_resolver +------------------------------ +.. autoclass:: ldns_resolver + :members: + :undoc-members: + + + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rr.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rr.rst new file mode 100644 index 0000000..78404cd --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rr.rst @@ -0,0 +1,18 @@ +Class ldns_rr +================================ + + +.. automodule:: ldns + +Class ldns_rr +------------------------------ +.. autoclass:: ldns_rr + :members: + :undoc-members: + +Class ldns_rr_descriptor +------------------------------ +.. autoclass:: ldns_rr_descriptor + :members: + :undoc-members: + diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rr_list.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rr_list.rst new file mode 100644 index 0000000..f044093 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_rr_list.rst @@ -0,0 +1,11 @@ +Class ldns_rr_list +================================ + + +.. automodule:: ldns + +Class ldns_rr_list +------------------------------ +.. autoclass:: ldns_rr_list + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_zone.rst b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_zone.rst new file mode 100644 index 0000000..5331429 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/docs/source/modules/ldns_zone.rst @@ -0,0 +1,11 @@ +Class ldns_zone +================================ + + +.. automodule:: ldns + +Class ldns_zone +------------------------------ +.. autoclass:: ldns_zone + :members: + :undoc-members: diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-axfr.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-axfr.py new file mode 100755 index 0000000..5333484 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-axfr.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# vim:fileencoding=utf-8 +# +# AXFR client with IDN (Internationalized Domain Names) support +# + +import ldns +import encodings.idna + +def utf2name(name): + return '.'.join([encodings.idna.ToASCII(a) for a in name.split('.')]) +def name2utf(name): + return '.'.join([encodings.idna.ToUnicode(a) for a in name.split('.')]) + + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +#addr = ldns.ldns_get_rr_list_addr_by_name(resolver, "zone.nic.cz", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD); +addr = resolver.get_addr_by_name("zone.nic.cz", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD); +if (not addr): + raise Exception("Can't retrieve server address") + +print "Addr_by_name:",str(addr).replace("\n","; ") + +#remove all nameservers +while resolver.pop_nameserver(): + pass + +#insert server addr +for rr in addr.rrs(): + resolver.push_nameserver_rr(rr) + +#AXFR transfer +status = resolver.axfr_start(utf2name(u"háčkyčárky.cz"), ldns.LDNS_RR_CLASS_IN) +if status != ldns.LDNS_STATUS_OK: + raise Exception("Can't start AXFR. Error: %s" % ldns.ldns_get_errorstr_by_id(status)) + +#Print results +while True: + rr = resolver.axfr_next() + if not rr: + break + + rdf = rr.owner() + if (rdf.get_type() == ldns.LDNS_RDF_TYPE_DNAME): + print "RDF owner: type=",rdf.get_type_str(),"data=",name2utf(str(rdf)) + else: + print "RDF owner: type=",rdf.get_type_str(),"data=",str(rdf) + print " RR type=", rr.get_type_str()," ttl=",rr.ttl() + for rdf in rr.rdfs(): + if (rdf.get_type() == ldns.LDNS_RDF_TYPE_DNAME): + print " RDF: type=",rdf.get_type_str(),"data=",name2utf(str(rdf)) + else: + print " RDF: type=",rdf.get_type_str(),"data=",str(rdf) + + print diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-buf.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-buf.py new file mode 100755 index 0000000..73d8a02 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-buf.py @@ -0,0 +1,8 @@ +#!/usr/bin/python + +import ldns + +buf = ldns.ldns_buffer(1024) +buf.printf("Test buffer") +print buf + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-dnssec.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-dnssec.py new file mode 100755 index 0000000..bb2acfd --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-dnssec.py @@ -0,0 +1,45 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +import ldns +import sys + +debug = True + +# Check args +argc = len(sys.argv) +name = "www.nic.cz" +if argc < 2: + print "Usage:", sys.argv[0], "domain [resolver_addr]" + sys.exit(1) +else: + name = sys.argv[1] + +# Create resolver +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") +resolver.set_dnssec(True) + +# Custom resolver +if argc > 2: + # Clear previous nameservers + ns = resolver.pop_nameserver() + while ns != None: + ns = resolver.pop_nameserver() + ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A) + resolver.push_nameserver(ip) + +# Resolve DNS name +pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) +if pkt and pkt.answer(): + + # Debug + if debug: + print "NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() ) + + # SERVFAIL indicated bogus name + if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL: + print name, "is bogus" + + # Check AD (Authenticated) bit + if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR: + if pkt.ad(): print name, "is secure" + else: print name, "is insecure" diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-higher.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-higher.py new file mode 100755 index 0000000..5175ec0 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-higher.py @@ -0,0 +1,36 @@ +#!/usr/bin/python +import ldns + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +dnn = ldns.ldns_dname("www.google.com") +print dnn.get_type_str(), dnn + +dna = ldns.ldns_rdf.new_frm_str("74.125.43.99",ldns.LDNS_RDF_TYPE_A) +print dna.get_type_str(), dna + +name = resolver.get_name_by_addr(dna) +if (not name): raise Exception("Can't retrieve server name") +for rr in name.rrs(): + print rr + +name = resolver.get_name_by_addr("74.125.43.99") +if (not name): raise Exception("Can't retrieve server name") +for rr in name.rrs(): + print rr + +addr = resolver.get_addr_by_name(dnn) +if (not addr): raise Exception("Can't retrieve server address") +for rr in addr.rrs(): + print rr + +addr = resolver.get_addr_by_name("www.google.com") +if (not addr): raise Exception("Can't retrieve server address") +for rr in addr.rrs(): + print rr + +hosts = ldns.ldns_rr_list.new_frm_file("/etc/hosts") +if (not hosts): raise Exception("Can't retrieve the content of file") +for rr in hosts.rrs(): + print rr + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-keygen.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-keygen.py new file mode 100755 index 0000000..71375fc --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-keygen.py @@ -0,0 +1,46 @@ +#!/usr/bin/python +# +# This example shows how to generate public/private key pair +# +import ldns + +algorithm = ldns.LDNS_SIGN_DSA +bits = 512 + +ldns.ldns_init_random(open("/dev/urandom","rb"), (bits+7)//8) + +domain = ldns.ldns_dname("example.") + +#generate a new key +key = ldns.ldns_key.new_frm_algorithm(algorithm, bits); +print key + +#set owner +key.set_pubkey_owner(domain) + +#create the public from the ldns_key +pubkey = key.key_to_rr() +#previous command is equivalent to +# pubkey = ldns.ldns_key2rr(key) +print pubkey + +#calculate and set the keytag +key.set_keytag(ldns.ldns_calc_keytag(pubkey)) + +#build the DS record +ds = ldns.ldns_key_rr2ds(pubkey, ldns.LDNS_SHA1) +print ds + +owner, tag = pubkey.owner(), key.keytag() + +#write public key to .key file +fw = open("key-%s-%d.key" % (owner,tag), "wb") +pubkey.print_to_file(fw) + +#write private key to .priv file +fw = open("key-%s-%d.private" % (owner,tag), "wb") +key.print_to_file(fw) + +#write DS to .ds file +fw = open("key-%s-%d.ds" % (owner,tag), "wb") +ds.print_to_file(fw) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx.py new file mode 100755 index 0000000..38c3f11 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx.py @@ -0,0 +1,15 @@ +#!/usr/bin/python +# +# MX is a small program that prints out the mx records for a particular domain +# +import ldns + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +pkt = resolver.query("nic.cz", ldns.LDNS_RR_TYPE_MX,ldns.LDNS_RR_CLASS_IN) + +if (pkt): + mx = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_MX, ldns.LDNS_SECTION_ANSWER) + if (mx): + mx.sort() + print mx diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx1.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx1.py new file mode 100755 index 0000000..3dade1e --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx1.py @@ -0,0 +1,18 @@ +#!/usr/bin/python +# +# MX is a small program that prints out the mx records for a particular domain +# +import ldns + +dname = ldns.ldns_dname("nic.cz") +print dname + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +pkt = resolver.query(dname, ldns.LDNS_RR_TYPE_MX,ldns.LDNS_RR_CLASS_IN) + +if (pkt): + mx = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_MX, ldns.LDNS_SECTION_ANSWER) + if (mx): + mx.sort() + print mx diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx2.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx2.py new file mode 100755 index 0000000..4fff98a --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-mx2.py @@ -0,0 +1,19 @@ +#!/usr/bin/python +# +# MX is a small program that prints out the mx records for a particular domain +# +import ldns + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +pkt = resolver.query("nic.cz", ldns.LDNS_RR_TYPE_MX,ldns.LDNS_RR_CLASS_IN) +if (pkt) and (pkt.answer()): + + for rr in pkt.answer().rrs(): + if (rr.get_type() != ldns.LDNS_RR_TYPE_MX): + continue + + rdf = rr.owner() + print rdf," ",rr.ttl()," ",rr.get_class_str()," ",rr.get_type_str()," ", + print " ".join(str(rdf) for rdf in rr.rdfs()) + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-newpkt.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-newpkt.py new file mode 100755 index 0000000..d124a80 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-newpkt.py @@ -0,0 +1,17 @@ +#!/usr/bin/python + +import ldns + +pkt = ldns.ldns_pkt.new_query_frm_str("www.google.com",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + +rra = ldns.ldns_rr.new_frm_str("www.google.com. IN A 192.168.1.1",300) +rrb = ldns.ldns_rr.new_frm_str("www.google.com. IN TXT Some\ Description",300) + +list = ldns.ldns_rr_list() +if (rra): list.push_rr(rra) +if (rrb): list.push_rr(rrb) + +pkt.push_rr_list(ldns.LDNS_SECTION_ANSWER, list) + +print "Packet:" +print pkt diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-signzone.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-signzone.py new file mode 100755 index 0000000..41f7662 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-signzone.py @@ -0,0 +1,65 @@ +#!/usr/bin/python +# This example shows how to sign a given zone file with private key + +import ldns +import sys, os, time + +#private key TAG which identifies the private key +#use ldns-keygen.py in order to obtain private key +keytag = 30761 + +# Read zone file +#------------------------------------------------------------- + +zone = ldns.ldns_zone.new_frm_fp(open("zone.txt","r"), None, 0, ldns.LDNS_RR_CLASS_IN) +soa = zone.soa() +origin = soa.owner() + +# Prepare keys +#------------------------------------------------------------- + +#Read private key from file +keyfile = open("key-%s-%d.private" % (origin, keytag), "r"); +key = ldns.ldns_key.new_frm_fp(keyfile) + +#Read public key from file +pubfname = "key-%s-%d.key" % (origin, keytag) +pubkey = None +if os.path.isfile(pubfname): + pubkeyfile = open(pubfname, "r"); + pubkey,_,_,_ = ldns.ldns_rr.new_frm_fp(pubkeyfile) + +if not pubkey: + #Create new public key + pubkey = key.key_to_rr() + +#Set key expiration +key.set_expiration(int(time.time()) + 365*60*60*24) #365 days + +#Set key owner (important step) +key.set_pubkey_owner(origin) + +#Insert DNSKEY RR +zone.push_rr(pubkey) + +# Sign zone +#------------------------------------------------------------- + +#Create keylist and push private key +keys = ldns.ldns_key_list() +keys.push_key(key) + +#Add SOA +signed_zone = ldns.ldns_dnssec_zone() +signed_zone.add_rr(soa) + +#Add RRs +for rr in zone.rrs().rrs(): + print "RR:",str(rr), + signed_zone.add_rr(rr) + +added_rrs = ldns.ldns_rr_list() +status = signed_zone.sign(added_rrs, keys) +if (status == ldns.LDNS_STATUS_OK): + signed_zone.print_to_file(open("zone_signed.txt","w")) + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns-zone.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns-zone.py new file mode 100755 index 0000000..266e6e5 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns-zone.py @@ -0,0 +1,15 @@ +#!/usr/bin/python +import ldns + +#Read zone from file +zone = ldns.ldns_zone.new_frm_fp(open("zone.txt","r"), None, 0, ldns.LDNS_RR_CLASS_IN) +print zone + +print "SOA:", zone.soa() +for r in zone.rrs().rrs(): + print "RR:", r + + +zone = ldns.ldns_zone() +#print zone + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns_rr_iter_frm_fp_l.demo.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns_rr_iter_frm_fp_l.demo.py new file mode 100644 index 0000000..e123f90 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns_rr_iter_frm_fp_l.demo.py @@ -0,0 +1,15 @@ +import ldns +import sys + +if len(sys.argv) <= 1: + print "Usage: %s zone_file" % sys.argv[0] + sys.exit() + +inp = open(sys.argv[1],"r"); +for rr in ldns.ldns_rr_iter_frm_fp_l(inp): + print rr + +inp.close() + + + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/ldns_rr_new_frm_fp_l.demo.py b/zonemaster-ldns/ldns/contrib/python/examples/ldns_rr_new_frm_fp_l.demo.py new file mode 100644 index 0000000..7099225 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/ldns_rr_new_frm_fp_l.demo.py @@ -0,0 +1,43 @@ +import ldns +import sys + +if len(sys.argv) <= 1: + print "Usage: %s zone_file" % sys.argv[0] + sys.exit() + +inp = open(sys.argv[1],"r"); +# variables that preserve the parsers state +my_ttl = 3600; +my_origin = None +my_prev = None +# additional state variables +last_pos = 0 +line_nr = 0 + +while True: + ret = ldns.ldns_rr_new_frm_fp_l_(inp, my_ttl, my_origin, my_prev) + s, rr, line_inc, new_ttl, new_origin, new_prev = ret # unpack the result + line_nr += line_inc # increase number of parsed lines + my_prev = new_prev # update ref to previous owner + + if s == ldns.LDNS_STATUS_SYNTAX_TTL: + my_ttl = new_ttl # update default TTL + print "$TTL:", my_ttl + elif s == ldns.LDNS_STATUS_SYNTAX_ORIGIN: + my_origin = new_origin # update reference to origin + print "$ORIGIN:", my_origin + elif s == ldns.LDNS_STATUS_SYNTAX_EMPTY: + if last_pos == inp.tell(): + break # no advance since last read - EOF + last_pos = inp.tell() + elif s != ldns.LDNS_STATUS_OK: + print "! parse error in line", line_nr + else: + # we are sure to have LDNS_STATUS_OK + print rr + +inp.close() +print "--------------------" +print "Read %d lines" % line_nr + + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-axfr.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-axfr.py new file mode 100755 index 0000000..fb8e5cf --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-axfr.py @@ -0,0 +1,56 @@ +#!/usr/bin/python +# vim:fileencoding=utf-8 +# +# AXFR client with IDN (Internationalized Domain Names) support +# + +import ldns +import encodings.idna + +def utf2name(name): + return '.'.join([encodings.idna.ToASCII(a).decode("utf-8") for a in name.split('.')]) +def name2utf(name): + return '.'.join([encodings.idna.ToUnicode(a) for a in name.split('.')]) + + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +#addr = ldns.ldns_get_rr_list_addr_by_name(resolver, "zone.nic.cz", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD); +addr = resolver.get_addr_by_name("zone.nic.cz", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD); +if (not addr): + raise Exception("Can't retrieve server address") + +print("Addr_by_name:",str(addr).replace("\n","; ")) + +#remove all nameservers +while resolver.pop_nameserver(): + pass + +#insert server addr +for rr in addr.rrs(): + resolver.push_nameserver_rr(rr) + +#AXFR transfer +status = resolver.axfr_start(utf2name("háčkyčárky.cz"), ldns.LDNS_RR_CLASS_IN) +if status != ldns.LDNS_STATUS_OK: + raise Exception("Can't start AXFR. Error: %s" % ldns.ldns_get_errorstr_by_id(status)) + +#Print results +while True: + rr = resolver.axfr_next() + if not rr: + break + + rdf = rr.owner() + if (rdf.get_type() == ldns.LDNS_RDF_TYPE_DNAME): + print("RDF owner: type=",rdf.get_type_str(),"data=",name2utf(str(rdf))) + else: + print("RDF owner: type=",rdf.get_type_str(),"data=",str(rdf)) + print(" RR type=", rr.get_type_str()," ttl=",rr.ttl()) + for rdf in rr.rdfs(): + if (rdf.get_type() == ldns.LDNS_RDF_TYPE_DNAME): + print(" RDF: type=",rdf.get_type_str(),"data=",name2utf(str(rdf))) + else: + print(" RDF: type=",rdf.get_type_str(),"data=",str(rdf)) + + print() diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-buf.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-buf.py new file mode 100755 index 0000000..498d51f --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-buf.py @@ -0,0 +1,8 @@ +#!/usr/bin/python + +import ldns + +buf = ldns.ldns_buffer(1024) +buf.printf("Test buffer") +print(buf) + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-dnssec.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-dnssec.py new file mode 100755 index 0000000..7dabb91 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-dnssec.py @@ -0,0 +1,45 @@ +#!/usr/bin/python +# -*- coding: utf-8 -*- +import ldns +import sys + +debug = True + +# Check args +argc = len(sys.argv) +name = "www.nic.cz" +if argc < 2: + print("Usage:", sys.argv[0], "domain [resolver_addr]") + sys.exit(1) +else: + name = sys.argv[1] + +# Create resolver +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") +resolver.set_dnssec(True) + +# Custom resolver +if argc > 2: + # Clear previous nameservers + ns = resolver.pop_nameserver() + while ns != None: + ns = resolver.pop_nameserver() + ip = ldns.ldns_rdf.new_frm_str(sys.argv[2], ldns.LDNS_RDF_TYPE_A) + resolver.push_nameserver(ip) + +# Resolve DNS name +pkt = resolver.query(name, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) +if pkt and pkt.answer(): + + # Debug + if debug: + print("NS returned:", pkt.get_rcode(), "(AA: %d AD: %d)" % ( pkt.ad(), pkt.ad() )) + + # SERVFAIL indicated bogus name + if pkt.get_rcode() is ldns.LDNS_RCODE_SERVFAIL: + print(name, "is bogus") + + # Check AD (Authenticated) bit + if pkt.get_rcode() is ldns.LDNS_RCODE_NOERROR: + if pkt.ad(): print(name, "is secure") + else: print(name, "is insecure") diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-higher.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-higher.py new file mode 100755 index 0000000..8712e63 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-higher.py @@ -0,0 +1,36 @@ +#!/usr/bin/python +import ldns + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +dnn = ldns.ldns_dname("www.google.com") +print(dnn.get_type_str(), dnn) + +dna = ldns.ldns_rdf.new_frm_str("74.125.43.99",ldns.LDNS_RDF_TYPE_A) +print(dna.get_type_str(), dna) + +name = resolver.get_name_by_addr(dna) +if (not name): raise Exception("Can't retrieve server name") +for rr in name.rrs(): + print(rr) + +name = resolver.get_name_by_addr("74.125.43.99") +if (not name): raise Exception("Can't retrieve server name") +for rr in name.rrs(): + print(rr) + +addr = resolver.get_addr_by_name(dnn) +if (not addr): raise Exception("Can't retrieve server address") +for rr in addr.rrs(): + print(rr) + +addr = resolver.get_addr_by_name("www.google.com") +if (not addr): raise Exception("Can't retrieve server address") +for rr in addr.rrs(): + print(rr) + +hosts = ldns.ldns_rr_list.new_frm_file("/etc/hosts") +if (not hosts): raise Exception("Can't retrieve the content of file") +for rr in hosts.rrs(): + print(rr) + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-keygen.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-keygen.py new file mode 100755 index 0000000..4a5457e --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-keygen.py @@ -0,0 +1,46 @@ +#!/usr/bin/python +# +# This example shows how to generate public/private key pair +# +import ldns + +algorithm = ldns.LDNS_SIGN_DSA +bits = 512 + +ldns.ldns_init_random(open("/dev/random","rb"), (bits+7)//8) + +domain = ldns.ldns_dname("example.") + +#generate a new key +key = ldns.ldns_key.new_frm_algorithm(algorithm, bits); +print(key) + +#set owner +key.set_pubkey_owner(domain) + +#create the public from the ldns_key +pubkey = key.key_to_rr() +#previous command is equivalent to +# pubkey = ldns.ldns_key2rr(key) +print(pubkey) + +#calculate and set the keytag +key.set_keytag(ldns.ldns_calc_keytag(pubkey)) + +#build the DS record +ds = ldns.ldns_key_rr2ds(pubkey, ldns.LDNS_SHA1) +print(ds) + +owner, tag = pubkey.owner(), key.keytag() + +#write public key to .key file +fw = open("key-%s-%d.key" % (owner,tag), "wb") +pubkey.print_to_file(fw) + +#write private key to .priv file +fw = open("key-%s-%d.private" % (owner,tag), "wb") +key.print_to_file(fw) + +#write DS to .ds file +fw = open("key-%s-%d.ds" % (owner,tag), "wb") +ds.print_to_file(fw) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx.py new file mode 100755 index 0000000..1d2ba03 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx.py @@ -0,0 +1,15 @@ +#!/usr/bin/python +# +# MX is a small program that prints out the mx records for a particular domain +# +import ldns + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +pkt = resolver.query("nic.cz", ldns.LDNS_RR_TYPE_MX,ldns.LDNS_RR_CLASS_IN) + +if (pkt): + mx = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_MX, ldns.LDNS_SECTION_ANSWER) + if (mx): + mx.sort() + print(mx) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx1.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx1.py new file mode 100755 index 0000000..d10863e --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx1.py @@ -0,0 +1,18 @@ +#!/usr/bin/python +# +# MX is a small program that prints out the mx records for a particular domain +# +import ldns + +dname = ldns.ldns_dname("nic.cz") +print(dname) + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +pkt = resolver.query(dname, ldns.LDNS_RR_TYPE_MX,ldns.LDNS_RR_CLASS_IN) + +if (pkt): + mx = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_MX, ldns.LDNS_SECTION_ANSWER) + if (mx): + mx.sort() + print(mx) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx2.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx2.py new file mode 100755 index 0000000..9c8b103 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-mx2.py @@ -0,0 +1,19 @@ +#!/usr/bin/python +# +# MX is a small program that prints out the mx records for a particular domain +# +import ldns + +resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + +pkt = resolver.query("nic.cz", ldns.LDNS_RR_TYPE_MX,ldns.LDNS_RR_CLASS_IN) +if (pkt) and (pkt.answer()): + + for rr in pkt.answer().rrs(): + if (rr.get_type() != ldns.LDNS_RR_TYPE_MX): + continue + + rdf = rr.owner() + print(rdf," ",rr.ttl()," ",rr.get_class_str()," ",rr.get_type_str()," ", end=" ") + print(" ".join(str(rdf) for rdf in rr.rdfs())) + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-newpkt.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-newpkt.py new file mode 100755 index 0000000..49bad5e --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-newpkt.py @@ -0,0 +1,17 @@ +#!/usr/bin/python + +import ldns + +pkt = ldns.ldns_pkt.new_query_frm_str("www.google.com",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + +rra = ldns.ldns_rr.new_frm_str("www.google.com. IN A 192.168.1.1",300) +rrb = ldns.ldns_rr.new_frm_str("www.google.com. IN TXT Some\ Description",300) + +list = ldns.ldns_rr_list() +if (rra): list.push_rr(rra) +if (rrb): list.push_rr(rrb) + +pkt.push_rr_list(ldns.LDNS_SECTION_ANSWER, list) + +print("Packet:") +print(pkt) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-signzone.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-signzone.py new file mode 100755 index 0000000..cac5d32 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-signzone.py @@ -0,0 +1,65 @@ +#!/usr/bin/python +# This example shows how to sign a given zone file with private key + +import ldns +import sys, os, time + +#private key TAG which identifies the private key +#use ldns-keygen.py in order to obtain private key +keytag = 30761 + +# Read zone file +#------------------------------------------------------------- + +zone = ldns.ldns_zone.new_frm_fp(open("zone.txt","r"), None, 0, ldns.LDNS_RR_CLASS_IN) +soa = zone.soa() +origin = soa.owner() + +# Prepare keys +#------------------------------------------------------------- + +#Read private key from file +keyfile = open("key-%s-%d.private" % (origin, keytag), "r"); +key = ldns.ldns_key.new_frm_fp(keyfile) + +#Read public key from file +pubfname = "key-%s-%d.key" % (origin, keytag) +pubkey = None +if os.path.isfile(pubfname): + pubkeyfile = open(pubfname, "r"); + pubkey,_,_,_ = ldns.ldns_rr.new_frm_fp(pubkeyfile) + +if not pubkey: + #Create new public key + pubkey = key.key_to_rr() + +#Set key expiration +key.set_expiration(int(time.time()) + 365*60*60*24) #365 days + +#Set key owner (important step) +key.set_pubkey_owner(origin) + +#Insert DNSKEY RR +zone.push_rr(pubkey) + +# Sign zone +#------------------------------------------------------------- + +#Create keylist and push private key +keys = ldns.ldns_key_list() +keys.push_key(key) + +#Add SOA +signed_zone = ldns.ldns_dnssec_zone() +signed_zone.add_rr(soa) + +#Add RRs +for rr in zone.rrs().rrs(): + print("RR:", str(rr), end=" ") + signed_zone.add_rr(rr) + +added_rrs = ldns.ldns_rr_list() +status = signed_zone.sign(added_rrs, keys) +if (status == ldns.LDNS_STATUS_OK): + signed_zone.print_to_file(open("zone_signed.txt","w")) + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-zone.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-zone.py new file mode 100755 index 0000000..b465eaa --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns-zone.py @@ -0,0 +1,15 @@ +#!/usr/bin/python +import ldns + +#Read zone from file +zone = ldns.ldns_zone.new_frm_fp(open("../zone.txt","r"), None, 0, ldns.LDNS_RR_CLASS_IN) +print(zone) + +print("SOA:", zone.soa()) +for r in zone.rrs().rrs(): + print("RR:", r) + + +zone = ldns.ldns_zone() +#print zone + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns_rr_iter_frm_fp_l.demo.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns_rr_iter_frm_fp_l.demo.py new file mode 100644 index 0000000..18edd11 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns_rr_iter_frm_fp_l.demo.py @@ -0,0 +1,12 @@ +import ldns +import sys + +if len(sys.argv) <= 1: + print("Usage: %s zone_file" % sys.argv[0]) + sys.exit() + +inp = open(sys.argv[1],"r"); +for rr in ldns.ldns_rr_iter_frm_fp_l(inp): + print(rr) + +inp.close() diff --git a/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns_rr_new_frm_fp_l.demo.py b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns_rr_new_frm_fp_l.demo.py new file mode 100644 index 0000000..1bd667b --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/python3/ldns_rr_new_frm_fp_l.demo.py @@ -0,0 +1,43 @@ +import ldns +import sys + +if len(sys.argv) <= 1: + print("Usage: %s zone_file" % sys.argv[0]) + sys.exit() + +inp = open(sys.argv[1],"r"); +# variables that preserve the parsers state +my_ttl = 3600; +my_origin = None +my_prev = None +# additional state variables +last_pos = 0 +line_nr = 0 + +while True: + ret = ldns.ldns_rr_new_frm_fp_l_(inp, my_ttl, my_origin, my_prev) + s, rr, line_inc, new_ttl, new_origin, new_prev = ret # unpack the result + line_nr += line_inc # increase number of parsed lines + my_prev = new_prev # update ref to previous owner + + if s == ldns.LDNS_STATUS_SYNTAX_TTL: + my_ttl = new_ttl # update default TTL + print("$TTL:", my_ttl) + elif s == ldns.LDNS_STATUS_SYNTAX_ORIGIN: + my_origin = new_origin # update reference to origin + print("$ORIGIN:", my_origin) + elif s == ldns.LDNS_STATUS_SYNTAX_EMPTY: + if last_pos == inp.tell(): + break # no advance since last read - EOF + last_pos = inp.tell() + elif s != ldns.LDNS_STATUS_OK: + print("! parse error in line", line_nr) + else: + # we are sure to have LDNS_STATUS_OK + print(rr) + +inp.close() +print("--------------------") +print("Read %d lines" % line_nr) + + diff --git a/zonemaster-ldns/ldns/contrib/python/examples/test_buffer.py b/zonemaster-ldns/ldns/contrib/python/examples/test_buffer.py new file mode 100755 index 0000000..7bdf413 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/test_buffer.py @@ -0,0 +1,843 @@ +#!/usr/bin/env python + +# +# ldns_buffer testing script. +# +# Do not use constructs that differ between Python 2 and 3. +# Use write on stdout or stderr. +# + + +import ldns +import sys +import os +import inspect + + +class_name = "ldns_buffer" +method_name = None +error_detected = False + + +def set_error(): + """ + Writes an error message and sets error flag. + """ + global class_name + global method_name + global error_detected + error_detected = True + sys.stderr.write("(line %d): malfunctioning method %s.\n" % \ + (inspect.currentframe().f_back.f_lineno, method_name)) + + +# Buffer creation. +capacity = 1024 + +#if not error_detected: +if True: + method_name = "ldns_buffer.__init__()" + try: + buf = ldns.ldns_buffer(1024) + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.__str__()" + buf.printf("abcedf") + try: + string = buf.__str__() + except: + set_error() + if not isinstance(string, str): + # Should be string. + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.at()" + try: + ret = buf.at(512) + except: + set_error() + try: + # Must raise TypeError. + ret = buf.at("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.available()" + try: + ret = buf.available(capacity) + except: + set_error() + if not isinstance(ret, bool): + # Should be bool. + set_error() + if not buf.available(capacity): + # Should return True. + set_error() + if buf.available(capacity + 1): + # Should return False. + set_error() + try: + # Must raise TypeError. + ret = buf.available("") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# # Must raise ValueError. +# ret = buf.available("") +# set_error() +# except ValueError: +# pass +# except: +# set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.available_at()" + try: + ret = buf.available_at(512, capacity - 512) + except: + set_error() + if not isinstance(ret, bool): + # Should be bool. + set_error() + if not buf.available_at(512, capacity - 512): + # Should return True. + set_error() + if buf.available_at(512, capacity - 512 + 1): + # Should return False. + set_error() + try: + # Must raise TypeError. + ret = buf.available_at("", 1) + set_error() + except TypeError: + pass + except: + set_error() + try: + # Must raise TypeError. + ret = buf.available_at(1, "") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# # Must raise ValueError. +# ret = buf.available_at(-1, 512) +# set_error() +# except ValueError: +# pass +# except: +# set_error() +# try: +# # Must raise ValueError. +# ret = buf.available_at(512, -1) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.begin()" + try: + ret = buf.begin() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.capacity()" + try: + ret = buf.capacity() + except: + set_error() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + # Should be int. + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.clear()" + try: + buf.clear() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.copy()" + sys.stderr.write("%s not tested.\n" % (method_name)) +# buf2 = ldns.ldns_buffer(10) +# buf2.printf("abcdef") +# try: +# buf.copy(buf2) +# print buf.capacity() +# print buf2.capacity() +# except: +# set_error() +# buf.printf("2") +# print buf + + +#if not error_detected: +if True: + method_name = "ldns_buffer.current()" + try: + ret = buf.current() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.end()" + try: + ret = buf.end() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.export()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_buffer.flip()" + buf.printf("abcdef") + try: + buf.flip() + except: + set_error() +# if buf.remaining() != capacity: +# # Should be at beginning. +# set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.getc()" + buf.printf("a") + buf.rewind() + try: + ret = buf.getc() + except: + set_error() + if ret != ord("a"): + set_error() +# Test return value for -1 + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.invariant()" + try: + buf.invariant() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.limit()" + try: + ret = buf.limit() + except: + set_error() + if ret != capacity: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.position()" + try: + ret = buf.position() + except: + set_error() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.printf()" + try: + ret = buf.printf("abcdef") + except: + set_error() + if not isinstance(ret, int): + set_error() + try: + ret = buf.printf(10) + set_error() + except TypeError: + pass + except: + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.read()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_buffer.read_at()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_buffer.read_u16()" + buf.printf("aac") + buf.rewind() + try: + ret = buf.read_u16() + except: + set_error() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != (ord("a") * 0x0101): + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.read_u16_at()" + buf.printf("abbc") + try: + ret = buf.read_u16_at(1) + except: + set_error() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != (ord("b") * 0x0101): + set_error() + try: + ret = buf.read_u16_at("") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# ret = buf.read_u16_at(-1) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.read_u32()" + buf.printf("aaaac") + buf.rewind() + try: + ret = buf.read_u32() + except: + set_error() + if not isinstance(ret, int): + set_error() + if ret != (ord("a") * 0x01010101): + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.read_u32_at()" + buf.printf("abbbbc") + try: + ret = buf.read_u32_at(1) + except: + set_error() + if not isinstance(ret, int): + set_error() + if ret != (ord("b") * 0x01010101): + set_error() + try: + ret = buf.read_u32_at("") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# ret = buf.read_u32_at(-1) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.read_u8()" + buf.printf("ac") + buf.rewind() + try: + ret = buf.read_u8() + except: + set_error() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != ord("a"): + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.read_u8_at()" + buf.printf("abc") + try: + ret = buf.read_u8_at(1) + except: + set_error() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != ord("b"): + set_error() + try: + ret = buf.read_u8_at("") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# ret = buf.read_u8_at(-1) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.remaining()" + buf.printf("abcdef") + try: + ret = buf.remaining() + except: + set_error() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != (capacity - 6): + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.remaining_at()" + buf.printf("abcdef") + try: + ret = buf.remaining_at(1) + except: + set_error() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != (capacity - 1): + set_error() + try: + ret = buf.remaining_at("") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# ret = buf.remaining_at(-1) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.reserve()" + buf2 = ldns.ldns_buffer(512) + try: + ret = buf2.reserve(1024) + except: + set_error() + if not isinstance(ret, bool): + set_error() + try: + ret = buf2.reserve("") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# ret = buf2.reserve(-1) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.rewind()" + buf.printf("abcdef") + try: + buf.rewind() + except: + set_error() + if buf.position() != 0: + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.set_capacity()" + try: + ret = buf.set_capacity(capacity) + except: + set_error() + if not isinstance(ret, bool): + set_error() + try: + ret = buf.set_capacity("") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# ret = buf.set_capacity(-1) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.set_limit()" + try: + buf.set_limit(0) + except: + set_error() + try: + buf.set_limit("") + set_error() + except TypeError: + pass + except: + set_error() +# try: +# buf.set_limit(-1) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.set_position()" + try: + buf.set_position(0) + except: + set_error() + try: + buf.set_position("") + except TypeError: + pass + except: + set_error() +# try: +# buf.set_position(-1) +# except ValueError: +# pass +# except: +# set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.skip()" + try: + buf.skip(10) + except: + set_error() + try: + buf.skip(-1) + except: + set_error() + try: + buf.skip("") + set_error() + except TypeError: + pass + except: + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.status()" + try: + ret = buf.status() + except: + set_error() + # Returned status is an integer. + if not isinstance(ret, int): + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.status_ok()" + try: + ret = buf.status_ok() + except: + set_error() + if not isinstance(ret, bool): + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_at()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_string()" + try: + buf.write_string("abcdef") + except: + set_error() +# try: +# buf.write_sring(-1) +# set_error() +# except TypeError: +# pass +# except: +# set_error() + sys.stderr.write("%s not tested for parameter correctness.\n" % \ + (method_name)) + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_string_at()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_u16()" + try: + buf.write_u16(ord("b") * 0x0101) + except: + set_error() + try: + buf.write_u16("") + set_error() + except TypeError: + pass + except: + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_u16_at()" + buf.printf("a") + try: + buf.write_u16_at(1, ord("b") * 0x0101) + except: + set_error() + try: + buf.write_u16_at("", ord("b") * 0x0101) + set_error() + except TypeError: + pass + except: + set_error() +# try: +# buf.write_u16_at(-1, ord("b") * 0x0101) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + try: + buf.write_u16_at(1, "") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_u32()" + try: + buf.write_u32(ord("b") * 0x01010101) + except: + set_error() + try: + buf.write_u32("") + set_error() + except TypeError: + pass + except: + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_u32_at()" + buf.printf("a") + try: + buf.write_u32_at(1, ord("b") * 0x01010101) + except: + set_error() + try: + buf.write_u32_at("", ord("b") * 0x01010101) + set_error() + except TypeError: + pass + except: + set_error() +# try: +# buf.write_u32_at(-1, ord("b") * 0x01010101) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + try: + buf.write_u32_at(1, "") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_u8()" + try: + buf.write_u8(ord("b")) + except: + set_error() + try: + buf.write_u8("") + set_error() + except TypeError: + pass + except: + set_error() + buf.clear() + + +#if not error_detected: +if True: + method_name = "ldns_buffer.write_u8_at()" + buf.printf("a") + try: + buf.write_u8_at(1, ord("b")) + except: + set_error() + try: + buf.write_u8_at("", ord("b")) + set_error() + except TypeError: + pass + except: + set_error() +# try: +# buf.write_u8_at(-1, ord("b")) +# set_error() +# except ValueError: +# pass +# except: +# set_error() + try: + buf.write_u8_at(1, "") + set_error() + except TypeError: + pass + except: + set_error() + + +if not error_detected: + sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__))) +else: + sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__))) + sys.exit(1) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/test_dname.py b/zonemaster-ldns/ldns/contrib/python/examples/test_dname.py new file mode 100755 index 0000000..4603543 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/test_dname.py @@ -0,0 +1,474 @@ +#!/usr/bin/env python + +# +# ldns_dname testing script. +# +# Do not use constructs that differ between Python 2 and 3. +# Use write on stdout or stderr. +# + + +import ldns +import sys +import os +import inspect + + +class_name = "ldns_dname" +method_name = None +error_detected = False +temp_fname = "tmp_dname.txt" + + +def set_error(): + """ + Writes an error message and sets error flag. + """ + global class_name + global method_name + global error_detected + error_detected = True + sys.stderr.write("(line %d): malfunctioning method %s.\n" % \ + (inspect.currentframe().f_back.f_lineno, method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".__init__()" + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test.nic.cz.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "217.31.205.50") + try: + dname = ldns.ldns_dname("www.nic.cz.") + if not isinstance(dname, ldns.ldns_dname): + set_error() + except: + set_error() + # + # Error when printing a dname which was created from an empty string. + # Must find out why. + # + try: + dname = ldns.ldns_dname(rdf1) + if not isinstance(dname, ldns.ldns_dname): + set_error() + except: + set_error() + # Test whether rdf1 and dname independent. + dname.cat(dname) + if dname.__str__() == rdf1.__str__(): + set_error() + # Test whether rdf1 and dname are dependent. + dname = ldns.ldns_dname(rdf1, clone=False) + dname.cat(dname) + if dname.__str__() != rdf1.__str__(): + set_error() + # Test whether constructs from non-dname rdfs. + try: + dname = ldns.ldns_dname(rdf2) + set_error() + except TypeError: + pass + except: + set_error() + try: + dname = ldns.ldns_dname(1) + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".[comparison operators]" + dn1 = ldns.ldns_dname("a.test") + dn2 = ldns.ldns_dname("b.test") + try: + ret = dn1 < dn2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = dn2 < dn1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = dn1 <= dn2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = dn2 <= dn1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = dn1 == dn2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = dn1 == dn1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = dn1 != dn2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = dn1 != dn1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = dn1 > dn2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = dn2 > dn1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = dn1 >= dn2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = dn2 >= dn1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".absolute()" + dname = ldns.ldns_dname("www.nic.cz.") + try: + ret = dname.absolute() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".cat()" + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test.nic.cz.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "217.31.205.50") + dname = ldns.ldns_dname("www.nic.cz.") + try: + ret = dname.cat(dname) + if ret != ldns.LDNS_STATUS_OK: + set_error() + if dname.__str__() != "www.nic.cz.www.nic.cz.": + set_error() + except: + set_error() + try: + ret = dname.cat(rdf1) + if ret != ldns.LDNS_STATUS_OK: + set_error() + if dname.__str__() != "www.nic.cz.www.nic.cz.test.nic.cz.": + set_error() + except: + set_error() + try: + ret = dname.cat(rdf2) + if ret == ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + try: + ret = dname.cat("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".cat_clone()" + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test.nic.cz.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "217.31.205.50") + dname = ldns.ldns_dname("www.nic.cz.") + try: + ret = dname.cat_clone(dname) + if not isinstance(ret, ldns.ldns_dname): + set_error() + if ret.__str__() != "www.nic.cz.www.nic.cz.": + set_error() + except: + set_error() + try: + ret = dname.cat_clone(rdf1) + if not isinstance(ret, ldns.ldns_dname): + set_error() + if ret.__str__() != "www.nic.cz.test.nic.cz.": + set_error() + except: + set_error() + try: + ret = dname.cat_clone(rdf2) + if ret != None: + set_error() + except: + set_error() + try: + ret = dname.cat_clone("") + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".interval()" + dn1 = ldns.ldns_dname("a.ns.nic.cz.") + dn2 = ldns.ldns_dname("b.ns.nic.cz.") + dn3 = ldns.ldns_dname("c.ns.nic.cz.") + try: + ret = dn1.interval(dn2, dn3) + if ret != -1: + set_error() + except: + set_error() + try: + ret = dn2.interval(dn1, dn3) + if ret != 1: + set_error() + except: + set_error() + rdf4 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "d.ns.nic.cz.") + rdf5 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1") + try: + ret = dn1.interval(dn2, rdf4) + if ret != -1: + set_error() + except: + set_error() + try: + ret = dn2.interval(dn1, rdf4) + if ret != 1: + set_error() + except: + set_error() + try: + ret = dn1.interval(dn2, rdf5) + set_error() + except Exception: + pass + except: + set_error() + try: + ret = dn1.interval(dn2, "") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".is_subdomain()" + dn1 = ldns.ldns_dname("nic.cz.") + dn2 = ldns.ldns_dname("www.nic.cz.") + rdf3 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = dn1.is_subdomain(dn2) + if not isinstance(ret, bool): + set_error() + if ret == True: + set_error() + ret = dn2.is_subdomain(dn1) + if ret != True: + set_error() + except: + set_error() + try: + ret = dn1.is_subdomain(rdf3) + if not isinstance(ret, bool): + set_error() + if ret == True: + set_error() + except: + set_error() + rdf4 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1") + try: + ret = dn1.is_subdomain(rdf4) + if ret != False: + set_error() + except: + set_error() + try: + ret = dn1.is_subdomain("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".label()" + dn = ldns.ldns_dname("nic.cz.") + try: + ret = dn.label(0) + if not isinstance(ret, ldns.ldns_dname): + set_error() + except: + set_error() + try: + ret = dn.label(10) + if ret != None: + set_error() + except: + set_error() + try: + ret = dn.label("") + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".label_count()" + dn = ldns.ldns_dname("www.nic.cz.") + try: + ret = dn.label_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 3: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".left_chop()" + dn = ldns.ldns_dname("www.nic.cz.") + try: + ret = dn.left_chop() + if not isinstance(ret, ldns.ldns_dname): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".make_canonical()" + dn = ldns.ldns_dname("WWW.NIC.CZ.") + try: + dn.make_canonical() + if dn.__str__() != "www.nic.cz.": + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_rdf()" + # Tested via constructor call. + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_str()" + # Tested via constructor call. + + +#if not error_detected: +if True: + method_name = class_name + ".reverse()" + dn = ldns.ldns_dname("www.nic.cz.") + try: + ret = dn.reverse() + if not isinstance(ret, ldns.ldns_dname): + set_error() + if ret.__str__() != "cz.nic.www.": + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".write_to_buffer()" + dn = ldns.ldns_dname("www.nic.cz.") + buf = ldns.ldns_buffer(1024) + try: + ret = dn.write_to_buffer(buf) + if ret != ldns.LDNS_STATUS_OK: + set_error() + if buf.position() != 12: + set_error() + except: + set_error() + try: + ret = dn.write_to_buffer("") + except TypeError: + pass + except: + set_error() + + +if not error_detected: + sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__))) +else: + sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__))) + sys.exit(1) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/test_pkt.py b/zonemaster-ldns/ldns/contrib/python/examples/test_pkt.py new file mode 100755 index 0000000..7ecb7bd --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/test_pkt.py @@ -0,0 +1,1937 @@ +#!/usr/bin/env python + +# +# ldns_pkt testing script. +# +# Do not use constructs that differ between Python 2 and 3. +# Use write on stdout or stderr. +# + + +import ldns +import sys +import os +import inspect + + +class_name = "ldns_pkt" +method_name = None +error_detected = False +temp_fname = "tmp_pkt.txt" + + +def set_error(): + """ + Writes an error message and sets error flag. + """ + global class_name + global method_name + global error_detected + error_detected = True + sys.stderr.write("(line %d): malfunctioning method %s.\n" % \ + (inspect.currentframe().f_back.f_lineno, method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".aa()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + try: + ret = pkt.aa() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR) + try: + ret = pkt.aa() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ad()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.ad() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR) + try: + ret = pkt.ad() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".additional()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.additional() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret.rr_count() != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".algorithm2str()" + try: + ret = ldns.ldns_pkt.algorithm2str(ldns.LDNS_DSA) + if not isinstance(ret, str): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".all()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.all() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret.rr_count() != 1: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".all_noquestion()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.all_noquestion() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret.rr_count() != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ancount()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.ancount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".answer()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.answer() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret.rr_count() != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".answerfrom()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.answerfrom() + if ret != None: + set_error() + except: + set_error() + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + pkt = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) + try: + ret = pkt.answerfrom() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".arcount()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.arcount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".authority()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.authority() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret.rr_count() != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".cd()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_CD) + try: + ret = pkt.cd() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR) + try: + ret = pkt.cd() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".cert_algorithm2str()" + try: + ret = ldns.ldns_pkt.cert_algorithm2str(ldns.LDNS_CERT_PGP) + if not isinstance(ret, str): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".clone()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.clone() + if not isinstance(ret, ldns.ldns_pkt): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ends()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.edns() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_dnssec(True) + pkt = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) + try: + ret = pkt.edns() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ends_data()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.edns_data() + if ret != None: + set_error() + except: + set_error() + #resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + #resolver.set_dnssec(True) + #pkt = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) + #try: + # ret = pkt.edns_data() + # print ret + # if not isinstance(ret, ldns.ldns_rdf): + # set_error() + # if ret != True: + # set_error() + #except: + # set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".edns_do()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.edns_do() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".edns_extended_rcode()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.edns_extended_rcode() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + #resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + #resolver.set_dnssec(True) + #pkt = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) + #try: + # ret = pkt.edns_extended_rcode() + # if (not isinstance(ret, int)) and (not isinstance(ret, long)): + # set_error() + # if ret != 0: + # set_error() + #except: + # set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".edns_udp_size()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.edns_udp_size() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_dnssec(True) + pkt = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) + try: + ret = pkt.edns_udp_size() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret == 0: # Don't know the actual size, but must be greater than 0. + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".edns_version()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.edns_version() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + #resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + #resolver.set_dnssec(True) + #pkt = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) + #try: + # ret = pkt.edns_version() + # if (not isinstance(ret, int)) and (not isinstance(ret, long)): + # set_error() + # if ret != 0: + # set_error() + #except: + # set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".edns_z()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.edns_z() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".empty()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.empty() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_opcode()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.get_opcode() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != ldns.LDNS_PACKET_QUERY: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_rcode()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.get_rcode() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != ldns.LDNS_RCODE_NOERROR: + set_error() + except: + set_error() + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_dnssec(True) + pkt = resolver.query("nonexistent_domain.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN) + try: + ret = pkt.get_rcode() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != ldns.LDNS_RCODE_NXDOMAIN: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_section_clone()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.get_section_clone(ldns.LDNS_SECTION_ANY) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = pkt.get_section_clone(ldns.LDNS_SECTION_ANSWER) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = pkt.get_section_clone("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".id()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.id() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new()" + try: + pkt = ldns.ldns_pkt.new() + if not isinstance(pkt, ldns.ldns_pkt): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_query()" + dname = ldns.ldns_dname("test.nic.cz.") + try: + pkt = ldns.ldns_pkt.new_query(dname, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + if not isinstance(pkt, ldns.ldns_pkt): + set_error() + except: + set_error() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test.nic.cz.") + try: + pkt = ldns.ldns_pkt.new_query(rdf, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + if not isinstance(pkt, ldns.ldns_pkt): + set_error() + except: + set_error() + try: + pkt = ldns.ldns_pkt.new_query("bad argument", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + pkt = ldns.ldns_pkt.new_query(dname, "bad argument", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + pkt = ldns.ldns_pkt.new_query(dname, ldns.LDNS_RR_TYPE_A, "bad argument", ldns.LDNS_QR | ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + pkt = ldns.ldns_pkt.new_query(dname, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_query_frm_str()" + try: + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz", ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + except: + set_error() + try: + pkt = ldns.ldns_pkt.new_query_frm_str(pkt, ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz", "bad argument", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz", ldns.LDNS_RR_TYPE_ANY, "bad argument", ldns.LDNS_QR | ldns.LDNS_AA) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz", ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".nscount()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.nscount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".opcode2str()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + ret = pkt.opcode2str() + if not isinstance(ret, str): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".print_to_file()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + f = open(temp_fname, "w") + try: + pkt.print_to_file(f) + except: + set_error() + f.close() + f = open(temp_fname, "r") + if len(f.readlines()) != 14: + set_error() + f.close() + os.remove(temp_fname) + + +#if not error_detected: +if True: + method_name = class_name + ".push_rr()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + try: + ret = pkt.push_rr(ldns.LDNS_SECTION_ANSWER, rr) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = pkt.push_rr("bad argument", rr) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = pkt.push_rr(ldns.LDNS_SECTION_ANSWER, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".push_rr_list()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + rrl.push_rr(rr) + try: + ret = pkt.push_rr_list(ldns.LDNS_SECTION_ANSWER, rrl) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = pkt.push_rr_list("bad argument", rrl) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = pkt.push_rr_list(ldns.LDNS_SECTION_ANSWER, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".qdcount()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.qdcount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 1: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".qr()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + try: + ret = pkt.qr() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_AA) + try: + ret = pkt.qr() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".querytime()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.querytime() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".question()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AD) + try: + ret = pkt.question() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret.rr_count() != 1: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ra()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RA) + try: + ret = pkt.ra() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR) + try: + ret = pkt.ra() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rcode2str()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RA) + try: + ret = pkt.rcode2str() + if not isinstance(ret, str): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rd()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + try: + ret = pkt.rd() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR) + try: + ret = pkt.rd() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".reply_type()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + try: + ret = pkt.reply_type() + if ret != ldns.LDNS_PACKET_ANSWER: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rr()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + pkt.push_rr(ldns.LDNS_SECTION_ANSWER, rr) + try: + ret = pkt.rr(ldns.LDNS_SECTION_ANSWER, rr) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = pkt.rr(ldns.LDNS_SECTION_QUESTION, rr) + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = pkt.rr("bad argument", rr) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = pkt.rr(ldns.LDNS_SECTION_QUESTION, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rr_list_by_name()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + pkt.push_rr(ldns.LDNS_SECTION_ANSWER, rr) + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test1") + try: + ret = pkt.rr_list_by_name(rdf, ldns.LDNS_SECTION_ANSWER) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = pkt.rr_list_by_name(rdf, ldns.LDNS_SECTION_QUESTION) + if ret != None: + set_error() + except: + set_error() + try: + ret = pkt.rr_list_by_name("bad argument", ldns.LDNS_SECTION_ANSWER) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = pkt.rr_list_by_name(rdf, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rr_list_by_name_and_type()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz.", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + pkt.push_rr(ldns.LDNS_SECTION_ANSWER, rr) + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test1") + try: + ret = pkt.rr_list_by_name_and_type(rdf, ldns.LDNS_RR_TYPE_A, ldns.LDNS_SECTION_ANSWER) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = pkt.rr_list_by_name_and_type(rdf, ldns.LDNS_RR_TYPE_AAAA, ldns.LDNS_SECTION_ANSWER) + if ret != None: + set_error() + except: + set_error() + #try: + # ret = pkt.rr_list_by_name_and_type("bad argument", ldns.LDNS_RR_TYPE_A, ldns.LDNS_SECTION_ANSWER) + # set_error() + #except TypeError as e: + # pass + #except: + # set_error() + try: + ret = pkt.rr_list_by_name_and_type(rdf, "bad argument", ldns.LDNS_SECTION_ANSWER) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = pkt.rr_list_by_name_and_type(rdf, ldns.LDNS_RR_TYPE_A, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rr_list_by_type()" + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz.", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_RD) + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + pkt.push_rr(ldns.LDNS_SECTION_ANSWER, rr) + try: + ret = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_A, ldns.LDNS_SECTION_ANSWER) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_AAAA, ldns.LDNS_SECTION_ANSWER) + if ret != None: + set_error() + except: + set_error() + try: + ret = pkt.rr_list_by_type("bad argument", ldns.LDNS_SECTION_ANSWER) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = pkt.rr_list_by_type(ldns.LDNS_RR_TYPE_A, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".safe_push_rr()" + pkt = ldns.ldns_pkt.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + try: + ret = pkt.safe_push_rr(ldns.LDNS_SECTION_ANSWER, rr) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = pkt.safe_push_rr(ldns.LDNS_SECTION_ANSWER, rr) + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = pkt.safe_push_rr("bad argument", rr) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = pkt.safe_push_rr(ldns.LDNS_SECTION_ANSWER, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".safe_push_rr_list()" + pkt = ldns.ldns_pkt.new() + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + ret = pkt.safe_push_rr_list(ldns.LDNS_SECTION_ANSWER, rrl) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = pkt.safe_push_rr_list(ldns.LDNS_SECTION_ANSWER, rrl) + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = pkt.safe_push_rr_list("bad argument", rrl) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = pkt.safe_push_rr_list(ldns.LDNS_SECTION_ANSWER, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_aa()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_aa(True) + if pkt.aa() != True: + set_error() + except: + set_error() + try: + pkt.set_aa(False) + if pkt.aa() != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_ad()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_ad(True) + if pkt.ad() != True: + set_error() + except: + set_error() + try: + pkt.set_ad(False) + if pkt.ad() != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_additional()" + pkt = ldns.ldns_pkt.new() + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + pkt.set_additional(rrl) + if not isinstance(pkt.additional() , ldns.ldns_rr_list): + set_error() + if pkt.additional() != rrl: + set_error() + except: + set_error() + try: + pkt.set_additional("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_ancount()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_ancount(1) + ret = pkt.ancount() + if ret != 1: + set_error() + except: + set_error() + try: + pkt.set_ancount("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_answer()" + pkt = ldns.ldns_pkt.new() + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + pkt.set_answer(rrl) + if not isinstance(pkt.additional() , ldns.ldns_rr_list): + set_error() + if pkt.answer() != rrl: + set_error() + except: + set_error() + try: + pkt.set_answer("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_answerfrom()" + pkt = ldns.ldns_pkt.new() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + pkt.set_answerfrom(rdf) + ret = pkt.answerfrom() + if ret != rdf: + set_error() + except: + set_error() + try: + pkt.set_answerfrom("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_arcount()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_arcount(1) + ret = pkt.arcount() + if ret != 1: + set_error() + except: + set_error() + try: + pkt.set_arcount("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_authority()" + pkt = ldns.ldns_pkt.new() + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + pkt.set_authority(rrl) + if not isinstance(pkt.additional() , ldns.ldns_rr_list): + set_error() + if pkt.authority() != rrl: + set_error() + except: + set_error() + try: + pkt.set_authority("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_cd()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_cd(True) + if pkt.cd() != True: + set_error() + except: + set_error() + try: + pkt.set_cd(False) + if pkt.cd() != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_edns_data()" + pkt = ldns.ldns_pkt.new() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + pkt.set_edns_data(rdf) + ret = pkt.edns_data() + if ret != rdf: + set_error() + except: + set_error() + try: + pkt.set_edns_data("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_edns_do()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_edns_do(True) + if pkt.edns_do() != True: + set_error() + except: + set_error() + try: + pkt.set_edns_do(False) + if pkt.edns_do() != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_edns_extended_rcode()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_edns_extended_rcode(8) + ret = pkt.edns_extended_rcode() + if ret != 8: + set_error() + except: + set_error() + try: + pkt.set_edns_extended_rcode("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_edns_udp_size()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_edns_udp_size(4096) + ret = pkt.edns_udp_size() + if ret != 4096: + set_error() + except: + set_error() + try: + pkt.set_edns_udp_size("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_edns_version()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_edns_version(8) + ret = pkt.edns_version() + if ret != 8: + set_error() + except: + set_error() + try: + pkt.set_edns_version("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_edns_z()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_edns_z(4096) + ret = pkt.edns_z() + if ret != 4096: + set_error() + except: + set_error() + try: + pkt.set_edns_z("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_flags()" + pkt = ldns.ldns_pkt.new() + try: + ret = pkt.set_flags(ldns.LDNS_AA | ldns.LDNS_AD) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + pkt.set_flags("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_id()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_id(4096) + ret = pkt.id() + if ret != 4096: + set_error() + except: + set_error() + try: + pkt.set_id("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_nscount()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_nscount(1) + ret = pkt.nscount() + if ret != 1: + set_error() + except: + set_error() + try: + pkt.set_nscount("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_opcode()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_opcode(ldns.LDNS_PACKET_QUERY) + ret = pkt.get_opcode() + if ret != ldns.LDNS_PACKET_QUERY: + set_error() + except: + set_error() + try: + pkt.set_opcode("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_qdcount()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_qdcount(10) + ret = pkt.qdcount() + if ret != 10: + set_error() + except: + set_error() + try: + pkt.set_qdcount("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_qr()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_qr(True) + if pkt.qr() != True: + set_error() + except: + set_error() + try: + pkt.set_qr(False) + if pkt.qr() != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_querytime()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_querytime(65536) + ret = pkt.querytime() + if ret != 65536: + set_error() + except: + set_error() + try: + pkt.set_querytime("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_question()" + pkt = ldns.ldns_pkt.new() + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + pkt.set_question(rrl) + if not isinstance(pkt.additional() , ldns.ldns_rr_list): + set_error() + if pkt.question() != rrl: + set_error() + except: + set_error() + try: + pkt.set_question("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_ra()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_ra(True) + if pkt.ra() != True: + set_error() + except: + set_error() + try: + pkt.set_ra(False) + if pkt.ra() != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_random_id()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_random_id() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_rcode()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_rcode(127) + ret = pkt.get_rcode() + if ret != 127: + set_error() + except: + set_error() + try: + pkt.set_rcode("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_rd()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_rd(True) + if pkt.rd() != True: + set_error() + except: + set_error() + try: + pkt.set_rd(False) + if pkt.rd() != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_section_count()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_section_count(ldns.LDNS_PACKET_QUESTION, 4096) + ret = pkt.qdcount() + if ret != 4096: + set_error() + except: + set_error() + try: + pkt.set_section_count("bad argument", 4096) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + pkt.set_section_count(ldns.LDNS_PACKET_QUESTION, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_size()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_size(512) + ret = pkt.size() + if ret != 512: + set_error() + except: + set_error() + try: + pkt.set_size("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_tc()" + pkt = ldns.ldns_pkt.new() + try: + pkt.set_tc(True) + if pkt.tc() != True: + set_error() + except: + set_error() + try: + pkt.set_tc(False) + if pkt.tc() != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_timestamp()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".set_tsig()" + pkt = ldns.ldns_pkt.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + try: + pkt.set_tsig(rr) + ret = pkt.tsig() + if ret != rr: + set_error() + except: + set_error() + try: + pkt.set_tsig("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".size()" + pkt = ldns.ldns_pkt.new() + pkt.set_size(512) + try: + ret = pkt.size() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 512: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".tc()" + pkt = ldns.ldns_pkt.new() + pkt.set_tc(True) + try: + ret = pkt.tc() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + pkt.set_tc(False) + try: + ret = pkt.tc() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".timestamp()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".tsig()" + pkt = ldns.ldns_pkt.new() + try: + ret = pkt.tsig() + if ret != None: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + pkt.set_tsig(rr) + try: + ret = pkt.tsig() + if not isinstance(ret, ldns.ldns_rr): + set_error() + if ret != rr: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".update_pkt_tsig_add()" + pkt = ldns.ldns_pkt.new() + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = pkt.update_pkt_tsig_add(resolver) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + try: + ret = pkt.update_pkt_tsig_add("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".update_prcount()" + pkt = ldns.ldns_pkt.new() + try: + ret = pkt.update_prcount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + pkt.update_set_prcount(127) + try: + ret = pkt.update_prcount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 127: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".update_set_adcount()" + pkt = ldns.ldns_pkt.new() + try: + pkt.update_set_adcount(4096) + ret = pkt.update_ad() + if ret != 4096: + set_error() + except: + set_error() + try: + pkt.update_set_adcount("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".update_set_prcount()" + pkt = ldns.ldns_pkt.new() + try: + pkt.update_set_prcount(4096) + ret = pkt.update_prcount() + if ret != 4096: + set_error() + except: + set_error() + try: + pkt.update_set_prcount("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".update_set_upcount()" + pkt = ldns.ldns_pkt.new() + try: + pkt.update_set_upcount(4096) + ret = pkt.update_upcount() + if ret != 4096: + set_error() + except: + set_error() + try: + pkt.update_set_upcount("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".update_set_zo()" + pkt = ldns.ldns_pkt.new() + try: + pkt.update_set_zo(4096) + ret = pkt.update_zocount() + if ret != 4096: + set_error() + except: + set_error() + try: + pkt.update_set_zo("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".update_upcount()" + pkt = ldns.ldns_pkt.new() + try: + ret = pkt.update_upcount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + pkt.update_set_upcount(127) + try: + ret = pkt.update_upcount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 127: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".update_zocount()" + pkt = ldns.ldns_pkt.new() + try: + ret = pkt.update_zocount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + pkt.update_set_zo(127) + try: + ret = pkt.update_zocount() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 127: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".write_to_buffer()" + pkt = pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + buf = buf = ldns.ldns_buffer(4096) + try: + ret = pkt.write_to_buffer(buf) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + + +if not error_detected: + sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__))) +else: + sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__))) + sys.exit(1) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/test_rdf.py b/zonemaster-ldns/ldns/contrib/python/examples/test_rdf.py new file mode 100755 index 0000000..2e2b73b --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/test_rdf.py @@ -0,0 +1,820 @@ +#!/usr/bin/env python + +# +# ldns_rdf testing script. +# +# Do not use constructs that differ between Python 2 and 3. +# Use write on stdout or stderr. +# + + +import ldns +import sys +import os +import inspect + + +class_name = "ldns_rdf" +method_name = None +error_detected = False +temp_fname = "tmp_rdf.txt" + + +def set_error(): + """ + Writes an error message and sets error flag. + """ + global class_name + global method_name + global error_detected + error_detected = True + sys.stderr.write("(line %d): malfunctioning method %s.\n" % \ + (inspect.currentframe().f_back.f_lineno, method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".__init__()" + try: + # Should raise an Exception + rdf = ldns.ldns_rdf() + set_error() + except Exception as e: + pass + + +#if not error_detected: +if True: + method_name = class_name + ".[comparison operators]" + rdf1 = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) + rdf2 = ldns.ldns_rdf.new_frm_str("1.1.1.1", ldns.LDNS_RDF_TYPE_A) + try: + ret = rdf1 < rdf2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rdf2 < rdf1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rdf1 <= rdf2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rdf2 <= rdf1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rdf1 == rdf2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rdf1 == rdf1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rdf1 != rdf2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rdf1 != rdf1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rdf1 > rdf2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rdf2 > rdf1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rdf1 >= rdf2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rdf2 >= rdf1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf_new()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_rdf_new_frm_data()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_rdf_new_frm_str()" + try: + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz") + except: + set_error() + try: + rdf = ldns.ldns_rdf_new_frm_str("", "www.nic.cz") + et_error() + except TypeError: + pass + except: + set_error() + try: + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, 1) + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf_new_frm_fp()" + f = open(temp_fname, "w") + f.write("217.31.205.50") + f.close() + f = open(temp_fname, "r") + try: + status, rdf = ldns.ldns_rdf_new_frm_fp(ldns.LDNS_RDF_TYPE_A, f) + if status != ldns.LDNS_STATUS_OK: + set_error() + if rdf == None: + set_error() + except: + set_error() + try: + # Reading past file end. + status, rdf = ldns.ldns_rdf_new_frm_fp(ldns.LDNS_RDF_TYPE_AAAA, f) + if status == ldns.LDNS_STATUS_OK: + set_error() + if rdf != None: + set_error() + except: + set_error() + f.close() + f = open(temp_fname, "r") + try: + status, rdf = ldns.ldns_rdf_new_frm_fp(ldns.LDNS_RDF_TYPE_AAAA, f) + if status != ldns.LDNS_STATUS_OK: + set_error() + if rdf != None: + set_error() + except: + set_error() + f.close() + os.remove(temp_fname) + try: + status, rdf = ldns.ldns_rdf_new_frm_fp("", f) + except TypeError: + pass + except: + set_error() + try: + status, rdf = ldns.ldns_rdf_new_frm_fp(ldns.LDNS_RDF_TYPE_AAAA, "") + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf_new_frm_fp_l()" + f = open(temp_fname, "w") + f.write("217.31.205.50\n194.0.12.1") + f.close() + f = open(temp_fname, "r") + try: + status, rdf, line = ldns.ldns_rdf_new_frm_fp_l(ldns.LDNS_RDF_TYPE_A, f) + if status != ldns.LDNS_STATUS_OK: + set_error() + if rdf == None: + set_error() + except: + set_error() + try: + status, rdf, line = ldns.ldns_rdf_new_frm_fp_l(ldns.LDNS_RDF_TYPE_A, f) + if status != ldns.LDNS_STATUS_OK: + set_error() + if rdf == None: + set_error() + except: + set_error() + try: + # Reading past file end. + status, rdf, line = ldns.ldns_rdf_new_frm_fp_l(ldns.LDNS_RDF_TYPE_A, f) + if status == ldns.LDNS_STATUS_OK: + set_error() + if rdf != None: + set_error() + except: + set_error() + f.close() + os.remove(temp_fname) + try: + status, rdf = ldns.ldns_rdf_new_frm_fp_l("", f) + except TypeError: + pass + except: + set_error() + try: + status, rdf = ldns.ldns_rdf_new_frm_fp_l(ldns.LDNS_RDF_TYPE_AAAA, "") + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_drf.absolute()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.absolute() + if not isinstance(ret, bool): + set_error() + if not ret: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.address_reverse()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1") + try: + ret = rdf.address_reverse() + if ret == None: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_AAAA, "::1") + try: + ret = rdf.address_reverse() + if ret == None: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.address_reverse() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.cat()" + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "cz.") + try: + ret = rdf1.cat(rdf2) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + ret = rdf1.cat(rdf2) + if ret == ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + try: + ret = rdf2.cat(rdf1) + if ret == ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + try: + ret = rdf2.cat("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.cat_clone()" + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "cz.") + try: + ret = rdf1.cat_clone(rdf2) + if ret == None: + set_error() + except: + set_error() + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + ret = rdf1.cat_clone(rdf2) + if ret != None: + set_error() + except: + set_error() + try: + ret = rdf2.cat_clone(rdf1) + if ret != None: + set_error() + except: + set_error() + try: + ret = rdf2.cat_clone("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.clone()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.clone() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.data()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.data() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.data_as_bytearray()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.data_as_bytearray() + if not isinstance(ret, bytearray): + set_error() + if len(ret) != 12: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.dname_compare()" + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "nic.cz.") + try: + ret = rdf1.dname_compare(rdf2) + if ret != 1: + set_error() + except: + set_error() + try: + ret = rdf2.dname_compare(rdf1) + if ret != -1: + set_error() + except: + set_error() + try: + ret = rdf1.dname_compare(rdf1) + if ret != 0: + set_error() + except: + set_error() + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + ret = rdf1.dname_compare(rdf2) + set_error() + except Exception: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.dname_new_frm_str()" + try: + rdf = ldns.ldns_rdf.dname_new_frm_str("www.nic.cz.") + if rdf == None: + set_error() + except: + set_error() + try: + rdf = ldns.ldns_rdf.dname_new_frm_str("") + if rdf != None: + set_error() + except: + set_error() + try: + rdf = ldns.ldns_rdf.dname_new_frm_str(1) + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.get_type()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.get_type() + if not isinstance(ret, int): + set_error() + if ret != ldns.LDNS_RDF_TYPE_DNAME: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.get_type_str()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.get_type_str() + if not isinstance(ret, str): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.interval()" + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "a.ns.nic.cz.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "b.ns.nic.cz.") + rdf3 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "c.ns.nic.cz.") + try: + ret = rdf1.interval(rdf2, rdf3) + if ret != -1: + set_error() + except: + set_error() + try: + ret = rdf2.interval(rdf1, rdf3) + if ret != 1: + set_error() + except: + set_error() + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "b.ns.nic.cz.") + rdf3 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "c.ns.nic.cz.") + try: + ret = rdf1.interval(rdf2, rdf3) + set_error() + except Exception: + pass + except: + set_error() + try: + ret = rdf2.interval("", rdf3) + set_error() + except TypeError: + pass + except: + set_error() + +#if not error_detected: +if True: + method_name = "ldns_rdf.is_subdomain()" + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "nic.cz.") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf1.is_subdomain(rdf2) + if not isinstance(ret, bool): + set_error() + if ret == True: + set_error() + ret = rdf2.is_subdomain(rdf1) + if ret != True: + set_error() + except: + set_error() + rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1") + rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf1.is_subdomain(rdf2) + if ret != False: + set_error() + except: + set_error() + try: + ret = rdf2.is_subdomain(rdf1) + if ret != False: + set_error() + except: + set_error() + try: + ret = rdf2.is_subdomain("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.label()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.label(0) + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + try: + ret = rdf.label(10) + if ret != None: + set_error() + except: + set_error() + try: + ret = rdf.label("") + except TypeError: + pass + except: + set_error() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + ret = rdf.label(0) + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.label_count()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.label_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 3: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + ret = rdf.label_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.left_chop()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.left_chop() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + ret = rdf.left_chop() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.make_canonical()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "WWW.NIC.CZ.") + try: + rdf.make_canonical() + if rdf.__str__() != "www.nic.cz.": + set_error() + except: + set_error() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + rdf.make_canonical() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.new_frm_str()" + try: + rdf = ldns.ldns_rdf.new_frm_str("www.nic.cz.", ldns.LDNS_RDF_TYPE_DNAME) + except: + set_error() + try: + rdf = ldns.ldns_rdf.new_frm_str("www.nic.cz.", ldns.LDNS_RDF_TYPE_AAAA) + set_error() + except Exception: + pass + except: + set_error() + try: + rdf = ldns.ldns_rdf.new_frm_str("www.nic.cz.", ldns.LDNS_RDF_TYPE_AAAA, raiseException = False) + if rdf != None: + set_error() + except: + set_error() + try: + rdf = ldns.ldns_rdf.new_frm_str("", "www.nic.cz") + et_error() + except TypeError: + pass + except: + set_error() + try: + rdf = ldns.ldns_rdf.new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, 1) + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + f = open(temp_fname, "w") + try: + rdf.print_to_file(f) + except: + set_error() + f.close() + f = open(temp_fname, "r") + if f.read() != "127.0.0.1": + set_error() + f.close() + os.remove(temp_fname) + + +#if not error_detected: +if True: + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.reverse() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + if ret.__str__() != "cz.nic.www.": + set_error() + except: + set_error() + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1") + try: + ret = rdf.reverse() + set_error() + except Exception: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.set_data()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_rdf.set_size()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_rdf.set_type()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = "ldns_rdf.size()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + try: + ret = rdf.size() + if ret != 12: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.write_to_buffer()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.") + buf = ldns.ldns_buffer(1024) + try: + ret = rdf.write_to_buffer(buf) + if ret != ldns.LDNS_STATUS_OK: + set_error() + if buf.position() != 12: + set_error() + except: + set_error() + try: + ret = rdf.write_to_buffer("") + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = "ldns_rdf.write_to_buffer_canonical()" + rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "WWW.NIC.CZ.") + buf = ldns.ldns_buffer(1024) + try: + ret = rdf.write_to_buffer_canonical(buf) + if ret != ldns.LDNS_STATUS_OK: + set_error() + if buf.position() != 12: + set_error() + except: + set_error() + try: + ret = rdf.write_to_buffer_canonical("") + except TypeError: + pass + except: + set_error() + + +if not error_detected: + sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__))) +else: + sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__))) + sys.exit(1) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/test_resolver.py b/zonemaster-ldns/ldns/contrib/python/examples/test_resolver.py new file mode 100755 index 0000000..274a4d8 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/test_resolver.py @@ -0,0 +1,1751 @@ +#!/usr/bin/env python + +# +# ldns_resolver testing script. +# +# Do not use constructs that differ between Python 2 and 3. +# Use write on stdout or stderr. +# + + +import ldns +import sys +import os +import inspect + + +class_name = "ldns_resolver" +method_name = None +error_detected = False +temp_fname = "tmp_resolver.txt" + + +def set_error(): + """ + Writes an error message and sets error flag. + """ + global class_name + global method_name + global error_detected + error_detected = True + sys.stderr.write("(line %d): malfunctioning method %s.\n" % \ + (inspect.currentframe().f_back.f_lineno, method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".axfr_complete()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".axfr_last_pkt()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".axfr_next()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".axfr_start()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".debug()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_debug(False) + try: + ret = resolver.debug() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_debug(True) + try: + ret = resolver.debug() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dec_nameserver_count()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + cnt = resolver.nameserver_count() + try: + resolver.dec_nameserver_count() + except: + set_error() + if cnt != (resolver.nameserver_count() + 1): + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".defnames()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_defnames(False) + try: + ret = resolver.defnames() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_defnames(True) + try: + ret = resolver.defnames() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnsrch()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_dnsrch(False) + try: + ret = resolver.dnsrch() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_dnsrch(True) + try: + ret = resolver.dnsrch() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnssec()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_dnssec(False) + try: + ret = resolver.dnssec() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_dnssec(True) + try: + ret = resolver.dnssec() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnssec_anchors()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + rrl = ldns.ldns_rr_list.new() + try: + ret = resolver.dnssec_anchors() + if ret != None: + set_error() + except: + set_error() + resolver.set_dnssec_anchors(rrl) + try: + ret = resolver.dnssec_anchors() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnssec_cd()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_dnssec_cd(False) + try: + ret = resolver.dnssec_cd() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_dnssec_cd(True) + try: + ret = resolver.dnssec_cd() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".domain()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_domain(None) + try: + ret = resolver.domain() + if ret != None: + set_error() + except: + set_error() + dname = ldns.ldns_dname("example.com.") + resolver.set_domain(dname) + try: + ret = resolver.domain() + if not isinstance(ret, ldns.ldns_dname): + set_error() + if ret != dname: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".edns_udp_size()" + try: + resolver = ldns.ldns_resolver.new() + if not isinstance(resolver, ldns.ldns_resolver): + set_error() + except: + set_error() + + + +#if not error_detected: +if True: + method_name = class_name + ".edns_udp_size()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_edns_udp_size(4096) + try: + ret = resolver.edns_udp_size() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 4096: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".fail()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_fail(False) + try: + ret = resolver.fail() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_fail(True) + try: + ret = resolver.fail() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".fallback()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_fallback(False) + try: + ret = resolver.fallback() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_fallback(True) + try: + ret = resolver.fallback() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_addr_by_name()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.get_addr_by_name("www.google.com", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = resolver.get_addr_by_name(1, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.get_addr_by_name("www.google.com", "bad argument", ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.get_addr_by_name("www.google.com", ldns.LDNS_RR_CLASS_IN, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_name_by_addr()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + addr = resolver.get_name_by_addr("8.8.8.8", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + if not isinstance(addr, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + addr = resolver.get_name_by_addr(1, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + addr = resolver.get_name_by_addr("8.8.8.8", "bad argument", ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + addr = resolver.get_name_by_addr("8.8.8.8", ldns.LDNS_RR_CLASS_IN, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + + +#if not error_detected: +if True: + method_name = class_name + ".igntc()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_igntc(False) + try: + ret = resolver.igntc() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_igntc(True) + try: + ret = resolver.igntc() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".incr_nameserver_count()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + cnt = resolver.nameserver_count() + try: + resolver.incr_nameserver_count() + except: + set_error() + if (cnt + 1) != resolver.nameserver_count(): + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ip6()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_ip6(0) + try: + ret = resolver.ip6() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".nameserver_count()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_nameserver_count(1) + try: + ret = resolver.nameserver_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 1: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".nameserver_rtt()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + num = resolver.nameserver_count() + for i in range(0, num): + resolver.set_nameserver_rtt(i, i + 1) + try: + for i in range(0, num): + ret = resolver.nameserver_rtt(i) + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if (i + 1) != ret: + set_error() + except: + set_error() + try: + ret = resolver.nameserver_rtt("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".nameservers()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".nameservers_randomize()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.nameservers_randomize() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_file()" + try: + ret = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf", raiseException=True) + if not isinstance(ret, ldns.ldns_resolver): + set_error() + except: + set_error() + try: + ret = ldns.ldns_resolver.new_frm_file(1, raiseException=True) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_fp()" + fi = open("/etc/resolv.conf") + try: + ret = ldns.ldns_resolver.new_frm_fp(fi, raiseException=True) + if not isinstance(ret, ldns.ldns_resolver): + set_error() + except: + set_error() + fi.close() + try: + ret = ldns.ldns_resolver.new_frm_fp(1, raiseException=True) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_fp_l()" + fi = open("/etc/resolv.conf") + try: + ret, line = ldns.ldns_resolver.new_frm_fp_l(fi, raiseException=True) + if not isinstance(ret, ldns.ldns_resolver): + set_error() + if (not isinstance(line, int)) and (not isinstance(line, long)): + set_error() + except: + set_error() + fi.close() + try: + ret, line = ldns.ldns_resolver.new_frm_fp_l(1, raiseException=True) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".pop_nameserver()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + cnt = resolver.nameserver_count() + try: + for i in range(0, cnt): + ret = resolver.pop_nameserver() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + try: + ret = resolver.pop_nameserver() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".port()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_port(12345) + try: + ret = resolver.port() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 12345: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".prepare_query_pkt()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.prepare_query_pkt("example.com.", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD, raiseException=True) + if not isinstance(ret, ldns.ldns_pkt): + set_error() + except: + set_error() + try: + ret = resolver.prepare_query_pkt(1, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD, raiseException=True) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.prepare_query_pkt("example.com.", "bad argument", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD, raiseException=True) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.prepare_query_pkt("example.com.", ldns.LDNS_RR_TYPE_A, "bad argument", ldns.LDNS_RD, raiseException=True) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.prepare_query_pkt("example.com.", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, "bad argument", raiseException=True) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".push_dnssec_anchor()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + key = ldns.ldns_key.new_frm_algorithm(ldns.LDNS_SIGN_DSA, 512) + domain = ldns.ldns_dname("example.") + key.set_pubkey_owner(domain) + pubkey = key.key_to_rr() + ds = ldns.ldns_key_rr2ds(pubkey, ldns.LDNS_SHA1) + try: + ret = resolver.push_dnssec_anchor(ds) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + try: + ret = resolver.push_dnssec_anchor(rr) + if ret == ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + try: + ret = resolver.push_dnssec_anchor("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".push_nameserver()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + rdf = ldns.ldns_rdf.new_frm_str("127.0.0.1", ldns.LDNS_RDF_TYPE_A) + try: + ret = resolver.push_nameserver(rdf) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf.new_frm_str("::1", ldns.LDNS_RDF_TYPE_AAAA) + try: + ret = resolver.push_nameserver(rdf) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf.new_frm_str("example.com.", ldns.LDNS_RDF_TYPE_DNAME) + try: + ret = resolver.push_nameserver(rdf) + if ret == ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + try: + ret = resolver.push_nameserver("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + +#if not error_detected: +if True: + method_name = class_name + ".push_nameserver_rr()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 127.0.0.1") + try: + ret = resolver.push_nameserver_rr(rr) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN AAAA ::1") + try: + ret = resolver.push_nameserver_rr(rr) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN NS 8.8.8.8") + try: + ret = resolver.push_nameserver_rr(rr) + if ret == ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + try: + ret = resolver.push_nameserver_rr("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".push_nameserver_rr_list()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 127.0.0.1") + rrl.push_rr(rr) + try: + ret = resolver.push_nameserver_rr_list(rrl) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test 600 IN AAAA ::1") + rrl.push_rr(rr) + try: + ret = resolver.push_nameserver_rr_list(rrl) + if ret != ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test 600 IN NS 8.8.8.8") + rrl.push_rr(rr) + try: + ret = resolver.push_nameserver_rr_list(rrl) + if ret == ldns.LDNS_STATUS_OK: + set_error() + except: + set_error() + try: + ret = resolver.push_nameserver_rr_list("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".push_searchlist()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.push_searchlist("example.com.") + try: + resolver.push_searchlist("example.com.") + except: + set_error() + try: + resolver.push_searchlist(1) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".query()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + if not isinstance(ret, ldns.ldns_pkt): + set_error() + except: + set_error() + try: + ret = resolver.query(1, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.query("www.nic.cz", "bad argument", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, "bad argument", ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.query("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".random()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_random(False) + try: + ret = resolver.random() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_random(True) + try: + ret = resolver.random() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".recursive()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_recursive(False) + try: + ret = resolver.recursive() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_recursive(True) + try: + ret = resolver.recursive() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".retrans()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_retrans(127) + try: + ret = resolver.retrans() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 127: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".retry()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_retry(4) + try: + ret = resolver.retry() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 4: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rtt()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".search()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.search("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + if not isinstance(ret, ldns.ldns_pkt): + set_error() + except: + set_error() + try: + ret = resolver.search(1, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.search("www.nic.cz", "bad argument", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.search("www.nic.cz", ldns.LDNS_RR_TYPE_A, "bad argument", ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.search("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".searchlist()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".searchlist_count()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.searchlist_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".send()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.send("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + if not isinstance(ret, ldns.ldns_pkt): + set_error() + except: + set_error() + try: + ret = resolver.send(1, ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.send("www.nic.cz", "bad argument", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.send("www.nic.cz", ldns.LDNS_RR_TYPE_A, "bad argument", ldns.LDNS_RD) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.send("www.nic.cz", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".send_pkt()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD | ldns.LDNS_AD) + try: + status, ret = resolver.send_pkt(pkt) + if status != ldns.LDNS_STATUS_OK: + ste_error() + if not isinstance(ret, ldns.ldns_pkt): + set_error() + except: + set_error() + try: + status, ret = resolver.send_pkt("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_debug()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_debug(False) + ret = resolver.debug() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_debug(True) + ret = resolver.debug() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_defnames()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_defnames(False) + ret = resolver.defnames() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_defnames(True) + ret = resolver.defnames() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_dnsrch()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_dnsrch(False) + ret = resolver.dnsrch() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_dnsrch(True) + ret = resolver.dnsrch() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_dnssec()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_dnssec(False) + ret = resolver.dnssec() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_dnssec(True) + ret = resolver.dnssec() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_dnssec_anchors()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + rrl = ldns.ldns_rr_list.new() + try: + resolver.set_dnssec_anchors(rrl) + ret = resolver.dnssec_anchors() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + resolver.set_dnssec_anchors("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_dnssec_cd()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_dnssec_cd(False) + ret = resolver.dnssec_cd() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_dnssec_cd(True) + ret = resolver.dnssec_cd() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_domain()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_domain(None) + ret = resolver.domain() + if ret != None: + set_error() + except: + set_error() + dname = ldns.ldns_dname("example.com.") + try: + resolver.set_domain(dname) + ret = resolver.domain() + if not isinstance(ret, ldns.ldns_dname): + set_error() + if ret != dname: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf.new_frm_str("example.com.", ldns.LDNS_RDF_TYPE_DNAME) + try: + resolver.set_domain(rdf) + ret = resolver.domain() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != dname: + set_error() + except: + set_error() + resolver.set_domain("example.com.") + try: + resolver.set_domain("example.com.") + ret = resolver.domain() + if not isinstance(ret, ldns.ldns_dname): + set_error() + if ret != dname: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf.new_frm_str("127.0.0.1", ldns.LDNS_RDF_TYPE_A) + try: + resolver.set_domain(rdf) + set_error() + except Exception as e: + pass + except: + set_error() + try: + resolver.set_domain(1) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_edns_udp_size()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_edns_udp_size(4096) + ret = resolver.edns_udp_size() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 4096: + set_error() + except: + set_error() + try: + resolver.set_edns_udp_size("bad argument") + set_error() + except TypeError as e: + pass + except: + ste_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_fail()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_fail(False) + ret = resolver.fail() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_fail(True) + ret = resolver.fail() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_fallback()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_fallback(False) + ret = resolver.fallback() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_fallback(True) + ret = resolver.fallback() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_igntc()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_igntc(False) + ret = resolver.igntc() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_igntc(True) + ret = resolver.igntc() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_ip6()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_ip6(1) + ret = resolver.ip6() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 1: + set_error() + except: + set_error() + try: + resolver.set_ip6("bad argument") + set_error() + except TypeError as e: + pass + except: + ste_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_nameserver_count()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_nameserver_count(2) + ret = resolver.nameserver_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 2: + set_error() + except: + set_error() + try: + resolver.set_nameserver_count("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_nameserver_rtt()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + num = resolver.nameserver_count() + try: + for i in range(0, num): + resolver.set_nameserver_rtt(i, i + 1) + ret = resolver.nameserver_rtt(i) + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if (i + 1) != ret: + set_error() + except: + set_error() + try: + ret = resolver.set_nameserver_rtt("bad argument", 0) + set_error() + except TypeError as e: + pass + except: + set_error() + try: + ret = resolver.set_nameserver_rtt(0, "bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_nameservers()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".set_port()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_port(12345) + ret = resolver.port() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 12345: + set_error() + except: + set_error() + try: + resolver.set_port("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_random()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_random(False) + ret = resolver.random() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_random(True) + ret = resolver.random() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_recursive()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_recursive(False) + ret = resolver.recursive() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_recursive(True) + ret = resolver.recursive() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_retrans()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_retrans(127) + ret = resolver.retrans() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 127: + set_error() + except: + set_error() + try: + resolver.set_retrans("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_retry()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_retry(4) + ret = resolver.retry() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 4: + set_error() + except: + set_error() + try: + resolver.set_retry("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_rtt()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".set_timeout()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".set_tsig_algorithm()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + tsigstr = "hmac-md5.sig-alg.reg.int." + try: + resolver.set_tsig_algorithm(tsigstr) + ret = resolver.tsig_algorithm() + if not isinstance(ret, str): + set_error() + if ret != tsigstr: + set_error() + except: + set_error() + try: + resolver.set_tsig_algorithm(1) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_tsig_keydata()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + tkdstr = "Humpty Dumpty sat on a wall, Humpty Dumpty had a great fall, All the King's horses and all the King's men, Couldn't put Humpty together again." + try: + resolver.set_tsig_keydata(tkdstr) + ret = resolver.tsig_keydata() + if not isinstance(ret, str): + set_error() + if ret != tkdstr: + set_error() + except: + set_error() + try: + resolver.set_tsig_keydata(1) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_tsig_keyname()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + tknstr = "key 1" + try: + resolver.set_tsig_keyname(tknstr) + ret = resolver.tsig_keyname() + if not isinstance(ret, str): + set_error() + if ret != tknstr: + set_error() + except: + set_error() + try: + resolver.set_tsig_keyname(1) + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_usevc()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + resolver.set_usevc(False) + ret = resolver.usevc() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + resolver.set_usevc(True) + ret = resolver.usevc() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".timeout()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".trusted_key()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + key = ldns.ldns_key.new_frm_algorithm(ldns.LDNS_SIGN_DSA, 512) + domain = ldns.ldns_dname("example.") + key.set_pubkey_owner(domain) + pubkey = key.key_to_rr() + ds = ldns.ldns_key_rr2ds(pubkey, ldns.LDNS_SHA1) + resolver.push_dnssec_anchor(ds) + rrl = ldns.ldns_rr_list.new() + try: + ret = resolver.trusted_key(rrl) + if ret != None: + set_error() + except: + set_error() + rrl.push_rr(ds) + ret = resolver.trusted_key(rrl) + try: + ret = resolver.trusted_key(rrl) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret.rr_count() != 1: + set_error() + except: + set_error() + try: + ret = resolver.trusted_key("bad argument") + set_error() + except TypeError as e: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".tsig_algorithm()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.tsig_algorithm() + if ret != None: + set_error() + except: + set_error() + tsigstr = "hmac-md5.sig-alg.reg.int." + resolver.set_tsig_algorithm(tsigstr) + try: + ret = resolver.tsig_algorithm() + if not isinstance(ret, str): + set_error() + if ret != tsigstr: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".tsig_keydata()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.tsig_keydata() + if ret != None: + set_error() + except: + set_error() + tkdstr = "Twas brillig, and the slithy toves Did gyre and gimble in the wabe; All mimsy were the borogoves, And the mome raths outgrabe." + resolver.set_tsig_keydata(tkdstr) + try: + ret = resolver.tsig_keydata() + if not isinstance(ret, str): + set_error() + if ret != tkdstr: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".tsig_keyname()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + try: + ret = resolver.tsig_keyname() + if ret != None: + set_error() + except: + set_error() + tknstr = "key 2" + resolver.set_tsig_keyname(tknstr) + try: + ret = resolver.tsig_keyname() + if not isinstance(ret, str): + set_error() + if ret != tknstr: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".usevc()" + resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf") + resolver.set_usevc(False) + try: + ret = resolver.usevc() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + resolver.set_usevc(True) + try: + ret = resolver.usevc() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +if not error_detected: + sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__))) +else: + sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__))) + sys.exit(1) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/test_rr.py b/zonemaster-ldns/ldns/contrib/python/examples/test_rr.py new file mode 100755 index 0000000..07ba0e7 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/test_rr.py @@ -0,0 +1,2383 @@ +#!/usr/bin/env python + +# +# ldns_rr and ldns_rr_list testing script. +# +# Do not use constructs that differ between Python 2 and 3. +# Use write on stdout or stderr. +# + + +import ldns +import sys +import os +import inspect + + +class_name = "ldns_rr" +method_name = None +error_detected = False +temp_fname = "tmp_rr.txt" + + +def set_error(): + """ + Writes an error message and sets error flag. + """ + global class_name + global method_name + global error_detected + error_detected = True + sys.stderr.write("(line %d): malfunctioning method %s.\n" % \ + (inspect.currentframe().f_back.f_lineno, method_name)) + + + +#if not error_detected: +if True: + method_name = class_name + ".[comparison operators]" + rr1 = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rr2 = ldns.ldns_rr.new_frm_str("test2 600 IN A 1.1.1.1") + try: + ret = rr1 < rr2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rr2 < rr1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rr1 <= rr2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rr2 <= rr1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rr1 == rr2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rr1 == rr1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rr1 != rr2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rr1 != rr1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rr1 > rr2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rr2 > rr1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rr1 >= rr2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rr2 >= rr1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + "__init__()" + try: + rr = ldns.ldns_rr() + set_error() + except Exception: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".a_address()" + rr = ldns.ldns_rr.new_frm_str("www.nic.cz 600 IN A 217.31.205.50") + try: + address = rr.a_address() + if not isinstance(address, ldns.ldns_rdf): + set_error() + if address == None: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("www.nic.cz 600 IN AAAA 2002:d91f:cd32::1") + try: + address = rr.a_address() + if not isinstance(address, ldns.ldns_rdf): + set_error() + if address == None: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("www.nic.cz 600 IN TXT text") + try: + address = rr.a_address() + if isinstance(address, ldns.ldns_rdf): + set_error() + if address != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".a_set_address()" + rdf = ldns.ldns_rdf.new_frm_str("127.0.0.1", ldns.LDNS_RDF_TYPE_A) + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.a_set_address(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf.new_frm_str("::1", ldns.LDNS_RDF_TYPE_AAAA) + rr = ldns.ldns_rr.new_frm_str("test 600 IN AAAA ::") + try: + ret = rr.a_set_address(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rr.a_set_address("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".class_by_name()" + try: + ret = ldns.ldns_rr.class_by_name("IN") + if not isinstance(ret, int): + set_error() + if ret != ldns.LDNS_RR_CLASS_IN: + set_error() + except: + set_error() + method_name = class_name + ".class_by_name()" + try: + ret = ldns.ldns_rr.class_by_name("AA") + if not isinstance(ret, int): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".clone()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN TXT text") + try: + ret = rr.clone() + if not isinstance(ret, ldns.ldns_rr): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".compare_ds()" + pubkey1 = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + pubkey2 = ldns.ldns_rr.new_frm_str("example2. 3600 IN DNSKEY 256 3 3 ALBoD2+1xYpzrE7gjU5EwwBHG2HNiD1977LDZGh+8VNifMGjixMpgUN6xRhFjvRSsC/seMVXmUGq+msUDF2pHnUHbW/dbQbBxVMAqx2jT0LTvAx5wUPGltHHsa92K8VdzD8ynTFwPvjmk7g3hqRRzt4UTQIeK7DYgrOOgvDv+DYWVQctLwYP0ktm85b4cMtIUNRIf/N+K25pfK6BM/tHN8HOm4ECvm2U9zqHHfnxJFdiNK2PydkNeJZZGUOubSFVvaOMhZoEeAgkm3q5QcwXHsLAhacZ ;{id = 30944 (zsk), size = 512b}") + ds1 = ldns.ldns_key_rr2ds(pubkey1, ldns.LDNS_SHA1) + ds2 = ldns.ldns_key_rr2ds(pubkey2, ldns.LDNS_SHA1) + try: + ret = pubkey1.compare_ds(pubkey1) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = pubkey1.compare_ds(pubkey2) + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = pubkey1.compare_ds(ds1) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = pubkey1.compare_ds(ds2) + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + pubkey1.compare_ds("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".compare_no_rdata()" + rr1 = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + rr2 = ldns.ldns_rr.new_frm_str("test 600 IN AAAA ::") + try: + ret = rr1.compare_no_rdata(rr2) + if not isinstance(ret, int): + set_error() + if ret != -27: + set_error() + except: + set_error() + try: + rr1.compare_no_rdata("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_algorithm()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + try: + ret = pubkey.dnskey_algorithm() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.dnskey_algorithm() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_flags()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + try: + ret = pubkey.dnskey_flags() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.dnskey_flags() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_errror() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_key()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + try: + ret = pubkey.dnskey_key() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.dnskey_key() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_errror() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_key_size()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + try: + ret = pubkey.dnskey_key_size() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 512: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.dnskey_key_size() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_key_size_raw()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_protocol()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + try: + ret = pubkey.dnskey_protocol() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.dnskey_protocol() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_set_algorithm()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + rdf = ldns.ldns_rdf.new_frm_str("3", ldns.LDNS_RDF_TYPE_ALG) + try: + ret = pubkey.dnskey_set_algorithm(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = pubkey.dnskey_set_algorithm(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = pubkey.dnskey_set_algorithm("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_set_flags()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + rdf = ldns.ldns_rdf.new_frm_str("256", ldns.LDNS_RDF_TYPE_INT16) + try: + ret = pubkey.dnskey_set_flags(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = pubkey.dnskey_set_flags(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = pubkey.dnskey_set_flags("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_set_key()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + rdf = ldns.ldns_rdf.new_frm_str("AMLdYflByPu1GEPCnu9qPTqbnC8n5mftFmFVTFQI10aefiDqp5DLpjBdTxdmz/GACMZh1+YG/iLj0QYX7qRVIl0rR00iREozqj44YwUILHo3cASSRSeAzyidvlGT8QSMKOlOsD33ygtETpzW0XDmzWhyU3bv0O7lnGpbtqdzP/nsZDbdtf5XI0YBdi91HftqtQpIlMtCg+zIzATO4+QWGt0oDX/+jdB7Y/vBahxnz13stNYeGYslGBSZNgpB7HBKlTwB70sprZ8XmNGhj/NixqB6Bzae", ldns.LDNS_RDF_TYPE_B64) + try: + ret = pubkey.dnskey_set_key(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = pubkey.dnskey_set_key(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = pubkey.dnskey_set_key("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".dnskey_set_protocol()" + pubkey = ldns.ldns_rr.new_frm_str("example1. 3600 IN DNSKEY 256 3 3 APw7tG8Nf7MYXjt2Y6DmyWUVxVy73bRKvKbKoGXhAXJx2vbcGGxfXsScT0i4FIC2wsJ/8zy/otB5vymm3JHBf2+7cQvRdp12UMLAnzlfrbgZUpvV36D+q6ch7kbmFzaBfwRjOKhnZkRLCcMYPAdX1SrgKVNXaOzAl9KytbzGQs5MKEHU+a0PAwKfIvEsS/+pW6gKgBnL0uy4Gr5cYJ5rk48iwFXOlZ/B30gUS5dD+rNRJuR0ZgEkxtVIPVxxhQPtEI53JhlJ2nEy0CqNW88nYLmX402b ;{id = 34898 (zsk), size = 512b}") + rdf = ldns.ldns_rdf.new_frm_str("3", ldns.LDNS_RDF_TYPE_INT8) + try: + ret = pubkey.dnskey_set_protocol(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = pubkey.dnskey_set_protocol(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = pubkey.dnskey_set_protocol("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_class()" + rr = ldns.ldns_rr.new_frm_str("test IN A 0.0.0.0", 600) + try: + ret = rr.get_class() + if not isinstance(ret, int): + set_error() + if ret != ldns.LDNS_RR_CLASS_IN: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_class_str()" + rr = ldns.ldns_rr.new_frm_str("test CH A 0.0.0.0", 600) + try: + ret = rr.get_class_str() + if not isinstance(ret, str): + set_error() + if ret != "CH": + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_type()" + rr = ldns.ldns_rr.new_frm_str("test IN A 0.0.0.0", 600) + try: + ret = rr.get_type() + if not isinstance(ret, int): + set_error() + if ret != 1: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".get_type_str()" + rr = ldns.ldns_rr.new_frm_str("test IN A 0.0.0.0", 600) + try: + ret = rr.get_type_str() + if not isinstance(ret, str): + set_error() + if ret != "A": + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".is_question()" + rr = ldns.ldns_rr.new_frm_str("test IN A 0.0.0.0", 600) + try: + ret = rr.is_question() + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + rr.set_question(True) + try: + ret = rr.is_question() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".label_count()" + rr = ldns.ldns_rr.new_frm_str("test.dom. IN A 0.0.0.0", 600) + try: + ret = rr.label_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 2: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str(". IN A 0.0.0.0", 600) + try: + ret = rr.label_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error(string) + if ret != 0: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".mx_exchange()" + rr = ldns.ldns_rr.new_frm_str("nic.cz. IN MX 15 mail4.nic.cz.", 600) + try: + ret = rr.mx_exchange() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.mx_exchange() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".mx_preference()" + rr = ldns.ldns_rr.new_frm_str("nic.cz. IN MX 15 mail4.nic.cz.", 600) + try: + ret = rr.mx_preference() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.mx_preference() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_fp()" + f = open(temp_fname, "w") + f.write("test 600 IN A 0.0.0.0") + f.close() + f = open(temp_fname, "r") + rr, ttl, origin, prev = ldns.ldns_rr.new_frm_fp(f, + origin=ldns.ldns_dname("nic.cz")) + try: + # Reading past file end. + ret = ldns.ldns_rr.new_frm_fp(f, raiseException=False) + if ret != None: + set_error() + except: + set_error() + try: + # Reading past file end. + rr, ttl, origin, prev = ldns.ldns_rr.new_frm_fp(f) + set_error() + except Exception: + pass + except: + set_error() + f.close() + os.remove(temp_fname) + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_fp_l()" + f = open(temp_fname, "w") + f.write("test 600 IN A 0.0.0.0") + f.close() + f = open(temp_fname, "r") + rr, line, ttl, origin, prev = ldns.ldns_rr.new_frm_fp_l(f, + origin=ldns.ldns_dname("nic.cz")) + try: + # Reading past file end. + ret = ldns.ldns_rr.new_frm_fp_l(f, raiseException=False) + if ret != None: + set_error() + except: + set_error() + try: + # Reading past file end. + rr, ttl, origin, prev = ldns.ldns_rr.new_frm_fp_l(f) + set_error() + except Exception: + pass + except: + set_error() + f.close() + os.remove(temp_fname) + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_str()" + try: + rr = ldns.ldns_rr.new_frm_str("test IN A 0.0.0.0", 600, + origin=ldns.ldns_dname("nic.cz")) + if not isinstance(rr, ldns.ldns_rr): + set_error() + except: + set_error() + try: + rr = ldns.ldns_rr.new_frm_str(10) + set_error() + except TypeError: + pass + except: + set_error() + try: + rr = ldns.ldns_rr.new_frm_str("") + set_error() + except Exception: + pass + except: + set_error() + try: + rr = ldns.ldns_rr.new_frm_str("", raiseException=False) + if rr != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_str_prev()" + try: + rr, prev = ldns.ldns_rr.new_frm_str_prev("test IN A 0.0.0.0", 600, + origin=ldns.ldns_dname("nic.cz")) + if not isinstance(rr, ldns.ldns_rr): + set_error() +# if prev != None: +# set_error() + except: + set_error() + try: + rr = ldns.ldns_rr.new_frm_str_prev(10) + set_error() + except TypeError: + pass + except: + set_error() + try: + rr = ldns.ldns_rr.new_frm_str_prev("") + set_error() + except Exception: + pass + except: + set_error() + try: + rr = ldns.ldns_rr.new_frm_str_prev("", raiseException=False) + if rr != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_question_frm_str()" + try: + rr = ldns.ldns_rr.new_question_frm_str("test IN A", 600, + origin=ldns.ldns_dname("nic.cz")) + if not isinstance(rr, ldns.ldns_rr): + set_error() + except: + set_error() + try: + rr = ldns.ldns_rr.new_question_frm_str(10) + set_error() + except TypeError: + pass + except: + set_error() + try: + rr = ldns.ldns_rr.new_question_frm_str("") + set_error() + except Exception: + pass + except: + set_error() + try: + rr = ldns.ldns_rr.new_question_frm_str("", raiseException=False) + if rr != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ns_nsdname()" + rr = ldns.ldns_rr.new_frm_str("nic.cz. 1800 IN NS a.ns.nic.cz.") + try: + ret = rr.ns_nsdname() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.ns_nsdname() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".owner()" + rr = ldns.ldns_rr.new_frm_str("nic.cz. 1800 IN NS a.ns.nic.cz.") + try: + ret = rr.owner() + if not isinstance(ret, ldns.ldns_dname): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".pop_rdf()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.pop_rdf() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + if ret.get_type() != ldns.LDNS_RDF_TYPE_A: + set_error() + except: + set_error() + try: + ret = rr.pop_rdf() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".print_to_file()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + f = open(temp_fname, "w") + try: + rr.print_to_file(f) + except: + set_error() + f.close() + f = open(temp_fname, "r") + if not f.readline(): + set_error() + f.close() + os.remove(temp_fname) + + +#if not error_detected: +if True: + method_name = class_name + ".push_rdf()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + rdf = ldns.ldns_rdf.new_frm_str("1.1.1.1", ldns.LDNS_RDF_TYPE_A) + try: + ret = rr.push_rdf(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rr.push_rdf("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rd_count()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rd_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 1: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rdf()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rdf(0) + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + try: + ret = rr.rdf(1) + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rdfs()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rdfs() + if len(list(ret)) != 1: + set_error() + except: + set_error() + + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_algorithm()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_algorithm() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_algorithm() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_expiration()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_expiration() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_expiration() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_inception()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_inception() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_inception() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_keytag()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_keytag() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_keytag() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_labels()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_labels() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_labels() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_origttl()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_origttl() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_origttl() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_algorithm()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("3", ldns.LDNS_RDF_TYPE_ALG) + try: + ret = rr.rrsig_set_algorithm(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_algorithm(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_algorithm("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_expiration()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("20130928153754", ldns.LDNS_RDF_TYPE_TIME) + try: + ret = rr.rrsig_set_expiration(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_expiration(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_expiration("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_inception()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("20120728153754", ldns.LDNS_RDF_TYPE_TIME) + try: + ret = rr.rrsig_set_inception(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_inception(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_inception("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_keytag()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("19032", ldns.LDNS_RDF_TYPE_INT16) + try: + ret = rr.rrsig_set_keytag(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_keytag(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_keytag("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_labels()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("1", ldns.LDNS_RDF_TYPE_INT8) + try: + ret = rr.rrsig_set_labels(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_labels(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_labels("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_origttl()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("1", ldns.LDNS_RDF_TYPE_INT8) + try: + ret = rr.rrsig_set_origttl(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_origttl(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_origttl("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_sig()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=", ldns.LDNS_RDF_TYPE_B64) + try: + ret = rr.rrsig_set_sig(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_sig(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_sig("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_signame()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("example.", ldns.LDNS_RDF_TYPE_DNAME) + try: + ret = rr.rrsig_set_signame(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_signame(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_signame("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_set_typecovered()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + rdf = ldns.ldns_rdf.new_frm_str("SOA", ldns.LDNS_RDF_TYPE_TYPE) + try: + ret = rr.rrsig_set_typecovered(rdf) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() +# rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) +# try: +# ret = rr.rrsig_set_typecovered(rdf) +# if not isinstance(ret, bool): +# set_error() +# if ret != False: +# set_error() +# except: +# set_error() + try: + ret = rr.rrsig_set_typecovered("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_sig()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_sig() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_sig() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_signame()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_signame() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_signame() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrsig_typecovered()" + rr = ldns.ldns_rr.new_frm_str("example. 600 IN RRSIG SOA 3 1 600 20130828153754 20120828153754 19031 example. AIoCFhwZJxIgYOBEyo3cxxWFZEsUPqkxnt38xEl1cFAHHC9iQN9mlEg=") + try: + ret = rr.rrsig_typecovered() + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.rrsig_typecovered() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_class()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + rr.set_class(ldns.LDNS_RR_CLASS_CH) + except: + set_error() + try: + rr.set_class("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_owner()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + rdf = ldns.ldns_dname("test2") + try: + rr.set_owner(rdf) + except: + set_error() + try: + rr.set_owner("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_question()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + rr.set_question(True) + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_rd_count()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + rr.set_rd_count(1) + except: + set_error() + try: + rr.set_rd_count("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_rdf()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + rdf = ldns.ldns_rdf.new_frm_str("1.1.1.1", ldns.LDNS_RDF_TYPE_A) + rr.push_rdf(rdf) + try: + ret = rr.set_rdf(rdf, 0) + if not isinstance(ret, ldns.ldns_rdf): + set_error() + except: + set_error() + try: + ret = rr.set_rdf(rdf, 2) + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + try: + rr.set_rdf("", 1) + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_ttl()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + rr.set_ttl(1) + except: + set_error() + try: + rr.set_ttl("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_type()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + rr.set_type(ldns.LDNS_RR_TYPE_A) + except: + set_error() + try: + rr.set_type("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".to_canonical()" + rr = ldns.ldns_rr.new_frm_str("TEST 600 IN A 0.0.0.0") + try: + rr.to_canonical() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ttl()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.ttl() + if not isinstance(ret, int): + set_error() + if ret != 600: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".type_by_name()" + try: + ret = ldns.ldns_rr.type_by_name("A") + if not isinstance(ret, int): + set_error() + if ret != ldns.LDNS_RR_TYPE_A: + set_error() + except: + set_error() + try: + ret = ldns.ldns_rr.type_by_name("AA") + if not isinstance(ret, int): + set_error() + if ret != 0: + set_error() + except: + set_error() + try: + ret = ldns.ldns_rr.type_by_name(1) + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".uncompressed_size()" + rr = ldns.ldns_rr.new_frm_str("test 600 IN A 0.0.0.0") + try: + ret = rr.uncompressed_size() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 20: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".write_data_to_buffer()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".write_rrsig_to_buffer()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".write_to_buffer()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +#if not error_detected: +if True: + method_name = class_name + ".write_to_buffer_canonical()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +############################################################################### +############################################################################### + + +class_name = "ldns_rr_descriptor" +method_name = None +error_detected = False +temp_fname = "tmp_rr_descriptor.txt" + + +#if not error_detected: +if True: + method_name = class_name + ".field_type()" + desc_a = ldns.ldns_rr_descriptor.ldns_rr_descriptor(ldns.LDNS_RR_TYPE_A) + try: + ret = desc_a.field_type(0) + if not isinstance(ret, int): + set_error() + if ret != ldns.LDNS_RDF_TYPE_A: + set_error() + except: + set_error() + try: + ret = desc_a.field_type("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".ldns_rr_descriptor()" + try: + ret = ldns.ldns_rr_descriptor.ldns_rr_descriptor(ldns.LDNS_RR_TYPE_A) + if not isinstance(ret, ldns.ldns_rr_descriptor): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".maximum()" + desc_a = ldns.ldns_rr_descriptor.ldns_rr_descriptor(ldns.LDNS_RR_TYPE_A) + try: + ret = desc_a.maximum() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 1: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".minimum()" + desc_a = ldns.ldns_rr_descriptor.ldns_rr_descriptor(ldns.LDNS_RR_TYPE_A) + try: + ret = desc_a.minimum() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 1: + set_error() + except: + set_error() + + +############################################################################### +############################################################################### + + +class_name = "ldns_rr_list" +method_name = None +error_detected = False +temp_fname = "tmp_rr_list.txt" + + +#if not error_detected: +if True: + method_name = class_name + ".[comparison operators]" + rrl1 = ldns.ldns_rr_list.new() + rrl1.push_rr(ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0")) + rrl2 = ldns.ldns_rr_list.new() + rrl2.push_rr(ldns.ldns_rr.new_frm_str("test2 600 IN A 1.1.1.1")) + try: + ret = rrl1 < rrl2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl2 < rrl1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rrl1 <= rrl2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl2 <= rrl1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rrl1 == rrl2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rrl1 == rrl1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl1 != rrl2 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl1 != rrl1 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rrl1 > rrl2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rrl2 > rrl1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl1 >= rrl2 + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rrl2 >= rrl1 + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".cat()" + rrl1 = ldns.ldns_rr_list.new() + rrl2 = ldns.ldns_rr_list.new() + rrl1.push_rr(ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0")) + rrl2.push_rr(ldns.ldns_rr.new_frm_str("test2 600 IN A 1.1.1.1")) + try: + ret = rrl1.cat(rrl2) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl2.cat("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".cat_clone()" + rrl1 = ldns.ldns_rr_list.new() + rrl2 = ldns.ldns_rr_list.new() + rrl1.push_rr(ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0")) + rrl2.push_rr(ldns.ldns_rr.new_frm_str("test2 600 IN A 1.1.1.1")) + try: + ret = rrl1.cat_clone(rrl2) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = rrl2.cat_clone("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".clone()" + rrl = ldns.ldns_rr_list.new() + rrl.push_rr(ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0")) + try: + ret = rrl.clone() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + +#if not error_detected: +if True: + method_name = class_name + ".contains_rr()" + rrl = ldns.ldns_rr_list.new() + rr1 = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rr2 = ldns.ldns_rr.new_frm_str("test2 600 IN A 1.1.1.1") + rrl.push_rr(rr1) + try: + ret = rrl.contains_rr(rr1) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl.contains_rr(rr2) + if not isinstance(ret, bool): + set_error() + if ret != False: + set_error() + except: + set_error() + try: + ret = rrl.contains_rr("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".is_rrset()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + ret = rrl.is_rrset() + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new()" + try: + ret = ldns.ldns_rr_list.new() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".new_frm_file()" + try: + ret = ldns.ldns_rr_list.new_frm_file() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = ldns.ldns_rr_list.new_frm_file("test") + set_error() + except Exception: + pass + except: + set_error() + try: + ret = ldns.ldns_rr_list.new_frm_file("test", raiseException=False) + if isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".owner()" + rrl = ldns.ldns_rr_list.new() + try: + ret = rrl.owner() + if isinstance(ret, ldns.ldns_rdf): + set_error() + if ret != None: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + ret = rrl.owner() + if not isinstance(ret, ldns.ldns_dname): + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".pop_rr()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + ret = rrl.pop_rr() + if not isinstance(ret, ldns.ldns_rr): + set_error() + except: + set_error() + try: + ret = rrl.pop_rr() + if isinstance(ret, ldns.ldns_rr): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".pop_rr_list()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + rrl.push_rr(rr) + rrl.push_rr(rr) + try: + ret = rrl.pop_rr_list(2) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = rrl.pop_rr_list(2) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = rrl.pop_rr_list(2) + if isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret != None: + set_error() + except: + set_error() + try: + ret = rrl.pop_rr_list("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".pop_rrset()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + rrl.push_rr(rr) + rrl.push_rr(rr) + try: + ret = rrl.pop_rrset() + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + except: + set_error() + try: + ret = rrl.pop_rrset() + if isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".print_to_file()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + rrl.push_rr(rr) + rrl.push_rr(rr) + f = open(temp_fname, "w") + try: + rrl.print_to_file(f) + except: + set_error() + f.close() + f = open(temp_fname, "r") + if len(f.readlines()) != 3: + set_error() + f.close() + os.remove(temp_fname) + + +#if not error_detected: +if True: + method_name = class_name + ".push_rr()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + try: + ret = rrl.push_rr(rr) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl.push_rr("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".push_rr_list()" + rrl1 = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl1.push_rr(rr) + rrl2 = rrl1.new() + try: + ret = rrl1.push_rr_list(rrl2) + if not isinstance(ret, bool): + set_error() + if ret != True: + set_error() + except: + set_error() + try: + ret = rrl.push_rr_list("") + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rr()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + ret = rrl.rr(0) + if not isinstance(ret, ldns.ldns_rr): + set_error() + except: + set_error() + try: + ret = rrl.rr(1) + if isinstance(ret, ldns.ldns_rr): + set_error() + if ret != None: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rr_count()" + rrl = ldns.ldns_rr_list.new() + try: + ret = rrl.rr_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 0: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + ret = rrl.rr_count() + if (not isinstance(ret, int)) and (not isinstance(ret, long)): + set_error() + if ret != 1: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".rrs()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + rrl.push_rr(rr) + try: + ret = list(rrl.rrs()) + if not isinstance(ret, list): + set_error() + if len(ret) != 2: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_rr()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + rr = ldns.ldns_rr.new_frm_str("test2 600 IN A 1.1.1.1") + ret = rrl.set_rr(rr, 0) + try: + ret = rrl.set_rr(rr, 0) + if not isinstance(ret, ldns.ldns_rr): + set_error() + except: + set_error() + try: + ret = rrl.set_rr(rr, 1) + if isinstance(ret, ldns.ldns_rr): + set_error() + if ret != None: + set_error() + except: + set_error() + try: + ret = rrl.set_rr("", 1) + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".set_rr_count()" + rrl = ldns.ldns_rr_list.new() + try: + rrl.set_rr_count(0) + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + rrl.set_rr_count("") + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".sort()" + rrl = ldns.ldns_rr_list.new() + try: + rrl.sort() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".subtype_by_rdf()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("test1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + rr = ldns.ldns_rr.new_frm_str("test2 600 IN A 1.1.1.1") + rrl.push_rr(rr) + rr = ldns.ldns_rr.new_frm_str("test3 600 IN A 0.0.0.0") + rrl.push_rr(rr) + rdf = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A) + try: + ret = rrl.subtype_by_rdf(rdf, 0) + if not isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret.rr_count() != 2: + set_error() + except: + set_error() + rdf = ldns.ldns_rdf.new_frm_str("::", ldns.LDNS_RDF_TYPE_AAAA) + try: + ret = rrl.subtype_by_rdf(rdf, 0) + if isinstance(ret, ldns.ldns_rr_list): + set_error() + if ret != None: + set_error() + except: + set_error() + try: + ret = rrl.subtype_by_rdf("", 0) + set_error() + except TypeError: + pass + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".to_canonical()" + rrl = ldns.ldns_rr_list.new() + rr = ldns.ldns_rr.new_frm_str("TEST1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + rrl.to_canonical() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".type()" + rrl = ldns.ldns_rr_list.new() + try: + ret = rrl.type() + if not isinstance(ret, int): + set_error() + if ret != 0: + set_error() + except: + set_error() + rr = ldns.ldns_rr.new_frm_str("TEST1 600 IN A 0.0.0.0") + rrl.push_rr(rr) + try: + ret = rrl.type() + if not isinstance(ret, int): + set_error() + if ret != ldns.LDNS_RR_TYPE_A: + set_error() + except: + set_error() + + +#if not error_detected: +if True: + method_name = class_name + ".write_to_buffer()" + sys.stderr.write("%s not tested.\n" % (method_name)) + + +if not error_detected: + sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__))) +else: + sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__))) + sys.exit(1) diff --git a/zonemaster-ldns/ldns/contrib/python/examples/zone.txt b/zonemaster-ldns/ldns/contrib/python/examples/zone.txt new file mode 100644 index 0000000..ffc8726 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/examples/zone.txt @@ -0,0 +1,15 @@ +$ORIGIN example. +$TTL 600 + +example. IN SOA example. admin.example. ( + 2008022501 ; serial + 28800 ; refresh (8 hours) + 7200 ; retry (2 hours) + 604800 ; expire (1 week) + 18000 ; minimum (5 hours) + ) + +@ IN MX 10 mail.example. +@ IN NS ns1 +@ IN NS ns2 +@ IN A 192.168.1.1 diff --git a/zonemaster-ldns/ldns/contrib/python/file_py3.i b/zonemaster-ldns/ldns/contrib/python/file_py3.i new file mode 100644 index 0000000..4d9502c --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/file_py3.i @@ -0,0 +1,121 @@ +/* + * file_py3.i: Typemaps for FILE* for Python 3 + * + * Copyright (c) 2011, Karel Slany (karel.slany AT nic.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +%{ +#include +#include +%} + +%types(FILE *); + +/* converts basic file descriptor flags onto a string */ +%fragment("fdfl_to_str", "header") { +const char * +fdfl_to_str(int fdfl) { + + static const char * const file_mode[] = {"w+", "w", "r"}; + + if (fdfl & O_RDWR) { + return file_mode[0]; + } else if (fdfl & O_WRONLY) { + return file_mode[1]; + } else { + return file_mode[2]; + } +} +} + +%fragment("obj_to_file","header", fragment="fdfl_to_str") { +FILE * +obj_to_file(PyObject *obj) { +%#if PY_VERSION_HEX >= 0x03000000 + int fd, fdfl; + FILE *fp; + if (!PyLong_Check(obj) && /* is not an integer */ + PyObject_HasAttrString(obj, "fileno") && /* has fileno method */ + (PyObject_CallMethod(obj, "flush", NULL) != NULL) && /* flush() succeeded */ + ((fd = PyObject_AsFileDescriptor(obj)) != -1) && /* got file descriptor */ + ((fdfl = fcntl(fd, F_GETFL)) != -1) /* got descriptor flags */ + ) { + fp = fdopen(dup(fd), fdfl_to_str(fdfl)); /* the FILE* must be flushed + and closed after being used */ +#ifdef SWIG_FILE3_DEBUG + fprintf(stderr, "opening fd %d (fl %d \"%s\") as FILE %p\n", + fd, fdfl, fdfl_to_str(fdfl), (void *)fp); +#endif + return fp; + } +%#endif + return NULL; +} +} + +/* returns -1 if error occurred */ +%fragment("dispose_file", "header") { +int +dispose_file(FILE **fp) { +#ifdef SWIG_FILE3_DEBUG + fprintf(stderr, "flushing FILE %p\n", (void *)fp); +#endif + if (*fp == NULL) { + return 0; + } + if ((fflush(*fp) == 0) && /* flush file */ + (fclose(*fp) == 0)) { /* close file */ + *fp = NULL; + return 0; + } + return -1; +} +} + +%typemap(arginit, noblock = 1) FILE* { + $1 = NULL; +} + +%typemap(check, noblock = 1) FILE* { + if ($1 == NULL) { + /* The generated wrapper function raises TypeError on mismatching types. */ + SWIG_exception_fail(SWIG_TypeError, "in method '" "$symname" "', argument " + "$argnum"" of type '" "$type""'"); + } +} + +%typemap(in, noblock = 1, fragment = "obj_to_file") FILE* { + $1 = obj_to_file($input); +} + +%typemap(freearg, noblock = 1, fragment = "dispose_file") FILE* { + if (dispose_file(&$1) == -1) { + SWIG_exception_fail(SWIG_IOError, "closing file in method '" "$symname" "', argument " + "$argnum"" of type '" "$type""'"); + } +} diff --git a/zonemaster-ldns/ldns/contrib/python/ldns.i b/zonemaster-ldns/ldns/contrib/python/ldns.i new file mode 100644 index 0000000..b4a7408 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns.i @@ -0,0 +1,469 @@ +/* + * ldns.i: LDNS interface file + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ + +%module ldns +#pragma SWIG nowarn=454 +%{ + +#include "ldns.h" +#include +#include +#include + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +%} + +//#define LDNS_DEBUG +//#define SWIG_FILE3_DEBUG + +%include "stdint.i" // uint_16_t is known type now +#ifdef PY3 +%include "file_py3.i" // python 3 FILE * +#else +%include "file.i" // FILE * +#endif +%include "typemaps.i" + + +/* ========================================================================= */ +/* Preliminary Python code. */ +/* ========================================================================= */ + +%pythoncode +%{ + # + # Use and don't ignore DeprecationWarning and + # PendingDeprecationWarning. + # + import warnings + warnings.filterwarnings("module", category=DeprecationWarning) + warnings.filterwarnings("module", category=PendingDeprecationWarning) +%} + + +/* Tell SWIG how to handle ssize_t as input parameter. */ +%typemap(in, noblock=1) (ssize_t) +{ + int $1_res = 0; + long val; + $1_res = SWIG_AsVal_long($input, &val); + if (!SWIG_IsOK($1_res)) { + SWIG_exception_fail(SWIG_ArgError($1_res), "in method '" + "$symname" "', argument " "$argnum" " of type '" + "$type""'"); + } + $1 = val; +} + + +%inline %{ +struct timeval* ldns_make_timeval(uint32_t sec, uint32_t usec) +{ + struct timeval* res = (struct timeval*)malloc(sizeof(*res)); + res->tv_sec = sec; + res->tv_usec = usec; + return res; +} +uint32_t ldns_read_timeval_sec(struct timeval* t) { + return (uint32_t)t->tv_sec; } +uint32_t ldns_read_timeval_usec(struct timeval* t) { + return (uint32_t)t->tv_usec; } +%} + +%immutable ldns_struct_lookup_table::name; +%immutable ldns_struct_rr_descriptor::_name; +%immutable ldns_error_str; +%immutable ldns_signing_algorithms; +%immutable ldns_tsig_credentials_struct::algorithm; +%immutable ldns_tsig_credentials_struct::keyname; +%immutable ldns_tsig_credentials_struct::keydata; + +//*_new_frm_fp_l +%apply int *OUTPUT { (int *line_nr) }; + +%apply uint32_t *OUTPUT { uint32_t *default_ttl}; + +// wire2pkt +%apply (char *STRING, int LENGTH) { (const char *str, int len) }; + +%include "ldns_packet.i" +%include "ldns_resolver.i" +%include "ldns_rr.i" + +%include + +%inline %{ +int Python_str_Check(PyObject *o) { +#if PY_VERSION_HEX>=0x03000000 + return PyUnicode_Check(o); +#else + return PyString_Check(o); +#endif +} +%} + +%include "ldns_rdf.i" +%include "ldns_zone.i" +%include "ldns_key.i" +%include "ldns_buffer.i" +%include "ldns_dnssec.i" + +%include + %include +%include +%include + %include +%include +%include + %include + %include +%include + %include + %include + %include +%include +%include + %include +%include + %include + %include +%include + %include + %include +%include + %include + +typedef struct ldns_dnssec_name { }; +typedef struct ldns_dnssec_rrs { }; +typedef struct ldns_dnssec_rrsets { }; +typedef struct ldns_dnssec_zone { }; +// ================================================================================ + +%include "ldns_dname.i" + +%inline %{ + PyObject* ldns_rr_new_frm_str_(const char *str, uint32_t default_ttl, ldns_rdf* origin, ldns_rdf* prev) + //returns tuple (status, ldns_rr, prev) + { + PyObject* tuple; + + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + */ + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + + ldns_rdf *p_prev = prev; + ldns_rdf **pp_prev = &p_prev; + if (p_prev == 0) pp_prev = 0; + + ldns_rr *p_rr = 0; + ldns_rr **pp_rr = &p_rr; + + ldns_status st = ldns_rr_new_frm_str(pp_rr, str, default_ttl, origin, pp_prev); + + tuple = PyTuple_New(3); + PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); + PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? + SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 ) : + (Py_INCREF(Py_None), Py_None)); + PyTuple_SetItem(tuple, 2, (p_prev != prev) ? + SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 ) : + (Py_INCREF(Py_None), Py_None)); + return tuple; + } + + PyObject* ldns_rr_new_frm_fp_(FILE *fp, uint32_t default_ttl, ldns_rdf* origin, ldns_rdf* prev) + //returns tuple (status, ldns_rr, ttl, origin, prev) + { + uint32_t defttl = default_ttl; + uint32_t *p_defttl = &defttl; + if (defttl == 0) p_defttl = 0; + + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + */ + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + + ldns_rdf *p_origin = origin; + ldns_rdf **pp_origin = &p_origin; + //if (p_origin == 0) pp_origin = 0; + + ldns_rdf *p_prev = prev; + ldns_rdf **pp_prev = &p_prev; + //if (p_prev == 0) pp_prev = 0; + + ldns_rr *p_rr = 0; + ldns_rr **pp_rr = &p_rr; + + ldns_status st = ldns_rr_new_frm_fp(pp_rr, fp, p_defttl, pp_origin, pp_prev); + + PyObject* tuple; + tuple = PyTuple_New(5); + int idx = 0; + PyTuple_SetItem(tuple, idx, SWIG_From_int(st)); + idx++; + PyTuple_SetItem(tuple, idx, (st == LDNS_STATUS_OK) ? + SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 ) : + (Py_INCREF(Py_None), Py_None)); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_From_int(defttl)); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 )); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 )); + return tuple; + } + + PyObject* ldns_rr_new_frm_fp_l_(FILE *fp, uint32_t default_ttl, ldns_rdf* origin, ldns_rdf* prev) + //returns tuple (status, ldns_rr, line, ttl, origin, prev) + { + int linenr = 0; + int *p_linenr = &linenr; + + uint32_t defttl = default_ttl; + uint32_t *p_defttl = &defttl; + if (defttl == 0) p_defttl = 0; + + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + */ + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + + ldns_rdf *p_origin = origin; + ldns_rdf **pp_origin = &p_origin; + //if (p_origin == 0) pp_origin = 0; + + ldns_rdf *p_prev = prev; + ldns_rdf **pp_prev = &p_prev; + //if (p_prev == 0) pp_prev = 0; + + ldns_rr *p_rr = 0; + ldns_rr **pp_rr = &p_rr; + + ldns_status st = ldns_rr_new_frm_fp_l(pp_rr, fp, p_defttl, pp_origin, pp_prev, p_linenr); + + PyObject* tuple; + tuple = PyTuple_New(6); + int idx = 0; + PyTuple_SetItem(tuple, idx, SWIG_From_int(st)); + idx++; + PyTuple_SetItem(tuple, idx, (st == LDNS_STATUS_OK) ? + SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 ) : + (Py_INCREF(Py_None), Py_None)); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_From_int(linenr)); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_From_int(defttl)); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 )); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 )); + return tuple; + } + + +PyObject* ldns_rr_new_question_frm_str_(const char *str, ldns_rdf* origin, ldns_rdf* prev) + //returns tuple (status, ldns_rr, prev) + { + PyObject* tuple; + + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + */ + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + + ldns_rdf *p_prev = prev; + ldns_rdf **pp_prev = &p_prev; + if (p_prev == 0) pp_prev = 0; + + ldns_rr *p_rr = 0; + ldns_rr **pp_rr = &p_rr; + + ldns_status st = ldns_rr_new_question_frm_str(pp_rr, str, origin, pp_prev); + + tuple = PyTuple_New(3); + PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); + PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? + SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 ) : + (Py_INCREF(Py_None), Py_None)); + PyTuple_SetItem(tuple, 2, (p_prev != prev) ? + SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 ) : + (Py_INCREF(Py_None), Py_None)); + return tuple; + } + + + +PyObject* ldns_fetch_valid_domain_keys_(const ldns_resolver * res, const ldns_rdf * domain, + const ldns_rr_list * keys) + //returns tuple (status, result) + { + PyObject* tuple; + + ldns_rr_list *rrl = 0; + ldns_status st = 0; + rrl = ldns_fetch_valid_domain_keys(res, domain, keys, &st); + + + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); + PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? + SWIG_NewPointerObj(SWIG_as_voidptr(rrl), SWIGTYPE_p_ldns_struct_rr_list, SWIG_POINTER_OWN | 0 ) : + (Py_INCREF(Py_None), Py_None)); + return tuple; + } + +PyObject* ldns_wire2pkt_(const char *str, int len) + //returns tuple (status, result) + { + PyObject *resultobj = 0; + ldns_pkt *arg1 = NULL; + uint8_t *arg2 = (uint8_t *) str; + size_t arg3 = (size_t) len; + ldns_status result; + PyObject* tuple; + + result = (ldns_status)ldns_wire2pkt(&arg1,arg2,arg3); + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(result)); + if (result == LDNS_STATUS_OK) + PyTuple_SetItem(tuple, 1, SWIG_NewPointerObj(SWIG_as_voidptr(arg1), SWIGTYPE_p_ldns_struct_pkt, SWIG_POINTER_OWN | 0 )); + else { + Py_INCREF(Py_None); + PyTuple_SetItem(tuple, 1, Py_None); + } + return tuple; +} + +PyObject* ldns_pkt2wire_(const ldns_pkt *pkt) + //returns tuple (status, result) + { + PyObject *resultobj = 0; + uint8_t *arg1 = NULL; + size_t arg3; + ldns_status result; + PyObject* tuple; + + result = (ldns_status)ldns_pkt2wire(&arg1,pkt,&arg3); + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(result)); + if (result == LDNS_STATUS_OK) + PyTuple_SetItem(tuple, 1, SWIG_FromCharPtrAndSize((char *)arg1, arg3)); + else { + Py_INCREF(Py_None); + PyTuple_SetItem(tuple, 1, Py_None); + } + LDNS_FREE(arg1); + return tuple; +} + +%} + +%pythoncode %{ +def ldns_fetch_valid_domain_keys(res, domain, keys): + return _ldns.ldns_fetch_valid_domain_keys_(res, domain, keys) + +def ldns_wire2pkt(data): + return _ldns.ldns_wire2pkt_(data) + +def ldns_pkt2wire(data): + return _ldns.ldns_pkt2wire_(data) + +def ldns_rr_iter_frm_fp_l(input_file): + """Creates an iterator (generator) that returns individual parsed + RRs from an open zone file.""" + # variables that preserve the parsers state + my_ttl = 0; + my_origin = None + my_prev = None + # additional state variables + last_pos = 0 + line_nr = 0 + + while True: + ret = _ldns.ldns_rr_new_frm_fp_l_(input_file, my_ttl, my_origin, my_prev) + s, rr, line_inc, new_ttl, new_origin, new_prev = ret # unpack the result + line_nr += line_inc # increase number of parsed lines + my_prev = new_prev # update ref to previous owner + + if s == _ldns.LDNS_STATUS_SYNTAX_TTL: + my_ttl = new_ttl # update default TTL + elif s == _ldns.LDNS_STATUS_SYNTAX_ORIGIN: + my_origin = new_origin # update reference to origin + elif s == _ldns.LDNS_STATUS_SYNTAX_EMPTY: + if last_pos == input_file.tell(): + break # no advance since last read - EOF + last_pos = input_file.tell() + elif s != _ldns.LDNS_STATUS_OK: + raise ValueError("Parse error in line %d" % line_nr) + else: + # we are sure to have LDNS_STATUS_OK + yield rr + +%} diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_buffer.i b/zonemaster-ldns/ldns/contrib/python/ldns_buffer.i new file mode 100644 index 0000000..5c2d583 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_buffer.i @@ -0,0 +1,726 @@ +/****************************************************************************** + * ldns_buffer.i: LDNS buffer class + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + *****************************************************************************/ + + +/* ========================================================================= */ +/* SWIG setting and definitions. */ +/* ========================================================================= */ + +/* Creates a temporary instance of (ldns_buffer *). */ +%typemap(in, numinputs=0, noblock=1) (ldns_buffer **) +{ + ldns_buffer *$1_buf; + $1 = &$1_buf; +} + +/* Result generation, appends (ldns_buffer *) after the result. */ +%typemap(argout, noblock=1) (ldns_buffer **) +{ + $result = SWIG_Python_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_buf), + SWIGTYPE_p_ldns_struct_buffer, SWIG_POINTER_OWN | 0)); +} + +/* + * Limit the number of arguments to 2 and deal with variable + * number of arguments in the Python way. + */ +%varargs(2, char *arg = NULL) ldns_buffer_printf; + +%nodefaultctor ldns_struct_buffer; /* No default constructor. */ +%nodefaultdtor ldns_struct_buffer; /* No default destructor. */ + +%newobject ldns_buffer_new; +%newobject ldns_dname_new_frm_data; + +%delobject ldns_buffer_free; + +%rename(ldns_buffer) ldns_struct_buffer; + +%ignore ldns_struct_buffer::_position; +%ignore ldns_struct_buffer::_limit; +%ignore ldns_struct_buffer::_capacity; +%ignore ldns_struct_buffer::_data; +%ignore ldns_struct_buffer::_fixed; +%ignore ldns_struct_buffer::_status; + +%ignore ldns_buffer_new_frm_data; + + +/* ========================================================================= */ +/* Debugging related code. */ +/* ========================================================================= */ + +#ifdef LDNS_DEBUG +%rename(__ldns_buffer_free) ldns_buffer_free; +%inline +%{ + /*! + * @brief Frees the buffer and print a message. + */ + void _ldns_buffer_free (ldns_buffer* b) + { + printf("******** LDNS_BUFFER free 0x%lX ************\n", + (long unsigned int) b); + ldns_buffer_free(b); + } +%} +#else /* !LDNS_DEBUG */ +%rename(_ldns_buffer_free) ldns_buffer_free; +#endif /* LDNS_DEBUG */ + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + +/* None. */ + + +/* ========================================================================= */ +/* Encapsulating Python code. */ +/* ========================================================================= */ + +%feature("docstring") "LDNS buffer." + +%extend ldns_struct_buffer { + + %pythoncode + %{ + def __init__(self, capacity): + """ + Creates a new buffer with the specified capacity. + + :param capacity: Number of bytes to allocate for the buffer. + :type capacity: integer + :throws TypeError: When `capacity` of non-integer type. + :return: (:class:`ldns_buffer`) + """ + self.this = _ldns.ldns_buffer_new(capacity) + + __swig_destroy__ = _ldns._ldns_buffer_free + + def __str__(self): + """ + Returns the data in the buffer as a string. + Buffer data must be char * type. + + :return: string + """ + return _ldns.ldns_buffer2str(self) + + def getc(self): + """ + Returns the next character from a buffer. + + Advances the position pointer with 1. When end of buffer + is reached returns EOF. This is the buffer's equivalent + for getc(). + + :return: (integer) EOF on failure otherwise return + the character. + """ + return _ldns.ldns_bgetc(self) + + # + # LDNS_BUFFER_METHODS_ + # + + def at(self, at): + """ + Returns a pointer to the data at the indicated position. + + :param at: position + :type at: positive integer + :throws TypeError: When `at` of non-integer type. + :return: (uint8_t \*) The pointer to the data. + """ + return _ldns.ldns_buffer_at(self, at) + #parameters: const ldns_buffer *, size_t, + #retvals: uint8_t * + + def available(self, count): + """ + Checks whether the buffer has count bytes available at + the current position. + + :param count: How much is available. + :type count: integer + :throws TypeError: When `count` of non-integer type. + :return: (bool) True or False. + """ + return _ldns.ldns_buffer_available(self, count) != 0 + #parameters: ldns_buffer *, size_t, + #retvals: int + + def available_at(self, at, count): + """ + Checks if the buffer has at least `count` more bytes available. + + Before reading or writing the caller needs to ensure that + enough space is available! + + :param at: Indicated position. + :type at: positive integer + :param count: How much is available. + :type count: positive integer + :throws TypeError: When `at` or `count` of non-integer type. + :return: (bool) True or False. + """ + return _ldns.ldns_buffer_available_at(self, at, count) != 0 + #parameters: ldns_buffer *,size_t,size_t, + #retvals: int + + def begin(self): + """ + Returns a pointer to the beginning of the buffer + (the data at position 0). + + :return: (uint8_t \*) Pointer. + """ + return _ldns.ldns_buffer_begin(self) + #parameters: const ldns_buffer *, + #retvals: uint8_t * + + def capacity(self): + """ + Returns the number of bytes the buffer can hold. + + :return: (size_t) The number of bytes. + """ + return _ldns.ldns_buffer_capacity(self) + #parameters: ldns_buffer *, + #retvals: size_t + + def clear(self): + """ + Clears the buffer and make it ready for writing. + + The buffer's limit is set to the capacity and the position + is set to 0. + """ + _ldns.ldns_buffer_clear(self) + #parameters: ldns_buffer *, + #retvals: + + def copy(self, bfrom): + """ + Copy contents of the other buffer to this buffer. + + Silently truncated if this buffer is too small. + + :param bfrom: Source buffer. + :type bfrom: :class:`ldns_buffer` + :throws TypeError: When `bfrom` of non-:class:`ldns_buffer` + type. + """ + _ldns.ldns_buffer_copy(self, bfrom) + #parameters: ldns_buffer *, ldns_buffer *, + #retvals: + + def current(self): + """ + Returns a pointer to the data at the buffer's current position. + + :return: (uint8_t \*) A pointer. + """ + return _ldns.ldns_buffer_current(self) + #parameters: ldns_buffer *, + #retvals: uint8_t * + + def end(self): + """ + Returns a pointer to the end of the buffer (the data + at the buffer's limit). + + :return: (uint8_t \*) Pointer. + """ + return _ldns.ldns_buffer_end(self) + #parameters: ldns_buffer *, + #retvals: uint8_t * + + def export(self): + """ + Makes the buffer fixed and returns a pointer to the data. + + The caller is responsible for freeing the result. + + :return: (void \*) Void pointer. + """ + return _ldns.ldns_buffer_export(self) + #parameters: ldns_buffer *, + #retvals: void * + + def flip(self): + """ + Makes the buffer ready for reading the data that has been + written to the buffer. + + The buffer's limit is set to the current position and + the position is set to 0. + """ + _ldns.ldns_buffer_flip(self) + #parameters: ldns_buffer *, + + def invariant(self): + """ + Performs no action. + + In debugging mode this method performs a buffer settings + check. It asserts if something is wrong. + """ + _ldns.ldns_buffer_invariant(self) + #parameters: ldns_buffer *, + + def limit(self): + """ + Returns the maximum size of the buffer. + + :return: (size_t) The size. + """ + return _ldns.ldns_buffer_limit(self) + #parameters: ldns_buffer *, + #retvals: size_t + + def position(self): + """ + Returns the current position in the buffer + (as a number of bytes). + + :return: (size_t) The current position. + """ + return _ldns.ldns_buffer_position(self) + #parameters: ldns_buffer *, + #retvals: size_t + + def printf(self, string, *args): + """ + Prints to the buffer, increasing the capacity + if required using buffer_reserve(). + + The buffer's position is set to the terminating '\0'. + Returns the number of characters written (not including + the terminating '\0') or -1 on failure. + + :param string: A string to be written. + :type string: string + :throws: TypeError when `string` not a string. + :return: (int) Number of written characters or -1 on failure. + """ + data = string % args + return _ldns.ldns_buffer_printf(self, data) + #parameters: ldns_buffer *, const char *, ... + #retvals: int + + def read(self, data, count): + """ + Copies count bytes of data at the current position to the given + `data`-array + + :param data: Target buffer to copy to. + :type data: void \* + :param count: The length of the data to copy. + :type count: size_t + """ + _ldns.ldns_buffer_read(self,data,count) + #parameters: ldns_buffer *, void *, size_t, + #retvals: + + def read_at(self, at, data, count): + """ + Copies count bytes of data at the given position to the + given `data`-array. + + :param at: The position in the buffer to start reading. + :type at: size_t + :param data: Target buffer to copy to. + :type data: void \* + :param count: The length of the data to copy. + :type count: size_t + """ + _ldns.ldns_buffer_read_at(self,at,data,count) + #parameters: ldns_buffer *, size_t, void *, size_t, + #retvals: + + def read_u16(self): + """ + Returns the 2-byte integer value at the current position + from the buffer. + + :return: (uint16_t) Word. + """ + return _ldns.ldns_buffer_read_u16(self) + #parameters: ldns_buffer *, + #retvals: uint16_t + + def read_u16_at(self, at): + """ + Returns the 2-byte integer value at the given position + from the buffer. + + :param at: Position in the buffer. + :type at: positive integer + :throws TypeError: When `at` of non-integer type. + :return: (uint16_t) Word. + """ + return _ldns.ldns_buffer_read_u16_at(self, at) + #parameters: ldns_buffer *, size_t, + #retvals: uint16_t + + def read_u32(self): + """ + Returns the 4-byte integer value at the current position + from the buffer. + + :return: (uint32_t) Double-word. + """ + return _ldns.ldns_buffer_read_u32(self) + #parameters: ldns_buffer *, + #retvals: uint32_t + + def read_u32_at(self, at): + """ + Returns the 4-byte integer value at the given position + from the buffer. + + :param at: Position in the buffer. + :type at: positive integer + :throws TypeError: When `at` of non-integer type. + :return: (uint32_t) Double-word. + """ + return _ldns.ldns_buffer_read_u32_at(self, at) + #parameters: ldns_buffer *, size_t, + #retvals: uint32_t + + def read_u8(self): + """ + Returns the byte value at the current position from the buffer. + + :return: (uint8_t) A byte (not a character). + """ + return _ldns.ldns_buffer_read_u8(self) + #parameters: ldns_buffer *, + #retvals: uint8_t + + def read_u8_at(self, at): + """ + Returns the byte value at the given position from the buffer. + + :param at: The position in the buffer. + :type at: positive integer + :throws TypeError: When `at` of non-integer type. + :return: (uint8_t) Byte value. + """ + return _ldns.ldns_buffer_read_u8_at(self, at) + #parameters: ldns_buffer *, size_t, + #retvals: uint8_t + + def remaining(self): + """ + Returns the number of bytes remaining between the buffer's + position and limit. + + :return: (size_t) The number of bytes. + """ + return _ldns.ldns_buffer_remaining(self) + #parameters: ldns_buffer *, + #retvals: size_t + + def remaining_at(self, at): + """ + Returns the number of bytes remaining between the indicated + position and the limit. + + :param at: Indicated position. + :type at: positive integer + :throws TypeError: When `at` of non-integer type. + :return: (size_t) number of bytes + """ + return _ldns.ldns_buffer_remaining_at(self, at) + #parameters: ldns_buffer *,size_t, + #retvals: size_t + + def reserve(self, amount): + """ + Ensures that the buffer can contain at least `amount` more + bytes. + + The buffer's capacity is increased if necessary using + buffer_set_capacity(). + + The buffer's limit is always set to the (possibly increased) + capacity. + + :param amount: Amount to use. + :type amount: positive integer + :throws TypeError: When `amount` of non-integer type. + :return: (bool) Whether this failed or succeeded. + """ + return _ldns.ldns_buffer_reserve(self, amount) + #parameters: ldns_buffer *, size_t, + #retvals: bool + + def rewind(self): + """ + Make the buffer ready for re-reading the data. + + The buffer's position is reset to 0. + """ + _ldns.ldns_buffer_rewind(self) + #parameters: ldns_buffer *, + #retvals: + + def set_capacity(self, capacity): + """ + Changes the buffer's capacity. + + The data is reallocated so any pointers to the data may become + invalid. The buffer's limit is set to the buffer's new capacity. + + :param capacity: The capacity to use. + :type capacity: positive integer + :throws TypeError: When `capacity` of non-integer type. + :return: (bool) whether this failed or succeeded + """ + return _ldns.ldns_buffer_set_capacity(self, capacity) + #parameters: ldns_buffer *, size_t, + #retvals: bool + + def set_limit(self, limit): + """ + Changes the buffer's limit. + + If the buffer's position is greater than the new limit + then the position is set to the limit. + + :param limit: The new limit. + :type limit: positive integer + :throws TypeError: When `limit` of non-integer type. + """ + _ldns.ldns_buffer_set_limit(self, limit) + #parameters: ldns_buffer *, size_t, + #retvals: + + def set_position(self,mark): + """ + Sets the buffer's position to `mark`. + + The position must be less than or equal to the buffer's limit. + + :param mark: The mark to use. + :type mark: positive integer + :throws TypeError: When `mark` of non-integer type. + """ + _ldns.ldns_buffer_set_position(self,mark) + #parameters: ldns_buffer *,size_t, + #retvals: + + def skip(self, count): + """ + Changes the buffer's position by `count` bytes. + + The position must not be moved behind the buffer's limit or + before the beginning of the buffer. + + :param count: The count to use. + :type count: integer + :throws TypeError: When `count` of non-integer type. + """ + _ldns.ldns_buffer_skip(self, count) + #parameters: ldns_buffer *, ssize_t, + #retvals: + + def status(self): + """ + Returns the status of the buffer. + + :return: (ldns_status) The status. + """ + return _ldns.ldns_buffer_status(self) + #parameters: ldns_buffer *, + #retvals: ldns_status + + def status_ok(self): + """ + Returns True if the status of the buffer is LDNS_STATUS_OK, + False otherwise. + + :return: (bool) True or False. + """ + return _ldns.ldns_buffer_status_ok(self) + #parameters: ldns_buffer *, + #retvals: bool + + def write(self, data, count): + """ + Writes count bytes of data to the current position of + the buffer. + + :param data: The data to write. + :type data: void \* + :param count: The length of the data to write. + :type count: size_t + """ + _ldns.ldns_buffer_write(self, data, count) + #parameters: ldns_buffer *, const void *, size_t, + #retvals: + + def write_at(self, at, data, count): + """ + Writes the given data to the buffer at the specified position + by `at`. + + :param at: The position (in number of bytes) to write the + data at. + :param data: Pointer to the data to write to the buffer. + :param count: The number of bytes of data to write. + """ + _ldns.ldns_buffer_write_at(self, at, data, count) + #parameters: ldns_buffer *, size_t, const void *, size_t, + #retvals: + + def write_string(self, string): + """ + Copies the given (null-delimited) string to the current + position into the buffer. + + :param string: The string to write. + :type string: string + :throws TypeError: When `string` not a string. + """ + _ldns.ldns_buffer_write_string(self,string) + #parameters: ldns_buffer *,const char *, + #retvals: + + def write_string_at(self, at, string): + """ + Copies the given (null-delimited) string to the specified + position `at` into the buffer. + + :param at: The position in the buffer. + :type at: positive integer + :param string: The string to write. + :type string: string + :throws TypeError: When types mismatch. + """ + _ldns.ldns_buffer_write_string_at(self, at, string) + #parameters: ldns_buffer *, size_t, const char *, + #retvals: + + def write_u16(self, data): + """Writes the given 2 byte integer at the current + position in the buffer. + + :param data: The word to write. + :type data: uint16_t + :throws TypeError: When `data` of non-integer type. + """ + _ldns.ldns_buffer_write_u16(self, data) + #parameters: ldns_buffer *, uint16_t, + #retvals: + + def write_u16_at(self, at, data): + """ + Writes the given 2 byte integer at the given position + in the buffer. + + :param at: The position in the buffer. + :type at: positive integer + :param data: The word to write. + :type data: uint16_t + :throws TypeError: When `at` or `data` of non-integer type. + """ + _ldns.ldns_buffer_write_u16_at(self,at,data) + #parameters: ldns_buffer *,size_t,uint16_t, + #retvals: + + def write_u32(self, data): + """ + Writes the given 4 byte integer at the current position + in the buffer. + + :param data: The double-word to write. + :type data: uint32_t + :throws TypeError: When `data` of non-integer type. + """ + _ldns.ldns_buffer_write_u32(self, data) + #parameters: ldns_buffer *, uint32_t, + #retvals: + + def write_u32_at(self, at, data): + """ + Writes the given 4 byte integer at the given position + in the buffer. + + :param at: The position in the buffer. + :type at: positive integer + :param data: The double-word to write. + :type data: uint32_t + :throws TypeError: When `at` or `data` of non-integer type. + """ + _ldns.ldns_buffer_write_u32_at(self, at, data) + #parameters: ldns_buffer *,size_t,uint32_t, + #retvals: + + def write_u8(self, data): + """ + Writes the given byte of data at the current position + in the buffer. + + :param data: The byte to write. + :type data: uint8_t + :throws TypeError: When `data` of non-integer type. + """ + _ldns.ldns_buffer_write_u8(self, data) + #parameters: ldns_buffer *, uint8_t, + #retvals: + + def write_u8_at(self,at,data): + """ + Writes the given byte of data at the given position + in the buffer. + + :param at: The position in the buffer. + :type at: positive integer + :param data: The byte to write. + :type data: uint8_t + :throws TypeError: When `at` or `data` of non-integer type. + """ + _ldns.ldns_buffer_write_u8_at(self,at,data) + #parameters: ldns_buffer *,size_t,uint8_t, + #retvals: + + # + # _LDNS_BUFFER_METHODS + # + %} +} diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_dname.i b/zonemaster-ldns/ldns/contrib/python/ldns_dname.i new file mode 100644 index 0000000..f63e930 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_dname.i @@ -0,0 +1,625 @@ +/****************************************************************************** + * ldns_dname.i: LDNS domain name class + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + *****************************************************************************/ + + +/* ========================================================================= */ +/* SWIG setting and definitions. */ +/* ========================================================================= */ + +/* + * Not here (with the exception of functions defined in this C code section), + * must be set in ldns_rdf.i. + */ + + +/* ========================================================================= */ +/* Debugging related code. */ +/* ========================================================================= */ + +/* + * Not here (with the exception of functions defined in this C code section), + * must be set in ldns_rdf.i. + */ + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + +/* None */ + + +/* ========================================================================= */ +/* Encapsulating Python code. */ +/* ========================================================================= */ + +%pythoncode +%{ + class ldns_dname(ldns_rdf): + """ + Domain name. + + This class contains methods to read and manipulate domain name drfs. + Domain names are stored in :class:`ldns_rdf` structures, + with the type LDNS_RDF_TYPE_DNAME. This class encapsulates such + rdfs. + + **Usage** + + >>> import ldns + >>> dn1 = ldns.ldns_dname("test.nic.cz") + >>> print dn1 + test.nic.cz. + >>> dn2 = ldns.ldns_dname("nic.cz") + >>> if dn2.is_subdomain(dn1): print dn2, "is sub-domain of", dn1 + >>> if dn1.is_subdomain(dn2): print dn1, "is sub-domain of", dn2 + test.nic.cz. is sub-domain of nic.cz. + + The following two examples show the creation of :class:`ldns_dname` + from :class:`ldns_rdf`. The first shows the creation of + :class:`ldns_dname` instance which is independent of the original + `rdf`. + + + >>> import ldns + >>> rdf = ldns.ldns_rdf.new_frm_str("a.ns.nic.cz", ldns.LDNS_RDF_TYPE_DNAME) + >>> dn = ldns.ldns_dname(rdf) + >>> print dn + a.ns.nic.cz. + + The latter shows the wrapping of a :class:`ldns_rdf` onto + a :class:`ldns_dname` without the creation of a copy. + + >>> import ldns + >>> dn = ldns.ldns_dname(ldns.ldns_rdf.new_frm_str("a.ns.nic.cz", ldns.LDNS_RDF_TYPE_DNAME), clone=False) + >>> print dn + a.ns.nic.cz. + """ + def __init__(self, initialiser, clone=True): + """ + Creates a new dname rdf from a string or :class:`ldns_rdf`. + + :param initialiser: string or :class:`ldns_rdf` + :type initialiser: string or :class:`ldns_rdf` containing + a dname + :param clone: Whether to clone or directly grab the parameter. + :type clone: bool + :throws TypeError: When `initialiser` of invalid type. + """ + if isinstance(initialiser, ldns_rdf) and \ + (initialiser.get_type() == _ldns.LDNS_RDF_TYPE_DNAME): + if clone == True: + self.this = _ldns.ldns_rdf_clone(initialiser) + else: + self.this = initialiser + else: + self.this = _ldns.ldns_dname_new_frm_str(initialiser) + + # + # LDNS_DNAME_CONSTRUCTORS_ + # + + @staticmethod + def new_frm_str(string): + """ + Creates a new dname rdf instance from a string. + + This static method is equivalent to using default + :class:`ldns_dname` constructor. + + :param string: String to use. + :type string: string + :throws TypeError: When `string` not a string. + :return: (:class:`ldns_dname`) dname rdf. + """ + return ldns_dname(string) + + @staticmethod + def new_frm_rdf(rdf, clone=True): + """ + Creates a new dname rdf instance from a dname :class:`ldns_rdf`. + + This static method is equivalent to using the default + :class:`ldns_dname` constructor. + + :param rdf: A dname :class:`ldns_rdf`. + :type rdf: :class:`ldns_rdf` + :throws TypeError: When `rdf` of inappropriate type. + :param clone: Whether to create a clone or to wrap present + instance. + :type clone: bool + :return: (:class:`ldns_dname`) dname rdf. + """ + return ldns_dname(rdf, clone=clone) + + # + # _LDNS_DNAME_CONSTRUCTORS + # + + def write_to_buffer(self, buffer): + """ + Copies the dname data to the buffer in wire format. + + :param buffer: Buffer to append the result to. + :type param: :class:`ldns_buffer` + :throws TypeError: When `buffer` of non-:class:`ldns_buffer` + type. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_dname2buffer_wire(buffer, self) + #parameters: ldns_buffer *, const ldns_rdf *, + #retvals: ldns_status + + + # + # LDNS_DNAME_METHODS_ + # + + def absolute(self): + """ + Checks whether the given dname string is absolute (i.e., + ends with a '.'). + + :return: (bool) True or False + """ + string = self.__str__() + return _ldns.ldns_dname_str_absolute(string) != 0 + + def make_canonical(self): + """ + Put a dname into canonical format (i.e., convert to lower case). + """ + _ldns.ldns_dname2canonical(self) + + def __cmp__(self, other): + """ + Compares two dname rdf according to the algorithm for + ordering in RFC4034 Section 6. + + :param other: The second dname rdf to compare. + :type other: :class:`ldns_dname` + :throws TypeError: When `other` of invalid type. + :return: (int) -1, 0 or 1 if self comes before other, + self is equal or self comes after other respectively. + + .. note:: + The type checking of parameter `other` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(other, ldns_dname)) and \ + isinstance(other, ldns_rdf) and \ + other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.__cmp__() method will" + + " drop the possibility to compare ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + if not isinstance(other, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + return _ldns.ldns_dname_compare(self, other) + + def __lt__(self, other): + """ + Compares two dname rdf according to the algorithm for + ordering in RFC4034 Section 6. + + :param other: The second dname rdf to compare. + :type other: :class:`ldns_dname` + :throws TypeError: When `other` of invalid type. + :return: (bool) True when `self` is less than 'other'. + + .. note:: + The type checking of parameter `other` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(other, ldns_dname)) and \ + isinstance(other, ldns_rdf) and \ + other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.__lt__() method will" + + " drop the possibility to compare ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + if not isinstance(other, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + return _ldns.ldns_dname_compare(self, other) == -1 + + def __le__(self, other): + """ + Compares two dname rdf according to the algorithm for + ordering in RFC4034 Section 6. + + :param other: The second dname rdf to compare. + :type other: :class:`ldns_dname` + :throws TypeError: When `other` of invalid type. + :return: (bool) True when `self` is less than or equal to + 'other'. + + .. note:: + The type checking of parameter `other` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(other, ldns_dname)) and \ + isinstance(other, ldns_rdf) and \ + other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.__le__() method will" + + " drop the possibility to compare ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + if not isinstance(other, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + return _ldns.ldns_dname_compare(self, other) != 1 + + def __eq__(self, other): + """ + Compares two dname rdf according to the algorithm for + ordering in RFC4034 Section 6. + + :param other: The second dname rdf to compare. + :type other: :class:`ldns_dname` + :throws TypeError: When `other` of invalid type. + :return: (bool) True when `self` is equal to 'other'. + + .. note:: + The type checking of parameter `other` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(other, ldns_dname)) and \ + isinstance(other, ldns_rdf) and \ + other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.__eq__() method will" + + " drop the possibility to compare ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + if not isinstance(other, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + return _ldns.ldns_dname_compare(self, other) == 0 + + def __ne__(self, other): + """ + Compares two dname rdf according to the algorithm for + ordering in RFC4034 Section 6. + + :param other: The second dname rdf to compare. + :type other: :class:`ldns_dname` + :throws TypeError: When `other` of invalid type. + :return: (bool) True when `self` is not equal to 'other'. + + .. note:: + The type checking of parameter `other` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(other, ldns_dname)) and \ + isinstance(other, ldns_rdf) and \ + other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.__ne__() method will" + + " drop the possibility to compare ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + if not isinstance(other, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + return _ldns.ldns_dname_compare(self, other) != 0 + + def __gt__(self, other): + """ + Compares two dname rdf according to the algorithm for + ordering in RFC4034 Section 6. + + :param other: The second dname rdf to compare. + :type other: :class:`ldns_dname` + :throws TypeError: When `other` of invalid type. + :return: (bool) True when `self` is greater than 'other'. + + .. note:: + The type checking of parameter `other` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(other, ldns_dname)) and \ + isinstance(other, ldns_rdf) and \ + other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.__gt__() method will" + + " drop the possibility to compare ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + if not isinstance(other, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + return _ldns.ldns_dname_compare(self, other) == 1 + + def __ge__(self, other): + """ + Compares two dname rdf according to the algorithm for + ordering in RFC4034 Section 6. + + :param other: The second dname rdf to compare. + :type other: :class:`ldns_dname` + :throws TypeError: When `other` of invalid type. + :return: (bool) True when `self` is greater than or equal to + 'other'. + + .. note:: + The type checking of parameter `other` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(other, ldns_dname)) and \ + isinstance(other, ldns_rdf) and \ + other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.__ge__() method will" + + " drop the possibility to compare ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + if not isinstance(other, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + return _ldns.ldns_dname_compare(self, other) != -1 + + def cat(self, rd2): + """ + Concatenates rd2 after this dname (`rd2` is copied, + `this` dname is modified). + + :param rd2: The right-hand side. + :type rd2: :class:`ldns_dname` + :throws TypeError: When `rd2` of invalid type. + :return: (ldns_status) LDNS_STATUS_OK on success + + .. note:: + The type checking of parameter `rd2` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(rd2, ldns_dname)) and \ + isinstance(rd2, ldns_rdf) and \ + rd2.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.cat() method will" + + " drop the support of ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_cat(self, rd2) + #parameters: ldns_rdf *, ldns_rdf *, + #retvals: ldns_status + + def cat_clone(self, rd2): + """ + Concatenates two dnames together. + + :param rd2: The right-hand side. + :type rd2: :class:`ldns_dname` + :throws TypeError: When `rd2` of invalid type. + :return: (:class:`ldns_dname`) A new rdf with + left-hand side + right-hand side content None when + error. + + .. note:: + The type checking of parameter `rd2` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(rd2, ldns_dname)) and \ + isinstance(rd2, ldns_rdf) and \ + rd2.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.cat_clone() method will" + + " drop the support of ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + ret = _ldns.ldns_dname_cat_clone(self, rd2) + if ret != None: + ret = ldns_dname(ret, clone=False) + return ret + #parameters: const ldns_rdf *, const ldns_rdf *, + #retvals: ldns_rdf * + + def interval(self, middle, next): + """ + Check whether `middle` lays in the interval defined by + `this` and `next` (`this` <= `middle` < `next`). + + This method is useful for nsec checking. + + :param middle: The dname to check. + :type middle: :class:`ldns_dname` + :param next: The boundary. + :type next: :class:`ldns_dname` + :throws TypeError: When `middle` or `next` of + non-:class:`ldns_rdf` type. + :throws Exception: When non-dname rdfs compared. + :return: (int) 0 on error or unknown, + -1 when middle is in the interval, 1 when not. + + .. note:: + The type checking of parameters is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(middle, ldns_rdf)) or \ + (not isinstance(next, ldns_rdf)): + raise TypeError("Parameters must be derived from ldns_dname.") + if (self.get_type() != _ldns.LDNS_RDF_TYPE_DNAME) or \ + (middle.get_type() != _ldns.LDNS_RDF_TYPE_DNAME) or \ + (next.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("All operands must be dname rdfs.") + if (not isinstance(middle, ldns_dname)) or \ + (not isinstance(next, ldns_dname)): + warnings.warn("The ldns_dname.interval() method will" + + " drop the possibility to compare ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_interval(self, middle, next) + #parameters: const ldns_rdf *, const ldns_rdf *, const ldns_rdf *, + #retvals: int + + def is_subdomain(self, parent): + """ + Tests whether the name of the instance falls under + `parent` (i.e., is a sub-domain of `parent`). + + This function will return false if the given dnames are equal. + + :param parent: The parent's name. + :type parent: :class:`ldns_dname` + :throws TypeError: When `parent` of non-:class:`ldns_rdf` + or derived type. + :return: (bool) True if `this` falls under `parent`, otherwise + False. + + .. note:: + The type checking of parameters is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(parent, ldns_dname)) and \ + isinstance(parent, ldns_rdf) and \ + parent.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_dname.is_subdomain() method will" + + " drop the support of ldns_rdf." + + " Convert arguments to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_is_subdomain(self, parent) + #parameters: const ldns_rdf *, const ldns_rdf *, + #retvals: bool + + def label(self, labelpos): + """ + Look inside the rdf and retrieve a specific label. + + The labels are numbered starting from 0 (left most). + + :param labelpos: Index of the label. (Labels are numbered + 0, which is the left most.) + :type labelpos: integer + :throws TypeError: When `labelpos` of non-integer type. + :return: (:class:`ldns_dname`) A new rdf with the label + as name or None on error. + """ + ret = _ldns.ldns_dname_label(self, labelpos) + if ret != None: + ret = ldns_dname(ret, clone=False) + return ret + #parameters: const ldns_rdf *, uint8_t, + #retvals: ldns_rdf * + + def label_count(self): + """ + Counts the number of labels. + + :return: (uint8_t) the number of labels. Will return 0 + if not a dname. + """ + return _ldns.ldns_dname_label_count(self) + #parameters: const ldns_rdf *, + #retvals: uint8_t + + def left_chop(self): + """ + Chop one label off the left side of a dname. + + (e.g., wwww.nlnetlabs.nl, becomes nlnetlabs.nl) + + :return: (:class:`ldns_dname`) The remaining dname or None + when error. + """ + return ldns_dname(_ldns.ldns_dname_left_chop(self), clone=False) + #parameters: const ldns_rdf *, + #retvals: ldns_rdf * + + def reverse(self): + """ + Returns a clone of the given dname with the labels reversed. + + :return: (:class:`ldns_dname`) A clone of the dname with + the labels reversed. + """ + return ldns_dname(_ldns.ldns_dname_reverse(self), clone=False) + #parameters: const ldns_rdf *, + #retvals: ldns_rdf * + + # + # _LDNS_DNAME_METHODS + # +%} diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_dnssec.i b/zonemaster-ldns/ldns/contrib/python/ldns_dnssec.i new file mode 100644 index 0000000..90c4e6b --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_dnssec.i @@ -0,0 +1,457 @@ +/****************************************************************************** + * ldns_dnssec.i: DNSSEC zone, name, rrs + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************/ +%nodefaultctor ldns_dnssec_rrs; //no default constructor & destructor +%nodefaultdtor ldns_dnssec_rrs; + +%newobject ldns_dnssec_rrs_new; +%delobject ldns_dnssec_rrs_free; + +%extend ldns_dnssec_rrs { + %pythoncode %{ + + def __init__(self): + """Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs. + + :returns: (ldns_dnssec_rrs) the allocated data + """ + self.this = _ldns.ldns_dnssec_rrs_new() + if not self.this: + raise Exception("Can't create rrs instance") + + __swig_destroy__ = _ldns.ldns_dnssec_rrs_free + + #LDNS_DNSSEC_RRS_METHODS_# + def add_rr(self,rr): + """Adds an RR to the list of RRs. + + The list will remain ordered + + :param rr: + the RR to add + :returns: (ldns_status) LDNS_STATUS_OK on success + """ + return _ldns.ldns_dnssec_rrs_add_rr(self,rr) + #parameters: ldns_dnssec_rrs *,ldns_rr *, + #retvals: ldns_status + #_LDNS_DNSSEC_RRS_METHODS# + %} +} + +// ================================================================================ +// DNNSEC RRS +// ================================================================================ +%nodefaultctor ldns_dnssec_rrsets; //no default constructor & destructor +%nodefaultdtor ldns_dnssec_rrsets; + +%newobject ldns_dnssec_rrsets_new; +%delobject ldns_dnssec_rrsets_free; + +%extend ldns_dnssec_rrsets { + %pythoncode %{ + def __init__(self): + """Creates a new list (entry) of RRsets. + + :returns: (ldns_dnssec_rrsets \*) instance + """ + self.this = _ldns.ldns_dnssec_rrsets_new() + if not self.this: + raise Exception("Can't create rrsets instance") + + __swig_destroy__ = _ldns.ldns_dnssec_rrsets_free + + def print_to_file(self, file, follow): + """Print the given list of rrsets to the given file descriptor. + + :param file: file pointer + :param follow: if set to false, only print the first RRset + """ + _ldns.ldns_dnssec_rrsets_print(file,self,follow) + #parameters: FILE *,ldns_dnssec_rrsets *,bool, + #retvals: + + #LDNS_DNSSEC_RRSETS_METHODS_# + def add_rr(self,rr): + """Add an ldns_rr to the corresponding RRset in the given list of RRsets. + + If it is not present, add it as a new RRset with 1 record. + + :param rr: + the rr to add to the list of rrsets + :returns: (ldns_status) LDNS_STATUS_OK on success + """ + return _ldns.ldns_dnssec_rrsets_add_rr(self,rr) + #parameters: ldns_dnssec_rrsets *,ldns_rr *, + #retvals: ldns_status + + def set_type(self,atype): + """Sets the RR type of the rrset (that is head of the given list). + + :param atype: + :returns: (ldns_status) LDNS_STATUS_OK on success + """ + return _ldns.ldns_dnssec_rrsets_set_type(self,atype) + #parameters: ldns_dnssec_rrsets *,ldns_rr_type, + #retvals: ldns_status + + def type(self): + """Returns the rr type of the rrset (that is head of the given list). + + :returns: (ldns_rr_type) the rr type + """ + return _ldns.ldns_dnssec_rrsets_type(self) + #parameters: ldns_dnssec_rrsets *, + #retvals: ldns_rr_type + #_LDNS_DNSSEC_RRSETS_METHODS# + %} +} + +// ================================================================================ +// DNNSEC NAME +// ================================================================================ +%nodefaultctor ldns_dnssec_name; //no default constructor & destructor +%nodefaultdtor ldns_dnssec_name; + +%newobject ldns_dnssec_name_new; +%delobject ldns_dnssec_name_free; + +%extend ldns_dnssec_name { + %pythoncode %{ + def __init__(self): + """Create a new instance of dnssec name.""" + self.this = _ldns.ldns_dnssec_name_new() + if not self.this: + raise Exception("Can't create dnssec name instance") + + __swig_destroy__ = _ldns.ldns_dnssec_name_free + + def print_to_file(self,file): + """Prints the RRs in the dnssec name structure to the given file descriptor. + + :param file: file pointer + """ + _ldns.ldns_dnssec_name_print(file, self) + #parameters: FILE *,ldns_dnssec_name *, + + @staticmethod + def new_frm_rr(raiseException=True): + """Create a new instance of dnssec name for the given RR. + + :returns: (ldns_dnssec_name) instance + """ + name = _ldns.ldns_dnssec_name_new_frm_rr(self) + if (not name) and (raiseException): + raise Exception("Can't create dnssec name") + return name + + #LDNS_DNSSEC_NAME_METHODS_# + def add_rr(self,rr): + """Inserts the given rr at the right place in the current dnssec_name No checking is done whether the name matches. + + :param rr: + The RR to add + :returns: (ldns_status) LDNS_STATUS_OK on success, error code otherwise + """ + return _ldns.ldns_dnssec_name_add_rr(self,rr) + #parameters: ldns_dnssec_name *,ldns_rr *, + #retvals: ldns_status + + def find_rrset(self,atype): + """Find the RRset with the given type in within this name structure. + + :param atype: + :returns: (ldns_dnssec_rrsets \*) the RRset, or NULL if not present + """ + return _ldns.ldns_dnssec_name_find_rrset(self,atype) + #parameters: ldns_dnssec_name *,ldns_rr_type, + #retvals: ldns_dnssec_rrsets * + + def name(self): + """Returns the domain name of the given dnssec_name structure. + + :returns: (ldns_rdf \*) the domain name + """ + return _ldns.ldns_dnssec_name_name(self) + #parameters: ldns_dnssec_name *, + #retvals: ldns_rdf * + + def set_name(self,dname): + """Sets the domain name of the given dnssec_name structure. + + :param dname: + the domain name to set it to. This data is *not* copied. + """ + _ldns.ldns_dnssec_name_set_name(self,dname) + #parameters: ldns_dnssec_name *,ldns_rdf *, + #retvals: + + def set_nsec(self,nsec): + """Sets the NSEC(3) RR of the given dnssec_name structure. + + :param nsec: + the nsec rr to set it to. This data is *not* copied. + """ + _ldns.ldns_dnssec_name_set_nsec(self,nsec) + #parameters: ldns_dnssec_name *,ldns_rr *, + #retvals: + #_LDNS_DNSSEC_NAME_METHODS# + %} +} + +// ================================================================================ +// DNNSEC ZONE +// ================================================================================ +%nodefaultctor ldns_dnssec_zone; //no default constructor & destructor +%nodefaultdtor ldns_dnssec_zone; + +%newobject ldns_dnssec_zone_new; +%delobject ldns_dnssec_zone_free; + +%inline %{ +ldns_status ldns_dnssec_zone_sign_defcb(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int cbtype) +{ + if (cbtype == 0) + return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_add_to_signatures, NULL); + if (cbtype == 1) + return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_leave_signatures, NULL); + if (cbtype == 2) + return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_delete_signatures, NULL); + + return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_replace_signatures, NULL); +} + +ldns_status ldns_dnssec_zone_add_rr_(ldns_dnssec_zone *zone, ldns_rr *rr) +{ + ldns_rr *new_rr; + ldns_status status; + + new_rr = ldns_rr_clone(rr); + + /* + * A clone of the RR is created to be stored in the DNSSEC zone. + * The Python engine frees a RR object as soon it's reference count + * reaches zero. The code must avoid double freeing or accessing of freed + * memory. + */ + + status = ldns_dnssec_zone_add_rr(zone, new_rr); + + if (status != LDNS_STATUS_OK) { + ldns_rr_free(new_rr); + } + + return status; +} +%} + +%extend ldns_dnssec_zone { + %pythoncode %{ + + def __init__(self): + """Creates a new dnssec_zone instance""" + self.this = _ldns.ldns_dnssec_zone_new() + if not self.this: + raise Exception("Can't create dnssec zone instance") + + __swig_destroy__ = _ldns.ldns_dnssec_zone_free + + def print_to_file(self,file): + """Prints the complete zone to the given file descriptor. + + :param file: file pointer + """ + _ldns.ldns_dnssec_zone_print(file, self) + #parameters: FILE *, ldns_dnssec_zone *, + #retvals: + + def create_nsec3s(self,new_rrs,algorithm,flags,iterations,salt_length,salt): + """Adds NSEC3 records to the zone. + + :param new_rrs: + :param algorithm: + :param flags: + :param iterations: + :param salt_length: + :param salt: + :returns: (ldns_status) + """ + return _ldns.ldns_dnssec_zone_create_nsec3s(self,new_rrs,algorithm,flags,iterations,salt_length,salt) + #parameters: ldns_dnssec_zone *,ldns_rr_list *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *, + #retvals: ldns_status + + def create_nsecs(self,new_rrs): + """Adds NSEC records to the given dnssec_zone. + + :param new_rrs: + ldns_rr's created by this function are added to this rr list, so the caller can free them later + :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise + """ + return _ldns.ldns_dnssec_zone_create_nsecs(self,new_rrs) + #parameters: ldns_dnssec_zone *,ldns_rr_list *, + #retvals: ldns_status + + def create_rrsigs(self,new_rrs,key_list,func,arg): + """Adds signatures to the zone. + + :param new_rrs: + the RRSIG RRs that are created are also added to this list, so the caller can free them later + :param key_list: + list of keys to sign with. + :param func: + Callback function to decide what keys to use and what to do with old signatures + :param arg: + Optional argument for the callback function + :returns: (ldns_status) LDNS_STATUS_OK on success, error otherwise + """ + return _ldns.ldns_dnssec_zone_create_rrsigs(self,new_rrs,key_list,func,arg) + #parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *, + #retvals: ldns_status + + def sign_cb(self,new_rrs,key_list,func,arg): + """signs the given zone with the given keys (with callback function) + + :param new_rrs: + newly created resource records are added to this list, to free them later + :param key_list: + the list of keys to sign the zone with + :param func: + callback function that decides what to do with old signatures. + This function takes an ldns_rr and an optional arg argument, and returns one of four values: + + * LDNS_SIGNATURE_LEAVE_ADD_NEW - leave the signature and add a new one for the corresponding key + + * LDNS_SIGNATURE_REMOVE_ADD_NEW - remove the signature and replace is with a new one from the same key + + * LDNS_SIGNATURE_LEAVE_NO_ADD - leave the signature and do not add a new one with the corresponding key + + * LDNS_SIGNATURE_REMOVE_NO_ADD - remove the signature and do not replace + + :param arg: + optional argument for the callback function + :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise + """ + return _ldns.ldns_dnssec_zone_sign(self,new_rrs,key_list,func,arg) + #parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *, + #retvals: ldns_status + + def sign(self,new_rrs,key_list, cbtype=3): + """signs the given zone with the given keys + + :param new_rrs: + newly created resource records are added to this list, to free them later + :param key_list: + the list of keys to sign the zone with + :param cb_type: + specifies how to deal with old signatures, possible values: + + * 0 - ldns_dnssec_default_add_to_signatures, + + * 1 - ldns_dnssec_default_leave_signatures, + + * 2 - ldns_dnssec_default_delete_signatures, + + * 3 - ldns_dnssec_default_replace_signatures + + :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise + """ + return _ldns.ldns_dnssec_zone_sign_defcb(self,new_rrs,key_list, cbtype) + #parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *, + #retvals: ldns_status + + def sign_nsec3(self,new_rrs,key_list,func,arg,algorithm,flags,iterations,salt_length,salt): + """signs the given zone with the given new zone, with NSEC3 + + :param new_rrs: + newly created resource records are added to this list, to free them later + :param key_list: + the list of keys to sign the zone with + :param func: + callback function that decides what to do with old signatures + :param arg: + optional argument for the callback function + :param algorithm: + the NSEC3 hashing algorithm to use + :param flags: + NSEC3 flags + :param iterations: + the number of NSEC3 hash iterations to use + :param salt_length: + the length (in octets) of the NSEC3 salt + :param salt: + the NSEC3 salt data + :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise + """ + return _ldns.ldns_dnssec_zone_sign_nsec3(self,new_rrs,key_list,func,arg,algorithm,flags,iterations,salt_length,salt) + #parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *, + #retvals: ldns_status + + #LDNS_DNSSEC_ZONE_METHODS_# + def add_empty_nonterminals(self): + """Adds explicit dnssec_name structures for the empty nonterminals in this zone. + + (this is needed for NSEC3 generation) + + :returns: (ldns_status) + """ + return _ldns.ldns_dnssec_zone_add_empty_nonterminals(self) + #parameters: ldns_dnssec_zone *, + #retvals: ldns_status + + def add_rr(self,rr): + """Adds the given RR to the zone. + + It find whether there is a dnssec_name with that name present. + If so, add it to that, if not create a new one. + Special handling of NSEC and RRSIG provided. + + :param rr: + The RR to add + :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise + """ + return _ldns.ldns_dnssec_zone_add_rr_(self,rr) + #parameters: ldns_dnssec_zone *,ldns_rr *, + #retvals: ldns_status + + def find_rrset(self,dname,atype): + """Find the RRset with the given name and type in the zone. + + :param dname: + the domain name of the RRset to find + :param atype: + :returns: (ldns_dnssec_rrsets \*) the RRset, or NULL if not present + """ + return _ldns.ldns_dnssec_zone_find_rrset(self,dname,atype) + #parameters: ldns_dnssec_zone *,ldns_rdf *,ldns_rr_type, + #retvals: ldns_dnssec_rrsets * + + #_LDNS_DNSSEC_ZONE_METHODS# + %} +} diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_key.i b/zonemaster-ldns/ldns/contrib/python/ldns_key.i new file mode 100644 index 0000000..dc67e67 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_key.i @@ -0,0 +1,536 @@ +/****************************************************************************** + * ldns_key.i: LDNS key class + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************/ +%typemap(in,numinputs=0,noblock=1) (ldns_key **) +{ + ldns_key *$1_key; + $1 = &$1_key; +} + +/* result generation */ +%typemap(argout,noblock=1) (ldns_key **) +{ + $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_key), SWIGTYPE_p_ldns_struct_key, SWIG_POINTER_OWN | 0 )); +} + +%typemap(argout) ldns_rdf *r "Py_INCREF($input);" + +%nodefaultctor ldns_struct_key; //no default constructor & destructor +%nodefaultdtor ldns_struct_key; + +%delobject ldns_key_free; +%delobject ldns_key_deep_free; +%newobject ldns_key_list_pop_key; +%newobject ldns_key2rr; +%newobject ldns_key_new_frm_algorithm; +%newobject ldns_key_new_frm_fp; +%newobject ldns_key_new_frm_fp_l; +%newobject ldns_key_new_frm_engine; + +%rename(ldns_key) ldns_struct_key; + +#ifdef LDNS_DEBUG +%rename(__ldns_key_free) ldns_key_free; +%inline %{ +void _ldns_key_free (ldns_key* k) { + printf("******** LDNS_KEY free 0x%lX ************\n", (long unsigned int)k); + ldns_key_deep_free(k); +} +%} +#else +%rename(_ldns_key_free) ldns_key_deep_free; +%rename(__ldns_key_free) ldns_key_free; +#endif + +%feature("docstring") ldns_struct_key "Key class + +This class can contains all types of keys that are used in DNSSEC. Mostly used to store private keys, since public keys can also be stored in a ldns_rr with type LDNS_RR_TYPE_DNSKEY. This class can also store some variables that influence the signatures generated by signing with this key, for instance the inception date. + +**Usage** + + >>> import ldns + >>> ldns.ldns_init_random(open(\"/dev/random\",\"rb\"), 512/8) + >>> key = ldns.ldns_key.new_frm_algorithm(ldns.LDNS_SIGN_DSA, 512) #generate new DSA key + >>> print key + Private-key-format: v1.2 + Algorithm: 3 (DSA) + Prime(p): XXXXXXXXHRQBGRflHZQriSAoLI2g+LGvZz8BlEesO+ZQg65wrFGs9IC441y/mn3nFnXfCdtX6zbN5bQuabPdlQ== + Subprime(q): XXXXXdnWs/cWsGDglhEyZRLEVA8= + Base(g): XXXXXXXqrd+dm2bcxDBdCsZRzkXQ22FxCk2ycnjgevr+s2HfA57BPk3xwqCrHUwuOBVg3Fvq4bpldrCe0sT6Og== + Private_value(x): XXXXXcVubZF33pj04z4ZoETsQW1Y= + Public_value(y): XXXXXX8t6zfOxJHoy57qteIw9sOZ/Zu0yFiPO083sPm11NlFx3b4m7TJ2k41gYicHXHLUQK1p0xXFToeZEkPGQ== + >>> fw = open(\"key.priv\", \"wb\") + >>> key.print_to_file(fw) #write priv key to file +" + +%extend ldns_struct_key { + + %pythoncode %{ + def __init__(self): + self.this = _ldns.ldns_key_new() + if not self.this: + raise Exception("Can't create instance of this class") + + __swig_destroy__ = _ldns._ldns_key_free + + def __str__(self): + """converts the data to presentation format""" + return _ldns.ldns_key2str(self) + + + def key_to_rr(self): + """converts a ldns_key to a public key rr + + :returns: (ldns_rr \*) ldns_rr representation of the key + """ + return _ldns.ldns_key2rr(self) + #parameters: const ldns_key *, + #retvals: ldns_rr * + + def print_to_file(self, file): + """print a private key to the file output + + :param file: output file pointer + """ + _ldns.ldns_key_print(file, self) + #parameters: FILE *, const ldns_key *, + #retvals: + + #LDNS_KEY_CONSTRUCTORS_# + @staticmethod + def new_frm_fp(file, raiseException=True): + """Creates a new priv key based on the contents of the file pointed by fp. + + :param file: a file object + :param raiseException: if True, an exception occurs in case a key instance can't be created + :returns: key instance or None. If the object can't be created and raiseException is True, an exception occurs. + """ + status, key = _ldns.ldns_key_new_frm_fp(file) + if status != LDNS_STATUS_OK: + if (raiseException): raise Exception("Can't create key, error: %s (%d)" % (_ldns.ldns_get_errorstr_by_id(status),status)) + return None + return key + + @staticmethod + def new_frm_fp_l(file, raiseException=True): + """Creates a new private key based on the contents of the file pointed by fp. + + :param file: a file object + :param raiseException: if True, an exception occurs in case a key instance can't be created + :returns: + * key - key instance or None. If an instance can't be created and raiseException is True, an exception occurs. + + * line - the line number (for debugging) + """ + status, key, line = _ldns.ldns_key_new_frm_fp_l(file) + if status != LDNS_STATUS_OK: + if (raiseException): raise Exception("Can't create key, error: %d" % status) + return None + return key, line + + @staticmethod + def new_frm_algorithm(algorithm, size, raiseException=True): + """Creates a new key based on the algorithm. + + :param algorithm: the algorithm to use + :param size: the number of bytes for the keysize + :param raiseException: if True, an exception occurs in case a key instance can't be created + :returns: key instance or None. If the object can't be created and raiseException is True, an exception occurs. + + **Algorithms** + LDNS_SIGN_RSAMD5, LDNS_SIGN_RSASHA1, LDNS_SIGN_DSA, LDNS_SIGN_RSASHA1_NSEC3, LDNS_SIGN_RSASHA256, LDNS_SIGN_RSASHA256_NSEC3, LDNS_SIGN_RSASHA512, LDNS_SIGN_RSASHA512_NSEC3, LDNS_SIGN_DSA_NSEC3, LDNS_SIGN_HMACMD5, LDNS_SIGN_HMACSHA1, LDNS_SIGN_HMACSHA256 + """ + key = _ldns.ldns_key_new_frm_algorithm(algorithm, size) + if (not key) and (raiseException): raise Exception("Can't create key, error: %d" % status) + return key + #_LDNS_KEY_CONSTRUCTORS# + + #LDNS_KEY_METHODS_# + def algorithm(self): + """return the signing alg of the key + + :returns: (ldns_signing_algorithm) the algorithm + """ + return _ldns.ldns_key_algorithm(self) + #parameters: const ldns_key *, + #retvals: ldns_signing_algorithm + + def dsa_key(self): + """returns the (openssl) DSA struct contained in the key + + :returns: (DSA \*) + """ + return _ldns.ldns_key_dsa_key(self) + #parameters: const ldns_key *, + #retvals: DSA * + + def evp_key(self): + """returns the (openssl) EVP struct contained in the key + + :returns: (EVP_PKEY \*) the RSA * structure in the key + """ + return _ldns.ldns_key_evp_key(self) + #parameters: const ldns_key *, + #retvals: EVP_PKEY * + + def expiration(self): + """return the key's expiration date + + :returns: (uint32_t) the expiration date + """ + return _ldns.ldns_key_expiration(self) + #parameters: const ldns_key *, + #retvals: uint32_t + + def flags(self): + """return the flag of the key + + :returns: (uint16_t) the flag + """ + return _ldns.ldns_key_flags(self) + #parameters: const ldns_key *, + #retvals: uint16_t + + def hmac_key(self): + """return the hmac key data + + :returns: (unsigned char \*) the hmac key data + """ + return _ldns.ldns_key_hmac_key(self) + #parameters: const ldns_key *, + #retvals: unsigned char * + + def hmac_size(self): + """return the hmac key size + + :returns: (size_t) the hmac key size + """ + return _ldns.ldns_key_hmac_size(self) + #parameters: const ldns_key *, + #retvals: size_t + + def inception(self): + """return the key's inception date + + :returns: (uint32_t) the inception date + """ + return _ldns.ldns_key_inception(self) + #parameters: const ldns_key *, + #retvals: uint32_t + + def keytag(self): + """return the keytag + + :returns: (uint16_t) the keytag + """ + return _ldns.ldns_key_keytag(self) + #parameters: const ldns_key *, + #retvals: uint16_t + + def origttl(self): + """return the original ttl of the key + + :returns: (uint32_t) the original ttl + """ + return _ldns.ldns_key_origttl(self) + #parameters: const ldns_key *, + #retvals: uint32_t + + def pubkey_owner(self): + """return the public key's owner + + :returns: (ldns_rdf \*) the owner + """ + return _ldns.ldns_key_pubkey_owner(self) + #parameters: const ldns_key *, + #retvals: ldns_rdf * + + def rsa_key(self): + """returns the (openssl) RSA struct contained in the key + + :returns: (RSA \*) the RSA * structure in the key + """ + return _ldns.ldns_key_rsa_key(self) + #parameters: const ldns_key *, + #retvals: RSA * + + def set_algorithm(self,l): + """Set the key's algorithm. + + :param l: + the algorithm + """ + _ldns.ldns_key_set_algorithm(self,l) + #parameters: ldns_key *,ldns_signing_algorithm, + #retvals: + + def set_dsa_key(self,d): + """Set the key's dsa data. + + :param d: + the dsa data + """ + _ldns.ldns_key_set_dsa_key(self,d) + #parameters: ldns_key *,DSA *, + #retvals: + + def set_evp_key(self,e): + """Set the key's evp key. + + :param e: + the evp key + """ + _ldns.ldns_key_set_evp_key(self,e) + #parameters: ldns_key *,EVP_PKEY *, + #retvals: + + def set_expiration(self,e): + """Set the key's expiration date (seconds after epoch). + + :param e: + the expiration + """ + _ldns.ldns_key_set_expiration(self,e) + #parameters: ldns_key *,uint32_t, + #retvals: + + def set_flags(self,flags): + """Set the key's flags. + + :param flags: + the flags + """ + _ldns.ldns_key_set_flags(self,flags) + #parameters: ldns_key *,uint16_t, + #retvals: + + def set_hmac_key(self,hmac): + """Set the key's hmac data. + + :param hmac: + the raw key data + """ + _ldns.ldns_key_set_hmac_key(self,hmac) + #parameters: ldns_key *,unsigned char *, + #retvals: + + def set_hmac_size(self,hmac_size): + """Set the key's hmac size. + + :param hmac_size: + the size of the hmac data + """ + _ldns.ldns_key_set_hmac_size(self,hmac_size) + #parameters: ldns_key *,size_t, + #retvals: + + def set_inception(self,i): + """Set the key's inception date (seconds after epoch). + + :param i: + the inception + """ + _ldns.ldns_key_set_inception(self,i) + #parameters: ldns_key *,uint32_t, + #retvals: + + def set_keytag(self,tag): + """Set the key's key tag. + + :param tag: + the keytag + """ + _ldns.ldns_key_set_keytag(self,tag) + #parameters: ldns_key *,uint16_t, + #retvals: + + def set_origttl(self,t): + """Set the key's original ttl. + + :param t: + the ttl + """ + _ldns.ldns_key_set_origttl(self,t) + #parameters: ldns_key *,uint32_t, + #retvals: + + def set_pubkey_owner(self,r): + """Set the key's pubkey owner. + + :param r: + the owner + """ + _ldns.ldns_key_set_pubkey_owner(self,r) + #parameters: ldns_key *,ldns_rdf *, + #retvals: + + def set_rsa_key(self,r): + """Set the key's rsa data. + + :param r: + the rsa data + """ + _ldns.ldns_key_set_rsa_key(self,r) + #parameters: ldns_key *,RSA *, + #retvals: + + def set_use(self,v): + """set the use flag + + :param v: + the boolean value to set the _use field to + """ + _ldns.ldns_key_set_use(self,v) + #parameters: ldns_key *,bool, + #retvals: + + def use(self): + """return the use flag + + :returns: (bool) the boolean value of the _use field + """ + return _ldns.ldns_key_use(self) + #parameters: const ldns_key *, + #retvals: bool + #_LDNS_KEY_METHODS# + %} +} + +%nodefaultctor ldns_struct_key_list; //no default constructor & destructor +%nodefaultdtor ldns_struct_key_list; + +%newobject ldns_key_list_new; +%newobject ldns_key_list_pop_key; +%delobject ldns_key_list_free; +%delobject ldns_key_list_push_key; + +%rename(ldns_key_list) ldns_struct_key_list; + +#ifdef LDNS_DEBUG +%rename(__ldns_key_list_free) ldns_key_list_free; +%inline %{ +void _ldns_key_list_free (ldns_key_list* k) { + printf("******** LDNS_KEY_LIST free 0x%lX ************\n", (long unsigned int)k); + ldns_key_list_free(k); +} +%} +#else +%rename(_ldns_key_list_free) ldns_key_list_free; +#endif + +%extend ldns_struct_key_list { + + %pythoncode %{ + def __init__(self): + self.this = _ldns.ldns_key_list_new() + if not self.this: + raise Exception("Can't create class") + + __swig_destroy__ = _ldns._ldns_key_list_free + + def keys(self): + """Key list iterator""" + for i in range(0, self.key_count()): + yield self.key(i) + + def __str__(self): + i = 0 + s = "" + for k in self.keys(): + i += 1 + s += "key %d:\n %s\n" % (i, str(k).replace("\n","\n ")) + return s + + #LDNS_KEY_LIST_METHODS_# + def key(self,nr): + """returns a pointer to the key in the list at the given position + + :param nr: + the position in the list + :returns: (ldns_key \*) the key + """ + return _ldns.ldns_key_list_key(self,nr) + #parameters: const ldns_key_list *,size_t, + #retvals: ldns_key * + + def key_count(self): + """returns the number of keys in the key list + + :returns: (size_t) the numbers of keys in the list + """ + return _ldns.ldns_key_list_key_count(self) + #parameters: const ldns_key_list *, + #retvals: size_t + + def pop_key(self): + """pops the last rr from a keylist + + :returns: (ldns_key \*) NULL if nothing to pop. Otherwise the popped RR + """ + return _ldns.ldns_key_list_pop_key(self) + #parameters: ldns_key_list *, + #retvals: ldns_key * + + def push_key(self,key): + """pushes a key to a keylist + + :param key: + the key to push + :returns: (bool) false on error, otherwise true + """ + return _ldns.ldns_key_list_push_key(self,key) + #parameters: ldns_key_list *,ldns_key *, + #retvals: bool + + def set_key_count(self,count): + """Set the keylist's key count to count. + + :param count: + the count + """ + _ldns.ldns_key_list_set_key_count(self,count) + #parameters: ldns_key_list *,size_t, + #retvals: + + def set_use(self,v): + """Set the 'use' flag for all keys in the list. + + :param v: + The value to set the use flags to + """ + _ldns.ldns_key_list_set_use(self,v) + #parameters: ldns_key_list *,bool, + #retvals: + + #_LDNS_KEY_LIST_METHODS# + %} +} + diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_packet.i b/zonemaster-ldns/ldns/contrib/python/ldns_packet.i new file mode 100644 index 0000000..c2d7a3b --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_packet.i @@ -0,0 +1,1588 @@ +/****************************************************************************** + * ldns_packet.i: LDNS packet class + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + *****************************************************************************/ + + +/* ========================================================================= */ +/* SWIG setting and definitions. */ +/* ========================================================================= */ + +/* Creates a temporary instance of (ldns_pkt *). */ +%typemap(in,numinputs=0,noblock=1) (ldns_pkt **) +{ + ldns_pkt *$1_pkt; + $1 = &$1_pkt; +} + +/* Result generation, appends (ldns_pkt *) after the result. */ +%typemap(argout,noblock=1) (ldns_pkt **) +{ + $result = SWIG_Python_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_pkt), + SWIGTYPE_p_ldns_struct_pkt, SWIG_POINTER_OWN | 0 )); +} + +%newobject ldns_pkt_new; +%newobject ldns_pkt_clone; +%newobject ldns_pkt_rr_list_by_type; +%newobject ldns_pkt_rr_list_by_name_and_type; +%newobject ldns_pkt_rr_list_by_name; +%newobject ldns_update_pkt_new; + + +%nodefaultctor ldns_struct_pkt; /* No default constructor. */ +%nodefaultdtor ldns_struct_pkt; /* No default destructor. */ + +%rename(ldns_pkt) ldns_struct_pkt; + +%newobject ldns_pkt2str; +%newobject ldns_pkt_opcode2str; +%newobject ldns_pkt_rcode2str; +%newobject ldns_pkt_algorithm2str; +%newobject ldns_pkt_cert_algorithm2str; +%newobject ldns_pkt_get_section_clone; + + +/* Clone data on pull. */ + + +%newobject _ldns_pkt_additional; +%rename(__ldns_pkt_additional) ldns_pkt_additional; +%inline +%{ + ldns_rr_list * _ldns_pkt_additional(ldns_pkt *p) + { + return ldns_rr_list_clone(ldns_pkt_additional(p)); + } +%} + +%newobject _ldns_pkt_answer; +%rename(__ldns_pkt_answer) ldns_pkt_answer; +%inline +%{ + ldns_rr_list * _ldns_pkt_answer(ldns_pkt *p) + { + return ldns_rr_list_clone(ldns_pkt_answer(p)); + } +%} + +%newobject _ldns_pkt_answerfrom; +%rename(__ldns_pkt_answerfrom) ldns_pkt_answerfrom; +%inline +%{ + ldns_rdf * _ldns_pkt_answerfrom(ldns_pkt *p) + { + ldns_rdf *rdf; + + rdf = ldns_pkt_answerfrom(p); + if (rdf != NULL) { + rdf = ldns_rdf_clone(rdf); + } + return rdf; + } +%} + +%newobject _ldns_pkt_authority; +%rename(__ldns_pkt_authority) ldns_pkt_authority; +%inline +%{ + ldns_rr_list * _ldns_pkt_authority(ldns_pkt *p) + { + return ldns_rr_list_clone(ldns_pkt_authority(p)); + } +%} + +%newobject _ldns_pkt_edns_data; +%rename(__ldns_pkt_edns_data) ldns_pkt_edns_data; +%inline +%{ + ldns_rdf * _ldns_pkt_edns_data(ldns_pkt *p) + { + ldns_rdf *rdf; + + rdf = ldns_pkt_edns_data(p); + if (rdf != NULL) { + rdf = ldns_rdf_clone(rdf); + } + return rdf; + } +%} + +%newobject _ldns_pkt_tsig; +%rename(__ldns_pkt_tsig) ldns_pkt_tsig; +%inline +%{ + ldns_rr * _ldns_pkt_tsig(const ldns_pkt *pkt) + { + return ldns_rr_clone(ldns_pkt_tsig(pkt)); + } +%} + +%newobject _ldns_pkt_question; +%rename(__ldns_pkt_question) ldns_pkt_question; +%inline +%{ + ldns_rr_list * _ldns_pkt_question(ldns_pkt *p) + { + return ldns_rr_list_clone(ldns_pkt_question(p)); + } +%} + +/* End of pull cloning. */ + +/* Clone data on push. */ + +%newobject _ldns_pkt_query_new; +%rename(__ldns_pkt_query_new) ldns_pkt_query_new; +%inline +%{ + ldns_pkt * _ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, + ldns_rr_class rr_class, uint16_t flags) + { + return ldns_pkt_query_new(ldns_rdf_clone(rr_name), rr_type, rr_class, + flags); + } +%} + +%rename(__ldns_pkt_push_rr) ldns_pkt_push_rr; +%inline +%{ + bool _ldns_pkt_push_rr(ldns_pkt *p, ldns_pkt_section sec, ldns_rr *rr) + { + return ldns_pkt_push_rr(p, sec, ldns_rr_clone(rr)); + } +%} + +%rename(__ldns_pkt_safe_push_rr) ldns_pkt_safe_push_rr; +%inline +%{ + bool _ldns_pkt_safe_push_rr(ldns_pkt *pkt, ldns_pkt_section sec, + ldns_rr *rr) + { + /* Prevents memory leaks when fails. */ + ldns_rr *rr_clone = NULL; + bool ret; + + if (rr != NULL) { + rr_clone = ldns_rr_clone(rr); + } + ret = ldns_pkt_safe_push_rr(pkt, sec, rr_clone); + if (!ret) { + ldns_rr_free(rr_clone); + } + + return ret; + } +%} + +%rename(__ldns_pkt_push_rr_list) ldns_pkt_push_rr_list; +%inline +%{ + bool _ldns_pkt_push_rr_list(ldns_pkt *p, ldns_pkt_section sec, + ldns_rr_list *rrl) + { + return ldns_pkt_push_rr_list(p, sec, ldns_rr_list_clone(rrl)); + } +%} + +%rename(__ldns_pkt_safe_push_rr_list) ldns_pkt_safe_push_rr_list; +%inline +%{ + bool _ldns_pkt_safe_push_rr_list(ldns_pkt *p, ldns_pkt_section s, + ldns_rr_list *rrl) + { + /* Prevents memory leaks when fails. */ + ldns_rr_list *rrl_clone = NULL; + bool ret; + + if (rrl != NULL) { + rrl_clone = ldns_rr_list_clone(rrl); + } + ret = ldns_pkt_safe_push_rr_list(p, s, rrl_clone); + if (!ret) { + ldns_rr_list_free(rrl_clone); + } + + return ret; + } +%} + +%rename(__ldns_pkt_set_additional) ldns_pkt_set_additional; +%inline +%{ + void _ldns_pkt_set_additional(ldns_pkt *p, ldns_rr_list *rrl) + { + ldns_rr_list *rrl_clone = NULL; + if (rrl != NULL) { + rrl_clone = ldns_rr_list_clone(rrl); + } + /* May leak memory, when overwriting pointer value. */ + ldns_pkt_set_additional(p, rrl_clone); + } +%} + +%rename(__ldns_pkt_set_answer) ldns_pkt_set_answer; +%inline +%{ + void _ldns_pkt_set_answer(ldns_pkt *p, ldns_rr_list *rrl) + { + ldns_rr_list *rrl_clone = NULL; + if (rrl != NULL) { + rrl_clone = ldns_rr_list_clone(rrl); + } + /* May leak memory, when overwriting pointer value. */ + ldns_pkt_set_answer(p, rrl_clone); + } +%} + +%rename (__ldns_pkt_set_answerfrom) ldns_pkt_set_answerfrom; +%inline +%{ + void _ldns_pkt_set_answerfrom(ldns_pkt *packet, ldns_rdf *rdf) + { + ldns_rdf *rdf_clone = NULL; + if (rdf != NULL) { + rdf_clone = ldns_rdf_clone(rdf); + } + /* May leak memory, when overwriting pointer value. */ + ldns_pkt_set_answerfrom(packet, rdf_clone); + } +%} + +%rename(__ldns_pkt_set_authority) ldns_pkt_set_authority; +%inline +%{ + void _ldns_pkt_set_authority(ldns_pkt *p, ldns_rr_list *rrl) + { + ldns_rr_list *rrl_clone = NULL; + if (rrl != NULL) { + rrl_clone = ldns_rr_list_clone(rrl); + } + /* May leak memory, when overwriting pointer value. */ + ldns_pkt_set_authority(p, rrl_clone); + } +%} + +%rename(__ldns_pkt_set_edns_data) ldns_pkt_set_edns_data; +%inline +%{ + void _ldns_pkt_set_edns_data(ldns_pkt *packet, ldns_rdf *rdf) + { + ldns_rdf *rdf_clone = NULL; + if (rdf != NULL) { + rdf_clone = ldns_rdf_clone(rdf); + } + /* May leak memory, when overwriting pointer value. */ + ldns_pkt_set_edns_data(packet, rdf_clone); + } +%} + +%rename(__ldns_pkt_set_question) ldns_pkt_set_question; +%inline +%{ + void _ldns_pkt_set_question(ldns_pkt *p, ldns_rr_list *rrl) + { + ldns_rr_list *rrl_clone = NULL; + if (rrl != NULL) { + rrl_clone = ldns_rr_list_clone(rrl); + } + /* May leak memory, when overwriting pointer value. */ + ldns_pkt_set_question(p, rrl_clone); + } +%} + +%rename(__ldns_pkt_set_tsig) ldns_pkt_set_tsig; +%inline +%{ + void _ldns_pkt_set_tsig(ldns_pkt *pkt, ldns_rr *rr) + { + ldns_rr *rr_clone = NULL; + if (rr != NULL) { + rr_clone = ldns_rr_clone(rr); + } + /* May leak memory, when overwriting pointer value. */ + ldns_pkt_set_tsig(pkt, rr_clone); + } +%} + +/* End of push cloning. */ + + +/* ========================================================================= */ +/* Debugging related code. */ +/* ========================================================================= */ + +#ifdef LDNS_DEBUG +%rename(__ldns_pkt_free) ldns_pkt_free; +%inline +%{ + /*! + * @brief Prints information about deallocated pkt and deallocates. + */ + void _ldns_pkt_free (ldns_pkt* p) { + printf("******** LDNS_PKT free 0x%lX ************\n", + (long unsigned int) p); + ldns_pkt_free(p); + } +%} +#else /* !LDNS_DEBUG */ +%rename(_ldns_pkt_free) ldns_pkt_free; +#endif /* LDNS_DEBUG */ + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + +/* None. */ + + +/* ========================================================================= */ +/* Encapsulating Python code. */ +/* ========================================================================= */ + +%feature("docstring") ldns_struct_pkt "LDNS packet object. + +The :class:`ldns_pkt` object contains DNS packed (either a query or an answer). +It is the complete representation of what you actually send to a name server, +and what you get back (see :class:`ldns.ldns_resolver`). + +**Usage** + +>>> import ldns +>>> resolver = ldns.ldns_resolver.new_frm_file(\"/etc/resolv.conf\") +>>> pkt = resolver.query(\"nic.cz\", ldns.LDNS_RR_TYPE_NS,ldns.LDNS_RR_CLASS_IN) +>>> print pkt +;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 63004 +;; flags: qr rd ra ; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0 +;; QUESTION SECTION: +;; nic.cz. IN NS +;; ANSWER SECTION: +nic.cz. 758 IN NS a.ns.nic.cz. +nic.cz. 758 IN NS c.ns.nic.cz. +nic.cz. 758 IN NS e.ns.nic.cz. +;; AUTHORITY SECTION: +;; ADDITIONAL SECTION: +;; Query time: 8 msec +;; SERVER: 82.100.38.2 +;; WHEN: Thu Jan 11 12:54:33 2009 +;; MSG SIZE rcvd: 75 + +This simple example instances a resolver in order to resolve NS for nic.cz." + +%extend ldns_struct_pkt { + + %pythoncode + %{ + def __init__(self): + """ + Cannot be created directly from Python. + """ + raise Exception("This class can't be created directly. " + + "Please use: ldns_pkt_new, ldns_pkt_query_new " + + "or ldns_pkt_query_new_frm_str") + + __swig_destroy__ = _ldns._ldns_pkt_free + + # + # LDNS_PKT_CONSTRUCTORS_ + # + + @staticmethod + def new(): + """ + Creates new empty packet structure. + + :return: (:class:`ldns_pkt` ) New empty packet. + """ + return _ldns.ldns_pkt_new() + + @staticmethod + def new_query(rr_name, rr_type, rr_class, flags): + """ + Creates a packet with a query in it for the given name, + type and class. + + :param rr_name: The name to query for. + :type rr_name: :class:`ldns_dname` + :param rr_type: The type to query for. + :type rr_type: ldns_rr_type + :param rr_class: The class to query for. + :type rr_class: ldns_rr_class + :param flags: Packet flags. + :type flags: uint16_t + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_pkt`) New object. + + .. note:: + The type checking of parameter `rr_name` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(rr_name, ldns_dname)) and \ + isinstance(rr_name, ldns_rdf) and \ + rr_name.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_pkt.new_query() method will" + + " drop the possibility to accept ldns_rdf." + + " Convert argument to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + if not isinstance(rr_name, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (rr_name.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + return _ldns._ldns_pkt_query_new(rr_name, rr_type, rr_class, flags) + + @staticmethod + def new_query_frm_str(rr_name, rr_type, rr_class, flags, raiseException = True): + """ + Creates a query packet for the given name, type, class. + + :param rr_name: The name to query for. + :type rr_name: str + :param rr_type: The type to query for. + :type rr_type: ldns_rr_type + :param rr_class: The class to query for. + :type rr_class: ldns_rr_class + :param flags: Packet flags. + :type flags: uint16_t + :param raiseException: If True, an exception occurs in case a + packet object can't be created. + :throws TypeError: When arguments of inappropriate types. + :throws Exception: When raiseException set and packet couldn't + be created. + :return: (:class:`ldns_pkt`) Query packet object or None. + If the object can't be created and raiseException is True, + an exception occurs. + + + **Usage** + + >>> pkt = ldns.ldns_pkt.new_query_frm_str("test.nic.cz",ldns.LDNS_RR_TYPE_ANY, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_QR | ldns.LDNS_AA) + >>> rra = ldns.ldns_rr.new_frm_str("test.nic.cz. IN A 192.168.1.1",300) + >>> list = ldns.ldns_rr_list() + >>> if (rra): list.push_rr(rra) + >>> pkt.push_rr_list(ldns.LDNS_SECTION_ANSWER, list) + >>> print pkt + ;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 0 + ;; flags: qr aa ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 + ;; QUESTION SECTION: + ;; test.nic.cz. IN ANY + ;; ANSWER SECTION: + test.nic.cz. 300 IN A 192.168.1.1 + ;; AUTHORITY SECTION: + ;; ADDITIONAL SECTION: + ;; Query time: 0 msec + ;; WHEN: Thu Jan 1 01:00:00 1970 + ;; MSG SIZE rcvd: 0 + """ + status, pkt = _ldns.ldns_pkt_query_new_frm_str(rr_name, rr_type, rr_class, flags) + if status != LDNS_STATUS_OK: + if (raiseException): raise Exception("Can't create query packet, error: %d" % status) + return None + return pkt + + # + # _LDNS_PKT_CONSTRUCTORS + # + + def __str__(self): + """ + Converts the data in the DNS packet to presentation format. + + :return: (str) + """ + return _ldns.ldns_pkt2str(self) + + def opcode2str(self): + """ + Converts a packet opcode to its mnemonic and returns that as an + allocated null-terminated string. + + :return: (str) + """ + return _ldns.ldns_pkt_opcode2str(self.get_opcode()) + + def rcode2str(self): + """ + Converts a packet rcode to its mnemonic and returns that as an + allocated null-terminated string. + + :return: (str) + """ + return _ldns.ldns_pkt_rcode2str(self.get_rcode()) + + def print_to_file(self, output): + """ + Prints the data in the DNS packet to the given file stream + (in presentation format). + + :param output: Opened file to write to. + :type output: file + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_print(output, self) + #parameters: FILE *,const ldns_pkt *, + + def write_to_buffer(self, buffer): + """ + Copies the packet data to the buffer in wire format. + + :param buffer: Buffer to append the result to. + :type buffer: :class:`ldns_buffer` + :throws TypeError: When arguments of inappropriate types. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_pkt2buffer_wire(buffer, self) + #parameters: ldns_buffer *,const ldns_pkt *, + #retvals: ldns_status + + @staticmethod + def algorithm2str(alg): + """ + Converts a signing algorithms to its mnemonic and returns that + as an allocated null-terminated string. + + :param alg: The algorithm to convert to text. + :type alg: ldns_algorithm + :return: (str) + """ + return _ldns.ldns_pkt_algorithm2str(alg) + #parameters: ldns_algorithm, + + @staticmethod + def cert_algorithm2str(alg): + """ + Converts a cert algorithm to its mnemonic and returns that as an + allocated null-terminated string. + + :param alg: Cert algorithm to convert to text. + :type alg: ldns_cert_algorithm + :return: (str) + """ + return _ldns.ldns_pkt_cert_algorithm2str(alg) + #parameters: ldns_algorithm, + + # + # LDNS_PKT_METHODS_ + # + + def aa(self): + """ + Read the packet's aa bit. + + :return: (bool) Value of the bit. + """ + return _ldns.ldns_pkt_aa(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def ad(self): + """ + Read the packet's ad bit. + + :return: (bool) Value of the bit. + """ + return _ldns.ldns_pkt_ad(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def additional(self): + """ + Return the packet's additional section. + + :return: (:class:`ldns_rr_list`) The additional section. + """ + return _ldns._ldns_pkt_additional(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rr_list * + + def all(self): + """ + Return the packet's question, answer, authority and additional + sections concatenated. + + :return: (:class:`ldns_rr_list`) Concatenated sections. + """ + return _ldns.ldns_pkt_all(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rr_list * + + def all_noquestion(self): + """ + Return the packet's answer, authority and additional sections + concatenated. + Like :meth:`all` but without the questions. + + :return: (:class:`ldns_rr_list`) Concatenated sections except + questions. + """ + return _ldns.ldns_pkt_all_noquestion(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rr_list * + + def ancount(self): + """ + Return the packet's an count. + + :return: (int) The an count. + """ + return _ldns.ldns_pkt_ancount(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def answer(self): + """ + Return the packet's answer section. + + :return: (:class:`ldns_rr_list`) The answer section. + """ + return _ldns._ldns_pkt_answer(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rr_list * + + def answerfrom(self): + """ + Return the packet's answerfrom. + + :return: (:class:`ldns_rdf`) The name of the server. + """ + return _ldns._ldns_pkt_answerfrom(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rdf * + + def arcount(self): + """ + Return the packet's ar count. + + :return: (int) The ar count. + """ + return _ldns.ldns_pkt_arcount(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def authority(self): + """ + Return the packet's authority section. + + :return: (:class:`ldns_rr_list`) The authority section. + """ + return _ldns._ldns_pkt_authority(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rr_list * + + def cd(self): + """ + Read the packet's cd bit. + + :return: (bool) Value of the bit. + """ + return _ldns.ldns_pkt_cd(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def clone(self): + """ + Clones the packet, creating a fully allocated copy. + + :return: (:class:`ldns_pkt`) New packet clone. + """ + return _ldns.ldns_pkt_clone(self) + #parameters: ldns_pkt *, + #retvals: ldns_pkt * + + def edns(self): + """ + Returns True if this packet needs and EDNS rr to be sent. + + At the moment the only reason is an expected packet size larger + than 512 bytes, but for instance DNSSEC would be a good reason + too. + + :return: (bool) True if packet needs EDNS rr. + """ + return _ldns.ldns_pkt_edns(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def edns_data(self): + """ + Return the packet's edns data. + + :return: (:class:`ldns_rdf`) The edns data. + """ + return _ldns._ldns_pkt_edns_data(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rdf * + + def edns_do(self): + """ + Return the packet's edns do bit + + :return: (bool) The bit's value. + """ + return _ldns.ldns_pkt_edns_do(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def edns_extended_rcode(self): + """ + Return the packet's edns extended rcode. + + :return: (uint8_t) The rcode. + """ + return _ldns.ldns_pkt_edns_extended_rcode(self) + #parameters: const ldns_pkt *, + #retvals: uint8_t + + def edns_udp_size(self): + """ + Return the packet's edns udp size. + + :return: (uint16_t) The udp size. + """ + return _ldns.ldns_pkt_edns_udp_size(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def edns_version(self): + """ + Return the packet's edns version. + + :return: (uint8_t) The edns version. + """ + return _ldns.ldns_pkt_edns_version(self) + #parameters: const ldns_pkt *, + #retvals: uint8_t + + def edns_z(self): + """ + Return the packet's edns z value. + + :return: (uint16_t) The z value. + """ + return _ldns.ldns_pkt_edns_z(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def empty(self): + """ + Check if a packet is empty. + + :return: (bool) True: empty, False: not empty + """ + return _ldns.ldns_pkt_empty(self) + #parameters: ldns_pkt *, + #retvals: bool + + def get_opcode(self): + """ + Read the packet's code. + + :return: (ldns_pkt_opcode) the opcode + """ + return _ldns.ldns_pkt_get_opcode(self) + #parameters: const ldns_pkt *, + #retvals: ldns_pkt_opcode + + def get_rcode(self): + """ + Return the packet's response code. + + :return: (ldns_pkt_rcode) The response code. + """ + return _ldns.ldns_pkt_get_rcode(self) + #parameters: const ldns_pkt *, + #retvals: ldns_pkt_rcode + + def get_section_clone(self, s): + """ + Return the selected rr_list's in the packet. + + :param s: What section(s) to return. + :type s: ldns_pkt_section + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_rr_list`) RR list with the rr's or None + if none were found. + """ + return _ldns.ldns_pkt_get_section_clone(self, s) + #parameters: const ldns_pkt *,ldns_pkt_section, + #retvals: ldns_rr_list * + + def id(self): + """ + Read the packet id. + + :return: (uint16_t) The packet id. + """ + return _ldns.ldns_pkt_id(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def nscount(self): + """ + Return the packet's ns count. + + :return: (uint16_t) The ns count. + """ + return _ldns.ldns_pkt_nscount(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def push_rr(self, section, rr): + """ + Push an rr on a packet. + + :param section: Where to put it. + :type section: ldns_pkt_section + :param rr: RR to push. + :type rr: :class:`ldns_rr` + :throws TypeError: When arguments of inappropriate types. + :return: (bool) A boolean which is True when the rr was added. + """ + return _ldns._ldns_pkt_push_rr(self,section,rr) + #parameters: ldns_pkt *,ldns_pkt_section,ldns_rr *, + #retvals: bool + + def push_rr_list(self, section, list): + """ + Push a rr_list on a packet. + + :param section: Where to put it. + :type section: ldns_pkt_section + :param list: The rr_list to push. + :type list: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + :return: (bool) A boolean which is True when the rr was added. + """ + return _ldns._ldns_pkt_push_rr_list(self,section,list) + #parameters: ldns_pkt *,ldns_pkt_section,ldns_rr_list *, + #retvals: bool + + def qdcount(self): + """ + Return the packet's qd count. + + :return: (uint16_t) The qd count. + """ + return _ldns.ldns_pkt_qdcount(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def qr(self): + """ + Read the packet's qr bit. + + :return: (bool) value of the bit + """ + return _ldns.ldns_pkt_qr(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def querytime(self): + """ + Return the packet's query time. + + :return: (uint32_t) The query time. + """ + return _ldns.ldns_pkt_querytime(self) + #parameters: const ldns_pkt *, + #retvals: uint32_t + + def question(self): + """ + Return the packet's question section. + + :return: (:class:`ldns_rr_list`) The question section. + """ + return _ldns._ldns_pkt_question(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rr_list * + + def ra(self): + """ + Read the packet's ra bit. + + :return: (bool) Value of the bit. + """ + return _ldns.ldns_pkt_ra(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def rd(self): + """ + Read the packet's rd bit. + + :return: (bool) Value of the bit. + """ + return _ldns.ldns_pkt_rd(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def reply_type(self): + """ + Looks inside the packet to determine what kind of packet it is, + AUTH, NXDOMAIN, REFERRAL, etc. + + :return: (ldns_pkt_type) The type of packet. + """ + return _ldns.ldns_pkt_reply_type(self) + #parameters: ldns_pkt *, + #retvals: ldns_pkt_type + + def rr(self, sec, rr): + """ + Check to see if an rr exist in the packet. + + :param sec: In which section to look. + :type sec: ldns_pkt_section + :param rr: The rr to look for. + :type rr: :class:`ldns_rr` + :throws TypeError: When arguments of inappropriate types. + :return: (bool) Return True is exists. + """ + return _ldns.ldns_pkt_rr(self, sec, rr) + #parameters: ldns_pkt *,ldns_pkt_section,ldns_rr *, + #retvals: bool + + def rr_list_by_name(self, r, s): + """ + Return all the rr with a specific name from a packet. + + :param r: The name. + :type r: :class:`ldns_rdf` + :param s: The packet's section. + :type s: ldns_pkt_section + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_rr_list`) A list with the rr's or None + if none were found. + """ + return _ldns.ldns_pkt_rr_list_by_name(self,r,s) + #parameters: ldns_pkt *,ldns_rdf *,ldns_pkt_section, + #retvals: ldns_rr_list * + + def rr_list_by_name_and_type(self, ownername, atype, sec): + """ + Return all the rr with a specific type and type from a packet. + + :param ownername: The name. + :type ownername: :class:`ldns_rdf` + :param atype: The type. + :type atype: ldns_rr_type + :param sec: The packet's section. + :type sec: ldns_pkt_section + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_rr_list`) A list with the rr's or None + if none were found. + """ + return _ldns.ldns_pkt_rr_list_by_name_and_type(self, ownername, atype, sec) + #parameters: const ldns_pkt *,const ldns_rdf *,ldns_rr_type,ldns_pkt_section, + #retvals: ldns_rr_list * + + def rr_list_by_type(self, t, s): + """ + Return all the rr with a specific type from a packet. + + :param t: The type. + :type t: ldns_rr_type + :param s: The packet's section. + :type s: ldns_pkt_section + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_rr_list`) A list with the rr's or None + if none were found. + """ + return _ldns.ldns_pkt_rr_list_by_type(self, t, s) + #parameters: const ldns_pkt *,ldns_rr_type,ldns_pkt_section, + #retvals: ldns_rr_list * + + def safe_push_rr(self, sec, rr): + """ + Push an rr on a packet, provided the RR is not there. + + :param sec: Where to put it. + :type sec: ldns_pkt_section + :param rr: RR to push. + :type rr: :class:`ldns_rr` + :throws TypeError: When arguments of inappropriate types. + :return: (bool) A boolean which is True when the rr was added. + """ + return _ldns._ldns_pkt_safe_push_rr(self,sec,rr) + #parameters: ldns_pkt *,ldns_pkt_section,ldns_rr *, + #retvals: bool + + def safe_push_rr_list(self, sec, list): + """ + Push an rr_list to a packet, provided the RRs are not already + there. + + :param sec: Where to put it. + :type sec: ldns_pkt_section + :param list: The rr_list to push. + :type list: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + :return: (bool) A boolean which is True when the list was added. + """ + return _ldns._ldns_pkt_safe_push_rr_list(self, sec, list) + #parameters: ldns_pkt *,ldns_pkt_section,ldns_rr_list *, + #retvals: bool + + def set_aa(self, b): + """ + Set the packet's aa bit. + + :param b: The value to set. + :type b: bool + """ + _ldns.ldns_pkt_set_aa(self, b) + #parameters: ldns_pkt *,bool, + #retvals: + + def set_ad(self, b): + """ + Set the packet's ad bit. + + :param b: The value to set. + :type b: bool + """ + _ldns.ldns_pkt_set_ad(self, b) + #parameters: ldns_pkt *,bool, + #retvals: + + def set_additional(self, rr): + """ + Directly set the additional section. + + :param rr: The rr list to set. + :type rr: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + """ + _ldns._ldns_pkt_set_additional(self, rr) + #parameters: ldns_pkt *,ldns_rr_list *, + #retvals: + + def set_ancount(self, c): + """ + Set the packet's an count. + + :param c: The count. + :type c: int + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_ancount(self, c) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def set_answer(self, rr): + """ + Directly set the answer section. + + :param rr: The rr list to set. + :type rr: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + """ + _ldns._ldns_pkt_set_answer(self, rr) + #parameters: ldns_pkt *,ldns_rr_list *, + #retvals: + + def set_answerfrom(self, r): + """ + Set the packet's answering server. + + :param r: The address. + :type r: :class:`ldns_rdf` + :throws TypeError: When arguments of inappropriate types. + """ + _ldns._ldns_pkt_set_answerfrom(self, r) + #parameters: ldns_pkt *,ldns_rdf *, + #retvals: + + def set_arcount(self, c): + """ + Set the packet's arcount. + + :param c: The count. + :type c: int + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_arcount(self,c) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def set_authority(self, rr): + """ + Directly set the authority section. + + :param rr: The rr list to set. + :type rr: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + """ + _ldns._ldns_pkt_set_authority(self, rr) + #parameters: ldns_pkt *,ldns_rr_list *, + #retvals: + + def set_cd(self, b): + """ + Set the packet's cd bit. + + :param b: The value to set. + :type b: bool + """ + _ldns.ldns_pkt_set_cd(self, b) + #parameters: ldns_pkt *,bool, + #retvals: + + def set_edns_data(self, data): + """ + Set the packet's edns data. + + :param data: The data. + :type data: :class:`ldns_rdf` + :throws TypeError: When arguments of inappropriate types. + """ + _ldns._ldns_pkt_set_edns_data(self, data) + #parameters: ldns_pkt *,ldns_rdf *, + #retvals: + + def set_edns_do(self, value): + """ + Set the packet's edns do bit. + + :param value: The bit's new value. + :type value: bool + """ + _ldns.ldns_pkt_set_edns_do(self, value) + #parameters: ldns_pkt *,bool, + #retvals: + + def set_edns_extended_rcode(self, c): + """ + Set the packet's edns extended rcode. + + :param c: The code. + :type c: uint8_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_edns_extended_rcode(self, c) + #parameters: ldns_pkt *,uint8_t, + #retvals: + + def set_edns_udp_size(self, s): + """ + Set the packet's edns udp size. + + :param s: The size. + :type s: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_edns_udp_size(self, s) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def set_edns_version(self, v): + """ + Set the packet's edns version. + + :param v: The version. + :type v: uint8_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_edns_version(self, v) + #parameters: ldns_pkt *,uint8_t, + #retvals: + + def set_edns_z(self, z): + """ + Set the packet's edns z value. + + :param z: The value. + :type z: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_edns_z(self, z) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def set_flags(self, flags): + """ + Sets the flags in a packet. + + :param flags: ORed values: LDNS_QR| LDNS_AR for instance. + :type flags: int + :throws TypeError: When arguments of inappropriate types. + :return: (bool) True on success, False otherwise. + """ + return _ldns.ldns_pkt_set_flags(self, flags) + #parameters: ldns_pkt *,uint16_t, + #retvals: bool + + def set_id(self, id): + """ + Set the packet's id. + + :param id: The id to set. + :type id: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_id(self, id) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def set_nscount(self, c): + """ + Set the packet's ns count. + + :param c: The count. + :type c: int + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_nscount(self, c) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def set_opcode(self, c): + """ + Set the packet's opcode. + + :param c: The opcode. + :type c: ldns_pkt_opcode + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_opcode(self, c) + #parameters: ldns_pkt *,ldns_pkt_opcode, + #retvals: + + def set_qdcount(self, c): + """ + Set the packet's qd count. + + :param c: The count. + :type c: int + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_qdcount(self, c) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def set_qr(self, b): + """ + Set the packet's qr bit. + + :param b: The value to set. + :type b: bool + """ + _ldns.ldns_pkt_set_qr(self, b) + #parameters: ldns_pkt *,bool, + #retvals: + + def set_querytime(self, t): + """ + Set the packet's query time. + + :param t: The query time in msec. + :type t: uint32_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_querytime(self, t) + #parameters: ldns_pkt *,uint32_t, + #retvals: + + def set_question(self, rr): + """ + Directly set the question section. + + :param rr: The rr list to set. + :type rr: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + """ + _ldns._ldns_pkt_set_question(self, rr) + #parameters: ldns_pkt *,ldns_rr_list *, + #retvals: + + def set_ra(self, b): + """ + Set the packet's ra bit. + + :param b: The value to set. + :type b: bool + """ + _ldns.ldns_pkt_set_ra(self, b) + #parameters: ldns_pkt *,bool, + #retvals: + + def set_random_id(self): + """ + Set the packet's id to a random value. + """ + _ldns.ldns_pkt_set_random_id(self) + #parameters: ldns_pkt *, + #retvals: + + def set_rcode(self, c): + """ + Set the packet's response code. + + :param c: The rcode. + :type c: uint8_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_rcode(self, c) + #parameters: ldns_pkt *,uint8_t, + #retvals: + + def set_rd(self, b): + """ + Set the packet's rd bit. + + :param b: The value to set. + :type b: bool + """ + _ldns.ldns_pkt_set_rd(self, b) + #parameters: ldns_pkt *,bool, + #retvals: + + def set_section_count(self, s, x): + """ + Set a packet's section count to x. + + :param s: The section. + :type s: ldns_pkt_section + :param x: The section count. + :type x: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_section_count(self, s, x) + #parameters: ldns_pkt *,ldns_pkt_section,uint16_t, + #retvals: + + def set_size(self, s): + """ + Set the packet's size. + + :param s: The size. + :type s: int + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_size(self,s) + #parameters: ldns_pkt *,size_t, + #retvals: + + def set_tc(self, b): + """ + Set the packet's tc bit. + + :param b: The value to set. + :type b: bool + """ + _ldns.ldns_pkt_set_tc(self, b) + #parameters: ldns_pkt *,bool, + #retvals: + + def set_timestamp(self, timeval): + """ + Set the packet's time stamp. + + :param timestamp: The time stamp. + :type timestamp: struct timeval + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_pkt_set_timestamp(self, timeval) + #parameters: ldns_pkt *,struct timeval, + #retvals: + + def set_tsig(self, t): + """ + Set the packet's tsig rr. + + :param t: The tsig rr. + :type t: :class:`ldns_rr` + :throws TypeError: When arguments of inappropriate types. + """ + _ldns._ldns_pkt_set_tsig(self, t) + #parameters: ldns_pkt *,ldns_rr *, + #retvals: + + def size(self): + """ + Return the packet's size in bytes. + + :return: (size_t) The size. + """ + return _ldns.ldns_pkt_size(self) + #parameters: const ldns_pkt *, + #retvals: size_t + + def tc(self): + """ + Read the packet's tc bit. + + :return: (bool) Value of the bit. + """ + return _ldns.ldns_pkt_tc(self) + #parameters: const ldns_pkt *, + #retvals: bool + + def timestamp(self): + """ + Return the packet's time stamp. + + :return: (struct timeval) The time stamp. + """ + return _ldns.ldns_pkt_timestamp(self) + #parameters: const ldns_pkt *, + #retvals: struct timeval + + def tsig(self): + """ + Return the packet's tsig pseudo rr's. + + :return: (:class:`ldns_rr`) The tsig rr. + """ + return _ldns._ldns_pkt_tsig(self) + #parameters: const ldns_pkt *, + #retvals: ldns_rr * + + # + # _LDNS_PKT_METHODS# + # + + # + # LDNS update methods + # + + # + # LDNS_METHODS_ + # + + def update_ad(self): + """ + Get the ad count. + + :return: (uint16_t) The ad count. + """ + return _ldns.ldns_update_ad(self) + #parameters: ldns_pkt * + #retvals: uint16_t + + def update_pkt_tsig_add(self, r): + """ + Add tsig credentials to a packet from a resolver. + + :param r: Resolver to copy from. + :type r: :class:`ldns_resolver` + :throws TypeError: When arguments of inappropriate types. + :return: (ldns_status) Status whether successful or not. + """ + return _ldns.ldns_update_pkt_tsig_add(self, r) + #parameters: ldns_pkt *,ldns_resolver *, + #retvals: ldns_status + + def update_prcount(self): + """ + Get the pr count. + + :return: (uint16_t) The pr count. + """ + return _ldns.ldns_update_prcount(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def update_set_adcount(self, c): + """ + Set the ad count. + + :param c: The ad count to set. + :type c: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_update_set_adcount(self, c) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def update_set_prcount(self, c): + """ + Set the pr count. + + :param c: The pr count to set. + :type c: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_update_set_prcount(self, c) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def update_set_upcount(self, c): + """ + Set the up count. + + :param c: The up count to set. + :type c: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_update_set_upcount(self,c) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def update_set_zo(self, c): + """ + Set the zo count. + + :param c: The zo count to set. + :type c: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_update_set_zo(self, c) + #parameters: ldns_pkt *,uint16_t, + #retvals: + + def update_upcount(self): + """ + Get the up count. + + :return: (uint16_t) The up count. + """ + return _ldns.ldns_update_upcount(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + def update_zocount(self): + """ + Get the zo count. + + :return: (uint16_t) The zo count. + """ + return _ldns.ldns_update_zocount(self) + #parameters: const ldns_pkt *, + #retvals: uint16_t + + # + # _LDNS_METHODS + # + %} +} diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_rdf.i b/zonemaster-ldns/ldns/contrib/python/ldns_rdf.i new file mode 100644 index 0000000..39f9af1 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_rdf.i @@ -0,0 +1,949 @@ +/****************************************************************************** + * ldns_rdf.i: LDNS record data + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + *****************************************************************************/ + + +/* ========================================================================= */ +/* SWIG setting and definitions. */ +/* ========================================================================= */ + +/* Creates a temporary instance of (ldns_rdf *). */ +%typemap(in, numinputs=0, noblock=1) (ldns_rdf **) +{ + ldns_rdf *$1_rdf = NULL; + $1 = &$1_rdf; +} + +/* Result generation, appends (ldns_rdf *) after the result. */ +%typemap(argout, noblock=1) (ldns_rdf **) +{ + $result = SWIG_Python_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_rdf), + SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0)); +} + +#if SWIG_VERSION < 0x040200 +/* + * Automatic conversion of const (ldns_rdf *) parameter from string. + * Argument default value. + */ +%typemap(arginit, noblock=1) const ldns_rdf * +{ +#if SWIG_VERSION >= 0x040200 + PyObject *$1_bytes = NULL; +#else + char *$1_str = NULL; +#endif +} + +/* + * Automatic conversion of const (ldns_rdf *) parameter from string. + * Preparation of arguments. + */ +%typemap(in, noblock=1) const ldns_rdf * (void* argp, $1_ltype tmp = 0, int res) +{ + if (Python_str_Check($input)) { + const char *argstr; +#if SWIG_VERSION >= 0x040200 + argstr = SWIG_PyUnicode_AsUTF8AndSize($input, NULL, &$1_bytes); +#else + $1_str = SWIG_Python_str_AsChar($input); + argstr = $1_str; +#endif + if (argstr == NULL) { + %argument_fail(SWIG_TypeError, "char *", $symname, $argnum); + } + tmp = ldns_dname_new_frm_str(argstr); + if (tmp == NULL) { + %argument_fail(SWIG_TypeError, "char *", $symname, $argnum); + } + $1 = ($1_ltype) tmp; + } else { + res = SWIG_ConvertPtr($input, &argp, SWIGTYPE_p_ldns_struct_rdf, 0 | 0); + if (!SWIG_IsOK(res)) { + %argument_fail(res, "ldns_rdf const *", $symname, $argnum); + } + $1 = ($1_ltype) argp; + } +} + +/* + * Automatic conversion of const (ldns_rdf *) parameter from string. + * Freeing of allocated memory (in Python 3 when daling with strings). + */ +%typemap(freearg, noblock=1) const ldns_rdf * +{ +#if SWIG_VERSION >= 0x040200 + if ($1_bytes != NULL) { + /* Is not NULL only when a conversion form string occurred. */ + Py_XDECREF($1_bytes); + } +#else + if ($1_str != NULL) { + /* Is not NULL only when a conversion form string occurred. */ + SWIG_Python_str_DelForPy3($1_str); /* Is a empty macro for Python < 3. */ + } +#endif +} + +#else +/* + * Automatic conversion of const (ldns_rdf *) parameter from string. + * Argument default value. + */ +%typemap(arginit, noblock=1) const ldns_rdf * +{ + PyObject *$1_bytes = NULL; +} + +/* + * Automatic conversion of const (ldns_rdf *) parameter from string. + * Preparation of arguments. + */ +%typemap(in, noblock=1) const ldns_rdf * (void* argp, $1_ltype tmp = 0, int res) +{ + if (Python_str_Check($input)) { + const char *$1_str = SWIG_PyUnicode_AsUTF8AndSize($input, NULL, &$1_bytes); + if ($1_str == NULL) { + %argument_fail(SWIG_TypeError, "char *", $symname, $argnum); + } + tmp = ldns_dname_new_frm_str($1_str); + if (tmp == NULL) { + %argument_fail(SWIG_TypeError, "char *", $symname, $argnum); + } + $1 = ($1_ltype) tmp; + } else { + res = SWIG_ConvertPtr($input, &argp, SWIGTYPE_p_ldns_struct_rdf, 0 | 0); + if (!SWIG_IsOK(res)) { + %argument_fail(res, "ldns_rdf const *", $symname, $argnum); + } + $1 = ($1_ltype) argp; + } +} + +/* + * Automatic conversion of const (ldns_rdf *) parameter from string. + * Freeing of allocated memory (it's a no op unless compiling for some older versions of the Python stable ABI). + */ +%typemap(freearg, noblock=1) const ldns_rdf * +{ + Py_XDECREF($1_bytes); +} +#endif + +%nodefaultctor ldns_struct_rdf; /* No default constructor. */ +%nodefaultdtor ldns_struct_rdf; /* No default destructor. */ + + +/* + * This file must contain all %newobject and %delobject tags also for + * ldns_dname. This is because the ldns_dname is a derived class from ldns_rdf. + */ + + +%newobject ldns_rdf_new; +%newobject ldns_rdf_new_frm_str; +%newobject ldns_rdf_new_frm_data; + +%newobject ldns_rdf_address_reverse; +%newobject ldns_rdf_clone; +%newobject ldns_rdf2str; + +%newobject ldns_dname_new; +%newobject ldns_dname_new_frm_str; +%newobject ldns_dname_new_frm_data; + +%newobject ldns_dname_cat_clone; +%newobject ldns_dname_label; +%newobject ldns_dname_left_chop; +%newobject ldns_dname_reverse; + +%delobject ldns_rdf_deep_free; +%delobject ldns_rdf_free; + + +/* + * Should the ldns_rdf_new() also be marked as deleting its data parameter? + */ +%delobject ldns_rdf_set_data; /* Because data are directly coupled into rdf. */ + +%rename(ldns_rdf) ldns_struct_rdf; + + +/* ========================================================================= */ +/* Debugging related code. */ +/* ========================================================================= */ + +#ifdef LDNS_DEBUG +%rename(__ldns_rdf_deep_free) ldns_rdf_deep_free; +%rename(__ldns_rdf_free) ldns_rdf_free; +%inline +%{ + /*! + * @brief Prints information about deallocated rdf and deallocates. + */ + void _ldns_rdf_deep_free (ldns_rdf *r) + { + printf("******** LDNS_RDF deep free 0x%lX ************\n", + (long unsigned int) r); + ldns_rdf_deep_free(r); + } + + /*! + * @brief Prints information about deallocated rdf and deallocates. + */ + void _ldns_rdf_free (ldns_rdf* r) + { + printf("******** LDNS_RDF free 0x%lX ************\n", + (long unsigned int) r); + ldns_rdf_free(r); + } +%} +#else /* !LDNS_DEBUG */ +%rename(_ldns_rdf_deep_free) ldns_rdf_deep_free; +%rename(_ldns_rdf_free) ldns_rdf_free; +#endif /* LDNS_DEBUG */ + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + + +%inline +%{ + /*! + * @brief returns a human readable string containing rdf type. + */ + const char *ldns_rdf_type2str(const ldns_rdf *rdf) + { + if (rdf) { + switch(ldns_rdf_get_type(rdf)) { + case LDNS_RDF_TYPE_NONE: return 0; + case LDNS_RDF_TYPE_DNAME: return "DNAME"; + case LDNS_RDF_TYPE_INT8: return "INT8"; + case LDNS_RDF_TYPE_INT16: return "INT16"; + case LDNS_RDF_TYPE_INT32: return "INT32"; + case LDNS_RDF_TYPE_A: return "A"; + case LDNS_RDF_TYPE_AAAA: return "AAAA"; + case LDNS_RDF_TYPE_STR: return "STR"; + case LDNS_RDF_TYPE_APL: return "APL"; + case LDNS_RDF_TYPE_B32_EXT: return "B32_EXT"; + case LDNS_RDF_TYPE_B64: return "B64"; + case LDNS_RDF_TYPE_HEX: return "HEX"; + case LDNS_RDF_TYPE_NSEC: return "NSEC"; + case LDNS_RDF_TYPE_TYPE: return "TYPE"; + case LDNS_RDF_TYPE_CLASS: return "CLASS"; + case LDNS_RDF_TYPE_CERT_ALG: return "CER_ALG"; + case LDNS_RDF_TYPE_ALG: return "ALG"; + case LDNS_RDF_TYPE_UNKNOWN: return "UNKNOWN"; + case LDNS_RDF_TYPE_TIME: return "TIME"; + case LDNS_RDF_TYPE_PERIOD: return "PERIOD"; + case LDNS_RDF_TYPE_TSIGTIME: return "TSIGTIME"; + case LDNS_RDF_TYPE_HIP: return "HIP"; + case LDNS_RDF_TYPE_INT16_DATA: return "INT16_DATA"; + case LDNS_RDF_TYPE_SERVICE: return "SERVICE"; + case LDNS_RDF_TYPE_LOC: return "LOC"; + case LDNS_RDF_TYPE_WKS: return "WKS"; + case LDNS_RDF_TYPE_NSAP: return "NSAP"; + case LDNS_RDF_TYPE_ATMA: return "ATMA"; + case LDNS_RDF_TYPE_IPSECKEY: return "IPSECKEY"; + case LDNS_RDF_TYPE_NSEC3_SALT: return "NSEC3_SALT"; + case LDNS_RDF_TYPE_NSEC3_NEXT_OWNER: + return "NSEC3_NEXT_OWNER"; + case LDNS_RDF_TYPE_ILNP64: return "ILNP64"; + case LDNS_RDF_TYPE_EUI48: return "EUI48"; + case LDNS_RDF_TYPE_EUI64: return "EUI64"; + case LDNS_RDF_TYPE_TAG: return "TAG"; + case LDNS_RDF_TYPE_LONG_STR: return "LONG_STR"; + case LDNS_RDF_TYPE_AMTRELAY: return "AMTRELAY"; + case LDNS_RDF_TYPE_SVCPARAMS: return "SVCPARAMS"; + case LDNS_RDF_TYPE_CERTIFICATE_USAGE: + return "CERTIFICATE_USAGE"; + case LDNS_RDF_TYPE_SELECTOR: return "SELECTOR"; + case LDNS_RDF_TYPE_MATCHING_TYPE: + return "MATCHING_TYPE"; + } + } + return 0; + } +%} + + +%inline +%{ + /*! + * @brief Returns the rdf data organised into a list of bytes. + */ + PyObject * ldns_rdf_data_as_bytearray(const ldns_rdf *rdf) + { + Py_ssize_t len; + uint8_t *data; + + assert(rdf != NULL); + + len = ldns_rdf_size(rdf); + data = ldns_rdf_data(rdf); + + return PyByteArray_FromStringAndSize((char *) data, len); + } +%} + + +/* ========================================================================= */ +/* Encapsulating Python code. */ +/* ========================================================================= */ + +%feature("docstring") ldns_struct_rdf "Resource record data field. + +The data is a network ordered array of bytes, which size is specified +by the (16-bit) size field. To correctly parse it, use the type +specified in the (16-bit) type field with a value from ldns_rdf_type." + +%extend ldns_struct_rdf { + + %pythoncode + %{ + def __init__(self): + """ + Cannot be created directly from Python. + """ + raise Exception("This class can't be created directly. " + + "Please use: ldns_rdf_new, ldns_rdf_new_frm_data, " + + "ldns_rdf_new_frm_str, ldns_rdf_new_frm_fp, " + + "ldns_rdf_new_frm_fp_l") + + __swig_destroy__ = _ldns._ldns_rdf_deep_free + + # + # LDNS_RDF_CONSTRUCTORS_ + # + + @staticmethod + def new_frm_str(string, rr_type, raiseException = True): + """ + Creates a new rdf from a string of a given type. + + :param string: string to use + :type string: string + :param rr_type: The type of the rdf. See predefined `RDF_TYPE_` + constants. + :type rr_type: integer + :param raiseException: If True, an exception occurs in case + a RDF object can't be created. + :type raiseException: bool + :throws TypeError: When parameters of mismatching types. + :throws Exception: When raiseException set and rdf couldn't + be created. + :return: :class:`ldns_rdf` object or None. If the object + can't be created and `raiseException` is True, + an exception occurs. + + **Usage** + + >>> rdf = ldns.ldns_rdf.new_frm_str("74.125.43.99", ldns.LDNS_RDF_TYPE_A) + >>> print rdf, rdf.get_type_str() + A 74.125.43.99 + >>> name = ldns.ldns_resolver.new_frm_file().get_name_by_addr(rdf) + >>> if (name): print name + 99.43.125.74.in-addr.arpa. 85277 IN PTR bw-in-f99.google.com. + """ + rr = _ldns.ldns_rdf_new_frm_str(rr_type, string) + if (not rr) and raiseException: + raise Exception("Can't create query packet") + return rr + + # + # _LDNS_RDF_CONSTRUCTORS + # + + def __str__(self): + """ + Converts the rdata field to presentation format. + """ + return _ldns.ldns_rdf2str(self) + + def __cmp__(self, other): + """ + Compares two rdfs on their wire formats. + + (To order dnames according to rfc4034, use ldns_dname_compare.) + + :param other: The second one RDF. + :type other: :class:`ldns_rdf` + :throws TypeError: When `other` of non-:class:`ldns_rdf` type. + :return: (int) -1, 0 or 1 if self comes before other, + is equal or self comes after other respectively. + """ + return _ldns.ldns_rdf_compare(self, other) + + def __lt__(self, other): + """ + Compares two rdfs on their formats. + + :param other: The socond one RDF. + :type other: :class:`ldns_rdf` + :throws TypeError: When `other` of non-:class:`ldns_rdf` type. + :return: (bool) True when `self` is less than 'other'. + """ + return _ldns.ldns_rdf_compare(self, other) == -1 + + def __le__(self, other): + """ + Compares two rdfs on their formats. + + :param other: The socond one RDF. + :type other: :class:`ldns_rdf` + :throws TypeError: When `other` of non-:class:`ldns_rdf` type. + :return: (bool) True when `self` is less than or equal to + 'other'. + """ + return _ldns.ldns_rdf_compare(self, other) != 1 + + def __eq__(self, other): + """ + Compares two rdfs on their formats. + + :param other: The socond one RDF. + :type other: :class:`ldns_rdf` + :throws TypeError: When `other` of non-:class:`ldns_rdf` type. + :return: (bool) True when `self` is equal to 'other'. + """ + return _ldns.ldns_rdf_compare(self, other) == 0 + + def __ne__(self, other): + """ + Compares two rdfs on their formats. + + :param other: The socond one RDF. + :type other: :class:`ldns_rdf` + :throws TypeError: When `other` of non-:class:`ldns_rdf` type. + :return: (bool) True when `self` is not equal to 'other'. + """ + return _ldns.ldns_rdf_compare(self, other) != 0 + + def __gt__(self, other): + """ + Compares two rdfs on their formats. + + :param other: The socond one RDF. + :type other: :class:`ldns_rdf` + :throws TypeError: When `other` of non-:class:`ldns_rdf` type. + :return: (bool) True when `self` is greater than 'other'. + """ + return _ldns.ldns_rdf_compare(self, other) == 1 + + def __ge__(self, other): + """ + Compares two rdfs on their formats. + + :param other: The socond one RDF. + :type other: :class:`ldns_rdf` + :throws TypeError: When `other` of non-:class:`ldns_rdf` type. + :return: (bool) True when `self` is greater than or equal to + 'other'. + """ + return _ldns.ldns_rdf_compare(self, other) != -1 + + def print_to_file(self, output): + """ + Prints the data in the rdata field to the given `output` file + stream (in presentation format). + """ + _ldns.ldns_rdf_print(output, self) + + def get_type_str(self): + """ + Returns the type of the rdf as a human readable string. + + :return: String containing rdf type. + """ + return ldns_rdf_type2str(self) + + def write_to_buffer(self, buffer): + """ + Copies the rdata data to the buffer in wire format. + + :param buffer: Buffer to append the rdf to. + :type param: :class:`ldns_buffer` + :throws TypeError: When `buffer` of non-:class:`ldns_buffer` + type. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_rdf2buffer_wire(buffer, self) + #parameters: ldns_buffer *, const ldns_rdf *, + #retvals: ldns_status + + def write_to_buffer_canonical(self, buffer): + """ + Copies the rdata data to the buffer in wire format. + If the rdata is a dname, the letters will be converted + to lower case during the conversion. + + :param buffer: LDNS buffer. + :type buffer: :class:`ldns_buffer` + :throws TypeError: When `buffer` of non-:class:`ldns_buffer` + type. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_rdf2buffer_wire_canonical(buffer, self) + #parameters: ldns_buffer *, const ldns_rdf *, + #retvals: ldns_status + + # + # LDNS_RDF_METHODS_ + # + + def address_reverse(self): + """ + Reverses an rdf, only actually useful for AAAA and A records. + + The returned rdf has the type LDNS_RDF_TYPE_DNAME! + + :return: (:class:`ldns_rdf`) The reversed rdf + (a newly created rdf). + """ + return _ldns.ldns_rdf_address_reverse(self) + #parameters: ldns_rdf *, + #retvals: ldns_rdf * + + def clone(self): + """ + Clones a rdf structure. + + The data are copied. + + :return: (:class:`ldns_rdf`) A new rdf structure. + """ + return _ldns.ldns_rdf_clone(self) + #parameters: const ldns_rdf *, + #retvals: ldns_rdf * + + def data(self): + """ + Returns the data of the rdf. + + :return: (uint8_t \*) uint8_t* pointer to the rdf's data. + """ + return _ldns.ldns_rdf_data(self) + #parameters: const ldns_rdf *, + #retvals: uint8_t * + + def data_as_bytearray(self): + """ + Returns the data of the rdf as a bytearray. + + :return: (bytearray) Bytearray containing the rdf data. + """ + return _ldns.ldns_rdf_data_as_bytearray(self) + #parameters: const ldns_rdf *, + #retvals: bytearray + + def get_type(self): + """ + Returns the type of the rdf. + + We need to prepend the prefix get_ here to prevent conflict + with the rdf_type TYPE. + + :return: (ldns_rdf_type) Identifier of the type. + """ + return _ldns.ldns_rdf_get_type(self) + #parameters: const ldns_rdf *, + #retvals: ldns_rdf_type + + def set_data(self, data): + """ + Sets the data portion of the rdf. + + The data are not copied, but are assigned to the rdf, + `data` are decoupled from the Python engine. + + :param data: Data to be set. + :type data: void \* + """ + _ldns.ldns_rdf_set_data(self, data) + #parameters: ldns_rdf *, void *, + #retvals: + + def set_size(self, size): + """ + Sets the size of the rdf. + + :param size: The new size. + :type size: integer + :throws TypeError: When size of non-integer type. + """ + _ldns.ldns_rdf_set_size(self,size) + #parameters: ldns_rdf *,size_t, + #retvals: + + def set_type(self, atype): + """ + Sets the type of the rdf. + + :param atype: rdf type + :type atype: integer + :throws TypeError: When atype of non-integer type. + """ + _ldns.ldns_rdf_set_type(self, atype) + #parameters: ldns_rdf *, ldns_rdf_type, + #retvals: + + def size(self): + """ + Returns the size of the rdf. + + :return: (size_t) uint16_t with the size. + """ + return _ldns.ldns_rdf_size(self) + #parameters: const ldns_rdf *, + #retvals: size_t + + @staticmethod + def dname_new_frm_str(string): + """ + Creates a new dname rdf instance from a given string. + + This static method is equivalent to using of default + :class:`ldns_rdf` constructor. + + :parameter string: String to use. + :type string: string + :throws TypeError: When not a string used. + :return: :class:`ldns_rdf` or None if error. + + .. warning:: + + It is scheduled to be deprecated and removed. Use + :class:`ldns_dname` constructor instead. + """ + warnings.warn("The ldns_rdf.dname_new_frm_str() method is" + + " scheduled to be deprecated in future releases." + + " Use ldns_dname constructor instead.", + PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_new_frm_str(string) + + def absolute(self): + """ + Checks whether the given dname string is absolute + (i.e., ends with a '.'). + + :return: (bool) True or False + + .. note:: + + This method was malfunctioning in ldns-1.3.16 and also + possibly earlier. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname` to use the method. + """ + warnings.warn("The ldns_rdf.absolute() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + if self.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + string = self.__str__() + return _ldns.ldns_dname_str_absolute(string) != 0 + else: + return False + + def make_canonical(self): + """ + Put a dname into canonical format (i.e., convert to lower case). + + Performs no action if not a dname. + + .. warning:: + + This method is scheduled to be deprecated and removed. + Convert :class:`ldns_rdf` to :class:`ldns_dname` to use + the method. + """ + warnings.warn("The ldns_rdf.make_canonical() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + _ldns.ldns_dname2canonical(self) + + def dname_compare(self, other): + """ + Compares two dname rdf according to the algorithm + for ordering in RFC4034 Section 6. + + :param other: The second dname rdf to compare. + :type other: :class:`ldns_rdf` + :throws TypeError: When not a :class:`ldns_rdf` used. + :throws Exception: When not dnames compared. + :return: (int) -1, 0 or 1 if `self` comes before `other`, + `self` is equal or `self` comes after `other` respectively. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.dname_compare() method is" + + " scheduled to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if not isinstance(other, ldns_rdf): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (self.get_type() != _ldns.LDNS_RDF_TYPE_DNAME) or \ + (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Both operands must be dname rdfs.") + return _ldns.ldns_dname_compare(self, other) + + def cat(self, rd2): + """ + Concatenates `rd2` after `this` dname (`rd2` is copied, + `this` dname is modified). + + :param rd2: The right-hand side. + :type rd2: :class:`ldns_rdf` + :throws TypeError: When `rd2` of non-:class:`ldns_rdf` or + non-:class:`ldns_dname` type. + :return: (ldns_status) LDNS_STATUS_OK on success. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.cat() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_cat(self, rd2) + #parameters: ldns_rdf *, ldns_rdf *, + #retvals: ldns_status + + def cat_clone(self, rd2): + """ + Concatenates two dnames together. + + :param rd2: The right-hand side. + :type rd2: :class:`ldns_rdf` + :throws TypeError: When `rd2` of non-:class:`ldns_rdf` or + non-:class:`ldns_dname` type. + :return: (:class:`ldns_rdf`) A new rdf with + left-hand side + right-hand side content None when + error. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.cat_clone() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_cat_clone(self, rd2) + #parameters: const ldns_rdf *, const ldns_rdf *, + #retvals: ldns_rdf * + + def interval(self, middle, next): + """ + Check whether the `middle` lays in the interval defined by + `this` and `next` (`this` <= `middle` < `next`). + + This method is useful for nsec checking + + :param middle: The dname to check. + :type middle: :class:`ldns_rdf` + :param next: The boundary. + :type next: :class:`ldns_rdf` + :throws TypeError: When `middle` or `next` of + non-:class:`ldns_rdf` type. + :throws Exception: When non-dname rdfs compared. + :return: (int) 0 on error or unknown, + -1 when middle is in the interval, 1 when not. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.interval() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + # + # The wrapped function generates asserts instead of setting + # error status. They cannot be caught from Python so a check + # is necessary. + # + if (not isinstance(middle, ldns_rdf)) or \ + (not isinstance(next, ldns_rdf)): + raise TypeError("Parameters must be derived from ldns_rdf.") + if (self.get_type() != _ldns.LDNS_RDF_TYPE_DNAME) or \ + (middle.get_type() != _ldns.LDNS_RDF_TYPE_DNAME) or \ + (next.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("All operands must be dname rdfs.") + return _ldns.ldns_dname_interval(self, middle, next) + #parameters: const ldns_rdf *, const ldns_rdf *, const ldns_rdf *, + #retvals: int + + def is_subdomain(self, parent): + """ + Tests whether the name of the given instance falls under + `parent` (i.e., is a sub-domain of `parent`). + + This function will return False if the given dnames + are equal. + + :param parent: The parent's name. + :type parent: :class:`ldns_rdf` + :throws TypeError: When `parent` of non-:class:`ldns_rdf` type. + :return: (bool) True if `this` falls under `parent`, otherwise + False. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.is_subdomain() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_is_subdomain(self, parent) + #parameters: const ldns_rdf *, const ldns_rdf *, + #retvals: bool + + def label(self, labelpos): + """ + Look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try + and retrieve a specific label. + + The labels are numbered starting from 0 (left most). + + :param labelpos: Index of the label. (Labels are numbered + 0, which is the left most.) + :type labelpos: integer + :throws TypeError: When `labelpos` of non-integer type. + :return: (:class:`ldns_rdf`) A new rdf with the label + as name or None on error. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.label() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_label(self, labelpos) + #parameters: const ldns_rdf *, uint8_t, + #retvals: ldns_rdf * + + def label_count(self): + """ + Count the number of labels inside a LDNS_RDF_DNAME type rdf. + + :return: (uint8_t) The number of labels. Will return 0 if + not a dname. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.label_count() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_label_count(self) + #parameters: const ldns_rdf *, + #retvals: uint8_t + + def left_chop(self): + """ + Chop one label off the left side of a dname. + + (e.g., wwww.nlnetlabs.nl, becomes nlnetlabs.nl) + + :return: (:class:`ldns_rdf`) The remaining dname or None when + error. + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.left_chop() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + return _ldns.ldns_dname_left_chop(self) + #parameters: const ldns_rdf *, + #retvals: ldns_rdf * + + def reverse(self): + """ + Returns a clone of the given dname with the labels reversed. + + When reversing non-dnames a "." (root name) dname is returned. + + :throws Exception: When used on non-dname rdfs. + :return: (:class:`ldns_rdf`) Clone of the dname with the labels + reversed or ".". + + .. warning:: + + It is scheduled to be deprecated and removed. Convert + :class:`ldns_rdf` to :class:`ldns_dname`. + """ + warnings.warn("The ldns_rdf.reverse() method is scheduled" + + " to be deprecated in future releases." + + " Convert the ldns_rdf to ldns_dname and the use its" + + " methods.", PendingDeprecationWarning, stacklevel=2) + if self.get_type() != _ldns.LDNS_RDF_TYPE_DNAME: + raise Exception("Operand must be a dname rdf.") + return _ldns.ldns_dname_reverse(self) + #parameters: const ldns_rdf *, + #retvals: ldns_rdf * + + # + # _LDNS_RDF_METHODS + # + %} +} diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_resolver.i b/zonemaster-ldns/ldns/contrib/python/ldns_resolver.i new file mode 100644 index 0000000..8468cce --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_resolver.i @@ -0,0 +1,1454 @@ +/****************************************************************************** + * ldns_resolver.i: LDNS resolver class + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + *****************************************************************************/ + + +/* ========================================================================= */ +/* SWIG setting and definitions. */ +/* ========================================================================= */ + +/* Creates temporary instance of (ldns_resolver *). */ +%typemap(in,numinputs=0,noblock=1) (ldns_resolver **r) +{ + ldns_resolver *$1_res; + $1 = &$1_res; +} + +/* Result generation, appends (ldns_resolver *) after the result. */ +%typemap(argout,noblock=1) (ldns_resolver **r) +{ + $result = SWIG_Python_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_res), + SWIGTYPE_p_ldns_struct_resolver, SWIG_POINTER_OWN | 0 )); +} + +%newobject ldns_resolver_new; +%newobject ldns_resolver_pop_nameserver; +%newobject ldns_resolver_query; +%newobject ldns_resolver_search; +%newobject ldns_axfr_next; +%newobject ldns_get_rr_list_addr_by_name; +%newobject ldns_get_rr_list_name_by_addr; + +%delobject ldns_resolver_deep_free; +%delobject ldns_resolver_free; + +%nodefaultctor ldns_struct_resolver; /* No default constructor. */ +%nodefaultdtor ldns_struct_resolver; /* No default destructor. */ + +%ignore ldns_struct_resolver::_searchlist; +%ignore ldns_struct_resolver::_nameservers; +%ignore ldns_resolver_set_nameservers; + +%rename(ldns_resolver) ldns_struct_resolver; + + +/* Clone data on pull. */ + +%newobject _ldns_axfr_last_pkt; +%rename(__ldns_axfr_last_pkt) ldns_axfr_last_pkt; +%inline +%{ + ldns_pkt * _ldns_axfr_last_pkt(const ldns_resolver *res) + { + return ldns_pkt_clone(ldns_axfr_last_pkt(res)); + } +%} + +%newobject _ldns_resolver_dnssec_anchors; +%rename(__ldns_resolver_dnssec_anchors) ldns_resolver_dnssec_anchors; +%inline +%{ + ldns_rr_list * _ldns_resolver_dnssec_anchors(const ldns_resolver *res) + { + return ldns_rr_list_clone(ldns_resolver_dnssec_anchors(res)); + } +%} + +%newobject _ldns_resolver_domain; +%rename(__ldns_resolver_domain) ldns_resolver_domain; +%inline +%{ + ldns_rdf * _ldns_resolver_domain(const ldns_resolver *res) + { + /* Prevents assertion failures. */ + ldns_rdf *rdf; + rdf = ldns_resolver_domain(res); + if (rdf != NULL) { + rdf = ldns_rdf_clone(rdf); + } + return rdf; + } +%} + +%newobject _ldns_resolver_tsig_algorithm; +%rename(__ldns_resolver_tsig_algorithm) ldns_resolver_tsig_algorithm; +%inline +%{ + const char * _ldns_resolver_tsig_algorithm(const ldns_resolver *res) + { + const char *str; + str = ldns_resolver_tsig_algorithm(res); + if (str != NULL) { + str = strdup(str); + } + return str; + } +%} + +%newobject _ldns_resolver_tsig_keydata; +%rename(__ldns_resolver_tsig_keydata) ldns_resolver_tsig_keydata; +%inline +%{ + const char * _ldns_resolver_tsig_keydata(const ldns_resolver *res) + { + const char *str; + str = ldns_resolver_tsig_keydata(res); + if (str != NULL) { + str = strdup(str); + } + return str; + } +%} + +%newobject _ldns_resolver_tsig_keyname; +%rename(__ldns_resolver_tsig_keyname) ldns_resolver_tsig_keyname; +%inline +%{ + const char * _ldns_resolver_tsig_keyname(const ldns_resolver *res) + { + const char *str; + str = ldns_resolver_tsig_keyname(res); + if (str != NULL) { + str = strdup(str); + } + return str; + } +%} + +/* End of pull cloning. */ + +/* Clone data on push. */ + +%rename(__ldns_resolver_set_dnssec_anchors) ldns_resolver_set_dnssec_anchors; +%inline +%{ + void _ldns_resolver_set_dnssec_anchors(ldns_resolver *res, + ldns_rr_list * rrl) + { + ldns_rr_list *rrl_clone = NULL; + if (rrl != NULL) { + rrl_clone = ldns_rr_list_clone(rrl); + } + /* May leak memory, when overwriting pointer value. */ + ldns_resolver_set_dnssec_anchors(res, rrl_clone); + } +%} + +%rename(__ldns_resolver_set_domain) ldns_resolver_set_domain; +%inline +%{ + void _ldns_resolver_set_domain(ldns_resolver *res, ldns_rdf *rdf) + { + ldns_rdf *rdf_clone = NULL; + if (rdf != NULL) { + rdf_clone = ldns_rdf_clone(rdf); + } + /* May leak memory, when overwriting pointer value. */ + ldns_resolver_set_domain(res, rdf_clone); + } +%} + +/* End of push cloning. */ + + +/* ========================================================================= */ +/* Debugging related code. */ +/* ========================================================================= */ + +#ifdef LDNS_DEBUG +%rename(__ldns_resolver_deep_free) ldns_resolver_deep_free; +%rename(__ldns_resolver_free) ldns_resolver_free; +%inline +%{ + /*! + * @brief Prints information about deallocated resolver and deallocates. + */ + void _ldns_resolver_deep_free(ldns_resolver *r) + { + printf("******** LDNS_RESOLVER deep free 0x%lX ************\n", + (long unsigned int) r); + ldns_resolver_deep_free(r); + } + + /*! + * @brief Prints information about deallocated resolver and deallocates. + * + * @note There should be no need to use this function in the wrapper code, as + * it is likely to leak memory. + */ + void _ldns_resolver_free(ldns_resolver *r) + { + printf("******** LDNS_RESOLVER free 0x%lX ************\n", + (long unsigned int) r); + ldns_resolver_free(r); + } +%} +#else /* !LDNS_DEBUG */ +%rename(_ldns_resolver_deep_free) ldns_resolver_deep_free; +%rename(_ldns_resolver_free) ldns_resolver_free; +#endif /* LDNS_DEBUG */ + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + +%newobject _replacement_ldns_resolver_trusted_key; +%inline +%{ + /*! + * @brief Replaces the rrs in the list with their clones. + * + * Prevents memory corruption when automatically deallocating list content. + */ + void _rr_list_replace_content_with_clones(ldns_rr_list *rrl) + { + size_t count; + unsigned int i; + + if (rrl == NULL) { + return; + } + + count = ldns_rr_list_rr_count(rrl); + for (i = 0; i < count; ++i) { + ldns_rr_list_set_rr(rrl, + ldns_rr_clone(ldns_rr_list_rr(rrl, i)), + i); + } + } + + /* + * @brief Behaves similarly to ldns_resolver_trusted_key(). + * + * Prevents memory leakage by controlling the usage of content cloning. + * + * @return Newly allocated list of trusted key clones if any found, + * NULL else. + */ + ldns_rr_list * _replacement_ldns_resolver_trusted_key( + const ldns_resolver *res, ldns_rr_list *keys) + { + ldns_rr_list *trusted_keys = ldns_rr_list_new(); + + if (ldns_resolver_trusted_key(res, keys, trusted_keys)) { + _rr_list_replace_content_with_clones(trusted_keys); + } else { + ldns_rr_list_deep_free(trusted_keys); trusted_keys = NULL; + } + + return trusted_keys; + } +%} + + +/* ========================================================================= */ +/* Encapsulating Python code. */ +/* ========================================================================= */ + +%feature("docstring") ldns_struct_resolver "LDNS resolver object. + +The :class:`ldns_resolver` object keeps a list of name servers and can perform +queries. + +**Usage** + +>>> import ldns +>>> resolver = ldns.ldns_resolver.new_frm_file(\"/etc/resolv.conf\") +>>> pkt = resolver.query(\"www.nic.cz\", ldns.LDNS_RR_TYPE_A,ldns.LDNS_RR_CLASS_IN) +>>> if (pkt) and (pkt.answer()): +>>> print pkt.answer() +www.nic.cz. 1757 IN A 217.31.205.50 + +This simple example instances a resolver in order to resolve www.nic.cz A type +record." + +%extend ldns_struct_resolver { + + %pythoncode + %{ + def __init__(self): + """ + Cannot be created directly from Python. + """ + raise Exception("This class can't be created directly. " + + "Please use: new_frm_file(filename), new_frm_fp(file) " + + "or new_frm_fp_l(file, line)") + + __swig_destroy__ = _ldns._ldns_resolver_deep_free + + # + # LDNS_RESOLVER_CONSTRUCTORS_ + # + + @staticmethod + def new(): + """ + Creates a new resolver object. + + :return: (:class:`ldns_resolver`) New resolver object or None. + + .. note:: + The returned resolver object is unusable unless some + name servers are added. + + **Usage** + >>> resolver = ldns.ldns_resolver.new() + >>> ns_addr = ldns.ldns_rdf.new_frm_str("8.8.8.8", ldns.LDNS_RDF_TYPE_A) + >>> if not ns_addr: raise Exception("Can't create resolver address.") + >>> status = resolver.push_nameserver(ns_addr) + >>> if status != ldns.LDNS_STATUS_OK: raise Exception("Can't push resolver address.") + >>> pkt = resolver.query("www.nic.cz.", ldns.LDNS_RR_TYPE_A, ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + >>> if (pkt) and (pkt.answer()): + >>> print pkt.answer() + www.nic.cz. 1265 IN A 217.31.205.50 + """ + return _ldns.ldns_resolver_new() + + @staticmethod + def new_frm_file(filename = "/etc/resolv.conf", raiseException=True): + """ + Creates a resolver object from given file name + + :param filename: Name of file which contains resolver + information (usually /etc/resolv.conf). + :type filename: str + :param raiseException: If True, an exception occurs in case a + resolver object can't be created. + :type raiseException: bool + :throws TypeError: When arguments of inappropriate types. + :throws Exception: When `raiseException` set and resolver + couldn't be created. + :return: (:class:`ldns_resolver`) Resolver object or None. + An exception occurs if the object can't be created and + 'raiseException' is True. + """ + status, resolver = _ldns.ldns_resolver_new_frm_file(filename) + if status != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create resolver, error: %d" % status) + return None + return resolver + + @staticmethod + def new_frm_fp(file, raiseException=True): + """ + Creates a resolver object from file + + :param file: A file object. + :type file: file + :param raiseException: If True, an exception occurs in case a + resolver object can't be created. + :type raiseException: bool + :throws TypeError: When arguments of inappropriate types. + :throws Exception: When `raiseException` set and resolver + couldn't be created. + :return: (:class:`ldns_resolver`) Resolver object or None. + An exception occurs if the object can't be created and + `raiseException` is True. + """ + status, resolver = _ldns.ldns_resolver_new_frm_fp(file) + if status != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create resolver, error: %d" % status) + return None + return resolver + + @staticmethod + def new_frm_fp_l(file, raiseException=True): + """ + Creates a resolver object from file + + :param file: A file object. + :type file: file + :param raiseException: If True, an exception occurs in case a + resolver instance can't be created. + :type raiseException: bool + :throws TypeError: When arguments of inappropriate types. + :throws Exception: When `raiseException` set and resolver + couldn't be created. + :return: + * (:class:`ldns_resolver`) Resolver instance or None. + An exception occurs if an instance can't be created and + `raiseException` is True. + + * (int) - The line number. (e.g., for debugging) + """ + status, resolver, line = _ldns.ldns_resolver_new_frm_fp_l(file) + if status != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create resolver, error: %d" % status) + return None + return resolver, line + + # + # _LDNS_RESOLVER_CONSTRUCTORS + # + + # High level functions + + def get_addr_by_name(self, name, aclass = _ldns.LDNS_RR_CLASS_IN, flags = _ldns.LDNS_RD): + """ + Ask the resolver about name and return all address records. + + :param name: The name to look for. String is automatically + converted to dname. + :type name: :class:`ldns_dname` or str + :param aclass: The class to use. + :type aclass: ldns_rr_class + :param flags: Give some optional flags to the query. + :type flags: uint16_t + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_rr_list`) RR List object or None. + + **Usage** + >>> addr = resolver.get_addr_by_name("www.google.com", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + >>> if (not addr): raise Exception("Can't retrieve server address") + >>> for rr in addr.rrs(): + >>> print rr + www.l.google.com. 300 IN A 74.125.43.99 + www.l.google.com. 300 IN A 74.125.43.103 + www.l.google.com. 300 IN A 74.125.43.104 + www.l.google.com. 300 IN A 74.125.43.147 + """ + rdf = name + if isinstance(name, str): + rdf = _ldns.ldns_dname_new_frm_str(name) + return _ldns.ldns_get_rr_list_addr_by_name(self, rdf, aclass, flags) + + def get_name_by_addr(self, addr, aclass = _ldns.LDNS_RR_CLASS_IN, flags = _ldns.LDNS_RD): + """ + Ask the resolver about the address and return the name. + + :param name: (ldns_rdf of A or AAAA type) the addr to look for. + If a string is given, A or AAAA type is identified + automatically. + :type name: :class:`ldns_rdf` of A or AAAA type + :param aclass: The class to use. + :type aclass: ldns_rr_class + :param flags: Give some optional flags to the query. + :type flags: uint16_t + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_rr_list`) RR List object or None. + + **Usage** + >>> addr = resolver.get_name_by_addr("74.125.43.99", ldns.LDNS_RR_CLASS_IN, ldns.LDNS_RD) + >>> if (not addr): raise Exception("Can't retrieve server address") + >>> for rr in addr.rrs(): + >>> print rr + 99.43.125.74.in-addr.arpa. 85641 IN PTR bw-in-f99.google.com. + + """ + rdf = addr + if isinstance(addr, str): + if (addr.find("::") >= 0): #IPv6 + rdf = _ldns.ldns_rdf_new_frm_str(_ldns.LDNS_RDF_TYPE_AAAA, addr) + else: + rdf = _ldns.ldns_rdf_new_frm_str(_ldns.LDNS_RDF_TYPE_A, addr) + return _ldns.ldns_get_rr_list_name_by_addr(self, rdf, aclass, flags) + + def print_to_file(self,output): + """Print a resolver (in so far that is possible) state to output.""" + _ldns.ldns_resolver_print(output,self) + + def axfr_complete(self): + """ + Returns True if the axfr transfer has completed + (i.e., 2 SOA RRs and no errors were encountered). + + :return: (bool) + """ + return _ldns.ldns_axfr_complete(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def axfr_last_pkt(self): + """ + Returns a last packet that was sent by the server in the AXFR + transfer (usable for instance to get the error code on failure). + + :return: (:class:`ldns_pkt`) Last packet of the AXFR transfer. + """ + return _ldns._ldns_axfr_last_pkt(self) + #parameters: const ldns_resolver *, + #retvals: ldns_pkt * + + def axfr_next(self): + """ + Get the next stream of RRs in a AXFR. + + :return: (:class:`ldns_rr`) The next RR from the AXFR stream. + """ + return _ldns.ldns_axfr_next(self) + #parameters: ldns_resolver *, + #retvals: ldns_rr * + + def axfr_start(self, domain, aclass): + """ + Prepares the resolver for an axfr query. The query is sent and + the answers can be read with :meth:`axfr_next`. + + :param domain: Domain to axfr. + :type domain: :class:`dlsn_dname` + :param aclass: The class to use. + :type aclass: ldns_rr_class + :throws TypeError: When arguments of inappropriate types. + :return: (ldns_status) The status of the transfer. + + .. note:: + The type checking of parameter `domain` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + + **Usage** + :: + + status = resolver.axfr_start("nic.cz", ldns.LDNS_RR_CLASS_IN) + if (status != ldns.LDNS_STATUS_OK): + raise Exception("Can't start AXFR, error: %s" % ldns.ldns_get_errorstr_by_id(status)) + #Print the results + while True: + rr = resolver.axfr_next() + if not rr: + break + + print rr + """ + # TODO -- Add checking for ldns_rdf and ldns_dname. + rdf = domain + if isinstance(domain, str): + rdf = _ldns.ldns_dname_new_frm_str(domain) + return _ldns.ldns_axfr_start(self, rdf, aclass) + #parameters: ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class c + #retvals: int + + # + # LDNS_RESOLVER_METHODS_ + # + + def debug(self): + """ + Get the debug status of the resolver. + + :return: (bool) True if so, otherwise False. + """ + return _ldns.ldns_resolver_debug(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def dec_nameserver_count(self): + """ + Decrement the resolver's name server count. + """ + _ldns.ldns_resolver_dec_nameserver_count(self) + #parameters: ldns_resolver *, + #retvals: + + def defnames(self): + """ + Does the resolver apply default domain name. + + :return: (bool) + """ + return _ldns.ldns_resolver_defnames(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def dnsrch(self): + """ + Does the resolver apply search list. + + :return: (bool) + """ + return _ldns.ldns_resolver_dnsrch(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def dnssec(self): + """ + Does the resolver do DNSSEC. + + :return: (bool) True: yes, False: no. + """ + return _ldns.ldns_resolver_dnssec(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def dnssec_anchors(self): + """ + Get the resolver's DNSSEC anchors. + + :return: (:class:`ldns_rr_list`) An rr list containing trusted + DNSSEC anchors. + """ + return _ldns._ldns_resolver_dnssec_anchors(self) + #parameters: const ldns_resolver *, + #retvals: ldns_rr_list * + + def dnssec_cd(self): + """ + Does the resolver set the CD bit. + + :return: (bool) True: yes, False: no. + """ + return _ldns.ldns_resolver_dnssec_cd(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def domain(self): + """ + What is the default dname to add to relative queries. + + :return: (:class:`ldns_dname`) The dname which is added. + """ + dname = _ldns._ldns_resolver_domain(self) + if dname != None: + return ldns_dname(_ldns._ldns_resolver_domain(self), clone=False) + else: + return dname + #parameters: const ldns_resolver *, + #retvals: ldns_rdf * + + def edns_udp_size(self): + """ + Get the resolver's udp size. + + :return: (uint16_t) The udp mesg size. + """ + return _ldns.ldns_resolver_edns_udp_size(self) + #parameters: const ldns_resolver *, + #retvals: uint16_t + + def fail(self): + """ + Does the resolver only try the first name server. + + :return: (bool) True: yes, fail, False: no, try the others. + """ + return _ldns.ldns_resolver_fail(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def fallback(self): + """ + Get the truncation fall-back status. + + :return: (bool) Whether the truncation fall*back mechanism + is used. + """ + return _ldns.ldns_resolver_fallback(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def igntc(self): + """ + Does the resolver ignore the TC bit (truncated). + + :return: (bool) True: yes, False: no. + """ + return _ldns.ldns_resolver_igntc(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def incr_nameserver_count(self): + """ + Increment the resolver's name server count. + """ + _ldns.ldns_resolver_incr_nameserver_count(self) + #parameters: ldns_resolver *, + #retvals: + + def ip6(self): + """ + Does the resolver use ip6 or ip4. + + :return: (uint8_t) 0: both, 1: ip4, 2:ip6 + """ + return _ldns.ldns_resolver_ip6(self) + #parameters: const ldns_resolver *, + #retvals: uint8_t + + def nameserver_count(self): + """ + How many name server are configured in the resolver. + + :return: (size_t) Number of name servers. + """ + return _ldns.ldns_resolver_nameserver_count(self) + #parameters: const ldns_resolver *, + #retvals: size_t + + def nameserver_rtt(self, pos): + """ + Return the used round trip time for a specific name server. + + :param pos: The index to the name server. + :type pos: size_t + :throws TypeError: When arguments of inappropriate types. + :return: (size_t) The rrt, 0: infinite, + >0: undefined (as of * yet). + """ + return _ldns.ldns_resolver_nameserver_rtt(self, pos) + #parameters: const ldns_resolver *,size_t, + #retvals: size_t + + def nameservers(self): + """ + Return the configured name server ip address. + + :return: (ldns_rdf \*\*) A ldns_rdf pointer to a list of the + addresses. + """ + # TODO -- Convert to list of ldns_rdf. + return _ldns.ldns_resolver_nameservers(self) + #parameters: const ldns_resolver *, + #retvals: ldns_rdf ** + + def nameservers_randomize(self): + """ + Randomize the name server list in the resolver. + """ + _ldns.ldns_resolver_nameservers_randomize(self) + #parameters: ldns_resolver *, + #retvals: + + def pop_nameserver(self): + """ + Pop the last name server from the resolver. + + :return: (:class:`ldns_rdf`) The popped address or None if empty. + """ + return _ldns.ldns_resolver_pop_nameserver(self) + #parameters: ldns_resolver *, + #retvals: ldns_rdf * + + def port(self): + """ + Get the port the resolver should use. + + :return: (uint16_t) The port number. + """ + return _ldns.ldns_resolver_port(self) + #parameters: const ldns_resolver *, + #retvals: uint16_t + + def prepare_query_pkt(self, name, t, c, f, raiseException=True): + """ + Form a query packet from a resolver and name/type/class combo. + + :param name: Query for this name. + :type name: :class:`ldns_dname` or str + :param t: Query for this type (may be 0, defaults to A). + :type t: ldns_rr_type + :param c: Query for this class (may be 0, default to IN). + :type c: ldns_rr_class + :param f: The query flags. + :type f: uint16_t + :throws TypeError: When arguments of inappropriate types. + :throws Exception: When `raiseException` set and answer + couldn't be resolved. + :return: (:class:`ldns_pkt`) Query packet or None. + An exception occurs if the object can't be created and + 'raiseException' is True. + """ + rdf = name + if isinstance(name, str): + rdf = _ldns.ldns_dname_new_frm_str(name) + status, pkt = _ldns.ldns_resolver_prepare_query_pkt(self, rdf, t, c, f) + if status != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create resolver, error: %d" % status) + return None + return pkt + #parameters: ldns_resolver *,const ldns_rdf *,ldns_rr_type,ldns_rr_class,uint16_t, + #retvals: ldns_status,ldns_pkt ** + + def push_dnssec_anchor(self, rr): + """ + Push a new trust anchor to the resolver. + It must be a DS or DNSKEY rr. + + :param rr: The RR to add as a trust anchor. + :type rr: DS of DNSKEY :class:`ldns_rr` + :throws TypeError: When arguments of inappropriate types. + :return: (ldns_status) A status. + """ + return _ldns.ldns_resolver_push_dnssec_anchor(self, rr) + #parameters: ldns_resolver *,ldns_rr *, + #retvals: ldns_status + + def push_nameserver(self, n): + """ + Push a new name server to the resolver. + It must be an IP address v4 or v6. + + :param n: The ip address. + :type n: :class:`ldns_rdf` of A or AAAA type. + :throws TypeError: When arguments of inappropriate types. + :return: (ldns_status) A status. + """ + return _ldns.ldns_resolver_push_nameserver(self, n) + #parameters: ldns_resolver *,ldns_rdf *, + #retvals: ldns_status + + def push_nameserver_rr(self, rr): + """ + Push a new name server to the resolver. + It must be an A or AAAA RR record type. + + :param rr: The resource record. + :type rr: :class:`ldns_rr` of A or AAAA type. + :throws TypeError: When arguments of inappropriate types. + :return: (ldns_status) A status. + """ + return _ldns.ldns_resolver_push_nameserver_rr(self, rr) + #parameters: ldns_resolver *,ldns_rr *, + #retvals: ldns_status + + def push_nameserver_rr_list(self, rrlist): + """ + Push a new name server rr_list to the resolver. + + :param rrlist: The rr list to push. + :type rrlist: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + :return: (ldns_status) A status. + """ + return _ldns.ldns_resolver_push_nameserver_rr_list(self, rrlist) + #parameters: ldns_resolver *,ldns_rr_list *, + #retvals: ldns_status + + def push_searchlist(self, rd): + """ + Push a new rd to the resolver's search-list. + + :param rd: To push. + :param rd: :class:`ldns_dname` or str + :throws TypeError: When arguments of inappropriate types. + + .. note: + The function does not return any return status, + so the caller must ensure the correctness of the passed + values. + """ + rdf = rd + if isinstance(rd, str): + rdf = _ldns.ldns_dname_new_frm_str(rd) + _ldns.ldns_resolver_push_searchlist(self, rdf) + #parameters: ldns_resolver *,ldns_rdf *, + #retvals: + + def query(self,name,atype=_ldns.LDNS_RR_TYPE_A,aclass=_ldns.LDNS_RR_CLASS_IN,flags=_ldns.LDNS_RD): + """ + Send a query to a name server. + + :param name: The name to look for. + :type name: :class:`ldns_dname` or str + :param atype: The RR type to use. + :type atype: ldns_rr_type + :param aclass: The RR class to use. + :type aclass: ldns_rr_class + :param flags: Give some optional flags to the query. + :type flags: uint16_t + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_pkt`) A packet with the reply from the + name server if _defnames is true the default domain will + be added. + """ + # Explicit conversion from string to ldns_rdf prevents memory leaks. + # TODO -- Find out why. + dname = name + if isinstance(name, str): + dname = _ldns.ldns_dname_new_frm_str(name) + return _ldns.ldns_resolver_query(self, dname, atype, aclass, flags) + #parameters: const ldns_resolver *,const ldns_rdf *,ldns_rr_type,ldns_rr_class,uint16_t, + #retvals: ldns_pkt * + + def random(self): + """ + Does the resolver randomize the name server before usage? + + :return: (bool) True: yes, False: no. + """ + return _ldns.ldns_resolver_random(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def recursive(self): + """ + Is the resolver set to recurse? + + :return: (bool) True if so, otherwise False. + """ + return _ldns.ldns_resolver_recursive(self) + #parameters: const ldns_resolver *, + #retvals: bool + + def retrans(self): + """ + Get the retransmit interval. + + :return: (uint8_t) The retransmit interval. + """ + return _ldns.ldns_resolver_retrans(self) + #parameters: const ldns_resolver *, + #retvals: uint8_t + + def retry(self): + """ + Get the number of retries. + + :return: (uint8_t) The number of retries. + """ + return _ldns.ldns_resolver_retry(self) + #parameters: const ldns_resolver *, + #retvals: uint8_t + + def rtt(self): + """ + Return the used round trip times for the name servers. + + :return: (size_t \*) a size_t* pointer to the list. yet) + """ + return _ldns.ldns_resolver_rtt(self) + #parameters: const ldns_resolver *, + #retvals: size_t * + + def search(self, name, atype=_ldns.LDNS_RR_TYPE_A, aclass=_ldns.LDNS_RR_CLASS_IN, flags=_ldns.LDNS_RD): + """ + Send the query for using the resolver and take the search list + into account The search algorithm is as follows: If the name is + absolute, try it as-is, otherwise apply the search list. + + :param name: The name to look for. + :type name: :class:`ldns_dname` or str + :param atype: The RR type to use. + :type atype: ldns_rr_type + :param aclass: The RR class to use. + :type aclass: ldns_rr_class + :param flags: Give some optional flags to the query. + :type flags: uint16_t + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_pkt`) A packet with the reply from the + name server. + """ + # Explicit conversion from string to ldns_rdf prevents memory leaks. + # TODO -- Find out why. + dname = name + if isinstance(name, str): + dname = _ldns.ldns_dname_new_frm_str(name) + return _ldns.ldns_resolver_search(self, dname, atype, aclass, flags) + #parameters: const ldns_resolver *,const ldns_rdf *,ldns_rr_type,ldns_rr_class,uint16_t, + #retvals: ldns_pkt * + + def searchlist(self): + """ + What is the search-list as used by the resolver. + + :return: (ldns_rdf \*\*) A ldns_rdf pointer to a list of the addresses. + """ + return _ldns.ldns_resolver_searchlist(self) + #parameters: const ldns_resolver *, + #retvals: ldns_rdf \*\* + + def searchlist_count(self): + """ + Return the resolver's search-list count. + + :return: (size_t) The search-list count. + """ + return _ldns.ldns_resolver_searchlist_count(self) + #parameters: const ldns_resolver *, + #retvals: size_t + + def send(self, name, atype, aclass, flags, raiseException=True): + """ + Send the query for name as-is. + + :param name: The name to look for. + :type name: :class:`ldns_dname` or str + :param atype: The RR type to use. + :type atype: ldns_rr_type + :param aclass: The RR class to use. + :type aclass: ldns_rr_class + :param flags: Give some optional flags to the query. + :type flags: uint16_t + :throws TypeError: When arguments of inappropriate types. + :throws Exception: When `raiseException` set and answer + couldn't be resolved. + :return: (:class:`ldns_pkt`) A packet with the reply from the + name server. + """ + # Explicit conversion from string to ldns_rdf prevents memory leaks. + # TODO -- Find out why. + dname = name + if isinstance(name, str): + dname = _ldns.ldns_dname_new_frm_str(name) + status, pkt = _ldns.ldns_resolver_send(self, dname, atype, aclass, flags) + if status != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create resolver, error: %d" % status) + return None + return pkt + #parameters: ldns_resolver *,const ldns_rdf *,ldns_rr_type,ldns_rr_class,uint16_t, + #retvals: ldns_status,ldns_pkt ** + + def send_pkt(self, query_pkt): + """ + Send the given packet to a name server. + + :param query_pkt: Query packet. + :type query_pkt: :class:`ldns_pkt` + :throws TypeError: When arguments of inappropriate types. + :return: * (ldns_status) Return status. + * (:class:`ldns_pkt`) Response packet if returns status ok. + """ + status, answer = _ldns.ldns_resolver_send_pkt(self, query_pkt) + return _ldns.ldns_resolver_send_pkt(self,query_pkt) + #parameters: ldns_resolver *,ldns_pkt *, + #retvals: ldns_status,ldns_pkt ** + + def set_debug(self, b): + """ + Set the resolver debugging. + + :param b: True: debug on, False: debug off. + :type b: bool + """ + _ldns.ldns_resolver_set_debug(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_defnames(self, b): + """ + Whether the resolver uses the name set with _set_domain. + + :param b: True: use the defaults, False: don't use them. + :type b: bool + """ + _ldns.ldns_resolver_set_defnames(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_dnsrch(self, b): + """ + Whether the resolver uses the search list. + + :param b: True: use the list, False: don't use the list. + :type b: bool + """ + _ldns.ldns_resolver_set_dnsrch(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_dnssec(self, b): + """ + Whether the resolver uses DNSSEC. + + :param b: True: use DNSSEC, False: don't use DNSSEC. + :type b: bool + """ + _ldns.ldns_resolver_set_dnssec(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_dnssec_anchors(self, l): + """ + Set the resolver's DNSSEC anchor list directly. + RRs should be of type DS or DNSKEY. + + :param l: The list of RRs to use as trust anchors. + :type l: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + """ + _ldns._ldns_resolver_set_dnssec_anchors(self, l) + #parameters: ldns_resolver *,ldns_rr_list *, + #retvals: + + def set_dnssec_cd(self, b): + """ + Whether the resolver uses the checking disable bit. + + :param b: True: enable, False: disable. + :type b: bool + """ + _ldns.ldns_resolver_set_dnssec_cd(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_domain(self, rd): + """ + Set the resolver's default domain. + This gets appended when no absolute name is given. + + :param rd: The name to append. + :type rd: :class:`ldns_dname` or str + :throws TypeError: When arguments of inappropriate types. + :throws Exception: When `rd` a non dname rdf. + + .. note:: + The type checking of parameter `rd` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + # Also has to be able to pass None or dame string. + if isinstance(rd, str): + dname = _ldns.ldns_dname_new_frm_str(rd) + elif (not isinstance(rd, ldns_dname)) and \ + isinstance(rd, ldns_rdf) and \ + rd.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_resolver.set_domain() method" + + " will drop the possibility to accept ldns_rdf." + + " Convert argument to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + dname = rd + else: + dname = rd + if (not isinstance(dname, ldns_rdf)) and (dname != None): + raise TypeError("Parameter must be derived from ldns_rdf.") + if (isinstance(dname, ldns_rdf)) and \ + (dname.get_type() != _ldns.LDNS_RDF_TYPE_DNAME): + raise Exception("Operands must be ldns_dname.") + _ldns._ldns_resolver_set_domain(self, dname) + #parameters: ldns_resolver *,ldns_rdf *, + #retvals: + + def set_edns_udp_size(self, s): + """ + Set maximum udp size. + + :param s: The udp max size. + :type s: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_edns_udp_size(self,s) + #parameters: ldns_resolver *,uint16_t, + #retvals: + + def set_fail(self, b): + """ + Whether or not to fail after one failed query. + + :param b: True: yes fail, False: continue with next name server. + :type b: bool + """ + _ldns.ldns_resolver_set_fail(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_fallback(self, fallback): + """ + Set whether the resolvers truncation fall-back mechanism is used + when :meth:`query` is called. + + :param fallback: Whether to use the fall-back mechanism. + :type fallback: bool + """ + _ldns.ldns_resolver_set_fallback(self, fallback) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_igntc(self, b): + """ + Whether or not to ignore the TC bit. + + :param b: True: yes ignore, False: don't ignore. + :type b: bool + """ + _ldns.ldns_resolver_set_igntc(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_ip6(self, i): + """ + Whether the resolver uses ip6. + + :param i: 0: no pref, 1: ip4, 2: ip6 + :type i: uint8_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_ip6(self, i) + #parameters: ldns_resolver *,uint8_t, + #retvals: + + def set_nameserver_count(self, c): + """ + Set the resolver's name server count directly. + + :param c: The name server count. + :type c: size_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_nameserver_count(self, c) + #parameters: ldns_resolver *,size_t, + #retvals: + + def set_nameserver_rtt(self, pos, value): + """ + Set round trip time for a specific name server. + Note this currently differentiates between: unreachable and + reachable. + + :param pos: The name server position. + :type pos: size_t + :param value: The rtt. + :type value: size_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_nameserver_rtt(self, pos, value) + #parameters: ldns_resolver *,size_t,size_t, + #retvals: + + def set_nameservers(self, rd): + """ + Set the resolver's name server count directly by using an + rdf list. + + :param rd: The resolver addresses. + :type rd: ldns_rdf \*\* + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_nameservers(self, rd) + #parameters: ldns_resolver *,ldns_rdf **, + #retvals: + + def set_port(self, p): + """ + Set the port the resolver should use. + + :param p: The port number. + :type p: uint16_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_port(self, p) + #parameters: ldns_resolver *,uint16_t, + #retvals: + + def set_random(self, b): + """ + Should the name server list be randomized before each use. + + :param b: True: randomize, False: don't. + :type b: bool + """ + _ldns.ldns_resolver_set_random(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_recursive(self, b): + """ + Set the resolver recursion. + + :param b: True: set to recurse, False: unset. + :type b: bool + """ + _ldns.ldns_resolver_set_recursive(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def set_retrans(self, re): + """ + Set the resolver retrans time-out (in seconds). + + :param re: The retransmission interval in seconds. + :type re: uint8_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_retrans(self, re) + #parameters: ldns_resolver *,uint8_t, + #retvals: + + def set_retry(self, re): + """ + Set the resolver retry interval (in seconds). + + :param re: The retry interval. + :type re: uint8_t + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_retry(self,re) + #parameters: ldns_resolver *,uint8_t, + #retvals: + + def set_rtt(self, rtt): + """ + Set round trip time for all name servers. + Note this currently differentiates between: unreachable and reachable. + + :param rtt: A list with the times. + :type rtt: size \* + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_rtt(self, rtt) + #parameters: ldns_resolver *,size_t *, + #retvals: + + def set_timeout(self, timeout): + """ + Set the resolver's socket time out when talking to remote hosts. + + :param timeout: The time-out to use. + :param timeout: struct timeval + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_timeout(self,timeout) + #parameters: ldns_resolver *,struct timeval, + #retvals: + + def set_tsig_algorithm(self, tsig_algorithm): + """ + Set the tsig algorithm. + + :param tsig_algorithm: The tsig algorithm. + :param tsig_algorithm: str + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_tsig_algorithm(self, tsig_algorithm) + #parameters: ldns_resolver *,char *, + #retvals: + + def set_tsig_keydata(self, tsig_keydata): + """ + Set the tsig key data. + + :param tsig_keydata: The key data. + :type tsig_keydata: str + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_tsig_keydata(self, tsig_keydata) + #parameters: ldns_resolver *,char *, + #retvals: + + def set_tsig_keyname(self, tsig_keyname): + """ + Set the tsig key name. + + :param tsig_keyname: The tsig key name. + :type tsig_keyname: str + :throws TypeError: When arguments of inappropriate types. + """ + _ldns.ldns_resolver_set_tsig_keyname(self, tsig_keyname) + #parameters: ldns_resolver *,char *, + #retvals: + + def set_usevc(self, b): + """ + Whether the resolver uses a virtual circuit (TCP). + + :param b: True: use TCP, False: don't use TCP. + :type b: bool + """ + _ldns.ldns_resolver_set_usevc(self, b) + #parameters: ldns_resolver *,bool, + #retvals: + + def timeout(self): + """ + What is the time-out on socket connections. + + :return: (struct timeval) The time-out. + """ + return _ldns.ldns_resolver_timeout(self) + #parameters: const ldns_resolver *, + #retvals: struct timeval + + def trusted_key(self, keys): + """ + Returns true if at least one of the provided keys is a trust + anchor. + + :param keys: The key set to check. + :type keys: :class:`ldns_rr_list` + :throws TypeError: When arguments of inappropriate types. + :return: (:class:`ldns_rr_list`) List of trusted keys if at + least one of the provided keys is a configured trust anchor, + None else. + """ + return _ldns._replacement_ldns_resolver_trusted_key(self, keys) + #parameters: const ldns_resolver *,ldns_rr_list *,ldns_rr_list *, + #retvals: bool + + def tsig_algorithm(self): + """ + Return the tsig algorithm as used by the name server. + + :return: (str) The algorithm used. + """ + return _ldns._ldns_resolver_tsig_algorithm(self) + #parameters: const ldns_resolver *, + #retvals: char * + + def tsig_keydata(self): + """ + Return the tsig key data as used by the name server. + + :return: (str) The key data used. + """ + return _ldns._ldns_resolver_tsig_keydata(self) + #parameters: const ldns_resolver *, + #retvals: char * + + def tsig_keyname(self): + """ + Return the tsig key name as used by the name server. + + :return: (str) The name used. + """ + return _ldns._ldns_resolver_tsig_keyname(self) + #parameters: const ldns_resolver *, + #retvals: char * + + def usevc(self): + """ + Does the resolver use tcp or udp. + + :return: (bool) True: tcp, False: udp. + """ + return _ldns.ldns_resolver_usevc(self) + #parameters: const ldns_resolver *, + #retvals: bool + + # + # _LDNS_RESOLVER_METHODS + # + %} +} diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_rr.i b/zonemaster-ldns/ldns/contrib/python/ldns_rr.i new file mode 100644 index 0000000..2e0a071 --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_rr.i @@ -0,0 +1,2581 @@ +/****************************************************************************** + * ldns_rr.i: LDNS resource records (RR), RR list + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from + * this software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + *****************************************************************************/ + + +/* ========================================================================= */ +/* SWIG setting and definitions. */ +/* ========================================================================= */ + +/* Creates a temporary instance of (ldns_rr *). */ +%typemap(in, numinputs=0, noblock=1) (ldns_rr **) +{ + ldns_rr *$1_rr; + $1 = &$1_rr; +} + +/* Result generation, appends (ldns_rr *) after the result. */ +%typemap(argout, noblock=1) (ldns_rr **) +{ + $result = SWIG_Python_AppendOutput($result, + SWIG_NewPointerObj(SWIG_as_voidptr($1_rr), + SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 )); +} + +%nodefaultctor ldns_struct_rr; /* No default constructor. */ +%nodefaultdtor ldns_struct_rr; /* No default destructor. */ + +%ignore ldns_struct_rr::_rdata_fields; + +%newobject ldns_rr_clone; +%newobject ldns_rr_new; +%newobject ldns_rr_new_frm_type; +%newobject ldns_rr_pop_rdf; +%delobject ldns_rr_free; + +%rename(ldns_rr) ldns_struct_rr; + +%newobject ldns_rr2str; +%newobject ldns_rr_type2str; +%newobject ldns_rr_class2str; +%newobject ldns_read_anchor_file; + + +/* Clone rdf data on pull. */ + +/* Clone will fail with NULL argument. */ + +%newobject _ldns_rr_rdf; +%rename(__ldns_rr_rdf) ldns_rr_rdf; +%inline +%{ + ldns_rdf * _ldns_rr_rdf(ldns_rr *rr, size_t i) + { + ldns_rdf *rdf; + rdf = ldns_rr_rdf(rr, i); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + +%newobject _ldns_rr_rrsig_algorithm; +%rename(__ldns_rr_rrsig_algorithm) ldns_rr_rrsig_algorithm; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_algorithm(ldns_rr *rr) { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_algorithm(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + +%newobject _ldns_rr_dnskey_algorithm; +%rename(__ldns_rr_dnskey_algorithm) ldns_rr_dnskey_algorithm; +%inline +%{ + ldns_rdf * _ldns_rr_dnskey_algorithm(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_dnskey_algorithm(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + +%newobject _ldns_rr_dnskey_flags; +%rename(__ldns_rr_dnskey_flags) ldns_rr_dnskey_flags; +%inline + %{ + ldns_rdf * _ldns_rr_dnskey_flags(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_dnskey_flags(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + +%newobject _ldns_rr_dnskey_key; +%rename(__ldns_rr_dnskey_key) ldns_rr_dnskey_key; +%inline +%{ + ldns_rdf * _ldns_rr_dnskey_key(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_dnskey_key(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + +%newobject _ldns_rr_dnskey_protocol; +%rename(__ldns_rr_dnskey_protocol) ldns_rr_dnskey_protocol; +%inline +%{ + ldns_rdf * _ldns_rr_dnskey_protocol(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_dnskey_protocol(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_owner; +%rename(__ldns_rr_owner) ldns_rr_owner; +%inline +%{ + ldns_rdf * _ldns_rr_owner(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_owner(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_a_address; +%rename(__ldns_rr_a_address) ldns_rr_a_address; +%inline +%{ + ldns_rdf * _ldns_rr_a_address(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_a_address(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_mx_exchange; +%rename(__ldns_rr_mx_exchange) ldns_rr_mx_exchange; +%inline +%{ + ldns_rdf * _ldns_rr_mx_exchange(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_mx_exchange(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_mx_preference; +%rename(__ldns_rr_mx_preference) ldns_rr_mx_preference; +%inline +%{ + ldns_rdf * _ldns_rr_mx_preference(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_mx_preference(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_ns_nsdname; +%rename(__ldns_rr_ns_nsdname) ldns_rr_ns_nsdname; +%inline +%{ + ldns_rdf * _ldns_rr_ns_nsdname(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_ns_nsdname(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_rrsig_expiration; +%rename(__ldns_rr_rrsig_expiration) ldns_rr_rrsig_expiration; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_expiration(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_expiration(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_rrsig_inception; +%rename(__ldns_rr_rrsig_inception) ldns_rr_rrsig_inception; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_inception(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_inception(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_rrsig_keytag; +%rename(__ldns_rr_rrsig_keytag) ldns_rr_rrsig_keytag; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_keytag(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_keytag(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_rrsig_labels; +%rename(__ldns_rr_rrsig_labels) ldns_rr_rrsig_labels; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_labels(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_labels(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_rrsig_origttl; +%rename(__ldns_rr_rrsig_origttl) ldns_rr_rrsig_origttl; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_origttl(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_origttl(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_rrsig_sig; +%rename(__ldns_rr_rrsig_sig) ldns_rr_rrsig_sig; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_sig(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_sig(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_rrsig_signame; +%rename(__ldns_rr_rrsig_signame) ldns_rr_rrsig_signame; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_signame(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_signame(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +%newobject _ldns_rr_rrsig_typecovered; +%rename(__ldns_rr_rrsig_typecovered) ldns_rr_rrsig_typecovered; +%inline +%{ + ldns_rdf * _ldns_rr_rrsig_typecovered(ldns_rr *rr) + { + ldns_rdf *rdf; + rdf = ldns_rr_rrsig_typecovered(rr); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + +/* End of pull cloning. */ + +/* Clone rdf data on push. */ + +%rename(__ldns_rr_a_set_address) ldns_rr_a_set_address; +%inline +%{ + bool _ldns_rr_a_set_address(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_a_set_address(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_dnskey_set_algorithm) ldns_rr_dnskey_set_algorithm; +%inline +%{ + bool _ldns_rr_dnskey_set_algorithm(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_dnskey_set_algorithm(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_dnskey_set_flags) ldns_rr_dnskey_set_flags; +%inline +%{ + bool _ldns_rr_dnskey_set_flags(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_dnskey_set_flags(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_dnskey_set_key) ldns_rr_dnskey_set_key; +%inline +%{ + bool _ldns_rr_dnskey_set_key(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_dnskey_set_key(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_dnskey_set_protocol) ldns_rr_dnskey_set_protocol; +%inline +%{ + bool _ldns_rr_dnskey_set_protocol(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_dnskey_set_protocol(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_push_rdf) ldns_rr_push_rdf; +%inline +%{ + bool _ldns_rr_push_rdf(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_push_rdf(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_algorithm) ldns_rr_rrsig_set_algorithm; +%inline +%{ + bool _ldns_rr_rrsig_set_algorithm(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_rrsig_set_algorithm(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_expiration) ldns_rr_rrsig_set_expiration; +%inline +%{ + bool _ldns_rr_rrsig_set_expiration(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_rrsig_set_expiration(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_inception) ldns_rr_rrsig_set_inception; +%inline +%{ + bool _ldns_rr_rrsig_set_inception(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_rrsig_set_inception(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_keytag) ldns_rr_rrsig_set_keytag; +%inline +%{ + bool _ldns_rr_rrsig_set_keytag(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_rrsig_set_keytag(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_labels) ldns_rr_rrsig_set_labels; +%inline +%{ + bool _ldns_rr_rrsig_set_labels(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_rrsig_set_labels(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_origttl) ldns_rr_rrsig_set_origttl; +%inline +%{ + bool _ldns_rr_rrsig_set_origttl(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_rrsig_set_origttl(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_sig) ldns_rr_rrsig_set_sig; +%inline +%{ + bool _ldns_rr_rrsig_set_sig(ldns_rr *rr, ldns_rdf *rdf) { + return ldns_rr_rrsig_set_sig(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_signame) ldns_rr_rrsig_set_signame; +%inline +%{ + bool _ldns_rr_rrsig_set_signame(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_rrsig_set_signame(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_rrsig_set_typecovered) ldns_rr_rrsig_set_typecovered; +%inline +%{ + bool _ldns_rr_rrsig_set_typecovered(ldns_rr *rr, ldns_rdf *rdf) + { + return ldns_rr_rrsig_set_typecovered(rr, ldns_rdf_clone(rdf)); + } +%} + +%rename(__ldns_rr_set_owner) ldns_rr_set_owner; +%inline +%{ + void _ldns_rr_set_owner(ldns_rr *rr, ldns_rdf *rdf) + { + ldns_rr_set_owner(rr, ldns_rdf_clone(rdf)); + } +%} + +%newobject _ldns_rr_set_rdf; +%rename(__ldns_rr_set_rdf) ldns_rr_set_rdf; +%inline +%{ + ldns_rdf * _ldns_rr_set_rdf(ldns_rr *rr, ldns_rdf *rdf, size_t pos) + { + /* May leak memory on unsuccessful calls. */ + ldns_rdf *new, *ret; + + new = ldns_rdf_clone(rdf); + + if ((ret = ldns_rr_set_rdf(rr, new, pos)) == NULL) { + ldns_rdf_deep_free(new); + } + + return ret; + } +%} + +/* End of push cloning. */ + +%rename(_ldns_rr_new_frm_str) ldns_rr_new_frm_str; +%rename(_ldns_rr_new_frm_fp_l) ldns_rr_new_frm_fp_l; +%rename(_ldns_rr_new_frm_fp) ldns_rr_new_frm_fp; + + +/* ========================================================================= */ +/* Debugging related code. */ +/* ========================================================================= */ + + +#ifdef LDNS_DEBUG +%rename(__ldns_rr_free) ldns_rr_free; +%inline %{ + void _ldns_rr_free (ldns_rr *r) + { + printf("******** LDNS_RR free 0x%lX ************\n", (long unsigned int)r); + ldns_rr_free(r); + } +%} +#else /* !LDNS_DEBUG */ +%rename(_ldns_rr_free) ldns_rr_free; +#endif /* LDNS_DEBUG */ + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + +/* None. */ + + +/* ========================================================================= */ +/* Encapsulating Python code. */ +/* ========================================================================= */ + + +%feature("docstring") ldns_struct_rr "Resource Record (RR). + +The RR is the basic DNS element that contains actual data. This class allows +to create RR and manipulate with the content. + +Use :meth:`ldns_rr_new`, :meth:`ldns_rr_new_frm_type`, :meth:`new_frm_fp`, +:meth:`new_frm_fp_l`, :meth:`new_frm_str` or :meth:`new_question_frm_str` +to create :class:`ldns_rr` instances. +" + +%extend ldns_struct_rr { + + %pythoncode + %{ + def __init__(self): + raise Exception("This class can't be created directly. " + + "Please use: ldns_rr_new(), ldns_rr_new_frm_type(), " + + "new_frm_fp(), new_frm_fp_l(), new_frm_str() or " + + "new_question_frm_str()") + + __swig_destroy__ = _ldns._ldns_rr_free + + # + # LDNS_RR_CONSTRUCTORS_ + # + + @staticmethod + def new_frm_str(string, default_ttl=0, origin=None, prev=None, raiseException=True): + """ + Creates an rr object from a string. + + The string should be a fully filled-in rr, like "owner_name + [space] TTL [space] CLASS [space] TYPE [space] RDATA." + + :param string: The string to convert. + :type string: str + :param default_ttl: Default ttl value for the rr. + If 0 DEF_TTL will be used. + :type default_ttl: int + :param origin: When the owner is relative add this. + :type origin: :class:`ldns_dname` + :param prev: The previous owner name. + :type prev: :class:`ldns_rdf` + :param raiseException: If True, an exception occurs in case a rr + instance can't be created. + :throws Exception: If `raiseException` is set and fails. + :throws TypeError: When parameters of incorrect types. + :return: (:class:`ldns_rr`) RR instance or None. + + .. note:: + The type checking of `origin` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + + **Usage** + + >>> import ldns + >>> rr = ldns.ldns_rr.new_frm_str("www.nic.cz. IN A 192.168.1.1", 300) + >>> print rr + www.nic.cz. 300 IN A 192.168.1.1 + >>> rr = ldns.ldns_rr.new_frm_str("test.nic.cz. 600 IN A 192.168.1.2") + >>> print rr + test.nic.cz. 600 IN A 192.168.1.2 + + """ + if (not isinstance(origin, ldns_dname)) and \ + isinstance(origin, ldns_rdf) and \ + origin.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_rr.new_frm_str() method will" + + " drop the possibility to accept ldns_rdf as origin." + + " Convert argument to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + status, rr, prev = _ldns.ldns_rr_new_frm_str_(string, default_ttl, + origin, prev) + if status != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create RR, error: %d" % status) + return None + return rr + + @staticmethod + def new_question_frm_str(string, default_ttl=0, origin=None, prev=None, raiseException=True): + """ + Creates an rr object from a string. + + The string is like :meth:`new_frm_str` but without rdata. + + :param string: The string to convert. + :type string: str + :param origin: When the owner is relative add this. + :type origin: :class:`ldns_dname` + :param prev: The previous owner name. + :type prev: :class:`ldns_rdf` + :param raiseException: If True, an exception occurs in case + a rr instance can't be created. + :throws Exception: If `raiseException` is set and fails. + :throws TypeError: When parameters of incorrect types. + :return: (:class:`ldns_rr`) RR instance or None. If the object + can't be created and `raiseException` is True, + an exception occurs. + + .. note:: + The type checking of `origin` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(origin, ldns_dname)) and \ + isinstance(origin, ldns_rdf) and \ + origin.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_rr.new_question_frm_str() method will" + + " drop the possibility to accept ldns_rdf as origin." + + " Convert argument to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + status, rr, prev = _ldns.ldns_rr_new_question_frm_str_(string, + origin, prev) + if status != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create RR, error: %d" % status) + return None + return rr + + @staticmethod + def new_frm_str_prev(string, default_ttl=0, origin=None, prev=None, raiseException=True): + """ + Creates an rr object from a string. + + The string should be a fully filled-in rr, like "owner_name + [space] TTL [space] CLASS [space] TYPE [space] RDATA". + + :param string: The string to convert. + :type string: str + :param default_ttl: Default ttl value for the rr. + If 0 DEF_TTL will be used. + :type default_ttl: int + :param origin: When the owner is relative add this. + :type origin: :class:`ldns_dname` + :param prev: The previous owner name. + :type prev: :class:`ldns_rdf` + :param raiseException: If True, an exception occurs in case when + a rr instance can't be created. + :throws Exception: If `raiseException` is set and fails. + :throws TypeError: When parameters of incorrect types. + :return: None when fails, otherwise a tuple containing: + + * rr - (:class:`ldns_rr`) RR instance or None. + If the object can't be created and `raiseException` + is True, an exception occurs. + + * prev - (:class:`ldns_rdf`) Owner name found in this string + or None. + + .. note:: + The type checking of `origin` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(origin, ldns_dname)) and \ + isinstance(origin, ldns_rdf) and \ + origin.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_rr.new_frm_str_prev() method will" + + " drop the possibility to accept ldns_rdf as origin." + + " Convert argument to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + status, rr, prev = _ldns.ldns_rr_new_frm_str_(string, default_ttl, + origin, prev) + if status != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create RR, error: %d" % status) + return None + return rr, prev + + @staticmethod + def new_frm_fp(file, default_ttl=0, origin=None, prev=None, raiseException=True): + """ + Creates a new rr from a file containing a string. + + :param file: Opened file. + :param default_ttl: If 0 DEF_TTL will be used. + :type default_ttl: int + :param origin: When the owner is relative add this. + :type origin: :class:`ldns_dname` + :param prev: When the owner is white spaces use this. + :type prev: :class:`ldns_rdf` + :param raiseException: If True, an exception occurs in case + a resolver object can't be created. + :throws Exception: If `raiseException` is set and the input + cannot be read. + :throws TypeError: When parameters of incorrect types. + :return: None when fails, otherwise a tuple containing: + + * rr - (:class:`ldns_rr`) RR object or None. If the object + can't be created and `raiseException` is True, + an exception occurs. + + * ttl - (int) None or TTL if the file contains a TTL + directive. + + * origin - (:class:`ldns_rdf`) None or dname rdf if the file + contains a ORIGIN directive. + + * prev - (:class:`ldns_rdf`) None or updated value + of prev parameter. + + .. note:: + The type checking of `origin` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(origin, ldns_dname)) and \ + isinstance(origin, ldns_rdf) and \ + origin.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_rr.new_frm_fp() method will" + + " drop the possibility to accept ldns_rdf as origin." + + " Convert argument to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + res = _ldns.ldns_rr_new_frm_fp_(file, default_ttl, origin, prev) + if res[0] != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create RR, error: %d" % res[0]) + return None + return res[1:] + + @staticmethod + def new_frm_fp_l(file, default_ttl=0, origin=None, prev=None, raiseException=True): + """ + Creates a new rr from a file containing a string. + + :param file: Opened file. + :param default_ttl: If 0 DEF_TTL will be used. + :type default_ttl: int + :param origin: When the owner is relative add this. + :type origin: :class:`ldns_dname` + :param prev: When the owner is white spaces use this. + :type prev: :class:`ldns_rdf` + :param raiseException: If True, an exception occurs in case + a resolver object can't be created. + :throws Exception: If `raiseException` is set and the input + cannot be read. + :throws TypeError: When parameters of incorrect types. + :return: None when fails, otherwise a tuple containing: + + * rr - (:class:`ldns_rr`) RR object or None. If the object + can't be created and `raiseException` is True, + an exception occurs. + + * line - (int) line number (for debugging). + + * ttl - (int) None or TTL if the file contains a TTL + directive . + + * origin - (:class:`ldns_rdf`) None or dname rdf if the file + contains a ORIGIN directive. + + * prev - (:class:`ldns_rdf`) None or updated value of prev + parameter. + + .. note:: + The type checking of `origin` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(origin, ldns_dname)) and \ + isinstance(origin, ldns_rdf) and \ + origin.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_rr.new_frm_fp_l() method will" + + " drop the possibility to accept ldns_rdf as origin." + + " Convert argument to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + res = _ldns.ldns_rr_new_frm_fp_l_(file, default_ttl, origin, prev) + if res[0] != LDNS_STATUS_OK: + if (raiseException): + raise Exception("Can't create RR, error: %d" % res[0]) + return None + return res[1:] + + # + # _LDNS_RR_CONSTRUCTORS + # + + def __str__(self): + """ + Converts the data in the resource record to presentation format. + + :return: (str) + """ + return _ldns.ldns_rr2str(self) + + def __cmp__(self, other): + """ + Compares two rrs. + + The TTL is not looked at. + + :param other: The second RR one. + :type other: :class:`ldns_rr` + :throws TypeError: When `other` of non-:class:`ldns_rr` type. + :return: (int) 0 if equal, -1 if `self` comes before `other`, + 1 if `other` RR comes before `self`. + """ + return _ldns.ldns_rr_compare(self, other) + + def __lt__(self, other): + """ + Compares two rrs. + + The TTL is not looked at. + + :param other: The second RR one. + :type other: :class:`ldns_rr` + :throws TypeError: When `other` of non-:class:`ldns_rr` type. + :return: (bool) True when `self` is less than 'other'. + """ + return _ldns.ldns_rr_compare(self, other) == -1 + + def __le__(self, other): + """ + Compares two rrs. + + The TTL is not looked at. + + :param other: The second RR one. + :type other: :class:`ldns_rr` + :throws TypeError: When `other` of non-:class:`ldns_rr` type. + :return: (bool) True when `self` is less than or equal to + 'other'. + """ + return _ldns.ldns_rr_compare(self, other) != 1 + + def __eq__(self, other): + """ + Compares two rrs. + + The TTL is not looked at. + + :param other: The second RR one. + :type other: :class:`ldns_rr` + :throws TypeError: When `other` of non-:class:`ldns_rr` type. + :return: (bool) True when `self` is equal to 'other'. + """ + return _ldns.ldns_rr_compare(self, other) == 0 + + def __ne__(self, other): + """ + Compares two rrs. + + The TTL is not looked at. + + :param other: The second RR one. + :type other: :class:`ldns_rr` + :throws TypeError: When `other` of non-:class:`ldns_rr` type. + :return: (bool) True when `self` is not equal to 'other'. + """ + return _ldns.ldns_rr_compare(self, other) != 0 + + def __gt__(self, other): + """ + Compares two rrs. + + The TTL is not looked at. + + :param other: The second RR one. + :type other: :class:`ldns_rr` + :throws TypeError: When `other` of non-:class:`ldns_rr` type. + :return: (bool) True when `self` is greater than 'other'. + """ + return _ldns.ldns_rr_compare(self, other) == 1 + + def __ge__(self, other): + """ + Compares two rrs. + + The TTL is not looked at. + + :param other: The second RR one. + :type other: :class:`ldns_rr` + :throws TypeError: When `other` of non-:class:`ldns_rr` type. + :return: (bool) True when `self` is greater than or equal to + 'other'. + """ + return _ldns.ldns_rr_compare(self, other) != -1 + + @staticmethod + def class_by_name(string): + """ + Retrieves a class identifier value by looking up its name. + + :param string: Class name. + :type string: str + :throws TypeError: when `string` of inappropriate type. + :return: (int) Class identifier value, or 0 if not valid + class name given. + """ + return _ldns.ldns_get_rr_class_by_name(string) + + def rdfs(self): + """ + Returns a generator object of rdata records. + + :return: Generator of :class:`ldns_rdf`. + """ + for i in range(0, self.rd_count()): + yield self.rdf(i) + + def print_to_file(self, output): + """ + Prints the data in the resource record to the given file stream + (in presentation format). + + :param output: Opened file stream. + :throws TypeError: When `output` not a file. + """ + _ldns.ldns_rr_print(output, self) + #parameters: FILE *, const ldns_rr *, + + def get_type_str(self): + """ + Converts an RR type value to its string representation, + and returns that string. + + :return: (str) containing type identification. + """ + return _ldns.ldns_rr_type2str(self.get_type()) + #parameters: const ldns_rr_type, + + def get_class_str(self): + """ + Converts an RR class value to its string representation, + and returns that string. + + :return: (str) containing class identification. + """ + return _ldns.ldns_rr_class2str(self.get_class()) + #parameters: const ldns_rr_class, + + @staticmethod + def dnskey_key_size_raw(keydata, len, alg): + """ + Get the length of the keydata in bits. + + :param keydata: Key raw data. + :type keydata: unsigned char \* + :param len: Number of bytes of `keydata`. + :type len: size_t + :param alg: Algorithm identifier. + :type alg: ldns_algorithm + + :return: (size_t) The length of key data in bits. + """ + return _ldns.ldns_rr_dnskey_key_size_raw(keydata, len, alg) + #parameters: const unsigned char *,const size_t,const ldns_algorithm, + #retvals: size_t + + def write_to_buffer(self,buffer,section): + """ + Copies the rr data to the buffer in wire format. + + :param buffer: Buffer to append the result to. + :type buffer: :class:`ldns_buffer` + :param section: The section in the packet this rr is supposed + to be in (to determine whether to add rdata or not). + :type section: int + :throws TypeError: when arguments of mismatching types passed. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_rr2buffer_wire(buffer, self, section) + #parameters: ldns_buffer *,const ldns_rr *,int, + #retvals: ldns_status + + def write_to_buffer_canonical(self,buffer,section): + """ + Copies the rr data to the buffer in wire format, in canonical + format according to RFC3597 (every dname in rdata fields + of RR's mentioned in that RFC will be converted to lower-case). + + :param buffer: Buffer to append the result to. + :type buffer: :class:`ldns_buffer` + :param section: The section in the packet this rr is supposed + to be in (to determine whether to add rdata or not). + :type section: int + :throws TypeError: when arguments of mismatching types passed. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_rr2buffer_wire_canonical(buffer,self,section) + #parameters: ldns_buffer *,const ldns_rr *,int, + #retvals: ldns_status + + def write_data_to_buffer(self, buffer): + """ + Converts an rr's rdata to wire format, while excluding the + owner name and all the stuff before the rdata. + + This is needed in DNSSEC key-tag calculation, the ds + calculation from the key and maybe elsewhere. + + :param buffer: Buffer to append the result to. + :type buffer: :class:`ldns_buffer` + :throws TypeError: when `buffer` of non-:class:`ldns_buffer` + type. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_rr_rdata2buffer_wire(buffer,self) + #parameters: ldns_buffer *, const ldns_rr *, + #retvals: ldns_status + + def write_rrsig_to_buffer(self, buffer): + """ + Converts a rrsig to wire format BUT EXCLUDE the rrsig rdata. + + This is needed in DNSSEC verification. + + :param buffer: Buffer to append the result to. + :type buffer: :class:`ldns_buffer` + :throws TypeError: when `buffer` of non-:class:`ldns_buffer` + type. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_rrsig2buffer_wire(buffer,self) + #parameters: ldns_buffer *,const ldns_rr *, + #retvals: ldns_status + + # + # LDNS_RR_METHODS_ + # + + def a_address(self): + """ + Returns the address rdf of a LDNS_RR_TYPE_A or LDNS_RR_TYPE_AAAA + rr. + + :return: (:class:`ldns_rdf`) with the address or None on + failure. + """ + return _ldns._ldns_rr_a_address(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def a_set_address(self, f): + """ + Sets the address of a LDNS_RR_TYPE_A or LDNS_RR_TYPE_AAAA rr. + + :param f: The address to be set. + :type f: :class:`ldns_rdf` + :throws TypeError: When `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_a_set_address(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def clone(self): + """ + Clones a rr and all its data. + + :return: (:class:`ldns_rr`) The new rr or None on failure. + """ + return _ldns.ldns_rr_clone(self) + #parameters: const ldns_rr *, + #retvals: ldns_rr * + + def compare_ds(self, rr2): + """ + Returns True if the given rr's are equal. + + Also returns True if one record is a DS that represents the + same DNSKEY record as the other record. + + :param rr2: The second rr. + :type rr2: :class:`ldns_rr` + :throws TypeError: When `rr2` of non-:class:`ldns_rr` type. + :return: (bool) True if equal otherwise False. + """ + return _ldns.ldns_rr_compare_ds(self, rr2) + #parameters: const ldns_rr *, const ldns_rr *, + #retvals: bool + + def compare_no_rdata(self, rr2): + """ + Compares two rrs, up to the rdata. + + :param rr2: Rhe second rr. + :type rr2: :class:`ldns_rr` + :throws TypeError: When `rr2` of non-:class:`ldns_rr` type. + :return: (int) 0 if equal, negative integer if `self` comes + before `rr2`, positive integer if `rr2` comes before `self`. + """ + return _ldns.ldns_rr_compare_no_rdata(self, rr2) + #parameters: const ldns_rr *, const ldns_rr *, + #retvals: int + + def dnskey_algorithm(self): + """ + Returns the algorithm of a LDNS_RR_TYPE_DNSKEY rr. + + :return: (:class:`ldns_rdf`) with the algorithm or None + on failure. + """ + return _ldns._ldns_rr_dnskey_algorithm(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def dnskey_flags(self): + """ + Returns the flags of a LDNS_RR_TYPE_DNSKEY rr. + + :return: (:class:`ldns_rdf`) with the flags or None on failure. + """ + return _ldns._ldns_rr_dnskey_flags(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def dnskey_key(self): + """ + Returns the key data of a LDNS_RR_TYPE_DNSKEY rr. + + :return: (:class:`ldns_rdf`) with the key data or None on + failure. + """ + return _ldns._ldns_rr_dnskey_key(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def dnskey_key_size(self): + """ + Get the length of the keydata in bits. + + :return: (size_t) the keysize in bits. + """ + return _ldns.ldns_rr_dnskey_key_size(self) + #parameters: const ldns_rr *, + #retvals: size_t + + def dnskey_protocol(self): + """ + Returns the protocol of a LDNS_RR_TYPE_DNSKEY rr. + + :return: (:class:`ldns_rdf`) with the protocol or None on + failure. + """ + return _ldns._ldns_rr_dnskey_protocol(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def dnskey_set_algorithm(self, f): + """ + Sets the algorithm of a LDNS_RR_TYPE_DNSKEY rr + + :param f: The algorithm to set. + :type f: :class:`ldns_rdf` + :throws TypeError: When `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_dnskey_set_algorithm(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def dnskey_set_flags(self, f): + """ + Sets the flags of a LDNS_RR_TYPE_DNSKEY rr. + + :param f: The flags to be set. + :type f: :class:`ldns_rdf` + :throws TypeError: When `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_dnskey_set_flags(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def dnskey_set_key(self, f): + """ + Sets the key data of a LDNS_RR_TYPE_DNSKEY rr. + + :param f: The key data to set. + :type f: :class:`ldns_rdf` + :throws TypeError: When `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_dnskey_set_key(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def dnskey_set_protocol(self,f): + """ + Sets the protocol of a LDNS_RR_TYPE_DNSKEY rr. + + :param f: The protocol to set. + :type f: :class:`ldns_rdf` + :throws TypeError: When `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_dnskey_set_protocol(self,f) + #parameters: ldns_rr *,ldns_rdf *, + #retvals: bool + + def get_class(self): + """ + Returns the class of the rr. + + :return: (int) The class identifier of the rr. + """ + return _ldns.ldns_rr_get_class(self) + #parameters: const ldns_rr *, + #retvals: ldns_rr_class + + def get_type(self): + """ + Returns the type of the rr. + + :return: (int) The type identifier of the rr. + """ + return _ldns.ldns_rr_get_type(self) + #parameters: const ldns_rr *, + #retvals: ldns_rr_type + + def is_question(self): + """ + Returns the question flag of a rr structure. + + :return: (bool) True if question flag is set. + """ + return _ldns.ldns_rr_is_question(self) + + def label_count(self): + """ + Counts the number of labels of the owner name. + + :return: (int) The number of labels. + """ + return _ldns.ldns_rr_label_count(self) + #parameters: ldns_rr *, + #retvals: uint8_t + + def mx_exchange(self): + """ + Returns the mx host of a LDNS_RR_TYPE_MX rr. + + :return: (:class:`ldns_rdf`) with the name of the MX host + or None on failure. + """ + return _ldns._ldns_rr_mx_exchange(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def mx_preference(self): + """ + Returns the mx preference of a LDNS_RR_TYPE_MX rr. + + :return: (:class:`ldns_rdf`) with the preference or None + on failure. + """ + return _ldns._ldns_rr_mx_preference(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def ns_nsdname(self): + """ + Returns the name of a LDNS_RR_TYPE_NS rr. + + :return: (:class:`ldns_rdf`) A dname rdf with the name or + None on failure. + """ + return _ldns._ldns_rr_ns_nsdname(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def owner(self): + """ + Returns the owner name of an rr structure. + + :return: (:class:`ldns_dname`) Owner name or None on failure. + """ + rdf = _ldns._ldns_rr_owner(self) + if rdf: + rdf = ldns_dname(rdf, clone=False) + return rdf + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def pop_rdf(self): + """ + Removes a rd_field member, it will be popped from the last + position. + + :return: (:class:`ldns_rdf`) rdf which was popped, None if + nothing. + """ + return _ldns.ldns_rr_pop_rdf(self) + #parameters: ldns_rr *, + #retvals: ldns_rdf * + + def push_rdf(self,f): + """ + Sets rd_field member, it will be placed in the next available + spot. + + :param f: The rdf to be appended. + :type f: :class:`ldns_rdf` + :throws TypeError: When `f` of non-:class:`ldns_rdf` type. + :return: (bool) Returns True if success, False otherwise. + """ + return _ldns._ldns_rr_push_rdf(self, f) + #parameters: ldns_rr *, const ldns_rdf *, + #retvals: bool + + def rd_count(self): + """ + Returns the rd_count of an rr structure. + + :return: (size_t) the rd count of the rr. + """ + return _ldns.ldns_rr_rd_count(self) + #parameters: const ldns_rr *, + #retvals: size_t + + def rdf(self, nr): + """ + Returns the rdata field with the given index. + + :param nr: The index of the rdf to return. + :type nr: positive int + :throws TypeError: When `nr` not a positive integer. + :return: (:class:`ldns_rdf`) The given rdf or None if fails. + """ + return _ldns._ldns_rr_rdf(self, nr) + #parameters: const ldns_rr *, size_t, + #retvals: ldns_rdf * + + def rrsig_algorithm(self): + """ + Returns the algorithm identifier of a LDNS_RR_TYPE_RRSIG RR. + + :return: (:class:`ldns_rdf`) with the algorithm or None + on failure. + """ + return _ldns._ldns_rr_rrsig_algorithm(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def rrsig_expiration(self): + """ + Returns the expiration time of a LDNS_RR_TYPE_RRSIG RR. + + :return: (:class:`ldns_rdf`) with the expiration time or None + on failure. + """ + return _ldns._ldns_rr_rrsig_expiration(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def rrsig_inception(self): + """ + Returns the inception time of a LDNS_RR_TYPE_RRSIG RR. + + :return: (:class:`ldns_rdf`) with the inception time or None + on failure. + """ + return _ldns._ldns_rr_rrsig_inception(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def rrsig_keytag(self): + """ + Returns the keytag of a LDNS_RR_TYPE_RRSIG RR. + + :return: (:class:`ldns_rdf`) with the keytag or None on failure. + """ + return _ldns._ldns_rr_rrsig_keytag(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def rrsig_labels(self): + """ + Returns the number of labels of a LDNS_RR_TYPE_RRSIG RR. + + :return: (:class:`ldns_rdf`) with the number of labels or None + on failure. + """ + return _ldns._ldns_rr_rrsig_labels(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def rrsig_origttl(self): + """ + Returns the original TTL of a LDNS_RR_TYPE_RRSIG RR. + + :return: (:class:`ldns_rdf`) with the original TTL or None + on failure. + """ + return _ldns._ldns_rr_rrsig_origttl(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def rrsig_set_algorithm(self, f): + """ + Sets the algorithm of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The algorithm to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_algorithm(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_set_expiration(self, f): + """ + Sets the expiration date of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The expiration date to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_expiration(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_set_inception(self, f): + """ + Sets the inception date of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The inception date to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_inception(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_set_keytag(self, f): + """ + Sets the keytag of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The keytag to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_keytag(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_set_labels(self, f): + """ + Sets the number of labels of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The number of labels to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_labels(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_set_origttl(self, f): + """ + Sets the original TTL of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The original TTL to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_origttl(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_set_sig(self, f): + """ + Sets the signature data of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The signature data to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_sig(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_set_signame(self, f): + """ + Sets the signers name of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The signers name to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_signame(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_set_typecovered(self, f): + """ + Sets the typecovered of a LDNS_RR_TYPE_RRSIG rr. + + :param f: The type covered to set. + :type f: :class:`ldns_rdf` + :throws TypeError: when `f` of non-:class:`ldns_rdf` type. + :return: (bool) True on success, False otherwise. + """ + return _ldns._ldns_rr_rrsig_set_typecovered(self, f) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: bool + + def rrsig_sig(self): + """ + Returns the signature data of a LDNS_RR_TYPE_RRSIG RR. + + :return: (:class:`ldns_rdf`) with the signature data or None + on failure. + """ + return _ldns._ldns_rr_rrsig_sig(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def rrsig_signame(self): + """ + Returns the signers name of a LDNS_RR_TYPE_RRSIG RR. + + :return: (:class:`ldns_rdf`) with the signers name or None + on failure. + """ + return _ldns._ldns_rr_rrsig_signame(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def rrsig_typecovered(self): + """ + Returns the type covered of a LDNS_RR_TYPE_RRSIG rr. + + :return: (:class:`ldns_rdf`) with the type covered or None + on failure. + """ + return _ldns._ldns_rr_rrsig_typecovered(self) + #parameters: const ldns_rr *, + #retvals: ldns_rdf * + + def set_class(self, rr_class): + """ + Sets the class in the rr. + + :param rr_class: Set to this class. + :type rr_class: int + :throws TypeError: when `rr_class` of non-integer type. + """ + _ldns.ldns_rr_set_class(self, rr_class) + #parameters: ldns_rr *, ldns_rr_class, + #retvals: + + def set_owner(self, owner): + """ + Sets the owner in the rr structure. + + :param owner: Owner name. + :type owner: :class:`ldns_dname` + :throws TypeError: when `owner` of non-:class:`ldns_dname` type. + + .. note:: + The type checking of `owner` is benevolent. + It allows also to pass a dname :class:`ldns_rdf` object. + This will probably change in future. + """ + if (not isinstance(owner, ldns_dname)) and \ + isinstance(owner, ldns_rdf) and \ + owner.get_type() == _ldns.LDNS_RDF_TYPE_DNAME: + warnings.warn("The ldns_rr.new_frm_str() method will" + + " drop the possibility to accept ldns_rdf as owner." + + " Convert argument to ldns_dname.", + PendingDeprecationWarning, stacklevel=2) + _ldns._ldns_rr_set_owner(self, owner) + #parameters: ldns_rr *, ldns_rdf *, + #retvals: + + def set_question(self, question): + """ + Sets the question flag in the rr structure. + + :param question: Question flag. + :type question: bool + """ + _ldns.ldns_rr_set_question(self, question) + #parameters: ldns_rr *, bool, + #retvals: + + def set_rd_count(self, count): + """ + Sets the rd_count in the rr. + + :param count: Set to this count. + :type count: positive int + :throws TypeError: when `count` of non-integer type. + """ + _ldns.ldns_rr_set_rd_count(self, count) + #parameters: ldns_rr *, size_t, + #retvals: + + def set_rdf(self, f, position): + """ + Sets a rdf member, it will be set on the position given. + + The old value is returned, like pop. + + :param f: The rdf to be set. + :type f: :class:`ldns_rdf` + :param position: The position the set the rdf. + :type position: positive int + :throws TypeError: when mismatching types passed. + :return: (:class:`ldns_rdf`) the old value in the rr, None + on failure. + """ + return _ldns._ldns_rr_set_rdf(self, f, position) + #parameters: ldns_rr *, const ldns_rdf *, size_t, + #retvals: ldns_rdf * + + def set_ttl(self, ttl): + """ + Sets the ttl in the rr structure. + + :param ttl: Set to this ttl. + :type ttl: positive int + :throws TypeError: when `ttl` of non-integer type. + """ + _ldns.ldns_rr_set_ttl(self, ttl) + #parameters: ldns_rr *, uint32_t, + #retvals: + + def set_type(self, rr_type): + """ + Sets the type in the rr. + + :param rr_type: Set to this type. + :type rr_type: integer + :throws TypeError: when `rr_type` of non-integer type. + """ + _ldns.ldns_rr_set_type(self, rr_type) + #parameters: ldns_rr *, ldns_rr_type, + #retvals: + + def to_canonical(self): + """ + Converts each dname in a rr to its canonical form. + """ + _ldns.ldns_rr2canonical(self) + + def ttl(self): + """ + Returns the ttl of an rr structure. + + :return: (int) the ttl of the rr. + """ + return _ldns.ldns_rr_ttl(self) + #parameters: const ldns_rr *, + #retvals: uint32_t + + @staticmethod + def type_by_name(string): + """ + Retrieves a rr type identifier value by looking up its name. + + Returns 0 if invalid name passed. + + :param string: RR type name. + :type string: str + :throws TypeError: when `string` of inappropriate type. + :return: (int) RR type identifier, or 0 if no matching value + to identifier found. + """ + return _ldns.ldns_get_rr_type_by_name(string) + + def uncompressed_size(self): + """ + Calculates the uncompressed size of an RR. + + :return: (integer) size of the rr. + """ + return _ldns.ldns_rr_uncompressed_size(self) + #parameters: const ldns_rr *, + #retvals: size_t + + # + # _LDNS_RR_METHODS + # + %} +} + + +/* ========================================================================= */ +/* SWIG setting and definitions. */ +/* ========================================================================= */ + + +%nodefaultctor ldns_struct_rr_list; /* No default constructor. */ +%nodefaultdtor ldns_struct_rr_list; /* No default destructor. */ + +%ignore ldns_struct_rr_list::_rrs; + +%newobject ldns_rr_list_cat_clone; +%newobject ldns_rr_list_clone; +%newobject ldns_rr_list_pop_rr; +%newobject ldns_rr_list_pop_rr_list; +%newobject ldns_rr_list_pop_rrset; +%newobject ldns_rr_list_rr; +%newobject ldns_rr_list_new; +%newobject ldns_get_rr_list_hosts_frm_file; +%newobject ldns_rr_list_subtype_by_rdf; +%newobject ldns_rr_list2str; +%delobject ldns_rr_list_deep_free; +%delobject ldns_rr_list_free; + +/* Clone data on push. */ + +%rename(__ldns_rr_list_push_rr) ldns_rr_list_push_rr; +%inline +%{ + bool _ldns_rr_list_push_rr(ldns_rr_list* r, ldns_rr *rr) + { + bool ret; + ldns_rr *new; + + new = ldns_rr_clone(rr); + if (!(ret = ldns_rr_list_push_rr(r, new))) { + ldns_rr_free(new); + } + return ret; + } +%} + +%rename(__ldns_rr_list_push_rr_list) ldns_rr_list_push_rr_list; +%inline +%{ + bool _ldns_rr_list_push_rr_list(ldns_rr_list* r, ldns_rr_list *r2) + { + bool ret; + ldns_rr_list *new; + + new = ldns_rr_list_clone(r2); + if (!(ret = ldns_rr_list_push_rr_list(r, new))) { + ldns_rr_list_deep_free(new); + } + return ret; + } +%} + + +%newobject _ldns_rr_list_set_rr; +%rename(__ldns_rr_list_set_rr) ldns_rr_list_set_rr; +%inline +%{ + ldns_rr * _ldns_rr_list_set_rr(ldns_rr_list * rrl, ldns_rr *rr, + size_t idx) + { + ldns_rr *ret; + ldns_rr *new; + + new = ldns_rr_clone(rr); + if ((ret = ldns_rr_list_set_rr(rrl, new, idx)) == NULL) { + ldns_rr_free(new); + } + return ret; + } +%} + + +%rename(__ldns_rr_list_cat) ldns_rr_list_cat; +%inline +%{ + bool _ldns_rr_list_cat(ldns_rr_list *r, ldns_rr_list *r2) + { + return ldns_rr_list_cat(r, ldns_rr_list_clone(r2)); + } +%} + + +/* End clone data on push. */ + + +/* Clone data on pull. */ + +%newobject _ldns_rr_list_rr; +%rename(__ldns_rr_list_rr) ldns_rr_list_rr; +%inline +%{ + ldns_rr * _ldns_rr_list_rr(ldns_rr_list *r, int i) + { + ldns_rr *rr; + rr = ldns_rr_list_rr(r, i); + return (rr != NULL) ? ldns_rr_clone(rr) : NULL; + } +%} + +%newobject _ldns_rr_list_owner; +%rename(__ldns_rr_list_owner) ldns_rr_list_owner; +%inline +%{ + ldns_rdf * _ldns_rr_list_owner(ldns_rr_list *r) + { + ldns_rdf *rdf; + rdf = ldns_rr_list_owner(r); + return (rdf != NULL) ? ldns_rdf_clone(rdf) : NULL; + } +%} + + +/* End clone data on pull. */ + + +/* ========================================================================= */ +/* Debugging related code. */ +/* ========================================================================= */ + + +%rename(ldns_rr_list) ldns_struct_rr_list; +#ifdef LDNS_DEBUG +%rename(__ldns_rr_list_deep_free) ldns_rr_list_deep_free; +%rename(__ldns_rr_list_free) ldns_rr_list_free; +%inline +%{ + void _ldns_rr_list_deep_free(ldns_rr_list *r) + { + printf("******** LDNS_RR_LIST deep free 0x%lX ************\n", + (long unsigned int) r); + ldns_rr_list_deep_free(r); + } + + void _ldns_rr_list_free(ldns_rr_list *r) + { + printf("******** LDNS_RR_LIST deep free 0x%lX ************\n", + (long unsigned int) r); + ldns_rr_list_free(r); + } +%} +#else +%rename(_ldns_rr_list_deep_free) ldns_rr_list_deep_free; +%rename(_ldns_rr_list_free) ldns_rr_list_free; +#endif + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + + +/* None. */ + + +/* ========================================================================= */ +/* Encapsulating Python code. */ +/* ========================================================================= */ + + +%feature("docstring") ldns_struct_rr_list "List of Resource Records. + +This class contains a list of RR's (see :class:`ldns.ldns_rr`). +" + +%extend ldns_struct_rr_list { + + %pythoncode + %{ + def __init__(self): + self.this = _ldns.ldns_rr_list_new() + if not self.this: + raise Exception("Can't create new RR_LIST") + + __swig_destroy__ = _ldns._ldns_rr_list_deep_free + + # + # LDNS_RR_LIST_CONSTRUCTORS_ + # + + @staticmethod + def new(raiseException=True): + """ + Creates an empty RR List object. + + :param raiseException: Set to True if an exception should + signal an error. + :type raiseException: bool + :throws Exception: when `raiseException` is True and error + occurs. + :return: :class:`ldns_rr_list` Empty RR list. + """ + rrl = _ldns.ldns_rr_list_new() + if (not rrl) and raiseException: + raise Exception("Can't create RR List.") + return rrl + + @staticmethod + def new_frm_file(filename="/etc/hosts", raiseException=True): + """ + Creates an RR List object from file content. + + Goes through a file and returns a rr list containing + all the defined hosts in there. + + :param filename: The filename to use. + :type filename: str + :param raiseException: Set to True if an exception should + signal an error. + :type raiseException: bool + :throws TypeError: when `filename` of inappropriate type. + :throws Exception: when `raiseException` is True and error + occurs. + :return: RR List object or None. If the object can't be + created and `raiseException` is True, an exception occurs. + + **Usage** + + >>> alist = ldns.ldns_rr_list.new_frm_file() + >>> print alist + localhost. 3600 IN A 127.0.0.1 + ... + + """ + rr = _ldns.ldns_get_rr_list_hosts_frm_file(filename) + if (not rr) and (raiseException): + raise Exception("Can't create RR List.") + return rr + + # + # _LDNS_RR_LIST_CONSTRUCTORS + # + + def __str__(self): + """ + Converts a list of resource records to presentation format. + + :return: (str) Presentation format. + """ + return _ldns.ldns_rr_list2str(self) + + def print_to_file(self, output): + """ + Print a rr_list to output. + + :param output: Opened file to print to. + :throws TypeError: when `output` of inappropriate type. + """ + _ldns.ldns_rr_list_print(output, self) + + + def to_canonical(self): + """ + Converts each dname in each rr in a rr_list to its canonical + form. + """ + _ldns.ldns_rr_list2canonical(self) + #parameters: ldns_rr_list *, + #retvals: + + def rrs(self): + """ + Returns a generator object of a list of rr records. + + :return: (generator) generator object. + """ + for i in range(0, self.rr_count()): + yield self.rr(i) + + def is_rrset(self): + """ + Checks if the rr list is a rr set. + + :return: (bool) True if rr list is a rr set. + """ + return _ldns.ldns_is_rrset(self) + + def __cmp__(self, rrl2): + """ + Compares two rr lists. + + :param rrl2: The second one. + :type rrl2: :class:`ldns_rr_list` + :throws TypeError: when `rrl2` of non-:class:`ldns_rr_list` + type. + :return: (int) 0 if equal, -1 if this list comes before + `rrl2`, 1 if `rrl2` comes before this list. + """ + return _ldns.ldns_rr_list_compare(self, rrl2) + + def __lt__(self, other): + """ + Compares two rr lists. + + :param other: The second one. + :type other: :class:`ldns_rr_list` + :throws TypeError: when `other` of non-:class:`ldns_rr_list` + type. + :return: (bool) True when `self` is less than 'other'. + """ + return _ldns.ldns_rr_list_compare(self, other) == -1 + + def __le__(self, other): + """ + Compares two rr lists. + + :param other: The second one. + :type other: :class:`ldns_rr_list` + :throws TypeError: when `other` of non-:class:`ldns_rr_list` + type. + :return: (bool) True when `self` is less than or equal to + 'other'. + """ + return _ldns.ldns_rr_list_compare(self, other) != 1 + + def __eq__(self, other): + """ + Compares two rr lists. + + :param other: The second one. + :type other: :class:`ldns_rr_list` + :throws TypeError: when `other` of non-:class:`ldns_rr_list` + type. + :return: (bool) True when `self` is equal to 'other'. + """ + return _ldns.ldns_rr_list_compare(self, other) == 0 + + def __ne__(self, other): + """ + Compares two rr lists. + + :param other: The second one. + :type other: :class:`ldns_rr_list` + :throws TypeError: when `other` of non-:class:`ldns_rr_list` + type. + :return: (bool) True when `self` is not equal to 'other'. + """ + return _ldns.ldns_rr_list_compare(self, other) != 0 + + def __gt__(self, other): + """ + Compares two rr lists. + + :param other: The second one. + :type other: :class:`ldns_rr_list` + :throws TypeError: when `other` of non-:class:`ldns_rr_list` + type. + :return: (bool) True when `self` is greater than 'other'. + """ + return _ldns.ldns_rr_list_compare(self, other) == 1 + + def __ge__(self, other): + """ + Compares two rr lists. + + :param other: The second one. + :type other: :class:`ldns_rr_list` + :throws TypeError: when `other` of non-:class:`ldns_rr_list` + type. + :return: (bool) True when `self` is greater than or equal to + 'other'. + """ + return _ldns.ldns_rr_list_compare(self, other) != -1 + + def write_to_buffer(self, buffer): + """ + Copies the rr_list data to the buffer in wire format. + + :param buffer: Output buffer to append the result to. + :type buffer: :class:`ldns_buffer` + :throws TypeError: when `buffer` of non-:class:`ldns_buffer` + type. + :return: (ldns_status) ldns_status + """ + return _ldns.ldns_rr_list2buffer_wire(buffer, self) + + # + # LDNS_RR_LIST_METHODS_ + # + + def cat(self, right): + """ + Concatenates two ldns_rr_lists together. + + This modifies rr list (to extend it and adds RRs from right). + + :param right: The right-hand side. + :type right: :class:`ldns_rr_list` + :throws TypeError: when `right` of non-:class:`ldns_rr_list` + type. + :return: (bool) True if success. + """ + return _ldns._ldns_rr_list_cat(self, right) + #parameters: ldns_rr_list *, ldns_rr_list *, + #retvals: bool + + def cat_clone(self, right): + """ + Concatenates two ldns_rr_lists together, creates a new list + of the rr's (instead of appending the content to an existing + list). + + :param right: The right-hand side. + :type right: :class:`ldns_rr_list` + :throws TypeError: when `right` of non-:class:`ldns_rr_list` + type. + :return: (:class:`ldns_rr_list`) rr list with left-hand side + + right-hand side concatenated, on None on error. + """ + return _ldns.ldns_rr_list_cat_clone(self, right) + #parameters: ldns_rr_list *, ldns_rr_list *, + #retvals: ldns_rr_list * + + def clone(self): + """ + Clones an rrlist. + + :return: (:class:`ldns_rr_list`) the cloned rr list, + or None on error. + """ + return _ldns.ldns_rr_list_clone(self) + #parameters: const ldns_rr_list *, + #retvals: ldns_rr_list * + + def contains_rr(self, rr): + """ + Returns True if the given rr is one of the rrs in the list, + or if it is equal to one. + + :param rr: The rr to check. + :type rr: :class:`ldns_rr` + :throws TypeError: when `rr` of non-:class:`ldns_rr` type. + :return: (bool) True if rr_list contains `rr`, False otherwise. + """ + return _ldns.ldns_rr_list_contains_rr(self, rr) + #parameters: const ldns_rr_list *, ldns_rr *, + #retvals: bool + + def owner(self): + """ + Returns the owner domain name rdf of the first element of + the RR. If there are no elements present, None is returned. + + :return: (:class:`ldns_dname`) dname of the first element, + or None if the list is empty. + """ + rdf = _ldns._ldns_rr_list_owner(self) + if rdf: + rdf = ldns_dname(rdf, clone=False) + return rdf + #parameters: const ldns_rr_list *, + #retvals: ldns_rdf * + + def pop_rr(self): + """ + Pops the last rr from an rrlist. + + :return: (:class:`ldns_rr`) None if nothing to pop. + Otherwise the popped RR. + """ + rr = _ldns.ldns_rr_list_pop_rr(self) + return rr + #parameters: ldns_rr_list *, + #retvals: ldns_rr * + + def pop_rr_list(self, size): + """ + Pops an rr_list of size s from an rrlist. + + :param size: The number of rr's to pop. + :type size: positive int + :throws TypeError: when `size` of inappropriate type. + :return: (:class:`ldns_rr_list`) None if nothing to pop. + Otherwise the popped rr list. + """ + return _ldns.ldns_rr_list_pop_rr_list(self, size) + #parameters: ldns_rr_list *, size_t, + #retvals: ldns_rr_list * + + def pop_rrset(self): + """ + Pops the first rrset from the list, the list must be sorted, + so that all rr's from each rrset are next to each other. + + :return: (:class:`ldns_rr_list`) the first rrset, or None when + empty. + """ + return _ldns.ldns_rr_list_pop_rrset(self) + #parameters: ldns_rr_list *, + #retvals: ldns_rr_list * + + def push_rr(self, rr): + """ + Pushes an rr to an rrlist. + + :param rr: The rr to push. + :type rr: :class:`ldns_rr` + :throws TypeError: when `rr` of non-:class:`ldns_rr` type. + :return: (bool) False on error, otherwise True. + """ + return _ldns._ldns_rr_list_push_rr(self, rr) + #parameters: ldns_rr_list *, const ldns_rr *, + #retvals: bool + + def push_rr_list(self, push_list): + """ + Pushes an rr list to an rr list. + + :param push_list: The rr_list to push. + :type push_list: :class:`ldns_rr_list` + :throws TypeError: when `push_list` of non-:class:`ldns_rr_list` + type. + :returns: (bool) False on error, otherwise True. + """ + return _ldns._ldns_rr_list_push_rr_list(self, push_list) + #parameters: ldns_rr_list *, const ldns_rr_list *, + #retvals: bool + + def rr(self, nr): + """ + Returns a specific rr of an rrlist. + + :param nr: Index of the desired rr. + :type nr: positive int + :throws TypeError: when `nr` of inappropriate type. + :return: (:class:`ldns_rr`) The rr at position `nr`, or None + if failed. + """ + return _ldns._ldns_rr_list_rr(self, nr) + #parameters: const ldns_rr_list *, size_t, + #retvals: ldns_rr * + + def rr_count(self): + """ + Returns the number of rr's in an rr_list. + + :return: (int) The number of rr's. + """ + return _ldns.ldns_rr_list_rr_count(self) + #parameters: const ldns_rr_list *, + #retvals: size_t + + def set_rr(self, r, idx): + """ + Set a rr on a specific index in a ldns_rr_list. + + :param r: The rr to set. + :type r: :class:`ldns_rr` + :param idx: Index into the rr_list. + :type idx: positive int + :throws TypeError: when parameters of inappropriate types. + :return: (:class:`ldns_rr`) the old rr which was stored in + the rr_list, or None if the index was too large + to set a specific rr. + """ + return _ldns._ldns_rr_list_set_rr(self, r, idx) + #parameters: ldns_rr_list *, const ldns_rr *, size_t, + #retvals: ldns_rr * + + def set_rr_count(self, count): + """ + Sets the number of rr's in an rr_list. + + :param count: The number of rr in this list. + :type count: positive int + :throws TypeError: when `count` of non-integer type. + :throws Exception: when `count` out of acceptable range. + + .. warning:: + Don't use this method unless you really know what you + are doing. + """ + # The function C has a tendency to generate an assertion fail when + # the count exceeds the list's capacity -- therefore the checking + # code. + if isinstance(count, int) and \ + ((count < 0) or (count > self._rr_capacity)): + raise Exception("Given count %d is out of range " % (count) + + "of the rr list's capacity %d." % (self._rr_capacity)) + _ldns.ldns_rr_list_set_rr_count(self, count) + #parameters: ldns_rr_list *, size_t, + #retvals: + + def sort(self): + """ + Sorts an rr_list (canonical wire format). + """ + _ldns.ldns_rr_list_sort(self) + #parameters: ldns_rr_list *, + #retvals: + + def subtype_by_rdf(self, r, pos): + """ + Return the rr_list which matches the rdf at position field. + + Think type-covered stuff for RRSIG. + + :param r: The rdf to use for the comparison. + :type r: :class:`ldns_rdf` + :param pos: At which position we can find the rdf. + :type pos: positive int + :throws TypeError: when parameters of inappropriate types. + :return: (:class:`ldns_rr_list`) a new rr list with only + the RRs that match, or None when nothing matches. + """ + return _ldns.ldns_rr_list_subtype_by_rdf(self, r, pos) + #parameters: ldns_rr_list *, ldns_rdf *, size_t, + #retvals: ldns_rr_list * + + def type(self): + """ + Returns the type of the first element of the RR. + + If there are no elements present, 0 is returned. + + :return: (int) rr_type of the first element, + or 0 if the list is empty. + """ + return _ldns.ldns_rr_list_type(self) + #parameters: const ldns_rr_list *, + #retvals: ldns_rr_type + + # + # _LDNS_RR_LIST_METHODS + # + %} +} + + +/* ========================================================================= */ +/* SWIG setting and definitions. */ +/* ========================================================================= */ + + +%newobject ldns_rr_descript; + +%nodefaultctor ldns_struct_rr_descriptor; /* No default constructor. */ +%nodefaultdtor ldns_struct_rr_descriptor; /* No default destructor.*/ +%rename(ldns_rr_descriptor) ldns_struct_rr_descriptor; + + +/* ========================================================================= */ +/* Debugging related code. */ +/* ========================================================================= */ + +/* None. */ + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + + +%inline +%{ + /* + * Does nothing, but keeps the SWIG wrapper quiet about absent destructor. + */ + void ldns_rr_descriptor_dummy_free(const ldns_rr_descriptor *rd) + { + (void) rd; + } +%} + + +/* ========================================================================= */ +/* Encapsulating Python code. */ +/* ========================================================================= */ + + +%feature("docstring") ldns_struct_rr_descriptor "Resource Record descriptor. + +This structure contains, for all rr types, the rdata fields that are defined. + +In order to create a class instance use :meth:`ldns_rr_descriptor`. +" + +%extend ldns_struct_rr_descriptor { + %pythoncode + %{ + def __init__(self, rr_type): + """ + Returns the resource record descriptor for the given type. + + :param rr_type: RR type. + :type rr_type: int + :throws TypeError: when `rr_type` of inappropriate type. + :return: (:class:`ldns_rr_descriptor`) RR descriptor class. + """ + self.this = self.ldns_rr_descriptor(rr_type) + + def __str__(self): + raise Exception("The content of this class cannot be printed.") + + __swig_destroy__ = _ldns.ldns_rr_descriptor_dummy_free + + # + # LDNS_RR_DESCRIPTOR_CONSTRUCTORS_ + # + + @staticmethod + def ldns_rr_descriptor(rr_type): + """ + Returns the resource record descriptor for the given type. + + :param rr_type: RR type. + :type rr_type: int + :throws TypeError: when `rr_type` of inappropriate type. + :return: (:class:`ldns_rr_descriptor`) RR descriptor class. + """ + return _ldns.ldns_rr_descript(rr_type) + #parameters: uint16_t + #retvals: const ldns_rr_descriptor * + + # + # _LDNS_RR_DESCRIPTOR_CONSTRUCTORS + # + + # + # LDNS_RR_DESCRIPTOR_METHODS_ + # + + def field_type(self, field): + """ + Returns the rdf type for the given rdata field number of the + rr type for the given descriptor. + + :param field: The field number. + :type field: positive int + :throws TypeError: when `field` of non-integer type. + :return: (int) the rdf type for the field. + """ + return _ldns.ldns_rr_descriptor_field_type(self, field) + #parameters: const ldns_rr_descriptor *, size_t, + #retvals: ldns_rdf_type + + def maximum(self): + """ + Returns the maximum number of rdata fields of the rr type this + descriptor describes. + + :return: (int) the maximum number of rdata fields. + """ + return _ldns.ldns_rr_descriptor_maximum(self) + #parameters: const ldns_rr_descriptor *, + #retvals: size_t + + def minimum(self): + """ + Returns the minimum number of rdata fields of the rr type this + descriptor describes. + + :return: (int) the minimum number of rdata fields. + """ + return _ldns.ldns_rr_descriptor_minimum(self) + #parameters: const ldns_rr_descriptor *, + #retvals: size_t + + # + # _LDNS_RR_DESCRIPTOR_METHODS + # + %} +} + + +/* ========================================================================= */ +/* Added C code. */ +/* ========================================================================= */ + + +/* + * rrsig checking wrappers + * + * Copying of rr pointers into the good_keys list leads to double free + * problems, therefore we provide two options - either ignore the keys + * or get list of indexes of the keys. The latter allows fetching of the + * keys later on from the original key set. + */ + +%rename(__ldns_verify_rrsig_keylist) ldns_verify_rrsig_keylist; +%inline +%{ + ldns_status ldns_verify_rrsig_keylist_status_only(ldns_rr_list *rrset, + ldns_rr *rrsig, const ldns_rr_list *keys) + { + ldns_rr_list *good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist(rrset, rrsig, keys, + good_keys); + ldns_rr_list_free(good_keys); + return status; + } +%} + +%rename(__ldns_verify_rrsig_keylist) ldns_verify_rrsig_keylist; +%inline +%{ + PyObject* ldns_verify_rrsig_keylist_(ldns_rr_list *rrset, + ldns_rr *rrsig, const ldns_rr_list *keys) + { + PyObject* tuple; + PyObject* keylist; + ldns_rr_list *good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist(rrset, rrsig, keys, + good_keys); + + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(status)); + keylist = PyList_New(0); + if (status == LDNS_STATUS_OK) { + unsigned int i; + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) { + if (ldns_rr_list_contains_rr(good_keys, ldns_rr_list_rr(keys, i))) { + PyList_Append(keylist, SWIG_From_int(i)); + } + } + } + PyTuple_SetItem(tuple, 1, keylist); + ldns_rr_list_free(good_keys); + return tuple; + } +%} + + +%rename(__ldns_verify_rrsig_keylist_notime) ldns_verify_rrsig_keylist_notime; +%inline +%{ + ldns_status ldns_verify_rrsig_keylist_notime_status_only(ldns_rr_list *rrset, + ldns_rr *rrsig, const ldns_rr_list *keys) + { + ldns_rr_list *good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, + good_keys); + ldns_rr_list_free(good_keys); + return status; + } +%} + +%rename(__ldns_verify_rrsig_keylist_notime) ldns_verify_rrsig_keylist_notime; +%inline +%{ + PyObject* ldns_verify_rrsig_keylist_notime_(ldns_rr_list *rrset, + ldns_rr *rrsig, const ldns_rr_list *keys) + { + PyObject* tuple; + PyObject* keylist; + ldns_rr_list *good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, + good_keys); + + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(status)); + keylist = PyList_New(0); + if (status == LDNS_STATUS_OK) { + unsigned int i; + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) { + if (ldns_rr_list_contains_rr(good_keys, ldns_rr_list_rr(keys, i))) { + PyList_Append(keylist, SWIG_From_int(i)); + } + } + } + PyTuple_SetItem(tuple, 1, keylist); + ldns_rr_list_free(good_keys); + return tuple; + } +%} + +/* End of rrsig checking wrappers. */ diff --git a/zonemaster-ldns/ldns/contrib/python/ldns_zone.i b/zonemaster-ldns/ldns/contrib/python/ldns_zone.i new file mode 100644 index 0000000..bbb8d8f --- /dev/null +++ b/zonemaster-ldns/ldns/contrib/python/ldns_zone.i @@ -0,0 +1,298 @@ +/****************************************************************************** + * ldns_zone.i: LDNS zone class + * + * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) + * Karel Slany (slany AT fit.vutbr.cz) + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions are met: + * + * * Redistributions of source code must retain the above copyright notice, + * this list of conditions and the following disclaimer. + * * Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * * Neither the name of the organization nor the names of its + * contributors may be used to endorse or promote products derived from this + * software without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" + * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + ******************************************************************************/ + +%typemap(in,numinputs=0,noblock=1) (ldns_zone **) +{ + ldns_zone *$1_zone; + $1 = &$1_zone; +} + +/* result generation */ +%typemap(argout,noblock=1) (ldns_zone **) +{ + $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_zone), SWIGTYPE_p_ldns_struct_zone, SWIG_POINTER_OWN | 0 )); +} + +%nodefaultctor ldns_struct_zone; //no default constructor & destructor +%nodefaultdtor ldns_struct_zone; + +%newobject ldns_zone_new_frm_fp; +%newobject ldns_zone_new_frm_fp_l; +%newobject ldns_zone_new; +%delobject ldns_zone_free; +%delobject ldns_zone_deep_free; +%delobject ldns_zone_push_rr; +%delobject ldns_zone_push_rr_list; + +%ignore ldns_struct_zone::_soa; +%ignore ldns_struct_zone::_rrs; + +%rename(ldns_zone) ldns_struct_zone; + +#ifdef LDNS_DEBUG +%rename(__ldns_zone_free) ldns_zone_free; +%rename(__ldns_zone_deep_free) ldns_zone_deep_free; +%inline %{ +void _ldns_zone_free (ldns_zone* z) { + printf("******** LDNS_ZONE free 0x%lX ************\n", (long unsigned int)z); + ldns_zone_deep_free(z); +} +%} +#else +%rename(__ldns_zone_free) ldns_zone_free; +%rename(_ldns_zone_free) ldns_zone_deep_free; +#endif +%feature("docstring") ldns_struct_zone "Zone definitions + +**Usage** + +This class is able to read and parse the content of zone file by doing: + +>>> import ldns +>>> zone = ldns.ldns_zone.new_frm_fp(open(\"zone.txt\",\"r\"), None, 0, ldns.LDNS_RR_CLASS_IN) +>>> print zone.soa() +example. 600 IN SOA example. admin.example. 2008022501 28800 7200 604800 18000 +>>> print zone.rrs() +example. 600 IN MX 10 mail.example. +example. 600 IN NS ns1.example. +example. 600 IN NS ns2.example. +example. 600 IN A 192.168.1.1 + +The ``zone.txt`` file contains the following records:: + + $ORIGIN example. + $TTL 600 + + example. IN SOA example. admin.example. ( + 2008022501 ; serial + 28800 ; refresh (8 hours) + 7200 ; retry (2 hours) + 604800 ; expire (1 week) + 18000 ; minimum (5 hours) + ) + + @ IN MX 10 mail.example. + @ IN NS ns1 + @ IN NS ns2 + @ IN A 192.168.1.1 +" + +%extend ldns_struct_zone { + + %pythoncode %{ + def __init__(self): + self.this = _ldns.ldns_zone_new() + if not self.this: + raise Exception("Can't create zone.") + + __swig_destroy__ = _ldns._ldns_zone_free + + def __str__(self): + return str(self.soa()) + "\n" + str(self.rrs()) + + def print_to_file(self,output): + """Prints the data in the zone to the given file stream (in presentation format).""" + _ldns.ldns_zone_print(output,self) + #parameters: FILE *,const ldns_zone *, + + #LDNS_ZONE_CONSTRUCTORS_# + @staticmethod + def new_frm_fp(file, origin, ttl, rr_class=_ldns.LDNS_RR_CLASS_IN, raiseException=True): + """Creates a new zone object from given file pointer + + :param file: a file object + :param origin: (ldns_rdf) the zones' origin + :param ttl: default ttl to use + :param rr_class: Default class to use (IN) + :param raiseException: if True, an exception occurs in case a zone instance can't be created + :returns: zone instance or None. If an instance can't be created and raiseException is True, an exception occurs. + """ + status, zone = _ldns.ldns_zone_new_frm_fp(file, origin, ttl, rr_class) + if status != LDNS_STATUS_OK: + if (raiseException): raise Exception("Can't create zone, error: %s (%d)" % (_ldns.ldns_get_errorstr_by_id(status),status)) + return None + return zone + + @staticmethod + def new_frm_fp_l(file, origin, ttl, rr_class, raiseException=True): + """Create a new zone from a file, keep track of the line numbering + + :param file: a file object + :param origin: (ldns_rdf) the zones' origin + :param ttl: default ttl to use + :param rr_class: Default class to use (IN) + :param raiseException: if True, an exception occurs in case a zone instance can't be created + :returns: + * zone - zone instance or None. If an instance can't be created and raiseException is True, an exception occurs. + + * line - used for error msg, to get to the line number + """ + status, zone = _ldns.ldns_zone_new_frm_fp_l(file, line) + if status != LDNS_STATUS_OK: + if (raiseException): raise Exception("Can't create zone, error: %d" % status) + return None + return zone + #_LDNS_ZONE_CONSTRUCTORS# + + def sign(self,key_list): + """Signs the zone, and returns a newly allocated signed zone. + + :param key_list: + list of keys to sign with + :returns: (ldns_zone \*) signed zone + """ + return _ldns.ldns_zone_sign(self,key_list) + #parameters: const ldns_zone *,ldns_key_list *, + #retvals: ldns_zone * + + def sign_nsec3(self,key_list,algorithm,flags,iterations,salt_length,salt): + """Signs the zone with NSEC3, and returns a newly allocated signed zone. + + :param key_list: + list of keys to sign with + :param algorithm: + the NSEC3 hashing algorithm to use + :param flags: + NSEC3 flags + :param iterations: + the number of NSEC3 hash iterations to use + :param salt_length: + the length (in octets) of the NSEC3 salt + :param salt: + the NSEC3 salt data + :returns: (ldns_zone \*) signed zone + """ + return _ldns.ldns_zone_sign_nsec3(self,key_list,algorithm,flags,iterations,salt_length,salt) + #parameters: ldns_zone *,ldns_key_list *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *, + #retvals: ldns_zone * + + #LDNS_ZONE_METHODS_# + def glue_rr_list(self): + """Retrieve all resource records from the zone that are glue records. + + The resulting list does are pointer references to the zone's data. + + Due to the current zone implementation (as a list of rr's), this function is extremely slow. Another (probably better) way to do this is to use an ldns_dnssec_zone structure and the mark_glue function + + :returns: (ldns_rr_list \*) the rr_list with the glue + """ + return _ldns.ldns_zone_glue_rr_list(self) + #parameters: const ldns_zone *, + #retvals: ldns_rr_list * + + def push_rr(self,rr): + """push an single rr to a zone structure. + + This function use pointer copying, so the rr_list structure inside z is modified! + + :param rr: + the rr to add + :returns: (bool) a true on success otherwise falsed + """ + return _ldns.ldns_zone_push_rr(self,rr) + #parameters: ldns_zone *,ldns_rr *, + #retvals: bool + + def push_rr_list(self,list): + """push an rrlist to a zone structure. + + This function use pointer copying, so the rr_list structure inside z is modified! + + :param list: + the list to add + :returns: (bool) a true on success otherwise falsed + """ + return _ldns.ldns_zone_push_rr_list(self,list) + #parameters: ldns_zone *,ldns_rr_list *, + #retvals: bool + + def rr_count(self): + """Returns the number of resource records in the zone, NOT counting the SOA record. + + :returns: (size_t) the number of rr's in the zone + """ + return _ldns.ldns_zone_rr_count(self) + #parameters: const ldns_zone *, + #retvals: size_t + + def rrs(self): + """Get a list of a zone's content. + + Note that the SOA isn't included in this list. You need to get the with ldns_zone_soa. + + :returns: (ldns_rr_list \*) the rrs from this zone + """ + return _ldns.ldns_zone_rrs(self) + #parameters: const ldns_zone *, + #retvals: ldns_rr_list * + + def set_rrs(self,rrlist): + """Set the zone's contents. + + :param rrlist: + the rrlist to use + """ + _ldns.ldns_zone_set_rrs(self,rrlist) + #parameters: ldns_zone *,ldns_rr_list *, + #retvals: + + def set_soa(self,soa): + """Set the zone's soa record. + + :param soa: + the soa to set + """ + _ldns.ldns_zone_set_soa(self,soa) + #parameters: ldns_zone *,ldns_rr *, + #retvals: + + def soa(self): + """Return the soa record of a zone. + + :returns: (ldns_rr \*) the soa record in the zone + """ + return _ldns.ldns_zone_soa(self) + #parameters: const ldns_zone *, + #retvals: ldns_rr * + + def sort(self): + """Sort the rrs in a zone, with the current impl. + + this is slow + """ + _ldns.ldns_zone_sort(self) + #parameters: ldns_zone *, + #retvals: + + #_LDNS_ZONE_METHODS# + %} +} diff --git a/zonemaster-ldns/ldns/dane.c b/zonemaster-ldns/ldns/dane.c new file mode 100644 index 0000000..1bf4862 --- /dev/null +++ b/zonemaster-ldns/ldns/dane.c @@ -0,0 +1,998 @@ +/* + * Verify or create TLS authentication with DANE (RFC6698) + * + * (c) NLnetLabs 2012-2020 + * + * See the file LICENSE for the license. + * + */ + +#include +#ifdef USE_DANE + +#include +#include + +#include +#include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif + +#ifdef HAVE_SSL +#include +#include +#include +#endif + +/* OpenSSL context options. At the moment, disable SSLv2, SSLv3 + * and Compression, if available. TLSv1.0 is allowed at the moment. + * TLSv1.1 is the first to provide elliptic curves, so it is usually + * allowed in a TLS stack. TLSv1.2 is the first to provide authentication + * modes of operation, like GCM. The defines below are a moving + * target based on OpenSSL library version. Grep is useful to find + * the defines: grep -IR SSL_OP_NO_ /usr/include/openssl. + */ +#ifdef HAVE_SSL +# ifdef SSL_OP_NO_SSLv2 + const long NoOpenSSLv2 = SSL_OP_NO_SSLv2; +# else + const long NoOpenSSLv2 = 0L; +# endif +# ifdef SSL_OP_NO_SSLv3 + const long NoOpenSSLv3 = SSL_OP_NO_SSLv3; +# else + const long NoOpenSSLv3 = 0L; +# endif +# ifdef SSL_OP_NO_TLSv1 + const long NoOpenTLSv1 = SSL_OP_NO_TLSv1; +# else + const long NoOpenTLSv1 = 0L; +# endif +# ifdef SSL_OP_NO_DTLSv1 + const long NoOpenDTLSv1 = SSL_OP_NO_DTLSv1; +# else + const long NoOpenDTLSv1 = 0L; +# endif +# ifdef SSL_OP_NO_COMPRESSION + const long NoOpenSSLCompression = SSL_OP_NO_COMPRESSION; +# else + const long NoOpenSSLCompression = 0L; +# endif +#endif + +#if defined(USE_DANE_VERIFY) && defined(USE_DANE_TA_USAGE) +static SSL_CTX* +ldns_dane_new_ssl_context(void) +{ + SSL_CTX* ssl_ctx; + + ssl_ctx = SSL_CTX_new(TLS_client_method()); + if (ssl_ctx != NULL) + { + /* ldns allows TLS and DTLS v1.0 at the moment. Some may disagree. + * Sometime in the future they may be disabled, too. Maybe + * --disable-tlsv1 and --disable-dtlsv1 should be configure options. + */ + long flags = NoOpenSSLv2 | NoOpenSSLv3 | NoOpenSSLCompression; + SSL_CTX_set_options(ssl_ctx, flags); + } + + return ssl_ctx; +} +#endif + +ldns_status +ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name, + uint16_t port, ldns_dane_transport transport) +{ + char buf[LDNS_MAX_DOMAINLEN]; + size_t s; + + assert(tlsa_owner != NULL); + assert(name != NULL); + assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME); + + s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port); + buf[0] = (char)(s - 1); + + switch(transport) { + case LDNS_DANE_TRANSPORT_TCP: + s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp"); + break; + + case LDNS_DANE_TRANSPORT_UDP: + s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp"); + break; + + case LDNS_DANE_TRANSPORT_SCTP: + s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp"); + break; + + default: + return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT; + } + if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) { + return LDNS_STATUS_DOMAINNAME_OVERFLOW; + } + memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name)); + *tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, + s + ldns_rdf_size(name), buf); + if (*tlsa_owner == NULL) { + return LDNS_STATUS_MEM_ERR; + } + return LDNS_STATUS_OK; +} + + +#ifdef HAVE_SSL +ldns_status +ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type) +{ + unsigned char* buf = NULL; + size_t len; + + X509_PUBKEY* xpubkey; + EVP_PKEY* epubkey; + + unsigned char* digest; + + assert(rdf != NULL); + assert(cert != NULL); + + switch(selector) { + case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE: + + len = (size_t)i2d_X509(cert, &buf); + break; + + case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO: + +#ifndef S_SPLINT_S + xpubkey = X509_get_X509_PUBKEY(cert); +#endif + if (! xpubkey) { + return LDNS_STATUS_SSL_ERR; + } + epubkey = X509_PUBKEY_get(xpubkey); + if (! epubkey) { + return LDNS_STATUS_SSL_ERR; + } + len = (size_t)i2d_PUBKEY(epubkey, &buf); + break; + + default: + return LDNS_STATUS_DANE_UNKNOWN_SELECTOR; + } + + switch(matching_type) { + case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED: + + *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf); + + return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; + break; + + case LDNS_TLSA_MATCHING_TYPE_SHA256: + + digest = LDNS_XMALLOC(unsigned char, LDNS_SHA256_DIGEST_LENGTH); + if (digest == NULL) { + LDNS_FREE(buf); + return LDNS_STATUS_MEM_ERR; + } + (void) ldns_sha256(buf, (unsigned int)len, digest); + *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA256_DIGEST_LENGTH, + digest); + LDNS_FREE(buf); + + return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; + break; + + case LDNS_TLSA_MATCHING_TYPE_SHA512: + + digest = LDNS_XMALLOC(unsigned char, LDNS_SHA512_DIGEST_LENGTH); + if (digest == NULL) { + LDNS_FREE(buf); + return LDNS_STATUS_MEM_ERR; + } + (void) ldns_sha512(buf, (unsigned int)len, digest); + *rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, LDNS_SHA512_DIGEST_LENGTH, + digest); + LDNS_FREE(buf); + + return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR; + break; + + default: + LDNS_FREE(buf); + return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE; + } +} + + +/* Ordinary PKIX validation of cert (with extra_certs to help) + * against the CA's in store + */ +static ldns_status +ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* store) +{ + X509_STORE_CTX* vrfy_ctx; + ldns_status s; + + if (! store) { + return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + vrfy_ctx = X509_STORE_CTX_new(); + if (! vrfy_ctx) { + + return LDNS_STATUS_SSL_ERR; + + } else if (X509_STORE_CTX_init(vrfy_ctx, store, + cert, extra_certs) != 1) { + s = LDNS_STATUS_SSL_ERR; + + } else if (X509_verify_cert(vrfy_ctx) == 1) { + + s = LDNS_STATUS_OK; + + } else { + s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + X509_STORE_CTX_free(vrfy_ctx); + return s; +} + + +/* Ordinary PKIX validation of cert (with extra_certs to help) + * against the CA's in store, but also return the validation chain. + */ +static ldns_status +ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert, + STACK_OF(X509)* extra_certs, X509_STORE* store) +{ + ldns_status s; + X509_STORE* empty_store = NULL; + X509_STORE_CTX* vrfy_ctx; + + assert(chain != NULL); + + if (! store) { + store = empty_store = X509_STORE_new(); + } + s = LDNS_STATUS_SSL_ERR; + vrfy_ctx = X509_STORE_CTX_new(); + if (! vrfy_ctx) { + + goto exit_free_empty_store; + + } else if (X509_STORE_CTX_init(vrfy_ctx, store, + cert, extra_certs) != 1) { + goto exit_free_vrfy_ctx; + + } else if (X509_verify_cert(vrfy_ctx) == 1) { + + s = LDNS_STATUS_OK; + + } else { + s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); + if (! *chain) { + s = LDNS_STATUS_SSL_ERR; + } + +exit_free_vrfy_ctx: + X509_STORE_CTX_free(vrfy_ctx); + +exit_free_empty_store: + if (empty_store) { + X509_STORE_free(empty_store); + } + return s; +} + + +/* Return the validation chain that can be build out of cert, with extra_certs. + */ +static ldns_status +ldns_dane_pkix_get_chain(STACK_OF(X509)** chain, + X509* cert, STACK_OF(X509)* extra_certs) +{ + ldns_status s; + X509_STORE* empty_store = NULL; + X509_STORE_CTX* vrfy_ctx; + + assert(chain != NULL); + + empty_store = X509_STORE_new(); + s = LDNS_STATUS_SSL_ERR; + vrfy_ctx = X509_STORE_CTX_new(); + if (! vrfy_ctx) { + + goto exit_free_empty_store; + + } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, + cert, extra_certs) != 1) { + goto exit_free_vrfy_ctx; + } + (void) X509_verify_cert(vrfy_ctx); + *chain = X509_STORE_CTX_get1_chain(vrfy_ctx); + if (! *chain) { + s = LDNS_STATUS_SSL_ERR; + } else { + s = LDNS_STATUS_OK; + } +exit_free_vrfy_ctx: + X509_STORE_CTX_free(vrfy_ctx); + +exit_free_empty_store: + X509_STORE_free(empty_store); + return s; +} + + +/* Pop n+1 certs and return the last popped. + */ +static ldns_status +ldns_dane_get_nth_cert_from_validation_chain( + X509** cert, STACK_OF(X509)* chain, int n, bool ca) +{ + if (n >= sk_X509_num(chain) || n < 0) { + return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE; + } + *cert = sk_X509_pop(chain); + while (n-- > 0) { + X509_free(*cert); + *cert = sk_X509_pop(chain); + } + if (ca && ! X509_check_ca(*cert)) { + return LDNS_STATUS_DANE_NON_CA_CERTIFICATE; + } + return LDNS_STATUS_OK; +} + + +/* Create validation chain with cert and extra_certs and returns the last + * self-signed (if present). + */ +static ldns_status +ldns_dane_pkix_get_last_self_signed(X509** out_cert, + X509* cert, STACK_OF(X509)* extra_certs) +{ + ldns_status s; + X509_STORE* empty_store = NULL; + X509_STORE_CTX* vrfy_ctx; + + assert(out_cert != NULL); + + empty_store = X509_STORE_new(); + s = LDNS_STATUS_SSL_ERR; + vrfy_ctx = X509_STORE_CTX_new(); + if (! vrfy_ctx) { + goto exit_free_empty_store; + + } else if (X509_STORE_CTX_init(vrfy_ctx, empty_store, + cert, extra_certs) != 1) { + goto exit_free_vrfy_ctx; + + } + (void) X509_verify_cert(vrfy_ctx); + if (X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN || + X509_STORE_CTX_get_error(vrfy_ctx) == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){ + + *out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx); + s = LDNS_STATUS_OK; + } else { + s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR; + } +exit_free_vrfy_ctx: + X509_STORE_CTX_free(vrfy_ctx); + +exit_free_empty_store: + X509_STORE_free(empty_store); + return s; +} + + +ldns_status +ldns_dane_select_certificate(X509** selected_cert, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store, + ldns_tlsa_certificate_usage cert_usage, int offset) +{ + ldns_status s; + STACK_OF(X509)* pkix_validation_chain = NULL; + + assert(selected_cert != NULL); + assert(cert != NULL); + + /* With PKIX validation explicitly turned off (pkix_validation_store + * == NULL), treat the "CA constraint" and "Service certificate + * constraint" the same as "Trust anchor assertion" and "Domain issued + * certificate" respectively. + */ + if (pkix_validation_store == NULL) { + switch (cert_usage) { + + case LDNS_TLSA_USAGE_CA_CONSTRAINT: + + cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION; + break; + + case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: + + cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE; + break; + + default: + break; + } + } + + /* Now what to do with each Certificate usage... + */ + switch (cert_usage) { + + case LDNS_TLSA_USAGE_CA_CONSTRAINT: + + s = ldns_dane_pkix_validate_and_get_chain( + &pkix_validation_chain, + cert, extra_certs, + pkix_validation_store); + if (! pkix_validation_chain) { + return s; + } + if (s == LDNS_STATUS_OK) { + if (offset == -1) { + offset = 0; + } + s = ldns_dane_get_nth_cert_from_validation_chain( + selected_cert, pkix_validation_chain, + offset, true); + } + sk_X509_pop_free(pkix_validation_chain, X509_free); + return s; + break; + + + case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: + + *selected_cert = cert; + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + break; + + + case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: + + if (offset == -1) { + s = ldns_dane_pkix_get_last_self_signed( + selected_cert, cert, extra_certs); + return s; + } else { + s = ldns_dane_pkix_get_chain( + &pkix_validation_chain, + cert, extra_certs); + if (s == LDNS_STATUS_OK) { + s = + ldns_dane_get_nth_cert_from_validation_chain( + selected_cert, pkix_validation_chain, + offset, false); + } else if (! pkix_validation_chain) { + return s; + } + sk_X509_pop_free(pkix_validation_chain, X509_free); + return s; + } + break; + + + case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: + + *selected_cert = cert; + return LDNS_STATUS_OK; + break; + + default: + return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; + break; + } +} + + +ldns_status +ldns_dane_create_tlsa_rr(ldns_rr** tlsa, + ldns_tlsa_certificate_usage certificate_usage, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type, + X509* cert) +{ + ldns_rdf* rdf; + ldns_status s; + + assert(tlsa != NULL); + assert(cert != NULL); + + /* create rr */ + *tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA); + if (*tlsa == NULL) { + return LDNS_STATUS_MEM_ERR; + } + + rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, + (uint8_t)certificate_usage); + if (rdf == NULL) { + goto memerror; + } + (void) ldns_rr_set_rdf(*tlsa, rdf, 0); + + rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector); + if (rdf == NULL) { + goto memerror; + } + (void) ldns_rr_set_rdf(*tlsa, rdf, 1); + + rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type); + if (rdf == NULL) { + goto memerror; + } + (void) ldns_rr_set_rdf(*tlsa, rdf, 2); + + s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type); + if (s == LDNS_STATUS_OK) { + (void) ldns_rr_set_rdf(*tlsa, rdf, 3); + return LDNS_STATUS_OK; + } + ldns_rr_free(*tlsa); + *tlsa = NULL; + return s; + +memerror: + ldns_rr_free(*tlsa); + *tlsa = NULL; + return LDNS_STATUS_MEM_ERR; +} + + +#ifdef USE_DANE_VERIFY +/* Return tlsas that actually are TLSA resource records with known values + * for the Certificate usage, Selector and Matching type rdata fields. + */ +static ldns_rr_list* +ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas) +{ + size_t i; + ldns_rr_list* r = ldns_rr_list_new(); + ldns_rr* tlsa_rr; + + if (! r) { + return NULL; + } + for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) { + tlsa_rr = ldns_rr_list_rr(tlsas, i); + if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA && + ldns_rr_rd_count(tlsa_rr) == 4 && + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 && + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 && + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) { + + if (! ldns_rr_list_push_rr(r, tlsa_rr)) { + ldns_rr_list_free(r); + return NULL; + } + } + } + return r; +} + + +#if !defined(USE_DANE_TA_USAGE) +/* Return whether cert/selector/matching_type matches data. + */ +static ldns_status +ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type, ldns_rdf* data) +{ + ldns_status s; + ldns_rdf* match_data; + + s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type); + if (s == LDNS_STATUS_OK) { + if (ldns_rdf_compare(data, match_data) != 0) { + s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; + } + ldns_rdf_free(match_data); + } + return s; +} + + +/* Return whether any certificate from the chain with selector/matching_type + * matches data. + * ca should be true if the certificate has to be a CA certificate too. + */ +static ldns_status +ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type, + ldns_rdf* data, bool ca) +{ + ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; + int n, i; + X509* cert; + + n = sk_X509_num(chain); + for (i = 0; i < n; i++) { + cert = sk_X509_pop(chain); + if (! cert) { + s = LDNS_STATUS_SSL_ERR; + break; + } + s = ldns_dane_match_cert_with_data(cert, + selector, matching_type, data); + if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) { + s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE; + } + X509_free(cert); + if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) { + break; + } + /* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, + * try to match the next certificate + */ + } + return s; +} +#endif /* !defined(USE_DANE_TA_USAGE) */ +#endif /* USE_DANE_VERIFY */ + +#ifdef USE_DANE_VERIFY +ldns_status +ldns_dane_verify_rr(const ldns_rr* tlsa_rr, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store) +{ +#if defined(USE_DANE_TA_USAGE) + SSL_CTX *ssl_ctx = NULL; + SSL *ssl = NULL; + X509_STORE_CTX *store_ctx = NULL; +#else + STACK_OF(X509)* pkix_validation_chain = NULL; +#endif + ldns_status s = LDNS_STATUS_OK; + + ldns_tlsa_certificate_usage usage; + ldns_tlsa_selector selector; + ldns_tlsa_matching_type mtype; + ldns_rdf* data; + + if (! tlsa_rr || ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA || + ldns_rr_rd_count(tlsa_rr) != 4 || + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) > 3 || + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) > 1 || + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) > 2 ) { + /* No (usable) TLSA, so regular PKIX validation + */ + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + } + usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)); + selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)); + mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)); + data = ldns_rr_rdf(tlsa_rr, 3) ; + +#if defined(USE_DANE_TA_USAGE) + /* Rely on OpenSSL dane functions. + * + * OpenSSL does not provide offline dane verification. The dane unit + * tests within openssl use the undocumented SSL_get0_dane() and + * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and + * SSL_CTX to a X509_STORE_CTX that can be used to do offline + * verification. We use these undocumented means with the ldns + * dane function prototypes which did only offline dane verification. + */ + if (!(ssl_ctx = ldns_dane_new_ssl_context())) + s = LDNS_STATUS_MEM_ERR; + + else if (SSL_CTX_dane_enable(ssl_ctx) <= 0) + s = LDNS_STATUS_SSL_ERR; + + else if (SSL_CTX_dane_set_flags( + ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS), + !(ssl = SSL_new(ssl_ctx))) + s = LDNS_STATUS_MEM_ERR; + + else if (SSL_set_connect_state(ssl), + (SSL_dane_enable(ssl, NULL) <= 0)) + s = LDNS_STATUS_SSL_ERR; + + else if (SSL_dane_tlsa_add(ssl, usage, selector, mtype, + ldns_rdf_data(data), ldns_rdf_size(data)) <= 0) + s = LDNS_STATUS_SSL_ERR; + + else if (!(store_ctx = X509_STORE_CTX_new())) + s = LDNS_STATUS_MEM_ERR; + + else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs)) + s = LDNS_STATUS_SSL_ERR; + + else { + int ret; + + X509_STORE_CTX_set_default(store_ctx, + SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), + SSL_get0_param(ssl)); + X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl)); + if (SSL_get_verify_callback(ssl)) + X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); + + ret = X509_verify_cert(store_ctx); + if (!ret) { + if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH) + s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; + else + s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + X509_STORE_CTX_cleanup(store_ctx); + } + if (store_ctx) + X509_STORE_CTX_free(store_ctx); + if (ssl) + SSL_free(ssl); + if (ssl_ctx) + SSL_CTX_free(ssl_ctx); + return s; +#else + switch (usage) { + case LDNS_TLSA_USAGE_CA_CONSTRAINT: + s = ldns_dane_pkix_validate_and_get_chain( + &pkix_validation_chain, + cert, extra_certs, + pkix_validation_store); + if (! pkix_validation_chain) { + return s; + } + if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) { + /* + * NO PKIX validation. We still try to match *any* + * certificate from the chain, so we return + * TLSA errors over PKIX errors. + * + * i.e. When the TLSA matches no certificate, we return + * TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE + */ + s = ldns_dane_match_any_cert_with_data( + pkix_validation_chain, + selector, mtype, data, true); + + if (s == LDNS_STATUS_OK) { + /* A TLSA record did match a cert from the + * chain, thus the error is failed PKIX + * validation. + */ + s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + + } else if (s == LDNS_STATUS_OK) { + /* PKIX validated, does the TLSA match too? */ + + s = ldns_dane_match_any_cert_with_data( + pkix_validation_chain, + selector, mtype, data, true); + } + sk_X509_pop_free(pkix_validation_chain, X509_free); + return s; + break; + + case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: + + s = ldns_dane_match_cert_with_data(cert, + selector, mtype, data); + + if (s == LDNS_STATUS_OK) { + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + } + return s; + break; + + case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION: +#if 0 + s = ldns_dane_pkix_get_chain(&pkix_validation_chain, + cert, extra_certs); + + if (s == LDNS_STATUS_OK) { + s = ldns_dane_match_any_cert_with_data( + pkix_validation_chain, + selector, mtype, data, false); + + } else if (! pkix_validation_chain) { + return s; + } + sk_X509_pop_free(pkix_validation_chain, X509_free); + return s; +#else + return LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA; +#endif + break; + + case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE: + return ldns_dane_match_cert_with_data(cert, + selector, mtype, data); + break; + + default: + break; + } +#endif + return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE; +} + + +ldns_status +ldns_dane_verify(const ldns_rr_list* tlsas, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* pkix_validation_store) +{ +#if defined(USE_DANE_TA_USAGE) + SSL_CTX *ssl_ctx = NULL; + ldns_rdf *basename_rdf = NULL; + char *basename = NULL; + SSL *ssl = NULL; + X509_STORE_CTX *store_ctx = NULL; +#else + ldns_status ps; +#endif + size_t i; + ldns_rr* tlsa_rr; + ldns_rr_list *usable_tlsas; + ldns_status s = LDNS_STATUS_OK; + + assert(cert != NULL); + + if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) + /* No TLSA's, so regular PKIX validation + */ + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + +/* To enable name checks (which we don't) */ +#if defined(USE_DANE_TA_USAGE) && 0 + else if (!(basename_rdf = ldns_dname_clone_from( + ldns_rr_list_owner(tlsas), 2))) + /* Could nog get DANE base name */ + s = LDNS_STATUS_ERR; + + else if (!(basename = ldns_rdf2str(basename_rdf))) + s = LDNS_STATUS_MEM_ERR; + + else if (strlen(basename) && (basename[strlen(basename)-1] = 0)) + s = LDNS_STATUS_ERR; /* Intended to be unreachable */ +#endif + + else if (!(usable_tlsas = ldns_dane_filter_unusable_records(tlsas))) + return LDNS_STATUS_MEM_ERR; + + else if (ldns_rr_list_rr_count(usable_tlsas) == 0) { + /* No TLSA's, so regular PKIX validation + */ + ldns_rr_list_free(usable_tlsas); + return ldns_dane_pkix_validate(cert, extra_certs, + pkix_validation_store); + } +#if defined(USE_DANE_TA_USAGE) + /* Rely on OpenSSL dane functions. + * + * OpenSSL does not provide offline dane verification. The dane unit + * tests within openssl use the undocumented SSL_get0_dane() and + * X509_STORE_CTX_set0_dane() to convey dane parameters set on SSL and + * SSL_CTX to a X509_STORE_CTX that can be used to do offline + * verification. We use these undocumented means with the ldns + * dane function prototypes which did only offline dane verification. + */ + if (!(ssl_ctx = ldns_dane_new_ssl_context())) + s = LDNS_STATUS_MEM_ERR; + + else if (SSL_CTX_dane_enable(ssl_ctx) <= 0) + s = LDNS_STATUS_SSL_ERR; + + else if (SSL_CTX_dane_set_flags( + ssl_ctx, DANE_FLAG_NO_DANE_EE_NAMECHECKS), + !(ssl = SSL_new(ssl_ctx))) + s = LDNS_STATUS_MEM_ERR; + + else if (SSL_set_connect_state(ssl), + (SSL_dane_enable(ssl, basename) <= 0)) + s = LDNS_STATUS_SSL_ERR; + + else for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) { + ldns_tlsa_certificate_usage usage; + ldns_tlsa_selector selector; + ldns_tlsa_matching_type mtype; + ldns_rdf* data; + + tlsa_rr = ldns_rr_list_rr(usable_tlsas, i); + usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,0)); + selector= ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,1)); + mtype = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr,2)); + data = ldns_rr_rdf(tlsa_rr,3) ; + + if (SSL_dane_tlsa_add(ssl, usage, selector, mtype, + ldns_rdf_data(data), + ldns_rdf_size(data)) <= 0) { + s = LDNS_STATUS_SSL_ERR; + break; + } + } + if (!s && !(store_ctx = X509_STORE_CTX_new())) + s = LDNS_STATUS_MEM_ERR; + + else if (!X509_STORE_CTX_init(store_ctx, pkix_validation_store, cert, extra_certs)) + s = LDNS_STATUS_SSL_ERR; + + else { + int ret; + + X509_STORE_CTX_set_default(store_ctx, + SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), + SSL_get0_param(ssl)); + X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl)); + if (SSL_get_verify_callback(ssl)) + X509_STORE_CTX_set_verify_cb(store_ctx, SSL_get_verify_callback(ssl)); + + ret = X509_verify_cert(store_ctx); + if (!ret) { + if (X509_STORE_CTX_get_error(store_ctx) == X509_V_ERR_DANE_NO_MATCH) + s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH; + else + s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE; + } + X509_STORE_CTX_cleanup(store_ctx); + } + if (store_ctx) + X509_STORE_CTX_free(store_ctx); + if (ssl) + SSL_free(ssl); + if (ssl_ctx) + SSL_CTX_free(ssl_ctx); + if (basename) + free(basename); + ldns_rdf_deep_free(basename_rdf); +#else + for (i = 0; i < ldns_rr_list_rr_count(usable_tlsas); i++) { + tlsa_rr = ldns_rr_list_rr(usable_tlsas, i); + ps = s; + s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs, + pkix_validation_store); + + if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH && + s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE && + s != LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA) { + + /* which would be LDNS_STATUS_OK (match) + * or some fatal error preventing use from + * trying the next TLSA record. + */ + break; + } + s = (s > ps ? s : ps); /* pref NEED_OPENSSL_GE_1_1_FOR_DANE_TA + * over PKIX_DID_NOT_VALIDATE + * over TLSA_DID_NOT_MATCH + */ + } +#endif + ldns_rr_list_free(usable_tlsas); + return s; +} +#endif /* USE_DANE_VERIFY */ +#endif /* HAVE_SSL */ +#endif /* USE_DANE */ diff --git a/zonemaster-ldns/ldns/dname.c b/zonemaster-ldns/ldns/dname.c new file mode 100644 index 0000000..4f311ee --- /dev/null +++ b/zonemaster-ldns/ldns/dname.c @@ -0,0 +1,602 @@ +/* + * dname.c + * + * dname specific rdata implementations + * A dname is a rdf structure with type LDNS_RDF_TYPE_DNAME + * It is not a /real/ type! All function must therefore check + * for LDNS_RDF_TYPE_DNAME. + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#include + +#include + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif + +/* Returns whether the last label in the name is a root label (a empty label). + * Note that it is not enough to just test the last character to be 0, + * because it may be part of the last label itself. + */ +static bool +ldns_dname_last_label_is_root_label(const ldns_rdf* dname) +{ + size_t src_pos; + size_t len = 0; + + for (src_pos = 0; src_pos < ldns_rdf_size(dname); src_pos += len + 1) { + len = ldns_rdf_data(dname)[src_pos]; + } + assert(src_pos == ldns_rdf_size(dname)); + + return src_pos > 0 && len == 0; +} + +ldns_rdf * +ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2) +{ + ldns_rdf *new; + uint16_t new_size; + uint8_t *buf; + uint16_t left_size; + + if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + + /* remove root label if it is present at the end of the left + * rd, by reducing the size with 1 + */ + left_size = ldns_rdf_size(rd1); + if (ldns_dname_last_label_is_root_label(rd1)) { + left_size--; + } + + /* we overwrite the nullbyte of rd1 */ + new_size = left_size + ldns_rdf_size(rd2); + buf = LDNS_XMALLOC(uint8_t, new_size); + if (!buf) { + return NULL; + } + + /* put the two dname's after each other */ + memcpy(buf, ldns_rdf_data(rd1), left_size); + memcpy(buf + left_size, ldns_rdf_data(rd2), ldns_rdf_size(rd2)); + + new = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, new_size, buf); + + LDNS_FREE(buf); + return new; +} + +ldns_status +ldns_dname_cat(ldns_rdf *rd1, const ldns_rdf *rd2) +{ + uint16_t left_size; + uint16_t size; + uint8_t* newd; + + if (ldns_rdf_get_type(rd1) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(rd2) != LDNS_RDF_TYPE_DNAME) { + return LDNS_STATUS_ERR; + } + + /* remove root label if it is present at the end of the left + * rd, by reducing the size with 1 + */ + left_size = ldns_rdf_size(rd1); + if (ldns_dname_last_label_is_root_label(rd1)) { + left_size--; + } + + size = left_size + ldns_rdf_size(rd2); + newd = LDNS_XREALLOC(ldns_rdf_data(rd1), uint8_t, size); + if(!newd) { + return LDNS_STATUS_MEM_ERR; + } + + ldns_rdf_set_data(rd1, newd); + memcpy(ldns_rdf_data(rd1) + left_size, ldns_rdf_data(rd2), + ldns_rdf_size(rd2)); + ldns_rdf_set_size(rd1, size); + + return LDNS_STATUS_OK; +} + +ldns_rdf* +ldns_dname_reverse(const ldns_rdf *dname) +{ + size_t rd_size; + uint8_t* buf; + ldns_rdf* new; + size_t src_pos; + size_t len ; + + assert(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME); + + rd_size = ldns_rdf_size(dname); + buf = LDNS_XMALLOC(uint8_t, rd_size); + if (! buf) { + return NULL; + } + new = ldns_rdf_new(LDNS_RDF_TYPE_DNAME, rd_size, buf); + if (! new) { + LDNS_FREE(buf); + return NULL; + } + + /* If dname ends in a root label, the reverse should too. + */ + if (ldns_dname_last_label_is_root_label(dname)) { + buf[rd_size - 1] = 0; + rd_size -= 1; + } + for (src_pos = 0; src_pos < rd_size; src_pos += len + 1) { + len = ldns_rdf_data(dname)[src_pos]; + memcpy(&buf[rd_size - src_pos - len - 1], + &ldns_rdf_data(dname)[src_pos], len + 1); + } + return new; +} + +ldns_rdf * +ldns_dname_clone_from(const ldns_rdf *d, uint16_t n) +{ + uint8_t *data; + uint8_t label_size; + size_t data_size; + + if (!d || + ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME || + ldns_dname_label_count(d) < n) { + return NULL; + } + + data = ldns_rdf_data(d); + data_size = ldns_rdf_size(d); + while (n > 0) { + label_size = data[0] + 1; + data += label_size; + if (data_size < label_size) { + /* this label is very broken */ + return NULL; + } + data_size -= label_size; + n--; + } + + return ldns_dname_new_frm_data(data_size, data); +} + +ldns_rdf * +ldns_dname_left_chop(const ldns_rdf *d) +{ + uint8_t label_pos; + ldns_rdf *chop; + + if (!d) { + return NULL; + } + + if (ldns_rdf_get_type(d) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + if (ldns_dname_label_count(d) == 0) { + /* root label */ + return NULL; + } + /* 05blaat02nl00 */ + label_pos = ldns_rdf_data(d)[0]; + + chop = ldns_dname_new_frm_data(ldns_rdf_size(d) - label_pos - 1, + ldns_rdf_data(d) + label_pos + 1); + return chop; +} + +uint8_t +ldns_dname_label_count(const ldns_rdf *r) +{ + uint16_t src_pos; + uint16_t len; + uint8_t i; + size_t r_size; + + if (!r) { + return 0; + } + + i = 0; + src_pos = 0; + r_size = ldns_rdf_size(r); + + if (ldns_rdf_get_type(r) != LDNS_RDF_TYPE_DNAME) { + return 0; + } else { + len = ldns_rdf_data(r)[src_pos]; /* start of the label */ + + /* single root label */ + if (1 == r_size) { + return 0; + } else { + while ((len > 0) && src_pos < r_size) { + src_pos++; + src_pos += len; + len = ldns_rdf_data(r)[src_pos]; + i++; + } + } + } + return i; +} + +ldns_rdf * +ldns_dname_new(uint16_t s, void *d) +{ + ldns_rdf *rd; + + if (!s || !d) { + return NULL; + } + rd = LDNS_MALLOC(ldns_rdf); + if (!rd) { + return NULL; + } + ldns_rdf_set_size(rd, s); + ldns_rdf_set_type(rd, LDNS_RDF_TYPE_DNAME); + ldns_rdf_set_data(rd, d); + return rd; +} + +ldns_rdf * +ldns_dname_new_frm_str(const char *str) +{ + return ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, str); +} + +ldns_rdf * +ldns_dname_new_frm_data(uint16_t size, const void *data) +{ + return ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME, size, data); +} + +void +ldns_dname2canonical(const ldns_rdf *rd) +{ + uint8_t *rdd; + uint16_t i; + + if (ldns_rdf_get_type(rd) != LDNS_RDF_TYPE_DNAME) { + return; + } + + rdd = (uint8_t*)ldns_rdf_data(rd); + for (i = 0; i < ldns_rdf_size(rd); i++, rdd++) { + *rdd = (uint8_t)LDNS_DNAME_NORMALIZE((int)*rdd); + } +} + +bool +ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent) +{ + uint8_t sub_lab; + uint8_t par_lab; + int8_t i, j; + ldns_rdf *tmp_sub = NULL; + ldns_rdf *tmp_par = NULL; + ldns_rdf *sub_clone; + ldns_rdf *parent_clone; + bool result = true; + + if (ldns_rdf_get_type(sub) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_compare(sub, parent) == 0) { + return false; + } + + /* would be nicer if we do not have to clone... */ + sub_clone = ldns_dname_clone_from(sub, 0); + parent_clone = ldns_dname_clone_from(parent, 0); + ldns_dname2canonical(sub_clone); + ldns_dname2canonical(parent_clone); + + sub_lab = ldns_dname_label_count(sub_clone); + par_lab = ldns_dname_label_count(parent_clone); + + /* if sub sits above parent, it cannot be a child/sub domain */ + if (sub_lab < par_lab) { + result = false; + } else { + /* check all labels the from the parent labels, from right to left. + * When they /all/ match we have found a subdomain + */ + j = sub_lab - 1; /* we count from zero, thank you */ + for (i = par_lab -1; i >= 0; i--) { + tmp_sub = ldns_dname_label(sub_clone, j); + tmp_par = ldns_dname_label(parent_clone, i); + if (!tmp_sub || !tmp_par) { + /* deep free does null check */ + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + result = false; + break; + } + + if (ldns_rdf_compare(tmp_sub, tmp_par) != 0) { + /* they are not equal */ + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + result = false; + break; + } + ldns_rdf_deep_free(tmp_sub); + ldns_rdf_deep_free(tmp_par); + j--; + } + } + ldns_rdf_deep_free(sub_clone); + ldns_rdf_deep_free(parent_clone); + return result; +} + +int +ldns_dname_compare(const ldns_rdf *dname1, const ldns_rdf *dname2) +{ + size_t lc1, lc2, lc1f, lc2f; + size_t i; + int result = 0; + uint8_t *lp1, *lp2; + + /* see RFC4034 for this algorithm */ + /* this algorithm assumes the names are normalized to case */ + + /* only when both are not NULL we can say anything about them */ + if (!dname1 && !dname2) { + return 0; + } + if (!dname1 || !dname2) { + return -1; + } + /* asserts must happen later as we are looking in the + * dname, which could be NULL. But this case is handled + * above + */ + assert(ldns_rdf_get_type(dname1) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(dname2) == LDNS_RDF_TYPE_DNAME); + + lc1 = ldns_dname_label_count(dname1); + lc2 = ldns_dname_label_count(dname2); + + if (lc1 == 0 && lc2 == 0) { + return 0; + } + if (lc1 == 0) { + return -1; + } + if (lc2 == 0) { + return 1; + } + lc1--; + lc2--; + /* we start at the last label */ + while (true) { + /* find the label first */ + lc1f = lc1; + lp1 = ldns_rdf_data(dname1); + while (lc1f > 0) { + lp1 += *lp1 + 1; + lc1f--; + } + + /* and find the other one */ + lc2f = lc2; + lp2 = ldns_rdf_data(dname2); + while (lc2f > 0) { + lp2 += *lp2 + 1; + lc2f--; + } + + /* now check the label character for character. */ + for (i = 1; i < (size_t)(*lp1 + 1); i++) { + if (i > *lp2) { + /* apparently label 1 is larger */ + result = 1; + goto done; + } + if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) < + LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) { + result = -1; + goto done; + } else if (LDNS_DNAME_NORMALIZE((int) *(lp1 + i)) > + LDNS_DNAME_NORMALIZE((int) *(lp2 + i))) { + result = 1; + goto done; + } + } + if (*lp1 < *lp2) { + /* apparently label 2 is larger */ + result = -1; + goto done; + } + if (lc1 == 0 && lc2 > 0) { + result = -1; + goto done; + } else if (lc1 > 0 && lc2 == 0) { + result = 1; + goto done; + } else if (lc1 == 0 && lc2 == 0) { + result = 0; + goto done; + } + lc1--; + lc2--; + } + + done: + return result; +} + +int +ldns_dname_is_wildcard(const ldns_rdf* dname) +{ + return ( ldns_dname_label_count(dname) > 0 && + ldns_rdf_data(dname)[0] == 1 && + ldns_rdf_data(dname)[1] == '*'); +} + +int +ldns_dname_match_wildcard(const ldns_rdf *dname, const ldns_rdf *wildcard) +{ + ldns_rdf *wc_chopped; + int result; + /* check whether it really is a wildcard */ + if (ldns_dname_is_wildcard(wildcard)) { + /* ok, so the dname needs to be a subdomain of the wildcard + * without the * + */ + wc_chopped = ldns_dname_left_chop(wildcard); + result = (int) ldns_dname_is_subdomain(dname, wc_chopped); + ldns_rdf_deep_free(wc_chopped); + } else { + result = (ldns_dname_compare(dname, wildcard) == 0); + } + return result; +} + +/* nsec test: does prev <= middle < next + * -1 = yes + * 0 = error/can't tell + * 1 = no + */ +int +ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, + const ldns_rdf *next) +{ + int prev_check, next_check; + + assert(ldns_rdf_get_type(prev) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(middle) == LDNS_RDF_TYPE_DNAME); + assert(ldns_rdf_get_type(next) == LDNS_RDF_TYPE_DNAME); + + prev_check = ldns_dname_compare(prev, middle); + next_check = ldns_dname_compare(middle, next); + /* <= next. This cannot be the case for nsec, because then we would + * have gotten the nsec of next... + */ + if (next_check == 0) { + return 0; + } + + /* <= */ + if ((prev_check == -1 || prev_check == 0) && + /* < */ + next_check == -1) { + return -1; + } else { + return 1; + } +} + + +bool +ldns_dname_str_absolute(const char *dname_str) +{ + const char* s; + if(dname_str && strcmp(dname_str, ".") == 0) + return 1; + if(!dname_str || strlen(dname_str) < 2) + return 0; + if(dname_str[strlen(dname_str) - 1] != '.') + return 0; + if(dname_str[strlen(dname_str) - 2] != '\\') + return 1; /* ends in . and no \ before it */ + /* so we have the case of ends in . and there is \ before it */ + for(s=dname_str; *s; s++) { + if(*s == '\\') { + if(s[1] && s[2] && s[3] /* check length */ + && isdigit((unsigned char)s[1]) + && isdigit((unsigned char)s[2]) + && isdigit((unsigned char)s[3])) + s += 3; + else if(!s[1] || isdigit((unsigned char)s[1])) /* escape of nul,0-9 */ + return 0; /* parse error */ + else s++; /* another character escaped */ + } + else if(!*(s+1) && *s == '.') + return 1; /* trailing dot, unescaped */ + } + return 0; +} + +bool +ldns_dname_absolute(const ldns_rdf *rdf) +{ + char *str = ldns_rdf2str(rdf); + if (str) { + bool r = ldns_dname_str_absolute(str); + LDNS_FREE(str); + return r; + } + return false; +} + +ldns_rdf * +ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos) +{ + uint8_t labelcnt; + uint16_t src_pos; + uint16_t len; + ldns_rdf *tmpnew; + size_t s; + uint8_t *data; + + if (ldns_rdf_get_type(rdf) != LDNS_RDF_TYPE_DNAME) { + return NULL; + } + + labelcnt = 0; + src_pos = 0; + s = ldns_rdf_size(rdf); + + len = ldns_rdf_data(rdf)[src_pos]; /* label start */ + while ((len > 0) && src_pos < s) { + if (labelcnt == labelpos) { + /* found our label */ + data = LDNS_XMALLOC(uint8_t, len + 2); + if (!data) { + return NULL; + } + memcpy(data, ldns_rdf_data(rdf) + src_pos, len + 1); + data[len + 2 - 1] = 0; + + tmpnew = ldns_rdf_new( LDNS_RDF_TYPE_DNAME + , len + 2, data); + if (!tmpnew) { + LDNS_FREE(data); + return NULL; + } + return tmpnew; + } + src_pos++; + src_pos += len; + len = ldns_rdf_data(rdf)[src_pos]; + labelcnt++; + } + return NULL; +} diff --git a/zonemaster-ldns/ldns/dnssec.c b/zonemaster-ldns/ldns/dnssec.c new file mode 100644 index 0000000..0a7beb4 --- /dev/null +++ b/zonemaster-ldns/ldns/dnssec.c @@ -0,0 +1,1959 @@ +/* + * dnssec.c + * + * contains the cryptographic function needed for DNSSEC in ldns + * The crypto library used is openssl + * + * (c) NLnet Labs, 2004-2008 + * + * See the file LICENSE for the license + */ + +#include + +#include +#include + +#include +#include + +#ifdef HAVE_SSL +#include +#include +#include +#include +#include +#include +#include +#ifdef USE_DSA +#include +#endif +#endif + +ldns_rr * +ldns_dnssec_get_rrsig_for_name_and_type(const ldns_rdf *name, + const ldns_rr_type type, + const ldns_rr_list *rrs) +{ + size_t i; + ldns_rr *candidate; + + if (!name || !rrs) { + return NULL; + } + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + candidate = ldns_rr_list_rr(rrs, i); + if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_RRSIG) { + if (ldns_dname_compare(ldns_rr_owner(candidate), + name) == 0 && + ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(candidate)) + == type + ) { + return candidate; + } + } + } + + return NULL; +} + +ldns_rr * +ldns_dnssec_get_dnskey_for_rrsig(const ldns_rr *rrsig, + const ldns_rr_list *rrs) +{ + size_t i; + ldns_rr *candidate; + + if (!rrsig || !rrs) { + return NULL; + } + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + candidate = ldns_rr_list_rr(rrs, i); + if (ldns_rr_get_type(candidate) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_dname_compare(ldns_rr_owner(candidate), + ldns_rr_rrsig_signame(rrsig)) == 0 && + ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) == + ldns_calc_keytag(candidate) + ) { + return candidate; + } + } + } + + return NULL; +} + +ldns_rdf * +ldns_nsec_get_bitmap(const ldns_rr *nsec) { + if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) { + return ldns_rr_rdf(nsec, 1); + } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) { + return ldns_rr_rdf(nsec, 5); + } else { + return NULL; + } +} + +/*return the owner name of the closest encloser for name from the list of rrs */ +/* this is NOT the hash, but the original name! */ +ldns_rdf * +ldns_dnssec_nsec3_closest_encloser(const ldns_rdf *qname, + ATTR_UNUSED(ldns_rr_type qtype), + const ldns_rr_list *nsec3s) +{ + /* remember parameters, they must match */ + uint8_t algorithm; + uint32_t iterations; + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *sname, *hashed_sname, *tmp; + bool flag; + + bool exact_match_found; + bool in_range_found; + + ldns_status status; + ldns_rdf *zone_name; + + size_t nsec_i; + ldns_rr *nsec; + ldns_rdf *result = NULL; + + if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { + return NULL; + } + + nsec = ldns_rr_list_rr(nsec3s, 0); + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + + sname = ldns_rdf_clone(qname); + + flag = false; + + zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); + + /* algorithm from nsec3-07 8.3 */ + while (ldns_dname_label_count(sname) > 0) { + exact_match_found = false; + in_range_found = false; + + hashed_sname = ldns_nsec3_hash_name(sname, + algorithm, + iterations, + salt_length, + salt); + + status = ldns_dname_cat(hashed_sname, zone_name); + if(status != LDNS_STATUS_OK) { + LDNS_FREE(salt); + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + ldns_rdf_deep_free(hashed_sname); + return NULL; + } + + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) { + nsec = ldns_rr_list_rr(nsec3s, nsec_i); + + /* check values of iterations etc! */ + + /* exact match? */ + if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) { + exact_match_found = true; + } else if (ldns_nsec_covers_name(nsec, hashed_sname)) { + in_range_found = true; + } + + } + if (!exact_match_found && in_range_found) { + flag = true; + } else if (exact_match_found && flag) { + result = ldns_rdf_clone(sname); + /* RFC 5155: 8.3. 2.** "The proof is complete" */ + ldns_rdf_deep_free(hashed_sname); + goto done; + } else if (exact_match_found && !flag) { + /* error! */ + ldns_rdf_deep_free(hashed_sname); + goto done; + } else { + flag = false; + } + + ldns_rdf_deep_free(hashed_sname); + tmp = sname; + sname = ldns_dname_left_chop(sname); + ldns_rdf_deep_free(tmp); + } + + done: + LDNS_FREE(salt); + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + + return result; +} + +bool +ldns_dnssec_pkt_has_rrsigs(const ldns_pkt *pkt) +{ + size_t i; + for (i = 0; i < ldns_pkt_ancount(pkt); i++) { + if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_answer(pkt), i)) == + LDNS_RR_TYPE_RRSIG) { + return true; + } + } + for (i = 0; i < ldns_pkt_nscount(pkt); i++) { + if (ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_authority(pkt), i)) == + LDNS_RR_TYPE_RRSIG) { + return true; + } + } + return false; +} + +ldns_rr_list * +ldns_dnssec_pkt_get_rrsigs_for_name_and_type(const ldns_pkt *pkt, + const ldns_rdf *name, + ldns_rr_type type) +{ + uint16_t t_netorder; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + + sigs = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION + ); + + t_netorder = htons(type); /* rdf are in network order! */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, LDNS_RDF_SIZE_WORD, &t_netorder); + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + + ldns_rdf_free(rdf_t); + ldns_rr_list_deep_free(sigs); + + return sigs_covered; + +} + +ldns_rr_list * +ldns_dnssec_pkt_get_rrsigs_for_type(const ldns_pkt *pkt, ldns_rr_type type) +{ + uint16_t t_netorder; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + + sigs = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION + ); + + t_netorder = htons(type); /* rdf are in network order! */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, + 2, + &t_netorder); + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + + ldns_rdf_free(rdf_t); + ldns_rr_list_deep_free(sigs); + + return sigs_covered; + +} + +/* used only on the public key RR */ +uint16_t +ldns_calc_keytag(const ldns_rr *key) +{ + uint16_t ac16; + ldns_buffer *keybuf; + size_t keysize; + + if (!key) { + return 0; + } + + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY && + ldns_rr_get_type(key) != LDNS_RR_TYPE_KEY + ) { + return 0; + } + + /* rdata to buf - only put the rdata in a buffer */ + keybuf = ldns_buffer_new(LDNS_MIN_BUFLEN); /* grows */ + if (!keybuf) { + return 0; + } + (void)ldns_rr_rdata2buffer_wire(keybuf, key); + /* the current pos in the buffer is the keysize */ + keysize= ldns_buffer_position(keybuf); + + ac16 = ldns_calc_keytag_raw(ldns_buffer_begin(keybuf), keysize); + ldns_buffer_free(keybuf); + return ac16; +} + +uint16_t ldns_calc_keytag_raw(const uint8_t* key, size_t keysize) +{ + unsigned int i; + uint32_t ac32; + uint16_t ac16; + + if(keysize < 4) { + return 0; + } + /* look at the algorithm field, copied from 2535bis */ + if (key[3] == LDNS_RSAMD5) { + ac16 = 0; + if (keysize > 4) { + memmove(&ac16, key + keysize - 3, 2); + } + ac16 = ntohs(ac16); + return (uint16_t) ac16; + } else { + ac32 = 0; + for (i = 0; (size_t)i < keysize; ++i) { + ac32 += (i & 1) ? key[i] : key[i] << 8; + } + ac32 += (ac32 >> 16) & 0xFFFF; + return (uint16_t) (ac32 & 0xFFFF); + } +} + +#ifdef HAVE_SSL +#ifdef USE_DSA +DSA * +ldns_key_buf2dsa(const ldns_buffer *key) +{ + return ldns_key_buf2dsa_raw((const unsigned char*)ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +DSA * +ldns_key_buf2dsa_raw(const unsigned char* key, size_t len) +{ + uint8_t T; + uint16_t length; + uint16_t offset; + DSA *dsa; + BIGNUM *Q; BIGNUM *P; + BIGNUM *G; BIGNUM *Y; + + if(len == 0) + return NULL; + T = (uint8_t)key[0]; + length = (64 + T * 8); + offset = 1; + + if (T > 8) { + return NULL; + } + if(len < (size_t)1 + SHA_DIGEST_LENGTH + 3*length) + return NULL; + + Q = BN_bin2bn(key+offset, SHA_DIGEST_LENGTH, NULL); + offset += SHA_DIGEST_LENGTH; + + P = BN_bin2bn(key+offset, (int)length, NULL); + offset += length; + + G = BN_bin2bn(key+offset, (int)length, NULL); + offset += length; + + Y = BN_bin2bn(key+offset, (int)length, NULL); + + /* create the key and set its properties */ + if(!Q || !P || !G || !Y || !(dsa = DSA_new())) { + BN_free(Q); + BN_free(P); + BN_free(G); + BN_free(Y); + return NULL; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000) +#ifndef S_SPLINT_S + dsa->p = P; + dsa->q = Q; + dsa->g = G; + dsa->pub_key = Y; +#endif /* splint */ +#else /* OPENSSL_VERSION_NUMBER */ + if (!DSA_set0_pqg(dsa, P, Q, G)) { + /* QPG not yet attached, need to free */ + BN_free(Q); + BN_free(P); + BN_free(G); + + DSA_free(dsa); + BN_free(Y); + return NULL; + } + if (!DSA_set0_key(dsa, Y, NULL)) { + /* QPG attached, cleaned up by DSA_fre() */ + DSA_free(dsa); + BN_free(Y); + return NULL; + } +#endif /* OPENSSL_VERSION_NUMBER */ + return dsa; +} +#endif /* USE_DSA */ + +RSA * +ldns_key_buf2rsa(const ldns_buffer *key) +{ + return ldns_key_buf2rsa_raw((const unsigned char*)ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +RSA * +ldns_key_buf2rsa_raw(const unsigned char* key, size_t len) +{ + uint16_t offset; + uint16_t exp; + uint16_t int16; + RSA *rsa; + BIGNUM *modulus; + BIGNUM *exponent; + + if (len == 0) + return NULL; + if (key[0] == 0) { + if(len < 3) + return NULL; + /* need some smart comment here XXX*/ + /* the exponent is too large so it's places + * further...???? */ + memmove(&int16, key+1, 2); + exp = ntohs(int16); + offset = 3; + } else { + exp = key[0]; + offset = 1; + } + + /* key length at least one */ + if(len < (size_t)offset + exp + 1) + return NULL; + + /* Exponent */ + exponent = BN_new(); + if(!exponent) return NULL; + (void) BN_bin2bn(key+offset, (int)exp, exponent); + offset += exp; + + /* Modulus */ + modulus = BN_new(); + if(!modulus) { + BN_free(exponent); + return NULL; + } + /* length of the buffer must match the key length! */ + (void) BN_bin2bn(key+offset, (int)(len - offset), modulus); + + rsa = RSA_new(); + if(!rsa) { + BN_free(exponent); + BN_free(modulus); + return NULL; + } +#if OPENSSL_VERSION_NUMBER < 0x10100000 || (defined(HAVE_LIBRESSL) && LIBRESSL_VERSION_NUMBER < 0x20700000) +#ifndef S_SPLINT_S + rsa->n = modulus; + rsa->e = exponent; +#endif /* splint */ +#else /* OPENSSL_VERSION_NUMBER */ + if (!RSA_set0_key(rsa, modulus, exponent, NULL)) { + BN_free(exponent); + BN_free(modulus); + RSA_free(rsa); + return NULL; + } +#endif /* OPENSSL_VERSION_NUMBER */ + + return rsa; +} + +int +ldns_digest_evp(const unsigned char* data, unsigned int len, unsigned char* dest, + const EVP_MD* md) +{ + EVP_MD_CTX* ctx; + ctx = EVP_MD_CTX_create(); + if(!ctx) + return false; + if(!EVP_DigestInit_ex(ctx, md, NULL) || + !EVP_DigestUpdate(ctx, data, len) || + !EVP_DigestFinal_ex(ctx, dest, NULL)) { + EVP_MD_CTX_destroy(ctx); + return false; + } + EVP_MD_CTX_destroy(ctx); + return true; +} +#endif /* HAVE_SSL */ + +ldns_rr * +ldns_key_rr2ds(const ldns_rr *key, ldns_hash h) +{ + ldns_rdf *tmp; + ldns_rr *ds; + uint16_t keytag; + uint8_t sha1hash; + uint8_t *digest; + ldns_buffer *data_buf; +#ifdef USE_GOST + const EVP_MD* md = NULL; +#endif + + if (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY) { + return NULL; + } + + ds = ldns_rr_new(); + if (!ds) { + return NULL; + } + ldns_rr_set_type(ds, LDNS_RR_TYPE_DS); + ldns_rr_set_owner(ds, ldns_rdf_clone( + ldns_rr_owner(key))); + ldns_rr_set_ttl(ds, ldns_rr_ttl(key)); + ldns_rr_set_class(ds, ldns_rr_get_class(key)); + + switch(h) { + default: + case LDNS_SHA1: + digest = LDNS_XMALLOC(uint8_t, LDNS_SHA1_DIGEST_LENGTH); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; + case LDNS_SHA256: + digest = LDNS_XMALLOC(uint8_t, LDNS_SHA256_DIGEST_LENGTH); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; + case LDNS_HASH_GOST: +#ifdef USE_GOST + (void)ldns_key_EVP_load_gost_id(); + md = EVP_get_digestbyname("md_gost94"); + if(!md) { + ldns_rr_free(ds); + return NULL; + } + digest = LDNS_XMALLOC(uint8_t, EVP_MD_size(md)); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; +#else + /* not implemented */ + ldns_rr_free(ds); + return NULL; +#endif + case LDNS_SHA384: +#ifdef USE_ECDSA + digest = LDNS_XMALLOC(uint8_t, SHA384_DIGEST_LENGTH); + if (!digest) { + ldns_rr_free(ds); + return NULL; + } + break; +#else + /* not implemented */ + ldns_rr_free(ds); + return NULL; +#endif + } + + data_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!data_buf) { + LDNS_FREE(digest); + ldns_rr_free(ds); + return NULL; + } + + /* keytag */ + keytag = htons(ldns_calc_keytag((ldns_rr*)key)); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT16, + sizeof(uint16_t), + &keytag); + ldns_rr_push_rdf(ds, tmp); + + /* copy the algorithm field */ + if ((tmp = ldns_rr_rdf(key, 2)) == NULL) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + return NULL; + } else { + ldns_rr_push_rdf(ds, ldns_rdf_clone( tmp )); + } + + /* digest hash type */ + sha1hash = (uint8_t)h; + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + sizeof(uint8_t), + &sha1hash); + ldns_rr_push_rdf(ds, tmp); + + /* digest */ + /* owner name */ + tmp = ldns_rdf_clone(ldns_rr_owner(key)); + ldns_dname2canonical(tmp); + if (ldns_rdf2buffer_wire(data_buf, tmp) != LDNS_STATUS_OK) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + ldns_rdf_deep_free(tmp); + return NULL; + } + ldns_rdf_deep_free(tmp); + + /* all the rdata's */ + if (ldns_rr_rdata2buffer_wire(data_buf, + (ldns_rr*)key) != LDNS_STATUS_OK) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + return NULL; + } + switch(h) { + case LDNS_SHA1: + (void) ldns_sha1((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest); + + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + LDNS_SHA1_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); + + break; + case LDNS_SHA256: + (void) ldns_sha256((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + LDNS_SHA256_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); + break; + case LDNS_HASH_GOST: +#ifdef USE_GOST + if(!ldns_digest_evp((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest, md)) { + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + ldns_rr_free(ds); + return NULL; + } + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + (size_t)EVP_MD_size(md), + digest); + ldns_rr_push_rdf(ds, tmp); +#endif + break; + case LDNS_SHA384: +#ifdef USE_ECDSA + (void) SHA384((unsigned char *) ldns_buffer_begin(data_buf), + (unsigned int) ldns_buffer_position(data_buf), + (unsigned char *) digest); + tmp = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_HEX, + SHA384_DIGEST_LENGTH, + digest); + ldns_rr_push_rdf(ds, tmp); +#endif + break; + } + + LDNS_FREE(digest); + ldns_buffer_free(data_buf); + return ds; +} + +/* From RFC3845: + * + * 2.1.2. The List of Type Bit Map(s) Field + * + * The RR type space is split into 256 window blocks, each representing + * the low-order 8 bits of the 16-bit RR type space. Each block that + * has at least one active RR type is encoded using a single octet + * window number (from 0 to 255), a single octet bitmap length (from 1 + * to 32) indicating the number of octets used for the window block's + * bitmap, and up to 32 octets (256 bits) of bitmap. + * + * Window blocks are present in the NSEC RR RDATA in increasing + * numerical order. + * + * "|" denotes concatenation + * + * Type Bit Map(s) Field = ( Window Block # | Bitmap Length | Bitmap ) + + * + * + * + * Blocks with no types present MUST NOT be included. Trailing zero + * octets in the bitmap MUST be omitted. The length of each block's + * bitmap is determined by the type code with the largest numerical + * value within that block, among the set of RR types present at the + * NSEC RR's owner name. Trailing zero octets not specified MUST be + * interpreted as zero octets. + */ +ldns_rdf * +ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[], + size_t size, + ldns_rr_type nsec_type) +{ + uint8_t window; /* most significant octet of type */ + uint8_t subtype; /* least significant octet of type */ + int windows[256]; /* Max subtype per window */ + uint8_t windowpresent[256]; /* bool if window appears in bitmap */ + ldns_rr_type* d; /* used to traverse rr_type_list*/ + size_t i; /* used to traverse windows array */ + + size_t sz; /* size needed for type bitmap rdf */ + uint8_t* data = NULL; /* rdf data */ + uint8_t* dptr; /* used to itraverse rdf data */ + ldns_rdf* rdf; /* bitmap rdf to return */ + + if (nsec_type != LDNS_RR_TYPE_NSEC && + nsec_type != LDNS_RR_TYPE_NSEC3) { + return NULL; + } + memset(windows, 0, sizeof(int)*256); + memset(windowpresent, 0, 256); + + /* Which other windows need to be in the bitmap rdf? + */ + for (d = rr_type_list; d < rr_type_list + size; d++) { + window = *d >> 8; + subtype = *d & 0xff; + windowpresent[window] = 1; + if (windows[window] < (int)subtype) { + windows[window] = (int)subtype; + } + } + + /* How much space do we need in the rdf for those windows? + */ + sz = 0; + for (i = 0; i < 256; i++) { + if (windowpresent[i]) { + sz += windows[i] / 8 + 3; + } + } + if (sz > 0) { + /* Format rdf data according RFC3845 Section 2.1.2 (see above) + */ + dptr = data = LDNS_CALLOC(uint8_t, sz); + if (!data) { + return NULL; + } + for (i = 0; i < 256; i++) { + if (windowpresent[i]) { + *dptr++ = (uint8_t)i; + *dptr++ = (uint8_t)(windows[i] / 8 + 1); + + /* Now let windows[i] index the bitmap + * within data + */ + windows[i] = (int)(dptr - data); + + dptr += dptr[-1]; + } + } + } + + /* Set the bits? + */ + for (d = rr_type_list; d < rr_type_list + size; d++) { + subtype = *d & 0xff; + data[windows[*d >> 8] + subtype/8] |= (0x80 >> (subtype % 8)); + } + + /* Allocate and return rdf structure for the data + */ + rdf = ldns_rdf_new(LDNS_RDF_TYPE_BITMAP, sz, data); + if (!rdf) { + LDNS_FREE(data); + return NULL; + } + return rdf; +} + +int +ldns_dnssec_rrsets_contains_type(const ldns_dnssec_rrsets *rrsets, + ldns_rr_type type) +{ + const ldns_dnssec_rrsets *cur_rrset = rrsets; + while (cur_rrset) { + if (cur_rrset->type == type) { + return 1; + } + cur_rrset = cur_rrset->next; + } + return 0; +} + +ldns_rr * +ldns_dnssec_create_nsec(const ldns_dnssec_name *from, + const ldns_dnssec_name *to, + ldns_rr_type nsec_type) +{ + ldns_rr *nsec_rr; + ldns_rr_type types[65536]; + size_t type_count = 0; + ldns_dnssec_rrsets *cur_rrsets; + int on_delegation_point; + + if (!from || !to || (nsec_type != LDNS_RR_TYPE_NSEC)) { + return NULL; + } + + nsec_rr = ldns_rr_new(); + ldns_rr_set_type(nsec_rr, nsec_type); + ldns_rr_set_owner(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(from))); + ldns_rr_push_rdf(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(to))); + + on_delegation_point = ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_SOA); + + cur_rrsets = from->rrsets; + while (cur_rrsets) { + /* Do not include non-authoritative rrsets on the delegation point + * in the type bitmap */ + if ((on_delegation_point && ( + cur_rrsets->type == LDNS_RR_TYPE_NS + || cur_rrsets->type == LDNS_RR_TYPE_DS)) + || (!on_delegation_point && + cur_rrsets->type != LDNS_RR_TYPE_RRSIG + && cur_rrsets->type != LDNS_RR_TYPE_NSEC)) { + + types[type_count] = cur_rrsets->type; + type_count++; + } + cur_rrsets = cur_rrsets->next; + + } + types[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + types[type_count] = LDNS_RR_TYPE_NSEC; + type_count++; + + ldns_rr_push_rdf(nsec_rr, ldns_dnssec_create_nsec_bitmap(types, + type_count, + nsec_type)); + + return nsec_rr; +} + +ldns_rr * +ldns_dnssec_create_nsec3(const ldns_dnssec_name *from, + const ldns_dnssec_name *to, + const ldns_rdf *zone_name, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + const uint8_t *salt) +{ + ldns_rr *nsec_rr; + ldns_rr_type types[65536]; + size_t type_count = 0; + ldns_dnssec_rrsets *cur_rrsets; + ldns_status status; + int on_delegation_point; + + if (!from) { + return NULL; + } + + nsec_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3); + ldns_rr_set_owner(nsec_rr, + ldns_nsec3_hash_name(ldns_dnssec_name_name(from), + algorithm, + iterations, + salt_length, + salt)); + status = ldns_dname_cat(ldns_rr_owner(nsec_rr), zone_name); + if(status != LDNS_STATUS_OK) { + ldns_rr_free(nsec_rr); + return NULL; + } + ldns_nsec3_add_param_rdfs(nsec_rr, + algorithm, + flags, + iterations, + salt_length, + salt); + + on_delegation_point = ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_SOA); + cur_rrsets = from->rrsets; + while (cur_rrsets) { + /* Do not include non-authoritative rrsets on the delegation point + * in the type bitmap. Potentially not skipping insecure + * delegation should have been done earlier, in function + * ldns_dnssec_zone_create_nsec3s, or even earlier in: + * ldns_dnssec_zone_sign_nsec3_flg . + */ + if ((on_delegation_point && ( + cur_rrsets->type == LDNS_RR_TYPE_NS + || cur_rrsets->type == LDNS_RR_TYPE_DS)) + || (!on_delegation_point && + cur_rrsets->type != LDNS_RR_TYPE_RRSIG)) { + + types[type_count] = cur_rrsets->type; + type_count++; + } + cur_rrsets = cur_rrsets->next; + } + /* always add rrsig type if this is not an unsigned + * delegation + */ + if (type_count > 0 && + !(type_count == 1 && types[0] == LDNS_RR_TYPE_NS)) { + types[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + } + + /* leave next rdata empty if they weren't precomputed yet */ + if (to && to->hashed_name) { + (void) ldns_rr_set_rdf(nsec_rr, + ldns_rdf_clone(to->hashed_name), + 4); + } else { + (void) ldns_rr_set_rdf(nsec_rr, NULL, 4); + } + + ldns_rr_push_rdf(nsec_rr, + ldns_dnssec_create_nsec_bitmap(types, + type_count, + LDNS_RR_TYPE_NSEC3)); + + return nsec_rr; +} + +ldns_rr * +ldns_create_nsec(ldns_rdf *cur_owner, ldns_rdf *next_owner, ldns_rr_list *rrs) +{ + /* we do not do any check here - garbage in, garbage out */ + + /* the start and end names - get the type from the + * before rrlist */ + + /* inefficient, just give it a name, a next name, and a list of rrs */ + /* we make 1 big uberbitmap first, then windows */ + /* todo: make something more efficient :) */ + uint16_t i; + ldns_rr *i_rr; + uint16_t i_type; + + ldns_rr *nsec = NULL; + ldns_rr_type i_type_list[65536]; + size_t type_count = 0; + + nsec = ldns_rr_new(); + ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC); + ldns_rr_set_owner(nsec, ldns_rdf_clone(cur_owner)); + ldns_rr_push_rdf(nsec, ldns_rdf_clone(next_owner)); + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + i_rr = ldns_rr_list_rr(rrs, i); + if (ldns_rdf_compare(cur_owner, + ldns_rr_owner(i_rr)) == 0) { + i_type = ldns_rr_get_type(i_rr); + if (i_type != LDNS_RR_TYPE_RRSIG && i_type != LDNS_RR_TYPE_NSEC) { + if (type_count == 0 || i_type_list[type_count-1] != i_type) { + i_type_list[type_count] = i_type; + type_count++; + } + } + } + } + + i_type_list[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + i_type_list[type_count] = LDNS_RR_TYPE_NSEC; + type_count++; + + ldns_rr_push_rdf(nsec, + ldns_dnssec_create_nsec_bitmap(i_type_list, + type_count, LDNS_RR_TYPE_NSEC)); + + return nsec; +} + +ldns_rdf * +ldns_nsec3_hash_name(const ldns_rdf *name, + uint8_t algorithm, + uint16_t iterations, + uint8_t salt_length, + const uint8_t *salt) +{ + size_t hashed_owner_str_len; + ldns_rdf *cann; + ldns_rdf *hashed_owner; + unsigned char *hashed_owner_str; + char *hashed_owner_b32; + size_t hashed_owner_b32_len; + uint32_t cur_it; + /* define to contain the largest possible hash, which is + * sha1 at the moment */ + unsigned char hash[LDNS_SHA1_DIGEST_LENGTH]; + ldns_status status; + + /* TODO: mnemonic list for hash algs SHA-1, default to 1 now (sha1) */ + if (algorithm != LDNS_SHA1) { + return NULL; + } + + /* prepare the owner name according to the draft section bla */ + cann = ldns_rdf_clone(name); + if(!cann) { +#ifdef STDERR_MSGS + fprintf(stderr, "Memory error\n"); +#endif + return NULL; + } + ldns_dname2canonical(cann); + + hashed_owner_str_len = salt_length + ldns_rdf_size(cann); + hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len); + if(!hashed_owner_str) { + ldns_rdf_deep_free(cann); + return NULL; + } + memcpy(hashed_owner_str, ldns_rdf_data(cann), ldns_rdf_size(cann)); + memcpy(hashed_owner_str + ldns_rdf_size(cann), salt, salt_length); + ldns_rdf_deep_free(cann); + + for (cur_it = iterations + 1; cur_it > 0; cur_it--) { + (void) ldns_sha1((unsigned char *) hashed_owner_str, + (unsigned int) hashed_owner_str_len, hash); + + LDNS_FREE(hashed_owner_str); + hashed_owner_str_len = salt_length + LDNS_SHA1_DIGEST_LENGTH; + hashed_owner_str = LDNS_XMALLOC(unsigned char, hashed_owner_str_len); + if (!hashed_owner_str) { + return NULL; + } + memcpy(hashed_owner_str, hash, LDNS_SHA1_DIGEST_LENGTH); + memcpy(hashed_owner_str + LDNS_SHA1_DIGEST_LENGTH, salt, salt_length); + hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH + salt_length; + } + + LDNS_FREE(hashed_owner_str); + hashed_owner_str = hash; + hashed_owner_str_len = LDNS_SHA1_DIGEST_LENGTH; + + hashed_owner_b32 = LDNS_XMALLOC(char, + ldns_b32_ntop_calculate_size(hashed_owner_str_len) + 1); + if(!hashed_owner_b32) { + return NULL; + } + hashed_owner_b32_len = (size_t) ldns_b32_ntop_extended_hex( + (uint8_t *) hashed_owner_str, + hashed_owner_str_len, + hashed_owner_b32, + ldns_b32_ntop_calculate_size(hashed_owner_str_len)+1); + if (hashed_owner_b32_len < 1) { +#ifdef STDERR_MSGS + fprintf(stderr, "Error in base32 extended hex encoding "); + fprintf(stderr, "of hashed owner name (name: "); + ldns_rdf_print(stderr, name); + fprintf(stderr, ", return code: %u)\n", + (unsigned int) hashed_owner_b32_len); +#endif + LDNS_FREE(hashed_owner_b32); + return NULL; + } + hashed_owner_b32[hashed_owner_b32_len] = '\0'; + + status = ldns_str2rdf_dname(&hashed_owner, hashed_owner_b32); + if (status != LDNS_STATUS_OK) { +#ifdef STDERR_MSGS + fprintf(stderr, "Error creating rdf from %s\n", hashed_owner_b32); +#endif + LDNS_FREE(hashed_owner_b32); + return NULL; + } + + LDNS_FREE(hashed_owner_b32); + return hashed_owner; +} + +void +ldns_nsec3_add_param_rdfs(ldns_rr *rr, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + const uint8_t *salt) +{ + ldns_rdf *salt_rdf = NULL; + uint8_t *salt_data = NULL; + ldns_rdf *old; + + old = ldns_rr_set_rdf(rr, + ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + 1, (void*)&algorithm), + 0); + if (old) ldns_rdf_deep_free(old); + + old = ldns_rr_set_rdf(rr, + ldns_rdf_new_frm_data(LDNS_RDF_TYPE_INT8, + 1, (void*)&flags), + 1); + if (old) ldns_rdf_deep_free(old); + + old = ldns_rr_set_rdf(rr, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, + iterations), + 2); + if (old) ldns_rdf_deep_free(old); + + salt_data = LDNS_XMALLOC(uint8_t, salt_length + 1); + if(!salt_data) { + /* no way to return error */ + return; + } + salt_data[0] = salt_length; + memcpy(salt_data + 1, salt, salt_length); + salt_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC3_SALT, + salt_length + 1, + salt_data); + if(!salt_rdf) { + LDNS_FREE(salt_data); + /* no way to return error */ + return; + } + + old = ldns_rr_set_rdf(rr, salt_rdf, 3); + if (old) ldns_rdf_deep_free(old); + LDNS_FREE(salt_data); +} + +static int +rr_list_delegation_only(const ldns_rdf *origin, const ldns_rr_list *rr_list) +{ + size_t i; + ldns_rr *cur_rr; + if (!origin || !rr_list) return 0; + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + cur_rr = ldns_rr_list_rr(rr_list, i); + if (ldns_dname_compare(ldns_rr_owner(cur_rr), origin) == 0) { + return 0; + } + if (ldns_rr_get_type(cur_rr) != LDNS_RR_TYPE_NS) { + return 0; + } + } + return 1; +} + +/* this will NOT return the NSEC3 completed, you will have to run the + finalize function on the rrlist later! */ +ldns_rr * +ldns_create_nsec3(const ldns_rdf *cur_owner, + const ldns_rdf *cur_zone, + const ldns_rr_list *rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + const uint8_t *salt, + bool emptynonterminal) +{ + size_t i; + ldns_rr *i_rr; + uint16_t i_type; + + ldns_rr *nsec = NULL; + ldns_rdf *hashed_owner = NULL; + + ldns_status status; + + ldns_rr_type i_type_list[1024]; + size_t type_count = 0; + + hashed_owner = ldns_nsec3_hash_name(cur_owner, + algorithm, + iterations, + salt_length, + salt); + status = ldns_dname_cat(hashed_owner, cur_zone); + if(status != LDNS_STATUS_OK) { + ldns_rdf_deep_free(hashed_owner); + return NULL; + } + nsec = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3); + if(!nsec) { + ldns_rdf_deep_free(hashed_owner); + return NULL; + } + ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC3); + ldns_rr_set_owner(nsec, hashed_owner); + + ldns_nsec3_add_param_rdfs(nsec, + algorithm, + flags, + iterations, + salt_length, + salt); + (void) ldns_rr_set_rdf(nsec, NULL, 4); + + + for (i = 0; i < ldns_rr_list_rr_count(rrs); i++) { + i_rr = ldns_rr_list_rr(rrs, i); + if (ldns_rdf_compare(cur_owner, + ldns_rr_owner(i_rr)) == 0) { + i_type = ldns_rr_get_type(i_rr); + if (type_count == 0 || i_type_list[type_count-1] != i_type) { + i_type_list[type_count] = i_type; + type_count++; + } + } + } + + /* add RRSIG anyway, but only if this is not an ENT or + * an unsigned delegation */ + if (!emptynonterminal && !rr_list_delegation_only(cur_zone, rrs)) { + i_type_list[type_count] = LDNS_RR_TYPE_RRSIG; + type_count++; + } + + /* and SOA if owner == zone */ + if (ldns_dname_compare(cur_zone, cur_owner) == 0) { + i_type_list[type_count] = LDNS_RR_TYPE_SOA; + type_count++; + } + + ldns_rr_push_rdf(nsec, + ldns_dnssec_create_nsec_bitmap(i_type_list, + type_count, LDNS_RR_TYPE_NSEC3)); + + return nsec; +} + +uint8_t +ldns_nsec3_algorithm(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && (ldns_rr_rdf(nsec3_rr, 0) != NULL) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0) { + return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 0)); + } + return 0; +} + +uint8_t +ldns_nsec3_flags(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && (ldns_rr_rdf(nsec3_rr, 1) != NULL) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0) { + return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 1)); + } + return 0; +} + +bool +ldns_nsec3_optout(const ldns_rr *nsec3_rr) +{ + return (ldns_nsec3_flags(nsec3_rr) & LDNS_NSEC3_VARS_OPTOUT_MASK); +} + +uint16_t +ldns_nsec3_iterations(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && (ldns_rr_rdf(nsec3_rr, 2) != NULL) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0) { + return ldns_rdf2native_int16(ldns_rr_rdf(nsec3_rr, 2)); + } + return 0; + +} + +ldns_rdf * +ldns_nsec3_salt(const ldns_rr *nsec3_rr) +{ + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + ) { + return ldns_rr_rdf(nsec3_rr, 3); + } + return NULL; +} + +uint8_t +ldns_nsec3_salt_length(const ldns_rr *nsec3_rr) +{ + ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); + if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { + return (uint8_t) ldns_rdf_data(salt_rdf)[0]; + } + return 0; +} + +/* allocs data, free with LDNS_FREE() */ +uint8_t * +ldns_nsec3_salt_data(const ldns_rr *nsec3_rr) +{ + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *salt_rdf = ldns_nsec3_salt(nsec3_rr); + if (salt_rdf && ldns_rdf_size(salt_rdf) > 0) { + salt_length = ldns_rdf_data(salt_rdf)[0]; + if((size_t)salt_length+1 > ldns_rdf_size(salt_rdf)) + return NULL; + salt = LDNS_XMALLOC(uint8_t, salt_length); + if(!salt) return NULL; + memcpy(salt, &ldns_rdf_data(salt_rdf)[1], salt_length); + return salt; + } + return NULL; +} + +ldns_rdf * +ldns_nsec3_next_owner(const ldns_rr *nsec3_rr) +{ + if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) { + return NULL; + } else { + return ldns_rr_rdf(nsec3_rr, 4); + } +} + +ldns_rdf * +ldns_nsec3_bitmap(const ldns_rr *nsec3_rr) +{ + if (!nsec3_rr || ldns_rr_get_type(nsec3_rr) != LDNS_RR_TYPE_NSEC3) { + return NULL; + } else { + return ldns_rr_rdf(nsec3_rr, 5); + } +} + +ldns_rdf * +ldns_nsec3_hash_name_frm_nsec3(const ldns_rr *nsec, const ldns_rdf *name) +{ + uint8_t algorithm; + uint16_t iterations; + uint8_t salt_length; + uint8_t *salt = 0; + + ldns_rdf *hashed_owner; + + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + + hashed_owner = ldns_nsec3_hash_name(name, + algorithm, + iterations, + salt_length, + salt); + + LDNS_FREE(salt); + return hashed_owner; +} + +bool +ldns_nsec_bitmap_covers_type(const ldns_rdf* bitmap, ldns_rr_type type) +{ + uint8_t* dptr; + uint8_t* dend; + + /* From RFC3845 Section 2.1.2: + * + * "The RR type space is split into 256 window blocks, each re- + * presenting the low-order 8 bits of the 16-bit RR type space." + */ + uint8_t window = type >> 8; + uint8_t subtype = type & 0xff; + + if (! bitmap) { + return false; + } + assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + + dptr = ldns_rdf_data(bitmap); + dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); + + /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + + * dptr[0] dptr[1] dptr[2:] + */ + while (dptr < dend && dptr[0] <= window) { + + if (dptr[0] == window && subtype / 8 < dptr[1] && + dptr + dptr[1] + 2 <= dend) { + + return dptr[2 + subtype / 8] & (0x80 >> (subtype % 8)); + } + dptr += dptr[1] + 2; /* next window */ + } + return false; +} + +ldns_status +ldns_nsec_bitmap_set_type(ldns_rdf* bitmap, ldns_rr_type type) +{ + uint8_t* dptr; + uint8_t* dend; + + /* From RFC3845 Section 2.1.2: + * + * "The RR type space is split into 256 window blocks, each re- + * presenting the low-order 8 bits of the 16-bit RR type space." + */ + uint8_t window = type >> 8; + uint8_t subtype = type & 0xff; + + if (! bitmap) { + return false; + } + assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + + dptr = ldns_rdf_data(bitmap); + dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); + + /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + + * dptr[0] dptr[1] dptr[2:] + */ + while (dptr < dend && dptr[0] <= window) { + + if (dptr[0] == window && subtype / 8 < dptr[1] && + dptr + dptr[1] + 2 <= dend) { + + dptr[2 + subtype / 8] |= (0x80 >> (subtype % 8)); + return LDNS_STATUS_OK; + } + dptr += dptr[1] + 2; /* next window */ + } + return LDNS_STATUS_TYPE_NOT_IN_BITMAP; +} + +ldns_status +ldns_nsec_bitmap_clear_type(ldns_rdf* bitmap, ldns_rr_type type) +{ + uint8_t* dptr; + uint8_t* dend; + + /* From RFC3845 Section 2.1.2: + * + * "The RR type space is split into 256 window blocks, each re- + * presenting the low-order 8 bits of the 16-bit RR type space." + */ + uint8_t window = type >> 8; + uint8_t subtype = type & 0xff; + + if (! bitmap) { + return false; + } + + assert(ldns_rdf_get_type(bitmap) == LDNS_RDF_TYPE_BITMAP); + + dptr = ldns_rdf_data(bitmap); + dend = ldns_rdf_data(bitmap) + ldns_rdf_size(bitmap); + + /* Type Bitmap = ( Window Block # | Bitmap Length | Bitmap ) + + * dptr[0] dptr[1] dptr[2:] + */ + while (dptr < dend && dptr[0] <= window) { + + if (dptr[0] == window && subtype / 8 < dptr[1] && + dptr + dptr[1] + 2 <= dend) { + + dptr[2 + subtype / 8] &= ~(0x80 >> (subtype % 8)); + return LDNS_STATUS_OK; + } + dptr += dptr[1] + 2; /* next window */ + } + return LDNS_STATUS_TYPE_NOT_IN_BITMAP; +} + + +bool +ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name) +{ + ldns_rdf *nsec_owner = ldns_rr_owner(nsec); + ldns_rdf *hash_next; + char *next_hash_str; + ldns_rdf *nsec_next = NULL; + ldns_status status; + ldns_rdf *chopped_dname; + bool result; + + if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC) { + if (ldns_rr_rdf(nsec, 0) != NULL) { + nsec_next = ldns_rdf_clone(ldns_rr_rdf(nsec, 0)); + } else { + return false; + } + } else if (ldns_rr_get_type(nsec) == LDNS_RR_TYPE_NSEC3) { + hash_next = ldns_nsec3_next_owner(nsec); + next_hash_str = ldns_rdf2str(hash_next); + nsec_next = ldns_dname_new_frm_str(next_hash_str); + LDNS_FREE(next_hash_str); + chopped_dname = ldns_dname_left_chop(nsec_owner); + status = ldns_dname_cat(nsec_next, chopped_dname); + ldns_rdf_deep_free(chopped_dname); + if (status != LDNS_STATUS_OK) { + printf("error catting: %s\n", ldns_get_errorstr_by_id(status)); + } + } else { + ldns_rdf_deep_free(nsec_next); + return false; + } + + /* in the case of the last nsec */ + if(ldns_dname_compare(nsec_owner, nsec_next) > 0) { + result = (ldns_dname_compare(nsec_owner, name) <= 0 || + ldns_dname_compare(name, nsec_next) < 0); + } else if(ldns_dname_compare(nsec_owner, nsec_next) < 0) { + result = (ldns_dname_compare(nsec_owner, name) <= 0 && + ldns_dname_compare(name, nsec_next) < 0); + } else { + result = true; + } + + ldns_rdf_deep_free(nsec_next); + return result; +} + +#ifdef HAVE_SSL +/* sig may be null - if so look in the packet */ + +ldns_status +ldns_pkt_verify_time(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o, + const ldns_rr_list *k, const ldns_rr_list *s, + time_t check_time, ldns_rr_list *good_keys) +{ + ldns_rr_list *rrset; + ldns_rr_list *sigs; + ldns_rr_list *sigs_covered; + ldns_rdf *rdf_t; + ldns_rr_type t_netorder; + ldns_status status; + + if (!k) { + return LDNS_STATUS_ERR; + /* return LDNS_STATUS_CRYPTO_NO_DNSKEY; */ + } + + if (t == LDNS_RR_TYPE_RRSIG) { + /* we don't have RRSIG(RRSIG) (yet? ;-) ) */ + return LDNS_STATUS_ERR; + } + + if (s) { + /* if s is not NULL, the sigs are given to use */ + sigs = (ldns_rr_list *)s; + } else { + /* otherwise get them from the packet */ + sigs = ldns_pkt_rr_list_by_name_and_type(p, o, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANY_NOQUESTION); + if (!sigs) { + /* no sigs */ + return LDNS_STATUS_ERR; + /* return LDNS_STATUS_CRYPTO_NO_RRSIG; */ + } + } + + /* rrsig are subtyped, so now we need to find the correct + * sigs for the type t + */ + t_netorder = htons(t); /* rdf are in network order! */ + /* a type identifier is a 16-bit number, so the size is 2 bytes */ + rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, 2, &t_netorder); + + sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0); + ldns_rdf_free(rdf_t); + if (! sigs_covered) { + if (! s) { + ldns_rr_list_deep_free(sigs); + } + return LDNS_STATUS_ERR; + } + ldns_rr_list_deep_free(sigs_covered); + + rrset = ldns_pkt_rr_list_by_name_and_type(p, o, t, + LDNS_SECTION_ANY_NOQUESTION); + if (!rrset) { + if (! s) { + ldns_rr_list_deep_free(sigs); + } + return LDNS_STATUS_ERR; + } + status = ldns_verify_time(rrset, sigs, k, check_time, good_keys); + ldns_rr_list_deep_free(rrset); + return status; +} + +ldns_status +ldns_pkt_verify(const ldns_pkt *p, ldns_rr_type t, const ldns_rdf *o, + const ldns_rr_list *k, const ldns_rr_list *s, ldns_rr_list *good_keys) +{ + return ldns_pkt_verify_time(p, t, o, k, s, ldns_time(NULL), good_keys); +} +#endif /* HAVE_SSL */ + +ldns_status +ldns_dnssec_chain_nsec3_list(ldns_rr_list *nsec3_rrs) +{ + size_t i; + char *next_nsec_owner_str; + ldns_rdf *next_nsec_owner_label; + ldns_rdf *next_nsec_rdf; + ldns_status status = LDNS_STATUS_OK; + + for (i = 0; i < ldns_rr_list_rr_count(nsec3_rrs); i++) { + if (i == ldns_rr_list_rr_count(nsec3_rrs) - 1) { + next_nsec_owner_label = + ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs, + 0)), 0); + next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label); + if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + == '.') { + next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + = '\0'; + } + status = ldns_str2rdf_b32_ext(&next_nsec_rdf, + next_nsec_owner_str); + if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i), + next_nsec_rdf, 4)) { + /* todo: error */ + } + + ldns_rdf_deep_free(next_nsec_owner_label); + LDNS_FREE(next_nsec_owner_str); + } else { + next_nsec_owner_label = + ldns_dname_label(ldns_rr_owner(ldns_rr_list_rr(nsec3_rrs, + i + 1)), + 0); + next_nsec_owner_str = ldns_rdf2str(next_nsec_owner_label); + if (next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + == '.') { + next_nsec_owner_str[strlen(next_nsec_owner_str) - 1] + = '\0'; + } + status = ldns_str2rdf_b32_ext(&next_nsec_rdf, + next_nsec_owner_str); + ldns_rdf_deep_free(next_nsec_owner_label); + LDNS_FREE(next_nsec_owner_str); + if (!ldns_rr_set_rdf(ldns_rr_list_rr(nsec3_rrs, i), + next_nsec_rdf, 4)) { + /* todo: error */ + } + } + } + return status; +} + +int +qsort_rr_compare_nsec3(const void *a, const void *b) +{ + const ldns_rr *rr1 = * (const ldns_rr **) a; + const ldns_rr *rr2 = * (const ldns_rr **) b; + if (rr1 == NULL && rr2 == NULL) { + return 0; + } + if (rr1 == NULL) { + return -1; + } + if (rr2 == NULL) { + return 1; + } + return ldns_rdf_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)); +} + +void +ldns_rr_list_sort_nsec3(ldns_rr_list *unsorted) +{ + qsort(unsorted->_rrs, + ldns_rr_list_rr_count(unsorted), + sizeof(ldns_rr *), + qsort_rr_compare_nsec3); +} + +int +ldns_dnssec_default_add_to_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) +{ + return LDNS_SIGNATURE_LEAVE_ADD_NEW; +} + +int +ldns_dnssec_default_leave_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) +{ + return LDNS_SIGNATURE_LEAVE_NO_ADD; +} + +int +ldns_dnssec_default_delete_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) +{ + return LDNS_SIGNATURE_REMOVE_NO_ADD; +} + +int +ldns_dnssec_default_replace_signatures( ATTR_UNUSED(ldns_rr *sig) + , ATTR_UNUSED(void *n) + ) +{ + return LDNS_SIGNATURE_REMOVE_ADD_NEW; +} + +#ifdef HAVE_SSL +ldns_rdf * +ldns_convert_dsa_rrsig_asn12rdf(const ldns_buffer *sig, + const long sig_len) +{ +#ifdef USE_DSA + ldns_rdf *sigdata_rdf; + DSA_SIG *dsasig; + const BIGNUM *R, *S; + unsigned char *dsasig_data = (unsigned char*)ldns_buffer_begin(sig); + size_t byte_offset; + + dsasig = d2i_DSA_SIG(NULL, + (const unsigned char **)&dsasig_data, + sig_len); + if (!dsasig) { + DSA_SIG_free(dsasig); + return NULL; + } + + dsasig_data = LDNS_XMALLOC(unsigned char, 41); + if(!dsasig_data) { + DSA_SIG_free(dsasig); + return NULL; + } + dsasig_data[0] = 0; +# ifdef HAVE_DSA_SIG_GET0 + DSA_SIG_get0(dsasig, &R, &S); +# else + R = dsasig->r; + S = dsasig->s; +# endif + byte_offset = (size_t) (20 - BN_num_bytes(R)); + if (byte_offset > 20) { + DSA_SIG_free(dsasig); + LDNS_FREE(dsasig_data); + return NULL; + } + memset(&dsasig_data[1], 0, byte_offset); + BN_bn2bin(R, &dsasig_data[1 + byte_offset]); + byte_offset = (size_t) (20 - BN_num_bytes(S)); + if (byte_offset > 20) { + DSA_SIG_free(dsasig); + LDNS_FREE(dsasig_data); + return NULL; + } + memset(&dsasig_data[21], 0, byte_offset); + BN_bn2bin(S, &dsasig_data[21 + byte_offset]); + + sigdata_rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, 41, dsasig_data); + if(!sigdata_rdf) { + LDNS_FREE(dsasig_data); + } + DSA_SIG_free(dsasig); + + return sigdata_rdf; +#else + (void)sig; (void)sig_len; + return NULL; +#endif +} + +ldns_status +ldns_convert_dsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, + const ldns_rdf *sig_rdf) +{ +#ifdef USE_DSA + /* the EVP api wants the DER encoding of the signature... */ + BIGNUM *R, *S; + DSA_SIG *dsasig; + unsigned char *raw_sig = NULL; + int raw_sig_len; + + if(ldns_rdf_size(sig_rdf) < 1 + 2*SHA_DIGEST_LENGTH) + return LDNS_STATUS_SYNTAX_RDATA_ERR; + /* extract the R and S field from the sig buffer */ + R = BN_new(); + if(!R) return LDNS_STATUS_MEM_ERR; + (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 1, + SHA_DIGEST_LENGTH, R); + S = BN_new(); + if(!S) { + BN_free(R); + return LDNS_STATUS_MEM_ERR; + } + (void) BN_bin2bn((unsigned char *) ldns_rdf_data(sig_rdf) + 21, + SHA_DIGEST_LENGTH, S); + + dsasig = DSA_SIG_new(); + if (!dsasig) { + BN_free(R); + BN_free(S); + return LDNS_STATUS_MEM_ERR; + } +# ifdef HAVE_DSA_SIG_SET0 + if (! DSA_SIG_set0(dsasig, R, S)) { + DSA_SIG_free(dsasig); + return LDNS_STATUS_SSL_ERR; + } +# else + dsasig->r = R; + dsasig->s = S; +# endif + + raw_sig_len = i2d_DSA_SIG(dsasig, &raw_sig); + if (raw_sig_len < 0) { + DSA_SIG_free(dsasig); + free(raw_sig); + return LDNS_STATUS_SSL_ERR; + } + if (ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) { + ldns_buffer_write(target_buffer, raw_sig, (size_t)raw_sig_len); + } + + DSA_SIG_free(dsasig); + free(raw_sig); + + return ldns_buffer_status(target_buffer); +#else + (void)target_buffer; (void)sig_rdf; + return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL; +#endif +} + +#ifdef USE_ECDSA +#ifndef S_SPLINT_S +ldns_rdf * +ldns_convert_ecdsa_rrsig_asn1len2rdf(const ldns_buffer *sig, + const long sig_len, int num_bytes) +{ + ECDSA_SIG* ecdsa_sig; + const BIGNUM *r, *s; + unsigned char *data = (unsigned char*)ldns_buffer_begin(sig); + ldns_rdf* rdf; + ecdsa_sig = d2i_ECDSA_SIG(NULL, (const unsigned char **)&data, sig_len); + if(!ecdsa_sig) return NULL; + +#ifdef HAVE_ECDSA_SIG_GET0 + ECDSA_SIG_get0(ecdsa_sig, &r, &s); +#else + r = ecdsa_sig->r; + s = ecdsa_sig->s; +#endif + /* "r | s". */ + if(BN_num_bytes(r) > num_bytes || + BN_num_bytes(s) > num_bytes) { + ECDSA_SIG_free(ecdsa_sig); + return NULL; /* numbers too big for passed curve size */ + } + data = LDNS_XMALLOC(unsigned char, num_bytes*2); + if(!data) { + ECDSA_SIG_free(ecdsa_sig); + return NULL; + } + /* write the bignums (in big-endian) a little offset if the BN code + * wants to write a shorter number of bytes, with zeroes prefixed */ + memset(data, 0, num_bytes*2); + BN_bn2bin(r, data+num_bytes-BN_num_bytes(r)); + BN_bn2bin(s, data+num_bytes*2-BN_num_bytes(s)); + rdf = ldns_rdf_new(LDNS_RDF_TYPE_B64, (size_t)(num_bytes*2), data); + ECDSA_SIG_free(ecdsa_sig); + return rdf; +} + +ldns_status +ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, + const ldns_rdf *sig_rdf) +{ + /* convert from two BIGNUMs in the rdata buffer, to ASN notation. + * ASN preamble: 30440220 0220 + * the '20' is the length of that field (=bnsize). + * the '44' is the total remaining length. + * if negative, start with leading zero. + * if starts with 00s, remove them from the number. + */ + uint8_t pre[] = {0x30, 0x44, 0x02, 0x20}; + int pre_len = 4; + uint8_t mid[] = {0x02, 0x20}; + int mid_len = 2; + int raw_sig_len, r_high, s_high, r_rem=0, s_rem=0; + long bnsize = (long)ldns_rdf_size(sig_rdf) / 2; + uint8_t* d = ldns_rdf_data(sig_rdf); + /* if too short, or not even length, do not bother */ + if(bnsize < 16 || (size_t)bnsize*2 != ldns_rdf_size(sig_rdf)) + return LDNS_STATUS_ERR; + /* strip leading zeroes from r (but not last one) */ + while(r_rem < bnsize-1 && d[r_rem] == 0) + r_rem++; + /* strip leading zeroes from s (but not last one) */ + while(s_rem < bnsize-1 && d[bnsize+s_rem] == 0) + s_rem++; + + r_high = ((d[0+r_rem]&0x80)?1:0); + s_high = ((d[bnsize+s_rem]&0x80)?1:0); + raw_sig_len = pre_len + r_high + bnsize - r_rem + mid_len + + s_high + bnsize - s_rem; + if(ldns_buffer_reserve(target_buffer, (size_t) raw_sig_len)) { + ldns_buffer_write_u8(target_buffer, pre[0]); + ldns_buffer_write_u8(target_buffer, raw_sig_len-2); + ldns_buffer_write_u8(target_buffer, pre[2]); + ldns_buffer_write_u8(target_buffer, bnsize + r_high - r_rem); + if(r_high) + ldns_buffer_write_u8(target_buffer, 0); + ldns_buffer_write(target_buffer, d+r_rem, bnsize-r_rem); + ldns_buffer_write(target_buffer, mid, mid_len-1); + ldns_buffer_write_u8(target_buffer, bnsize + s_high - s_rem); + if(s_high) + ldns_buffer_write_u8(target_buffer, 0); + ldns_buffer_write(target_buffer, d+bnsize+s_rem, bnsize-s_rem); + } + return ldns_buffer_status(target_buffer); +} + +#endif /* S_SPLINT_S */ +#endif /* USE_ECDSA */ +#endif /* HAVE_SSL */ diff --git a/zonemaster-ldns/ldns/dnssec_sign.c b/zonemaster-ldns/ldns/dnssec_sign.c new file mode 100644 index 0000000..dba2d1c --- /dev/null +++ b/zonemaster-ldns/ldns/dnssec_sign.c @@ -0,0 +1,1691 @@ +#include + +#include + +#include +#include + +#include +#include + +#ifdef HAVE_SSL +/* this entire file is rather useless when you don't have + * crypto... + */ +#include +#include +#include +#include +#include +#include +#include +#ifdef USE_DSA +#include +#endif +#endif /* HAVE_SSL */ + +#define LDNS_SIGN_WITH_ZONEMD ( LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384 \ + | LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512 ) + +ldns_rr * +ldns_create_empty_rrsig(const ldns_rr_list *rrset, + const ldns_key *current_key) +{ + uint32_t orig_ttl; + ldns_rr_class orig_class; + time_t now; + ldns_rr *current_sig; + uint8_t label_count; + ldns_rdf *signame; + + label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset, + 0))); + /* RFC4035 2.2: not counting the leftmost label if it is a wildcard */ + if(ldns_dname_is_wildcard(ldns_rr_owner(ldns_rr_list_rr(rrset, 0)))) + label_count --; + + current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG); + + /* set the type on the new signature */ + orig_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrset, 0)); + orig_class = ldns_rr_get_class(ldns_rr_list_rr(rrset, 0)); + + ldns_rr_set_ttl(current_sig, orig_ttl); + ldns_rr_set_class(current_sig, orig_class); + ldns_rr_set_owner(current_sig, + ldns_rdf_clone( + ldns_rr_owner( + ldns_rr_list_rr(rrset, + 0)))); + + /* fill in what we know of the signature */ + + /* set the orig_ttl */ + (void)ldns_rr_rrsig_set_origttl( + current_sig, + ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, + orig_ttl)); + /* the signers name */ + signame = ldns_rdf_clone(ldns_key_pubkey_owner(current_key)); + ldns_dname2canonical(signame); + (void)ldns_rr_rrsig_set_signame( + current_sig, + signame); + /* label count - get it from the first rr in the rr_list */ + (void)ldns_rr_rrsig_set_labels( + current_sig, + ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, + label_count)); + /* inception, expiration */ + now = time(NULL); + if (ldns_key_inception(current_key) != 0) { + (void)ldns_rr_rrsig_set_inception( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + ldns_key_inception(current_key))); + } else { + (void)ldns_rr_rrsig_set_inception( + current_sig, + ldns_native2rdf_int32(LDNS_RDF_TYPE_TIME, now)); + } + if (ldns_key_expiration(current_key) != 0) { + (void)ldns_rr_rrsig_set_expiration( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + ldns_key_expiration(current_key))); + } else { + (void)ldns_rr_rrsig_set_expiration( + current_sig, + ldns_native2rdf_int32( + LDNS_RDF_TYPE_TIME, + now + LDNS_DEFAULT_EXP_TIME)); + } + + (void)ldns_rr_rrsig_set_keytag( + current_sig, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, + ldns_key_keytag(current_key))); + + (void)ldns_rr_rrsig_set_algorithm( + current_sig, + ldns_native2rdf_int8( + LDNS_RDF_TYPE_ALG, + ldns_key_algorithm(current_key))); + + (void)ldns_rr_rrsig_set_typecovered( + current_sig, + ldns_native2rdf_int16( + LDNS_RDF_TYPE_TYPE, + ldns_rr_get_type(ldns_rr_list_rr(rrset, + 0)))); + return current_sig; +} + +#ifdef HAVE_SSL +ldns_rdf * +ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key) +{ + ldns_rdf *b64rdf = NULL; + + switch(ldns_key_algorithm(current_key)) { +#ifdef USE_DSA + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), +# ifdef HAVE_EVP_DSS1 + EVP_dss1() +# else + EVP_sha1() +# endif + ); + break; +#endif /* USE_DSA */ + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha1()); + break; +#ifdef USE_SHA2 + case LDNS_SIGN_RSASHA256: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha256()); + break; + case LDNS_SIGN_RSASHA512: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha512()); + break; +#endif /* USE_SHA2 */ +#ifdef USE_GOST + case LDNS_SIGN_ECC_GOST: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_get_digestbyname("md_gost94")); + break; +#endif /* USE_GOST */ +#ifdef USE_ECDSA + case LDNS_SIGN_ECDSAP256SHA256: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha256()); + break; + case LDNS_SIGN_ECDSAP384SHA384: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_sha384()); + break; +#endif +#ifdef USE_ED25519 + case LDNS_SIGN_ED25519: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + NULL); + break; +#endif +#ifdef USE_ED448 + case LDNS_SIGN_ED448: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + NULL); + break; +#endif + case LDNS_SIGN_RSAMD5: + b64rdf = ldns_sign_public_evp( + sign_buf, + ldns_key_evp_key(current_key), + EVP_md5()); + break; + default: + /* do _you_ know this alg? */ + printf("unknown algorithm, "); + printf("is the one used available on this system?\n"); + break; + } + + return b64rdf; +} + +/** + * use this function to sign with a public/private key alg + * return the created signatures + */ +ldns_rr_list * +ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys) +{ + ldns_rr_list *signatures; + ldns_rr_list *rrset_clone; + ldns_rr *current_sig; + ldns_rdf *b64rdf; + ldns_key *current_key; + size_t key_count; + uint16_t i; + ldns_buffer *sign_buf; + ldns_rdf *new_owner; + + if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) { + return NULL; + } + + new_owner = NULL; + + /* prepare a signature and add all the know data + * prepare the rrset. Sign this together. */ + rrset_clone = ldns_rr_list_clone(rrset); + if (!rrset_clone) { + return NULL; + } + + /* make it canonical */ + for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { + ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), + ldns_rr_ttl(ldns_rr_list_rr(rrset, 0))); + ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); + } + /* sort */ + ldns_rr_list_sort(rrset_clone); + + signatures = ldns_rr_list_new(); + + for (key_count = 0; + key_count < ldns_key_list_key_count(keys); + key_count++) { + if (!ldns_key_use(ldns_key_list_key(keys, key_count))) { + continue; + } + sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!sign_buf) { + ldns_rr_list_free(rrset_clone); + ldns_rr_list_free(signatures); + ldns_rdf_free(new_owner); + return NULL; + } + b64rdf = NULL; + + current_key = ldns_key_list_key(keys, key_count); + /* sign all RRs with keys that have ZSKbit, !SEPbit. + sign DNSKEY RRs with keys that have ZSKbit&SEPbit */ + if (ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY) { + current_sig = ldns_create_empty_rrsig(rrset_clone, + current_key); + + /* right now, we have: a key, a semi-sig and an rrset. For + * which we can create the sig and base64 encode that and + * add that to the signature */ + + if (ldns_rrsig2buffer_wire(sign_buf, current_sig) + != LDNS_STATUS_OK) { + ldns_buffer_free(sign_buf); + /* ERROR */ + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_free(current_sig); + ldns_rr_list_deep_free(signatures); + return NULL; + } + + /* add the rrset in sign_buf */ + if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone) + != LDNS_STATUS_OK) { + ldns_buffer_free(sign_buf); + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_free(current_sig); + ldns_rr_list_deep_free(signatures); + return NULL; + } + + b64rdf = ldns_sign_public_buffer(sign_buf, current_key); + + if (!b64rdf) { + /* signing went wrong */ + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_free(current_sig); + ldns_rr_list_deep_free(signatures); + return NULL; + } + + ldns_rr_rrsig_set_sig(current_sig, b64rdf); + + /* push the signature to the signatures list */ + ldns_rr_list_push_rr(signatures, current_sig); + } + ldns_buffer_free(sign_buf); /* restart for the next key */ + } + ldns_rr_list_deep_free(rrset_clone); + + return signatures; +} + +ldns_rdf * +ldns_sign_public_dsa(ldns_buffer *to_sign, DSA *key) +{ +#ifdef USE_DSA + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned char *sha1_hash; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + + DSA_SIG *sig; + const BIGNUM *R, *S; + uint8_t *data; + size_t pad; + + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), md); + if (!sha1_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + sig = DSA_do_sign(sha1_hash, SHA_DIGEST_LENGTH, key); + if(!sig) { + ldns_buffer_free(b64sig); + return NULL; + } + + data = LDNS_XMALLOC(uint8_t, 1 + 2 * SHA_DIGEST_LENGTH); + if(!data) { + ldns_buffer_free(b64sig); + DSA_SIG_free(sig); + return NULL; + } + + data[0] = 1; +# ifdef HAVE_DSA_SIG_GET0 + DSA_SIG_get0(sig, &R, &S); +# else + R = sig->r; + S = sig->s; +# endif + pad = 20 - (size_t) BN_num_bytes(R); + if (pad > 0) { + memset(data + 1, 0, pad); + } + BN_bn2bin(R, (unsigned char *) (data + 1) + pad); + + pad = 20 - (size_t) BN_num_bytes(S); + if (pad > 0) { + memset(data + 1 + SHA_DIGEST_LENGTH, 0, pad); + } + BN_bn2bin(S, (unsigned char *) (data + 1 + SHA_DIGEST_LENGTH + pad)); + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, + 1 + 2 * SHA_DIGEST_LENGTH, + data); + + ldns_buffer_free(b64sig); + LDNS_FREE(data); + DSA_SIG_free(sig); + + return sigdata_rdf; +#else + (void)to_sign; (void)key; + return NULL; +#endif +} + +#ifdef USE_ECDSA +#ifndef S_SPLINT_S +/** returns the number of bytes per signature-component (i.e. bits/8), or 0. */ +static int +ldns_pkey_is_ecdsa(EVP_PKEY* pkey) +{ + EC_KEY* ec; + const EC_GROUP* g; +#ifdef HAVE_EVP_PKEY_GET_BASE_ID + if(EVP_PKEY_get_base_id(pkey) != EVP_PKEY_EC) + return 0; +#elif defined(HAVE_EVP_PKEY_BASE_ID) + if(EVP_PKEY_base_id(pkey) != EVP_PKEY_EC) + return 0; +#else + if(EVP_PKEY_type(pkey->type) != EVP_PKEY_EC) + return 0; +#endif + ec = EVP_PKEY_get1_EC_KEY(pkey); + g = EC_KEY_get0_group(ec); + if(!g) { + EC_KEY_free(ec); + return 0; + } + if(EC_GROUP_get_curve_name(g) == NID_X9_62_prime256v1) { + EC_KEY_free(ec); + return 32; /* 256/8 */ + } + if(EC_GROUP_get_curve_name(g) == NID_secp384r1) { + EC_KEY_free(ec); + return 48; /* 384/8 */ + } + /* downref the eckey, the original is still inside the pkey */ + EC_KEY_free(ec); + return 0; +} +#endif /* splint */ +#endif /* USE_ECDSA */ + +ldns_rdf * +ldns_sign_public_evp(ldns_buffer *to_sign, + EVP_PKEY *key, + const EVP_MD *digest_type) +{ + unsigned int siglen; + ldns_rdf *sigdata_rdf = NULL; + ldns_buffer *b64sig; + EVP_MD_CTX *ctx; + const EVP_MD *md_type; + int r; + + siglen = 0; + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + /* initializes a signing context */ + md_type = digest_type; +#ifdef USE_ED25519 + if(EVP_PKEY_id(key) == NID_ED25519) { + /* digest must be NULL for ED25519 sign and verify */ + md_type = NULL; + } else +#endif +#ifdef USE_ED448 + if(EVP_PKEY_id(key) == NID_ED448) { + md_type = NULL; + } else +#endif + if(!md_type) { + /* unknown message digest */ + ldns_buffer_free(b64sig); + return NULL; + } + +#ifdef HAVE_EVP_MD_CTX_NEW + ctx = EVP_MD_CTX_new(); +#else + ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx)); + if(ctx) EVP_MD_CTX_init(ctx); +#endif + if(!ctx) { + ldns_buffer_free(b64sig); + return NULL; + } + +#if defined(USE_ED25519) || defined(USE_ED448) + if(md_type == NULL) { + /* for these methods we must use the one-shot DigestSign */ + r = EVP_DigestSignInit(ctx, NULL, md_type, NULL, key); + if(r == 1) { + size_t siglen_sizet = ldns_buffer_capacity(b64sig); + r = EVP_DigestSign(ctx, + (unsigned char*)ldns_buffer_begin(b64sig), + &siglen_sizet, + (unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign)); + siglen = (unsigned int)siglen_sizet; + } + } else { +#else + r = 0; + if(md_type != NULL) { +#endif + r = EVP_SignInit(ctx, md_type); + if(r == 1) { + r = EVP_SignUpdate(ctx, (unsigned char*) + ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign)); + } + if(r == 1) { + r = EVP_SignFinal(ctx, (unsigned char*) + ldns_buffer_begin(b64sig), &siglen, key); + } + } + if(r != 1) { + ldns_buffer_free(b64sig); + EVP_MD_CTX_destroy(ctx); + return NULL; + } + + /* OpenSSL output is different, convert it */ + r = 0; +#ifdef USE_DSA +#ifndef S_SPLINT_S + /* unfortunately, OpenSSL output is different from DNS DSA format */ +# ifdef HAVE_EVP_PKEY_GET_BASE_ID + if (EVP_PKEY_get_base_id(key) == EVP_PKEY_DSA) { +# elif defined(HAVE_EVP_PKEY_BASE_ID) + if (EVP_PKEY_base_id(key) == EVP_PKEY_DSA) { +# else + if (EVP_PKEY_type(key->type) == EVP_PKEY_DSA) { +# endif + r = 1; + sigdata_rdf = ldns_convert_dsa_rrsig_asn12rdf(b64sig, siglen); + } +#endif +#endif +#if defined(USE_ECDSA) + if( +# ifdef HAVE_EVP_PKEY_GET_BASE_ID + EVP_PKEY_get_base_id(key) +# elif defined(HAVE_EVP_PKEY_BASE_ID) + EVP_PKEY_base_id(key) +# else + EVP_PKEY_type(key->type) +# endif + == EVP_PKEY_EC) { +# ifdef USE_ECDSA + if(ldns_pkey_is_ecdsa(key)) { + r = 1; + sigdata_rdf = ldns_convert_ecdsa_rrsig_asn1len2rdf( + b64sig, (long)siglen, ldns_pkey_is_ecdsa(key)); + } +# endif /* USE_ECDSA */ + } +#endif /* PKEY_EC */ + if(r == 0) { + /* ok output for other types is the same */ + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + } + ldns_buffer_free(b64sig); + EVP_MD_CTX_destroy(ctx); + return sigdata_rdf; +} + +ldns_rdf * +ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key) +{ + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned char *sha1_hash; + unsigned int siglen; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + int result; + + siglen = 0; + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + sha1_hash = SHA1((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), md); + if (!sha1_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + result = RSA_sign(NID_sha1, sha1_hash, SHA_DIGEST_LENGTH, + (unsigned char*)ldns_buffer_begin(b64sig), + &siglen, key); + if (result != 1) { + ldns_buffer_free(b64sig); + return NULL; + } + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + ldns_buffer_free(b64sig); /* can't free this buffer ?? */ + return sigdata_rdf; +} + +ldns_rdf * +ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key) +{ + unsigned char md[EVP_MAX_MD_SIZE]; + unsigned char *md5_hash; + unsigned int siglen; + ldns_rdf *sigdata_rdf; + ldns_buffer *b64sig; + + b64sig = ldns_buffer_new(LDNS_MAX_PACKETLEN); + if (!b64sig) { + return NULL; + } + + md5_hash = MD5((unsigned char*)ldns_buffer_begin(to_sign), + ldns_buffer_position(to_sign), md); + if (!md5_hash) { + ldns_buffer_free(b64sig); + return NULL; + } + + RSA_sign(NID_md5, md5_hash, MD5_DIGEST_LENGTH, + (unsigned char*)ldns_buffer_begin(b64sig), + &siglen, key); + + sigdata_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, siglen, + ldns_buffer_begin(b64sig)); + ldns_buffer_free(b64sig); + return sigdata_rdf; +} +#endif /* HAVE_SSL */ + +/** + * Pushes all rrs from the rrsets of type A and AAAA on gluelist. + */ +static ldns_status +ldns_dnssec_addresses_on_glue_list( + ldns_dnssec_rrsets *cur_rrset, + ldns_rr_list *glue_list) +{ + ldns_dnssec_rrs *cur_rrs; + while (cur_rrset) { + if (cur_rrset->type == LDNS_RR_TYPE_A + || cur_rrset->type == LDNS_RR_TYPE_AAAA) { + for (cur_rrs = cur_rrset->rrs; + cur_rrs; + cur_rrs = cur_rrs->next) { + if (cur_rrs->rr) { + if (!ldns_rr_list_push_rr(glue_list, + cur_rrs->rr)) { + return LDNS_STATUS_MEM_ERR; + /* ldns_rr_list_push_rr() + * returns false when unable + * to increase the capacity + * of the ldns_rr_list + */ + } + } + } + } + cur_rrset = cur_rrset->next; + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, + ldns_rr_list *glue_list) +{ + ldns_rbnode_t *node; + ldns_dnssec_name *name; + ldns_rdf *owner; + ldns_rdf *cut = NULL; /* keeps track of zone cuts */ + /* When the cut is caused by a delegation, below_delegation will be 1. + * When caused by a DNAME, below_delegation will be 0. + */ + int below_delegation = -1; /* init suppresses compiler warning */ + ldns_status s; + + if (!zone || !zone->names) { + return LDNS_STATUS_NULL; + } + for (node = ldns_rbtree_first(zone->names); + node != LDNS_RBTREE_NULL; + node = ldns_rbtree_next(node)) { + name = (ldns_dnssec_name *) node->data; + owner = ldns_dnssec_name_name(name); + + if (cut) { + /* The previous node was a zone cut, or a subdomain + * below a zone cut. Is this node (still) a subdomain + * below the cut? Then the name is occluded. Unless + * the name contains a SOA, after which we are + * authoritative again. + * + * FIXME! If there are labels in between the SOA and + * the cut, going from the authoritative space (below + * the SOA) up into occluded space again, will not be + * detected with the construct below! + */ + if (ldns_dname_is_subdomain(owner, cut) && + !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA)) { + + if (below_delegation && glue_list) { + s = ldns_dnssec_addresses_on_glue_list( + name->rrsets, glue_list); + if (s != LDNS_STATUS_OK) { + return s; + } + } + name->is_glue = true; /* Mark occluded name! */ + continue; + } else { + cut = NULL; + } + } + + /* The node is not below a zone cut. Is it a zone cut itself? + * Everything below a SOA is authoritative of course; Except + * when the name also contains a DNAME :). + */ + if (ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA)) { + cut = owner; + below_delegation = 1; + if (glue_list) { /* record glue on the zone cut */ + s = ldns_dnssec_addresses_on_glue_list( + name->rrsets, glue_list); + if (s != LDNS_STATUS_OK) { + return s; + } + } + } else if (ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_DNAME)) { + cut = owner; + below_delegation = 0; + } + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone) +{ + return ldns_dnssec_zone_mark_and_get_glue(zone, NULL); +} + +ldns_rbnode_t * +ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node) +{ + ldns_rbnode_t *next_node = NULL; + ldns_dnssec_name *next_name = NULL; + bool done = false; + + if (node == LDNS_RBTREE_NULL) { + return NULL; + } + next_node = node; + while (!done) { + if (next_node == LDNS_RBTREE_NULL) { + return NULL; + } else { + next_name = (ldns_dnssec_name *)next_node->data; + if (!next_name->is_glue) { + done = true; + } else { + next_node = ldns_rbtree_next(next_node); + } + } + } + return next_node; +} + +ldns_status +ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs) +{ + + ldns_rbnode_t *first_node, *cur_node, *next_node; + ldns_dnssec_name *cur_name, *next_name; + ldns_rr *nsec_rr; + uint32_t nsec_ttl; + ldns_dnssec_rrsets *soa; + + /* The TTL value for any NSEC RR SHOULD be the same TTL value as the + * lesser of the MINIMUM field of the SOA record and the TTL of the SOA + * itself. This matches the definition of the TTL for negative + * responses in [RFC2308]. (draft-ietf-dnsop-nsec-ttl-01 update of + * RFC4035 Section 2.3) + */ + soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); + + /* did the caller actually set it? if not, + * fall back to default ttl + */ + if (soa && soa->rrs && soa->rrs->rr) { + ldns_rr *soa_rr = soa->rrs->rr; + ldns_rdf *min_rdf = ldns_rr_rdf(soa_rr, 6); + + nsec_ttl = min_rdf == NULL + || ldns_rr_ttl(soa_rr) < ldns_rdf2native_int32(min_rdf) + ? ldns_rr_ttl(soa_rr) : ldns_rdf2native_int32(min_rdf); + } else { + nsec_ttl = LDNS_DEFAULT_TTL; + } + + first_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_first(zone->names)); + cur_node = first_node; + if (cur_node) { + next_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(cur_node)); + } else { + next_node = NULL; + } + + while (cur_node && next_node) { + cur_name = (ldns_dnssec_name *)cur_node->data; + next_name = (ldns_dnssec_name *)next_node->data; + nsec_rr = ldns_dnssec_create_nsec(cur_name, + next_name, + LDNS_RR_TYPE_NSEC); + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){ + ldns_rr_free(nsec_rr); + return LDNS_STATUS_ERR; + } + ldns_rr_list_push_rr(new_rrs, nsec_rr); + cur_node = next_node; + if (cur_node) { + next_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(cur_node)); + } + } + + if (cur_node && !next_node) { + cur_name = (ldns_dnssec_name *)cur_node->data; + next_name = (ldns_dnssec_name *)first_node->data; + nsec_rr = ldns_dnssec_create_nsec(cur_name, + next_name, + LDNS_RR_TYPE_NSEC); + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + if(ldns_dnssec_name_add_rr(cur_name, nsec_rr)!=LDNS_STATUS_OK){ + ldns_rr_free(nsec_rr); + return LDNS_STATUS_ERR; + } + ldns_rr_list_push_rr(new_rrs, nsec_rr); + } else { + printf("error\n"); + } + + return LDNS_STATUS_OK; +} + +#ifdef HAVE_SSL +static void +ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + LDNS_FREE(node); +} + +static ldns_status +ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + ldns_rbtree_t **map) +{ + ldns_rbnode_t *first_name_node; + ldns_rbnode_t *current_name_node; + ldns_dnssec_name *current_name; + ldns_status result = LDNS_STATUS_OK; + ldns_rr *nsec_rr; + ldns_rr_list *nsec3_list; + uint32_t nsec_ttl; + ldns_dnssec_rrsets *soa; + ldns_rbnode_t *hashmap_node; + + if (!zone || !new_rrs || !zone->names) { + return LDNS_STATUS_ERR; + } + + /* The TTL value for any NSEC RR SHOULD be the same TTL value as the + * lesser of the MINIMUM field of the SOA record and the TTL of the SOA + * itself. This matches the definition of the TTL for negative + * responses in [RFC2308]. (draft-ietf-dnsop-nsec-ttl-01 update of + * RFC4035 Section 2.3) + */ + soa = ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_SOA); + + /* did the caller actually set it? if not, + * fall back to default ttl + */ + if (soa && soa->rrs && soa->rrs->rr) { + ldns_rr *soa_rr = soa->rrs->rr; + ldns_rdf *min_rdf = ldns_rr_rdf(soa_rr, 6); + + nsec_ttl = min_rdf == NULL + || ldns_rr_ttl(soa_rr) < ldns_rdf2native_int32(min_rdf) + ? ldns_rr_ttl(soa_rr) : ldns_rdf2native_int32(min_rdf); + } else { + nsec_ttl = LDNS_DEFAULT_TTL; + } + + if (ldns_rdf_size(zone->soa->name) > 222) { + return LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW; + } + + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } + zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); + if (zone->hashed_names && map) { + *map = zone->hashed_names; + } + + first_name_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_first(zone->names)); + + current_name_node = first_name_node; + + while (current_name_node && current_name_node != LDNS_RBTREE_NULL && + result == LDNS_STATUS_OK) { + + current_name = (ldns_dnssec_name *) current_name_node->data; + nsec_rr = ldns_dnssec_create_nsec3(current_name, + NULL, + zone->soa->name, + algorithm, + flags, + iterations, + salt_length, + salt); + /* by default, our nsec based generator adds rrsigs + * remove the bitmap for empty nonterminals */ + if (!current_name->rrsets) { + ldns_rdf_deep_free(ldns_rr_pop_rdf(nsec_rr)); + } + ldns_rr_set_ttl(nsec_rr, nsec_ttl); + result = ldns_dnssec_name_add_rr(current_name, nsec_rr); + ldns_rr_list_push_rr(new_rrs, nsec_rr); + if (ldns_rr_owner(nsec_rr)) { + hashmap_node = LDNS_MALLOC(ldns_rbnode_t); + if (hashmap_node == NULL) { + return LDNS_STATUS_MEM_ERR; + } + current_name->hashed_name = + ldns_dname_label(ldns_rr_owner(nsec_rr), 0); + + if (current_name->hashed_name == NULL) { + LDNS_FREE(hashmap_node); + return LDNS_STATUS_MEM_ERR; + } + hashmap_node->key = current_name->hashed_name; + hashmap_node->data = current_name; + + if (! ldns_rbtree_insert(zone->hashed_names + , hashmap_node)) { + LDNS_FREE(hashmap_node); + } + } + current_name_node = ldns_dnssec_name_node_next_nonglue( + ldns_rbtree_next(current_name_node)); + } + if (result != LDNS_STATUS_OK) { + return result; + } + + /* Make sorted list of nsec3s (via zone->hashed_names) + */ + nsec3_list = ldns_rr_list_new(); + if (nsec3_list == NULL) { + return LDNS_STATUS_MEM_ERR; + } + for ( hashmap_node = ldns_rbtree_first(zone->hashed_names) + ; hashmap_node != LDNS_RBTREE_NULL + ; hashmap_node = ldns_rbtree_next(hashmap_node) + ) { + nsec_rr = ((ldns_dnssec_name *) hashmap_node->data)->nsec; + if (nsec_rr) { + ldns_rr_list_push_rr(nsec3_list, nsec_rr); + } + } + result = ldns_dnssec_chain_nsec3_list(nsec3_list); + ldns_rr_list_free(nsec3_list); + + return result; +} + +ldns_status +ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + return ldns_dnssec_zone_create_nsec3s_mkmap(zone, new_rrs, algorithm, + flags, iterations, salt_length, salt, NULL); + +} +#endif /* HAVE_SSL */ + +ldns_dnssec_rrs * +ldns_dnssec_remove_signatures( ldns_dnssec_rrs *signatures + , ATTR_UNUSED(ldns_key_list *key_list) + , int (*func)(ldns_rr *, void *) + , void *arg + ) +{ + ldns_dnssec_rrs *base_rrs = signatures; + ldns_dnssec_rrs *cur_rr = base_rrs; + ldns_dnssec_rrs *prev_rr = NULL; + ldns_dnssec_rrs *next_rr; + + uint16_t keytag; + size_t i; + + if (!cur_rr) { + switch(func(NULL, arg)) { + case LDNS_SIGNATURE_LEAVE_ADD_NEW: + case LDNS_SIGNATURE_REMOVE_ADD_NEW: + break; + case LDNS_SIGNATURE_LEAVE_NO_ADD: + case LDNS_SIGNATURE_REMOVE_NO_ADD: + ldns_key_list_set_use(key_list, false); + break; + default: +#ifdef STDERR_MSGS + fprintf(stderr, "[XX] unknown return value from callback\n"); +#endif + break; + } + return NULL; + } + (void)func(cur_rr->rr, arg); + + while (cur_rr) { + next_rr = cur_rr->next; + + switch (func(cur_rr->rr, arg)) { + case LDNS_SIGNATURE_LEAVE_ADD_NEW: + prev_rr = cur_rr; + break; + case LDNS_SIGNATURE_LEAVE_NO_ADD: + keytag = ldns_rdf2native_int16( + ldns_rr_rrsig_keytag(cur_rr->rr)); + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + if (ldns_key_keytag(ldns_key_list_key(key_list, i)) == + keytag) { + ldns_key_set_use(ldns_key_list_key(key_list, i), + false); + } + } + prev_rr = cur_rr; + break; + case LDNS_SIGNATURE_REMOVE_NO_ADD: + keytag = ldns_rdf2native_int16( + ldns_rr_rrsig_keytag(cur_rr->rr)); + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + if (ldns_key_keytag(ldns_key_list_key(key_list, i)) + == keytag) { + ldns_key_set_use(ldns_key_list_key(key_list, i), + false); + } + } + if (prev_rr) { + prev_rr->next = next_rr; + } else { + base_rrs = next_rr; + } + LDNS_FREE(cur_rr); + break; + case LDNS_SIGNATURE_REMOVE_ADD_NEW: + if (prev_rr) { + prev_rr->next = next_rr; + } else { + base_rrs = next_rr; + } + LDNS_FREE(cur_rr); + break; + default: +#ifdef STDERR_MSGS + fprintf(stderr, "[XX] unknown return value from callback\n"); +#endif + break; + } + cur_rr = next_rr; + } + + return base_rrs; +} + +#ifdef HAVE_SSL +ldns_status +ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void*), + void *arg) +{ + return ldns_dnssec_zone_create_rrsigs_flg(zone, new_rrs, key_list, + func, arg, 0); +} + +/** If there are KSKs use only them and mark ZSKs unused */ +static void +ldns_key_list_filter_for_dnskey(ldns_key_list *key_list, int flags) +{ + bool algos[256] +#ifndef S_SPLINT_S + = { false } +#endif + ; + ldns_signing_algorithm saw_ksk = 0; + ldns_key *key; + size_t i; + + if (!ldns_key_list_key_count(key_list)) + return; + + /* Mark all KSKs */ + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + key = ldns_key_list_key(key_list, i); + if ((ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) { + if (!saw_ksk) + saw_ksk = ldns_key_algorithm(key); + algos[ldns_key_algorithm(key)] = true; + } + } + if (!saw_ksk) + return; /* No KSKs means sign using all ZSKs */ + + /* Deselect the ZSKs so they do not sign DNSKEY RRs. + * Except with the LDNS_SIGN_WITH_ALL_ALGORITHMS flag, then use it, + * but only if it has an algorithm for which there is no KSK + */ + for (i =0; i < ldns_key_list_key_count(key_list); i++) { + key = ldns_key_list_key(key_list, i); + if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) { + /* We have a ZSK. + * Still use it if it has a unique algorithm though! + */ + if ((flags & LDNS_SIGN_WITH_ALL_ALGORITHMS) && + !algos[ldns_key_algorithm(key)]) + algos[ldns_key_algorithm(key)] = true; + else + ldns_key_set_use(key, 0); + } + } +} + +/** If there are no ZSKs use KSKs as ZSK too */ +static void +ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list, int flags) +{ + bool algos[256] +#ifndef S_SPLINT_S + = { false } +#endif + ; + ldns_signing_algorithm saw_zsk = 0; + ldns_key *key; + size_t i; + + if (!ldns_key_list_key_count(key_list)) + return; + + /* Mark all ZSKs */ + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + key = ldns_key_list_key(key_list, i); + if (!(ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) { + if (!saw_zsk) + saw_zsk = ldns_key_algorithm(key); + algos[ldns_key_algorithm(key)] = true; + } + } + if (!saw_zsk) + return; /* No ZSKs means sign using all KSKs */ + + /* Deselect the KSKs so they do not sign non DNSKEY RRs. + * Except with the LDNS_SIGN_WITH_ALL_ALGORITHMS flag, then use it, + * but only if it has an algorithm for which there is no ZSK + */ + for (i = 0; i < ldns_key_list_key_count(key_list); i++) { + key = ldns_key_list_key(key_list, i); + if((ldns_key_flags(key) & LDNS_KEY_SEP_KEY)) { + /* We have a KSK. + * Still use it if it has a unique algorithm though! + */ + if ((flags & LDNS_SIGN_WITH_ALL_ALGORITHMS) && + !algos[ldns_key_algorithm(key)]) + algos[ldns_key_algorithm(key)] = true; + else + ldns_key_set_use(key, 0); + } + } +} + +ldns_status +ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone + , ldns_rr_list *new_rrs + , ldns_key_list *key_list + , int (*func)(ldns_rr *, void*) + , void *arg + , int flags + ) +{ + ldns_status result = LDNS_STATUS_OK; + + ldns_rbnode_t *cur_node; + ldns_rr_list *rr_list; + + ldns_dnssec_name *cur_name; + ldns_dnssec_rrsets *cur_rrset; + ldns_dnssec_rrs *cur_rr; + + ldns_rr_list *siglist; + + size_t i; + + int on_delegation_point = 0; /* handle partially occluded names */ + + ldns_rr_list *pubkey_list = ldns_rr_list_new(); + for (i = 0; inames); + while (cur_node != LDNS_RBTREE_NULL) { + cur_name = (ldns_dnssec_name *) cur_node->data; + + if (!cur_name->is_glue) { + on_delegation_point = ldns_dnssec_rrsets_contains_type( + cur_name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + cur_name->rrsets, LDNS_RR_TYPE_SOA); + cur_rrset = cur_name->rrsets; + while (cur_rrset) { + /* reset keys to use */ + ldns_key_list_set_use(key_list, true); + + /* walk through old sigs, remove the old, + and mark which keys (not) to use) */ + cur_rrset->signatures = + ldns_dnssec_remove_signatures(cur_rrset->signatures, + key_list, + func, + arg); + if(cur_rrset->type == LDNS_RR_TYPE_DNSKEY || + cur_rrset->type == LDNS_RR_TYPE_CDNSKEY || + cur_rrset->type == LDNS_RR_TYPE_CDS) { + if(!(flags&LDNS_SIGN_DNSKEY_WITH_ZSK)) { + ldns_key_list_filter_for_dnskey(key_list, flags); + } + } else { + ldns_key_list_filter_for_non_dnskey(key_list, flags); + } + + /* TODO: just set count to zero? */ + rr_list = ldns_rr_list_new(); + + cur_rr = cur_rrset->rrs; + while (cur_rr) { + ldns_rr_list_push_rr(rr_list, cur_rr->rr); + cur_rr = cur_rr->next; + } + + /* only sign non-delegation RRsets */ + /* (glue should have been marked earlier, + * except on the delegation points itself) */ + if (!on_delegation_point || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_DS || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_NSEC || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_NSEC3) { + siglist = ldns_sign_public(rr_list, key_list); + for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { + if (cur_rrset->signatures) { + result = ldns_dnssec_rrs_add_rr(cur_rrset->signatures, + ldns_rr_list_rr(siglist, + i)); + } else { + cur_rrset->signatures = ldns_dnssec_rrs_new(); + cur_rrset->signatures->rr = + ldns_rr_list_rr(siglist, i); + } + if (new_rrs) { + ldns_rr_list_push_rr(new_rrs, + ldns_rr_list_rr(siglist, + i)); + } + } + ldns_rr_list_free(siglist); + } + + ldns_rr_list_free(rr_list); + + cur_rrset = cur_rrset->next; + } + + /* sign the nsec */ + ldns_key_list_set_use(key_list, true); + cur_name->nsec_signatures = + ldns_dnssec_remove_signatures(cur_name->nsec_signatures, + key_list, + func, + arg); + ldns_key_list_filter_for_non_dnskey(key_list, flags); + + rr_list = ldns_rr_list_new(); + ldns_rr_list_push_rr(rr_list, cur_name->nsec); + siglist = ldns_sign_public(rr_list, key_list); + + for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { + if (cur_name->nsec_signatures) { + result = ldns_dnssec_rrs_add_rr(cur_name->nsec_signatures, + ldns_rr_list_rr(siglist, i)); + } else { + cur_name->nsec_signatures = ldns_dnssec_rrs_new(); + cur_name->nsec_signatures->rr = + ldns_rr_list_rr(siglist, i); + } + if (new_rrs) { + ldns_rr_list_push_rr(new_rrs, + ldns_rr_list_rr(siglist, i)); + } + } + + ldns_rr_list_free(siglist); + ldns_rr_list_free(rr_list); + } + cur_node = ldns_rbtree_next(cur_node); + } + + ldns_rr_list_deep_free(pubkey_list); + return result; +} + +ldns_status +ldns_dnssec_zone_sign(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg) +{ + return ldns_dnssec_zone_sign_flg(zone, new_rrs, key_list, func, arg, 0); +} + +ldns_status dnssec_zone_equip_zonemd(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, ldns_key_list *key_list, int flags); +ldns_status +ldns_dnssec_zone_sign_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + int flags) +{ + ldns_status result = LDNS_STATUS_OK; + ldns_dnssec_rrsets zonemd_rrset; + bool zonemd_added = false; + + if (!zone || !new_rrs || !key_list) { + return LDNS_STATUS_ERR; + } + if (flags & LDNS_SIGN_WITH_ZONEMD) { + ldns_dnssec_rrsets **rrsets_ref = &zone->soa->rrsets; + + while (*rrsets_ref + && (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrsets_ref = &(*rrsets_ref)->next; + if (!*rrsets_ref + || (*rrsets_ref)->type > LDNS_RR_TYPE_ZONEMD) { + zonemd_rrset.rrs = NULL; + zonemd_rrset.type = LDNS_RR_TYPE_ZONEMD; + zonemd_rrset.signatures = NULL; + zonemd_rrset.next = *rrsets_ref; + *rrsets_ref = &zonemd_rrset; + zonemd_added = true; + } + } + /* zone is already sorted */ + result = ldns_dnssec_zone_mark_glue(zone); + if (result != LDNS_STATUS_OK) { + return result; + } + /* check whether we need to add nsecs */ + if ((flags & LDNS_SIGN_NO_KEYS_NO_NSECS) + && ldns_key_list_key_count(key_list) < 1) + ; /* pass */ + + else if (zone->names + && !((ldns_dnssec_name *)zone->names->root->data)->nsec) { + + result = ldns_dnssec_zone_create_nsecs(zone, new_rrs); + if (result != LDNS_STATUS_OK) { + return result; + } + } + result = ldns_dnssec_zone_create_rrsigs_flg(zone, + new_rrs, + key_list, + func, + arg, + flags); + + if (zonemd_added) { + ldns_dnssec_rrsets **rrsets_ref + = &zone->soa->rrsets; + + while (*rrsets_ref + && (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrsets_ref = &(*rrsets_ref)->next; + *rrsets_ref = zonemd_rrset.next; + } + return flags & LDNS_SIGN_WITH_ZONEMD + ? dnssec_zone_equip_zonemd(zone, new_rrs, key_list, flags) + : result; +} + +ldns_status +ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt) +{ + return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list, + func, arg, algorithm, flags, iterations, salt_length, salt, 0, + NULL); +} + +ldns_status +ldns_dnssec_zone_sign_nsec3_flg_mkmap(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + int signflags, + ldns_rbtree_t **map) +{ + ldns_rr *nsec3, *nsec3param; + ldns_status result = LDNS_STATUS_OK; + bool zonemd_added = false; + ldns_dnssec_rrsets zonemd_rrset; + + /* zone is already sorted */ + result = ldns_dnssec_zone_mark_glue(zone); + if (result != LDNS_STATUS_OK) { + return result; + } + + /* TODO if there are already nsec3s presents and their + * parameters are the same as these, we don't have to recreate + */ + if (zone->names) { + /* add empty nonterminals */ + result = ldns_dnssec_zone_add_empty_nonterminals(zone); + if (result != LDNS_STATUS_OK) { + return result; + } + + nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec; + + /* check whether we need to add nsecs */ + if ((signflags & LDNS_SIGN_NO_KEYS_NO_NSECS) + && ldns_key_list_key_count(key_list) < 1) + ; /* pass */ + + else if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) { + /* no need to recreate */ + } else { + if (!ldns_dnssec_zone_find_rrset(zone, + zone->soa->name, + LDNS_RR_TYPE_NSEC3PARAM)) { + /* create and add the nsec3param rr */ + nsec3param = + ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAM); + ldns_rr_set_owner(nsec3param, + ldns_rdf_clone(zone->soa->name)); + ldns_nsec3_add_param_rdfs(nsec3param, + algorithm, + flags, + iterations, + salt_length, + salt); + /* always set bit 7 of the flags to zero, according to + * rfc5155 section 11. The bits are counted from right to left, + * so bit 7 in rfc5155 is bit 0 in ldns */ + ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 0, 0); + result = ldns_dnssec_zone_add_rr(zone, nsec3param); + if (result != LDNS_STATUS_OK) { + return result; + } + ldns_rr_list_push_rr(new_rrs, nsec3param); + } + if (signflags & LDNS_SIGN_WITH_ZONEMD) { + ldns_dnssec_rrsets **rrsets_ref + = &zone->soa->rrsets; + + while (*rrsets_ref + && (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrsets_ref = &(*rrsets_ref)->next; + if (!*rrsets_ref + || (*rrsets_ref)->type > LDNS_RR_TYPE_ZONEMD) { + zonemd_rrset.rrs = NULL; + zonemd_rrset.type = LDNS_RR_TYPE_ZONEMD; + zonemd_rrset.signatures = NULL; + zonemd_rrset.next = *rrsets_ref; + *rrsets_ref = &zonemd_rrset; + zonemd_added = true; + } + } + result = ldns_dnssec_zone_create_nsec3s_mkmap(zone, + new_rrs, + algorithm, + flags, + iterations, + salt_length, + salt, + map); + if (zonemd_added) { + ldns_dnssec_rrsets **rrsets_ref + = &zone->soa->rrsets; + + while (*rrsets_ref + && (*rrsets_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrsets_ref = &(*rrsets_ref)->next; + *rrsets_ref = zonemd_rrset.next; + } + if (result != LDNS_STATUS_OK) { + return result; + } + } + + result = ldns_dnssec_zone_create_rrsigs_flg(zone, + new_rrs, + key_list, + func, + arg, + signflags); + } + if (result || !zone->names) + return result; + + return signflags & LDNS_SIGN_WITH_ZONEMD + ? dnssec_zone_equip_zonemd(zone, new_rrs, key_list, signflags) + : result; +} + +ldns_status +ldns_dnssec_zone_sign_nsec3_flg(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, + ldns_key_list *key_list, + int (*func)(ldns_rr *, void *), + void *arg, + uint8_t algorithm, + uint8_t flags, + uint16_t iterations, + uint8_t salt_length, + uint8_t *salt, + int signflags) +{ + return ldns_dnssec_zone_sign_nsec3_flg_mkmap(zone, new_rrs, key_list, + func, arg, algorithm, flags, iterations, salt_length, salt, + signflags, NULL); +} + +ldns_zone * +ldns_zone_sign(const ldns_zone *zone, ldns_key_list *key_list) +{ + ldns_dnssec_zone *dnssec_zone; + ldns_zone *signed_zone; + ldns_rr_list *new_rrs; + size_t i; + + signed_zone = ldns_zone_new(); + dnssec_zone = ldns_dnssec_zone_new(); + + (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); + ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone))); + + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + (void) ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_list_rr(ldns_zone_rrs(zone), + i)); + ldns_zone_push_rr(signed_zone, + ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), + i))); + } + + new_rrs = ldns_rr_list_new(); + (void) ldns_dnssec_zone_sign(dnssec_zone, + new_rrs, + key_list, + ldns_dnssec_default_replace_signatures, + NULL); + + for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { + ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), + ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); + } + + ldns_rr_list_deep_free(new_rrs); + ldns_dnssec_zone_free(dnssec_zone); + + return signed_zone; +} + +ldns_zone * +ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm, uint8_t flags, uint16_t iterations, uint8_t salt_length, uint8_t *salt) +{ + ldns_dnssec_zone *dnssec_zone; + ldns_zone *signed_zone; + ldns_rr_list *new_rrs; + size_t i; + + signed_zone = ldns_zone_new(); + dnssec_zone = ldns_dnssec_zone_new(); + + (void) ldns_dnssec_zone_add_rr(dnssec_zone, ldns_zone_soa(zone)); + ldns_zone_set_soa(signed_zone, ldns_rr_clone(ldns_zone_soa(zone))); + + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + (void) ldns_dnssec_zone_add_rr(dnssec_zone, + ldns_rr_list_rr(ldns_zone_rrs(zone), + i)); + ldns_zone_push_rr(signed_zone, + ldns_rr_clone(ldns_rr_list_rr(ldns_zone_rrs(zone), + i))); + } + + new_rrs = ldns_rr_list_new(); + (void) ldns_dnssec_zone_sign_nsec3(dnssec_zone, + new_rrs, + key_list, + ldns_dnssec_default_replace_signatures, + NULL, + algorithm, + flags, + iterations, + salt_length, + salt); + + for (i = 0; i < ldns_rr_list_rr_count(new_rrs); i++) { + ldns_rr_list_push_rr(ldns_zone_rrs(signed_zone), + ldns_rr_clone(ldns_rr_list_rr(new_rrs, i))); + } + + ldns_rr_list_deep_free(new_rrs); + ldns_dnssec_zone_free(dnssec_zone); + + return signed_zone; +} +#endif /* HAVE_SSL */ + + diff --git a/zonemaster-ldns/ldns/dnssec_verify.c b/zonemaster-ldns/ldns/dnssec_verify.c new file mode 100644 index 0000000..d76f32e --- /dev/null +++ b/zonemaster-ldns/ldns/dnssec_verify.c @@ -0,0 +1,2830 @@ +#include + +#include + +#include +#include + +#ifdef HAVE_SSL +/* this entire file is rather useless when you don't have + * crypto... + */ +#include +#include +#include +#include +#include + +ldns_dnssec_data_chain * +ldns_dnssec_data_chain_new(void) +{ + ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1); + if(!nc) return NULL; + /* + * not needed anymore because CALLOC initializes everything to zero. + + nc->rrset = NULL; + nc->parent_type = 0; + nc->parent = NULL; + nc->signatures = NULL; + nc->packet_rcode = 0; + nc->packet_qtype = 0; + nc->packet_nodata = false; + + */ + return nc; +} + +void +ldns_dnssec_data_chain_free(ldns_dnssec_data_chain *chain) +{ + LDNS_FREE(chain); +} + +void +ldns_dnssec_data_chain_deep_free(ldns_dnssec_data_chain *chain) +{ + ldns_rr_list_deep_free(chain->rrset); + ldns_rr_list_deep_free(chain->signatures); + if (chain->parent) { + ldns_dnssec_data_chain_deep_free(chain->parent); + } + LDNS_FREE(chain); +} + +void +ldns_dnssec_data_chain_print_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_dnssec_data_chain *chain) +{ + ldns_lookup_table *rcode; + const ldns_rr_descriptor *rr_descriptor; + if (chain) { + ldns_dnssec_data_chain_print_fmt(out, fmt, chain->parent); + if (ldns_rr_list_rr_count(chain->rrset) > 0) { + rcode = ldns_lookup_by_id(ldns_rcodes, + (int) chain->packet_rcode); + if (rcode) { + fprintf(out, ";; rcode: %s\n", rcode->name); + } + + rr_descriptor = ldns_rr_descript(chain->packet_qtype); + if (rr_descriptor && rr_descriptor->_name) { + fprintf(out, ";; qtype: %s\n", rr_descriptor->_name); + } else if (chain->packet_qtype != 0) { + fprintf(out, "TYPE%u", + chain->packet_qtype); + } + if (chain->packet_nodata) { + fprintf(out, ";; NODATA response\n"); + } + fprintf(out, "rrset:\n"); + ldns_rr_list_print_fmt(out, fmt, chain->rrset); + fprintf(out, "sigs:\n"); + ldns_rr_list_print_fmt(out, fmt, chain->signatures); + fprintf(out, "---\n"); + } else { + fprintf(out, "\n"); + } + } +} +void +ldns_dnssec_data_chain_print(FILE *out, const ldns_dnssec_data_chain *chain) +{ + ldns_dnssec_data_chain_print_fmt( + out, ldns_output_format_default, chain); +} + + +static void +ldns_dnssec_build_data_chain_dnskey(ldns_resolver *res, + uint16_t qflags, + const ldns_pkt *pkt, + ldns_rr_list *signatures, + ldns_dnssec_data_chain *new_chain, + ldns_rdf *key_name, + ldns_rr_class c) { + ldns_rr_list *keys; + ldns_pkt *my_pkt; + if (signatures && ldns_rr_list_rr_count(signatures) > 0) { + new_chain->signatures = ldns_rr_list_clone(signatures); + new_chain->parent_type = 0; + + keys = ldns_pkt_rr_list_by_name_and_type( + pkt, + key_name, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANY_NOQUESTION + ); + if (!keys) { + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DNSKEY, + c, + qflags); + if (my_pkt) { + keys = ldns_pkt_rr_list_by_name_and_type( + my_pkt, + key_name, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANY_NOQUESTION + ); + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + keys, + my_pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY; + ldns_pkt_free(my_pkt); + } + } else { + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + keys, + pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DNSKEY; + } + ldns_rr_list_deep_free(keys); + } +} + +static void +ldns_dnssec_build_data_chain_other(ldns_resolver *res, + uint16_t qflags, + ldns_dnssec_data_chain *new_chain, + ldns_rdf *key_name, + ldns_rr_class c, + ldns_rr_list *dss) +{ + /* 'self-signed', parent is a DS */ + + /* okay, either we have other keys signing the current one, + * or the current + * one should have a DS record in the parent zone. + * How do we find this out? Try both? + * + * request DNSKEYS for current zone, + * add all signatures to current level + */ + ldns_pkt *my_pkt; + ldns_rr_list *signatures2; + + new_chain->parent_type = 1; + + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DS, + c, + qflags); + if (my_pkt) { + dss = ldns_pkt_rr_list_by_name_and_type(my_pkt, + key_name, + LDNS_RR_TYPE_DS, + LDNS_SECTION_ANY_NOQUESTION + ); + if (dss) { + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + dss, + my_pkt, + NULL); + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS; + ldns_rr_list_deep_free(dss); + } + ldns_pkt_free(my_pkt); + } + + my_pkt = ldns_resolver_query(res, + key_name, + LDNS_RR_TYPE_DNSKEY, + c, + qflags); + if (my_pkt) { + signatures2 = ldns_pkt_rr_list_by_name_and_type(my_pkt, + key_name, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + if (signatures2) { + if (new_chain->signatures) { + printf("There were already sigs!\n"); + ldns_rr_list_deep_free(new_chain->signatures); + printf("replacing the old sigs\n"); + } + new_chain->signatures = signatures2; + } + ldns_pkt_free(my_pkt); + } +} + +static ldns_dnssec_data_chain * +ldns_dnssec_build_data_chain_nokeyname(ldns_resolver *res, + uint16_t qflags, + ldns_rr *orig_rr, + const ldns_rr_list *rrset, + ldns_dnssec_data_chain *new_chain) +{ + ldns_rdf *possible_parent_name; + ldns_pkt *my_pkt; + /* apparently we were not able to find a signing key, so + we assume the chain ends here + */ + /* try parents for auth denial of DS */ + if (orig_rr) { + possible_parent_name = ldns_rr_owner(orig_rr); + } else if (rrset && ldns_rr_list_rr_count(rrset) > 0) { + possible_parent_name = ldns_rr_owner(ldns_rr_list_rr(rrset, 0)); + } else { + /* no information to go on, give up */ + return new_chain; + } + + my_pkt = ldns_resolver_query(res, + possible_parent_name, + LDNS_RR_TYPE_DS, + LDNS_RR_CLASS_IN, + qflags); + if (!my_pkt) { + return new_chain; + } + + if (ldns_pkt_ancount(my_pkt) > 0) { + /* add error, no sigs but DS in parent */ + /*ldns_pkt_print(stdout, my_pkt);*/ + ldns_pkt_free(my_pkt); + } else { + /* are there signatures? */ + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + NULL, + my_pkt, + NULL); + + new_chain->parent->packet_qtype = LDNS_RR_TYPE_DS; + + } + return new_chain; +} + + +ldns_dnssec_data_chain * +ldns_dnssec_build_data_chain(ldns_resolver *res, + uint16_t qflags, + const ldns_rr_list *rrset, + const ldns_pkt *pkt, + ldns_rr *orig_rr) +{ + ldns_rr_list *signatures = NULL; + ldns_rr_list *dss = NULL; + + ldns_rr_list *my_rrset; + + ldns_pkt *my_pkt; + + ldns_rdf *name = NULL, *key_name = NULL; + ldns_rr_type type = 0; + ldns_rr_class c = 0; + + bool other_rrset = false; + + ldns_dnssec_data_chain *new_chain = ldns_dnssec_data_chain_new(); + + assert(pkt != NULL); + + if (!ldns_dnssec_pkt_has_rrsigs(pkt)) { + /* hmm. no dnssec data in the packet. go up to try and deny + * DS? */ + return new_chain; + } + + if (orig_rr) { + new_chain->rrset = ldns_rr_list_new(); + ldns_rr_list_push_rr(new_chain->rrset, orig_rr); + new_chain->parent = ldns_dnssec_build_data_chain(res, + qflags, + rrset, + pkt, + NULL); + new_chain->packet_rcode = ldns_pkt_get_rcode(pkt); + new_chain->packet_qtype = ldns_rr_get_type(orig_rr); + if (ldns_pkt_ancount(pkt) == 0) { + new_chain->packet_nodata = true; + } + return new_chain; + } + + if (!rrset || ldns_rr_list_rr_count(rrset) < 1) { + /* hmm, no data, do we have denial? only works if pkt was given, + otherwise caller has to do the check himself */ + new_chain->packet_nodata = true; + if (pkt) { + my_rrset = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_NSEC, + LDNS_SECTION_ANY_NOQUESTION + ); + if (my_rrset) { + if (ldns_rr_list_rr_count(my_rrset) > 0) { + type = LDNS_RR_TYPE_NSEC; + other_rrset = true; + } else { + ldns_rr_list_deep_free(my_rrset); + my_rrset = NULL; + } + } else { + /* nothing, try nsec3 */ + my_rrset = ldns_pkt_rr_list_by_type(pkt, + LDNS_RR_TYPE_NSEC3, + LDNS_SECTION_ANY_NOQUESTION); + if (my_rrset) { + if (ldns_rr_list_rr_count(my_rrset) > 0) { + type = LDNS_RR_TYPE_NSEC3; + other_rrset = true; + } else { + ldns_rr_list_deep_free(my_rrset); + my_rrset = NULL; + } + } else { + /* nothing, stop */ + /* try parent zone? for denied insecure? */ + return new_chain; + } + } + } else { + return new_chain; + } + } else { + my_rrset = (ldns_rr_list *) rrset; + } + + if (my_rrset && ldns_rr_list_rr_count(my_rrset) > 0) { + new_chain->rrset = ldns_rr_list_clone(my_rrset); + name = ldns_rr_owner(ldns_rr_list_rr(my_rrset, 0)); + type = ldns_rr_get_type(ldns_rr_list_rr(my_rrset, 0)); + c = ldns_rr_get_class(ldns_rr_list_rr(my_rrset, 0)); + } + + if (other_rrset) { + ldns_rr_list_deep_free(my_rrset); + } + + /* normally there will only be 1 signature 'set' + but there can be more than 1 denial (wildcards) + so check for NSEC + */ + if (type == LDNS_RR_TYPE_NSEC || type == LDNS_RR_TYPE_NSEC3) { + /* just throw in all signatures, the tree builder must sort + this out */ + if (pkt) { + signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type); + } else { + my_pkt = ldns_resolver_query(res, name, type, c, qflags); + if (my_pkt) { + signatures = ldns_dnssec_pkt_get_rrsigs_for_type(pkt, type); + ldns_pkt_free(my_pkt); + } + } + } else { + if (pkt) { + signatures = + ldns_dnssec_pkt_get_rrsigs_for_name_and_type(pkt, + name, + type); + } + if (!signatures) { + my_pkt = ldns_resolver_query(res, name, type, c, qflags); + if (my_pkt) { + signatures = + ldns_dnssec_pkt_get_rrsigs_for_name_and_type(my_pkt, + name, + type); + ldns_pkt_free(my_pkt); + } + } + } + + if (signatures && ldns_rr_list_rr_count(signatures) > 0) { + key_name = ldns_rr_rdf(ldns_rr_list_rr(signatures, 0), 7); + } + if (!key_name) { + if (signatures) { + ldns_rr_list_deep_free(signatures); + } + return ldns_dnssec_build_data_chain_nokeyname(res, + qflags, + orig_rr, + rrset, + new_chain); + } + if (type != LDNS_RR_TYPE_DNSKEY) { + if (type != LDNS_RR_TYPE_DS || + ldns_dname_is_subdomain(name, key_name)) { + ldns_dnssec_build_data_chain_dnskey(res, + qflags, + pkt, + signatures, + new_chain, + key_name, + c + ); + } + } else { + ldns_dnssec_build_data_chain_other(res, + qflags, + new_chain, + key_name, + c, + dss + ); + } + if (signatures) { + ldns_rr_list_deep_free(signatures); + } + return new_chain; +} + +ldns_dnssec_trust_tree * +ldns_dnssec_trust_tree_new(void) +{ + ldns_dnssec_trust_tree *new_tree = LDNS_XMALLOC(ldns_dnssec_trust_tree, + 1); + if(!new_tree) return NULL; + new_tree->rr = NULL; + new_tree->rrset = NULL; + new_tree->parent_count = 0; + + return new_tree; +} + +void +ldns_dnssec_trust_tree_free(ldns_dnssec_trust_tree *tree) +{ + size_t i; + if (tree) { + for (i = 0; i < tree->parent_count; i++) { + ldns_dnssec_trust_tree_free(tree->parents[i]); + } + } + LDNS_FREE(tree); +} + +size_t +ldns_dnssec_trust_tree_depth(ldns_dnssec_trust_tree *tree) +{ + size_t result = 0; + size_t parent = 0; + size_t i; + + for (i = 0; i < tree->parent_count; i++) { + parent = ldns_dnssec_trust_tree_depth(tree->parents[i]); + if (parent > result) { + result = parent; + } + } + return 1 + result; +} + +/* TODO ldns_ */ +static void +print_tabs(FILE *out, size_t nr, uint8_t *map, size_t treedepth) +{ + size_t i; + for (i = 0; i < nr; i++) { + if (i == nr - 1) { + fprintf(out, "|---"); + } else if (map && i < treedepth && map[i] == 1) { + fprintf(out, "| "); + } else { + fprintf(out, " "); + } + } +} + +static void +ldns_dnssec_trust_tree_print_sm_fmt(FILE *out, + const ldns_output_format *fmt, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended, + uint8_t *sibmap, + size_t treedepth) +{ + size_t i; + const ldns_rr_descriptor *descriptor; + bool mapset = false; + + if (!sibmap) { + treedepth = ldns_dnssec_trust_tree_depth(tree); + sibmap = LDNS_XMALLOC(uint8_t, treedepth); + if(!sibmap) + return; /* mem err */ + memset(sibmap, 0, treedepth); + mapset = true; + } + + if (tree) { + if (tree->rr) { + print_tabs(out, tabs, sibmap, treedepth); + ldns_rdf_print(out, ldns_rr_owner(tree->rr)); + descriptor = ldns_rr_descript(ldns_rr_get_type(tree->rr)); + + if (descriptor->_name) { + fprintf(out, " (%s", descriptor->_name); + } else { + fprintf(out, " (TYPE%d", + ldns_rr_get_type(tree->rr)); + } + if (tabs > 0) { + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DNSKEY) { + fprintf(out, " keytag: %u", + (unsigned int) ldns_calc_keytag(tree->rr)); + fprintf(out, " alg: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2)); + fprintf(out, " flags: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + } else if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_DS) { + fprintf(out, " keytag: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + fprintf(out, " digest type: "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 2)); + } + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NSEC) { + fprintf(out, " "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 0)); + fprintf(out, " "); + ldns_rdf_print(out, ldns_rr_rdf(tree->rr, 1)); + } + } + + fprintf(out, ")\n"); + for (i = 0; i < tree->parent_count; i++) { + if (tree->parent_count > 1 && i < tree->parent_count - 1) { + sibmap[tabs] = 1; + } else { + sibmap[tabs] = 0; + } + /* only print errors */ + if (ldns_rr_get_type(tree->parents[i]->rr) == + LDNS_RR_TYPE_NSEC || + ldns_rr_get_type(tree->parents[i]->rr) == + LDNS_RR_TYPE_NSEC3) { + if (tree->parent_status[i] == LDNS_STATUS_OK) { + print_tabs(out, tabs + 1, sibmap, treedepth); + if (tabs == 0 && + ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS && + ldns_rr_rd_count(tree->rr) > 0) { + fprintf(out, "Existence of DS is denied by:\n"); + } else { + fprintf(out, "Existence is denied by:\n"); + } + } else { + /* NS records aren't signed */ + if (ldns_rr_get_type(tree->rr) == LDNS_RR_TYPE_NS) { + fprintf(out, "Existence of DS is denied by:\n"); + } else { + print_tabs(out, tabs + 1, sibmap, treedepth); + fprintf(out, + "Error in denial of existence: %s\n", + ldns_get_errorstr_by_id( + tree->parent_status[i])); + } + } + } else + if (tree->parent_status[i] != LDNS_STATUS_OK) { + print_tabs(out, tabs + 1, sibmap, treedepth); + fprintf(out, + "%s:\n", + ldns_get_errorstr_by_id( + tree->parent_status[i])); + if (tree->parent_status[i] + == LDNS_STATUS_SSL_ERR) { + printf("; SSL Error: "); +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL) + ERR_load_crypto_strings(); +#endif + ERR_print_errors_fp(stdout); + printf("\n"); + } + ldns_rr_print_fmt(out, fmt, + tree-> + parent_signature[i]); + printf("For RRset:\n"); + ldns_rr_list_print_fmt(out, fmt, + tree->rrset); + printf("With key:\n"); + ldns_rr_print_fmt(out, fmt, + tree->parents[i]->rr); + } + ldns_dnssec_trust_tree_print_sm_fmt(out, fmt, + tree->parents[i], + tabs+1, + extended, + sibmap, + treedepth); + } + } else { + print_tabs(out, tabs, sibmap, treedepth); + fprintf(out, "\n"); + } + } else { + fprintf(out, "\n"); + } + + if (mapset) { + LDNS_FREE(sibmap); + } +} + +void +ldns_dnssec_trust_tree_print_fmt(FILE *out, const ldns_output_format *fmt, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended) +{ + ldns_dnssec_trust_tree_print_sm_fmt(out, fmt, + tree, tabs, extended, NULL, 0); +} + +void +ldns_dnssec_trust_tree_print(FILE *out, + ldns_dnssec_trust_tree *tree, + size_t tabs, + bool extended) +{ + ldns_dnssec_trust_tree_print_fmt(out, ldns_output_format_default, + tree, tabs, extended); +} + + +ldns_status +ldns_dnssec_trust_tree_add_parent(ldns_dnssec_trust_tree *tree, + const ldns_dnssec_trust_tree *parent, + const ldns_rr *signature, + const ldns_status parent_status) +{ + if (tree + && parent + && tree->parent_count < LDNS_DNSSEC_TRUST_TREE_MAX_PARENTS) { + /* + printf("Add parent for: "); + ldns_rr_print(stdout, tree->rr); + printf("parent: "); + ldns_rr_print(stdout, parent->rr); + */ + tree->parents[tree->parent_count] = + (ldns_dnssec_trust_tree *) parent; + tree->parent_status[tree->parent_count] = parent_status; + tree->parent_signature[tree->parent_count] = (ldns_rr *) signature; + tree->parent_count++; + return LDNS_STATUS_OK; + } else { + return LDNS_STATUS_ERR; + } +} + +/* if rr is null, take the first from the rrset */ +ldns_dnssec_trust_tree * +ldns_dnssec_derive_trust_tree_time( + ldns_dnssec_data_chain *data_chain, + ldns_rr *rr, + time_t check_time + ) +{ + ldns_rr_list *cur_rrset; + ldns_rr_list *cur_sigs; + ldns_rr *cur_rr = NULL; + ldns_rr *cur_sig_rr; + size_t i, j; + + ldns_dnssec_trust_tree *new_tree = ldns_dnssec_trust_tree_new(); + if(!new_tree) + return NULL; + + if (data_chain && data_chain->rrset) { + cur_rrset = data_chain->rrset; + + cur_sigs = data_chain->signatures; + + if (rr) { + cur_rr = rr; + } + + if (!cur_rr && ldns_rr_list_rr_count(cur_rrset) > 0) { + cur_rr = ldns_rr_list_rr(cur_rrset, 0); + } + + if (cur_rr) { + new_tree->rr = cur_rr; + new_tree->rrset = cur_rrset; + /* there are three possibilities: + 1 - 'normal' rrset, signed by a key + 2 - dnskey signed by other dnskey + 3 - dnskey proven by higher level DS + (data denied by nsec is a special case that can + occur in multiple places) + + */ + if (cur_sigs) { + for (i = 0; i < ldns_rr_list_rr_count(cur_sigs); i++) { + /* find the appropriate key in the parent list */ + cur_sig_rr = ldns_rr_list_rr(cur_sigs, i); + + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_NSEC) { + if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr), + ldns_rr_owner(cur_rr))) + { + /* find first that does match */ + + for (j = 0; + j < ldns_rr_list_rr_count(cur_rrset) && + ldns_dname_compare(ldns_rr_owner(cur_sig_rr),ldns_rr_owner(cur_rr)) != 0; + j++) { + cur_rr = ldns_rr_list_rr(cur_rrset, j); + + } + if (ldns_dname_compare(ldns_rr_owner(cur_sig_rr), + ldns_rr_owner(cur_rr))) + { + break; + } + } + + } + /* option 1 */ + if (data_chain->parent) { + ldns_dnssec_derive_trust_tree_normal_rrset_time( + new_tree, + data_chain, + cur_sig_rr, + check_time); + } + + /* option 2 */ + ldns_dnssec_derive_trust_tree_dnskey_rrset_time( + new_tree, + data_chain, + cur_rr, + cur_sig_rr, + check_time); + } + + ldns_dnssec_derive_trust_tree_ds_rrset_time( + new_tree, data_chain, + cur_rr, check_time); + } else { + /* no signatures? maybe it's nsec data */ + + /* just add every rr from parent as new parent */ + ldns_dnssec_derive_trust_tree_no_sig_time( + new_tree, data_chain, check_time); + } + } + } + + return new_tree; +} + +ldns_dnssec_trust_tree * +ldns_dnssec_derive_trust_tree(ldns_dnssec_data_chain *data_chain, ldns_rr *rr) +{ + return ldns_dnssec_derive_trust_tree_time(data_chain, rr, ldns_time(NULL)); +} + +void +ldns_dnssec_derive_trust_tree_normal_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_sig_rr, + time_t check_time) +{ + size_t i, j; + ldns_rr_list *cur_rrset = ldns_rr_list_clone(data_chain->rrset); + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + uint16_t cur_keytag; + ldns_rr_list *tmp_rrset = NULL; + ldns_status cur_status; + + cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr)); + + for (j = 0; j < ldns_rr_list_rr_count(data_chain->parent->rrset); j++) { + cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j); + if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_calc_keytag(cur_parent_rr) == cur_keytag) { + + /* TODO: check wildcard nsec too */ + if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) { + tmp_rrset = cur_rrset; + if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) + == LDNS_RR_TYPE_NSEC || + ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) + == LDNS_RR_TYPE_NSEC3) { + /* might contain different names! + sort and split */ + ldns_rr_list_sort(cur_rrset); + assert(tmp_rrset == cur_rrset); + tmp_rrset = ldns_rr_list_pop_rrset(cur_rrset); + + /* with nsecs, this might be the wrong one */ + while (tmp_rrset && + ldns_rr_list_rr_count(cur_rrset) > 0 && + ldns_dname_compare( + ldns_rr_owner(ldns_rr_list_rr( + tmp_rrset, 0)), + ldns_rr_owner(cur_sig_rr)) != 0) { + ldns_rr_list_deep_free(tmp_rrset); + tmp_rrset = + ldns_rr_list_pop_rrset(cur_rrset); + } + } + cur_status = ldns_verify_rrsig_time( + tmp_rrset, + cur_sig_rr, + cur_parent_rr, + check_time); + if (tmp_rrset && tmp_rrset != cur_rrset + ) { + ldns_rr_list_deep_free( + tmp_rrset); + tmp_rrset = NULL; + } + /* avoid dupes */ + for (i = 0; i < new_tree->parent_count; i++) { + if (cur_parent_rr == new_tree->parents[i]->rr) { + goto done; + } + } + + cur_parent_tree = + ldns_dnssec_derive_trust_tree_time( + data_chain->parent, + cur_parent_rr, + check_time); + (void)ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, + cur_sig_rr, + cur_status); + } + } + } + } + done: + ldns_rr_list_deep_free(cur_rrset); +} + +void +ldns_dnssec_derive_trust_tree_normal_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_sig_rr) +{ + ldns_dnssec_derive_trust_tree_normal_rrset_time( + new_tree, data_chain, cur_sig_rr, ldns_time(NULL)); +} + +void +ldns_dnssec_derive_trust_tree_dnskey_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + ldns_rr *cur_sig_rr, + time_t check_time) +{ + size_t j; + ldns_rr_list *cur_rrset = data_chain->rrset; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + uint16_t cur_keytag; + ldns_status cur_status; + + cur_keytag = ldns_rdf2native_int16(ldns_rr_rrsig_keytag(cur_sig_rr)); + + for (j = 0; j < ldns_rr_list_rr_count(cur_rrset); j++) { + cur_parent_rr = ldns_rr_list_rr(cur_rrset, j); + if (cur_parent_rr != cur_rr && + ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DNSKEY) { + if (ldns_calc_keytag(cur_parent_rr) == cur_keytag + ) { + cur_parent_tree = ldns_dnssec_trust_tree_new(); + cur_parent_tree->rr = cur_parent_rr; + cur_parent_tree->rrset = cur_rrset; + cur_status = ldns_verify_rrsig_time( + cur_rrset, cur_sig_rr, + cur_parent_rr, check_time); + if (ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, cur_sig_rr, cur_status)) + ldns_dnssec_trust_tree_free(cur_parent_tree); + } + } + } +} + +void +ldns_dnssec_derive_trust_tree_dnskey_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + ldns_rr *cur_sig_rr) +{ + ldns_dnssec_derive_trust_tree_dnskey_rrset_time( + new_tree, data_chain, cur_rr, cur_sig_rr, ldns_time(NULL)); +} + +void +ldns_dnssec_derive_trust_tree_ds_rrset_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr, + time_t check_time) +{ + size_t j, h; + ldns_rr_list *cur_rrset = data_chain->rrset; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_rr *cur_parent_rr; + + /* try the parent to see whether there are DSs there */ + if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_DNSKEY && + data_chain->parent && + data_chain->parent->rrset + ) { + for (j = 0; + j < ldns_rr_list_rr_count(data_chain->parent->rrset); + j++) { + cur_parent_rr = ldns_rr_list_rr(data_chain->parent->rrset, j); + if (ldns_rr_get_type(cur_parent_rr) == LDNS_RR_TYPE_DS) { + for (h = 0; h < ldns_rr_list_rr_count(cur_rrset); h++) { + cur_rr = ldns_rr_list_rr(cur_rrset, h); + if (ldns_rr_compare_ds(cur_rr, cur_parent_rr)) { + cur_parent_tree = + ldns_dnssec_derive_trust_tree_time( + data_chain->parent, + cur_parent_rr, + check_time); + (void) ldns_dnssec_trust_tree_add_parent( + new_tree, + cur_parent_tree, + NULL, + LDNS_STATUS_OK); + } else { + /*ldns_rr_print(stdout, cur_parent_rr);*/ + } + } + } + } + } +} + +void +ldns_dnssec_derive_trust_tree_ds_rrset(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + ldns_rr *cur_rr) +{ + ldns_dnssec_derive_trust_tree_ds_rrset_time( + new_tree, data_chain, cur_rr, ldns_time(NULL)); +} + +void +ldns_dnssec_derive_trust_tree_no_sig_time( + ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain, + time_t check_time) +{ + size_t i; + ldns_rr_list *cur_rrset; + ldns_rr *cur_parent_rr; + ldns_dnssec_trust_tree *cur_parent_tree; + ldns_status result; + + if (data_chain->parent && data_chain->parent->rrset) { + cur_rrset = data_chain->parent->rrset; + /* nsec? */ + if (cur_rrset && ldns_rr_list_rr_count(cur_rrset) > 0) { + if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) == + LDNS_RR_TYPE_NSEC3) { + result = ldns_dnssec_verify_denial_nsec3( + new_tree->rr, + cur_rrset, + data_chain->parent->signatures, + data_chain->packet_rcode, + data_chain->packet_qtype, + data_chain->packet_nodata); + } else if (ldns_rr_get_type(ldns_rr_list_rr(cur_rrset, 0)) == + LDNS_RR_TYPE_NSEC) { + result = ldns_dnssec_verify_denial( + new_tree->rr, + cur_rrset, + data_chain->parent->signatures); + } else { + /* unsigned zone, unsigned parent */ + result = LDNS_STATUS_OK; + } + } else { + result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED; + } + for (i = 0; i < ldns_rr_list_rr_count(cur_rrset); i++) { + cur_parent_rr = ldns_rr_list_rr(cur_rrset, i); + cur_parent_tree = + ldns_dnssec_derive_trust_tree_time( + data_chain->parent, + cur_parent_rr, + check_time); + if (ldns_dnssec_trust_tree_add_parent(new_tree, + cur_parent_tree, NULL, result)) + ldns_dnssec_trust_tree_free(cur_parent_tree); + + } + } +} + +void +ldns_dnssec_derive_trust_tree_no_sig(ldns_dnssec_trust_tree *new_tree, + ldns_dnssec_data_chain *data_chain) +{ + ldns_dnssec_derive_trust_tree_no_sig_time( + new_tree, data_chain, ldns_time(NULL)); +} + +/* + * returns OK if there is a path from tree to key with only OK + * the (first) error in between otherwise + * or NOT_FOUND if the key wasn't present at all + */ +ldns_status +ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree, + ldns_rr_list *trusted_keys) +{ + size_t i; + ldns_status result = LDNS_STATUS_CRYPTO_NO_DNSKEY; + bool equal; + ldns_status parent_result; + + if (tree && trusted_keys && ldns_rr_list_rr_count(trusted_keys) > 0) + { if (tree->rr) { + for (i = 0; i < ldns_rr_list_rr_count(trusted_keys); i++) { + equal = ldns_rr_compare_ds( + tree->rr, + ldns_rr_list_rr(trusted_keys, i)); + if (equal) { + result = LDNS_STATUS_OK; + return result; + } + } + } + for (i = 0; i < tree->parent_count; i++) { + parent_result = + ldns_dnssec_trust_tree_contains_keys(tree->parents[i], + trusted_keys); + if (parent_result != LDNS_STATUS_CRYPTO_NO_DNSKEY) { + if (tree->parent_status[i] != LDNS_STATUS_OK) { + result = tree->parent_status[i]; + } else { + if (tree->rr && + ldns_rr_get_type(tree->rr) + == LDNS_RR_TYPE_NSEC && + parent_result == LDNS_STATUS_OK + ) { + result = + LDNS_STATUS_DNSSEC_EXISTENCE_DENIED; + } else { + result = parent_result; + } + } + } + } + } else { + result = LDNS_STATUS_ERR; + } + + return result; +} + +ldns_status +ldns_verify_time( + const ldns_rr_list *rrset, + const ldns_rr_list *rrsig, + const ldns_rr_list *keys, + time_t check_time, + ldns_rr_list *good_keys + ) +{ + uint16_t i; + ldns_status verify_result = LDNS_STATUS_ERR; + + if (!rrset || !rrsig || !keys) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrset) < 1) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrsig) < 1) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + + if (ldns_rr_list_rr_count(keys) < 1) { + verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + } else { + for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { + ldns_status s = ldns_verify_rrsig_keylist_time( + rrset, ldns_rr_list_rr(rrsig, i), + keys, check_time, good_keys); + /* try a little to get more descriptive error */ + if(s == LDNS_STATUS_OK) { + verify_result = LDNS_STATUS_OK; + } else if(verify_result == LDNS_STATUS_ERR) + verify_result = s; + else if(s != LDNS_STATUS_ERR && verify_result == + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) + verify_result = s; + } + } + return verify_result; +} + +ldns_status +ldns_verify(ldns_rr_list *rrset, ldns_rr_list *rrsig, const ldns_rr_list *keys, + ldns_rr_list *good_keys) +{ + return ldns_verify_time(rrset, rrsig, keys, ldns_time(NULL), good_keys); +} + +ldns_status +ldns_verify_notime(ldns_rr_list *rrset, ldns_rr_list *rrsig, + const ldns_rr_list *keys, ldns_rr_list *good_keys) +{ + uint16_t i; + ldns_status verify_result = LDNS_STATUS_ERR; + + if (!rrset || !rrsig || !keys) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrset) < 1) { + return LDNS_STATUS_ERR; + } + + if (ldns_rr_list_rr_count(rrsig) < 1) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + + if (ldns_rr_list_rr_count(keys) < 1) { + verify_result = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + } else { + for (i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { + ldns_status s = ldns_verify_rrsig_keylist_notime(rrset, + ldns_rr_list_rr(rrsig, i), keys, good_keys); + + /* try a little to get more descriptive error */ + if (s == LDNS_STATUS_OK) { + verify_result = LDNS_STATUS_OK; + } else if (verify_result == LDNS_STATUS_ERR) { + verify_result = s; + } else if (s != LDNS_STATUS_ERR && verify_result == + LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) { + verify_result = s; + } + } + } + return verify_result; +} + +ldns_rr_list * +ldns_fetch_valid_domain_keys_time(const ldns_resolver *res, + const ldns_rdf *domain, + const ldns_rr_list *keys, + time_t check_time, + ldns_status *status) +{ + ldns_rr_list * trusted_keys = NULL; + ldns_rr_list * ds_keys = NULL; + ldns_rdf * prev_parent_domain; + ldns_rdf * parent_domain; + ldns_rr_list * parent_keys = NULL; + + if (res && domain && keys) { + + if ((trusted_keys = ldns_validate_domain_dnskey_time(res, + domain, keys, check_time))) { + *status = LDNS_STATUS_OK; + } else { + /* No trusted keys in this domain, we'll have to find some in the parent domain */ + *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY; + + parent_domain = ldns_dname_left_chop(domain); + while (parent_domain && /* Fail if we are at the root*/ + ldns_rdf_size(parent_domain) > 0) { + + if ((parent_keys = + ldns_fetch_valid_domain_keys_time(res, + parent_domain, + keys, + check_time, + status))) { + /* Check DS records */ + if ((ds_keys = + ldns_validate_domain_ds_time(res, + domain, + parent_keys, + check_time))) { + trusted_keys = + ldns_fetch_valid_domain_keys_time( + res, + domain, + ds_keys, + check_time, + status); + ldns_rr_list_deep_free(ds_keys); + } else { + /* No valid DS at the parent -- fail */ + *status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DS ; + } + ldns_rr_list_deep_free(parent_keys); + break; + } else { + parent_domain = ldns_dname_left_chop(( + prev_parent_domain + = parent_domain + )); + ldns_rdf_deep_free(prev_parent_domain); + } + } + if (parent_domain) { + ldns_rdf_deep_free(parent_domain); + } + } + } + return trusted_keys; +} + +ldns_rr_list * +ldns_fetch_valid_domain_keys(const ldns_resolver *res, + const ldns_rdf *domain, + const ldns_rr_list *keys, + ldns_status *status) +{ + return ldns_fetch_valid_domain_keys_time( + res, domain, keys, ldns_time(NULL), status); +} + +ldns_rr_list * +ldns_validate_domain_dnskey_time( + const ldns_resolver * res, + const ldns_rdf * domain, + const ldns_rr_list * keys, + time_t check_time + ) +{ + ldns_pkt * keypkt; + ldns_rr * cur_key; + uint16_t key_i; uint16_t key_j; uint16_t key_k; + uint16_t sig_i; ldns_rr * cur_sig; + + ldns_rr_list * domain_keys = NULL; + ldns_rr_list * domain_sigs = NULL; + ldns_rr_list * trusted_keys = NULL; + + /* Fetch keys for the domain */ + keypkt = ldns_resolver_query(res, domain, + LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD); + if (keypkt) { + domain_keys = ldns_pkt_rr_list_by_type(keypkt, + LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANSWER); + domain_sigs = ldns_pkt_rr_list_by_type(keypkt, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + + /* Try to validate the record using our keys */ + for (key_i=0; key_i< ldns_rr_list_rr_count(domain_keys); key_i++) { + + cur_key = ldns_rr_list_rr(domain_keys, key_i); + for (key_j=0; key_j= ldns_dname_label_count(ldns_rr_owner(rr))) { + + /* Query name *is* the "next closer". */ + hashed_next_closer = hashed_name; + } else { + ldns_rdf *next_closer; + + ldns_rdf_deep_free(hashed_name); + /* "next closer" has less labels than the query name. + * Create the name and hash it. + */ + next_closer = ldns_dname_clone_from( + ldns_rr_owner(rr), + ldns_dname_label_count(ldns_rr_owner(rr)) + - (ldns_dname_label_count(closest_encloser) + 1) + ); + hashed_next_closer = ldns_nsec3_hash_name_frm_nsec3( + ldns_rr_list_rr(nsecs, 0), + next_closer + ); + (void) ldns_dname_cat(hashed_next_closer, zone_name); + ldns_rdf_deep_free(next_closer); + } + /* Find the NSEC3 that covers the "next closer" */ + for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) { + if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i), + hashed_next_closer) && + ldns_nsec3_optout(ldns_rr_list_rr(nsecs, i))) { + + result = LDNS_STATUS_OK; + if (match) { + *match = ldns_rr_list_rr(nsecs, i); + } + break; + } + } + ldns_rdf_deep_free(hashed_next_closer); + ldns_rdf_deep_free(closest_encloser); + } + + done: + ldns_rdf_deep_free(zone_name); + return result; +} + +ldns_status +ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata) +{ + return ldns_dnssec_verify_denial_nsec3_match( + rr, nsecs, rrsigs, packet_rcode, + packet_qtype, packet_nodata, NULL + ); +} + +#ifdef USE_GOST +EVP_PKEY* +ldns_gost2pkey_raw(const unsigned char* key, size_t keylen) +{ + /* prefix header for X509 encoding */ + uint8_t asn[37] = { 0x30, 0x63, 0x30, 0x1c, 0x06, 0x06, 0x2a, 0x85, + 0x03, 0x02, 0x02, 0x13, 0x30, 0x12, 0x06, 0x07, 0x2a, 0x85, + 0x03, 0x02, 0x02, 0x23, 0x01, 0x06, 0x07, 0x2a, 0x85, 0x03, + 0x02, 0x02, 0x1e, 0x01, 0x03, 0x43, 0x00, 0x04, 0x40}; + unsigned char encoded[37+64]; + const unsigned char* pp; + if(keylen != 64) { + /* key wrong size */ + return NULL; + } + + /* create evp_key */ + memmove(encoded, asn, 37); + memmove(encoded+37, key, 64); + pp = (unsigned char*)&encoded[0]; + + return d2i_PUBKEY(NULL, &pp, (int)sizeof(encoded)); +} + +static ldns_status +ldns_verify_rrsig_gost_raw(const unsigned char* sig, size_t siglen, + const ldns_buffer* rrset, const unsigned char* key, size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + (void) ldns_key_EVP_load_gost_id(); + evp_key = ldns_gost2pkey_raw(key, keylen); + if(!evp_key) { + /* could not convert key */ + return LDNS_STATUS_CRYPTO_BOGUS; + } + + /* verify signature */ + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, + evp_key, EVP_get_digestbyname("md_gost94")); + EVP_PKEY_free(evp_key); + + return result; +} +#endif + +#ifdef USE_ED25519 +EVP_PKEY* +ldns_ed255192pkey_raw(const unsigned char* key, size_t keylen) +{ + /* ASN1 for ED25519 is 302a300506032b6570032100 <32byteskey> */ + uint8_t pre[] = {0x30, 0x2a, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, + 0x70, 0x03, 0x21, 0x00}; + int pre_len = 12; + uint8_t buf[256]; + EVP_PKEY *evp_key; + /* pp gets modified by d2i() */ + const unsigned char* pp = (unsigned char*)buf; + if(keylen != 32 || keylen + pre_len > sizeof(buf)) + return NULL; /* wrong length */ + memmove(buf, pre, pre_len); + memmove(buf+pre_len, key, keylen); + evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen)); + return evp_key; +} + +static ldns_status +ldns_verify_rrsig_ed25519_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = ldns_ed255192pkey_raw(key, keylen); + if(!evp_key) { + /* could not convert key */ + return LDNS_STATUS_CRYPTO_BOGUS; + } + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, NULL); + EVP_PKEY_free(evp_key); + return result; +} +#endif /* USE_ED25519 */ + +#ifdef USE_ED448 +EVP_PKEY* +ldns_ed4482pkey_raw(const unsigned char* key, size_t keylen) +{ + /* ASN1 for ED448 is 3043300506032b6571033a00 <57byteskey> */ + uint8_t pre[] = {0x30, 0x43, 0x30, 0x05, 0x06, 0x03, 0x2b, 0x65, + 0x71, 0x03, 0x3a, 0x00}; + int pre_len = 12; + uint8_t buf[256]; + EVP_PKEY *evp_key; + /* pp gets modified by d2i() */ + const unsigned char* pp = (unsigned char*)buf; + if(keylen != 57 || keylen + pre_len > sizeof(buf)) + return NULL; /* wrong length */ + memmove(buf, pre, pre_len); + memmove(buf+pre_len, key, keylen); + evp_key = d2i_PUBKEY(NULL, &pp, (int)(pre_len+keylen)); + return evp_key; +} + +static ldns_status +ldns_verify_rrsig_ed448_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = ldns_ed4482pkey_raw(key, keylen); + if(!evp_key) { + /* could not convert key */ + return LDNS_STATUS_CRYPTO_BOGUS; + } + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, NULL); + EVP_PKEY_free(evp_key); + return result; +} +#endif /* USE_ED448 */ + +#ifdef USE_ECDSA +EVP_PKEY* +ldns_ecdsa2pkey_raw(const unsigned char* key, size_t keylen, uint8_t algo) +{ + unsigned char buf[256+2]; /* sufficient for 2*384/8+1 */ + const unsigned char* pp = buf; + EVP_PKEY *evp_key; + EC_KEY *ec; + /* check length, which uncompressed must be 2 bignums */ + if(algo == LDNS_ECDSAP256SHA256) { + if(keylen != 2*256/8) return NULL; + ec = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); + } else if(algo == LDNS_ECDSAP384SHA384) { + if(keylen != 2*384/8) return NULL; + ec = EC_KEY_new_by_curve_name(NID_secp384r1); + } else ec = NULL; + if(!ec) return NULL; + if(keylen+1 > sizeof(buf)) + return NULL; /* sanity check */ + /* prepend the 0x02 (from docs) (or actually 0x04 from implementation + * of openssl) for uncompressed data */ + buf[0] = POINT_CONVERSION_UNCOMPRESSED; + memmove(buf+1, key, keylen); + if(!o2i_ECPublicKey(&ec, &pp, (int)keylen+1)) { + EC_KEY_free(ec); + return NULL; + } + evp_key = EVP_PKEY_new(); + if(!evp_key) { + EC_KEY_free(ec); + return NULL; + } + if (!EVP_PKEY_assign_EC_KEY(evp_key, ec)) { + EVP_PKEY_free(evp_key); + EC_KEY_free(ec); + return NULL; + } + return evp_key; +} + +static ldns_status +ldns_verify_rrsig_ecdsa_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen, uint8_t algo) +{ + EVP_PKEY *evp_key; + ldns_status result; + const EVP_MD *d; + + evp_key = ldns_ecdsa2pkey_raw(key, keylen, algo); + if(!evp_key) { + /* could not convert key */ + return LDNS_STATUS_CRYPTO_BOGUS; + } + if(algo == LDNS_ECDSAP256SHA256) + d = EVP_sha256(); + else d = EVP_sha384(); /* LDNS_ECDSAP384SHA384 */ + result = ldns_verify_rrsig_evp_raw(sig, siglen, rrset, evp_key, d); + EVP_PKEY_free(evp_key); + return result; +} +#endif + +ldns_status +ldns_verify_rrsig_buffers(ldns_buffer *rawsig_buf, ldns_buffer *verify_buf, + ldns_buffer *key_buf, uint8_t algo) +{ + return ldns_verify_rrsig_buffers_raw( + (unsigned char*)ldns_buffer_begin(rawsig_buf), + ldns_buffer_position(rawsig_buf), + verify_buf, + (unsigned char*)ldns_buffer_begin(key_buf), + ldns_buffer_position(key_buf), algo); +} + +ldns_status +ldns_verify_rrsig_buffers_raw(unsigned char* sig, size_t siglen, + ldns_buffer *verify_buf, unsigned char* key, size_t keylen, + uint8_t algo) +{ + /* check for right key */ + switch(algo) { +#ifdef USE_DSA + case LDNS_DSA: + case LDNS_DSA_NSEC3: + return ldns_verify_rrsig_dsa_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; +#endif + case LDNS_RSASHA1: + case LDNS_RSASHA1_NSEC3: + return ldns_verify_rrsig_rsasha1_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; +#ifdef USE_SHA2 + case LDNS_RSASHA256: + return ldns_verify_rrsig_rsasha256_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; + case LDNS_RSASHA512: + return ldns_verify_rrsig_rsasha512_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; +#endif +#ifdef USE_GOST + case LDNS_ECC_GOST: + return ldns_verify_rrsig_gost_raw(sig, siglen, verify_buf, + key, keylen); + break; +#endif +#ifdef USE_ECDSA + case LDNS_ECDSAP256SHA256: + case LDNS_ECDSAP384SHA384: + return ldns_verify_rrsig_ecdsa_raw(sig, siglen, verify_buf, + key, keylen, algo); + break; +#endif +#ifdef USE_ED25519 + case LDNS_ED25519: + return ldns_verify_rrsig_ed25519_raw(sig, siglen, verify_buf, + key, keylen); + break; +#endif +#ifdef USE_ED448 + case LDNS_ED448: + return ldns_verify_rrsig_ed448_raw(sig, siglen, verify_buf, + key, keylen); + break; +#endif + case LDNS_RSAMD5: + return ldns_verify_rrsig_rsamd5_raw(sig, + siglen, + verify_buf, + key, + keylen); + break; + default: + /* do you know this alg?! */ + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; + } +} + + +/** + * Reset the ttl in the rrset with the orig_ttl from the sig + * and update owner name if it was wildcard + * Also canonicalizes the rrset. + * @param rrset: rrset to modify + * @param sig: signature to take TTL and wildcard values from + */ +static void +ldns_rrset_use_signature_ttl(ldns_rr_list* rrset_clone, const ldns_rr* rrsig) +{ + uint32_t orig_ttl; + uint16_t i; + uint8_t label_count; + ldns_rdf *wildcard_name; + ldns_rdf *wildcard_chopped; + ldns_rdf *wildcard_chopped_tmp; + + if ((rrsig == NULL) || ldns_rr_rd_count(rrsig) < 4) { + return; + } + + orig_ttl = ldns_rdf2native_int32( ldns_rr_rdf(rrsig, 3)); + label_count = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 2)); + + for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) { + if (label_count < + ldns_dname_label_count( + ldns_rr_owner(ldns_rr_list_rr(rrset_clone, i)))) { + (void) ldns_str2rdf_dname(&wildcard_name, "*"); + wildcard_chopped = ldns_rdf_clone(ldns_rr_owner( + ldns_rr_list_rr(rrset_clone, i))); + while (label_count < ldns_dname_label_count(wildcard_chopped)) { + wildcard_chopped_tmp = ldns_dname_left_chop( + wildcard_chopped); + ldns_rdf_deep_free(wildcard_chopped); + wildcard_chopped = wildcard_chopped_tmp; + } + (void) ldns_dname_cat(wildcard_name, wildcard_chopped); + ldns_rdf_deep_free(wildcard_chopped); + ldns_rdf_deep_free(ldns_rr_owner(ldns_rr_list_rr( + rrset_clone, i))); + ldns_rr_set_owner(ldns_rr_list_rr(rrset_clone, i), + wildcard_name); + } + ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i), orig_ttl); + /* convert to lowercase */ + ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i)); + } +} + +/** + * Make raw signature buffer out of rrsig + * @param rawsig_buf: raw signature buffer for result + * @param rrsig: signature to convert + * @return OK or more specific error. + */ +static ldns_status +ldns_rrsig2rawsig_buffer(ldns_buffer* rawsig_buf, const ldns_rr* rrsig) +{ + uint8_t sig_algo; + + if (rrsig == NULL) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + if (ldns_rr_rdf(rrsig, 1) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1)); + /* check for known and implemented algo's now (otherwise + * the function could return a wrong error + */ + /* create a buffer with signature rdata */ + /* for some algorithms we need other data than for others... */ + /* (the DSA API wants DER encoding for instance) */ + + switch(sig_algo) { + case LDNS_RSAMD5: + case LDNS_RSASHA1: + case LDNS_RSASHA1_NSEC3: +#ifdef USE_SHA2 + case LDNS_RSASHA256: + case LDNS_RSASHA512: +#endif +#ifdef USE_GOST + case LDNS_ECC_GOST: +#endif +#ifdef USE_ED25519 + case LDNS_ED25519: +#endif +#ifdef USE_ED448 + case LDNS_ED448: +#endif + if (ldns_rr_rdf(rrsig, 8) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + if (ldns_rdf2buffer_wire(rawsig_buf, ldns_rr_rdf(rrsig, 8)) + != LDNS_STATUS_OK) { + return LDNS_STATUS_MEM_ERR; + } + break; +#ifdef USE_DSA + case LDNS_DSA: + case LDNS_DSA_NSEC3: + /* EVP takes rfc2459 format, which is a tad longer than dns format */ + if (ldns_rr_rdf(rrsig, 8) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + if (ldns_convert_dsa_rrsig_rdf2asn1( + rawsig_buf, ldns_rr_rdf(rrsig, 8)) + != LDNS_STATUS_OK) { + /* + if (ldns_rdf2buffer_wire(rawsig_buf, + ldns_rr_rdf(rrsig, 8)) != LDNS_STATUS_OK) { + */ + return LDNS_STATUS_MEM_ERR; + } + break; +#endif +#ifdef USE_ECDSA + case LDNS_ECDSAP256SHA256: + case LDNS_ECDSAP384SHA384: + /* EVP produces an ASN prefix on the signature, which is + * not used in the DNS */ + if (ldns_rr_rdf(rrsig, 8) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + if (ldns_convert_ecdsa_rrsig_rdf2asn1( + rawsig_buf, ldns_rr_rdf(rrsig, 8)) + != LDNS_STATUS_OK) { + return LDNS_STATUS_MEM_ERR; + } + break; +#endif + case LDNS_DH: + case LDNS_ECC: + case LDNS_INDIRECT: + return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL; + default: + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; + } + return LDNS_STATUS_OK; +} + +/** + * Check RRSIG timestamps against the given 'now' time. + * @param rrsig: signature to check. + * @param now: the current time in seconds epoch. + * @return status code LDNS_STATUS_OK if all is fine. + */ +static ldns_status +ldns_rrsig_check_timestamps(const ldns_rr* rrsig, time_t now) +{ + int32_t inception, expiration; + + /* check the signature time stamps */ + inception = (int32_t)ldns_rdf2native_time_t( + ldns_rr_rrsig_inception(rrsig)); + expiration = (int32_t)ldns_rdf2native_time_t( + ldns_rr_rrsig_expiration(rrsig)); + + if (expiration - inception < 0) { + /* bad sig, expiration before inception?? Tsssg */ + return LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION; + } + if (((int32_t) now) - inception < 0) { + /* bad sig, inception date has not yet come to pass */ + return LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED; + } + if (expiration - ((int32_t) now) < 0) { + /* bad sig, expiration date has passed */ + return LDNS_STATUS_CRYPTO_SIG_EXPIRED; + } + return LDNS_STATUS_OK; +} + +/** + * Prepare for verification. + * @param rawsig_buf: raw signature buffer made ready. + * @param verify_buf: data for verification buffer made ready. + * @param rrset_clone: made ready. + * @param rrsig: signature to prepare for. + * @return LDNS_STATUS_OK is all went well. Otherwise specific error. + */ +static ldns_status +ldns_prepare_for_verify(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf, + ldns_rr_list* rrset_clone, const ldns_rr* rrsig) +{ + ldns_status result; + + /* canonicalize the sig */ + ldns_dname2canonical(ldns_rr_owner(rrsig)); + + /* check if the typecovered is equal to the type checked */ + if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rrsig)) != + ldns_rr_get_type(ldns_rr_list_rr(rrset_clone, 0))) + return LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR; + + /* create a buffer with b64 signature rdata */ + result = ldns_rrsig2rawsig_buffer(rawsig_buf, rrsig); + if(result != LDNS_STATUS_OK) + return result; + + /* use TTL from signature. Use wildcard names for wildcards */ + /* also canonicalizes rrset_clone */ + ldns_rrset_use_signature_ttl(rrset_clone, rrsig); + + /* sort the rrset in canonical order */ + ldns_rr_list_sort(rrset_clone); + + /* put the signature rr (without the b64) to the verify_buf */ + if (ldns_rrsig2buffer_wire(verify_buf, rrsig) != LDNS_STATUS_OK) + return LDNS_STATUS_MEM_ERR; + + /* add the rrset in verify_buf */ + if(ldns_rr_list2buffer_wire(verify_buf, rrset_clone) + != LDNS_STATUS_OK) + return LDNS_STATUS_MEM_ERR; + + return LDNS_STATUS_OK; +} + +/** + * Check if a key matches a signature. + * Checks keytag, sigalgo and signature. + * @param rawsig_buf: raw signature buffer for verify + * @param verify_buf: raw data buffer for verify + * @param rrsig: the rrsig + * @param key: key to attempt. + * @return LDNS_STATUS_OK if OK, else some specific error. + */ +static ldns_status +ldns_verify_test_sig_key(ldns_buffer* rawsig_buf, ldns_buffer* verify_buf, + const ldns_rr* rrsig, ldns_rr* key) +{ + uint8_t sig_algo; + + if (rrsig == NULL) { + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + if (ldns_rr_rdf(rrsig, 1) == NULL) { + return LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG; + } + sig_algo = ldns_rdf2native_int8(ldns_rr_rdf(rrsig, 1)); + + /* before anything, check if the keytags match */ + if (ldns_calc_keytag(key) + == + ldns_rdf2native_int16(ldns_rr_rrsig_keytag(rrsig)) + ) { + ldns_buffer* key_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + ldns_status result = LDNS_STATUS_ERR; + + /* put the key-data in a buffer, that's the third rdf, with + * the base64 encoded key data */ + if (ldns_rr_rdf(key, 3) == NULL) { + ldns_buffer_free(key_buf); + return LDNS_STATUS_MISSING_RDATA_FIELDS_KEY; + } + if (ldns_rdf2buffer_wire(key_buf, ldns_rr_rdf(key, 3)) + != LDNS_STATUS_OK) { + ldns_buffer_free(key_buf); + /* returning is bad might screw up + good keys later in the list + what to do? */ + return LDNS_STATUS_ERR; + } + + if (ldns_rr_rdf(key, 2) == NULL) { + result = LDNS_STATUS_MISSING_RDATA_FIELDS_KEY; + } + else if (sig_algo == ldns_rdf2native_int8( + ldns_rr_rdf(key, 2))) { + result = ldns_verify_rrsig_buffers(rawsig_buf, + verify_buf, key_buf, sig_algo); + } else { + /* No keys with the corresponding algorithm are found */ + result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; + } + + ldns_buffer_free(key_buf); + return result; + } + else { + /* No keys with the corresponding keytag are found */ + return LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; + } +} + +/* + * to verify: + * - create the wire fmt of the b64 key rdata + * - create the wire fmt of the sorted rrset + * - create the wire fmt of the b64 sig rdata + * - create the wire fmt of the sig without the b64 rdata + * - cat the sig data (without b64 rdata) to the rrset + * - verify the rrset+sig, with the b64 data and the b64 key data + */ +ldns_status +ldns_verify_rrsig_keylist_time( + const ldns_rr_list *rrset, + const ldns_rr *rrsig, + const ldns_rr_list *keys, + time_t check_time, + ldns_rr_list *good_keys) +{ + ldns_status result; + ldns_rr_list *valid; + + if (!good_keys) + valid = NULL; + + else if (!(valid = ldns_rr_list_new())) + return LDNS_STATUS_MEM_ERR; + + result = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, valid); + if(result != LDNS_STATUS_OK) { + ldns_rr_list_free(valid); + return result; + } + + /* check timestamps last; its OK except time */ + result = ldns_rrsig_check_timestamps(rrsig, check_time); + if(result != LDNS_STATUS_OK) { + ldns_rr_list_free(valid); + return result; + } + + ldns_rr_list_cat(good_keys, valid); + ldns_rr_list_free(valid); + return LDNS_STATUS_OK; +} + +/* + * to verify: + * - create the wire fmt of the b64 key rdata + * - create the wire fmt of the sorted rrset + * - create the wire fmt of the b64 sig rdata + * - create the wire fmt of the sig without the b64 rdata + * - cat the sig data (without b64 rdata) to the rrset + * - verify the rrset+sig, with the b64 data and the b64 key data + */ +ldns_status +ldns_verify_rrsig_keylist(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys) +{ + return ldns_verify_rrsig_keylist_time( + rrset, rrsig, keys, ldns_time(NULL), good_keys); +} + +ldns_status +ldns_verify_rrsig_keylist_notime(const ldns_rr_list *rrset, + const ldns_rr *rrsig, + const ldns_rr_list *keys, + ldns_rr_list *good_keys) +{ + ldns_buffer *rawsig_buf; + ldns_buffer *verify_buf; + uint16_t i; + ldns_status result, status; + ldns_rr_list *rrset_clone; + ldns_rr_list *validkeys; + + if (!rrset) { + return LDNS_STATUS_ERR; + } + + validkeys = ldns_rr_list_new(); + if (!validkeys) { + return LDNS_STATUS_MEM_ERR; + } + + /* clone the rrset so that we can fiddle with it */ + rrset_clone = ldns_rr_list_clone(rrset); + + /* create the buffers which will certainly hold the raw data */ + rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + result = ldns_prepare_for_verify(rawsig_buf, verify_buf, + rrset_clone, rrsig); + if(result != LDNS_STATUS_OK) { + ldns_buffer_free(verify_buf); + ldns_buffer_free(rawsig_buf); + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_list_free(validkeys); + return result; + } + + result = LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY; + for(i = 0; i < ldns_rr_list_rr_count(keys); i++) { + status = ldns_verify_test_sig_key(rawsig_buf, verify_buf, + rrsig, ldns_rr_list_rr(keys, i)); + if (status == LDNS_STATUS_OK) { + /* one of the keys has matched, don't break + * here, instead put the 'winning' key in + * the validkey list and return the list + * later */ + if (!ldns_rr_list_push_rr(validkeys, + ldns_rr_list_rr(keys,i))) { + /* couldn't push the key?? */ + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(verify_buf); + ldns_rr_list_deep_free(rrset_clone); + ldns_rr_list_free(validkeys); + return LDNS_STATUS_MEM_ERR; + } + + result = status; + } + + if (result == LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY) { + result = status; + } + } + + /* no longer needed */ + ldns_rr_list_deep_free(rrset_clone); + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(verify_buf); + + if (ldns_rr_list_rr_count(validkeys) == 0) { + /* no keys were added, return last error */ + ldns_rr_list_free(validkeys); + return result; + } + + /* do not check timestamps */ + + ldns_rr_list_cat(good_keys, validkeys); + ldns_rr_list_free(validkeys); + return LDNS_STATUS_OK; +} + +ldns_status +ldns_verify_rrsig_time( + ldns_rr_list *rrset, + ldns_rr *rrsig, + ldns_rr *key, + time_t check_time) +{ + ldns_buffer *rawsig_buf; + ldns_buffer *verify_buf; + ldns_status result; + ldns_rr_list *rrset_clone; + + if (!rrset) { + return LDNS_STATUS_NO_DATA; + } + /* clone the rrset so that we can fiddle with it */ + rrset_clone = ldns_rr_list_clone(rrset); + /* create the buffers which will certainly hold the raw data */ + rawsig_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + verify_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + + result = ldns_prepare_for_verify(rawsig_buf, verify_buf, + rrset_clone, rrsig); + if(result != LDNS_STATUS_OK) { + ldns_rr_list_deep_free(rrset_clone); + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(verify_buf); + return result; + } + result = ldns_verify_test_sig_key(rawsig_buf, verify_buf, + rrsig, key); + /* no longer needed */ + ldns_rr_list_deep_free(rrset_clone); + ldns_buffer_free(rawsig_buf); + ldns_buffer_free(verify_buf); + + /* check timestamp last, apart from time its OK */ + if(result == LDNS_STATUS_OK) + result = ldns_rrsig_check_timestamps(rrsig, check_time); + + return result; +} + +ldns_status +ldns_verify_rrsig(ldns_rr_list *rrset, ldns_rr *rrsig, ldns_rr *key) +{ + return ldns_verify_rrsig_time(rrset, rrsig, key, ldns_time(NULL)); +} + + +ldns_status +ldns_verify_rrsig_evp(ldns_buffer *sig, + ldns_buffer *rrset, + EVP_PKEY *key, + const EVP_MD *digest_type) +{ + return ldns_verify_rrsig_evp_raw( + (unsigned char*)ldns_buffer_begin(sig), + ldns_buffer_position(sig), + rrset, + key, + digest_type); +} + +ldns_status +ldns_verify_rrsig_evp_raw(const unsigned char *sig, size_t siglen, + const ldns_buffer *rrset, EVP_PKEY *key, const EVP_MD *digest_type) +{ + EVP_MD_CTX *ctx; + int res; + +#ifdef HAVE_EVP_MD_CTX_NEW + ctx = EVP_MD_CTX_new(); +#else + ctx = (EVP_MD_CTX*)malloc(sizeof(*ctx)); + if(ctx) EVP_MD_CTX_init(ctx); +#endif + if(!ctx) + return LDNS_STATUS_MEM_ERR; + +#if defined(USE_ED25519) || defined(USE_ED448) + if(!digest_type) { + res = EVP_DigestVerifyInit(ctx, NULL, digest_type, NULL, key); + if(res == 1) { + res = EVP_DigestVerify(ctx, sig, siglen, + ldns_buffer_begin(rrset), + ldns_buffer_position(rrset)); + } + } else { +#else + res = 0; + if(digest_type) { +#endif + EVP_VerifyInit(ctx, digest_type); + EVP_VerifyUpdate(ctx, + ldns_buffer_begin(rrset), + ldns_buffer_position(rrset)); + res = EVP_VerifyFinal(ctx, sig, (unsigned int) siglen, key); + } + + EVP_MD_CTX_destroy(ctx); + + if (res == 1) { + return LDNS_STATUS_OK; + + } else if (res == 0) { + return LDNS_STATUS_CRYPTO_BOGUS; + } + /* TODO how to communicate internal SSL error? + let caller use ssl's get_error() */ + return LDNS_STATUS_SSL_ERR; +} + +ldns_status +ldns_verify_rrsig_dsa(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) +{ + return ldns_verify_rrsig_dsa_raw( + (unsigned char*) ldns_buffer_begin(sig), + ldns_buffer_position(sig), + rrset, + (unsigned char*) ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +ldns_status +ldns_verify_rrsig_rsasha1(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) +{ + return ldns_verify_rrsig_rsasha1_raw( + (unsigned char*)ldns_buffer_begin(sig), + ldns_buffer_position(sig), + rrset, + (unsigned char*) ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +ldns_status +ldns_verify_rrsig_rsamd5(ldns_buffer *sig, ldns_buffer *rrset, ldns_buffer *key) +{ + return ldns_verify_rrsig_rsamd5_raw( + (unsigned char*)ldns_buffer_begin(sig), + ldns_buffer_position(sig), + rrset, + (unsigned char*) ldns_buffer_begin(key), + ldns_buffer_position(key)); +} + +ldns_status +ldns_verify_rrsig_dsa_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen) +{ +#ifdef USE_DSA + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_DSA(evp_key, ldns_key_buf2dsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, +# ifdef HAVE_EVP_DSS1 + EVP_dss1() +# else + EVP_sha1() +# endif + ); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + return result; +#else + (void)sig; (void)siglen; (void)rrset; (void)key; (void)keylen; + return LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL; +#endif +} + +ldns_status +ldns_verify_rrsig_rsasha1_raw(unsigned char* sig, size_t siglen, + ldns_buffer* rrset, unsigned char* key, size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_sha1()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + + return result; +} + +ldns_status +ldns_verify_rrsig_rsasha256_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen) +{ +#ifdef USE_SHA2 + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_sha256()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + + return result; +#else + /* touch these to prevent compiler warnings */ + (void) sig; + (void) siglen; + (void) rrset; + (void) key; + (void) keylen; + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; +#endif +} + +ldns_status +ldns_verify_rrsig_rsasha512_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen) +{ +#ifdef USE_SHA2 + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_sha512()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + + return result; +#else + /* touch these to prevent compiler warnings */ + (void) sig; + (void) siglen; + (void) rrset; + (void) key; + (void) keylen; + return LDNS_STATUS_CRYPTO_UNKNOWN_ALGO; +#endif +} + + +ldns_status +ldns_verify_rrsig_rsamd5_raw(unsigned char* sig, + size_t siglen, + ldns_buffer* rrset, + unsigned char* key, + size_t keylen) +{ + EVP_PKEY *evp_key; + ldns_status result; + + evp_key = EVP_PKEY_new(); + if (EVP_PKEY_assign_RSA(evp_key, ldns_key_buf2rsa_raw(key, keylen))) { + result = ldns_verify_rrsig_evp_raw(sig, + siglen, + rrset, + evp_key, + EVP_md5()); + } else { + result = LDNS_STATUS_SSL_ERR; + } + EVP_PKEY_free(evp_key); + + return result; +} + +#endif diff --git a/zonemaster-ldns/ldns/dnssec_zone.c b/zonemaster-ldns/ldns/dnssec_zone.c new file mode 100644 index 0000000..013517f --- /dev/null +++ b/zonemaster-ldns/ldns/dnssec_zone.c @@ -0,0 +1,1984 @@ +/* + * special zone file structures and functions for better dnssec handling + */ + +#include + +#include + +ldns_dnssec_rrs * +ldns_dnssec_rrs_new(void) +{ + ldns_dnssec_rrs *new_rrs; + new_rrs = LDNS_MALLOC(ldns_dnssec_rrs); + if(!new_rrs) return NULL; + new_rrs->rr = NULL; + new_rrs->next = NULL; + return new_rrs; +} + +INLINE void +ldns_dnssec_rrs_free_internal(ldns_dnssec_rrs *rrs, int deep) +{ + ldns_dnssec_rrs *next; + while (rrs) { + next = rrs->next; + if (deep) { + ldns_rr_free(rrs->rr); + } + LDNS_FREE(rrs); + rrs = next; + } +} + +void +ldns_dnssec_rrs_free(ldns_dnssec_rrs *rrs) +{ + ldns_dnssec_rrs_free_internal(rrs, 0); +} + +void +ldns_dnssec_rrs_deep_free(ldns_dnssec_rrs *rrs) +{ + ldns_dnssec_rrs_free_internal(rrs, 1); +} + +ldns_status +ldns_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr) +{ + int cmp; + ldns_dnssec_rrs *new_rrs; + if (!rrs || !rr) { + return LDNS_STATUS_ERR; + } + + /* this could be done more efficiently; name and type should already + be equal */ + cmp = ldns_rr_compare(rrs->rr, rr); + if (cmp < 0) { + if (rrs->next) { + return ldns_dnssec_rrs_add_rr(rrs->next, rr); + } else { + new_rrs = ldns_dnssec_rrs_new(); + new_rrs->rr = rr; + rrs->next = new_rrs; + } + } else if (cmp > 0) { + /* put the current old rr in the new next, put the new + rr in the current container */ + new_rrs = ldns_dnssec_rrs_new(); + new_rrs->rr = rrs->rr; + new_rrs->next = rrs->next; + rrs->rr = rr; + rrs->next = new_rrs; + } + /* Silently ignore equal rr's */ + return LDNS_STATUS_OK; +} + +void +ldns_dnssec_rrs_print_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_dnssec_rrs *rrs) +{ + if (!rrs) { + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) + fprintf(out, "; "); + } else { + if (rrs->rr) { + ldns_rr_print_fmt(out, fmt, rrs->rr); + } + if (rrs->next) { + ldns_dnssec_rrs_print_fmt(out, fmt, rrs->next); + } + } +} + +void +ldns_dnssec_rrs_print(FILE *out, const ldns_dnssec_rrs *rrs) +{ + ldns_dnssec_rrs_print_fmt(out, ldns_output_format_default, rrs); +} + + +ldns_dnssec_rrsets * +ldns_dnssec_rrsets_new(void) +{ + ldns_dnssec_rrsets *new_rrsets; + new_rrsets = LDNS_MALLOC(ldns_dnssec_rrsets); + if(!new_rrsets) return NULL; + new_rrsets->rrs = NULL; + new_rrsets->type = 0; + new_rrsets->signatures = NULL; + new_rrsets->next = NULL; + return new_rrsets; +} + +INLINE void +ldns_dnssec_rrsets_free_internal(ldns_dnssec_rrsets *rrsets, int deep) +{ + if (rrsets) { + if (rrsets->rrs) { + ldns_dnssec_rrs_free_internal(rrsets->rrs, deep); + } + if (rrsets->next) { + ldns_dnssec_rrsets_free_internal(rrsets->next, deep); + } + if (rrsets->signatures) { + ldns_dnssec_rrs_free_internal(rrsets->signatures, deep); + } + LDNS_FREE(rrsets); + } +} + +void +ldns_dnssec_rrsets_free(ldns_dnssec_rrsets *rrsets) +{ + ldns_dnssec_rrsets_free_internal(rrsets, 0); +} + +void +ldns_dnssec_rrsets_deep_free(ldns_dnssec_rrsets *rrsets) +{ + ldns_dnssec_rrsets_free_internal(rrsets, 1); +} + +ldns_rr_type +ldns_dnssec_rrsets_type(const ldns_dnssec_rrsets *rrsets) +{ + if (rrsets) { + return rrsets->type; + } else { + return 0; + } +} + +ldns_status +ldns_dnssec_rrsets_set_type(ldns_dnssec_rrsets *rrsets, + ldns_rr_type type) +{ + if (rrsets) { + rrsets->type = type; + return LDNS_STATUS_OK; + } + return LDNS_STATUS_ERR; +} + +static ldns_dnssec_rrsets * +ldns_dnssec_rrsets_new_frm_rr(ldns_rr *rr) +{ + ldns_dnssec_rrsets *new_rrsets; + ldns_rr_type rr_type; + bool rrsig; + + new_rrsets = ldns_dnssec_rrsets_new(); + rr_type = ldns_rr_get_type(rr); + if (rr_type == LDNS_RR_TYPE_RRSIG) { + rrsig = true; + rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } else { + rrsig = false; + } + if (!rrsig) { + new_rrsets->rrs = ldns_dnssec_rrs_new(); + new_rrsets->rrs->rr = rr; + } else { + new_rrsets->signatures = ldns_dnssec_rrs_new(); + new_rrsets->signatures->rr = rr; + } + new_rrsets->type = rr_type; + return new_rrsets; +} + +ldns_status +ldns_dnssec_rrsets_add_rr(ldns_dnssec_rrsets *rrsets, ldns_rr *rr) +{ + ldns_dnssec_rrsets *new_rrsets; + ldns_rr_type rr_type; + bool rrsig = false; + ldns_status result = LDNS_STATUS_OK; + + if (!rrsets || !rr) { + return LDNS_STATUS_ERR; + } + + rr_type = ldns_rr_get_type(rr); + + if (rr_type == LDNS_RR_TYPE_RRSIG) { + rrsig = true; + rr_type = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + + if (!rrsets->rrs && rrsets->type == 0 && !rrsets->signatures) { + if (!rrsig) { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + rrsets->type = rr_type; + } else { + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + rrsets->type = rr_type; + } + return LDNS_STATUS_OK; + } + + if (rr_type > ldns_dnssec_rrsets_type(rrsets)) { + if (rrsets->next) { + result = ldns_dnssec_rrsets_add_rr(rrsets->next, rr); + } else { + new_rrsets = ldns_dnssec_rrsets_new_frm_rr(rr); + rrsets->next = new_rrsets; + } + } else if (rr_type < ldns_dnssec_rrsets_type(rrsets)) { + /* move the current one into the new next, + replace field of current with data from new rr */ + new_rrsets = ldns_dnssec_rrsets_new(); + new_rrsets->rrs = rrsets->rrs; + new_rrsets->type = rrsets->type; + new_rrsets->signatures = rrsets->signatures; + new_rrsets->next = rrsets->next; + if (!rrsig) { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + rrsets->signatures = NULL; + } else { + rrsets->rrs = NULL; + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + } + rrsets->type = rr_type; + rrsets->next = new_rrsets; + } else { + /* equal, add to current rrsets */ + if (rrsig) { + if (rrsets->signatures) { + result = ldns_dnssec_rrs_add_rr(rrsets->signatures, rr); + } else { + rrsets->signatures = ldns_dnssec_rrs_new(); + rrsets->signatures->rr = rr; + } + } else { + if (rrsets->rrs) { + result = ldns_dnssec_rrs_add_rr(rrsets->rrs, rr); + } else { + rrsets->rrs = ldns_dnssec_rrs_new(); + rrsets->rrs->rr = rr; + } + } + } + + return result; +} + +static void +ldns_dnssec_rrsets_print_soa_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_dnssec_rrsets *rrsets, + bool follow, + bool show_soa) +{ + if (!rrsets) { + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) + fprintf(out, "; \n"); + } else { + if (rrsets->rrs && + (show_soa || + ldns_rr_get_type(rrsets->rrs->rr) != LDNS_RR_TYPE_SOA + ) + ) { + ldns_dnssec_rrs_print_fmt(out, fmt, rrsets->rrs); + if (rrsets->signatures) { + ldns_dnssec_rrs_print_fmt(out, fmt, + rrsets->signatures); + } + } + if (follow && rrsets->next) { + ldns_dnssec_rrsets_print_soa_fmt(out, fmt, + rrsets->next, follow, show_soa); + } + } +} + + +void +ldns_dnssec_rrsets_print_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_dnssec_rrsets *rrsets, + bool follow) +{ + ldns_dnssec_rrsets_print_soa_fmt(out, fmt, rrsets, follow, true); +} + +void +ldns_dnssec_rrsets_print(FILE *out, const ldns_dnssec_rrsets *rrsets, bool follow) +{ + ldns_dnssec_rrsets_print_fmt(out, ldns_output_format_default, + rrsets, follow); +} + +ldns_dnssec_name * +ldns_dnssec_name_new(void) +{ + ldns_dnssec_name *new_name; + + new_name = LDNS_CALLOC(ldns_dnssec_name, 1); + if (!new_name) { + return NULL; + } + /* + * not needed anymore because CALLOC initializes everything to zero. + + new_name->name = NULL; + new_name->rrsets = NULL; + new_name->name_alloced = false; + new_name->nsec = NULL; + new_name->nsec_signatures = NULL; + + new_name->is_glue = false; + new_name->hashed_name = NULL; + + */ + return new_name; +} + +ldns_dnssec_name * +ldns_dnssec_name_new_frm_rr(ldns_rr *rr) +{ + ldns_dnssec_name *new_name = ldns_dnssec_name_new(); + + new_name->name = ldns_rr_owner(rr); + if(ldns_dnssec_name_add_rr(new_name, rr) != LDNS_STATUS_OK) { + ldns_dnssec_name_free(new_name); + return NULL; + } + + return new_name; +} + +INLINE void +ldns_dnssec_name_free_internal(ldns_dnssec_name *name, + int deep) +{ + if (name) { + if (name->name_alloced) { + ldns_rdf_deep_free(name->name); + } + if (name->rrsets) { + ldns_dnssec_rrsets_free_internal(name->rrsets, deep); + } + if (name->nsec && deep) { + ldns_rr_free(name->nsec); + } + if (name->nsec_signatures) { + ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep); + } + if (name->hashed_name) { + /* Hashed name is always allocated when signing, + * so always deep free + */ + ldns_rdf_deep_free(name->hashed_name); + } + LDNS_FREE(name); + } +} + +void +ldns_dnssec_name_free(ldns_dnssec_name *name) +{ + ldns_dnssec_name_free_internal(name, 0); +} + +void +ldns_dnssec_name_deep_free(ldns_dnssec_name *name) +{ + ldns_dnssec_name_free_internal(name, 1); +} + +ldns_rdf * +ldns_dnssec_name_name(const ldns_dnssec_name *name) +{ + if (name) { + return name->name; + } + return NULL; +} + +bool +ldns_dnssec_name_is_glue(const ldns_dnssec_name *name) +{ + if (name) { + return name->is_glue; + } + return false; +} + +void +ldns_dnssec_name_set_name(ldns_dnssec_name *rrset, + ldns_rdf *dname) +{ + if (rrset && dname) { + rrset->name = dname; + } +} + + +void +ldns_dnssec_name_set_nsec(ldns_dnssec_name *rrset, ldns_rr *nsec) +{ + if (rrset && nsec) { + rrset->nsec = nsec; + } +} + +int +ldns_dnssec_name_cmp(const void *a, const void *b) +{ + ldns_dnssec_name *na = (ldns_dnssec_name *) a; + ldns_dnssec_name *nb = (ldns_dnssec_name *) b; + + if (na && nb) { + return ldns_dname_compare(ldns_dnssec_name_name(na), + ldns_dnssec_name_name(nb)); + } else if (na) { + return 1; + } else if (nb) { + return -1; + } else { + return 0; + } +} + +ldns_status +ldns_dnssec_name_add_rr(ldns_dnssec_name *name, + ldns_rr *rr) +{ + ldns_status result = LDNS_STATUS_OK; + ldns_rr_type rr_type; + ldns_rr_type typecovered = 0; + + /* special handling for NSEC3 and NSECX covering RRSIGS */ + + if (!name || !rr) { + return LDNS_STATUS_ERR; + } + + rr_type = ldns_rr_get_type(rr); + + if (rr_type == LDNS_RR_TYPE_RRSIG) { + typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + + if (rr_type == LDNS_RR_TYPE_NSEC || + rr_type == LDNS_RR_TYPE_NSEC3) { + /* XX check if is already set (and error?) */ + name->nsec = rr; + } else if (typecovered == LDNS_RR_TYPE_NSEC || + typecovered == LDNS_RR_TYPE_NSEC3) { + if (name->nsec_signatures) { + result = ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr); + } else { + name->nsec_signatures = ldns_dnssec_rrs_new(); + name->nsec_signatures->rr = rr; + } + } else { + /* it's a 'normal' RR, add it to the right rrset */ + if (name->rrsets) { + result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); + } else { + name->rrsets = ldns_dnssec_rrsets_new(); + result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr); + } + } + return result; +} + +ldns_dnssec_rrsets * +ldns_dnssec_name_find_rrset(const ldns_dnssec_name *name, + ldns_rr_type type) { + ldns_dnssec_rrsets *result; + + result = name->rrsets; + while (result) { + if (result->type == type) { + return result; + } else { + result = result->next; + } + } + return NULL; +} + +ldns_dnssec_rrsets * +ldns_dnssec_zone_find_rrset(const ldns_dnssec_zone *zone, + const ldns_rdf *dname, + ldns_rr_type type) +{ + ldns_rbnode_t *node; + + if (!zone || !dname || !zone->names) { + return NULL; + } + + node = ldns_rbtree_search(zone->names, dname); + if (node) { + return ldns_dnssec_name_find_rrset((ldns_dnssec_name *)node->data, + type); + } else { + return NULL; + } +} + +static void +ldns_dnssec_name_print_soa_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_dnssec_name *name, + bool show_soa) +{ + if (name) { + if(name->rrsets) { + ldns_dnssec_rrsets_print_soa_fmt(out, fmt, + name->rrsets, true, show_soa); + } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { + fprintf(out, ";; Empty nonterminal: "); + ldns_rdf_print(out, name->name); + fprintf(out, "\n"); + } + if(name->nsec) { + ldns_rr_print_fmt(out, fmt, name->nsec); + } + if (name->nsec_signatures) { + ldns_dnssec_rrs_print_fmt(out, fmt, + name->nsec_signatures); + } + } else if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { + fprintf(out, "; \n"); + } +} + + +void +ldns_dnssec_name_print_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_dnssec_name *name) +{ + ldns_dnssec_name_print_soa_fmt(out, fmt, name, true); +} + +void +ldns_dnssec_name_print(FILE *out, const ldns_dnssec_name *name) +{ + ldns_dnssec_name_print_fmt(out, ldns_output_format_default, name); +} + + +ldns_dnssec_zone * +ldns_dnssec_zone_new(void) +{ + ldns_dnssec_zone *zone = LDNS_MALLOC(ldns_dnssec_zone); + if(!zone) return NULL; + zone->soa = NULL; + zone->names = NULL; + zone->hashed_names = NULL; + zone->_nsec3params = NULL; + + return zone; +} + +static bool +rr_is_rrsig_covering(ldns_rr* rr, ldns_rr_type t) +{ + return ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG + && ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)) == t; +} + +/* When the zone is first read into an list and then inserted into an + * ldns_dnssec_zone (rbtree) the nodes of the rbtree are allocated close (next) + * to each other. Because ldns-verify-zone (the only program that uses this + * function) uses the rbtree mostly for sequential walking, this results + * in a speed increase (of 15% on linux) because we have less CPU-cache misses. + */ +#define FASTER_DNSSEC_ZONE_NEW_FRM_FP 1 /* Because of L2 cache efficiency */ + +static ldns_status +ldns_dnssec_zone_add_empty_nonterminals_nsec3( + ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s); + +static void +ldns_todo_nsec3_ents_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + ldns_rdf_deep_free((ldns_rdf *)node->key); + LDNS_FREE(node); +} + +ldns_status +ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* origin, + uint32_t default_ttl, ldns_rr_class ATTR_UNUSED(c), int* line_nr) +{ + ldns_rr* cur_rr; + size_t i; + + ldns_rdf *my_origin = NULL; + ldns_rdf *my_prev = NULL; + + ldns_dnssec_zone *newzone = ldns_dnssec_zone_new(); + /* NSEC3s may occur before the names they refer to. We must remember + them and add them to the name later on, after the name is read. + We track not yet matching NSEC3s*n the todo_nsec3s list */ + ldns_rr_list* todo_nsec3s = ldns_rr_list_new(); + /* when reading NSEC3s, there is a chance that we encounter nsecs + for empty nonterminals, whose nonterminals we cannot derive yet + because the needed information is to be read later. + + nsec3_ents (where ent is e.n.t.; i.e. empty non terminal) will + hold the NSEC3s that still didn't have a matching name in the + zone tree, even after all names were read. They can only match + after the zone is equipped with all the empty non terminals. */ + ldns_rbtree_t todo_nsec3_ents; + ldns_rbnode_t *new_node; + ldns_rr_list* todo_nsec3_rrsigs = ldns_rr_list_new(); + + ldns_status status; + +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + ldns_zone* zone = NULL; +#else + ldns_rr *prev_rr = NULL; + uint32_t my_ttl = default_ttl; + /* RFC 1035 Section 5.1, says 'Omitted class and TTL values are default + * to the last explicitly stated values.' + */ + bool ttl_from_TTL = false; + bool explicit_ttl = false; +#endif + + ldns_rbtree_init(&todo_nsec3_ents, ldns_dname_compare_v); + +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + status = ldns_zone_new_frm_fp_l(&zone, fp, origin, default_ttl, c, line_nr); + if (status != LDNS_STATUS_OK) + goto error; +#endif + if (!newzone || !todo_nsec3s || !todo_nsec3_rrsigs ) { + status = LDNS_STATUS_MEM_ERR; + goto error; + } + if (origin) { + if (!(my_origin = ldns_rdf_clone(origin))) { + status = LDNS_STATUS_MEM_ERR; + goto error; + } + if (!(my_prev = ldns_rdf_clone(origin))) { + status = LDNS_STATUS_MEM_ERR; + goto error; + } + } + +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + if (ldns_zone_soa(zone)) { + status = ldns_dnssec_zone_add_rr(newzone, ldns_zone_soa(zone)); + if (status != LDNS_STATUS_OK) + goto error; + } + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(zone)); i++) { + cur_rr = ldns_rr_list_rr(ldns_zone_rrs(zone), i); + status = LDNS_STATUS_OK; +#else + while (!feof(fp)) { + /* If ttl came from $TTL line, then it should be the default. + * (RFC 2308 Section 4) + * Otherwise it "defaults to the last explicitly stated value" + * (RFC 1035 Section 5.1) + */ + if (ttl_from_TTL) + my_ttl = default_ttl; + status = ldns_rr_new_frm_fp_l(&cur_rr, fp, &my_ttl, &my_origin, + &my_prev, line_nr, &explicit_ttl); +#endif + switch (status) { + case LDNS_STATUS_OK: +#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP + if (explicit_ttl) { + if (!ttl_from_TTL) { + /* No $TTL, so ttl "defaults to the + * last explicitly stated value" + * (RFC 1035 Section 5.1) + */ + my_ttl = ldns_rr_ttl(cur_rr); + } + /* When ttl is implicit, try to adhere to the rules as + * much as possible. (also for compatibility with bind) + * This was changed when fixing an issue with ZONEMD + * which hashes the TTL too. + */ + } else if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SIG + || ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_RRSIG) { + if (ldns_rr_rd_count(cur_rr) >= 4 + && ldns_rdf_get_type(ldns_rr_rdf(cur_rr, 3)) == LDNS_RDF_TYPE_INT32) + + /* SIG without explicit ttl get ttl + * from the original_ttl field + * (RFC 2535 Section 7.2) + * + * Similarly for RRSIG, but stated less + * specifically in the spec. + * (RFC 4034 Section 3) + */ + ldns_rr_set_ttl(cur_rr, + ldns_rdf2native_int32( + ldns_rr_rdf(rr, 3))); + + } else if (prev_rr + && ldns_rr_get_type(prev_rr) == ldns_rr_get_type(cur_rr) + && ldns_dname_compare( ldns_rr_owner(prev_rr) + , ldns_rr_owner(cur_rr)) == 0) + + /* "TTLs of all RRs in an RRSet must be the same" + * (RFC 2881 Section 5.2) + */ + ldns_rr_set_ttl(cur_rr, ldns_rr_ttl(prev_rr)); + + prev_rr = cur_rr; +#endif + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + if (status == + LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { + + if (rr_is_rrsig_covering(cur_rr, + LDNS_RR_TYPE_NSEC3)){ + ldns_rr_list_push_rr(todo_nsec3_rrsigs, + cur_rr); + } else { + ldns_rr_list_push_rr(todo_nsec3s, + cur_rr); + } + status = LDNS_STATUS_OK; + + } else if (status != LDNS_STATUS_OK) + goto error; + + break; + + case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/ +#ifndef FASTER_DNSSEC_ZONE_NEW_FRM_FP + default_ttl = my_ttl; + ttl_from_TTL = true; +#endif + status = LDNS_STATUS_OK; + break; + + + case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */ + case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/ + status = LDNS_STATUS_OK; + break; + + case LDNS_STATUS_SYNTAX_INCLUDE:/* $include not implemented */ + status = LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL; + break; + + default: + goto error; + } + } + + for (i = 0; status == LDNS_STATUS_OK && + i < ldns_rr_list_rr_count(todo_nsec3s); i++) { + cur_rr = ldns_rr_list_rr(todo_nsec3s, i); + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + if (status == LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND) { + if (!(new_node = LDNS_MALLOC(ldns_rbnode_t))) { + status = LDNS_STATUS_MEM_ERR; + break; + } + new_node->key = ldns_dname_label(ldns_rr_owner(cur_rr), 0); + new_node->data = cur_rr; + if (!ldns_rbtree_insert(&todo_nsec3_ents, new_node)) { + LDNS_FREE(new_node); + status = LDNS_STATUS_MEM_ERR; + break; + } + status = LDNS_STATUS_OK; + } + } + if (todo_nsec3_ents.count > 0) + (void) ldns_dnssec_zone_add_empty_nonterminals_nsec3( + newzone, &todo_nsec3_ents); + for (i = 0; status == LDNS_STATUS_OK && + i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++) { + cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i); + status = ldns_dnssec_zone_add_rr(newzone, cur_rr); + } + if (z) { + *z = newzone; + newzone = NULL; + } else { + ldns_dnssec_zone_free(newzone); + newzone = NULL; + } + +error: +#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP + if (zone) { + ldns_zone_free(zone); + } +#endif + ldns_rr_list_free(todo_nsec3_rrsigs); + ldns_traverse_postorder(&todo_nsec3_ents, + ldns_todo_nsec3_ents_node_free, NULL); + ldns_rr_list_free(todo_nsec3s); + + if (my_origin) { + ldns_rdf_deep_free(my_origin); + } + if (my_prev) { + ldns_rdf_deep_free(my_prev); + } + if (newzone) { + ldns_dnssec_zone_free(newzone); + } + return status; +} + +ldns_status +ldns_dnssec_zone_new_frm_fp(ldns_dnssec_zone** z, FILE* fp, const ldns_rdf* origin, + uint32_t ttl, ldns_rr_class ATTR_UNUSED(c)) +{ + return ldns_dnssec_zone_new_frm_fp_l(z, fp, origin, ttl, c, NULL); +} + +static void +ldns_dnssec_name_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + ldns_dnssec_name_free((ldns_dnssec_name *)node->data); + LDNS_FREE(node); +} + +static void +ldns_dnssec_name_node_deep_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + ldns_dnssec_name_deep_free((ldns_dnssec_name *)node->data); + LDNS_FREE(node); +} + +static void +ldns_hashed_names_node_free(ldns_rbnode_t *node, void *arg) { + (void) arg; + LDNS_FREE(node); +} + +void +ldns_dnssec_zone_free(ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } + if (zone->names) { + /* destroy all name structures within the tree */ + ldns_traverse_postorder(zone->names, + ldns_dnssec_name_node_free, + NULL); + LDNS_FREE(zone->names); + } + LDNS_FREE(zone); + } +} + +void +ldns_dnssec_zone_deep_free(ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } + if (zone->names) { + /* destroy all name structures within the tree */ + ldns_traverse_postorder(zone->names, + ldns_dnssec_name_node_deep_free, + NULL); + LDNS_FREE(zone->names); + } + LDNS_FREE(zone); + } +} + +/* use for dname comparison in tree */ +int +ldns_dname_compare_v(const void *a, const void *b) { + return ldns_dname_compare((ldns_rdf *)a, (ldns_rdf *)b); +} + +static void +ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, + ldns_dnssec_name* name, ldns_rr* nsec3rr); + +static void +ldns_dnssec_zone_hashed_names_from_nsec3( + ldns_dnssec_zone* zone, ldns_rr* nsec3rr) +{ + ldns_rbnode_t* current_node; + ldns_dnssec_name* current_name; + + assert(zone != NULL); + assert(nsec3rr != NULL); + + if (zone->hashed_names) { + ldns_traverse_postorder(zone->hashed_names, + ldns_hashed_names_node_free, NULL); + LDNS_FREE(zone->hashed_names); + } + zone->_nsec3params = nsec3rr; + + /* So this is a NSEC3 zone. + * Calculate hashes for all names already in the zone + */ + zone->hashed_names = ldns_rbtree_create(ldns_dname_compare_v); + if (zone->hashed_names == NULL) { + return; + } + for ( current_node = ldns_rbtree_first(zone->names) + ; current_node != LDNS_RBTREE_NULL + ; current_node = ldns_rbtree_next(current_node) + ) { + current_name = (ldns_dnssec_name *) current_node->data; + ldns_dnssec_name_make_hashed_name(zone, current_name, nsec3rr); + + } +} + +static void +ldns_dnssec_name_make_hashed_name(ldns_dnssec_zone *zone, + ldns_dnssec_name* name, ldns_rr* nsec3rr) +{ + ldns_rbnode_t* new_node; + + assert(name != NULL); + if (! zone->_nsec3params) { + if (! nsec3rr) { + return; + } + ldns_dnssec_zone_hashed_names_from_nsec3(zone, nsec3rr); + + } else if (! nsec3rr) { + nsec3rr = zone->_nsec3params; + } + name->hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsec3rr, name->name); + + /* Also store in zone->hashed_names */ + if ((new_node = LDNS_MALLOC(ldns_rbnode_t))) { + + new_node->key = name->hashed_name; + new_node->data = name; + + if (ldns_rbtree_insert(zone->hashed_names, new_node) == NULL) { + + LDNS_FREE(new_node); + } + } +} + + +static ldns_rbnode_t * +ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone, ldns_rr *rr) { + ldns_rdf *hashed_name; + ldns_rbnode_t *to_return; + + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 && ! zone->_nsec3params){ + + ldns_dnssec_zone_hashed_names_from_nsec3(zone, rr); + } + if (zone->hashed_names == NULL) { + return NULL; + } + hashed_name = ldns_dname_label(ldns_rr_owner(rr), 0); + if (hashed_name == NULL) { + return NULL; + } + to_return = ldns_rbtree_search(zone->hashed_names, hashed_name); + ldns_rdf_deep_free(hashed_name); + return to_return; +} + +ldns_status +ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr) +{ + ldns_status result = LDNS_STATUS_OK; + ldns_dnssec_name *cur_name; + ldns_rbnode_t *cur_node; + ldns_rr_type type_covered = 0; + + if (!zone || !rr) { + return LDNS_STATUS_ERR; + } + + if (!zone->names) { + zone->names = ldns_rbtree_create(ldns_dname_compare_v); + if(!zone->names) return LDNS_STATUS_MEM_ERR; + } + + /* we need the original of the hashed name if this is + an NSEC3, or an RRSIG that covers an NSEC3 */ + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) { + type_covered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr)); + } + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NSEC3 || + type_covered == LDNS_RR_TYPE_NSEC3) { + cur_node = ldns_dnssec_zone_find_nsec3_original(zone, rr); + if (!cur_node) { + return LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND; + } + } else { + cur_node = ldns_rbtree_search(zone->names, ldns_rr_owner(rr)); + } + if (!cur_node) { + /* add */ + cur_name = ldns_dnssec_name_new_frm_rr(rr); + if(!cur_name) return LDNS_STATUS_MEM_ERR; + cur_node = LDNS_MALLOC(ldns_rbnode_t); + if(!cur_node) { + ldns_dnssec_name_free(cur_name); + return LDNS_STATUS_MEM_ERR; + } + cur_node->key = ldns_rr_owner(rr); + cur_node->data = cur_name; + (void)ldns_rbtree_insert(zone->names, cur_node); + ldns_dnssec_name_make_hashed_name(zone, cur_name, NULL); + } else { + cur_name = (ldns_dnssec_name *) cur_node->data; + result = ldns_dnssec_name_add_rr(cur_name, rr); + } + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) { + zone->soa = cur_name; + } + return result; +} + +void +ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_rbtree_t *tree, + bool print_soa) +{ + ldns_rbnode_t *node; + ldns_dnssec_name *name; + + node = ldns_rbtree_first(tree); + while (node != LDNS_RBTREE_NULL) { + name = (ldns_dnssec_name *) node->data; + ldns_dnssec_name_print_soa_fmt(out, fmt, name, print_soa); + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) + fprintf(out, ";\n"); + node = ldns_rbtree_next(node); + } +} + +void +ldns_dnssec_zone_names_print(FILE *out, const ldns_rbtree_t *tree, bool print_soa) +{ + ldns_dnssec_zone_names_print_fmt(out, ldns_output_format_default, + tree, print_soa); +} + +void +ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt, + const ldns_dnssec_zone *zone) +{ + if (zone) { + if (zone->soa) { + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) { + fprintf(out, ";; Zone: "); + ldns_rdf_print(out, ldns_dnssec_name_name( + zone->soa)); + fprintf(out, "\n;\n"); + } + ldns_dnssec_rrsets_print_fmt(out, fmt, + ldns_dnssec_name_find_rrset( + zone->soa, + LDNS_RR_TYPE_SOA), + false); + if ((fmt->flags & LDNS_COMMENT_LAYOUT)) + fprintf(out, ";\n"); + } + + if (zone->names) { + ldns_dnssec_zone_names_print_fmt(out, fmt, + zone->names, false); + } + } +} + +void +ldns_dnssec_zone_print(FILE *out, const ldns_dnssec_zone *zone) +{ + ldns_dnssec_zone_print_fmt(out, ldns_output_format_default, zone); +} + +static ldns_status +ldns_dnssec_zone_add_empty_nonterminals_nsec3( + ldns_dnssec_zone *zone, ldns_rbtree_t *nsec3s) +{ + ldns_dnssec_name *new_name; + ldns_rdf *cur_name; + ldns_rdf *next_name; + ldns_rbnode_t *cur_node, *next_node, *new_node; + + /* for the detection */ + uint16_t i, cur_label_count, next_label_count; + uint16_t soa_label_count = 0; + ldns_rdf *l1, *l2; + int lpos; + + if (!zone) { + return LDNS_STATUS_ERR; + } + if (zone->soa && zone->soa->name) { + soa_label_count = ldns_dname_label_count(zone->soa->name); + } + + cur_node = ldns_rbtree_first(zone->names); + while (cur_node != LDNS_RBTREE_NULL) { + next_node = ldns_rbtree_next(cur_node); + + /* skip glue */ + while (next_node != LDNS_RBTREE_NULL && + next_node->data && + ((ldns_dnssec_name *)next_node->data)->is_glue + ) { + next_node = ldns_rbtree_next(next_node); + } + + if (next_node == LDNS_RBTREE_NULL) { + next_node = ldns_rbtree_first(zone->names); + } + if (! cur_node->data || ! next_node->data) { + return LDNS_STATUS_ERR; + } + cur_name = ((ldns_dnssec_name *)cur_node->data)->name; + next_name = ((ldns_dnssec_name *)next_node->data)->name; + cur_label_count = ldns_dname_label_count(cur_name); + next_label_count = ldns_dname_label_count(next_name); + + /* Since the names are in canonical order, we can + * recognize empty non-terminals by their labels; + * every label after the first one on the next owner + * name is a non-terminal if it either does not exist + * in the current name or is different from the same + * label in the current name (counting from the end) + */ + for (i = 1; i < next_label_count - soa_label_count; i++) { + lpos = (int)cur_label_count - (int)next_label_count + (int)i; + if (lpos >= 0) { + l1 = ldns_dname_clone_from(cur_name, (uint8_t)lpos); + } else { + l1 = NULL; + } + l2 = ldns_dname_clone_from(next_name, i); + + if (!l1 || ldns_dname_compare(l1, l2) != 0) { + /* We have an empty nonterminal, add it to the + * tree + */ + ldns_rbnode_t *node = NULL; + ldns_rdf *ent_name; + + if (!(ent_name = ldns_dname_clone_from( + next_name, i))) { + + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + return LDNS_STATUS_MEM_ERR; + } + + if (nsec3s && zone->_nsec3params) { + ldns_rdf *ent_hashed_name; + + if (!(ent_hashed_name = + ldns_nsec3_hash_name_frm_nsec3( + zone->_nsec3params, + ent_name))) { + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + ldns_rdf_deep_free(ent_name); + return LDNS_STATUS_MEM_ERR; + } + node = ldns_rbtree_search(nsec3s, + ent_hashed_name); + ldns_rdf_deep_free(ent_hashed_name); + if (!node) { + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + ldns_rdf_deep_free(ent_name); + continue; + } + } + new_name = ldns_dnssec_name_new(); + if (!new_name) { + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + ldns_rdf_deep_free(ent_name); + return LDNS_STATUS_MEM_ERR; + } + new_name->name = ent_name; + new_name->name_alloced = true; + new_node = LDNS_MALLOC(ldns_rbnode_t); + if (!new_node) { + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + ldns_dnssec_name_free(new_name); + return LDNS_STATUS_MEM_ERR; + } + new_node->key = new_name->name; + new_node->data = new_name; + (void)ldns_rbtree_insert(zone->names, new_node); + ldns_dnssec_name_make_hashed_name( + zone, new_name, NULL); + if (node) + (void) ldns_dnssec_zone_add_rr(zone, + (ldns_rr *)node->data); + } + ldns_rdf_deep_free(l1); + ldns_rdf_deep_free(l2); + } + + /* we might have inserted a new node after + * the current one so we can't just use next() + */ + if (next_node != ldns_rbtree_first(zone->names)) { + cur_node = next_node; + } else { + cur_node = LDNS_RBTREE_NULL; + } + } + return LDNS_STATUS_OK; +} + +ldns_status +ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone) +{ + return ldns_dnssec_zone_add_empty_nonterminals_nsec3(zone, NULL); +} + +bool +ldns_dnssec_zone_is_nsec3_optout(const ldns_dnssec_zone* zone) +{ + ldns_rr* nsec3; + ldns_rbnode_t* node; + + if (ldns_dnssec_name_find_rrset(zone->soa, LDNS_RR_TYPE_NSEC3PARAM)) { + node = ldns_rbtree_first(zone->names); + while (node != LDNS_RBTREE_NULL) { + nsec3 = ((ldns_dnssec_name*)node->data)->nsec; + if (nsec3 &&ldns_rr_get_type(nsec3) + == LDNS_RR_TYPE_NSEC3 && + ldns_nsec3_optout(nsec3)) { + return true; + } + node = ldns_rbtree_next(node); + } + } + return false; +} + +/* + * Stuff for calculating and verifying zone digests + */ +typedef enum dnssec_zone_rr_iter_state { + DNSSEC_ZONE_RR_ITER_LT_RRSIG + , DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC + , DNSSEC_ZONE_RR_ITER_REST + , DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC + , DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST + , DNSSEC_ZONE_RR_ITER_NSEC3 + , DNSSEC_ZONE_RR_ITER_FINI +} dnssec_zone_rr_iter_state; + +typedef struct dnssec_zone_rr_iter { + ldns_dnssec_zone *zone; + ldns_rbnode_t *node; + ldns_dnssec_name *name; + ldns_dnssec_rrsets *rrsets; + ldns_dnssec_rrs *rrs; + ldns_dnssec_rrsets *rrsets4rrsigs; + ldns_rbnode_t *nsec3_node; + ldns_dnssec_name *nsec3_name; + dnssec_zone_rr_iter_state state; + ldns_rdf *apex_name; + uint8_t apex_labs; +} dnssec_zone_rr_iter; + +INLINE void +dnssec_zone_rr_iter_set_state_for_next_name(dnssec_zone_rr_iter *i) +{ + /* Make sure the i->name is "in zone" (i.e. below the apex) */ + if (i->apex_name) { + ldns_rdf *name = (ldns_rdf *)i->node->key; + + while (i->name && name != i->apex_name /* not apex */ + + && ( ldns_dname_label_count(name) != i->apex_labs + || ldns_dname_compare(name, i->apex_name)) /* not apex */ + + && !ldns_dname_is_subdomain(name, i->apex_name) /* no sub */) { + + /* next name */ + i->node = ldns_rbtree_next(i->node); + if (i->node == LDNS_RBTREE_NULL) + i->name = NULL; + else { + i->name = (ldns_dnssec_name *)i->node->data; + name = (ldns_rdf *)i->node->key; + } + } + } + /* determine state */ + if (!i->name) { + if (!i->nsec3_name) + i->state = DNSSEC_ZONE_RR_ITER_FINI; + else { + i->rrs = i->nsec3_name->nsec_signatures; + i->state = DNSSEC_ZONE_RR_ITER_NSEC3; + } + } else if (!i->nsec3_name) { + i->rrsets = i->name->rrsets; + i->state = DNSSEC_ZONE_RR_ITER_LT_RRSIG; + + } else if (ldns_dname_compare( ldns_rr_owner(i->nsec3_name->nsec) + , (ldns_rdf *)i->node->key) < 0) { + i->rrs = i->nsec3_name->nsec_signatures; + i->state = DNSSEC_ZONE_RR_ITER_NSEC3; + } else { + i->rrsets = i->name->rrsets; + i->state = DNSSEC_ZONE_RR_ITER_LT_RRSIG; + } +} + +/** + * Iterate over the RR's in the ldns_dnssec_zone in canonical order. + * There are three possible paths through the RR's in a ldns_dnssec_name. + * + * 1. There is no NSEC: + * + * 1.1. All the RRs in the name->rrsets with type < RRSIG, + * state: DNSSEC_ZONE_RR_ITER_LT_RRSIG + * + * 1.2. Then all the RRSIGs from name->rrsets (likely none) + * state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC + * + * 1.3. Finally the remaining RRs in name->rrsets (type > RRSIG) + * state: DNSSEC_ZONE_RR_ITER_REST + * + * + * 2. There is a NSEC of type NSEC with this name: + * + * 2.1. All the RRs in the name->rrsets with type < RRSIG, + * state: DNSSEC_ZONE_RR_ITER_LT_RRSIG + * + * 2.2. Then all the RRSIGs from name->rrsets with type < NSEC + * state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC + * + * 2.3. Then the signatures of the NSEC RR, followed by + * the signatures of the remaining name->rrsets (type > NSEC), + * followed by the NSEC rr. + * state: DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC + * + * 2.4. Finally the remaining RRs in name->rrsets (type > RRSIG) + * state: DNSSEC_ZONE_RR_ITER_REST + * + * + * 3. There is a NSEC of type NSEC3 for this name: + * + * 3.1. If the NSEC3 name is before the name for other RRsets in the zone, + * Then all signatures of the NSEC3 RR, followed by the NSEC3 + * state: DNSSEC_ZONE_RR_ITER_NSEC3 + * + * otherwise follow path for "no NSEC" for the name for other RRsets + */ +static ldns_rr * +dnssec_zone_rr_iter_next(dnssec_zone_rr_iter *i) +{ + ldns_rr *nsec3; + + for (;;) { + if (i->rrs) { + ldns_rr *rr = i->rrs->rr; + i->rrs = i->rrs->next; + return rr; + } + switch (i->state) { + case DNSSEC_ZONE_RR_ITER_LT_RRSIG: + if (i->rrsets + && i->rrsets->type < LDNS_RR_TYPE_RRSIG) { + + i->rrs = i->rrsets->rrs; + i->rrsets = i->rrsets->next; + break; + } + i->rrsets4rrsigs = i->name->rrsets; + if (i->name->nsec && ldns_rr_get_type(i->name->nsec) + == LDNS_RR_TYPE_NSEC) { + + i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC; + break; + } + i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC; + /* fallthrough */ + + case DNSSEC_ZONE_RR_ITER_RRSIGs_NO_NSEC: + if (i->rrsets4rrsigs) { + i->rrs = i->rrsets4rrsigs->signatures; + i->rrsets4rrsigs = i->rrsets4rrsigs->next; + break; + } + i->state = DNSSEC_ZONE_RR_ITER_REST; + /* fallthrough */ + + case DNSSEC_ZONE_RR_ITER_REST: + if (i->rrsets) { + i->rrs = i->rrsets->rrs; + i->rrsets = i->rrsets->next; + break; + } + /* next name */ + i->node = ldns_rbtree_next(i->node); + i->name = i->node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name *)i->node->data; + + dnssec_zone_rr_iter_set_state_for_next_name(i); + break; + + case DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC: + if (i->rrsets4rrsigs + && i->rrsets4rrsigs->type < LDNS_RR_TYPE_NSEC) { + + i->rrs = i->rrsets4rrsigs->signatures; + i->rrsets4rrsigs = i->rrsets4rrsigs->next; + break; + } + i->state = DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST; + i->rrs = i->name->nsec_signatures; + break; + + case DNSSEC_ZONE_RR_ITER_RRSIGs_NSEC_REST: + if (i->rrsets4rrsigs) { + i->rrs = i->rrsets4rrsigs->signatures; + i->rrsets4rrsigs = i->rrsets4rrsigs->next; + break; + } + i->state = DNSSEC_ZONE_RR_ITER_REST; + return i->name->nsec; + + case DNSSEC_ZONE_RR_ITER_NSEC3: + nsec3 = i->nsec3_name->nsec; + + /* next nsec3 */ + do { + i->nsec3_node + = ldns_rbtree_next(i->nsec3_node); + i->nsec3_name + = i->nsec3_node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name*)i->nsec3_node->data; + + /* names for glue can be in the hashed_names + * tree, but will not have a NSEC3 + */ + } while (i->nsec3_name && !i->nsec3_name->nsec); + + dnssec_zone_rr_iter_set_state_for_next_name(i); + return nsec3; + + case DNSSEC_ZONE_RR_ITER_FINI: + return NULL; + } + } +} + +static ldns_rr * +dnssec_zone_rr_iter_first(dnssec_zone_rr_iter *i, ldns_dnssec_zone *zone) +{ + if (!i || !zone) + return NULL; + + memset(i, 0, sizeof(*i)); + i->zone = zone; + if (zone->soa && zone->soa->name) { + i->apex_name = zone->soa->name; + i->apex_labs = ldns_dname_label_count(i->apex_name); + } else + i->apex_name = NULL; + + + i->node = ldns_rbtree_first(zone->names); + i->name = i->node == LDNS_RBTREE_NULL ? NULL + : (ldns_dnssec_name *)i->node->data; + + if (zone->hashed_names) { + do { + i->nsec3_node = ldns_rbtree_first(zone->hashed_names); + i->nsec3_name = i->nsec3_node == LDNS_RBTREE_NULL ?NULL + : (ldns_dnssec_name*)i->nsec3_node->data; + } while (i->nsec3_name && !i->nsec3_name->nsec); + } + dnssec_zone_rr_iter_set_state_for_next_name(i); + return dnssec_zone_rr_iter_next(i); +} + +enum enum_zonemd_scheme { + ZONEMD_SCHEME_FIRST = 1, + ZONEMD_SCHEME_SIMPLE = 1, + ZONEMD_SCHEME_LAST = 1 +}; +typedef enum enum_zonemd_scheme zonemd_scheme; + +enum enum_zonemd_hash { + ZONEMD_HASH_FIRST = 1, + ZONEMD_HASH_SHA384 = 1, + ZONEMD_HASH_SHA512 = 2, + ZONEMD_HASH_LAST = 2 +}; +typedef enum enum_zonemd_hash zonemd_hash; + +struct struct_zone_digester { + ldns_sha384_CTX sha384_CTX; + ldns_sha512_CTX sha512_CTX; + unsigned simple_sha384 : 1; + unsigned simple_sha512 : 1; + unsigned double_sha384 : 1; + unsigned double_sha512 : 1; +}; +typedef struct struct_zone_digester zone_digester; + +INLINE bool zone_digester_set(zone_digester *zd) +{ return zd && (zd->simple_sha384 || zd->simple_sha512); } + +INLINE void zone_digester_init(zone_digester *zd) +{ memset(zd, 0, sizeof(*zd)); } + +static ldns_status +zone_digester_add(zone_digester *zd, zonemd_scheme scheme, zonemd_hash hash) +{ + if (!zd) + return LDNS_STATUS_NULL; + + switch (scheme) { + case ZONEMD_SCHEME_SIMPLE: + switch (hash) { + case ZONEMD_HASH_SHA384: + if (zd->double_sha384) + return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE; + + else if (zd->simple_sha384) { + zd->simple_sha384 = 0; + zd->double_sha384 = 1; + return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE; + } + ldns_sha384_init(&zd->sha384_CTX); + zd->simple_sha384 = 1; + break; + + case ZONEMD_HASH_SHA512: + if (zd->double_sha512) + return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE; + + else if (zd->simple_sha512) { + zd->simple_sha512 = 0; + zd->double_sha512 = 1; + return LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE; + } + ldns_sha512_init(&zd->sha512_CTX); + zd->simple_sha512 = 1; + break; + default: + return LDNS_STATUS_ZONEMD_UNKNOWN_HASH; + } + break; + default: + return LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME; + } + return LDNS_STATUS_OK; +} + +static ldns_status +zone_digester_update(zone_digester *zd, ldns_rr *rr) +{ + uint8_t data[65536]; + ldns_buffer buf; + ldns_status st; + + buf._data = data; + buf._position = 0; + buf._limit = sizeof(data); + buf._capacity = sizeof(data); + buf._fixed = 1; + buf._status = LDNS_STATUS_OK; + + if ((st = ldns_rr2buffer_wire_canonical(&buf, rr, LDNS_SECTION_ANSWER))) + return st; + + if (zd->simple_sha384) + ldns_sha384_update(&zd->sha384_CTX, data, buf._position); + + if (zd->simple_sha512) + ldns_sha512_update(&zd->sha512_CTX, data, buf._position); + + return LDNS_STATUS_OK; +} + +INLINE ldns_rr * +new_zonemd(ldns_rr *soa, zonemd_hash hash) +{ + ldns_rr *rr = NULL; + uint8_t *data = NULL; + ldns_rdf *rdf; + size_t md_len = hash == ZONEMD_HASH_SHA384 + ? LDNS_SHA384_DIGEST_LENGTH + : LDNS_SHA512_DIGEST_LENGTH; + + if (!(rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_ZONEMD))) + return NULL; + + if (!(rdf = ldns_rdf_clone(ldns_rr_owner(soa)))) + goto error; + + ldns_rr_set_owner(rr, rdf); + ldns_rr_set_class(rr, ldns_rr_get_class(soa)); + ldns_rr_set_ttl(rr, ldns_rr_ttl(soa)); + + if (!(rdf = ldns_rdf_clone(ldns_rr_rdf(soa, 2)))) + goto error; + ldns_rr_set_rdf(rr, rdf, 0); + + if (!(rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, 1))) + goto error; + ldns_rr_set_rdf(rr, rdf, 1); + + if (!(rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, hash))) + goto error; + ldns_rr_set_rdf(rr, rdf, 2); + + if (!(data = LDNS_XMALLOC(uint8_t, md_len))) + goto error; + + if (!(rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, md_len, data))) + goto error; + ldns_rr_set_rdf(rr, rdf, 3); + + return rr; +error: + if (data) + LDNS_FREE(data); + ldns_rr_free(rr); + return NULL; +} + +static ldns_rr_list * +zone_digester_export( + zone_digester *zd, ldns_rr *soa, ldns_status *ret_st) +{ + ldns_status st = LDNS_STATUS_OK; + ldns_rr_list *rr_list = NULL; + ldns_rr *sha384 = NULL; + ldns_rr *sha512 = NULL; + + if (!zd || !soa) + st = LDNS_STATUS_NULL; + + else if (ldns_rr_get_type(soa) != LDNS_RR_TYPE_SOA + || ldns_rr_rd_count(soa) < 3) + st = LDNS_STATUS_ZONEMD_INVALID_SOA; + + else if (!(rr_list = ldns_rr_list_new())) + st = LDNS_STATUS_MEM_ERR; + + else if (zd->simple_sha384 + && !(sha384 = new_zonemd(soa, ZONEMD_HASH_SHA384))) + st = LDNS_STATUS_MEM_ERR; + + else if (zd->simple_sha512 + && !(sha512 = new_zonemd(soa, ZONEMD_HASH_SHA512))) + st = LDNS_STATUS_MEM_ERR; + + else if (zd->simple_sha384 + && !ldns_rr_list_push_rr(rr_list, sha384)) + st = LDNS_STATUS_MEM_ERR; + + else if (zd->simple_sha512 + && !ldns_rr_list_push_rr(rr_list, sha512)) { + if (zd->simple_sha384) + sha384 = NULL; /* deleted by ldns_rr_list_deep_free */ + st = LDNS_STATUS_MEM_ERR; + + } else { + if (sha384) + ldns_sha384_final( ldns_rdf_data(ldns_rr_rdf(sha384,3)) + , &zd->sha384_CTX); + if (sha512) + ldns_sha512_final( ldns_rdf_data(ldns_rr_rdf(sha512,3)) + , &zd->sha512_CTX); + return rr_list; + } + if (ret_st) + *ret_st = st; + if (sha384) + ldns_rr_free(sha384); + if (sha512) + ldns_rr_free(sha512); + if (rr_list) + ldns_rr_list_deep_free(rr_list); + return NULL; +} + +static ldns_status +ldns_digest_zone(ldns_dnssec_zone *zone, zone_digester *zd) +{ + ldns_status st = LDNS_STATUS_OK; + dnssec_zone_rr_iter rr_iter; + ldns_rr *rr; + ldns_rdf *apex_name; /* name of zone apex */ + + if (!zone || !zd || !zone->soa || !zone->soa->name) + return LDNS_STATUS_NULL; + + apex_name = zone->soa->name; + for ( rr = dnssec_zone_rr_iter_first(&rr_iter, zone) + ; rr && !st + ; rr = dnssec_zone_rr_iter_next(&rr_iter)) { + /* Skip apex ZONEMD RRs */ + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_ZONEMD + && !ldns_dname_compare(ldns_rr_owner(rr), apex_name)) + continue; + /* Skip RRSIGs for apex ZONEMD RRs */ + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG + && LDNS_RR_TYPE_ZONEMD == ldns_rdf2rr_type( + ldns_rr_rrsig_typecovered(rr)) + && !ldns_dname_compare(ldns_rr_owner(rr), apex_name)) + continue; + st = zone_digester_update(zd, rr); + } + return st; +} + +ldns_status +ldns_dnssec_zone_verify_zonemd(ldns_dnssec_zone *zone) +{ + ldns_dnssec_rrsets *zonemd, *soa; + zone_digester zd; + ldns_dnssec_rrs *rrs; + ldns_rr *soa_rr; + ldns_status st; + uint8_t simple_sha384[LDNS_SHA384_DIGEST_LENGTH]; + uint8_t simple_sha512[LDNS_SHA512_DIGEST_LENGTH]; + size_t valid_zonemds; + + if (!zone) + return LDNS_STATUS_NULL; + + zonemd = ldns_dnssec_zone_find_rrset( + zone, zone->soa->name, LDNS_RR_TYPE_ZONEMD); + if (!zonemd) { + ldns_rbnode_t *nsec3_node; + + /* we need proof of non-existence for ZONEMD at the apex */ + if (zone->soa->nsec) { + if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap( + zone->soa->nsec), + LDNS_RR_TYPE_ZONEMD)) + return LDNS_STATUS_NO_ZONEMD; + + } else if (!zone->soa->hashed_name || !zone->hashed_names) + return LDNS_STATUS_NO_ZONEMD; + + else if (LDNS_RBTREE_NULL == + (nsec3_node = ldns_rbtree_search( zone->hashed_names + , zone->soa->hashed_name))) + return LDNS_STATUS_NO_ZONEMD; + else { + ldns_dnssec_name *nsec3 + = (ldns_dnssec_name *)nsec3_node->data; + if (ldns_nsec_bitmap_covers_type(ldns_nsec_get_bitmap( + nsec3->nsec), + LDNS_RR_TYPE_ZONEMD)) + return LDNS_STATUS_NO_ZONEMD; + } + /* ZONEMD at apex does really not exist */ + return LDNS_STATUS_OK; + } + soa = ldns_dnssec_zone_find_rrset( + zone, zone->soa->name, LDNS_RR_TYPE_SOA); + if (!soa || !soa->rrs || !soa->rrs->rr) + return LDNS_STATUS_ZONEMD_INVALID_SOA; + + soa_rr = soa->rrs->rr; + if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA + || ldns_rr_rd_count(soa_rr) < 3) + return LDNS_STATUS_ZONEMD_INVALID_SOA; + + zone_digester_init(&zd); + for (rrs = zonemd->rrs; rrs; rrs = rrs->next) { + if (!rrs->rr + || ldns_rr_get_type(rrs->rr) != LDNS_RR_TYPE_ZONEMD + || ldns_rr_rd_count(rrs->rr) < 4) + continue; + + /* serial should match SOA's serial */ + if (ldns_rdf2native_int32(ldns_rr_rdf(soa_rr, 2)) + != ldns_rdf2native_int32(ldns_rr_rdf(rrs->rr, 0))) + continue; + + /* Add (scheme, hash) to digester */ + zone_digester_add(&zd, + ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 1)), + ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 2))); + } + if (!zone_digester_set(&zd)) + return LDNS_STATUS_NO_VALID_ZONEMD; + + if ((st = ldns_digest_zone(zone, &zd))) + return st; + + if (zd.simple_sha384) + ldns_sha384_final(simple_sha384, &zd.sha384_CTX); + if (zd.simple_sha512) + ldns_sha512_final(simple_sha512, &zd.sha512_CTX); + + valid_zonemds = 0; + for (rrs = zonemd->rrs; rrs; rrs = rrs->next) { + if (!rrs->rr + || ldns_rr_get_type(rrs->rr) != LDNS_RR_TYPE_ZONEMD + || ldns_rr_rd_count(rrs->rr) < 4) + continue; + + /* serial should match SOA's serial */ + if (ldns_rdf2native_int32(ldns_rr_rdf(soa_rr, 2)) + != ldns_rdf2native_int32(ldns_rr_rdf(rrs->rr, 0))) + continue; + + if (ZONEMD_SCHEME_SIMPLE != + ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr, 1))) + continue; + + if (ZONEMD_HASH_SHA384 + == ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr,2)) + && LDNS_SHA384_DIGEST_LENGTH + == ldns_rdf_size(ldns_rr_rdf(rrs->rr, 3)) + && memcmp( simple_sha384 + , ldns_rdf_data(ldns_rr_rdf(rrs->rr, 3)) + , LDNS_SHA384_DIGEST_LENGTH) == 0) + + valid_zonemds += 1; + + if (ZONEMD_HASH_SHA512 + == ldns_rdf2native_int8(ldns_rr_rdf(rrs->rr,2)) + && LDNS_SHA512_DIGEST_LENGTH + == ldns_rdf_size(ldns_rr_rdf(rrs->rr, 3)) + && memcmp( simple_sha512 + , ldns_rdf_data(ldns_rr_rdf(rrs->rr, 3)) + , LDNS_SHA512_DIGEST_LENGTH) == 0) + + valid_zonemds += 1; + } + return valid_zonemds ? LDNS_STATUS_OK : LDNS_STATUS_NO_VALID_ZONEMD; +} + +#ifdef HAVE_SSL +static ldns_status +rr_list2dnssec_rrs(ldns_rr_list *rr_list, ldns_dnssec_rrs **rrs, + ldns_rr_list *new_rrs) +{ + ldns_rr *rr = NULL; + + if (!rr_list || !rrs) + return LDNS_STATUS_NULL; + + if (ldns_rr_list_rr_count(rr_list) == 0) + return LDNS_STATUS_OK; + + if (!*rrs) { + if (!(*rrs = ldns_dnssec_rrs_new())) + return LDNS_STATUS_MEM_ERR; + (*rrs)->rr = ldns_rr_list_pop_rr(rr_list); + if (new_rrs) + ldns_rr_list_push_rr(new_rrs, (*rrs)->rr); + } + while ((rr = ldns_rr_list_pop_rr(rr_list))) { + ldns_status st; + + if ((st = ldns_dnssec_rrs_add_rr(*rrs, rr))) { + ldns_rr_list_push_rr(rr_list, rr); + return st; + } else if (new_rrs) + ldns_rr_list_push_rr(new_rrs, rr); + } + return LDNS_STATUS_OK; +} + + +ldns_status +dnssec_zone_equip_zonemd(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, ldns_key_list *key_list, int signflags); +ldns_status +dnssec_zone_equip_zonemd(ldns_dnssec_zone *zone, + ldns_rr_list *new_rrs, ldns_key_list *key_list, int signflags) +{ + ldns_status st = LDNS_STATUS_OK; + zone_digester zd; + ldns_rr_list *zonemd_rr_list = NULL; + ldns_rr_list *zonemd_rrsigs = NULL; + ldns_dnssec_rrsets *soa_rrset; + ldns_rr *soa_rr = NULL; + ldns_dnssec_rrsets **rrset_ref; + ldns_dnssec_rrsets *zonemd_rrset; + + zone_digester_init(&zd); + if (signflags & LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA384) + zone_digester_add(&zd, ZONEMD_SCHEME_SIMPLE + , ZONEMD_HASH_SHA384); + + if (signflags & LDNS_SIGN_WITH_ZONEMD_SIMPLE_SHA512) + zone_digester_add(&zd, ZONEMD_SCHEME_SIMPLE + , ZONEMD_HASH_SHA512); + + if ((st = ldns_digest_zone(zone, &zd))) + return st; + + soa_rrset = ldns_dnssec_zone_find_rrset( + zone, zone->soa->name, LDNS_RR_TYPE_SOA); + if (!soa_rrset || !soa_rrset->rrs || !soa_rrset->rrs->rr) + return LDNS_STATUS_ZONEMD_INVALID_SOA; + soa_rr = soa_rrset->rrs->rr; + + if (!(zonemd_rr_list = zone_digester_export(&zd, soa_rr, &st))) + return st; + + /* - replace or add ZONEMD rrset */ + rrset_ref = &zone->soa->rrsets; /* scan rrsets at apex */ + while (*rrset_ref && (*rrset_ref)->type < LDNS_RR_TYPE_ZONEMD) + rrset_ref = &(*rrset_ref)->next; + if (*rrset_ref && (*rrset_ref)->type == LDNS_RR_TYPE_ZONEMD) { + /* reuse zonemd rrset */ + zonemd_rrset = *rrset_ref; + ldns_dnssec_rrs_free(zonemd_rrset->rrs); + zonemd_rrset->rrs = NULL; + ldns_dnssec_rrs_free(zonemd_rrset->signatures); + zonemd_rrset->signatures = NULL; + } else { + /* insert zonemd rrset */ + zonemd_rrset = ldns_dnssec_rrsets_new(); + if (!zonemd_rrset) { + ldns_rr_list_deep_free(zonemd_rr_list); + return LDNS_STATUS_MEM_ERR; + } + zonemd_rrset->type = LDNS_RR_TYPE_ZONEMD; + zonemd_rrset->next = *rrset_ref; + *rrset_ref = zonemd_rrset; + } + if ((zonemd_rrsigs = ldns_sign_public(zonemd_rr_list, key_list))) + st = rr_list2dnssec_rrs( zonemd_rrsigs + , &zonemd_rrset->signatures, new_rrs); + if (!st) + st = rr_list2dnssec_rrs( zonemd_rr_list + , &zonemd_rrset->rrs, new_rrs); + ldns_rr_list_deep_free(zonemd_rr_list); + ldns_rr_list_deep_free(zonemd_rrsigs); + return st; +} + +#endif /* HAVE_SSL */ + diff --git a/zonemaster-ldns/ldns/doc/API-header.xml b/zonemaster-ldns/ldns/doc/API-header.xml new file mode 100644 index 0000000..eac42fc --- /dev/null +++ b/zonemaster-ldns/ldns/doc/API-header.xml @@ -0,0 +1,109 @@ + + + + + + + + + + + + + + +LibDNS API + + NLnet Labs +
+ + Kruislaan 419 + Amsterdam + 1098 VA + The Netherlands + + miek@nlnetlabs.nl + http://www.nlnetlabs.nl +
+ + + NLnet Labs +
+ + Kruislaan 419 + Amsterdam + 1098 VA + The Netherlands + + jelte@nlnetlabs.nl + http://www.nlnetlabs.nl +
+ + + NLnet Labs +
+ + Kruislaan 419 + Amsterdam + 1098 VA + The Netherlands + + erik@nlnetlabs.nl + http://www.nlnetlabs.nl +
+ + +DNS +Elite +Hacking + + +A small abstract will come here, TBD. + + + + + + +
+ +LibDNS (or lDNS) is modelled after the Net::DNS perl library. It has +been shown that Net::DNS can be used efficiently for +programming DNS aware applications. We want to bring the same +level of efficiency to C programmers. + + +The lDNS API consist of two layers. The top-layer, this is +what is actually exported to the application via the library. And the +bottom-layer, this is what lDNS needs to compile and function. + +
+ +
+ +Short intermezzo detailing differences with other libraries. Most important +ones are the libc resolver interface (from BIND8) and the lwres_ interface +from BIND9. + +
+ +
+ +At its lowest level lDNS is only dependent on libc. It uses a +few networking systems calls; socket, bind, send/recv and friends. + + +Further more it is to be expected that lDNS will depend on OpenSSL for +its cryptography. + + +As said, lDNS is modelled after Net::DNS, therefore its application API +looks very much like the one used for Net::DNS. Some modification are made +of course, because not all functionality of Perl can be caught in C. + + + +This API document was written by carefully looking at the documentation +contained in the Net::DNS Perl module. + +
diff --git a/zonemaster-ldns/ldns/doc/API.xml b/zonemaster-ldns/ldns/doc/API.xml new file mode 100644 index 0000000..3d873d8 --- /dev/null +++ b/zonemaster-ldns/ldns/doc/API.xml @@ -0,0 +1,462 @@ + + + + + + + + + + + + + + +LibDNS API + + NLnet Labs +
+ + Kruislaan 419 + Amsterdam + 1098 VA + The Netherlands + + miek@nlnetlabs.nl + http://www.nlnetlabs.nl +
+ + + NLnet Labs +
+ + Kruislaan 419 + Amsterdam + 1098 VA + The Netherlands + + jelte@nlnetlabs.nl + http://www.nlnetlabs.nl +
+ + + NLnet Labs +
+ + Kruislaan 419 + Amsterdam + 1098 VA + The Netherlands + + erik@nlnetlabs.nl + http://www.nlnetlabs.nl +
+ + +DNS +Elite +Hacking + + +A small abstract will come here, TBD. + + + + + + +
+ +LibDNS (or lDNS) is modelled after the Net::DNS perl library. It has +been shown that Net::DNS can be used efficiently for +programming DNS aware applications. We want to bring the same +level of efficiency to C programmers. + + +The lDNS API consist of two layers. The top-layer, this is +what is actually exported to the application via the library. And the +bottom-layer, this is what lDNS needs to compile and function. + +
+ +
+ +Short intermezzo detailing differences with other libraries. Most important +ones are the libc resolver interface (from BIND8) and the lwres_ interface +from BIND9. + +
+ +
+ +At its lowest level lDNS is only dependent on libc. It uses a +few networking systems calls; socket, bind, send/recv and friends. + + +Further more it is to be expected that lDNS will depend on OpenSSL for +its cryptography. + + +As said, lDNS is modelled after Net::DNS, therefore its application API +looks very much like the one used for Net::DNS. Some modification are made +of course, because not all functionality of Perl can be caught in C. + + + +This API document was written by carefully looking at the documentation +contained in the Net::DNS Perl module. + +
+ +
+ +The rdf structure, the RData Field, is a type that contains the different +types in the rdata of an RR. Consider the following example: + +example.com. IN MX 10 mx.example.com. + +The "10 mx.example.com." is the rdata in this case. It consists of two +fields, "10" and "mx.example.com". These have the types (in this case) +LDNS_RDF_TYPE_INT8 and LDNS_RDF_TYPE_DNAME. + + +The following functions operate on this structure. + + + + +Create a new rdf structure. Return a pointer to it. + + +Get the size of a rdf structure. + + +Set the size of a rdf structure. + + +Set the type of a rdf structure. + + +Get the type of a rdf structure. + + +Set the (binary/network order) data of a rdf structure. + + +Get a pointer to the data in a rdf structure. + + +Free a rdf structure. + + +Create a new rdf structure from a string and a specific rdf_type. +The type is needed to perform the correct conversion. + + + +
+ +
+ +These functions operate on ldns_rr structures. + + + + +Returns a pointer to the newly created ldns_rr structure. + + +Prints the record to the stream s. + + +Returns a pointer to a ldns_buffer containing with string containing +RR-specific data. + + +Returns the record's owner name as a ldns_rdf type. + + +Returns the record's type. + + +Returns the record's class. + + +Returns the record's time-to-live (TTL). + + + + + +TODO the 'set' functions of the 'get' + +
+ +
+ +In the DNS the atomic data type is an RRset. This is a list +of RRs with the same ownername, type and class. Net::DNS doesn't +have rrsets as a separate object. + + +In lDNS we have the ldns_rr_list, which just holds a bunch of RR's. +No specific check are made on the RRs that can be put in such a list. +Special wrapper functions exist which allow the usage of ldns_rr_list +of real (RFC compliant) RR sets. + + +TODO: See rr.c + +
+ +
+ + + +Create a new resolver structure and return the pointer to that. + + +Returns the version of lDNS. + + +Returns a ldns_pkt representing the MX records +for the specified dname. Function is documented differently in Net::DNS. +Do we need stuff like this?? XXX + + + Set the default domain for this resolver. This domain is added + when a query is made with a name without a trailing dot. + + + + +Add a new nameserver to the resolver. These nameservers are queried + when a search() or query() is done. + + + + Add a domain to the searchlist of a resolver. + + + Perform a query. Try all the nameservers in the *res structure. Apply + the search list. And default domain. +If type is NULL it defaults to 'A', +If class is NULL it default to 'IN'. + + +Perform a query. Only the default domain is added. +If type is NULL it defaults to 'A', +If class is NULL it default to 'IN'. + + +No search list nor default domain is applied. Return a pointer to a ldns_pkt +structure with the information from the nameserver. +If type is NULL it defaults to 'A', +If class is NULL it default to 'IN'. + + + + +TODO XX Gazillion helper functions to set port, src-port, etc. etc. + +
+ +
+ +A packet structure (ldns_pkt) has five sections: + +The header section, a ldns_hdr structure. +The question section, a ldns_rr_list structure. +The answer section, a ldns_rr_list structure. +The authority section, a ldns_rr_list structure. +The additional section, a ldns_rr_list structure. + + + + + +ldns_hdr represents the header section of a DNS packet. + + +A list of RRs in the Question section of a DNS packet. + + +A list of RRs in the Question section of a DNS packet. + + +A list of RRs in the Question section of a DNS packet. + + +A list of RRs in the Question section of a DNS packet. + + + + + + + +Creates a new empty packet. + + +Returns the packet data in binary format, suitable for sending to a +nameserver. [XXX, suitable for sending to a NS?] + + +Returns a ldns_hdr structure representing the header section of +the packet. + + + Returns a pointer to a ldns_rr_list representing the question section +of the packet. + + + Returns a pointer to a ldns_rr_list representing the answer section of +the packet. + + + +Returns a pointer to a ldns_rr_list representing the authority section +of the packet. + + + +Returns a pointer to a ldns_rr_list of representing the additional +section of the packet. + + + +Prints the packet data on the standard output in an ASCII format similar +to that used in DNS zone files. See RFC1035. + + + +Returns a ldns_buffer containing the string representation of the packet. + + + +Returns the IP address from which we received this packet. User-created +packets will return NULL. + + + +Returns the size of the packet in bytes as it was received from a +nameserver. User-created packets will return 0. [XXX +user-created??] + + + +Adds *rr to the specified section of the packet. Return LDNS_STATUS_OK +on success, LDNS_STATUS_ERR otherwise. + + + +Adds *rr to the specified section of the packet provided that the RR +does not already exist in the packet. Return LDNS_STATUS_OK +on success, LDNS_STATUS_ERR otherwise. + + +Removes a RR from the specified section of the packet. Returns NULL if +no RR's could be popped. + + +Retrieve all RRs in a packet matching certain criteria. XXX function needs +to be specified better. + + +Print packet p to stream s. + + + + +
+ +
+ +Some resource records can have special access function no other RR has. +Those are detailed here. XXX TODO don't exist (yet?). + +
+ +
+ +insert your long list here. + +
+ +
+ +A small example, which queries a nameserver on localhost +to display the MX records for miek.nl. + + + +
+ +/** + * An example ldns program + * In semi-C code + * + * Setup a resolver + * Query a nameserver + * Print the result + */ + +#include <ldns.h> + +int +main(void) +{ + ldns_resolver *res; + ldns_rdf *default_dom; + ldns_rdf *nameserver; + ldns_rdf *qname; + ldns_pkt *pkt; + + /* init */ + res = ldns_resolver_new(); + if (!res) + return 1; + + /* create a default domain and add it */ + default_dom = ldns_rdf_new_frm_str("miek.nl.", LDNS_RDF_TYPE_DNAME); + nameserver = ldns_rdf_new_frm_str("127.0.0.1", LDNS_RDF_TYPE_A); + + if (ldns_resolver_domain(res, default_dom) != LDNS_STATUS_OK) + return 1; + if (ldns_resolver_nameserver_push(res, nameserver) != LDNS_STATUS_OK) + return 1; + + /* setup the question */ + qname = ldns_rdf_new_frm_str("www", LDNS_RDF_TYPE_DNAME); + + /* fire it off. "miek.nl." will be added */ + pkt = ldns_resolver_query(res, qname, LDNS_RR_TYPE_MX, NULL); + + /* print the resulting pkt to stdout */ + ldns_pkt_print(stdout, pkt); + + return 0; +} + +
+ +
+ + + + + diff --git a/zonemaster-ldns/ldns/doc/CodingStyle b/zonemaster-ldns/ldns/doc/CodingStyle new file mode 100644 index 0000000..693fdd3 --- /dev/null +++ b/zonemaster-ldns/ldns/doc/CodingStyle @@ -0,0 +1,64 @@ +The libdns coding style guide + +* Use of tabs (real tabs, 8 positions long) +* Spaces only after comma's, and in between operators. + And after keywords (if, while, for) +* Underscores to make long names readable +* prefix (exported) identifiers with 'ldns_' +* no unneeded parentheses after 'return' +* always curly brackets in if-statements +* use defines for (weird) constants, and masks +* type 'bool', constants 'true'/'false'. Don't compare bools for + equality. +* always use LDNS_MALLOC/FREE etc, or the new/free/deep_free functions +* buffer can scale, so don't alloc the max size, but the min size +* make lint (uses splint) is your friend + + +* Return values: + - status code (structure to fill is usually passed as a first argument) + - new/pointer: return pointer or NULL on error + - 'read' functions: ldns_status wire2thing(uint8_t *p, size_t max, + size_t pos, *thing); + - void functions like ldns_rr_free + - bool functions + +* Parameter sequence: (dest, [dest_meta, ] src, [src_meta] etc) +* structure/union field names start with _ when "private" +* enum for rcode, opcode, types etc, + example: + enum ldns_rcode { + LDNS_RCODE_OK = 0, + ... = ., + LDNS_RCODE_FIRST = LDNS_RCODE_OK, + LDNS_RCODE_LAST = 15, + LDNS_RCODE_COUNT = LDNS_RCODE_LAST + 1 + } +* Everything by reference, all data structures an optional _clone() function +* arrays: ps[] with size_t p_count for the number of elements +* _size for size in bytes +* _free and _clone copies perform deep free/copy. + +* Standard abbreviations, don't abbreviate other names: + + id = identity + rr = resource record + rrset = resource record set + rdata = resource data + rdf = resource data field + rcode = result code + qr = query/resource bit + aa = authoritative answer + tc = truncated + rd = recursion disabled + cd = checking disabled + ra = recursion available + ad = authentic data + qdcount = question section count + ancount = answer section count + nscount = authority section count + arcount = additional section count + +ldns- +* use exit(EXIT_FAILURE)/ exit(EXIT_SUCCESS) +* diff --git a/zonemaster-ldns/ldns/doc/TODO b/zonemaster-ldns/ldns/doc/TODO new file mode 100644 index 0000000..be5e0a3 --- /dev/null +++ b/zonemaster-ldns/ldns/doc/TODO @@ -0,0 +1,14 @@ +TODO + +Features: +* Drill: print appropriate DS RRs (relates to Bug #355) +* ldns-signzone optout to be really optout +* Compression when generating wireformat. Preferably with a configurable + policy: refer only backwards, case sensitivity, only refer to other owner + names, etc. + +Bugfixes: +* Bug #279: fix return values for net.h functions, and related: make return + values for functions that cannot return memory-failure today. Needs medium + version increase because of API change. +* Lazy ABI diff --git a/zonemaster-ldns/ldns/doc/design.dox b/zonemaster-ldns/ldns/doc/design.dox new file mode 100644 index 0000000..a4cbead --- /dev/null +++ b/zonemaster-ldns/ldns/doc/design.dox @@ -0,0 +1,124 @@ +/** \page design Design + +The following image shows the various modules of libdns and their +functionality. + +\image html libdnsoverview.png + +\section central_structures Central structures + + - \ref ldns_pkt A DNS Packet, which can contain a query, answers, and additional information. + - \ref ldns_rr A Resource Record, which holds a bit of information about a specific domain name. + - \ref ldns_rdf An RDATA field, every Resource Record contains one or more RDATA fields, depending on the type of RR. These are the 'basic types' of DNS data. + - \ref ldns_rr_list A list of resource records + - \ref ldns_zone A representation of a DNS Zone. + +The actual structure definitions are named \c ldns_struct_ which are all typedeffed to \c ldns_ + + +A DNS Resource record looks like this: + +
+nlnetlabs.nl.   600     IN      MX             10    open.nlnetlabs.nl.
+ \              \       \       \              \                     /
+  owner          ttl     class   type           \        rdf[]      /
+  (rdf)     (uint32_t) (rr_class) (rr_type)
+                                                 10          := rdf[0]
+                                                 open.nlnetlabs.nl. := rdf[1]
+
+ +* Owner: +The owner name is put in an \c ldns_rdf structure, which is a normal rdata field but always +has the type LDNS_RDF_TYPE_DNAME. + +An \ref ldns_rdf structure has 3 members; the size, the type of rdata and a void * +pointer to the data. The data is always in uncompressed wireformat. + +The RSH (rdata) is put in an array of rdf's (in this case 2). + +The entire resource record is put in a RR structure, which has +the fields described above (under the RR): + - owner (nlnetlabs.nl.) + - ttl (600) + - class (LDNS_RR_CLASS_IN: 'IN') + - type (LDNS_RR_TYPE_MX: 'MX') + - rd_count (2) + - rdata_fields[rd_count] + - rdf[0] (10) + - rdf[1] (open.nlnetlabs.nl.) + +* RR list structure: +An RR list structure is simply a structure with a counter +and an array of RR structures. Different kinds of RR's can +be grouped together this way. + +* RRset structure: +An RRset structure is an RR list structure, but its accessor +function checks if the \c ldns_rr structures in there are: + - from the same type + - have the same TTL + - have the same ownername + +This is the RFC definition of an RRset. + +* pkt structure: +A pkt structure consists out of a header structure where +packet specific flags are kept, TC, RD, IP from the server which +sent the packet, etc. +Further more it is divided in 4 sections: question, authority, answer +and additional. + +All four sections have the type RRlist that simply hold a list of RR's + + +\section wire_module Wire module and central structures Interface + +As the WIRE module takes care of the compression/decompression +it needs a buffer which holds all the binary DNS data. +All functions will operate on such a buffer to extract specific +information which is then stored in RR structures. + + +\section resolver_module Resolver module and central structures Interface + +The resolver module always returns a pkt structure. Either with +the answer or a SERVFAIL pkt. + +The exact function-call parameters have not yet been +decided on. + +Also the resolver module will need to access some of the +to_wire and from_wire function to creates ldn_pkt's from +the data it receives (arrow not drawn). + + +\section str_module str module and central structures Interface + +Convert to and from strings. This module could be used +to read in a zone file (list of RRs) and convert the text strings to +the format used by ldns. Or the other way around. + + +\section net_module Net module and resolver module interface + +The resolver module will get a packet and will mold it so that +it can be sent off to a nameserver. +It might need to interface with the wire module (arrow not drawn). + +\section Net module and OS/libc interface +OS/network calls will be used here. The Net module is the only part of +the library where the underlying OS matters. + +\section Client program ldns interface +Any client program will have access to +- Wire module +- Central structures +- Resolver module +- str module (arrow not drawn in the above figure) + +\section dnssec_module DNSSEC module +The DNSSEC types are handled in the RR module, but the crypto +routines are contained in this module. This module will depend +on OpenSSL for the crypto routines. + +*/ diff --git a/zonemaster-ldns/ldns/doc/dns-lib-implementations b/zonemaster-ldns/ldns/doc/dns-lib-implementations new file mode 100644 index 0000000..4951ffa --- /dev/null +++ b/zonemaster-ldns/ldns/doc/dns-lib-implementations @@ -0,0 +1,56 @@ +http://www.posadis.org/projects/poslib.php +Poslib DNS library - Default branch + +http://www.posadis.org/poslib?DokuWiki=2b00f9da090fb9d4ad3d6e98b9c2f61f + +Poslib is the C++ library for applications using the Domain Name System +that is used by all Posadis tools, including the Posadis DNS server and the +Zoneedit and Dnsquery tools. It consists of a library for creating client +applications using DNS, and a server library for DNS servers. + + +FireDNS Library +http://firestuff.org/projects/firedns +FireDNS Library +--------------- +(c) 2002 Ian Gulliver under the GNU Public License, Version 2. +See GPL for more details. + +From libfiredns(3): + +libfiredns is a library for handling asynchronous DNS +requests. It provides a very simple interface for sending +requests and parsing responses, as well as low-timeout +blocking functions. libfiredns functions have much lower +timeouts than the stock functions and tend to be faster +because they send requests to all configured system +nameservers at the same time. + +If you have questions or comments, you can reach me at +ian@penguinhosting.net. + + + +skadns + + Skadns is Kind of an Asynchronous DNS client software. + + * Kind of: it's small. Really small. But it just works. + * Asynchronous: all DNS operations are non-blocking. + * DNS client software: it's a DNS client, what you may know as a "stub resolver". To perform full DNS resolution, you will still need a full resolver like dnscache. + + Similar work + + * ares is an asynchronous DNS resolver library with a nice interface + * and more configuration options than skadns (and a very reasonable + * size). Use it if you find that skadns lacks configurability (you + * shouldn't need more than it provides, but well, you're the user). + * Yet it doesn't hide the DNS internals as opaquely as skadns does, + * giving you a bunch of fds to select() on instead of just one. + * adns works fine, and is small for a GNU project. Impressive. But + * the interface is still too complex and much too generic - the + * usual problems with GNU software. + + +ADNS; documentation scares - is it still active +simular aims - different ways diff --git a/zonemaster-ldns/ldns/doc/doxyparse.pl b/zonemaster-ldns/ldns/doc/doxyparse.pl new file mode 100755 index 0000000..a66340e --- /dev/null +++ b/zonemaster-ldns/ldns/doc/doxyparse.pl @@ -0,0 +1,341 @@ +#!/usr/bin/env perl + +# Doxygen is useful for html documentation, but sucks +# in making manual pages. Still tool also parses the .h +# files with the doxygen documentation and creates +# the man page we want +# +# 2 way process +# 1. All the .h files are processed to create in file in which: +# filename | API | description | return values +# are documented +# 2. Another file is parsed which states which function should +# be grouped together in which manpage. Symlinks are also created. +# +# With this all in place, all documentation should be autogenerated +# from the doxydoc. + +use Getopt::Std; + +my $state; +my $description; +my $struct_description; +my $key; +my $return; +my $param; +my $api; +my $const; + +my %description; +my %api; +my %return; +my %options; +my %manpages; +my %see_also; + +my $BASE="doc/man"; +my $MAN_SECTION = "3"; +my $MAN_HEADER = ".ad l\n.TH ldns $MAN_SECTION \"30 May 2006\"\n"; +my $MAN_MIDDLE = ".SH AUTHOR +The ldns team at NLnet Labs. + +.SH REPORTING BUGS +Please report bugs to dns-team\@nlnetlabs.nl or on +GitHub at https://github.com/NLnetLabs/ldns/issues + +.SH COPYRIGHT +Copyright (c) 2004 - 2006 NLnet Labs. +.PP +Licensed under the BSD License. There is NO warranty; not even for +MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. +"; +my $MAN_FOOTER = ".SH REMARKS +This manpage was automatically generated from the ldns source code. +"; + +getopts("em:",\%options); +# if -m manpage file is given process that file +# parse the file which tells us what manpages go together +my $functions, $see_also, $shorts; +my $i = 0; +my $report_errors = defined $options{'e'}; +my $errors = 0; +my %unique; + +if (defined $options{'m'}) { + # process + open(MAN, "<$options{'m'}") or die "Cannot open $options{'m'}"; + # it's line based: + # func1, func2, .. | see_also1, see_also2, ... + while() { + chomp; + $i += 1; + if (/^#/) { next; } + if (/^$/) { next; } + my @parts = split /[\t ]*\|[\t ]*/, $_; + $functions = shift @parts; + @parts = split /[\t ]*-[\t ]*/, join ', ', @parts; + $see_also = shift @parts; + if (! $see_also) { + @parts = split /[\t ]*-[\t ]*/, $_; + $functions = shift @parts; + } + #print "{$functions}\n"; + #print "{$see_also}\n"; + my @funcs = split /[\t ]*,[\t ]*/, $functions; + my @also = split /[\t ]*,[\t ]*/, $see_also; + $manpages{$funcs[0]} = \@funcs; + $see_also{$funcs[0]} = \@also; + $shorts{$funcs[0]} = join '', @parts; + foreach (@funcs) { + if ($unique{$_}) { + push @{$unique{$_}}, ($i,); + } else { + $unique{$_} = [$i]; + } + } + #print "[", $funcs[0], "]\n"; + } + close(MAN); + while (($func, $lines) = each %unique ) { + if (scalar @$lines > 1) { + print STDERR "$func in function_manpages on lines: " + . join(", ",@$lines) . "\n" if $report_errors; + $errors += 1; + } + } +} else { + print "Need -m file to process the .h files\n"; + exit 1; +} + +# 0 - somewhere in the file +# 1 - in a doxygen par +# 2 - after doxygen, expect function + +# create our pwd +mkdir "doc"; +mkdir "doc/man"; +mkdir "doc/man/man$MAN_SECTION"; + +$state = 0; +$i = 0; +my @lines = ; +my $max = @lines; + +while($i < $max) { + $typedef = ""; + if ($lines[$i] =~ /^typedef struct/ and $lines[$i + 1] =~ /^struct/) { + # move typedef to below struct + $typedef = $lines[$i]; + $j = $i; + while ($lines[$j] !~ /}/) { + $lines[$j] = $lines[$j+1]; + $j++; + } + $lines[$j] = $lines[$j+1]; + $lines[$j + 1] = $typedef; + } + + $cur_line = $lines[$i]; + chomp($cur_line); + if ($cur_line =~ /^\/\*\*[\t ]*$/) { + # /** Seen + #print "Comment seen! [$cur_line]\n"; + $state = 1; + undef $description; + undef $struct_description; + $i++; + next; + } + if ($cur_line =~ /\*\// and $state == 1) { + #print "END Comment seen!\n"; + if ($description =~ /^\\\\file/mg) { + # Doxygen text for the file, do not expect + # a function coming. + # + $state = 0; + } else { + $state = 2; + } + $i++; + next; + } + + if ($state == 1) { + # inside doxygen + $cur_line =~ s/\\/\\\\/g; + $cur_line =~ s/^[ \t]*\* ?//; + $description = $description . "\n" . $cur_line; + #$description = $description . "\n.br\n" . $cur_line; + } + if ($state == 2 and $cur_line =~ /const/) { + # the const word exists in the function call + #$const = "const"; + #s/[\t ]*const[\t ]*//; + } else { + #undef $const; + } + + if ($cur_line =~ /^INLINE/) { + $cur_line =~ s/^INLINE\s*//; + while ($cur_line !~ /{/) { + $i++; + $cur_line .= " ".$lines[$i]; + $cur_line =~ s/\n//; + } + $cur_line =~ s/{/;/; + } + + if ($cur_line =~ /^[^#*\/ ]([\w\*]+)[\t ]+(.*?)[({](.*)\s*/ and $state == 2) { + while ($cur_line !~ /\)\s*;/) { + $i++; + $cur_line .= $lines[$i]; + chomp($cur_line); + $cur_line =~ s/\n/ /g; + $cur_line =~ s/\s\s*/ /g; + } + $cur_line =~ /([\w\* ]+)[\t ]+(.*?)\((.*)\)\s*;/; + # this should also end the current comment parsing + $return = $1; + $key = $2; + $api = $3; + # sometimes the * is stuck to the function + # name instead to the return type + if ($key =~ /^\*/) { + #print"Name starts with *\n"; + $key =~ s/^\*//; + if (defined($const)) { + $return = $const . " " . $return . '*'; + } else { + $return = $return . '*'; + } + } + $description =~ s/\\param\[in\][ \t]*([\*\w]+)[ \t]+/.br\n\\fB$1\\fR: /g; + $description =~ s/\\param\[out\][ \t]*([\*\w]+)[ \t]+/.br\n\\fB$1\\fR: /g; + $description =~ s/\\return[ \t]*/.br\nReturns /g; + + # Delete leading spaces to prevent manpages to be ascii format- + # ted and enable justification of text. + # + $description =~ s/^[ \t]*//mg; + + # Prevent hyphening of all caps and underscore words + $description =~ s/\b([A-Z_]+)\b/\\%$1/g; + + $description{$key} = $description; + $api{$key} = $api; + $return{$key} = $return; + undef $description; + undef $struct_description; + $state = 0; + } elsif ($state == 2 and ( + $cur_line =~ /^typedef\sstruct\s(\w+)\s(\w+);/ or + $cur_line =~ /^typedef\senum\s(\w+)\s(\w+);/)) { + $struct_description .= "\n.br\n" . $cur_line; + $key = $2; + $struct_description =~ s/\/\*\*\s*(.*?)\s*\*\//\\fB$1:\\fR/g; + $description{$key} = $struct_description; + $api{$key} = "struct"; + $return{$key} = $1; + undef $description; + undef $struct_description; + $state = 0; + } else { + $struct_description .= "\n.br\n" . $cur_line; + } + $i++; +} + +# create the manpages +foreach (keys %manpages) { + $name = $manpages{$_}; + $also = $see_also{$_}; + my $shrt = $shorts{$_}; + + $filename = @$name[0]; + $filename = "$BASE/man$MAN_SECTION/$filename.$MAN_SECTION"; + + my $symlink_file = @$name[0] . "." . $MAN_SECTION; + +# print STDOUT $filename,"\n"; + open (MAN, ">$filename") or die "Can not open $filename"; + + print MAN $MAN_HEADER; + print MAN ".SH NAME\n"; + print MAN join ", ", @$name; + if ($shrt) { + print MAN " \\- $shrt"; + } + print MAN "\n\n"; + print MAN ".SH SYNOPSIS\n"; + + print MAN "#include \n.br\n"; + print MAN "#include \n.br\n"; + + print MAN ".PP\n"; + print MAN "#include \n"; + print MAN ".PP\n"; + + foreach (@$name) { + $b = $return{$_}; + $b =~ s/\s+$//; + if ($api{$_} ne "struct") { + print MAN $b, " ", $_; + print MAN "(", $api{$_},");\n"; + print MAN ".PP\n"; + } + } + + print MAN "\n.SH DESCRIPTION\n"; + foreach (@$name) { + print MAN ".HP\n"; + print MAN "\\fI", $_, "\\fR"; + if ($api{$_} ne "struct") { + print MAN "()"; + } +# print MAN ".br\n"; + print MAN $description{$_}; + print MAN "\n.PP\n"; + } + + print MAN $MAN_MIDDLE; + + if (@$also) { + print MAN "\n.SH SEE ALSO\n\\fI"; + print MAN join "\\fR, \\fI", @$also; + print MAN "\\fR.\nAnd "; + print MAN "\\fBperldoc Net::DNS\\fR, \\fBRFC1034\\fR, +\\fBRFC1035\\fR, \\fBRFC4033\\fR, \\fBRFC4034\\fR and \\fBRFC4035\\fR.\n"; + } else { + print MAN ".SH SEE ALSO +\\fBperldoc Net::DNS\\fR, \\fBRFC1034\\fR, +\\fBRFC1035\\fR, \\fBRFC4033\\fR, \\fBRFC4034\\fR and \\fBRFC4035\\fR.\n"; + } + + print MAN $MAN_FOOTER; + + # create symlinks + chdir("$BASE/man$MAN_SECTION"); + foreach (@$name) { + print STDOUT $_,"\n"; + my $new_file = $_ . "." . $MAN_SECTION; + if ($new_file eq $symlink_file) { + next; + } + #print STDOUT "\t", $new_file, " -> ", $symlink_file, "\n"; + symlink $symlink_file, $new_file; + } + chdir("../../.."); # and back, tricky and fragile... + close(MAN); +} +foreach (keys %api) { + next if (/ / || /^$/); + if (not $unique{$_}) { + print STDERR "no man page for $_\n" if $report_errors; + #$errors += 1; + } +} + +exit ($report_errors and $errors != 0); diff --git a/zonemaster-ldns/ldns/doc/function_manpages b/zonemaster-ldns/ldns/doc/function_manpages new file mode 100644 index 0000000..8f53f85 --- /dev/null +++ b/zonemaster-ldns/ldns/doc/function_manpages @@ -0,0 +1,220 @@ +# first function name will be the real name of the manpage +# other names are aliases (symlinks) +# all functions specified on the same line are included in the +# same manual page. We cannot deal with linebreaks! +# function named after the pipe `|' are put in the "see also" section + +# functions that must be included, separated by commas + +### host2wire.h +# conversion functions +ldns_rr2wire, ldns_pkt2wire, ldns_rdf2wire | ldns_wire2rr, ldns_wire2pkt, ldns_wire2rdf - conversion functions +# lower level conversions, some are from host2str.h +ldns_pkt2buffer_str, ldns_pktheader2buffer_str, ldns_rr2buffer_str, ldns_rr_list2buffer_str, ldns_rdf2buffer_str, ldns_key2buffer_str, ldns_pkt2buffer_wire, ldns_rr2buffer_wire, ldns_rdf2buffer_wire, ldns_rrsig2buffer_wire, ldns_rr_rdata2buffer_wire | ldns_pkt2str, ldns_rr2str, ldns_rdf2str, ldns_rr_list2str, ldns_key2str - lower level conversions +### /host2wire.h + +### host2str.h +ldns_rr2str, ldns_pkt2str, ldns_rdf2str, ldns_rr_list2str, ldns_key2str | ldns_rr_print, ldns_rdf_print, ldns_pkt_print, ldns_rr_list_print, ldns_resolver_print, ldns_zone_print - functions for conversions to string +### /host2str.h + +### host2str.h +# and even lower +ldns_rdf2buffer_str_a, ldns_rdf2buffer_str_aaaa, ldns_rdf2buffer_str_str, ldns_rdf2buffer_str_b64, ldns_rdf2buffer_str_hex, ldns_rdf2buffer_str_type, ldns_rdf2buffer_str_class, ldns_rdf2buffer_str_alg, ldns_rdf2buffer_str_loc, ldns_rdf2buffer_str_unknown, ldns_rdf2buffer_str_nsap, ldns_rdf2buffer_str_wks, ldns_rdf2buffer_str_nsec, ldns_rdf2buffer_str_period, ldns_rdf2buffer_str_tsigtime, ldns_rdf2buffer_str_apl, ldns_rdf2buffer_str_int16_data, ldns_rdf2buffer_str_int16, ldns_rdf2buffer_str_ipseckey - lower level to string conversion functions +### /host2str.h + +### wire2host.h +# wirefunctions +ldns_wire2rr, ldns_wire2pkt, ldns_wire2rdf, ldns_wire2dname | ldns_rr2wire, ldns_pkt2wire, ldns_rdf2wire, ldns_dname2wire - convert from wire format to host type +ldns_buffer2pkt_wire - convert buffer/wire format to ldns_pkt +### /wire2host.h + +### dname.h +ldns_dname_left_chop, ldns_dname_label_count - dname label functions +ldns_dname2canonical - canonicalize dname +ldns_dname_cat_clone, ldns_dname_cat - concatenate two dnames +ldns_dname_new, ldns_dname_new_frm_str, ldns_dname_new_frm_data | ldns_pkt_query_new_frm_str, ldns_rdf_new_frm_str, ldns_rr_new_frm_str - create a dname +ldns_dname_is_subdomain, ldns_dname_str_absolute, ldns_dname_label - check properties of dnames +ldns_dname_compare, ldns_dname_interval | ldns_dname_is_subdomain - compare two dnames +### /dname.h + +### dane.h +ldns_dane_create_tlsa_rr, ldns_dane_create_tlsa_owner, ldns_dane_cert2rdf, ldns_dane_select_certificate | ldns_dane_verify, ldns_dane_verify_rr - TLSA RR creation functions +ldns_dane_verify, ldns_dane_verify_rr | ldns_dane_create_tlsa_owner, ldns_dane_cert2rdf, ldns_dane_select_certificate, ldns_dane_create_tlsa_rr - TLSA RR verification functions +### /dane.h + +### rdata.h +ldns_rdf, ldns_rdf_type | ldns_rdf_set_size, ldns_rdf_set_type, ldns_rdf_set_data, ldns_rdf_size, ldns_rdf_get_type, ldns_rdf_data, ldns_rdf_compare, ldns_rdf_new, ldns_rdf_clone, ldns_rdf_new_frm_data, ldns_rdf_new_frm_str, ldns_rdf_new_frm_fp, ldns_rdf_free, ldns_rdf_deep_free, ldns_rdf_print, ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t, ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t, ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t - rdata field type +ldns_rdf_set_size, ldns_rdf_set_type, ldns_rdf_set_data | ldns_rdf - set rdf attributes +ldns_rdf_size, ldns_rdf_get_type, ldns_rdf_data, ldns_rdf_compare | ldns_rdf - get rdf attributes +ldns_rdf_new, ldns_rdf_clone, ldns_rdf_new_frm_data, ldns_rdf_new_frm_str, ldns_rdf_new_frm_fp, ldns_rdf_free, ldns_rdf_deep_free, ldns_rdf_print | ldns_rdf - ldns_rdf creation, destruction and printing +ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t | ldns_rdf - rdf numeric conversion functions +ldns_rdf_address_reverse | ldns_rdf - reverse an address rdf +ldns_octet | ldns_rdf - removes escaped from the input +# why is this in rdata.h? +ldns_str2period - converts a ttl value (like 5d2h) to a long +### /rdata.h + +### higher.h +ldns_get_rr_list_addr_by_name, ldns_get_rr_list_name_by_addr | ldns_rr_list, ldns_rr - get addresses by name or names by address +ldns_get_rr_list_hosts_frm_file, ldns_get_rr_list_hosts_frm_fp, ldns_get_rr_list_hosts_frm_fp_l | ldns_rr_list, ldns_rr - parse /etc/hosts file +ldns_getaddrinfo - mimic libc getaddrinfo +### /higher.h + +# +### dnssec.h +# +# algs +ldns_verify_rrsig_dsa, ldns_verify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5 | ldns_key, ldns_sign_public, ldns_zone_sign, ldns_verify, ldns_verify_rrsig - verify signature data buffers + +# tsig +ldns_pkt_tsig_verify, ldns_pkt_tsig_sign | ldns_key - tsig signing and verification + +# verify +ldns_verify, ldns_verify_rrsig, ldns_verify_rrsig_keylist, ldns_verify_rrsig_keylist_notime, ldns_verify_notime | ldns_verify_rrsig_evp | ldns_verify_rrsig_dsa, ldns_verify_rrsig_rsasha1, ldns_verify_rrsig_rsamd5, ldns_sign_public, ldns_zone_sign, ldns_key - verify rrsigs + +# convert +ldns_key_buf2dsa, ldns_key_buf2rsa | ldns_key_rr2ds - convert buffer to openssl key +ldns_key_rr2ds | ldns_key - create DS rr from DNSKEY rr +ldns_create_nsec | ldns_sign_public - Create a NSEC record + +# signing +ldns_sign_public | ldns_sign_public_dsa, ldns_sign_public_rsamd5, ldns_sign_public_rsasha1, ldns_verify, ldns_verify_rrsig, ldns_key - sign an rrset +ldns_sign_public_dsa, ldns_sign_public_rsamd5, ldns_sign_public_rsasha1 | ldns_sign_public - sign buffer +ldns_init_random | ldns_sign_public, ldns_key - seed the random function +ldns_pkt_verify | ldns_verify, ldns_sign_public, ldns_zone_sign - verify a packet +ldns_zone_sign, ldns_zone_sign_nsec3 - dnssec sign a zone + +# new family of dnssec functions +ldns_dnssec_zone, ldns_dnssec_name, ldns_dnssec_rrs, ldns_dnssec_rrsets | ldns_dnssec_zone_new, ldns_dnssec_name_new, ldns_dnssec_rrs_new, ldns_dnssec_rrsets_new - data structures +ldns_dnssec_zone_find_rrset, ldns_dnssec_zone_new, ldns_dnssec_zone_free, ldns_dnssec_zone_add_rr, ldns_dnssec_zone_names_print, ldns_dnssec_zone_print, ldns_dnssec_zone_add_empty_nonterminals | ldns_dnssec_zone - functions for ldns_dnssec_zone +ldns_dnssec_name_new, ldns_dnssec_name_new_frm_rr, ldns_dnssec_name_free, ldns_dnssec_name_name, ldns_dnssec_name_set_name, ldns_dnssec_name_set_nsec, ldns_dnssec_name_cmp, ldns_dnssec_name_add_rr, ldns_dnssec_name_find_rrset, ldns_dnssec_name_print | ldns_dnssec_zone - functions for ldns_dnssec_name +ldns_dnssec_rrsets_new, ldns_dnssec_rrsets_free, ldns_dnssec_rrsets_type, ldns_dnssec_rrsets_set_type, ldns_dnssec_rrsets_add_rr, ldns_dnssec_rrsets_print | ldns_dnssec_zone - functions for ldns_dnssec_rrsets +ldns_dnssec_rrs_new, ldns_dnssec_rrs_free, ldns_dnssec_rrs_add_rr, ldns_dnssec_rrs_print | ldns_dnssec_zone - functions for ldns_dnssec-rrs + +# verification +ldns_dnssec_data_chain, ldns_dnssec_data_chain_struct, ldns_dnssec_trust_tree | ldns_dnssec_data_chain_new, ldns_dnssec_trust_tree_new, ldns_dnssec_verify_denial - data structures for validation chains +ldns_dnssec_data_chain_new, ldns_dnssec_data_chain_free, ldns_dnssec_data_chain_deep_free, ldns_dnssec_build_data_chain, ldns_dnssec_data_chain_print | ldns_dnssec_data_chain - ldns_chain creation, destruction and printing +ldns_dnssec_trust_tree_new, ldns_dnssec_trust_tree_free, ldns_dnssec_trust_tree_depth, ldns_dnssec_derive_trust_tree, ldns_dnssec_trust_tree_contains_keys, ldns_dnssec_trust_tree_print, ldns_dnssec_trust_tree_print_sm, ldns_dnssec_trust_tree_add_parent, ldns_dnssec_derive_trust_tree_normal_rrset, ldns_dnssec_derive_trust_tree_dnskey_rrset, ldns_dnssec_derive_trust_tree_ds_rrset, ldns_dnssec_derive_trust_tree_no_sig | ldns_dnssec_data_chain, ldns_dnssec_trust_tree - functions for ldns_dnssec_trust_tree +ldns_dnssec_verify_denial, ldns_dnssec_verify_denial_nsec3 | ldns_dnssec_trust_tree, ldns_dnssec_data_chain - verify denial of existence + +# new signing functions +ldns_dnssec_zone_sign, ldns_dnssec_zone_sign_nsec3, ldns_dnssec_zone_mark_glue, ldns_dnssec_name_node_next_nonglue, ldns_dnssec_zone_create_nsecs, ldns_dnssec_remove_signatures, ldns_dnssec_zone_create_rrsigs | ldns_dnssec_zone - sign ldns_dnssec_zone + +### /dnssec.h + +### dnskey.h +ldns_key_new, ldns_key_new_frm_algorithm, ldns_key_new_frm_fp, ldns_key_new_frm_fp_l, ldns_key_new_frm_fp_rsa, ldns_key_new_frm_fp_rsa_l, ldns_key_new_frm_fp_dsa, ldns_key_new_frm_fp_dsa_l | ldns_key - create a ldns_key +ldns_key_list_new - create a ldns_key_list +# access, write +ldns_key_set_algorithm, ldns_key_set_rsa_key, ldns_key_set_dsa_key, ldns_key_set_hmac_key, ldns_key_set_origttl, ldns_key_set_inception, ldns_key_set_expiration, ldns_key_set_pubkey_owner, ldns_key_set_keytag, ldns_key_set_flags, ldns_key_list_set_key_count, ldns_key_algo_supported | ldns_key_push_key, ldns_key - set ldns_key attributes +ldns_key_list_push_key, ldns_key_list_pop_key | ldns_key - manipulate ldns_key_list +# access, read +ldns_key_list_key_count, ldns_key_list_key, ldns_key_rsa_key, ldns_key_dsa_key, ldns_key_algorithm, ldns_key_hmac_key, ldns_key_origttl, ldns_key_inception, ldns_key_expiration, ldns_key_keytag, ldns_key_pubkey_owner, ldns_key_flags | ldns_key - read ldns_keys +# convert +ldns_key2rr | ldns_key - convert ldns_key to rr +ldns_key_free, ldns_key_deep_free, ldns_key_list_free | ldns_key - free a ldns_key +# +ldns_key_print | ldns_key_new, ldns_key - print a ldns_key +ldns_calc_keytag, ldns_calc_keytag_raw | ldns_key - calculate ldns keytag +ldns_key | ldns_key_new, ldns_key_new_frm_algorithm,ldns_key_new_frm_fp,ldns_key_new_frm_fp_l, ldns_key_new_frm_fp_rsa, ldns_key_new_frm_fp_rsa_l, ldns_key_new_frm_fp_dsa, ldns_key_new_frm_fp_dsa_l, ldns_key_list_new, ldns_key_set_algorithm, ldns_key_set_rsa_key, ldns_key_set_dsa_key, ldns_key_set_hmac_key, ldns_key_set_origttl, ldns_key_set_inception, ldns_key_set_expiration, ldns_key_set_pubkey_owner, ldns_key_set_keytag, ldns_key_set_flags, ldns_key_list_set_key_count, ldns_key_list_push_key, ldns_key_list_pop_key, ldns_key_list_key_count, ldns_key_list_key, ldns_key_rsa_key, ldns_key_dsa_key, ldns_key_algorithm, ldns_key_hmac_key, ldns_key_origttl, ldns_key_inception, ldns_key_expiration, ldns_key_keytag, ldns_key_pubkey_owner, ldns_key_flags, ldns_key2rr, ldns_key_free, ldns_key_deep_free, ldns_key_list_free, ldns_key_print - ldns_key data structure +### /dnskey.h + +### MIEK TOT HIER TOT HIER + +# error.h +ldns_get_errorstr_by_id, ldns_status - errors + +### net.h +ldns_send | ldns_pkt, ldns_resolver - send a packet +ldns_tcp_send_query, ldns_tcp_read_wire, ldns_tcp_connect | ldns_send, ldns_pkt, ldns_resolver - tcp queries +### /net.h + +### buffer.h +# general +ldns_buffer, ldns_buffer_new, ldns_buffer_new_frm_data, ldns_buffer_clear, ldns_buffer_printf, ldns_buffer_free, ldns_buffer_copy, ldns_buffer_export, ldns_buffer_export2str, ldns_buffer2str | ldns_buffer_flip, ldns_buffer_rewind, ldns_buffer_position, ldns_buffer_set_position, ldns_buffer_skip, ldns_buffer_limit, ldns_buffer_set_limit, ldns_buffer_capacity, ldns_buffer_set_capacity, ldns_buffer_reserve, ldns_buffer_at, ldns_buffer_begin, ldns_buffer_end, ldns_buffer_current, ldns_buffer_remaining_at, ldns_buffer_remaining, ldns_buffer_available_at, ldns_buffer_available, ldns_buffer_status, ldns_buffer_status_ok, ldns_buffer_write_at, ldns_buffer_write, ldns_buffer_write_string_at, ldns_buffer_write_string, ldns_buffer_write_u8_at, ldns_buffer_write_u8, ldns_buffer_write_u16_at, ldns_buffer_write_u16, ldns_buffer_read_at, ldns_buffer_read, ldns_buffer_read_u8_at, ldns_buffer_read_u8, ldns_buffer_read_u16_at, ldns_buffer_read_u16, ldns_buffer_read_u32_at, ldns_buffer_read_u32, ldns_buffer_write_u32, ldns_buffer_write_u32_at - buffers +# position +ldns_buffer_flip, ldns_buffer_rewind, ldns_buffer_position, ldns_buffer_set_position, ldns_buffer_skip | ldns_buffer - buffer positioning +# values and pointers +ldns_buffer_limit, ldns_buffer_set_limit, ldns_buffer_capacity, ldns_buffer_set_capacity, ldns_buffer_reserve, ldns_buffer_at, ldns_buffer_begin, ldns_buffer_end, ldns_buffer_current | ldns_buffer - buffer limits and pointers +# info +ldns_buffer_remaining_at, ldns_buffer_remaining, ldns_buffer_available_at, ldns_buffer_available, ldns_buffer_status, ldns_buffer_status_ok | ldns_buffer - check buffer status +# read and write +ldns_buffer_write_at, ldns_buffer_write, ldns_buffer_write_string_at, ldns_buffer_write_string, ldns_buffer_write_u8_at, ldns_buffer_write_u8, ldns_buffer_write_u16_at, ldns_buffer_write_u16, ldns_buffer_read_at, ldns_buffer_read, ldns_buffer_read_u8_at, ldns_buffer_read_u8, ldns_buffer_read_u16_at, ldns_buffer_read_u16, ldns_buffer_read_u32_at, ldns_buffer_read_u32, ldns_buffer_write_u32, ldns_buffer_write_u32_at | ldns_buffer - reading and writing buffers +### /buffer.h + +# parse.h +ldns_bget_token, ldns_bgetc, ldns_bskipcs | ldns_buffer - get tokens from buffers +ldns_fget_token, ldns_fskipcs | ldns_buffer - get tokens from files + +# rr.h and other general rr funcs +ldns_rr, ldns_rr_class, ldns_rr_type, ldns_rr_compress, ldns_rr_list | ldns_rr_new, ldns_rr_new_frm_type, ldns_rr_new_frm_str, ldns_rr_new_frm_fp, ldns_rr_free, ldns_rr_print, ldns_rr_set_owner, ldns_rr_set_ttl, ldns_rr_set_type, ldns_rr_set_rd_count, ldns_rr_set_class, ldns_rr_set_rdf, ldns_rr_push_rdf, ldns_rr_pop_rdf, ldns_rr_rdf, ldns_rr_owner, ldns_rr_rd_count, ldns_rr_ttl, ldns_rr_get_class, ldns_rr_list_rr_count, ldns_rr_list_set_rr_count, ldns_rr_list_new, ldns_rr_list_free, ldns_rr_list_cat, ldns_rr_list_push_rr, ldns_rr_list_pop_rr, ldns_is_rrset, ldns_rr_set_push_rr, ldns_rr_set_pop_rr, ldns_get_rr_class_by_name, ldns_get_rr_type_by_name, ldns_rr_list_clone, ldns_rr_list_sort, ldns_rr_compare, ldns_rr_compare_ds, ldns_rr_uncompressed_size, ldns_rr2canonical, ldns_rr_label_count, ldns_is_rrset, ldns_rr_descriptor, ldns_rr_descript - types representing dns resource records +ldns_rr_new, ldns_rr_new_frm_type, ldns_rr_new_frm_str, ldns_rr_new_frm_fp, ldns_rr_free, ldns_rr_print | ldns_rr, ldns_rr_list - ldns_rr creation, destruction and printing +ldns_rr_set_owner, ldns_rr_set_ttl, ldns_rr_set_type, ldns_rr_set_rd_count, ldns_rr_set_class, ldns_rr_set_rdf | ldns_rr, ldns_rr_list - set ldns_rr attributes +ldns_rr_push_rdf, ldns_rr_pop_rdf | ldns_rr, ldns_rr_list - push and pop rdata fields +ldns_rr_rdf, ldns_rr_owner, ldns_rr_rd_count, ldns_rr_ttl, ldns_rr_get_class | ldns_rr, ldns_rr_list - access rdata fields on ldns_rr +ldns_rr_list_rr_count, ldns_rr_list_set_rr_count | ldns_rr, ldns_rr_list - get and set ldns_rr_list length +ldns_rr_list_new, ldns_rr_list_free | ldns_rr, ldns_rr_list - ldns_rr_list creation and destruction +ldns_rr_list_cat, ldns_rr_list_push_rr, ldns_rr_list_pop_rr | ldns_rr, ldns_rr_list - ldns_rr_list manipulation +ldns_is_rrset | ldns_rr, ldns_rr_list - is rr_list a rrset +ldns_rr_set_push_rr, ldns_rr_set_pop_rr | ldns_rr, ldns_rr_list - push and pop rr on a rrset +ldns_get_rr_class_by_name, ldns_get_rr_type_by_name | ldns_rr, ldns_rr_list - lookup class or type by name +ldns_rr_list_clone | ldns_rr, ldns_rr_list - clone a ldns_rr_list +ldns_rr_list_sort | ldns_rr, ldns_rr_list - sort a ldns_rr_list +ldns_rr_compare, ldns_rr_compare_ds | ldns_rr, ldns_rr_list - compare a ldns_rr +ldns_rr_uncompressed_size | ldns_rr, ldns_rr_list - calculates the uncompressed size of an RR +ldns_rr2canonical | ldns_rr, ldns_rr_list - canonicalize a RR +ldns_rr_label_count | ldns_rr, ldns_rr_list - return ownername label count + +# rr descriptors +ldns_rr_descriptor, ldns_rr_descript, ldns_rr_descriptor_minimum, ldns_rr_descriptor_maximum, ldns_rr_descriptor_field_type | ldns_rr, ldns_rdf - rdata field descriptors + +# packet.h +ldns_pkt, ldns_pkt_section, ldns_pkt_type | ldns_pkt_new, ldns_pkt_free, ldns_pkt_print, ldns_pkt_query_new, ldns_pkt_query_new_frm_str, ldns_pkt_reply_type, ldns_pkt_id, ldns_pkt_qr, ldns_pkt_aa, ldns_pkt_tc, ldns_pkt_rd, ldns_pkt_cd, ldns_pkt_ra, ldns_pkt_ad, ldns_pkt_get_opcode, ldns_pkt_get_rcode, ldns_pkt_qdcount, ldns_pkt_ancount, ldns_pkt_nscount, ldns_pkt_arcount, ldns_pkt_answerfrom, ldns_pkt_querytime, ldns_pkt_size, ldns_pkt_tsig, ldns_pkt_question, ldns_pkt_answer, ldns_pkt_authority, ldns_pkt_additional, ldns_pkt_get_section_clone, ldns_pkt_rr_list_by_name, ldns_pkt_rr_list_by_type, ldns_pkt_rr_list_by_name_and_type, ldns_pkt_set_flags, ldns_pkt_set_id, ldns_pkt_set_qr, ldns_pkt_set_aa, ldns_pkt_set_tc, ldns_pkt_set_rd, ldns_pkt_set_cd, ldns_pkt_set_ra, ldns_pkt_set_ad, ldns_pkt_set_opcode, ldns_pkt_set_rcode, ldns_pkt_set_qdcount, ldns_pkt_set_ancount, ldns_pkt_set_nscount, ldns_pkt_set_arcount, ldns_pkt_set_answerfrom, ldns_pkt_set_querytime, ldns_pkt_set_size, ldns_pkt_set_section_count, ldns_pkt_set_tsig, ldns_pkt_edns, ldns_pkt_edns_udp_size, ldns_pkt_edns_extended_rcode, ldns_pkt_edns_version, ldns_pkt_edns_z, ldns_pkt_edns_unassigned, ldns_pkt_edns_data, ldns_pkt_set_edns_udp_size, ldns_pkt_set_edns_extended_rcode, ldns_pkt_set_edns_version, ldns_pkt_set_edns_z, ldns_pkt_set_edns_unassigned, ldns_pkt_set_edns_data - request or answer packets types + +ldns_pkt_new, ldns_pkt_free, ldns_pkt_print, ldns_pkt_query_new, ldns_pkt_query_new_frm_str, ldns_pkt_reply_type | ldns_pkt - ldns_pkt creation, destruction and printing +# gets +ldns_pkt_id, ldns_pkt_qr, ldns_pkt_aa, ldns_pkt_tc, ldns_pkt_rd, ldns_pkt_cd, ldns_pkt_ra, ldns_pkt_ad, ldns_pkt_get_opcode, ldns_pkt_get_rcode, ldns_pkt_qdcount, ldns_pkt_ancount, ldns_pkt_nscount, ldns_pkt_arcount, ldns_pkt_answerfrom, ldns_pkt_querytime, ldns_pkt_size, ldns_pkt_tsig, ldns_pkt_question, ldns_pkt_answer, ldns_pkt_authority, ldns_pkt_additional, ldns_pkt_get_section_clone, ldns_pkt_rr_list_by_name, ldns_pkt_rr_list_by_type, ldns_pkt_rr_list_by_name_and_type | ldns_pkt - get ldns_pkt attributes +# sets +ldns_pkt_set_flags, ldns_pkt_set_id, ldns_pkt_set_qr, ldns_pkt_set_aa, ldns_pkt_set_tc, ldns_pkt_set_rd, ldns_pkt_set_cd, ldns_pkt_set_ra, ldns_pkt_set_ad, ldns_pkt_set_opcode, ldns_pkt_set_rcode, ldns_pkt_set_qdcount, ldns_pkt_set_ancount, ldns_pkt_set_nscount, ldns_pkt_set_arcount, ldns_pkt_set_answerfrom, ldns_pkt_set_querytime, ldns_pkt_set_size, ldns_pkt_set_section_count, ldns_pkt_set_tsig | ldns_pkt - set ldns_pkt attributes +# EDNS0 +ldns_pkt_edns, ldns_pkt_edns_udp_size, ldns_pkt_edns_extended_rcode, ldns_pkt_edns_version, ldns_pkt_edns_z, ldns_pkt_edns_data, ldns_pkt_set_edns_udp_size, ldns_pkt_set_edns_extended_rcode, ldns_pkt_set_edns_version, ldns_pkt_set_edns_z, ldns_pkt_set_edns_data | ldns_pkt - ldns_pkt ends0 related functions + +# rr_functions.h +ldns_rr_ns_nsdname - get dname rdata field from NS RR +# +ldns_rr_mx_preference, ldns_rr_mx_exchange - get MX RR rdata fields +# +ldns_rr_rrsig_typecovered, ldns_rr_rrsig_set_typecovered, ldns_rr_rrsig_algorithm, ldns_rr_rrsig_set_algorithm, ldns_rr_rrsig_labels, ldns_rr_rrsig_set_labels, ldns_rr_rrsig_origttl, ldns_rr_rrsig_set_origttl, ldns_rr_rrsig_expiration, ldns_rr_rrsig_set_expiration, ldns_rr_rrsig_inception, ldns_rr_rrsig_set_inception, ldns_rr_rrsig_keytag, ldns_rr_rrsig_set_keytag, ldns_rr_rrsig_signame, ldns_rr_rrsig_set_signame, ldns_rr_rrsig_sig, ldns_rr_rrsig_set_sig - get and set RRSIG RR rdata fields +# +ldns_rr_dnskey_flags, ldns_rr_dnskey_set_flags, ldns_rr_dnskey_protocol, ldns_rr_dnskey_set_protocol, ldns_rr_dnskey_algorithm, ldns_rr_dnskey_set_algorithm, ldns_rr_dnskey_key, ldns_rr_dnskey_set_key | ldns_rr - get and set DNSKEY RR rdata fields + +### zone.h +ldns_zone, ldns_zone_new, ldns_zone_free, ldns_zone_deep_free, ldns_zone_new_frm_fp, ldns_zone_new_frm_fp_l, ldns_zone_print, ldns_zone_print_fmt - ldns_zone creation, destruction and printing +ldns_zone_sort, ldns_zone_glue_rr_list | ldns_zone - sort a zone and get the glue records +ldns_zone_push_rr, ldns_zone_push_rr_list | ldns_zone - add rr's to a ldns_zone +ldns_zone_set_rrs, ldns_zone_set_soa | ldns_zone, ldns_zone_rrs, ldns_zone_soa - ldns_zone set content +ldns_zone_rrs, ldns_zone_soa | ldns_zone ldns_zone_set_rrs - ldns_zone get content +ldns_zone_rr_count | ldns_zone - get ldns_zone size + +### update.h +ldns_update_pkt_new | ldns_update_pkt_tsig_add, ldns_update_pkt_tsig_add, ldns_update_zocount, ldns_update_prcount, ldns_update_upcount, ldns_update_adcount, ldns_update_set_zocount, ldns_update_set_prcount, ldns_update_set_upcount, ldns_update_set_adcount - create an update packet + +ldns_update_pkt_tsig_add | ldns_update_pkt_new - add resolver's tsig credentials to an ldns_pkt +ldns_update_zocount, ldns_update_prcount, ldns_update_upcount, ldns_update_adcount | ldns_update_pkt_new - return update packet counters +ldns_update_set_zocount, ldns_update_set_prcount, ldns_update_set_upcount, ldns_update_set_adcount | ldns_update_pkt_new - set the update packet counters + +### keys.h +ldns_algorithm - numbers assigned to algorithms used in dns + + +ldns_axfr_start, ldns_axfr_next, ldns_axfr_abort, ldns_axfr_complete, ldns_axfr_last_pkt - functions for full zone transfer + +ldns_b32_ntop_calculate_size, ldns_b32_pton_calculate_size, ldns_b64_ntop_calculate_size, ldns_b64_pton_calculate_size - return size needed for b32 or b64 encoded or decoded data + +ldns_duration_type, ldns_duration_create, ldns_duration_create_from_string, ldns_duration_cleanup, ldns_duration_compare, ldns_duration2string, ldns_duration2time - duration type and related functions + +ldns_bubblebabble - encode data as BubbleBabble + +ldns_version - return library version + + diff --git a/zonemaster-ldns/ldns/doc/header.html b/zonemaster-ldns/ldns/doc/header.html new file mode 100644 index 0000000..a3520ad --- /dev/null +++ b/zonemaster-ldns/ldns/doc/header.html @@ -0,0 +1,55 @@ + + + + + + + +$projectname: $title +$title + + + +$treeview +$search +$mathjax + +$extrastylesheet + + +
+ + +
+ + + + + + + + + + + + + + + + + + + + + +
+
$projectname +  $projectnumber +
+
$projectbrief
+ 		+
$projectbrief
+ 		$searchbox
+
+ + diff --git a/zonemaster-ldns/ldns/doc/images/LogoInGradientBar2-y100.png b/zonemaster-ldns/ldns/doc/images/LogoInGradientBar2-y100.png new file mode 100644 index 0000000..0e75361 Binary files /dev/null and b/zonemaster-ldns/ldns/doc/images/LogoInGradientBar2-y100.png differ diff --git a/zonemaster-ldns/ldns/doc/images/libdnsoverview.png b/zonemaster-ldns/ldns/doc/images/libdnsoverview.png new file mode 100644 index 0000000..a6b3131 Binary files /dev/null and b/zonemaster-ldns/ldns/doc/images/libdnsoverview.png differ diff --git a/zonemaster-ldns/ldns/doc/images/libdnsoverview.svg b/zonemaster-ldns/ldns/doc/images/libdnsoverview.svg new file mode 100644 index 0000000..e463b41 --- /dev/null +++ b/zonemaster-ldns/ldns/doc/images/libdnsoverview.svg @@ -0,0 +1,475 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + - CLIENT - + any program making use of ldns + + + - WIRE module - + from_wire to_wire- convert to and from wireformat- all name encoding and decoding is contained in these functions + + + - central structures - + pkt structurerdf structuredname structurerr structurerrlist structurerrset structurepkt structurezone structure + + + - resolver module - + stub resolversendquerybgsendaxfr + + + - net module - + all network interfacing code + + - OS/libc layer - + + str module + from_str to_str- convert from and to string- dig-style formatted output + + + DNSSEC module + signverify + + + + + + + + + + diff --git a/zonemaster-ldns/ldns/doc/libdns.css b/zonemaster-ldns/ldns/doc/libdns.css new file mode 100644 index 0000000..2d2f385 --- /dev/null +++ b/zonemaster-ldns/ldns/doc/libdns.css @@ -0,0 +1,425 @@ +BODY,H1,H2,H3,H4,H5,H6,P,CENTER,TD,TH,UL,DL,DIV { + font-family: Geneva, Arial, Helvetica, sans-serif; +} +BODY,TD { + font-size: 90%; +} +H1 { +text-align: center; + font-size: 160%; +} +H2 { + font-size: 120%; +} +H3 { + font-size: 100%; +} +CAPTION { font-weight: bold } +DIV.qindex { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84c7b0; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} +DIV.nav { + width: 100%; + background-color: #e8eef2; + border: 1px solid #84c7b0; + text-align: center; + margin: 2px; + padding: 2px; + line-height: 140%; +} + +DIV.navtab { + background-color: #e8eef2; + border: 1px solid #84c7b0; + text-align: center; + margin: 2px; + margin-right: 15px; + padding: 2px; +} +TD.navtab { + font-size: 70%; +} +A { + text-decoration: none; + font-weight: bold; + color: #1ba159; +} + +A.qindex { + text-decoration: none; + font-weight: bold; + color: #1ba159; +} +A.qindex:visited { + text-decoration: none; + font-weight: bold; + color: #1b7159; +} +A.qindex:hover { + text-decoration: none; + background-color: #ddffdd; +} +A.qindexHL { + text-decoration: none; + font-weight: bold; + background-color: #6666cc; + color: #ffffff; + border: 1px double #9295C2; +} +A.qindexHL:hover { + text-decoration: none; + background-color: #6666cc; + color: #ffffff; +} +A.qindexHL:visited { text-decoration: none; background-color: #6666cc; color: #ffffff } +A.el { text-decoration: none; font-weight: bold } +A.elRef { font-weight: bold } +A.code:link { text-decoration: none; font-weight: normal; color: #1ba159} +A.code:visited { text-decoration: none; font-weight: normal; color: #1b7159} +A.codeRef:link { font-weight: normal; color: #1ba159} +A.codeRef:visited { font-weight: normal; color: #1b7159} +A:hover { text-decoration: none; background-color: #c0c0c0 } + +DL.el { margin-left: -1cm } +.fragment { + font-family: monospace; + font-size: 100%; +} +PRE.fragment { + border: 1px solid #CCCCCC; + background-color: #f5f5f5; + margin-top: 4px; + margin-bottom: 4px; + margin-left: 2px; + margin-right: 8px; + padding-left: 6px; + padding-right: 6px; + padding-top: 4px; + padding-bottom: 4px; +} +DIV.ah { background-color: black; font-weight: bold; color: #ffffff; margin-bottom: 3px; margin-top: 3px } +TD.md { background-color: #F4F4FB; font-weight: bold; } +TD.mdPrefix { + background-color: #F4F4FB; + color: #606060; + font-size: 80%; +} +TD.mdname1 { background-color: #F4FBF4; font-weight: bold; color: #602020; } +TD.mdname { background-color: #F4FBF4; font-weight: bold; color: #602020; width: 600px; } +DIV.groupHeader { + margin-left: 16px; + margin-top: 12px; + margin-bottom: 6px; + font-weight: bold; +} +DIV.groupText { margin-left: 16px; font-style: italic; font-size: 90% } +BODY { + background: white; + color: black; + margin-right: 20px; + margin-left: 20px; +} +TD.indexkey { + background-color: #e8eef2; + font-weight: bold; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TD.indexvalue { + background-color: #e8eef2; + font-style: italic; + padding-right : 10px; + padding-top : 2px; + padding-left : 10px; + padding-bottom : 2px; + margin-left : 0px; + margin-right : 0px; + margin-top : 2px; + margin-bottom : 2px; + border: 1px solid #CCCCCC; +} +TR.memlist { + background-color: #f0f0f0; +} +P.formulaDsp { text-align: center; } +IMG.formulaDsp { } +IMG.formulaInl { vertical-align: middle; } +SPAN.keyword { color: #008000 } +SPAN.keywordtype { color: #604020 } +SPAN.keywordflow { color: #e08000 } +SPAN.comment { color: #800000 } +SPAN.preprocessor { color: #806020 } +SPAN.stringliteral { color: #002080 } +SPAN.charliteral { color: #008080 } +.mdTable { + border: 1px solid #868686; + background-color: #F4F4FB; +} +.mdRow { + padding: 8px 10px; +} +.mdescLeft { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.mdescRight { + padding: 0px 8px 4px 8px; + font-size: 80%; + font-style: italic; + background-color: #FAFAFA; + border-top: 1px none #E0E0E0; + border-right: 1px none #E0E0E0; + border-bottom: 1px none #E0E0E0; + border-left: 1px none #E0E0E0; + margin: 0px; +} +.memItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemLeft { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplItemRight { + padding: 1px 8px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: none; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + background-color: #FAFAFA; + font-size: 80%; +} +.memTemplParams { + padding: 1px 0px 0px 8px; + margin: 4px; + border-top-width: 1px; + border-right-width: 1px; + border-bottom-width: 1px; + border-left-width: 1px; + border-top-color: #E0E0E0; + border-right-color: #E0E0E0; + border-bottom-color: #E0E0E0; + border-left-color: #E0E0E0; + border-top-style: solid; + border-right-style: none; + border-bottom-style: none; + border-left-style: none; + color: #606060; + background-color: #FAFAFA; + font-size: 80%; +} +.search { color: #009933; + font-weight: bold; +} +FORM.search { + margin-bottom: 0px; + margin-top: 0px; +} +INPUT.search { font-size: 75%; + color: #008000; + font-weight: normal; + background-color: #e8eef2; +} +TD.tiny { font-size: 75%; +} +a { + color: #1ba159; +} +a:visited { + color: #1b7159; +} +.dirtab { padding: 4px; + border-collapse: collapse; + border: 1px solid #84b0c7; +} +TH.dirtab { background: #e8eef2; + font-weight: bold; +} +HR { height: 1px; + border: none; + border-top: 1px solid black; +} + +/* tabs styles, based on http://www.alistapart.com/articles/slidingdoors */ + +DIV.tabs +{ + float : left; + width : 100%; + background : url("tab_b.gif") repeat-x bottom; + margin-bottom : 4px; +} + +DIV.tabs UL +{ + margin : 0px; + padding-left : 10px; + list-style : none; +} + +DIV.tabs LI, DIV.tabs FORM +{ + display : inline; + margin : 0px; + padding : 0px; +} + +DIV.tabs FORM +{ + float : right; +} + +DIV.tabs A +{ + float : left; + background : url("tab_r.gif") no-repeat right top; + border-bottom : 1px solid #84C7B0; + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + +DIV.tabs A:hover +{ + background-position: 100% -150px; +} + +DIV.tabs A:link, DIV.tabs A:visited, +DIV.tabs A:active, DIV.tabs A:hover +{ + color: #1b7159; +} + +DIV.tabs SPAN +{ + float : left; + display : block; + background : url("tab_l.gif") no-repeat left top; + padding : 5px 9px; + white-space : nowrap; +} + +DIV.tabs INPUT +{ + float : right; + display : inline; + font-size : 1em; +} + +DIV.tabs TD +{ + font-size : x-small; + font-weight : bold; + text-decoration : none; +} + + + +/* Commented Backslash Hack hides rule from IE5-Mac \*/ +DIV.tabs SPAN {float : none;} +/* End IE5-Mac hack */ + +DIV.tabs A:hover SPAN +{ + background-position: 0% -150px; +} + +DIV.tabs LI#current A +{ + background-position: 100% -150px; + border-width : 0px; +} + +DIV.tabs LI#current SPAN +{ + background-position: 0% -150px; + padding-bottom : 6px; +} + +DIV.nav +{ + background : none; + border : none; + border-bottom : 1px solid #84C7B0; +} + +.logo +{ + text-align: right; +} diff --git a/zonemaster-ldns/ldns/doc/tutorial1_mx.dox b/zonemaster-ldns/ldns/doc/tutorial1_mx.dox new file mode 100644 index 0000000..443e5aa --- /dev/null +++ b/zonemaster-ldns/ldns/doc/tutorial1_mx.dox @@ -0,0 +1,98 @@ +/** + \page tutorial1_mx Tutorial 1: Querying for MX records + \dontinclude ldns-mx.c + + The full source code can be found in \link examples/ldns-mx.c \endlink + + ldns-mx is a simple tool that queries your default caching forwarder for + the MX (Mail exchange) record of the given domain. + + 
+   % ldns-mx nlnetlabs.nl
+   nlnetlabs.nl.   86400   IN      MX      100 omval.tednet.nl.
+   nlnetlabs.nl.   86400   IN      MX      50 open.nlnetlabs.nl.
+
+ + First of all, we need to include the correct header files, so + that all functions are available to us: + + \skip include + \until dns.h + + In this case we have used a configure script to generate a config.h file + that does all our inclusions for us, so that it can be compiled on + multiple platforms. If your platform supports the include files \c + stdint.h and \c stdlib.h, you can include these instead of using a + configure script. + + The first included files are prerequisites that ldns needs to function. + The last one, of course, includes the functions of ldns itself. + + In our main function, we declare some variables that we are going to use: + + \skipline ldns_resolver + \until ldns_status + + - The \c ldns_resolver structure keeps a list of nameservers, and can perform queries for us + - An \c ldns_rdf is a basic data type of dns, the RDATA. See \ref design for a description about the building blocks of DNS. + In this case, \c domain will be used to store the name the user specifies when calling the program + - An \c ldns_pkt is a DNS packet, for instance a complete query, or an answer + - The \c ldns_rr_list structure contains a list of DNS Resource Records (RRs). In this case, we will store the MX records we find in the list. + - \c ldns_status is the basic type for status messages in ldns. Most functions will return a value of this type. + + First, we parse the command line argument (checks omitted on this page, see full source code), and store it in our \c domain variable: + \skipline ldns_dname_new_frm_str + + This function takes a string containing a domain name (like + "nlnetlabs.nl") and returns an \c ldns_rdf representing that name. If + somehow the given string can not be parsed it returns NULL. + + Then, we create the resolver structure: + \skipline ldns_resolver_new + + Most of the functions work like this, the first argument is a pointer to + the structure where ldns should store its results (which is also a + pointer). The function returns a status code indicating success + (\ref LDNS_STATUS_OK) or an error number. Remember that these types of + functions allocate memory that you should free later (using the + ldns_free_ functions). + + The second argument is the filename that contains information about the + resolver structure that is to be created. If this argument is NULL, + /etc/resolv.conf is used. The syntax of the file is like that of + /etc/resolv.conf. + + + + We tell the resolver to query for our domain, type MX, of class IN: + \skipline ldns_resolver_search + \until ) + + The last argument contains flags to influence the type of query the + resolver structure sends. In this case, we want the nameserver to use + recursion, so that we'll get the final answer. Therefore, we specify the + \ref LDNS_RD (Recursion Desired) flag. + + This should return a packet if everything goes well. + + We get all RRs of type MX from the answer packet and store them in our list: + \skipline ldns_pkt_rr_list_by_type + \until ) + + If this list is not empty, we sort and print it: + \skipline ldns_rr_list_sort + \skipline ldns_rr_list_print + + And finally, just to be proper, we free our allocated data: + \skipline free( + \until resolver_deep_free + + For structures that can contain other ldns structures, there are two types of free() function available + - \c ldns_free_ frees only the allocated data for the structure itself. + - \c ldns_deep_free_ frees the structure, and ALL structures that + are nested in it. For example, of you \c deep_free an ldns_rr_list, + all \c ldns_rr structures that were present in the list are also + freed. + + +*/ diff --git a/zonemaster-ldns/ldns/doc/tutorial2_zone.dox b/zonemaster-ldns/ldns/doc/tutorial2_zone.dox new file mode 100644 index 0000000..680ccb4 --- /dev/null +++ b/zonemaster-ldns/ldns/doc/tutorial2_zone.dox @@ -0,0 +1,111 @@ +/** + \page tutorial2_zone Tutorial 2: Reading a zone file + \dontinclude ldns-read-zone.c + + The full source code can be found in \link examples/ldns-read-zone.c \endlink + + ldns-read-zone reads a zone file, and prints it to stdout, with 1 resource record per line. + + 
+% cat example.zone
+$ORIGIN example.
+$TTL 600
+
+example.        IN SOA  example. op.example. (
+                                2004022501 ; serial
+                                28800      ; refresh (8 hours)
+                                7200       ; retry (2 hours)
+                                604800     ; expire (1 week)
+                                18000      ; minimum (5 hours)
+                                )
+
+@       IN      MX      10 mail.example.
+@       IN      NS      ns1
+@       IN      NS      ns2
+@       IN      A       123.123.123.123
+
+% ldns-read-zone example.zone
+example.        600     IN      SOA     example. op.example. 2004022501 28800 7200 604800 18000
+example.        600     IN      MX      10 mail.example.
+example.        600     IN      NS      ns1.example.
+example.        600     IN      NS      ns2.example.
+example.        600     IN      A       123.123.123.123
+
+ + + +Again, let's start with including some necessary header files: + +\skipline include +\until errno + +In this example, we are going to open a file, if that fails, we'll need errno.h to display an error message. + +Okay, let's declare the variables we are going to need today: + +\skipline filename +\until ldns_status + +The only two ldns-specific types here are \c ldns_zone and \c ldns_status. + - \c ldns_zone is the structure that can contain a complete zone + - \c ldns_status again is used to check return values of ldns functions + + +If we get no filename, we'll read standard input, otherwise, we'll try to +open the given filename: +\skipline if (argc == 0) +\until exit(EXIT_FAILURE) +\until } +\until } + + +With the \c FILE pointer in our hands, we visit ldns to pour it into a zone +structure: +\skipline ldns_zone_new_frm_fp_l + +There is also a \c ldns_zone_new_frm_fp, but this one also remembers the +line number it was on, so we can use that if we encounter a parse error. + +Just like in \ref tutorial1_mx, the first argument is a pointer +to the place ldns should store its creation in, and again, the return value +is the status code. + +The second argument is the file pointer where our zone data should reside. + +The third argument, if not NULL, is a \c dname that contains the zones +origin. It will place this dname after every name in the file that is not a +fully qualified domain name. + +The fourth argument, if not 0, is the default TTL to use. + +Both these values can be specified in the zone file by setting \c $ORIGIN and \c $TTL. + +The fifth argument specifies the default class, which defaults to IN (\ref LDNS_RR_CLASS_IN). + +And finally, every time \c ldns_zone_new_frm_fp_l reads a line from the +input file pointer, it will increment the value pointed to by the last +argument with 1. + + +Okay, with that, we should have a nice zone structure. Of course we need to +check whether it has succeeded. + +\skipline LDNS_STATUS_OK +\until deep_free + +If everything went well, we sort the zone if necessary, print it, and free it. + +Since \c ldns_zone contains other ldns structures, we use \c ldns_deep_free +so that every \c ldns_rr_list, \c ldns_rr et cetera are freed too. + +\until line_nr); +\until } + +If something went wrong, we use \c ldns_get_errorstr_by_id() to get a nice +error string instead of just a status integer. + +And of course, we should play nice and close the file: +\skipline fclose +\until exit + +*/ diff --git a/zonemaster-ldns/ldns/doc/tutorial3_signzone.dox b/zonemaster-ldns/ldns/doc/tutorial3_signzone.dox new file mode 100644 index 0000000..1943e55 --- /dev/null +++ b/zonemaster-ldns/ldns/doc/tutorial3_signzone.dox @@ -0,0 +1,206 @@ +/** + \page tutorial3_signzone Tutorial 3: Signing a zone file + \dontinclude ldns-signzone.c + + The full source code can be found in \link examples/ldns-signzone.c \endlink + + Of course, we start by the usual includes. Since we need a bit more here, + we'll add those right away. + + \skipline include + \until define + + Let's skip the boring usage() and sanity check functions, and dive right + into main(). + + \skipline main(int argc + \skipline { + + We'll be reading another zone file, so let's prepare some variables for that. + + \skipline zone + \until argi + + We will create a separate zone structure for the signed zone, so let's have a clear name for the original one. + + \skipline zone + \until zone + + To sign a zone, we need keys, so we need some variables to read and store it; + + \skipline key + \until status + + The \ref ldns_key structure holds (private) keys. These can be of any + supported algorithm type; you can put an RSA key in it, an DSA key, or an + HMAC key. Public keys can simply be put in an \ref ldns_rr structure with + type \ref LDNS_RR_TYPE_DNSKEY. + + The \ref ldns_key_list type is much like the \ref ldns_rr_list, only, you + guessed it, for \c ldns_key entries. + + + The signed zone will be stored in a new file. + + \skipline file + \until file + + And we have some command line options for the output zone. + + \skipline tm + \until class + + \c origin is a domain name, so it can be stored in an \ref ldns_rdf + variable with type \ref LDNS_RDF_TYPE_DNAME. + + The next part is option parsing, which is pretty straightforward using \c + getopt(), so we'll skip this too. U can always look to the source of the + file to check it out. + + Okay that's it for the variables, let's get to work! + + First we'll try to read in the zone that is to be signed. + + \skipline fopen(zone + \until } else { + + If the file exists and can be read, we'll let ldns mold it into a zone + structure: + + \skipline zone_new + + This creates a new (\c new) zone from (\c frm) a filepointer (\c fp), + while remembering the current line (\c l) in the input file (for error + messages). + + A pointer to the zone structure to be filled is passed as the first + argument, like in most \c new_frm functions. + + Like a lot of ldns functions, this one returns a \c ldns_status + indicating success or the type of failure, so let us check that. + + \skipline STATUS + \until } else { + + If everything is ok so far, we check if the zone has a SOA record and contains actual data. + + \skipline orig_soa + \until } + \until } + \until } + + Now that we have the complete zone in our memory, we won't be needing the file anymore. + + \skipline fclose + \until } + + If there was no origin given, we'll use the one derived from the original zone file. + + \skipline origin + \until } + + No signing party can be complete without keys to sign with, let's fetch those. + + Multiple key files can be specified on the command line, by using the + base names of the .key/.private file pairs. + + \skipline key + \until fopen + + As you can see, we append ".private" to the name, which should result in + the complete file name of the private key. Later we'll also form the + ".key" file name, which will be directly included in the signed zone. + + If the file exists, we'll read it and create a \c ldns_key from its + contents, much like the way we read the zone earlier. + + \skipline line_nr + \until STATUS + + If this went ok, we need to set the inception and expiration times, which + are set in the keys, but will eventually end up in the RRSIGs generated + by those keys. + + \skipline expiration + \until } + \skipline inception + \until } + + And now that we have read the private keys, we read the public keys and + add them to the zone. + + Reading them from the files works roughly the same as reading private + keys, but public keys are normal Resource Records, and they can be stored + in general \c ldns_rr structures. + + \skipline FREE + \until } + \until } + + With \c push() we add them to our key list and our zone. This function + clones the data, so we can safely free it after that. + + \skipline push + \until free + + And if we're done, we free the allocated memory for the file name. + + \until FREE + + If the reading did not work, we print an error. Finally, we move on to + the next key in the argument list. + + \skipline } else { + \until } + \until } + \until } + + Just to be sure, we add a little check to see if we actually have any keys now. + + \skipline count + \until } + + So, we have our zone, we have our keys, let's do some signing! + + \skipline sign + + Yes. That's it. We now have a completely signed zone, \c ldns_zone_sign + checks the keys, and uses the zone signing keys to sign the data resource + records. NSEC and RRSIG resource records are generated and added to the + new zone. + + So now that we have a signed zone, all that is left is to store it somewhere. + + If no explicit output file name was given, we'll just append ".signed" to + the original zone file name. + + \skipline outputfile + \until } + + \c ldns_zone_sign returns NULL if the signing did not work, so we must check that. + + \skipline signed_zone + \until } else { + + Writing to a file is no different than normal printing, so we'll print to + the file and close it. + + \skipline print + \until } + + And of course, give an error if the signing failed. + + \skipline } else { + \until } + + Just to be nice, let's free the rest of the data we allocated, and exit + with the right return value. + + \skipline free + \until } + + + + + +*/ \ No newline at end of file diff --git a/zonemaster-ldns/ldns/drill/ChangeLog.22-nov-2005 b/zonemaster-ldns/ldns/drill/ChangeLog.22-nov-2005 new file mode 100644 index 0000000..6a18ed8 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/ChangeLog.22-nov-2005 @@ -0,0 +1,105 @@ +--------- Drill now is a subdirectory in ldns. To make life easier +--------- we are using ldns' version numbering for drill from now on. +--------- Sadly this means we GO BACKWARDS in the versions +--------- This ChangeLog will not be updated anymore - all changes are +--------- documented in ldns' ChangeLog + +1.0-pre3: to be released: drill-team + * Secure tracing works + * Added section about DNSSEC in the manual page + * Allow the class information to be given to do_chase() + * Lint fixes for the code + * Bugzilla was setup for drill + * Bug #97 (drill); -S crash was fixed + * Add -Q (quiet) flag was added. This suppresses output from drill. + +1.0-pre2: 20 Jun 2005: drill-team + * Second prerelease + * Bugs where fix in the chasing functionality + +1.0-pre1: 1 Jun 2005: drill-team + * First drill release based on ldns + * drill's core code is not much more simple, as + all the difficult stuff is moved to ldns. + * Much saner argument parsing + +---------- Above Newer drill based on ldns -------------- +---------- Below Older drill with it's own DNS handling -------------- + +0.9.2: Feb 3 2005: drill-team + * Added two more options (borrowed from dig) + --rd, don't set the RD bit in queries + --fail, don't query the next nameserver on SERVFAIL + * Fixed handling of obscure data types + * Handle classes other the 'IN' when making a query + + * For people using FreeBSD: drill is now in the ports + (Thanks to Jaap Akkerhuis) + +0.9.1: Jan 5 2005: drill-team + * Makefile tweaks + * drill ns . works + * re-check the root in when tracing + * added handling for some lesser known types (including WKS) + +0.9: Dec 6 2004: drill-team + * big configure.ac and Makefile.in updates (made more general) + * escapes in names argument and txt and dname data + * gcc 2(.95) support + * packet wire data is now checked for dangerous elements (like + looping compression etc) + * (Multiple) Octal char representation + * Responses can be saved to file + * 'Answers' can be read from file instead of server + * Lots and lots of bugfixes and improvements + +0.8.1: Oct 27 2004: Miek + * configure.ac updates + * secure resolving updates (still doesn't work) + * printing additions + - CERT RR supported + - LOC RR support + * All non supported RRs are handled as unknown + * If no nameservers found in /etc/resolv.conf + default to 127.0.0.1 + * Various bugs fixed + - Close sockets after using them + - Some memory leaks were plugged + +0.8: Oct 26 2004: Miek + * Lots of features added. Drill is almost feature complete + * Unknown RR's are supported + * Numerous smaller updates in documentation + * Numerous code cleanups + * Dig is no longer needed to build drill + +0.7: Oct 21 2004: Miek + * reworked internal code + * DNSSEC is working, except the secure resolving + * build updates + * more sane options parsing + * more sane argument handling + +0.6-alpha: Oct 2004: Jelte + * No log + +0.5-alpha: Sept 22 2004: Miek + * most of the DNS stuff is working + * moved to configure + * tested on Linux/FreeBSD + * fully IPV6 capable + * new DNSSEC types supported + * DNSSEC somewhat working + * gcc => 3 is needed for building + +0.4-alpha: Sept 9 2004: Miek + * moved to autoconf for building + * lots of various updates + * really a workable program now + +0.3-alpha: Sept 6 2004: Miek + * IPv6 support + * automatic secure resolving + * --trace updates + * --chase updates + * more checks diff --git a/zonemaster-ldns/ldns/drill/README b/zonemaster-ldns/ldns/drill/README new file mode 100644 index 0000000..bbbb816 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/README @@ -0,0 +1,12 @@ +QUICK INSTALL GUIDE + +drill is a subdirectory in ldns. + +To compile drill you need: +autoreconf && ./configure && make + +If ldns is installed in a different location, use --with-ldns=directory +See also ./configure --help + +In the first case you must run drill as: +LD_LIBRARY_PATH=../.libs ./drill diff --git a/zonemaster-ldns/ldns/drill/REGRESSIONS b/zonemaster-ldns/ldns/drill/REGRESSIONS new file mode 100644 index 0000000..b8f6be9 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/REGRESSIONS @@ -0,0 +1,25 @@ +REGRESSIONS + +This version of drill is based on ldns and as such some things +are slightly changed. This file documents the changes. + +o When tracing (-T option) we use the local resolver (as specified + in /etc/resolv.conf) to lookup names. This increases the speed + dramatically, but you obviously need to be able to reach a recursive + server/cache. + Previously drill would try to resolve the names by itself. + +o Printing of DSs after DNSKEY records. Because we don't parse our + own packets anymore, we cannot print the DS directly after the DNSKEY + record. The DSs are now printed AFTER the packet. + +o The long options are removed. + +o The chase function has a different output, and will be subject to change + in the near future. + +o The useless (for jokes only) -I option was dropped. + +FIXED: +o the argument parsing is much smarter, the order doesn't matter (much) + anymore diff --git a/zonemaster-ldns/ldns/drill/chasetrace.c b/zonemaster-ldns/ldns/drill/chasetrace.c new file mode 100644 index 0000000..3bd5956 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/chasetrace.c @@ -0,0 +1,507 @@ +/* + * chasetrace.c + * Where all the hard work concerning chasing + * and tracing is done + * (c) 2005, 2006 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +/* Cache all RRs from rr_list "rr_list" to "referrals" database for lookup + * later on. Print the NS RRs that were not already present. + */ +static void add_rr_list_to_referrals( + ldns_dnssec_zone *referrals, ldns_rr_list *rr_list) +{ + size_t i; + ldns_rr *rr; + ldns_dnssec_rrsets *rrset; + ldns_dnssec_rrs *rrs; + + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + rr = ldns_rr_list_rr(rr_list, i); + /* Check if a RR equal to "rr" is present in "referrals" */ + rrset = ldns_dnssec_zone_find_rrset( + referrals, ldns_rr_owner(rr), ldns_rr_get_type(rr)); + if (rrset) { + for (rrs = rrset->rrs; rrs; rrs = rrs->next) + if (ldns_rr_compare(rr, rrs->rr) == 0) + break; + if (rrs) continue; /* "rr" is present, next! */ + } + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_NS && verbosity != -1) + ldns_rr_print(stdout, rr); + (void) ldns_dnssec_zone_add_rr(referrals, rr); + } +} + +/* Cache all RRs from packet "p" to "referrals" database for lookup later on. + * Print the NS RRs that were not already present. + */ +static void add_referrals(ldns_dnssec_zone *referrals, ldns_pkt *p) +{ + ldns_rr_list *l = ldns_pkt_all_noquestion(p); + if (l) { + add_rr_list_to_referrals(referrals, l); + ldns_rr_list_free(l); + } +} + +/* Equip name-server "res" with the name-servers authoritative for as much + * of "name" as possible. Lookup addresses if needed. + */ +static bool set_nss_for_name( + ldns_resolver *res, ldns_dnssec_zone *referrals, ldns_rdf *name, + ldns_resolver *local_res, ldns_rr_class c) +{ + ldns_dnssec_rrsets *nss = NULL; + ldns_dnssec_rrs *nss_rrs; + ldns_dnssec_rrsets *as = NULL; + ldns_dnssec_rrs *as_rrs; + ldns_rdf *lookup = ldns_rdf_clone(name); + ldns_rdf *new_lookup; + ldns_rdf *addr; + ldns_rr_list *addrs; + + /* nss will become the rrset of as much of "name" as possible */ + for (;;) { + nss = ldns_dnssec_zone_find_rrset( + referrals, lookup, LDNS_RR_TYPE_NS); + if (nss != NULL) { + ldns_rdf_deep_free(lookup); + break; + } + new_lookup = ldns_dname_left_chop(lookup); + ldns_rdf_deep_free(lookup); + lookup = new_lookup; + if (!lookup) { + error("No referrals for name found"); + return false; + } + } + + /* remove the old nameserver from the resolver */ + while ((addr = ldns_resolver_pop_nameserver(res))) + ldns_rdf_deep_free(addr); + + /* Find and add the address records for the rrset as name-servers */ + for (nss_rrs = nss->rrs; nss_rrs; nss_rrs = nss_rrs->next) { + + if ((as = ldns_dnssec_zone_find_rrset( + referrals, ldns_rr_rdf(nss_rrs->rr, 0), LDNS_RR_TYPE_A))) + for (as_rrs = as->rrs; as_rrs; as_rrs = as_rrs->next) + (void) ldns_resolver_push_nameserver( + res, ldns_rr_rdf(as_rrs->rr, 0)); + + if ((as = ldns_dnssec_zone_find_rrset( + referrals, ldns_rr_rdf(nss_rrs->rr, 0), LDNS_RR_TYPE_AAAA))) + for (as_rrs = as->rrs; as_rrs; as_rrs = as_rrs->next) + (void) ldns_resolver_push_nameserver( + res, ldns_rr_rdf(as_rrs->rr, 0)); + } + /* Is our resolver equipped with name-servers? Good! We're done */ + if (ldns_resolver_nameserver_count(res) > 0) + return true; + + /* Lookup addresses with local resolver add add to "referrals" database */ + addrs = ldns_rr_list_new(); + for (nss_rrs = nss->rrs; nss_rrs; nss_rrs = nss_rrs->next) { + ldns_rr_list *addrs_by_name = + ldns_get_rr_list_addr_by_name( + local_res, ldns_rr_rdf(nss_rrs->rr, 0), c, 0); + ldns_rr_list_cat(addrs, addrs_by_name); + ldns_rr_list_free(addrs_by_name); + } + + if (ldns_rr_list_rr_count(addrs) == 0) + error("Could not find the nameserver ip addr; abort"); + + else if (ldns_resolver_push_nameserver_rr_list(res, addrs) != + LDNS_STATUS_OK) + + error("Error adding new nameservers"); + else { + ldns_rr_list_deep_free(addrs); + return true; + } + add_rr_list_to_referrals(referrals, addrs); + ldns_rr_list_deep_free(addrs); + return false; +} + +/** + * trace down from the root to name + */ + +/* same naive method as in drill0.9 + * We resolve _ALL_ the names, which is of course not needed. + * We _do_ use the local resolver to do that, so it still is + * fast, but it can be made to run much faster. + */ +void +do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, + ldns_rr_class c) +{ + + static uint8_t zero[1] = { 0 }; + static const ldns_rdf root_dname = { 1, LDNS_RDF_TYPE_DNAME, &zero }; + + ldns_resolver *res = NULL; + ldns_pkt *p = NULL; + ldns_rr_list *final_answer; + ldns_rr_list *new_nss; + ldns_rr_list *cname = NULL; + ldns_rr_list *answers = NULL; + uint16_t loop_count; + ldns_status status; + ldns_dnssec_zone* referrals = NULL; + ldns_rdf *addr; + + loop_count = 0; + final_answer = NULL; + res = ldns_resolver_new(); + + if (!res) { + error("Memory allocation failed"); + goto cleanup; + } + + /* transfer some properties of local_res to res, + * because they were given on the command line */ + ldns_resolver_set_ip6(res, + ldns_resolver_ip6(local_res)); + ldns_resolver_set_port(res, + ldns_resolver_port(local_res)); + ldns_resolver_set_debug(res, + ldns_resolver_debug(local_res)); + ldns_resolver_set_dnssec(res, + ldns_resolver_dnssec(local_res)); + ldns_resolver_set_fail(res, + ldns_resolver_fail(local_res)); + ldns_resolver_set_usevc(res, + ldns_resolver_usevc(local_res)); + ldns_resolver_set_random(res, + ldns_resolver_random(local_res)); + ldns_resolver_set_source(res, + ldns_resolver_source(local_res)); + ldns_resolver_set_recursive(res, false); + + /* setup the root nameserver in the new resolver */ + status = ldns_resolver_push_nameserver_rr_list(res, global_dns_root); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error adding root servers to resolver: %s\n", ldns_get_errorstr_by_id(status)); + ldns_rr_list_print(stdout, global_dns_root); + goto cleanup; + } + + /* this must be a real query to local_res */ + status = ldns_resolver_send(&p, res, &root_dname, LDNS_RR_TYPE_NS, c, 0); + /* p can still be NULL */ + + if (ldns_pkt_empty(p)) { + warning("No root server information received"); + } + + if (status == LDNS_STATUS_OK) { + if (!ldns_pkt_empty(p)) { + drill_pkt_print(stdout, local_res, p); + } + referrals = ldns_dnssec_zone_new(); + add_referrals(referrals, p); + } else { + error("cannot use local resolver"); + goto cleanup; + } + if (! set_nss_for_name(res, referrals, name, local_res, c)) { + goto cleanup; + } + ldns_pkt_free(p); + p = NULL; + status = ldns_resolver_send(&p, res, name, t, c, 0); + while(status == LDNS_STATUS_OK && + ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) { + + if (!p) { + /* some error occurred -- bail out */ + goto cleanup; + } + add_referrals(referrals, p); + + /* checks itself for verbosity */ + drill_pkt_print_footer(stdout, local_res, p); + + if (! set_nss_for_name(res, referrals, name, local_res, c)) { + goto cleanup; + } + if (loop_count++ > 20) { + /* unlikely that we are doing anything useful */ + error("Looks like we are looping"); + goto cleanup; + } + ldns_pkt_free(p); + p = NULL; + status = ldns_resolver_send(&p, res, name, t, c, 0); + + /* Exit trace on error */ + if (status != LDNS_STATUS_OK) + break; + + /* An answer might be the desired answer (and no referral) */ + if (ldns_pkt_reply_type(p) != LDNS_PACKET_ANSWER) + continue; + + /* Exit trace when the requested type is found */ + answers = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANSWER); + if (answers && ldns_rr_list_rr_count(answers) > 0) { + ldns_rr_list_free(answers); + answers = NULL; + break; + } + ldns_rr_list_free(answers); + answers = NULL; + + /* Get the CNAMEs from the answer */ + cname = ldns_pkt_rr_list_by_type( + p, LDNS_RR_TYPE_CNAME, LDNS_SECTION_ANSWER); + + /* No CNAME either: exit trace */ + if (ldns_rr_list_rr_count(cname) == 0) + break; + + /* Print CNAME referral */ + ldns_rr_list_print(stdout, cname); + + /* restart with the CNAME */ + name = ldns_rr_rdf(ldns_rr_list_rr(cname, 0), 0); + ldns_rr_list_free(cname); + cname = NULL; + + /* remove the old nameserver from the resolver */ + while((addr = ldns_resolver_pop_nameserver(res))) + ldns_rdf_deep_free(addr); + + /* Restart trace from the root up */ + (void) ldns_resolver_push_nameserver_rr_list( + res, global_dns_root); + + ldns_pkt_free(p); + p = NULL; + status = ldns_resolver_send(&p, res, name, t, c, 0); + } + + ldns_pkt_free(p); + p = NULL; + (void) ldns_resolver_send(&p, res, name, t, c, 0); + if (!p) { + goto cleanup; + } + new_nss = ldns_pkt_authority(p); + final_answer = ldns_pkt_answer(p); + + if (verbosity != -1) { + ldns_rr_list_print(stdout, final_answer); + ldns_rr_list_print(stdout, new_nss); + + } + drill_pkt_print_footer(stdout, local_res, p); +cleanup: + if (res) { + while((addr = ldns_resolver_pop_nameserver(res))) + ldns_rdf_deep_free(addr); + ldns_resolver_free(res); + } + if (referrals) + ldns_dnssec_zone_deep_free(referrals); + if (p) + ldns_pkt_free(p); +} + + +/** + * Chase the given rr to a known and trusted key + * + * Based on drill 0.9 + * + * the last argument prev_key_list, if not null, and type == DS, then the ds + * rr list we have must all be a ds for the keys in this list + */ +#ifdef HAVE_SSL +ldns_status +do_chase(ldns_resolver *res, + ldns_rdf *name, + ldns_rr_type type, + ldns_rr_class c, + ldns_rr_list *trusted_keys, + ldns_pkt *pkt_o, + uint16_t qflags, + ldns_rr_list * ATTR_UNUSED(prev_key_list)) +{ + ldns_rr_list *rrset = NULL; + ldns_status result; + ldns_rr *orig_rr = NULL; + +/* + ldns_rr_list *sigs; + ldns_rr *cur_sig; + uint16_t sig_i; + ldns_rr_list *keys; +*/ + ldns_pkt *pkt; + ldns_status tree_result; + ldns_dnssec_data_chain *chain; + ldns_dnssec_trust_tree *tree; + + const ldns_rr_descriptor *descriptor; + descriptor = ldns_rr_descript(type); + + ldns_dname2canonical(name); + + pkt = ldns_pkt_clone(pkt_o); + if (!name) { + mesg("No name to chase"); + ldns_pkt_free(pkt); + return LDNS_STATUS_EMPTY_LABEL; + } + if (verbosity != -1) { + printf(";; Chasing: "); + ldns_rdf_print(stdout, name); + if (descriptor && descriptor->_name) { + printf(" %s\n", descriptor->_name); + } else { + printf(" type %d\n", type); + } + } + + if (!trusted_keys || ldns_rr_list_rr_count(trusted_keys) < 1) { + warning("No trusted keys specified"); + } + + if (pkt) { + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + type, + LDNS_SECTION_ANSWER + ); + if (!rrset) { + /* nothing in answer, try authority */ + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + type, + LDNS_SECTION_AUTHORITY + ); + } + /* answer might be a cname, chase that first, then chase + cname target? (TODO) */ + if (!rrset) { + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + LDNS_RR_TYPE_CNAME, + LDNS_SECTION_ANSWER + ); + if (!rrset) { + /* nothing in answer, try authority */ + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + LDNS_RR_TYPE_CNAME, + LDNS_SECTION_AUTHORITY + ); + } + } + } else { + /* no packet? */ + if (verbosity >= 0) { + fprintf(stderr, "%s", ldns_get_errorstr_by_id(LDNS_STATUS_MEM_ERR)); + fprintf(stderr, "\n"); + } + return LDNS_STATUS_MEM_ERR; + } + + if (!rrset) { + /* not found in original packet, try again */ + ldns_pkt_free(pkt); + pkt = NULL; + pkt = ldns_resolver_query(res, name, type, c, qflags); + + if (!pkt) { + if (verbosity >= 0) { + fprintf(stderr, "%s", ldns_get_errorstr_by_id(LDNS_STATUS_NETWORK_ERR)); + fprintf(stderr, "\n"); + } + return LDNS_STATUS_NETWORK_ERR; + } + if (verbosity >= 5) { + ldns_pkt_print(stdout, pkt); + } + + rrset = ldns_pkt_rr_list_by_name_and_type(pkt, + name, + type, + LDNS_SECTION_ANSWER + ); + } + + orig_rr = ldns_rr_new(); + +/* if the answer had no answer section, we need to construct our own rr (for instance if + * the rr qe asked for doesn't exist. This rr will be destroyed when the chain is freed */ + if (ldns_pkt_ancount(pkt) < 1) { + ldns_rr_set_type(orig_rr, type); + ldns_rr_set_owner(orig_rr, ldns_rdf_clone(name)); + + chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, ldns_rr_clone(orig_rr)); + } else { + /* chase the first answer */ + chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, NULL); + } + + if (verbosity >= 4) { + printf("\n\nDNSSEC Data Chain:\n"); + ldns_dnssec_data_chain_print(stdout, chain); + } + + result = LDNS_STATUS_OK; + + tree = ldns_dnssec_derive_trust_tree(chain, NULL); + + if (verbosity >= 2) { + printf("\n\nDNSSEC Trust tree:\n"); + ldns_dnssec_trust_tree_print(stdout, tree, 0, true); + } + + if (ldns_rr_list_rr_count(trusted_keys) > 0) { + tree_result = ldns_dnssec_trust_tree_contains_keys(tree, trusted_keys); + + if (tree_result == LDNS_STATUS_DNSSEC_EXISTENCE_DENIED) { + if (verbosity >= 1) { + printf("Existence denied or verifiably insecure\n"); + } + result = LDNS_STATUS_OK; + } else if (tree_result != LDNS_STATUS_OK) { + if (verbosity >= 1) { + printf("No trusted keys found in tree: first error was: %s\n", ldns_get_errorstr_by_id(tree_result)); + } + result = tree_result; + } + + } else { + if (verbosity >= 0) { + printf("You have not provided any trusted keys.\n"); + } + } + + ldns_rr_free(orig_rr); + ldns_dnssec_trust_tree_free(tree); + ldns_dnssec_data_chain_deep_free(chain); + + ldns_rr_list_deep_free(rrset); + ldns_pkt_free(pkt); + /* ldns_rr_free(orig_rr);*/ + + return result; +} +#endif /* HAVE_SSL */ + diff --git a/zonemaster-ldns/ldns/drill/dnssec.c b/zonemaster-ldns/ldns/drill/dnssec.c new file mode 100644 index 0000000..687cfe5 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/dnssec.c @@ -0,0 +1,534 @@ +/* + * dnssec.c + * Some DNSSEC helper function are defined here + * and tracing is done + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +/* get rr_type from a server from a server */ +ldns_rr_list * +get_rr(ldns_resolver *res, ldns_rdf *zname, ldns_rr_type t, ldns_rr_class c) +{ + /* query, retrieve, extract and return */ + ldns_pkt *p; + ldns_rr_list *found; + + p = ldns_pkt_new(); + found = NULL; + + if (ldns_resolver_send(&p, res, zname, t, c, 0) == LDNS_STATUS_OK) { + found = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANY_NOQUESTION); + } + ldns_pkt_free(p); + return found; +} + +void +drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p) +{ + ldns_rr_list *new_nss; + ldns_rr_list *hostnames; + char *answerfrom_str; + + if (verbosity < 5) { + return; + } + + hostnames = ldns_get_rr_list_name_by_addr(r, ldns_pkt_answerfrom(p), 0, 0); + + new_nss = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER); + ldns_rr_list_print(fd, new_nss); + ldns_rr_list_deep_free(new_nss); + + fprintf(fd, ";; Received %d bytes from %s#%d(", + (int) ldns_pkt_size(p), + ldns_rdf2str(ldns_pkt_answerfrom(p)), + (int) ldns_resolver_port(r)); + /* if we can resolve this print it, other print the ip again */ + if (hostnames) { + ldns_rdf_print(fd, + ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0)); + ldns_rr_list_deep_free(hostnames); + } else { + answerfrom_str = ldns_rdf2str(ldns_pkt_answerfrom(p)); + if (answerfrom_str) { + fprintf(fd, "%s", answerfrom_str); + LDNS_FREE(answerfrom_str); + } + } + fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p)); +} + +void +drill_pkt_print_footer(FILE *fd, ldns_resolver *r, ldns_pkt *p) +{ + ldns_rr_list *hostnames; + char *answerfrom_str; + + if (verbosity < 5) { + return; + } + + hostnames = ldns_get_rr_list_name_by_addr(r, ldns_pkt_answerfrom(p), 0, 0); + + fprintf(fd, ";; Received %d bytes from %s#%d(", + (int) ldns_pkt_size(p), + ldns_rdf2str(ldns_pkt_answerfrom(p)), + (int) ldns_resolver_port(r)); + /* if we can resolve this print it, other print the ip again */ + if (hostnames) { + ldns_rdf_print(fd, + ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0)); + ldns_rr_list_deep_free(hostnames); + } else { + answerfrom_str = ldns_rdf2str(ldns_pkt_answerfrom(p)); + if (answerfrom_str) { + fprintf(fd, "%s", answerfrom_str); + LDNS_FREE(answerfrom_str); + } + } + fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p)); +} +/* + * generic function to get some RRset from a nameserver + * and possible some signatures too (that would be the day...) + */ +ldns_pkt_type +get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t, + ldns_rr_list **rrlist, ldns_rr_list **sig) +{ + ldns_pkt_type pt = LDNS_PACKET_UNKNOWN; + ldns_rr_list *sigs = NULL; + size_t i; + + if (!p) { + if (rrlist) { + *rrlist = NULL; + } + return LDNS_PACKET_UNKNOWN; + } + + pt = ldns_pkt_reply_type(p); + if (name) { + if (rrlist) { + *rrlist = ldns_pkt_rr_list_by_name_and_type(p, name, t, + LDNS_SECTION_ANSWER); + if (!*rrlist) { + *rrlist = ldns_pkt_rr_list_by_name_and_type( + p, name, t, + LDNS_SECTION_AUTHORITY); + } + } + if (sig) { + sigs = ldns_pkt_rr_list_by_name_and_type(p, name, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + if (!sigs) { + sigs = ldns_pkt_rr_list_by_name_and_type( + p, name, LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_AUTHORITY); + } + } + } else { + /* A DS-referral - get the DS records if they are there */ + if (rrlist) { + *rrlist = ldns_pkt_rr_list_by_type( + p, t, LDNS_SECTION_AUTHORITY); + } + if (sig) { + sigs = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_AUTHORITY); + } + } + if (sig) { + *sig = ldns_rr_list_new(); + for (i = 0; i < ldns_rr_list_rr_count(sigs); i++) { + /* only add the sigs that cover this type */ + if (t == ldns_rdf2rr_type(ldns_rr_rrsig_typecovered( + ldns_rr_list_rr(sigs, i)))) { + + ldns_rr_list_push_rr(*sig, + ldns_rr_clone( + ldns_rr_list_rr( + sigs, i))); + } + } + } + ldns_rr_list_deep_free(sigs); + + if (pt == LDNS_PACKET_NXDOMAIN || pt == LDNS_PACKET_NODATA) { + return pt; + } else { + return LDNS_PACKET_ANSWER; + } +} + + +ldns_status +ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs) +{ +#ifdef HAVE_SSL + uint16_t nsec_i; + + ldns_rr_list *nsecs; + ldns_status result; + const ldns_rr_descriptor *descriptor; + + if (!pkt) { + descriptor = ldns_rr_descript(type); + + printf("NETWORk ERROR! Cannot verify denial for: "); + ldns_rdf_print(stdout, name); + printf(" type "); + if (descriptor && descriptor->_name) + printf("%s", descriptor->_name); + else + printf("TYPE%u", type); + return LDNS_STATUS_CRYPTO_NO_RRSIG; + } + if (verbosity >= 5) { + printf("VERIFY DENIAL FROM:\n"); + ldns_pkt_print(stdout, pkt); + } + + result = LDNS_STATUS_CRYPTO_NO_RRSIG; + /* Try to see if there are NSECS in the packet */ + nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC, LDNS_SECTION_ANY_NOQUESTION); + if (nsecs) { + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsecs); nsec_i++) { + /* there are four options: + * - name equals ownername and is covered by the type bitmap + * - name equals ownername but is not covered by the type bitmap + * - name falls within nsec coverage but is not equal to the owner name + * - name falls outside of nsec coverage + */ + if (ldns_dname_compare(ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), name) == 0) { + /* + printf("CHECKING NSEC:\n"); + ldns_rr_print(stdout, ldns_rr_list_rr(nsecs, nsec_i)); + printf("DAWASEM\n"); + */ + if (ldns_nsec_bitmap_covers_type( + ldns_nsec_get_bitmap(ldns_rr_list_rr(nsecs, + nsec_i)), + type)) { + /* Error, according to the nsec this rrset is signed */ + result = LDNS_STATUS_CRYPTO_NO_RRSIG; + } else { + /* ok nsec denies existence */ + if (verbosity >= 3) { + printf(";; Existence of data set with this type denied by NSEC\n"); + } + /*printf(";; Verifiably insecure.\n");*/ + if (nsec_rrs && nsec_rr_sigs) { + (void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, nsec_rrs, nsec_rr_sigs); + } + ldns_rr_list_deep_free(nsecs); + return LDNS_STATUS_OK; + } + } else if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, nsec_i), name)) { + if (verbosity >= 3) { + printf(";; Existence of data set with this name denied by NSEC\n"); + } + if (nsec_rrs && nsec_rr_sigs) { + (void) get_dnssec_rr(pkt, ldns_rr_owner(ldns_rr_list_rr(nsecs, nsec_i)), LDNS_RR_TYPE_NSEC, nsec_rrs, nsec_rr_sigs); + } + ldns_rr_list_deep_free(nsecs); + return LDNS_STATUS_OK; + } else { + /* nsec has nothing to do with this data */ + } + } + ldns_rr_list_deep_free(nsecs); + } else if( (nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC3, LDNS_SECTION_ANY_NOQUESTION)) ) { + ldns_rr_list* sigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION); + ldns_rr* q = ldns_rr_new(); + ldns_rr* match = NULL; + + if(!sigs) { + if (q) { + ldns_rr_free(q); + } + ldns_rr_list_deep_free(nsecs); + return LDNS_STATUS_MEM_ERR; + } + if(!q) { + ldns_rr_list_deep_free(nsecs); + ldns_rr_list_deep_free(sigs); + return LDNS_STATUS_MEM_ERR; + } + ldns_rr_set_question(q, 1); + ldns_rr_set_ttl(q, 0); + ldns_rr_set_owner(q, ldns_rdf_clone(name)); + if(!ldns_rr_owner(q)) { + ldns_rr_free(q); + ldns_rr_list_deep_free(sigs); + ldns_rr_list_deep_free(nsecs); + return LDNS_STATUS_MEM_ERR; + } + ldns_rr_set_type(q, type); + + /* result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0); */ + result = ldns_dnssec_verify_denial_nsec3_match(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0, &match); + if (result == LDNS_STATUS_OK && match && nsec_rrs && nsec_rr_sigs) { + (void) get_dnssec_rr(pkt, ldns_rr_owner(match), LDNS_RR_TYPE_NSEC3, nsec_rrs, nsec_rr_sigs); + } + ldns_rr_free(q); + ldns_rr_list_deep_free(nsecs); + ldns_rr_list_deep_free(sigs); + } + return result; +#else + (void)pkt; + (void)name; + (void)type; + (void)nsec_rrs; + (void)nsec_rr_sigs; + return LDNS_STATUS_ERR; +#endif /* HAVE_SSL */ +} + +/* NSEC3 draft -07 */ +/*return hash name match*/ +ldns_rr * +ldns_nsec3_exact_match(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *nsec3s) { + uint8_t algorithm; + uint32_t iterations; + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *sname = NULL, *hashed_sname = NULL; + + size_t nsec_i; + ldns_rr *nsec; + ldns_rr *result = NULL; + + const ldns_rr_descriptor *descriptor; + + ldns_rdf *zone_name = NULL; + + if (verbosity >= 4) { + printf(";; finding exact match for "); + descriptor = ldns_rr_descript(qtype); + if (descriptor && descriptor->_name) { + printf("%s ", descriptor->_name); + } else { + printf("TYPE%d ", qtype); + } + ldns_rdf_print(stdout, qname); + printf("\n"); + } + + if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { + if (verbosity >= 4) { + printf("no qname, nsec3s or list empty\n"); + } + return NULL; + } + + nsec = ldns_rr_list_rr(nsec3s, 0); + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + if (salt == NULL) { + goto done; + } + + sname = ldns_rdf_clone(qname); + if (sname == NULL) { + goto done; + } + if (verbosity >= 4) { + printf(";; owner name hashes to: "); + } + hashed_sname = ldns_nsec3_hash_name(sname, algorithm, iterations, salt_length, salt); + if (hashed_sname == NULL) { + goto done; + } + zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); + if (zone_name == NULL) { + goto done; + } + if (ldns_dname_cat(hashed_sname, zone_name) != LDNS_STATUS_OK) { + goto done; + }; + + if (verbosity >= 4) { + ldns_rdf_print(stdout, hashed_sname); + printf("\n"); + } + + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) { + nsec = ldns_rr_list_rr(nsec3s, nsec_i); + + /* check values of iterations etc! */ + + /* exact match? */ + if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) { + result = nsec; + goto done; + } + + } + +done: + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + ldns_rdf_deep_free(hashed_sname); + LDNS_FREE(salt); + + if (verbosity >= 4) { + if (result) { + printf(";; Found.\n"); + } else { + printf(";; Not foud.\n"); + } + } + return result; +} + +/*return the owner name of the closest encloser for name from the list of rrs */ +/* this is NOT the hash, but the original name! */ +ldns_rdf * +ldns_nsec3_closest_encloser(ldns_rdf *qname, ldns_rr_type qtype, ldns_rr_list *nsec3s) +{ + /* remember parameters, they must match */ + uint8_t algorithm; + uint32_t iterations; + uint8_t salt_length; + uint8_t *salt; + + ldns_rdf *sname = NULL, *hashed_sname = NULL, *tmp; + bool flag; + + bool exact_match_found; + bool in_range_found; + + ldns_rdf *zone_name = NULL; + + size_t nsec_i; + ldns_rr *nsec; + ldns_rdf *result = NULL; + + if (!qname || !nsec3s || ldns_rr_list_rr_count(nsec3s) < 1) { + return NULL; + } + + if (verbosity >= 4) { + printf(";; finding closest encloser for type %d ", qtype); + ldns_rdf_print(stdout, qname); + printf("\n"); + } + + nsec = ldns_rr_list_rr(nsec3s, 0); + algorithm = ldns_nsec3_algorithm(nsec); + salt_length = ldns_nsec3_salt_length(nsec); + salt = ldns_nsec3_salt_data(nsec); + iterations = ldns_nsec3_iterations(nsec); + if (salt == NULL) { + goto done; + } + + sname = ldns_rdf_clone(qname); + if (sname == NULL) { + goto done; + } + + flag = false; + + zone_name = ldns_dname_left_chop(ldns_rr_owner(nsec)); + if (zone_name == NULL) { + goto done; + } + + /* algorithm from nsec3-07 8.3 */ + while (ldns_dname_label_count(sname) > 0) { + exact_match_found = false; + in_range_found = false; + + if (verbosity >= 3) { + printf(";; "); + ldns_rdf_print(stdout, sname); + printf(" hashes to: "); + } + hashed_sname = ldns_nsec3_hash_name(sname, algorithm, iterations, salt_length, salt); + if (hashed_sname == NULL) { + goto done; + } + + if (ldns_dname_cat(hashed_sname, zone_name) != LDNS_STATUS_OK){ + ldns_rdf_deep_free(hashed_sname); + goto done; + } + + if (verbosity >= 3) { + ldns_rdf_print(stdout, hashed_sname); + printf("\n"); + } + + for (nsec_i = 0; nsec_i < ldns_rr_list_rr_count(nsec3s); nsec_i++) { + nsec = ldns_rr_list_rr(nsec3s, nsec_i); + + /* check values of iterations etc! */ + + /* exact match? */ + if (ldns_dname_compare(ldns_rr_owner(nsec), hashed_sname) == 0) { + if (verbosity >= 4) { + printf(";; exact match found\n"); + } + exact_match_found = true; + } else if (ldns_nsec_covers_name(nsec, hashed_sname)) { + if (verbosity >= 4) { + printf(";; in range of an nsec\n"); + } + in_range_found = true; + } + + } + if (!exact_match_found && in_range_found) { + flag = true; + } else if (exact_match_found && flag) { + result = ldns_rdf_clone(sname); + } else if (exact_match_found && !flag) { + // error! + if (verbosity >= 4) { + printf(";; the closest encloser is the same name (ie. this is an exact match, ie there is no closest encloser)\n"); + } + ldns_rdf_deep_free(hashed_sname); + goto done; + } else { + flag = false; + } + + ldns_rdf_deep_free(hashed_sname); + tmp = sname; + sname = ldns_dname_left_chop(sname); + ldns_rdf_deep_free(tmp); + if (sname == NULL) { + goto done; + } + } + +done: + LDNS_FREE(salt); + ldns_rdf_deep_free(zone_name); + ldns_rdf_deep_free(sname); + + if (!result) { + if (verbosity >= 4) { + printf(";; no closest encloser found\n"); + } + } + + /* todo checks from end of 6.2. here or in caller? */ + return result; +} diff --git a/zonemaster-ldns/ldns/drill/drill.1.in b/zonemaster-ldns/ldns/drill/drill.1.in new file mode 100644 index 0000000..dcc7a71 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/drill.1.in @@ -0,0 +1,262 @@ +.\" @(#)drill.1 1.7.0 14-Jul-2004 OF; +.TH drill 1 "28 May 2006" +.SH NAME +drill \- get (debug) information out of DNS(SEC) +.SH SYNOPSIS +.B drill +[ +.IR OPTIONS +] +.IR name +[ +.IR @server +] +[ +.IR type +] +[ +.IR class +] + +.SH DESCRIPTION +\fBdrill\fR is a tool designed to get all sorts of information out of the +DNS. It is specifically designed to be used with DNSSEC. +.PP +The name \fBdrill\fR is a pun on \fBdig\fR. With \fBdrill\fR you should be able +get even more information than with \fBdig\fR. +.PP +If no arguments are given class defaults to 'IN' and type to 'A'. The +server(s) specified in /etc/resolv.conf are used to query against. + +.PP +\fIname\fR +Ask for this name. + +.PP +\fI@server\fR +Send to query to this server. If not specified use the nameservers from +\fI/etc/resolv.conf\fR. + +.PP +\fItype\fR +Ask for this RR type. If type is not given on the command line it defaults +to 'A'. Except when doing a reverse lookup when it defaults to 'PTR'. + +.PP +\fIclass\fR +Use this class when querying. + +.SH SAMPLE USAGE +\fBdrill mx miek.nl\fR +Show the MX records of the domain miek.nl + +.TP +\fBdrill \-S jelte.nlnetlabs.nl\fR +Chase any signatures in the jelte.nlnetlab.nl domain. This option is +only available when ldns has been compiled with openssl-support. + +.TP +\fBdrill \-TD www.example.com\fR +Do a DNSSEC (\-D) trace (\-T) from the rootservers down to www.example.com. +This option only works when ldns has been compiled with openssl support. + +.TP +\fBdrill \-s dnskey jelte.nlnetlabs.nl\fR +Show the DNSKEY record(s) for jelte.nlnetlabs.nl. For each found DNSKEY +record also print the DS record. + +.SH OPTIONS + +.TP +\fB\-D +Enable DNSSEC in the query. When querying for DNSSEC types (DNSKEY, RRSIG, +DS and NSEC) this is \fInot\fR automatically enabled. + +.TP +\fB\-T +Trace \fIname\fR from the root down. When using this option the @server +arguments is not used. + +.TP +\fB\-S +Chase the signature(s) of 'name' to a known key or as high up in +the tree as possible. + +.TP +\fB\-I \fIIPv4 or IPv6 address\fR +Source address to query from. The source address has to be present +on an interface of the host running drill. + +.TP +\fB\-V \fIlevel\fR +Be more verbose. Set level to 5 to see the actual query that is sent. + +.TP +\fB\-Q +Quiet mode, this overrules \-V. + +.TP +\fB\-f \fIfile\fR +Read the query from a file. The query must be dumped with \-w. + +.TP +\fB\-i \fIfile\fR +read the answer from the file instead from the network. This aids +in debugging and can be used to check if a query on disk is valid. +If the file contains binary data it is assumed to be a query in +network order. + +.TP +\fB\-w \fIfile\fR +Write an answer packet to file. + +.TP +\fB\-q \fIfile\fR +Write the query packet to file. + +.TP +\fB\-v +Show drill's version. + +.TP +\fB\-h +Show a short help message. + +.SS QUERY OPTIONS + +.TP +\fB\-4 +Stay on ip4. Only send queries to ip4 enabled nameservers. + +.TP +\fB\-6 +Stay on ip6. Only send queries to ip6 enabled nameservers. + +.TP +\fB\-a +Use the resolver structure's fallback mechanism if the answer +is truncated (TC=1). If a truncated packet is received and this +option is set, drill will first send a new query with EDNS0 +buffer size 4096. + +If the EDNS0 buffer size was already set to 512+ bytes, or the +above retry also results in a truncated answer, the resolver +structure will fall back to TCP. + +.TP +\fB\-b \fIsize\fR +Use size as the buffer size in the EDNS0 pseudo RR. + +.TP +\fB\-c \fIfile\fR +Use file instead of /etc/resolv.conf for nameserver configuration. + +.TP +\fB\-d \fIdomain\fR +When tracing (\-T), start from this domain instead of the root. + +.TP +\fB\-t +Use TCP/IP when querying a server + +.TP +\fB\-k \fIkeyfile\fR +Use this file to read a (trusted) key from. When this options is +given \fBdrill\fR tries to validate the current answer with this +key. No chasing is done. When \fBdrill\fR is doing a secure trace, this +key will be used as trust anchor. Can contain a DNSKEY or a DS record. + +Alternatively, when DNSSEC enabled tracing (\fB-TD\fR) or signature +chasing (\fB-S\fR), if \fB-k\fR is not specified, and a default trust anchor +(@LDNS_TRUST_ANCHOR_FILE@) exists and contains a valid DNSKEY or DS record, +it will be used as the trust anchor. + +.TP +\fB\-o \fImnemonic\fR +Use this option to set or unset specific header bits. A bit is +set by using the bit mnemonic in CAPITAL letters. A bit is unset when +the mnemonic is given in lowercase. The following mnemonics are +understood by \fBdrill\fR: + + QR, qr: set, unset QueRy (default: on) + AA, aa: set, unset Authoritative Answer (default: off) + TC, tc: set, unset TrunCated (default: off) + RD, rd: set, unset Recursion Desired (default: on) + CD, cd: set, unset Checking Disabled (default: off) + RA, ra: set, unset Recursion Available (default: off) + AD, ad: set, unset Authenticated Data (default: off) + +Thus: \fB-o CD\fR, will enable Checking Disabled, which instructs the +cache to not validate the answers it gives out. + +.TP +\fB\-p \fIport\fR +Use this port instead of the default of 53. + +.TP +\fB\-r \fIfile\fR +When tracing (\-T), use file as a root servers hint file. + +.TP +\fB\-s +When encountering a DNSKEY print the equivalent DS also. + +.TP +\fB\-u +Use UDP when querying a server. This is the default. + +.TP +\fB\-w \fIfile\fR +write the answer to a file. The file will contain a hexadecimal dump +of the query. This can be used in conjunction with \-f. + +.TP +\fB\-x +Do a reverse lookup. The type argument is not used, it is preset to PTR. + +.TP +\fB\-y \fI\fR +specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.sig-alg.reg.int) + +.TP +\fB\-z \fR +don't randomize the nameserver list before sending queries. + + +.SS EDNS QUERY OPTIONS + +.TP +\fB\+nsid \fR +When set, this EDNS option includes an EDNS name server ID request in the query. + + + +.SH "EXIT STATUS" +The exit status is 0 if the looked up answer is secure and trusted, +or insecure. +The exit status is not 0 if the looked up answer is untrusted or bogus, +or an error occurred while performing the lookup. + +.SH "FILES" +.TP +@LDNS_TRUST_ANCHOR_FILE@ +The file from which trusted keys are loaded when no \fB-k\fR option is given. +.SH "SEE ALSO" +.LP +unbound-anchor(8) + +.SH AUTHOR +Jelte Jansen and Miek Gieben. Both of NLnet Labs. + +.SH REPORTING BUGS +Report bugs to . + +.SH BUGS + +.SH COPYRIGHT +Copyright (c) 2004-2008 NLnet Labs. +Licensed under the revised BSD license. There is NO warranty; not even for MERCHANTABILITY or +FITNESS FOR A PARTICULAR PURPOSE. + +.SH SEE ALSO +\fBdig\fR(1), \fIRFC403{3,4,5}\fR. diff --git a/zonemaster-ldns/ldns/drill/drill.c b/zonemaster-ldns/ldns/drill/drill.c new file mode 100644 index 0000000..44c1b76 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/drill.c @@ -0,0 +1,1057 @@ +/* + * drill.c + * the main file of drill + * (c) 2005-2008 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +#ifdef HAVE_SSL +#include +#endif + +/* query debug, 2 hex dumps */ +int verbosity; + +static int +is_ixfr_with_serial(const char* name, uint32_t *serial) +{ + char* end; + if (strlen(name) > 5 && + strncasecmp(name, "IXFR", 4) == 0 && + name[4] == '=') { + *serial = (uint32_t) strtol((name+5), &end, 10); + return 1; + } + return 0; +} + +static void +usage(FILE *stream, const char *progname) +{ + fprintf(stream, " Usage: %s name [@server] [type] [class]\n", progname); + fprintf(stream, "\t can be a domain name or an IP address (-x lookups)\n"); + fprintf(stream, "\t defaults to A\n"); + fprintf(stream, "\t defaults to IN\n"); + fprintf(stream, "\n\targuments may be placed in random order\n"); + fprintf(stream, "\n Options:\n"); + fprintf(stream, "\t-D\t\tenable DNSSEC (DO bit)\n"); +#ifdef HAVE_SSL + fprintf(stream, "\t-T\t\ttrace from the root down to \n"); + fprintf(stream, "\t-S\t\tchase signature(s) from to a known key [*]\n"); +#endif /*HAVE_SSL*/ + fprintf(stream, "\t-I
\tsource address to query from\n"); + fprintf(stream, "\t-V \tverbosity (0-5)\n"); + fprintf(stream, "\t-Q\t\tquiet mode (overrules -V)\n"); + fprintf(stream, "\n"); + fprintf(stream, "\t-f file\t\tread packet from file and send it\n"); + fprintf(stream, "\t-i file\t\tread packet from file and print it\n"); + fprintf(stream, "\t-w file\t\twrite answer packet to file\n"); + fprintf(stream, "\t-q file\t\twrite query packet to file\n"); + fprintf(stream, "\t-h\t\tshow this help\n"); + fprintf(stream, "\t-v\t\tshow version\n"); + fprintf(stream, "\n Query options:\n"); + fprintf(stream, "\t-4\t\tstay on ip4\n"); + fprintf(stream, "\t-6\t\tstay on ip6\n"); + fprintf(stream, "\t-a\t\tfallback to EDNS0 and TCP if the answer is truncated\n"); + fprintf(stream, "\t-b \tuse as the buffer size (defaults to 512 b)\n"); + fprintf(stream, "\t-c \tuse file for recursive nameserver configuration" + "\n\t\t\t(/etc/resolv.conf)\n"); + fprintf(stream, "\t-k \tspecify a file that contains a trusted DNSSEC key [**]\n"); + fprintf(stream, "\t\t\tUsed to verify any signatures in the current answer.\n"); + fprintf(stream, "\t\t\tWhen DNSSEC enabled tracing (-TD) or signature\n" + "\t\t\tchasing (-S) and no key files are given, keys are read\n" + "\t\t\tfrom: %s\n", + LDNS_TRUST_ANCHOR_FILE); + fprintf(stream, "\t-o \tset flags to:" + "\n\t\t\t[QR|qr][AA|aa][TC|tc][RD|rd][CD|cd][RA|ra][AD|ad]\n"); + fprintf(stream, "\t\t\tlowercase: unset bit, uppercase: set bit\n"); + fprintf(stream, "\t-p \tuse as remote port number\n"); + fprintf(stream, "\t-s\t\tshow the DS RR for each key in a packet\n"); + fprintf(stream, "\t-u\t\tsend the query with udp (the default)\n"); + fprintf(stream, "\t-x\t\tdo a reverse lookup\n"); + fprintf(stream, "\twhen doing a secure trace:\n"); + fprintf(stream, "\t-r \tuse file as root servers hint file\n"); + fprintf(stream, "\t-t\t\tsend the query with tcp (connected)\n"); + fprintf(stream, "\t-d \tuse domain as the start point for the trace\n"); + fprintf(stream, "\t-y \tspecify named base64 tsig key, and optional an\n\t\t\talgorithm (defaults to hmac-md5.sig-alg.reg.int)\n"); + fprintf(stream, "\t-z\t\tdon't randomize the nameservers before use\n"); + fprintf(stream, "\n [*] = enables/implies DNSSEC\n"); + fprintf(stream, " [**] = can be given more than once\n"); + fprintf(stream, "\n dns-team@nlnetlabs.nl | http://www.nlnetlabs.nl/ldns/\n"); +} + +/** + * Prints the drill version to stderr + */ +static void +version(FILE *stream, const char *progname) +{ + fprintf(stream, "%s version %s (ldns version %s)\n", progname, DRILL_VERSION, ldns_version()); + fprintf(stream, "Written by NLnet Labs.\n"); + fprintf(stream, "\nCopyright (c) 2004-2008 NLnet Labs.\n"); + fprintf(stream, "Licensed under the revised BSD license.\n"); + fprintf(stream, "There is NO warranty; not even for MERCHANTABILITY or FITNESS\n"); + fprintf(stream, "FOR A PARTICULAR PURPOSE.\n"); +} + + +/** + * Main function of drill + * parse the arguments and prepare a query + */ +int +main(int argc, char *argv[]) +{ + ldns_resolver *res = NULL; + ldns_resolver *cmdline_res = NULL; /* only used to resolv @name names */ + ldns_rr_list *cmdline_rr_list = NULL; + ldns_rdf *cmdline_dname = NULL; + ldns_rdf *qname; + ldns_pkt *pkt; + ldns_pkt *qpkt; + char *serv; + char *src = NULL; + const char *name; + char *progname; + char *query_file = NULL; + char *answer_file = NULL; + ldns_buffer *query_buffer = NULL; + ldns_rdf *serv_rdf; + ldns_rdf *src_rdf = NULL; + ldns_rr_type type; + ldns_rr_class clas; +#if 0 + ldns_pkt_opcode opcode = LDNS_PACKET_QUERY; +#endif + int i, c; + int int_type; + int int_clas; + int PURPOSE; + char *tsig_name = NULL; + char *tsig_data = NULL; + char *tsig_algorithm = NULL; + size_t tsig_separator; + size_t tsig_separator2; + ldns_rr *axfr_rr; + ldns_status status; + char *type_str; + uint32_t serial = 0; + /* list of keys used in dnssec operations */ + ldns_rr_list *key_list = ldns_rr_list_new(); + /* what key verify the current answer */ + ldns_rr_list *key_verified; + + /* resolver options */ + uint16_t qflags; + uint16_t qbuf; + uint16_t qport; + uint8_t qfamily; + bool qdnssec; + bool qfallback; + bool qds; + bool qusevc; + bool qrandom; + bool drill_reverse = false; + + char *resolv_conf_file = NULL; + + ldns_rdf *trace_start_name = NULL; + + int result = 0; + + uint8_t s6addr[16]; + char ip6_arpa_str[74]; + uint8_t s4addr[4]; + char in_addr_arpa_str[40]; + +#ifdef USE_WINSOCK + int r; + WSADATA wsa_data; +#endif + ldns_output_format_storage fmt_storage; + ldns_output_format* fmt = ldns_output_format_init(&fmt_storage); + + int_type = -1; serv = NULL; type = 0; + int_clas = -1; name = NULL; clas = 0; + qname = NULL; src = NULL; + progname = strdup(argv[0]); + +#ifdef USE_WINSOCK + r = WSAStartup(MAKEWORD(2,2), &wsa_data); + if(r != 0) { + printf("Failed WSAStartup: %d\n", r); + result = EXIT_FAILURE; + goto exit; + } +#endif /* USE_WINSOCK */ + + + PURPOSE = DRILL_QUERY; + qflags = LDNS_RD; + qport = LDNS_PORT; + verbosity = 2; + qdnssec = false; + qfamily = LDNS_RESOLV_INETANY; + qfallback = false; + qds = false; + qbuf = 0; + qusevc = false; + qrandom = true; + key_verified = NULL; + ldns_edns_option_list* edns_list = NULL; + + ldns_init_random(NULL, 0); + + /* string from orig drill: "i:w:I46Sk:TNp:b:DsvhVcuaq:f:xr" */ + /* global first, query opt next, option with parm's last + * and sorted */ /* "46DITSVQf:i:w:q:achuvxzy:so:p:b:k:" */ + + while ((c = getopt(argc, argv, "46ab:c:d:Df:hi:I:k:o:p:q:Qr:sStTuvV:w:xy:z")) != -1) { + switch(c) { + /* global options */ + case '4': + qfamily = LDNS_RESOLV_INET; + break; + case '6': + qfamily = LDNS_RESOLV_INET6; + break; + case 'D': + qdnssec = true; + break; + case 'I': + src = optarg; + break; + case 'T': + if (PURPOSE == DRILL_CHASE) { + fprintf(stderr, "-T and -S cannot be used at the same time.\n"); + exit(EXIT_FAILURE); + } + PURPOSE = DRILL_TRACE; + break; +#ifdef HAVE_SSL + case 'S': + if (PURPOSE == DRILL_TRACE) { + fprintf(stderr, "-T and -S cannot be used at the same time.\n"); + exit(EXIT_FAILURE); + } + PURPOSE = DRILL_CHASE; + break; +#endif /* HAVE_SSL */ + case 'V': + if (strtok(optarg, "0123456789") != NULL) { + fprintf(stderr, "-V expects an number as an argument.\n"); + exit(EXIT_FAILURE); + } + verbosity = atoi(optarg); + break; + case 'Q': + fmt->flags |= LDNS_FMT_SHORT; + verbosity = -1; + break; + case 'f': + query_file = optarg; + break; + case 'i': + answer_file = optarg; + PURPOSE = DRILL_AFROMFILE; + break; + case 'w': + answer_file = optarg; + break; + case 'q': + query_file = optarg; + PURPOSE = DRILL_QTOFILE; + break; + case 'r': + if (global_dns_root) { + fprintf(stderr, "There was already a series of root servers set\n"); + exit(EXIT_FAILURE); + } + global_dns_root = read_root_hints(optarg); + if (!global_dns_root) { + fprintf(stderr, "Unable to read root hints file %s, aborting\n", optarg); + exit(EXIT_FAILURE); + } + break; + /* query options */ + case 'a': + qfallback = true; + break; + case 'b': + qbuf = (uint16_t)atoi(optarg); + if (qbuf == 0) { + error("%s", " could not be converted"); + } + break; + case 'c': + resolv_conf_file = optarg; + break; + case 't': + qusevc = true; + break; + case 'k': + status = read_key_file(optarg, + key_list, false); + if (status != LDNS_STATUS_OK) { + error("Could not parse the key file %s: %s", optarg, ldns_get_errorstr_by_id(status)); + } + qdnssec = true; /* enable that too */ + break; + case 'o': + /* only looks at the first hit: capital=ON, lowercase=OFF*/ + if (strstr(optarg, "QR")) { + DRILL_ON(qflags, LDNS_QR); + } + if (strstr(optarg, "qr")) { + DRILL_OFF(qflags, LDNS_QR); + } + if (strstr(optarg, "AA")) { + DRILL_ON(qflags, LDNS_AA); + } + if (strstr(optarg, "aa")) { + DRILL_OFF(qflags, LDNS_AA); + } + if (strstr(optarg, "TC")) { + DRILL_ON(qflags, LDNS_TC); + } + if (strstr(optarg, "tc")) { + DRILL_OFF(qflags, LDNS_TC); + } + if (strstr(optarg, "RD")) { + DRILL_ON(qflags, LDNS_RD); + } + if (strstr(optarg, "rd")) { + DRILL_OFF(qflags, LDNS_RD); + } + if (strstr(optarg, "CD")) { + DRILL_ON(qflags, LDNS_CD); + } + if (strstr(optarg, "cd")) { + DRILL_OFF(qflags, LDNS_CD); + } + if (strstr(optarg, "RA")) { + DRILL_ON(qflags, LDNS_RA); + } + if (strstr(optarg, "ra")) { + DRILL_OFF(qflags, LDNS_RA); + } + if (strstr(optarg, "AD")) { + DRILL_ON(qflags, LDNS_AD); + } + if (strstr(optarg, "ad")) { + DRILL_OFF(qflags, LDNS_AD); + } + break; + case 'p': + qport = (uint16_t)atoi(optarg); + if (qport == 0) { + error("%s", " could not be converted"); + } + break; + case 's': + qds = true; + break; + case 'u': + qusevc = false; + break; + case 'v': + version(stdout, progname); + result = EXIT_SUCCESS; + goto exit; + case 'x': + drill_reverse = true; + break; + case 'y': +#ifdef HAVE_SSL + if (strchr(optarg, ':')) { + tsig_separator = (size_t) (strchr(optarg, ':') - optarg); + if (tsig_algorithm) { + free(tsig_algorithm); + tsig_algorithm = NULL; + } + if (strchr(optarg + tsig_separator + 1, ':')) { + tsig_separator2 = (size_t) (strchr(optarg + tsig_separator + 1, ':') - optarg); + tsig_algorithm = xmalloc(strlen(optarg) - tsig_separator2); + strncpy(tsig_algorithm, optarg + tsig_separator2 + 1, strlen(optarg) - tsig_separator2); + tsig_algorithm[strlen(optarg) - tsig_separator2 - 1] = '\0'; + } else { + tsig_separator2 = strlen(optarg); + tsig_algorithm = strdup("hmac-md5.sig-alg.reg.int"); + } + tsig_name = xmalloc(tsig_separator + 1); + tsig_data = xmalloc(tsig_separator2 - tsig_separator); + strncpy(tsig_name, optarg, tsig_separator); + strncpy(tsig_data, optarg + tsig_separator + 1, tsig_separator2 - tsig_separator - 1); + /* strncpy does not append \0 if source is longer than n */ + tsig_name[tsig_separator] = '\0'; + tsig_data[ tsig_separator2 - tsig_separator - 1] = '\0'; + } +#else + fprintf(stderr, "TSIG requested, but SSL is not supported\n"); + result = EXIT_FAILURE; + goto exit; +#endif /* HAVE_SSL */ + break; + case 'z': + qrandom = false; + break; + case 'd': + trace_start_name = ldns_dname_new_frm_str(optarg); + if (!trace_start_name) { + fprintf(stderr, "Unable to parse argument for -%c\n", c); + result = EXIT_FAILURE; + goto exit; + } + break; + case 'h': + version(stdout, progname); + usage(stdout, progname); + result = EXIT_SUCCESS; + goto exit; + break; + default: + fprintf(stderr, "Unknown argument: -%c, use -h to see usage\n", c); + result = EXIT_FAILURE; + goto exit; + } + } + argc -= optind; + argv += optind; + + if ((PURPOSE == DRILL_CHASE || (PURPOSE == DRILL_TRACE && qdnssec)) && + ldns_rr_list_rr_count(key_list) == 0) { + + (void) read_key_file(LDNS_TRUST_ANCHOR_FILE, key_list, true); + } + if (ldns_rr_list_rr_count(key_list) > 0) { + printf(";; Number of trusted keys: %d\n", + (int) ldns_rr_list_rr_count(key_list)); + } + /* do a secure trace when requested */ + if (PURPOSE == DRILL_TRACE && qdnssec) { +#ifdef HAVE_SSL + if (ldns_rr_list_rr_count(key_list) == 0) { + warning("%s", "No trusted keys were given. Will not be able to verify authenticity!"); + } + PURPOSE = DRILL_SECTRACE; +#else + fprintf(stderr, "ldns has not been compiled with OpenSSL support. Secure trace not available\n"); + exit(1); +#endif /* HAVE_SSL */ + } + + /* parse the arguments, with multiple arguments, the last argument + * found is used */ + for(i = 0; i < argc; i++) { + + /* if ^@ then it's a server */ + if (argv[i][0] == '@') { + if (strlen(argv[i]) == 1) { + warning("%s", "No nameserver given"); + exit(EXIT_FAILURE); + } + serv = argv[i] + 1; + continue; + } + /* if ^+ then it's an EDNS option */ + if (argv[i][0] == '+') { + if (!strcmp(argv[i]+1, "nsid")) { + ldns_edns_option *edns; + edns_list = ldns_edns_option_list_new(); + + /* create NSID EDNS*/ + edns = ldns_edns_new_from_data(LDNS_EDNS_NSID, 0, NULL); + + if (edns_list == NULL || edns == NULL) { + error("EDNS option could not be allocated"); + break; + } + + if (!(ldns_edns_option_list_push(edns_list, edns))) { + error("EDNS option NSID could not be attached"); + break; + } + continue; + } + else { + error("Unsupported argument after '+'"); + break; + } + } + /* if has a dot, it's a name */ + if (strchr(argv[i], '.')) { + name = argv[i]; + continue; + } + /* if it matches a type, it's a type */ + if (int_type == -1) { + type = ldns_get_rr_type_by_name(argv[i]); + if (type != 0) { + int_type = 0; + continue; + } else if (is_ixfr_with_serial(argv[i], &serial)) { + type = LDNS_RR_TYPE_IXFR; + int_type = 0; + continue; + } + } + /* if it matches a class, it's a class */ + if (int_clas == -1) { + clas = ldns_get_rr_class_by_name(argv[i]); + if (clas != 0) { + int_clas = 0; + continue; + } + } + /* it all fails assume it's a name */ + name = argv[i]; + } + /* act like dig and use for . NS */ + if (!name) { + name = "."; + int_type = 0; + type = LDNS_RR_TYPE_NS; + } + + /* defaults if not given */ + if (int_clas == -1) { + clas = LDNS_RR_CLASS_IN; + } + if (int_type == -1) { + if (!drill_reverse) { + type = LDNS_RR_TYPE_A; + } else { + type = LDNS_RR_TYPE_PTR; + } + } + if (!drill_reverse) + ; /* pass */ + else if (strchr(name, ':')) { /* ipv4 or ipv6 addr? */ + if (!inet_pton(AF_INET6, name, &s6addr)) { + error("Syntax error: cannot parse IPv6 address\n"); + } + (void) snprintf(ip6_arpa_str, sizeof(ip6_arpa_str), + "%x.%x.%x.%x.%x.%x.%x.%x." + "%x.%x.%x.%x.%x.%x.%x.%x." + "%x.%x.%x.%x.%x.%x.%x.%x." + "%x.%x.%x.%x.%x.%x.%x.%x.ip6.arpa.", + (unsigned int)(s6addr[15] & 0x0F), + (unsigned int)(s6addr[15] >> 4), + (unsigned int)(s6addr[14] & 0x0F), + (unsigned int)(s6addr[14] >> 4), + (unsigned int)(s6addr[13] & 0x0F), + (unsigned int)(s6addr[13] >> 4), + (unsigned int)(s6addr[12] & 0x0F), + (unsigned int)(s6addr[12] >> 4), + (unsigned int)(s6addr[11] & 0x0F), + (unsigned int)(s6addr[11] >> 4), + (unsigned int)(s6addr[10] & 0x0F), + (unsigned int)(s6addr[10] >> 4), + (unsigned int)(s6addr[9] & 0x0F), + (unsigned int)(s6addr[9] >> 4), + (unsigned int)(s6addr[8] & 0x0F), + (unsigned int)(s6addr[8] >> 4), + (unsigned int)(s6addr[7] & 0x0F), + (unsigned int)(s6addr[7] >> 4), + (unsigned int)(s6addr[6] & 0x0F), + (unsigned int)(s6addr[6] >> 4), + (unsigned int)(s6addr[5] & 0x0F), + (unsigned int)(s6addr[5] >> 4), + (unsigned int)(s6addr[4] & 0x0F), + (unsigned int)(s6addr[4] >> 4), + (unsigned int)(s6addr[3] & 0x0F), + (unsigned int)(s6addr[3] >> 4), + (unsigned int)(s6addr[2] & 0x0F), + (unsigned int)(s6addr[2] >> 4), + (unsigned int)(s6addr[1] & 0x0F), + (unsigned int)(s6addr[1] >> 4), + (unsigned int)(s6addr[0] & 0x0F), + (unsigned int)(s6addr[0] >> 4)); + name = ip6_arpa_str; + + } else if (!inet_pton(AF_INET, name, &s4addr)) { + error("Syntax error: cannot parse IPv4 address\n"); + + } else { + (void) snprintf(in_addr_arpa_str, sizeof(in_addr_arpa_str), + "%d.%d.%d.%d.in-addr.arpa.", (int)s4addr[3], + (int)s4addr[2], (int)s4addr[1], (int)s4addr[0]); + name = in_addr_arpa_str; + } + + if (src) { + src_rdf = ldns_rdf_new_addr_frm_str(src); + if(!src_rdf) { + fprintf(stderr, "-I must be a valid IP[v6] address.\n"); + exit(EXIT_FAILURE); + } + if (ldns_rdf_size(src_rdf) == 4) { + qfamily = LDNS_RESOLV_INET; + + } else if (ldns_rdf_size(src_rdf) == 16) { + qfamily = LDNS_RESOLV_INET6; + } + } + + /* set the nameserver to use */ + if (!serv) { + /* no server given -- make a resolver from /etc/resolv.conf */ + status = ldns_resolver_new_frm_file(&res, resolv_conf_file); + if (status != LDNS_STATUS_OK) { + warning("Could not create a resolver structure: %s (%s)\n" + "Try drill @localhost if you have a resolver running on your machine.", + ldns_get_errorstr_by_id(status), resolv_conf_file); + result = EXIT_FAILURE; + goto exit; + } + } else { + res = ldns_resolver_new(); + if (!res || strlen(serv) <= 0) { + warning("Could not create a resolver structure"); + result = EXIT_FAILURE; + goto exit; + } + /* add the nameserver */ + serv_rdf = ldns_rdf_new_addr_frm_str(serv); + if (!serv_rdf) { + /* try to resolv the name if possible */ + status = ldns_resolver_new_frm_file(&cmdline_res, resolv_conf_file); + + if (status != LDNS_STATUS_OK) { + error("%s", "@server ip could not be converted"); + } + ldns_resolver_set_dnssec(cmdline_res, qdnssec); + ldns_resolver_set_ip6(cmdline_res, qfamily); + ldns_resolver_set_fallback(cmdline_res, qfallback); + ldns_resolver_set_usevc(cmdline_res, qusevc); + ldns_resolver_set_source(cmdline_res, src_rdf); + + cmdline_dname = ldns_dname_new_frm_str(serv); + + cmdline_rr_list = ldns_get_rr_list_addr_by_name( + cmdline_res, + cmdline_dname, + LDNS_RR_CLASS_IN, + qflags); + ldns_rdf_deep_free(cmdline_dname); + if (!cmdline_rr_list) { + /* This error msg is not always accurate */ + error("%s `%s\'", "could not find any address for the name:", serv); + } else { + if (ldns_resolver_push_nameserver_rr_list( + res, + cmdline_rr_list + ) != LDNS_STATUS_OK) { + error("%s", "pushing nameserver"); + } + } + } else { + if (ldns_resolver_push_nameserver(res, serv_rdf) != LDNS_STATUS_OK) { + error("%s", "pushing nameserver"); + } else { + ldns_rdf_deep_free(serv_rdf); + } + } + } + /* set the resolver options */ + ldns_resolver_set_ixfr_serial(res, serial); + ldns_resolver_set_port(res, qport); + ldns_resolver_set_source(res, src_rdf); + if (verbosity >= 5) { + ldns_resolver_set_debug(res, true); + } else { + ldns_resolver_set_debug(res, false); + } + ldns_resolver_set_dnssec(res, qdnssec); +/* ldns_resolver_set_dnssec_cd(res, qdnssec);*/ + ldns_resolver_set_ip6(res, qfamily); + ldns_resolver_set_fallback(res, qfallback); + ldns_resolver_set_usevc(res, qusevc); + ldns_resolver_set_random(res, qrandom); + if (qbuf != 0) { + ldns_resolver_set_edns_udp_size(res, qbuf); + } + + if (!name && + PURPOSE != DRILL_AFROMFILE && + !query_file + ) { + usage(stdout, progname); + result = EXIT_FAILURE; + goto exit; + } + + if (tsig_name && tsig_data) { + /* With dig TSIG keys are also specified with -y, + * but format with drill is: -y + * and with dig: -y [hmac:]name:key + * + * When we detect an unknown tsig algorithm in algo, + * but a known algorithm in name, we cane assume dig + * order was used. + * + * Following if statement is to anticipate and correct dig order + */ + if ( strcasecmp(tsig_algorithm, "hmac-md5.sig-alg.reg.int") + && strcasecmp(tsig_algorithm, "hmac-md5") + && strcasecmp(tsig_algorithm, "hmac-sha1") + && strcasecmp(tsig_algorithm, "hmac-sha256") + && ( + strcasecmp(tsig_name, "hmac-md5.sig-alg.reg.int") == 0 + || strcasecmp(tsig_name, "hmac-md5") == 0 + || strcasecmp(tsig_name, "hmac-sha1") == 0 + || strcasecmp(tsig_name, "hmac-sha256") == 0 + )) { + + /* Roll options */ + char *tmp_tsig_algorithm = tsig_name; + tsig_name = tsig_data; + tsig_data = tsig_algorithm; + tsig_algorithm = tmp_tsig_algorithm; + } + + if (strcasecmp(tsig_algorithm, "hmac-md5") == 0) { + free(tsig_algorithm); + tsig_algorithm = strdup("hmac-md5.sig-alg.reg.int"); + } + + ldns_resolver_set_tsig_keyname(res, tsig_name); + ldns_resolver_set_tsig_keydata(res, tsig_data); + ldns_resolver_set_tsig_algorithm(res, tsig_algorithm); + } + + /* main switching part of drill */ + switch(PURPOSE) { + case DRILL_TRACE: + /* do a trace from the root down */ + if (!global_dns_root) { + init_root(); + } + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "parsing query name"); + } + /* don't care about return packet */ + do_trace(res, qname, type, clas); + clear_root(); + break; + case DRILL_SECTRACE: + /* do a secure trace from the root down */ + if (!global_dns_root) { + init_root(); + } + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "making qname"); + } + /* don't care about return packet */ +#ifdef HAVE_SSL + result = do_secure_trace(res, qname, type, clas, key_list, trace_start_name); +#endif /* HAVE_SSL */ + clear_root(); + break; + case DRILL_CHASE: + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "making qname"); + } + + ldns_resolver_set_dnssec(res, true); + ldns_resolver_set_dnssec_cd(res, true); + /* set dnssec implies udp_size of 4096 */ + ldns_resolver_set_edns_udp_size(res, 4096); + pkt = NULL; + status = ldns_resolver_query_status( + &pkt, res, qname, type, clas, qflags); + if (status != LDNS_STATUS_OK) { + error("error sending query: %s", + ldns_get_errorstr_by_id(status)); + } + if (!pkt) { + if (status == LDNS_STATUS_OK) { + error("%s", "error pkt sending"); + } + result = EXIT_FAILURE; + } else { + if (verbosity >= 3) { + ldns_pkt_print(stdout, pkt); + } + + if (!ldns_pkt_answer(pkt)) { + mesg("No answer in packet"); + } else { +#ifdef HAVE_SSL + ldns_resolver_set_dnssec_anchors(res, ldns_rr_list_clone(key_list)); + result = do_chase(res, qname, type, + clas, key_list, + pkt, qflags, NULL); + if (result == LDNS_STATUS_OK) { + if (verbosity != -1) { + mesg("Chase successful"); + } + result = 0; + } else { + if (verbosity != -1) { + mesg("Chase failed."); + } + } +#endif /* HAVE_SSL */ + } + ldns_pkt_free(pkt); + } + break; + case DRILL_AFROMFILE: + pkt = read_hex_pkt(answer_file); + if (pkt) { + if (verbosity != -1) { + ldns_pkt_print(stdout, pkt); + } + ldns_pkt_free(pkt); + } + + break; + case DRILL_QTOFILE: + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "making qname"); + } + status = ldns_resolver_prepare_query_pkt(&qpkt, res, qname, type, clas, qflags); + if(status != LDNS_STATUS_OK) { + error("%s", "making query: %s", + ldns_get_errorstr_by_id(status)); + } + dump_hex(qpkt, query_file); + ldns_pkt_free(qpkt); + break; + case DRILL_NSEC: + break; + case DRILL_QUERY: + default: + if (query_file) { + /* this old way, the query packet needed + to be parseable, but we want to be able + to send mangled packets, so we need + to do it directly */ + #if 0 + qpkt = read_hex_pkt(query_file); + if (qpkt) { + status = ldns_resolver_send_pkt(&pkt, res, qpkt); + if (status != LDNS_STATUS_OK) { + printf("Error: %s\n", ldns_get_errorstr_by_id(status)); + exit(1); + } + } else { + /* qpkt was bogus, reset pkt */ + pkt = NULL; + } + #endif + query_buffer = read_hex_buffer(query_file); + if (query_buffer) { + status = ldns_send_buffer(&pkt, res, query_buffer, NULL); + ldns_buffer_free(query_buffer); + if (status != LDNS_STATUS_OK) { + printf("Error: %s\n", ldns_get_errorstr_by_id(status)); + exit(1); + } + } else { + printf("NO BUFFER\n"); + pkt = NULL; + } + } else { + qname = ldns_dname_new_frm_str(name); + if (!qname) { + error("%s", "error in making qname"); + } + + if (type == LDNS_RR_TYPE_AXFR) { + status = ldns_axfr_start(res, qname, clas); + if(status != LDNS_STATUS_OK) { + error("Error starting axfr: %s", + ldns_get_errorstr_by_id(status)); + } + axfr_rr = ldns_axfr_next(res); + if(!axfr_rr) { + fprintf(stderr, "AXFR failed.\n"); + ldns_pkt_print(stdout, + ldns_axfr_last_pkt(res)); + goto exit; + } + while (axfr_rr) { + if (verbosity != -1) { + ldns_rr_print(stdout, axfr_rr); + } + ldns_rr_free(axfr_rr); + axfr_rr = ldns_axfr_next(res); + } + + goto exit; + } else { + /* create a packet and set the RD flag on it */ + pkt = NULL; + + status = ldns_resolver_prepare_query_pkt(&qpkt, + res, qname, type, clas, qflags); + if(status != LDNS_STATUS_OK) { + error("%s", "making query: %s", + ldns_get_errorstr_by_id(status)); + } + + if (edns_list) { + /* attach the structed EDNS options */ + ldns_pkt_set_edns_option_list(qpkt, edns_list); + } + + status = ldns_resolver_send_pkt(&pkt, res, qpkt); + ldns_pkt_free(qpkt); + + if (status != LDNS_STATUS_OK) { + error("error sending query: %s" + , ldns_get_errorstr_by_id( + status)); + } + } + } + + /* now handling the response message/packet */ + if (!pkt) { + mesg("No packet received"); + result = EXIT_FAILURE; + } else { + ldns_pkt_print_fmt(stdout, fmt, pkt); + if (verbosity != -1) { + if (ldns_pkt_tc(pkt)) { + fprintf(stdout, + "\n;; WARNING: The answer packet was truncated; you might want to\n"); + fprintf(stdout, + ";; query again with TCP (-t argument), or EDNS0 (-b for buffer size)\n"); + } + } + if (qds) { + if (verbosity != -1) { + print_ds_of_keys(pkt); + printf("\n"); + } + } + + if (ldns_rr_list_rr_count(key_list) > 0) { + /* -k's were given on the cmd line */ + ldns_rr_list *rrset_verified; + uint16_t key_count; + + rrset_verified = ldns_pkt_rr_list_by_name_and_type( + pkt, qname, type, + LDNS_SECTION_ANY_NOQUESTION); + + if (type == LDNS_RR_TYPE_ANY) { + /* don't verify this */ + break; + } + + if (verbosity != -1) { + printf("; "); + ldns_rr_list_print(stdout, rrset_verified); + } + + /* verify */ +#ifdef HAVE_SSL + key_verified = ldns_rr_list_new(); + result = ldns_pkt_verify(pkt, type, qname, key_list, NULL, key_verified); + + if (result == LDNS_STATUS_ERR) { + /* is the existence denied then? */ + result = ldns_verify_denial(pkt, qname, type, NULL, NULL); + if (result == LDNS_STATUS_OK) { + if (verbosity != -1) { + printf("Existence denied for "); + ldns_rdf_print(stdout, qname); + type_str = ldns_rr_type2str(type); + printf("\t%s\n", type_str); + LDNS_FREE(type_str); + } + } else { + if (verbosity != -1) { + printf("Bad data; RR for name and " + "type not found or failed to " + "verify, and denial of " + "existence failed.\n"); + } + } + } else if (result == LDNS_STATUS_OK) { + for(key_count = 0; key_count < ldns_rr_list_rr_count(key_verified); + key_count++) { + if (verbosity != -1) { + printf("; VALIDATED by id = %u, owner = ", + (unsigned int)ldns_calc_keytag( + ldns_rr_list_rr(key_verified, key_count))); + ldns_rdf_print(stdout, ldns_rr_owner( + ldns_rr_list_rr(key_list, key_count))); + printf("\n"); + } + } + } else { + for(key_count = 0; key_count < ldns_rr_list_rr_count(key_list); + key_count++) { + if (verbosity != -1) { + printf("; %s for id = %u, owner = ", + ldns_get_errorstr_by_id(result), + (unsigned int)ldns_calc_keytag( + ldns_rr_list_rr(key_list, key_count))); + ldns_rdf_print(stdout, ldns_rr_owner( + + ldns_rr_list_rr(key_list, + key_count))); + printf("\n"); + } + } + } + ldns_rr_list_free(key_verified); +#else + (void) key_count; +#endif /* HAVE_SSL */ + } + if (answer_file) { + dump_hex(pkt, answer_file); + } + ldns_pkt_free(pkt); + } + + break; + } + + exit: + ldns_rdf_deep_free(qname); + ldns_rdf_deep_free(src_rdf); + ldns_resolver_deep_free(res); + ldns_resolver_deep_free(cmdline_res); + ldns_rr_list_deep_free(key_list); + ldns_rr_list_deep_free(cmdline_rr_list); + ldns_rdf_deep_free(trace_start_name); + xfree(progname); + xfree(tsig_name); + xfree(tsig_data); + xfree(tsig_algorithm); + +#ifdef HAVE_SSL +#if OPENSSL_VERSION_NUMBER < 0x10100000L || defined(HAVE_LIBRESSL) +#ifdef HAVE_CRYPTO_CLEANUP_ALL_EX_DATA + CRYPTO_cleanup_all_ex_data (); +#endif +#ifdef HAVE_ERR_FREE_STRINGS + ERR_free_strings (); +#endif +#ifdef HAVE_EVP_CLEANUP + EVP_cleanup (); +#endif +#endif +#endif +#ifdef USE_WINSOCK + WSACleanup(); +#endif + + return result; +} diff --git a/zonemaster-ldns/ldns/drill/drill.h b/zonemaster-ldns/ldns/drill/drill.h new file mode 100644 index 0000000..4397fd0 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/drill.h @@ -0,0 +1,100 @@ +/* + * drill.h + * the main header file of drill + * (c) 2005, 2006 NLnet Labs + * + * See the file LICENSE for the license + * + */ +#ifndef _DRILL_H_ +#define _DRILL_H_ +#include "config.h" + +#include "drill_util.h" + +#define DRILL_VERSION PACKAGE_VERSION + +/* what kind of stuff do we allow */ +#define DRILL_QUERY 0 +#define DRILL_TRACE 1 +#define DRILL_CHASE 2 +#define DRILL_AFROMFILE 3 +#define DRILL_QTOFILE 4 +#define DRILL_NSEC 5 +#define DRILL_SECTRACE 7 + +#define DRILL_ON(VAR, BIT) \ +(VAR) = (VAR) | (BIT) +#define DRILL_OFF(VAR, BIT) \ +(VAR) = (VAR) & ~(BIT) + +extern ldns_rr_list *global_dns_root; +extern int verbosity; + +void do_trace(ldns_resolver *res, + ldns_rdf *name, + ldns_rr_type type, + ldns_rr_class c); +ldns_status do_chase(ldns_resolver *res, + ldns_rdf *name, + ldns_rr_type type, + ldns_rr_class c, + ldns_rr_list *trusted_keys, + ldns_pkt *pkt_o, + uint16_t qflags, + ldns_rr_list *prev_key_list); +int do_secure_trace(ldns_resolver *res, + ldns_rdf *name, + ldns_rr_type type, + ldns_rr_class c, + ldns_rr_list *trusted_keys, + ldns_rdf *start_name); + +ldns_rr_list * get_rr(ldns_resolver *res, + ldns_rdf *zname, + ldns_rr_type t, + ldns_rr_class c); + +void drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p); +void drill_pkt_print_footer(FILE *fd, ldns_resolver *r, ldns_pkt *p); + +ldns_pkt_type get_dnssec_rr(ldns_pkt *p, + ldns_rdf *name, + ldns_rr_type t, + ldns_rr_list **rrlist, + ldns_rr_list **sig); + +ldns_rr *ldns_nsec3_exact_match(ldns_rdf *qname, + ldns_rr_type qtype, + ldns_rr_list *nsec3s); + +ldns_rdf *ldns_nsec3_closest_encloser(ldns_rdf *qname, + ldns_rr_type qtype, + ldns_rr_list *nsec3s); + +/* verifies denial of existence of *name in *pkt (must contain NSEC or NSEC3 records + * if *nsec_rrs and *nsec_rr_sigs are given, pointers to the relevant nsecs and their signatures are + * placed there + */ +ldns_status ldns_verify_denial(ldns_pkt *pkt, + ldns_rdf *name, + ldns_rr_type type, + ldns_rr_list **nsec_rrs, + ldns_rr_list **nsec_rr_sigs); + +ldns_pkt *read_hex_pkt(char *filename); +ldns_buffer *read_hex_buffer(char *filename); +void init_root(void); +ldns_rr_list *read_root_hints(const char *filename); +void clear_root(void); +void dump_hex(const ldns_pkt *pkt, const char *file); +void warning(const char *fmt, ...); +void error(const char *fmt, ...); +void mesg(const char *fmt, ...); + +/* screen.c */ +void resolver_print_nameservers(ldns_resolver *r); +void print_dnskey(ldns_rr_list *key_list); +void print_ds(ldns_rr_list *ds_list); + +#endif /* _DRILL_H_ */ diff --git a/zonemaster-ldns/ldns/drill/drill_util.c b/zonemaster-ldns/ldns/drill/drill_util.c new file mode 100644 index 0000000..9cf90a5 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/drill_util.c @@ -0,0 +1,311 @@ +/* + * util.c + * some handy function needed in drill and not implemented + * in ldns + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +#include + +static int +read_line(FILE *input, char *line, size_t len) +{ + int i; + int c; + + for (i = 0; i < (int)len-1; i++) { + c = getc(input); + if (c == EOF) { + return -1; + } else if (c != '\n') { + line[i] = c; + } else { + break; + } + } + line[i] = '\0'; + return i; +} + +/* key_list must be initialized with ldns_rr_list_new() */ +ldns_status +read_key_file(const char *filename, ldns_rr_list *key_list, bool silently) +{ + int line_len = 0; + int line_nr = 0; + int key_count = 0; + char line[LDNS_MAX_LINELEN]; + ldns_status status; + FILE *input_file; + ldns_rr *rr; + + input_file = fopen(filename, "r"); + if (!input_file) { + if (! silently) { + fprintf(stderr, "Error opening %s: %s\n", + filename, strerror(errno)); + } + return LDNS_STATUS_ERR; + } + while (line_len >= 0) { + line_len = (int) read_line(input_file, line, sizeof(line)); + line_nr++; + if (line_len > 0 && line[0] != ';') { + status = ldns_rr_new_frm_str(&rr, line, 0, NULL, NULL); + if (status != LDNS_STATUS_OK) { + if (! silently) { + fprintf(stderr, + "Error parsing DNSKEY RR " + "in line %d: %s\n", line_nr, + ldns_get_errorstr_by_id(status) + ); + } + } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY || + ldns_rr_get_type(rr) == LDNS_RR_TYPE_DS) { + ldns_rr_list_push_rr(key_list, rr); + key_count++; + } else { + ldns_rr_free(rr); + } + } + } + fclose(input_file); + if (key_count > 0) { + return LDNS_STATUS_OK; + } else { + /*fprintf(stderr, "No keys read\n");*/ + return LDNS_STATUS_ERR; + } +} + +ldns_rdf * +ldns_rdf_new_addr_frm_str(char *str) +{ + ldns_rdf *a; + + a = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, str); + if (!a) { + /* maybe ip6 */ + a = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, str); + if (!a) { + return NULL; + } + } + return a; +} + +static inline void +local_print_ds(FILE* out, const char* pre, ldns_rr* ds) +{ + if (out && ds) { + fprintf(out, "%s", pre); + ldns_rr_print(out, ds); + ldns_rr_free(ds); + } +} + +/* + * For all keys in a packet print the DS + */ +void +print_ds_of_keys(ldns_pkt *p) +{ + ldns_rr_list *keys; + uint16_t i; + ldns_rr *ds; + + /* TODO fix the section stuff, here or in ldns */ + keys = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_DNSKEY, + LDNS_SECTION_ANSWER); + + /* this also returns the question section rr, which does not + * have any data.... and this inturn crashes everything */ + + if (keys) { + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) { + fprintf(stdout, ";\n; equivalent DS records for key %u:\n", + (unsigned int)ldns_calc_keytag(ldns_rr_list_rr(keys, i))); + + ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA1); + local_print_ds(stdout, "; sha1: ", ds); + ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA256); + local_print_ds(stdout, "; sha256: ", ds); + } + ldns_rr_list_deep_free(keys); + } +} + +static void +print_class_type(FILE *fp, ldns_rr *r) +{ + ldns_lookup_table *lt; + lt = ldns_lookup_by_id(ldns_rr_classes, ldns_rr_get_class(r)); + if (lt) { + fprintf(fp, " %s", lt->name); + } else { + fprintf(fp, " CLASS%d", ldns_rr_get_class(r)); + } + /* okay not THE way - but the quickest */ + switch (ldns_rr_get_type(r)) { + case LDNS_RR_TYPE_RRSIG: + fprintf(fp, " RRSIG "); + break; + case LDNS_RR_TYPE_DNSKEY: + fprintf(fp, " DNSKEY "); + break; + case LDNS_RR_TYPE_DS: + fprintf(fp, " DS "); + break; + default: + break; + } +} + + +void +print_ds_abbr(FILE *fp, ldns_rr *ds) +{ + if (!ds || (ldns_rr_get_type(ds) != LDNS_RR_TYPE_DS)) { + return; + } + + ldns_rdf_print(fp, ldns_rr_owner(ds)); + fprintf(fp, " %d", (int)ldns_rr_ttl(ds)); + print_class_type(fp, ds); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 0)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 1)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 2)); fprintf(fp, " "); + ldns_rdf_print(fp, ldns_rr_rdf(ds, 3)); fprintf(fp, " "); +} + +/* print some of the elements of a signature */ +void +print_rrsig_abbr(FILE *fp, ldns_rr *sig) { + if (!sig || (ldns_rr_get_type(sig) != LDNS_RR_TYPE_RRSIG)) { + return; + } + + ldns_rdf_print(fp, ldns_rr_owner(sig)); + fprintf(fp, " %d", (int)ldns_rr_ttl(sig)); + print_class_type(fp, sig); + + /* print a number of rdf's */ + /* typecovered */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 0)); fprintf(fp, " "); + /* algo */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 1)); fprintf(fp, " "); + /* labels */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 2)); fprintf(fp, " (\n\t\t\t"); + /* expir */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 4)); fprintf(fp, " "); + /* incep */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 5)); fprintf(fp, " "); + /* key-id */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 6)); fprintf(fp, " "); + /* key owner */ + ldns_rdf_print(fp, ldns_rr_rdf(sig, 7)); fprintf(fp, ")"); +} + +void +print_dnskey_abbr(FILE *fp, ldns_rr *key) +{ + if (!key || (ldns_rr_get_type(key) != LDNS_RR_TYPE_DNSKEY)) { + return; + } + + ldns_rdf_print(fp, ldns_rr_owner(key)); + fprintf(fp, " %d", (int)ldns_rr_ttl(key)); + print_class_type(fp, key); + + /* print a number of rdf's */ + /* flags */ + ldns_rdf_print(fp, ldns_rr_rdf(key, 0)); fprintf(fp, " "); + /* proto */ + ldns_rdf_print(fp, ldns_rr_rdf(key, 1)); fprintf(fp, " "); + /* algo */ + ldns_rdf_print(fp, ldns_rr_rdf(key, 2)); + + if (ldns_rdf2native_int16(ldns_rr_rdf(key, 0)) == 256) { + fprintf(fp, " ;{id = %u (zsk), size = %db}", (unsigned int)ldns_calc_keytag(key), + (int)ldns_rr_dnskey_key_size(key)); + return; + } + if (ldns_rdf2native_int16(ldns_rr_rdf(key, 0)) == 257) { + fprintf(fp, " ;{id = %u (ksk), size = %db}", (unsigned int)ldns_calc_keytag(key), + (int)ldns_rr_dnskey_key_size(key)); + return; + } + fprintf(fp, " ;{id = %u, size = %db}", (unsigned int)ldns_calc_keytag(key), + (int)ldns_rr_dnskey_key_size(key)); +} + +void +print_rr_list_abbr(FILE *fp, ldns_rr_list *rrlist, const char *usr) +{ + size_t i; + ldns_rr_type tp; + + for(i = 0; i < ldns_rr_list_rr_count(rrlist); i++) { + tp = ldns_rr_get_type(ldns_rr_list_rr(rrlist, i)); + if (i == 0 && tp != LDNS_RR_TYPE_RRSIG) { + if (usr) { + fprintf(fp, "%s ", usr); + } + } + switch(tp) { + case LDNS_RR_TYPE_DNSKEY: + print_dnskey_abbr(fp, ldns_rr_list_rr(rrlist, i)); + break; + case LDNS_RR_TYPE_RRSIG: + print_rrsig_abbr(fp, ldns_rr_list_rr(rrlist, i)); + break; + case LDNS_RR_TYPE_DS: + print_ds_abbr(fp, ldns_rr_list_rr(rrlist, i)); + break; + default: + /* not handled */ + break; + } + fputs("\n", fp); + } +} + +void * +xmalloc(size_t s) +{ + void *p; + + p = malloc(s); + if (!p) { + printf("Mem failure\n"); + exit(EXIT_FAILURE); + } + return p; +} + +void * +xrealloc(void *p, size_t size) +{ + void *q; + + q = realloc(p, size); + if (!q) { + printf("Mem failure\n"); + exit(EXIT_FAILURE); + } + return q; +} + +void +xfree(void *p) +{ + if (p) { + free(p); + } +} diff --git a/zonemaster-ldns/ldns/drill/drill_util.h b/zonemaster-ldns/ldns/drill/drill_util.h new file mode 100644 index 0000000..42b3f32 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/drill_util.h @@ -0,0 +1,65 @@ +/* + * util.h + * util.c header file + * in ldns + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#ifndef _DRILL_UTIL_H_ +#define _DRILL_UTIL_H_ +#include + + +/** + * Read keys from filename and append to key_list. + */ +ldns_status read_key_file(const char *filename, ldns_rr_list *key_list, + bool silently); + +/** + * return a address rdf, either A or AAAA + * NULL if anything goes wrong + */ +ldns_rdf * ldns_rdf_new_addr_frm_str(char *); + +/** + * print all the ds of the keys in the packet + */ +void print_ds_of_keys(ldns_pkt *p); + +/** + * print some rdfs of a signature + */ +void print_rrsig_abbr(FILE *fp, ldns_rr *sig); +/** + * print some rdfs of a dnskey + */ +void print_dnskey_abbr(FILE *fp, ldns_rr *key); +/** + * print some rdfs of a ds + */ +void print_ds_abbr(FILE *fp, ldns_rr *ds); + +/** + * print some rdfs of a rr in a rr_list + */ +void print_rr_list_abbr(FILE *fp, ldns_rr_list *sig, const char *usr); + +/** + * Alloc some memory, with error checking + */ +void *xmalloc(size_t s); + +/** + * Realloc some memory, with error checking + */ +void *xrealloc(void *p, size_t s); + +/** + * Free the data + */ +void xfree(void *q); +#endif /* _DRILL_UTIL_H_ */ diff --git a/zonemaster-ldns/ldns/drill/error.c b/zonemaster-ldns/ldns/drill/error.c new file mode 100644 index 0000000..137021f --- /dev/null +++ b/zonemaster-ldns/ldns/drill/error.c @@ -0,0 +1,86 @@ +/** + * error.c + * + * error reporting routines + * basically wrappers around printf + * + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +static void +warning_va_list(const char *fmt, va_list args) +{ + fprintf(stderr, "Warning: "); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); +} + +void +warning(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + warning_va_list(fmt, args); + va_end(args); +} + +static void +error_va_list(const char *fmt, va_list args) +{ + fprintf(stderr, "Error: "); + vfprintf(stderr, fmt, args); + fprintf(stderr, "\n"); +} + +void +error(const char *fmt, ...) +{ + va_list args; + va_start(args, fmt); + error_va_list(fmt, args); + va_end(args); + exit(EXIT_FAILURE); +} + +static void +verbose_va_list(const char *fmt, va_list args) +{ + vfprintf(stdout, fmt, args); + fprintf(stdout, "\n"); +} + +/* print stuff */ +void +mesg(const char *fmt, ...) +{ + va_list args; + if (verbosity == -1) { + return; + } + fprintf(stdout, ";; "); + va_start(args, fmt); + verbose_va_list(fmt, args); + va_end(args); +} + +#if 0 +/* print stuff when in verbose mode (1) */ +void +verbose(const char *fmt, ...) +{ + va_list args; + if (verbosity < 1) { + return; + } + + va_start(args, fmt); + verbose_va_list(fmt, args); + va_end(args); +} +#endif diff --git a/zonemaster-ldns/ldns/drill/install-sh b/zonemaster-ldns/ldns/drill/install-sh new file mode 100755 index 0000000..6781b98 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/install-sh @@ -0,0 +1,520 @@ +#!/bin/sh +# install - install a program, script, or datafile + +scriptversion=2009-04-28.21; # UTC + +# This originates from X11R5 (mit/util/scripts/install.sh), which was +# later released in X11R6 (xc/config/util/install.sh) with the +# following copyright and license. +# +# Copyright (C) 1994 X Consortium +# +# Permission is hereby granted, free of charge, to any person obtaining a copy +# of this software and associated documentation files (the "Software"), to +# deal in the Software without restriction, including without limitation the +# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or +# sell copies of the Software, and to permit persons to whom the Software is +# furnished to do so, subject to the following conditions: +# +# The above copyright notice and this permission notice shall be included in +# all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +# X CONSORTIUM BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN +# AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNEC- +# TION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. +# +# Except as contained in this notice, the name of the X Consortium shall not +# be used in advertising or otherwise to promote the sale, use or other deal- +# ings in this Software without prior written authorization from the X Consor- +# tium. +# +# +# FSF changes to this file are in the public domain. +# +# Calling this script install-sh is preferred over install.sh, to prevent +# `make' implicit rules from creating a file called install from it +# when there is no Makefile. +# +# This script is compatible with the BSD install script, but was written +# from scratch. + +nl=' +' +IFS=" "" $nl" + +# set DOITPROG to echo to test this script + +# Don't use :- since 4.3BSD and earlier shells don't like it. +doit=${DOITPROG-} +if test -z "$doit"; then + doit_exec=exec +else + doit_exec=$doit +fi + +# Put in absolute file names if you don't have them in your path; +# or use environment vars. + +chgrpprog=${CHGRPPROG-chgrp} +chmodprog=${CHMODPROG-chmod} +chownprog=${CHOWNPROG-chown} +cmpprog=${CMPPROG-cmp} +cpprog=${CPPROG-cp} +mkdirprog=${MKDIRPROG-mkdir} +mvprog=${MVPROG-mv} +rmprog=${RMPROG-rm} +stripprog=${STRIPPROG-strip} + +posix_glob='?' +initialize_posix_glob=' + test "$posix_glob" != "?" || { + if (set -f) 2>/dev/null; then + posix_glob= + else + posix_glob=: + fi + } +' + +posix_mkdir= + +# Desired mode of installed file. +mode=0755 + +chgrpcmd= +chmodcmd=$chmodprog +chowncmd= +mvcmd=$mvprog +rmcmd="$rmprog -f" +stripcmd= + +src= +dst= +dir_arg= +dst_arg= + +copy_on_change=false +no_target_directory= + +usage="\ +Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE + or: $0 [OPTION]... SRCFILES... DIRECTORY + or: $0 [OPTION]... -t DIRECTORY SRCFILES... + or: $0 [OPTION]... -d DIRECTORIES... + +In the 1st form, copy SRCFILE to DSTFILE. +In the 2nd and 3rd, copy all SRCFILES to DIRECTORY. +In the 4th, create DIRECTORIES. + +Options: + --help display this help and exit. + --version display version info and exit. + + -c (ignored) + -C install only if different (preserve the last data modification time) + -d create directories instead of installing files. + -g GROUP $chgrpprog installed files to GROUP. + -m MODE $chmodprog installed files to MODE. + -o USER $chownprog installed files to USER. + -s $stripprog installed files. + -t DIRECTORY install into DIRECTORY. + -T report an error if DSTFILE is a directory. + +Environment variables override the default commands: + CHGRPPROG CHMODPROG CHOWNPROG CMPPROG CPPROG MKDIRPROG MVPROG + RMPROG STRIPPROG +" + +while test $# -ne 0; do + case $1 in + -c) ;; + + -C) copy_on_change=true;; + + -d) dir_arg=true;; + + -g) chgrpcmd="$chgrpprog $2" + shift;; + + --help) echo "$usage"; exit $?;; + + -m) mode=$2 + case $mode in + *' '* | *' '* | *' +'* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; + + -o) chowncmd="$chownprog $2" + shift;; + + -s) stripcmd=$stripprog;; + + -t) dst_arg=$2 + shift;; + + -T) no_target_directory=true;; + + --version) echo "$0 $scriptversion"; exit $?;; + + --) shift + break;; + + -*) echo "$0: invalid option: $1" >&2 + exit 1;; + + *) break;; + esac + shift +done + +if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then + # When -d is used, all remaining arguments are directories to create. + # When -t is used, the destination is already specified. + # Otherwise, the last argument is the destination. Remove it from $@. + for arg + do + if test -n "$dst_arg"; then + # $@ is not empty: it contains at least $arg. + set fnord "$@" "$dst_arg" + shift # fnord + fi + shift # arg + dst_arg=$arg + done +fi + +if test $# -eq 0; then + if test -z "$dir_arg"; then + echo "$0: no input file specified." >&2 + exit 1 + fi + # It's OK to call `install-sh -d' without argument. + # This can happen when creating conditional directories. + exit 0 +fi + +if test -z "$dir_arg"; then + trap '(exit $?); exit' 1 2 13 15 + + # Set umask so as not to create temps with too-generous modes. + # However, 'strip' requires both read and write access to temps. + case $mode in + # Optimize common cases. + *644) cp_umask=133;; + *755) cp_umask=22;; + + *[0-7]) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw='% 200' + fi + cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; + *) + if test -z "$stripcmd"; then + u_plus_rw= + else + u_plus_rw=,u+rw + fi + cp_umask=$mode$u_plus_rw;; + esac +fi + +for src +do + # Protect names starting with `-'. + case $src in + -*) src=./$src;; + esac + + if test -n "$dir_arg"; then + dst=$src + dstdir=$dst + test -d "$dstdir" + dstdir_status=$? + else + + # Waiting for this to be detected by the "$cpprog $src $dsttmp" command + # might cause directories to be created, which would be especially bad + # if $src (and thus $dsttmp) contains '*'. + if test ! -f "$src" && test ! -d "$src"; then + echo "$0: $src does not exist." >&2 + exit 1 + fi + + if test -z "$dst_arg"; then + echo "$0: no destination specified." >&2 + exit 1 + fi + + dst=$dst_arg + # Protect names starting with `-'. + case $dst in + -*) dst=./$dst;; + esac + + # If destination is a directory, append the input filename; won't work + # if double slashes aren't ignored. + if test -d "$dst"; then + if test -n "$no_target_directory"; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 + fi + dstdir=$dst + dst=$dstdir/`basename "$src"` + dstdir_status=0 + else + # Prefer dirname, but fall back on a substitute if dirname fails. + dstdir=` + (dirname "$dst") 2>/dev/null || + expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ + X"$dst" : 'X\(//\)[^/]' \| \ + X"$dst" : 'X\(//\)$' \| \ + X"$dst" : 'X\(/\)' \| . 2>/dev/null || + echo X"$dst" | + sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ + s//\1/ + q + } + /^X\(\/\/\)[^/].*/{ + s//\1/ + q + } + /^X\(\/\/\)$/{ + s//\1/ + q + } + /^X\(\/\).*/{ + s//\1/ + q + } + s/.*/./; q' + ` + + test -d "$dstdir" + dstdir_status=$? + fi + fi + + obsolete_mkdir_used=false + + if test $dstdir_status != 0; then + case $posix_mkdir in + '') + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 + + if (umask $mkdir_umask && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writeable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + ls_ld_tmpdir=`ls -ld "$tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/d" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null + fi + trap '' 0;; + esac;; + esac + + if + $posix_mkdir && ( + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + ) + then : + else + + # The umask is ridiculous, or mkdir does not conform to POSIX, + # or it failed possibly due to a race condition. Create the + # directory the slow way, step by step, checking for races as we go. + + case $dstdir in + /*) prefix='/';; + -*) prefix='./';; + *) prefix='';; + esac + + eval "$initialize_posix_glob" + + oIFS=$IFS + IFS=/ + $posix_glob set -f + set fnord $dstdir + shift + $posix_glob set +f + IFS=$oIFS + + prefixes= + + for d + do + test -z "$d" && continue + + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ + done + + if test -n "$prefixes"; then + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true + fi + fi + fi + + if test -n "$dir_arg"; then + { test -z "$chowncmd" || $doit $chowncmd "$dst"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dst"; } && + { test "$obsolete_mkdir_used$chowncmd$chgrpcmd" = false || + test -z "$chmodcmd" || $doit $chmodcmd $mode "$dst"; } || exit 1 + else + + # Make a couple of temp file names in the proper directory. + dsttmp=$dstdir/_inst.$$_ + rmtmp=$dstdir/_rm.$$_ + + # Trap to clean up those temp files at exit. + trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 + + # Copy the file name to the temp name. + (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + + # and set any options; do chmod last to preserve setuid bits. + # + # If any of these fail, we abort the whole thing. If we want to + # ignore errors from any of these, just make sure not to ignore + # errors from the above "$doit $cpprog $src $dsttmp" command. + # + { test -z "$chowncmd" || $doit $chowncmd "$dsttmp"; } && + { test -z "$chgrpcmd" || $doit $chgrpcmd "$dsttmp"; } && + { test -z "$stripcmd" || $doit $stripcmd "$dsttmp"; } && + { test -z "$chmodcmd" || $doit $chmodcmd $mode "$dsttmp"; } && + + # If -C, don't bother to copy if it wouldn't change the file. + if $copy_on_change && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + + eval "$initialize_posix_glob" && + $posix_glob set -f && + set X $old && old=:$2:$4:$5:$6 && + set X $new && new=:$2:$4:$5:$6 && + $posix_glob set +f && + + test "$old" = "$new" && + $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 + then + rm -f "$dsttmp" + else + # Rename the file to the real destination. + $doit $mvcmd -f "$dsttmp" "$dst" 2>/dev/null || + + # The rename failed, perhaps because mv can't rename something else + # to itself, or perhaps because mv is so ancient that it does not + # support -f. + { + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && + + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" + } + fi || exit 1 + + trap '' 0 + fi +done + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "scriptversion=" +# time-stamp-format: "%:y-%02m-%02d.%02H" +# time-stamp-time-zone: "UTC" +# time-stamp-end: "; # UTC" +# End: diff --git a/zonemaster-ldns/ldns/drill/root.c b/zonemaster-ldns/ldns/drill/root.c new file mode 100644 index 0000000..8705094 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/root.c @@ -0,0 +1,134 @@ +/* + * root.c + * Function to handle to the rootservers + * and to update and prime them + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include +#include + +/* a global list of the root-servers */ +ldns_rr_list *global_dns_root = NULL; + +/* put a hardcoded list in the root and + * init the root rrlist structure */ +void +init_root(void) +{ + ldns_rr *r; + + global_dns_root = ldns_rr_list_new(); + + (void)ldns_rr_new_frm_str(&r, "A.ROOT-SERVERS.NET. 3600000 A 198.41.0.4", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "A.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:BA3E::2:30", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "B.ROOT-SERVERS.NET. 3600000 A 170.247.170.2", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "B.ROOT-SERVERS.NET. 3600000 AAAA 2801:1b8:10::B", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "C.ROOT-SERVERS.NET. 3600000 A 192.33.4.12", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "C.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2::C", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "D.ROOT-SERVERS.NET. 3600000 A 199.7.91.13", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "D.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2D::D", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "E.ROOT-SERVERS.NET. 3600000 A 192.203.230.10", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "E.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:A8::E", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "F.ROOT-SERVERS.NET. 3600000 A 192.5.5.241", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "F.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:2F::F", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "G.ROOT-SERVERS.NET. 3600000 A 192.112.36.4", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "G.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:12::D0D", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "H.ROOT-SERVERS.NET. 3600000 A 198.97.190.53", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "H.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:1::53", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "I.ROOT-SERVERS.NET. 3600000 A 192.36.148.17", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "I.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FE::53", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "J.ROOT-SERVERS.NET. 3600000 A 192.58.128.30", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "J.ROOT-SERVERS.NET. 3600000 AAAA 2001:503:C27::2:30", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "K.ROOT-SERVERS.NET. 3600000 A 193.0.14.129 ", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "K.ROOT-SERVERS.NET. 3600000 AAAA 2001:7FD::1", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "L.ROOT-SERVERS.NET. 3600000 A 199.7.83.42", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "L.ROOT-SERVERS.NET. 3600000 AAAA 2001:500:9F::42", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "M.ROOT-SERVERS.NET. 3600000 A 202.12.27.33", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); + (void)ldns_rr_new_frm_str(&r, "M.ROOT-SERVERS.NET. 3600000 AAAA 2001:DC3::35", 0, NULL, NULL); + ldns_rr_list_push_rr(global_dns_root, r); +} + +/* + * Read a hints file as root + * + * The file with the given path should contain a list of NS RRs + * for the root zone and A records for those NS RRs. + * Read them, check them, and append the a records to the rr list given. + */ +ldns_rr_list * +read_root_hints(const char *filename) +{ + FILE *fp = NULL; + int line_nr = 0; + ldns_zone *z; + ldns_status status; + ldns_rr_list *addresses = NULL; + ldns_rr *rr; + size_t i; + + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s for reading: %s\n", filename, strerror(errno)); + return NULL; + } + + status = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, 0, &line_nr); + fclose(fp); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error reading root hints file: %s\n", ldns_get_errorstr_by_id(status)); + return NULL; + } else { + addresses = ldns_rr_list_new(); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { + rr = ldns_rr_list_rr(ldns_zone_rrs(z), i); + /*if ((address_family == 0 || address_family == 1) && + */ + if ( ldns_rr_get_type(rr) == LDNS_RR_TYPE_A ) { + ldns_rr_list_push_rr(addresses, ldns_rr_clone(rr)); + } + /*if ((address_family == 0 || address_family == 2) &&*/ + if ( ldns_rr_get_type(rr) == LDNS_RR_TYPE_AAAA) { + ldns_rr_list_push_rr(addresses, ldns_rr_clone(rr)); + } + } + ldns_zone_deep_free(z); + return addresses; + } +} + + +void +clear_root(void) +{ + ldns_rr_list_deep_free(global_dns_root); +} diff --git a/zonemaster-ldns/ldns/drill/securetrace.c b/zonemaster-ldns/ldns/drill/securetrace.c new file mode 100644 index 0000000..90014b4 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/securetrace.c @@ -0,0 +1,797 @@ +/* + * securechasetrace.c + * Where all the hard work concerning secure tracing is done + * + * (c) 2005, 2006 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +#define SELF "[S]" /* self sig ok */ +#define TRUST "[T]" /* chain from parent */ +#define BOGUS "[B]" /* bogus */ +#define UNSIGNED "[U]" /* no relevant dnssec data found */ + +#if 0 +/* See if there is a key/ds in trusted that matches + * a ds in *ds. + */ +static ldns_rr_list * +ds_key_match(ldns_rr_list *ds, ldns_rr_list *trusted) +{ + size_t i, j; + bool match; + ldns_rr *rr_i, *rr_j; + ldns_rr_list *keys; + + if (!trusted || !ds) { + return NULL; + } + + match = false; + keys = ldns_rr_list_new(); + if (!keys) { + return NULL; + } + + if (!ds || !trusted) { + return NULL; + } + + for (i = 0; i < ldns_rr_list_rr_count(trusted); i++) { + rr_i = ldns_rr_list_rr(trusted, i); + for (j = 0; j < ldns_rr_list_rr_count(ds); j++) { + + rr_j = ldns_rr_list_rr(ds, j); + if (ldns_rr_compare_ds(rr_i, rr_j)) { + match = true; + /* only allow unique RRs to match */ + ldns_rr_set_push_rr(keys, rr_i); + } + } + } + if (match) { + return keys; + } else { + return NULL; + } +} +#endif + +static ldns_pkt * +get_dnssec_pkt(ldns_resolver *r, ldns_rdf *name, ldns_rr_type t) +{ + ldns_pkt *p = NULL; + p = ldns_resolver_query(r, name, t, LDNS_RR_CLASS_IN, 0); + if (!p) { + return NULL; + } else { + if (verbosity >= 5) { + ldns_pkt_print(stdout, p); + } + return p; + } +} + +#ifdef HAVE_SSL +/* + * retrieve keys for this zone + */ +static ldns_pkt_type +get_key(ldns_pkt *p, ldns_rdf *apexname, ldns_rr_list **rrlist, ldns_rr_list **opt_sig) +{ + return get_dnssec_rr(p, apexname, LDNS_RR_TYPE_DNSKEY, rrlist, opt_sig); +} + +/* + * check to see if we can find a DS rrset here which we can then follow + */ +static ldns_pkt_type +get_ds(ldns_pkt *p, ldns_rdf *ownername, ldns_rr_list **rrlist, ldns_rr_list **opt_sig) +{ + return get_dnssec_rr(p, ownername, LDNS_RR_TYPE_DS, rrlist, opt_sig); +} +#endif /* HAVE_SSL */ + +static void +remove_resolver_nameservers(ldns_resolver *res) +{ + ldns_rdf *pop; + + /* remove the old nameserver from the resolver */ + while((pop = ldns_resolver_pop_nameserver(res))) { + ldns_rdf_deep_free(pop); + } + +} + +/*ldns_pkt **/ +#ifdef HAVE_SSL +int +do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, + ldns_rr_class c, ldns_rr_list *trusted_keys, ldns_rdf *start_name + ) +{ + ldns_resolver *res; + ldns_pkt *p, *local_p; + ldns_rr_list *new_nss; + ldns_rr_list *ns_addr; + ldns_rdf *pop; + ldns_rdf **labels = NULL; + ldns_status status, st; + ssize_t i; + size_t j; + size_t k; + size_t l; + uint8_t labels_count = 0; + + /* dnssec */ + ldns_rr_list *key_list; + ldns_rr_list *key_sig_list; + ldns_rr_list *ds_list; + ldns_rr_list *ds_sig_list; + ldns_rr_list *correct_key_list; + ldns_rr_list *trusted_ds_rrs; + bool new_keys_trusted = false; + ldns_rr_list *current_correct_keys = NULL; + ldns_rr_list *dataset; + + ldns_rr_list *nsec_rrs = NULL; + ldns_rr_list *nsec_rr_sigs = NULL; + + /* empty non-terminal check */ + bool ent; + ldns_rr *nsecrr; /* The nsec that proofs the non-terminal */ + ldns_rdf *hashed_name; /* The query hashed with nsec3 params */ + ldns_rdf *label0; /* The first label of an nsec3 owner name */ + + /* glue handling */ + ldns_rr_list *new_ns_addr; + ldns_rr_list *old_ns_addr; + ldns_rr *ns_rr; + + int result = 0; + + /* printing niceness */ + const ldns_rr_descriptor *descriptor; + + descriptor = ldns_rr_descript(t); + + new_nss = NULL; + ns_addr = NULL; + key_list = NULL; + ds_list = NULL; + + p = NULL; + local_p = NULL; + res = ldns_resolver_new(); + key_sig_list = NULL; + ds_sig_list = NULL; + + if (!res) { + error("Memory allocation failed"); + result = -1; + return result; + } + + correct_key_list = ldns_rr_list_new(); + if (!correct_key_list) { + error("Memory allocation failed"); + result = -1; + return result; + } + + trusted_ds_rrs = ldns_rr_list_new(); + if (!trusted_ds_rrs) { + error("Memory allocation failed"); + result = -1; + return result; + } + /* Add all preset trusted DS signatures to the list of trusted DS RRs. */ + for (j = 0; j < ldns_rr_list_rr_count(trusted_keys); j++) { + ldns_rr* one_rr = ldns_rr_list_rr(trusted_keys, j); + if (ldns_rr_get_type(one_rr) == LDNS_RR_TYPE_DS) { + ldns_rr_list_push_rr(trusted_ds_rrs, ldns_rr_clone(one_rr)); + } + } + + /* transfer some properties of local_res to res */ + ldns_resolver_set_ip6(res, + ldns_resolver_ip6(local_res)); + ldns_resolver_set_port(res, + ldns_resolver_port(local_res)); + ldns_resolver_set_debug(res, + ldns_resolver_debug(local_res)); + ldns_resolver_set_fail(res, + ldns_resolver_fail(local_res)); + ldns_resolver_set_usevc(res, + ldns_resolver_usevc(local_res)); + ldns_resolver_set_random(res, + ldns_resolver_random(local_res)); + ldns_resolver_set_source(res, + ldns_resolver_source(local_res)); + ldns_resolver_set_recursive(local_res, true); + + ldns_resolver_set_recursive(res, false); + ldns_resolver_set_dnssec_cd(res, false); + ldns_resolver_set_dnssec(res, true); + + /* setup the root nameserver in the new resolver */ + status = ldns_resolver_push_nameserver_rr_list(res, global_dns_root); + if (status != LDNS_STATUS_OK) { + printf("ERRRRR: %s\n", ldns_get_errorstr_by_id(status)); + ldns_rr_list_print(stdout, global_dns_root); + result = status; + goto done; + } + labels_count = ldns_dname_label_count(name); + if (start_name) { + if (ldns_dname_is_subdomain(name, start_name)) { + labels_count -= ldns_dname_label_count(start_name); + } else { + fprintf(stderr, "Error; "); + ldns_rdf_print(stderr, name); + fprintf(stderr, " is not a subdomain of "); + ldns_rdf_print(stderr, start_name); + fprintf(stderr, "\n"); + goto done; + } + } + labels = LDNS_CALLOC(ldns_rdf*, labels_count + 2); + if (!labels) { + goto done; + } + labels[0] = ldns_dname_new_frm_str(LDNS_ROOT_LABEL_STR); + labels[1] = ldns_rdf_clone(name); + for(i = 2 ; i < (ssize_t)labels_count + 2; i++) { + labels[i] = ldns_dname_left_chop(labels[i - 1]); + } + + /* get the nameserver for the label + * ask: dnskey and ds for the label + */ + for(i = (ssize_t)labels_count + 1; i > 0; i--) { + status = ldns_resolver_send(&local_p, res, labels[i], LDNS_RR_TYPE_NS, c, 0); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error sending query: %s\n", ldns_get_errorstr_by_id(status)); + result = status; + goto done; + } + + /* TODO: handle status */ + + if (verbosity >= 5) { + ldns_pkt_print(stdout, local_p); + } + + new_nss = ldns_pkt_rr_list_by_type(local_p, + LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER); + if (!new_nss) { + /* if it's a delegation, servers put them in the auth section */ + new_nss = ldns_pkt_rr_list_by_type(local_p, + LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY); + } + + /* if this is the final step there might not be nameserver records + of course if the data is in the apex, there are, so cover both + cases */ + if (new_nss || i > 1) { + for(j = 0; j < ldns_rr_list_rr_count(new_nss); j++) { + ns_rr = ldns_rr_list_rr(new_nss, j); + pop = ldns_rr_rdf(ns_rr, 0); + if (!pop) { + printf("nopo\n"); + break; + } + /* retrieve it's addresses */ + /* trust glue? */ + new_ns_addr = NULL; + if (ldns_dname_is_subdomain(pop, labels[i])) { + new_ns_addr = ldns_pkt_rr_list_by_name_and_type(local_p, pop, LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); + } + if (!new_ns_addr || ldns_rr_list_rr_count(new_ns_addr) == 0) { + new_ns_addr = ldns_get_rr_list_addr_by_name(res, pop, c, 0); + } + if (!new_ns_addr || ldns_rr_list_rr_count(new_ns_addr) == 0) { + new_ns_addr = ldns_get_rr_list_addr_by_name(local_res, pop, c, 0); + } + + if (new_ns_addr) { + old_ns_addr = ns_addr; + ns_addr = ldns_rr_list_cat_clone(ns_addr, new_ns_addr); + ldns_rr_list_deep_free(old_ns_addr); + } + ldns_rr_list_deep_free(new_ns_addr); + } + ldns_rr_list_deep_free(new_nss); + + if (ns_addr) { + remove_resolver_nameservers(res); + + if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) != + LDNS_STATUS_OK) { + error("Error adding new nameservers"); + ldns_pkt_free(local_p); + goto done; + } + ldns_rr_list_deep_free(ns_addr); + } else { + status = ldns_verify_denial(local_p, labels[i], LDNS_RR_TYPE_NS, &nsec_rrs, &nsec_rr_sigs); + + /* verify the nsec3 themselves*/ + if (verbosity >= 4) { + printf("NSEC(3) Records to verify:\n"); + ldns_rr_list_print(stdout, nsec_rrs); + printf("With signatures:\n"); + ldns_rr_list_print(stdout, nsec_rr_sigs); + printf("correct keys:\n"); + ldns_rr_list_print(stdout, correct_key_list); + } + + if (status == LDNS_STATUS_OK) { + if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, trusted_keys, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", TRUST); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, labels[i]); + /* + if (descriptor && descriptor->_name) { + printf(" %s", descriptor->_name); + } else { + printf(" TYPE%u", t); + } + */ fprintf(stdout, " NS\n"); + } else if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, correct_key_list, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", SELF); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, labels[i]); + /* + if (descriptor && descriptor->_name) { + printf(" %s", descriptor->_name); + } else { + printf(" TYPE%u", t); + } + */ + fprintf(stdout, " NS\n"); + } else { + fprintf(stdout, "%s ", BOGUS); + result = 1; + printf(";; Error verifying denial of existence for name "); + ldns_rdf_print(stdout, labels[i]); + /* + printf(" type "); + if (descriptor && descriptor->_name) { + printf("%s", descriptor->_name); + } else { + printf("TYPE%u", t); + } + */ printf("NS: %s\n", ldns_get_errorstr_by_id(st)); + } + } else { + fprintf(stdout, "%s ", BOGUS); + result = 1; + printf(";; Error verifying denial of existence for name "); + ldns_rdf_print(stdout, labels[i]); + printf("NS: %s\n", ldns_get_errorstr_by_id(status)); + } + + /* there might be an empty non-terminal, in which case we need to continue */ + ent = false; + for (j = 0; j < ldns_rr_list_rr_count(nsec_rrs); j++) { + nsecrr = ldns_rr_list_rr(nsec_rrs, j); + /* For NSEC when the next name is a subdomain of the question */ + if (ldns_rr_get_type(nsecrr) == LDNS_RR_TYPE_NSEC && + ldns_dname_is_subdomain(ldns_rr_rdf(nsecrr, 0), labels[i])) { + ent = true; + + /* For NSEC3, the hash matches the name and the type bitmap is empty*/ + } else if (ldns_rr_get_type(nsecrr) == LDNS_RR_TYPE_NSEC3) { + hashed_name = ldns_nsec3_hash_name_frm_nsec3(nsecrr, labels[i]); + label0 = ldns_dname_label(ldns_rr_owner(nsecrr), 0); + if (hashed_name && label0 && + ldns_dname_compare(hashed_name, label0) == 0 && + ldns_nsec3_bitmap(nsecrr) == NULL) { + ent = true; + } + if (label0) { + LDNS_FREE(label0); + } + if (hashed_name) { + LDNS_FREE(hashed_name); + } + } + } + if (!ent) { + ldns_rr_list_deep_free(nsec_rrs); + ldns_rr_list_deep_free(nsec_rr_sigs); + ldns_pkt_free(local_p); + goto done; + } else { + printf(";; There is an empty non-terminal here, continue\n"); + continue; + } + } + + if (ldns_resolver_nameserver_count(res) == 0) { + error("No nameservers found for this node"); + goto done; + } + } + ldns_pkt_free(local_p); + + fprintf(stdout, ";; Domain: "); + ldns_rdf_print(stdout, labels[i]); + fprintf(stdout, "\n"); + + /* retrieve keys for current domain, and verify them + if they match an already trusted DS, or if one of the + keys used to sign these is trusted, add the keys to + the trusted list */ + p = get_dnssec_pkt(res, labels[i], LDNS_RR_TYPE_DNSKEY); + (void) get_key(p, labels[i], &key_list, &key_sig_list); + if (key_sig_list) { + if (key_list) { + current_correct_keys = ldns_rr_list_new(); + if ((st = ldns_verify(key_list, key_sig_list, key_list, current_correct_keys)) == + LDNS_STATUS_OK) { + /* add all signed keys (don't just add current_correct, you'd miss + * the zsk's then */ + for (j = 0; j < ldns_rr_list_rr_count(key_list); j++) { + ldns_rr_list_push_rr(correct_key_list, ldns_rr_clone(ldns_rr_list_rr(key_list, j))); + } + + /* check whether these keys were signed + * by a trusted keys. if so, these + * keys are also trusted */ + new_keys_trusted = false; + for (k = 0; k < ldns_rr_list_rr_count(current_correct_keys); k++) { + for (j = 0; j < ldns_rr_list_rr_count(trusted_ds_rrs); j++) { + if (ldns_rr_compare_ds(ldns_rr_list_rr(current_correct_keys, k), + ldns_rr_list_rr(trusted_ds_rrs, j))) { + new_keys_trusted = true; + } + } + } + + /* also all keys are trusted if one of the current correct keys is trusted */ + for (k = 0; k < ldns_rr_list_rr_count(current_correct_keys); k++) { + for (j = 0; j < ldns_rr_list_rr_count(trusted_keys); j++) { + if (ldns_rr_compare(ldns_rr_list_rr(current_correct_keys, k), + ldns_rr_list_rr(trusted_keys, j)) == 0) { + new_keys_trusted = true; + } + } + } + + + if (new_keys_trusted) { + ldns_rr_list_push_rr_list(trusted_keys, key_list); + print_rr_list_abbr(stdout, key_list, TRUST); + ldns_rr_list_free(key_list); + key_list = NULL; + } else { + if (verbosity >= 2) { + printf(";; Signature ok but no chain to a trusted key or ds record\n"); + } + print_rr_list_abbr(stdout, key_list, SELF); + ldns_rr_list_deep_free(key_list); + key_list = NULL; + } + } else { + print_rr_list_abbr(stdout, key_list, BOGUS); + result = 2; + ldns_rr_list_deep_free(key_list); + key_list = NULL; + } + ldns_rr_list_free(current_correct_keys); + current_correct_keys = NULL; + } else { + printf(";; No DNSKEY record found for "); + ldns_rdf_print(stdout, labels[i]); + printf("\n"); + } + } + + ldns_pkt_free(p); + ldns_rr_list_deep_free(key_sig_list); + key_sig_list = NULL; + + /* check the DS records for the next child domain */ + if (i > 1) { + p = get_dnssec_pkt(res, labels[i-1], LDNS_RR_TYPE_DS); + (void) get_ds(p, labels[i-1], &ds_list, &ds_sig_list); + if (!ds_list) { + ldns_rr_list_deep_free(ds_sig_list); + (void) get_dnssec_rr( p, labels[i-1] + , LDNS_RR_TYPE_CNAME + , &ds_list, &ds_sig_list); + if (ds_list) { + st = ldns_verify( ds_list, ds_sig_list + , correct_key_list + , current_correct_keys); + + if (st == LDNS_STATUS_OK) { + printf(";; No DS record found " + "for "); + ldns_rdf_print(stdout, + labels[i-1]); + printf(", but valid CNAME"); + } else { + printf(BOGUS " Unable to verify " + "denial of existence for "); + ldns_rdf_print(stdout, + labels[i-1]); + printf(", because of BOGUS CNAME"); + } + printf("\n"); + ldns_rr_list_deep_free(ds_sig_list); + ldns_pkt_free(p); + ldns_rr_list_deep_free(ds_list); + ds_list = NULL; + ds_sig_list = NULL; + p = NULL; + } else { + ldns_rr_list_deep_free(ds_sig_list); + ldns_pkt_free(p); + p = get_dnssec_pkt(res, name, + LDNS_RR_TYPE_DNSKEY); + (void) get_ds(p, NULL + , &ds_list, &ds_sig_list); + } + } + if (ds_sig_list) { + if (ds_list) { + if (verbosity >= 4) { + printf("VERIFYING:\n"); + printf("DS LIST:\n"); + ldns_rr_list_print(stdout, ds_list); + printf("SIGS:\n"); + ldns_rr_list_print(stdout, ds_sig_list); + printf("KEYS:\n"); + ldns_rr_list_print(stdout, correct_key_list); + } + + current_correct_keys = ldns_rr_list_new(); + + if ((st = ldns_verify(ds_list, ds_sig_list, correct_key_list, current_correct_keys)) == + LDNS_STATUS_OK) { + /* if the ds is signed by a trusted key and a key from correct keys + matches that ds, add that key to the trusted keys */ + new_keys_trusted = false; + if (verbosity >= 2) { + printf("Checking if signing key is trusted:\n"); + } + for (j = 0; j < ldns_rr_list_rr_count(current_correct_keys); j++) { + if (verbosity >= 2) { + printf("New key: "); + ldns_rr_print(stdout, ldns_rr_list_rr(current_correct_keys, j)); + } + for (k = 0; k < ldns_rr_list_rr_count(trusted_keys); k++) { + if (verbosity >= 2) { + printf("\tTrusted key: "); + ldns_rr_print(stdout, ldns_rr_list_rr(trusted_keys, k)); + } + if (ldns_rr_compare(ldns_rr_list_rr(current_correct_keys, j), + ldns_rr_list_rr(trusted_keys, k)) == 0) { + if (verbosity >= 2) { + printf("Key is now trusted!\n"); + } + for (l = 0; l < ldns_rr_list_rr_count(ds_list); l++) { + ldns_rr_list_push_rr(trusted_ds_rrs, ldns_rr_clone(ldns_rr_list_rr(ds_list, l))); + new_keys_trusted = true; + } + } + } + } + if (new_keys_trusted) { + print_rr_list_abbr(stdout, ds_list, TRUST); + } else { + print_rr_list_abbr(stdout, ds_list, SELF); + } + } else { + result = 3; + print_rr_list_abbr(stdout, ds_list, BOGUS); + } + + ldns_rr_list_free(current_correct_keys); + current_correct_keys = NULL; + } else { + /* wait apparently there were no keys either, go back to the ds packet */ + ldns_pkt_free(p); + ldns_rr_list_deep_free(ds_sig_list); + p = get_dnssec_pkt(res, labels[i-1], LDNS_RR_TYPE_DS); + (void) get_ds(p, labels[i-1], &ds_list, &ds_sig_list); + + status = ldns_verify_denial(p, labels[i-1], LDNS_RR_TYPE_DS, &nsec_rrs, &nsec_rr_sigs); + + if (verbosity >= 4) { + printf("NSEC(3) Records to verify:\n"); + ldns_rr_list_print(stdout, nsec_rrs); + printf("With signatures:\n"); + ldns_rr_list_print(stdout, nsec_rr_sigs); + printf("correct keys:\n"); + ldns_rr_list_print(stdout, correct_key_list); + } + + if (status == LDNS_STATUS_OK) { + if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, trusted_keys, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", TRUST); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, labels[i-1]); + printf(" DS"); + fprintf(stdout, "\n"); + } else if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, correct_key_list, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", SELF); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, labels[i-1]); + printf(" DS"); + fprintf(stdout, "\n"); + } else { + result = 4; + fprintf(stdout, "%s ", BOGUS); + printf("Error verifying denial of existence for "); + ldns_rdf_print(stdout, labels[i-1]); + printf(" DS"); + printf(": %s\n", ldns_get_errorstr_by_id(st)); + } + + + } else { + if (status == LDNS_STATUS_CRYPTO_NO_RRSIG) { + printf(";; No DS for "); + ldns_rdf_print(stdout, labels[i - 1]); + } else { + printf(BOGUS " Unable to verify denial of existence for "); + ldns_rdf_print(stdout, labels[i - 1]); + printf(" DS: %s\n", ldns_get_errorstr_by_id(status)); + } + } + if (verbosity >= 2) { + printf(";; No ds record for delegation\n"); + } + } + } + ldns_rr_list_deep_free(ds_list); + ldns_pkt_free(p); + } else { + /* if this is the last label, just verify the data and stop */ + p = get_dnssec_pkt(res, labels[i], t); + (void) get_dnssec_rr(p, labels[i], t, &dataset, &key_sig_list); + if (dataset && ldns_rr_list_rr_count(dataset) > 0) { + if (key_sig_list && ldns_rr_list_rr_count(key_sig_list) > 0) { + + /* If this is a wildcard, you must be able to deny exact match */ + if ((st = ldns_verify(dataset, key_sig_list, trusted_keys, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", TRUST); + ldns_rr_list_print(stdout, dataset); + } else if ((st = ldns_verify(dataset, key_sig_list, correct_key_list, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", SELF); + ldns_rr_list_print(stdout, dataset); + } else { + result = 5; + fprintf(stdout, "%s ", BOGUS); + ldns_rr_list_print(stdout, dataset); + printf(";; Error: %s\n", ldns_get_errorstr_by_id(st)); + } + } else { + fprintf(stdout, "%s ", UNSIGNED); + ldns_rr_list_print(stdout, dataset); + } + ldns_rr_list_deep_free(dataset); + } else { + status = ldns_verify_denial(p, name, t, &nsec_rrs, &nsec_rr_sigs); + if (status == LDNS_STATUS_OK) { + /* verify the nsec3 themselves*/ + if (verbosity >= 5) { + printf("NSEC(3) Records to verify:\n"); + ldns_rr_list_print(stdout, nsec_rrs); + printf("With signatures:\n"); + ldns_rr_list_print(stdout, nsec_rr_sigs); + printf("correct keys:\n"); + ldns_rr_list_print(stdout, correct_key_list); +/* + printf("trusted keys at %p:\n", trusted_keys); + ldns_rr_list_print(stdout, trusted_keys); +*/ } + + if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, trusted_keys, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", TRUST); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, name); + if (descriptor && descriptor->_name) { + printf(" %s", descriptor->_name); + } else { + printf(" TYPE%u", t); + } + fprintf(stdout, "\n"); + } else if ((st = ldns_verify(nsec_rrs, nsec_rr_sigs, correct_key_list, NULL)) == LDNS_STATUS_OK) { + fprintf(stdout, "%s ", SELF); + fprintf(stdout, "Existence denied: "); + ldns_rdf_print(stdout, name); + if (descriptor && descriptor->_name) { + printf(" %s", descriptor->_name); + } else { + printf(" TYPE%u", t); + } + fprintf(stdout, "\n"); + } else { + result = 6; + fprintf(stdout, "%s ", BOGUS); + printf("Error verifying denial of existence for "); + ldns_rdf_print(stdout, name); + printf(" type "); + if (descriptor && descriptor->_name) { + printf("%s", descriptor->_name); + } else { + printf("TYPE%u", t); + } + printf(": %s\n", ldns_get_errorstr_by_id(st)); + } + + ldns_rr_list_deep_free(nsec_rrs); + ldns_rr_list_deep_free(nsec_rr_sigs); + } else { +/* +*/ + if (status == LDNS_STATUS_CRYPTO_NO_RRSIG) { + printf("%s ", UNSIGNED); + printf("No data found for: "); + ldns_rdf_print(stdout, name); + printf(" type "); + if (descriptor && descriptor->_name) { + printf("%s", descriptor->_name); + } else { + printf("TYPE%u", t); + } + printf("\n"); + } else { + printf(BOGUS " Unable to verify denial of existence for "); + ldns_rdf_print(stdout, name); + printf(" type "); + if (descriptor && descriptor->_name) { + printf("%s", descriptor->_name); + } else { + printf("TYPE%u", t); + } + printf("\n"); + } + + } + } + ldns_pkt_free(p); + } + + new_nss = NULL; + ns_addr = NULL; + ldns_rr_list_deep_free(key_list); + key_list = NULL; + ldns_rr_list_deep_free(key_sig_list); + key_sig_list = NULL; + ds_list = NULL; + ldns_rr_list_deep_free(ds_sig_list); + ds_sig_list = NULL; + } + printf(";;" SELF " self sig OK; " BOGUS " bogus; " TRUST " trusted; " UNSIGNED " unsigned\n"); + /* verbose mode? + printf("Trusted keys:\n"); + ldns_rr_list_print(stdout, trusted_keys); + printf("trusted dss:\n"); + ldns_rr_list_print(stdout, trusted_ds_rrs); + */ + + done: + ldns_rr_list_deep_free(trusted_ds_rrs); + ldns_rr_list_deep_free(correct_key_list); + ldns_resolver_deep_free(res); + if (labels) { + for(i = 0 ; i < (ssize_t)labels_count + 2; i++) { + ldns_rdf_deep_free(labels[i]); + } + LDNS_FREE(labels); + } + return result; +} +#endif /* HAVE_SSL */ diff --git a/zonemaster-ldns/ldns/drill/work.c b/zonemaster-ldns/ldns/drill/work.c new file mode 100644 index 0000000..ce61c23 --- /dev/null +++ b/zonemaster-ldns/ldns/drill/work.c @@ -0,0 +1,261 @@ +/* + * work.c + * Where all the hard work is done + * (c) 2005 NLnet Labs + * + * See the file LICENSE for the license + * + */ + +#include "drill.h" +#include + +/** + * Converts a hex string to binary data + * len is the length of the string + * buf is the buffer to store the result in + * offset is the starting position in the result buffer + * + * This function returns the length of the result + */ +static size_t +hexstr2bin(char *hexstr, int len, uint8_t *buf, size_t offset, size_t buf_len) +{ + char c; + int i; + uint8_t int8 = 0; + int sec = 0; + size_t bufpos = 0; + + if (len % 2 != 0) { + return 0; + } + + for (i=0; i= '0' && c <= '9') { + int8 += c & 0x0f; + } else if (c >= 'a' && c <= 'z') { + int8 += (c & 0x0f) + 9; + } else if (c >= 'A' && c <= 'Z') { + int8 += (c & 0x0f) + 9; + } else { + return 0; + } + + if (sec == 0) { + int8 = int8 << 4; + sec = 1; + } else { + if (bufpos + offset + 1 <= buf_len) { + buf[bufpos+offset] = int8; + int8 = 0; + sec = 0; + bufpos++; + } else { + error("Buffer too small in hexstr2bin"); + } + } + } + } + return bufpos; +} + +static size_t +packetbuffromfile(char *filename, uint8_t *wire) +{ + FILE *fp = NULL; + int c; + + /* stat hack + * 0 = normal + * 1 = comment (skip to end of line) + * 2 = unprintable character found, read binary data directly + */ + int state = 0; + uint8_t *hexbuf = xmalloc(LDNS_MAX_PACKETLEN); + int hexbufpos = 0; + size_t wirelen; + + if (strncmp(filename, "-", 2) == 0) { + fp = stdin; + } else { + fp = fopen(filename, "r"); + } + if (fp == NULL) { + perror("Unable to open file for reading"); + xfree(hexbuf); + return 0; + } + + /*verbose("Opened %s\n", filename);*/ + + c = fgetc(fp); + while (c != EOF && hexbufpos < LDNS_MAX_PACKETLEN) { + if (state < 2 && !isascii(c)) { + /*verbose("non ascii character found in file: (%d) switching to raw mode\n", c);*/ + state = 2; + } + switch (state) { + case 0: + if ( (c >= '0' && c <= '9') || + (c >= 'a' && c <= 'f') || + (c >= 'A' && c <= 'F') ) + { + hexbuf[hexbufpos] = (uint8_t) c; + hexbufpos++; + } else if (c == ';') { + state = 1; + } else if (c == ' ' || c == '\t' || c == '\n') { + /* skip whitespace */ + } + break; + case 1: + if (c == '\n' || c == EOF) { + state = 0; + } + break; + case 2: + hexbuf[hexbufpos] = (uint8_t) c; + hexbufpos++; + break; + } + c = fgetc(fp); + } + + if (c == EOF) { + /* + if (have_drill_opt && drill_opt->verbose) { + verbose("END OF FILE REACHED\n"); + if (state < 2) { + verbose("read:\n"); + verbose("%s\n", hexbuf); + } else { + verbose("Not printing wire because it contains non ascii data\n"); + } + } + */ + } + if (hexbufpos >= LDNS_MAX_PACKETLEN) { + /*verbose("packet size reached\n");*/ + } + + /* lenient mode: length must be multiple of 2 */ + if (hexbufpos % 2 != 0) { + hexbuf[hexbufpos] = (uint8_t) '0'; + hexbufpos++; + } + + if (state < 2) { + wirelen = hexstr2bin((char *) hexbuf, + hexbufpos, + wire, + 0, + LDNS_MAX_PACKETLEN); + } else { + memcpy(wire, hexbuf, (size_t) hexbufpos); + wirelen = (size_t) hexbufpos; + } + if (fp != stdin) { + fclose(fp); + } + xfree(hexbuf); + return wirelen; +} + +ldns_buffer * +read_hex_buffer(char *filename) +{ + uint8_t *wire; + size_t wiresize; + ldns_buffer *result_buffer = NULL; + + + wire = xmalloc(LDNS_MAX_PACKETLEN); + + wiresize = packetbuffromfile(filename, wire); + + result_buffer = LDNS_MALLOC(ldns_buffer); + ldns_buffer_new_frm_data(result_buffer, wire, wiresize); + ldns_buffer_set_position(result_buffer, ldns_buffer_capacity(result_buffer)); + xfree(wire); + + return result_buffer; +} + +ldns_pkt * +read_hex_pkt(char *filename) +{ + uint8_t *wire; + size_t wiresize; + + ldns_pkt *pkt = NULL; + + ldns_status status = LDNS_STATUS_ERR; + + wire = xmalloc(LDNS_MAX_PACKETLEN); + + wiresize = packetbuffromfile(filename, wire); + + if (wiresize > 0) { + status = ldns_wire2pkt(&pkt, wire, wiresize); + } + + xfree(wire); + + if (status == LDNS_STATUS_OK) { + return pkt; + } else { + fprintf(stderr, "Error parsing hex file: %s\n", + ldns_get_errorstr_by_id(status)); + return NULL; + } +} + +void +dump_hex(const ldns_pkt *pkt, const char *filename) +{ + uint8_t *wire = NULL; + size_t size, i; + FILE *fp; + ldns_status status; + + fp = fopen(filename, "w"); + + if (fp == NULL) { + error("Unable to open %s for writing", filename); + return; + } + + status = ldns_pkt2wire(&wire, pkt, &size); + + if (status != LDNS_STATUS_OK) { + error("Unable to convert packet: error code %u", status); + LDNS_FREE(wire); + fclose(fp); + return; + } + + fprintf(fp, "; 0"); + for (i = 1; i < 20; i++) { + fprintf(fp, " %2u", (unsigned int) i); + } + fprintf(fp, "\n"); + fprintf(fp, ";--"); + for (i = 1; i < 20; i++) { + fprintf(fp, " --"); + } + fprintf(fp, "\n"); + for (i = 0; i < size; i++) { + if (i % 20 == 0 && i > 0) { + fprintf(fp, "\t;\t%4u-%4u\n", (unsigned int) i-19, (unsigned int) i); + } + fprintf(fp, " %02x", (unsigned int)wire[i]); + } + fprintf(fp, "\n"); + fclose(fp); + LDNS_FREE(wire); +} diff --git a/zonemaster-ldns/ldns/duration.c b/zonemaster-ldns/ldns/duration.c new file mode 100644 index 0000000..abff9a0 --- /dev/null +++ b/zonemaster-ldns/ldns/duration.c @@ -0,0 +1,281 @@ +/* + * $Id: duration.c 4518 2011-02-24 15:39:09Z matthijs $ + * + * Copyright (c) 2009 NLNet Labs. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR + * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY + * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE + * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER + * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN + * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + * + */ + +/** + * + * This file is copied from the OpenDNSSEC source repository + * and only slightly adapted to make it fit. + */ + +/** + * + * Durations. + */ + +#include +#include + +#include +#include +#include +#include + + +/** + * Create a new 'instant' duration. + * + */ +ldns_duration_type* +ldns_duration_create(void) +{ + ldns_duration_type* duration; + + duration = malloc(sizeof(ldns_duration_type)); + if (!duration) { + return NULL; + } + duration->years = 0; + duration->months = 0; + duration->weeks = 0; + duration->days = 0; + duration->hours = 0; + duration->minutes = 0; + duration->seconds = 0; + return duration; +} + + +/** + * Compare durations. + * + */ +int +ldns_duration_compare(const ldns_duration_type* d1, const ldns_duration_type* d2) +{ + if (!d1 && !d2) { + return 0; + } + if (!d1 || !d2) { + return d1?-1:1; + } + + if (d1->years != d2->years) { + return (int) (d1->years - d2->years); + } + if (d1->months != d2->months) { + return (int) (d1->months - d2->months); + } + if (d1->weeks != d2->weeks) { + return (int) (d1->weeks - d2->weeks); + } + if (d1->days != d2->days) { + return (int) (d1->days - d2->days); + } + if (d1->hours != d2->hours) { + return (int) (d1->hours - d2->hours); + } + if (d1->minutes != d2->minutes) { + return (int) (d1->minutes - d2->minutes); + } + if (d1->seconds != d2->seconds) { + return (int) (d1->seconds - d2->seconds); + } + + return 0; +} + + +/** + * Create a duration from string. + * + */ +ldns_duration_type* +ldns_duration_create_from_string(const char* str) +{ + ldns_duration_type* duration = ldns_duration_create(); + char* P, *X, *T, *W; + int not_weeks = 0; + + if (!duration) { + return NULL; + } + if (!str) { + return duration; + } + + P = strchr(str, 'P'); + if (!P) { + ldns_duration_cleanup(duration); + return NULL; + } + + T = strchr(str, 'T'); + X = strchr(str, 'Y'); + if (X) { + duration->years = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'M'); + if (X && (!T || (size_t) (X-P) < (size_t) (T-P))) { + duration->months = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'D'); + if (X) { + duration->days = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + if (T) { + str = T; + not_weeks = 1; + } + X = strchr(str, 'H'); + if (X && T) { + duration->hours = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strrchr(str, 'M'); + if (X && T && (size_t) (X-P) > (size_t) (T-P)) { + duration->minutes = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + X = strchr(str, 'S'); + if (X && T) { + duration->seconds = (time_t) atoi(str+1); + str = X; + not_weeks = 1; + } + + W = strchr(str, 'W'); + if (W) { + if (not_weeks) { + ldns_duration_cleanup(duration); + return NULL; + } else { + duration->weeks = (time_t) atoi(str+1); + } + } + return duration; +} + + +/** + * Helper func for ldns_duration2string below. If t > 0, + * scan print t and c on buf, forwarding buf. Return 0 on success. + */ +static inline int dur_scan_print(char **buf, char *eob, char c, time_t t) +{ + if (t > 0) { + int r = snprintf(*buf, eob - *buf, "%u%c", (unsigned)t, c); + if (r < 0 || (*buf += r) >= eob) + return -1; + } + return 0; +} + +/** + * Convert a duration to a string. + * + */ +char* +ldns_duration2string(const ldns_duration_type* d) +{ + /* Max string size should be 7 * 40 + 3 on a 127 bits machine + * So 300 (< 273) is more than enough. + */ + char buf[300] = "P0D", *eob = buf + sizeof(buf), *p = buf + 1; + + if (!d) + return NULL; + + if (dur_scan_print(&p, eob, 'Y', d->years) + || dur_scan_print(&p, eob, 'M', d->months) + || dur_scan_print(&p, eob, 'W', d->weeks) + || dur_scan_print(&p, eob, 'D', d->days)) + return NULL; + + if (d->hours || d->minutes || d->seconds) { + if (p > (eob - 2)) + return NULL; /* Error; no space left on buf for 'T' */ + + *p++ = 'T'; *p = 0; + if (dur_scan_print(&p, eob, 'H', d->hours) + || dur_scan_print(&p, eob, 'M', d->minutes) + || dur_scan_print(&p, eob, 'S', d->seconds)) + return NULL; + } + return strdup(buf); +} + + +/** + * Convert a duration to a time. + * + */ +time_t +ldns_duration2time(const ldns_duration_type* duration) +{ + time_t period = 0; + + if (duration) { + period += (duration->seconds); + period += (duration->minutes)*60; + period += (duration->hours)*3600; + period += (duration->days)*86400; + period += (duration->weeks)*86400*7; + period += (duration->months)*86400*31; + period += (duration->years)*86400*365; + + /* [TODO] calculate correct number of days in this month/year */ + /* + if (duration->months || duration->years) { + } + */ + } + return period; +} + + +/** + * Clean up duration. + * + */ +void +ldns_duration_cleanup(ldns_duration_type* duration) +{ + if (!duration) { + return; + } + free(duration); + return; +} diff --git a/zonemaster-ldns/ldns/edns.c b/zonemaster-ldns/ldns/edns.c new file mode 100644 index 0000000..18615ec --- /dev/null +++ b/zonemaster-ldns/ldns/edns.c @@ -0,0 +1,475 @@ +/* + * edns.c + * + * edns implementation + * + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2022 + * + * See the file LICENSE for the license + */ + +#include +#include + +#define LDNS_OPTIONLIST_INIT 8 + +/* + * Access functions + * functions to get and set type checking + */ + +/* read */ +size_t +ldns_edns_get_size(const ldns_edns_option *edns) +{ + assert(edns != NULL); + return edns->_size; +} + +ldns_edns_option_code +ldns_edns_get_code(const ldns_edns_option *edns) +{ + assert(edns != NULL); + return edns->_code; +} + +uint8_t * +ldns_edns_get_data(const ldns_edns_option *edns) +{ + assert(edns != NULL); + return edns->_data; +} + +ldns_status +ldns_edns_ede_get_code(const ldns_edns_option *edns, uint16_t *ede_code) +{ + assert(edns != NULL); + assert(ede_code != NULL); + + if (edns->_code != LDNS_EDNS_EDE) return LDNS_STATUS_NOT_EDE; + + if (edns->_size < 2) return LDNS_STATUS_EDE_OPTION_MALFORMED; + + *ede_code = (uint16_t) ntohs(*((uint16_t*) edns->_data)); + + return LDNS_STATUS_OK; +} + +ldns_status +ldns_edns_ede_get_text(const ldns_edns_option* edns, char **ede_text) +{ + assert(edns != NULL); + assert(ede_text != NULL); + + if (edns->_code != LDNS_EDNS_EDE) return LDNS_STATUS_NOT_EDE; + + if (edns->_size < 2) return LDNS_STATUS_EDE_OPTION_MALFORMED; + + *ede_text = NULL; + + if (edns->_size > 2) + { + *ede_text = (char*) malloc((edns->_size - 1) * sizeof(char)); + + memset(*ede_text, 0, edns->_size - 1); + memcpy(*ede_text, &((char*)edns->_data)[2], edns->_size - 2); + } + + return LDNS_STATUS_OK; +} + +ldns_buffer * +ldns_edns_get_wireformat_buffer(const ldns_edns_option *edns) +{ + uint16_t option; + size_t size; + uint8_t* data; + ldns_buffer* buffer; + + if (edns == NULL) { + return NULL; + } + + option = ldns_edns_get_code(edns); + size = ldns_edns_get_size(edns); + data = ldns_edns_get_data(edns); + + buffer = ldns_buffer_new(size + 4); + + if (buffer == NULL) { + return NULL; + } + + ldns_buffer_write_u16(buffer, option); + ldns_buffer_write_u16(buffer, size); + ldns_buffer_write(buffer, data, size); + + ldns_buffer_flip(buffer); + + return buffer; +} + +/* write */ +static void +ldns_edns_set_size(ldns_edns_option *edns, size_t size) +{ + assert(edns != NULL); + edns->_size = size; +} + +static void +ldns_edns_set_code(ldns_edns_option *edns, ldns_edns_option_code code) +{ + assert(edns != NULL); + edns->_code = code; +} + +static void +ldns_edns_set_data(ldns_edns_option *edns, void *data) +{ + /* only copy the pointer */ + assert(edns != NULL); + edns->_data = data; +} + +/* note: data must be allocated memory */ +ldns_edns_option * +ldns_edns_new(ldns_edns_option_code code, size_t size, void *data) +{ + ldns_edns_option *edns; + edns = LDNS_MALLOC(ldns_edns_option); + if (!edns) { + return NULL; + } + ldns_edns_set_code(edns, code); + ldns_edns_set_size(edns, size); + ldns_edns_set_data(edns, data); + + return edns; +} + +ldns_edns_option * +ldns_edns_new_from_data(ldns_edns_option_code code, size_t size, const void *data) +{ + ldns_edns_option *edns; + edns = LDNS_MALLOC(ldns_edns_option); + if (!edns) { + return NULL; + } + edns->_data = LDNS_XMALLOC(uint8_t, size); + if (!edns->_data) { + LDNS_FREE(edns); + return NULL; + } + + /* set the values */ + ldns_edns_set_code(edns, code); + ldns_edns_set_size(edns, size); + memcpy(edns->_data, data, size); + + return edns; +} + +ldns_edns_option * +ldns_edns_clone(ldns_edns_option *edns) +{ + ldns_edns_option *new_option; + + assert(edns != NULL); + + new_option = ldns_edns_new_from_data(ldns_edns_get_code(edns), + ldns_edns_get_size(edns), + ldns_edns_get_data(edns)); + + return new_option; +} + +void +ldns_edns_deep_free(ldns_edns_option *edns) +{ + if (edns) { + if (edns->_data) { + LDNS_FREE(edns->_data); + } + LDNS_FREE(edns); + } +} + +void +ldns_edns_free(ldns_edns_option *edns) +{ + if (edns) { + LDNS_FREE(edns); + } +} + +ldns_edns_option_list* +ldns_edns_option_list_new(void) +{ + ldns_edns_option_list *option_list = LDNS_MALLOC(ldns_edns_option_list); + if(!option_list) { + return NULL; + } + + option_list->_option_count = 0; + option_list->_option_capacity = 0; + option_list->_options_size = 0; + option_list->_options = NULL; + return option_list; +} + +ldns_edns_option_list * +ldns_edns_option_list_clone(ldns_edns_option_list *old_list) +{ + size_t i; + ldns_edns_option_list *new_list; + + if (!old_list) { + return NULL; + } + + new_list = ldns_edns_option_list_new(); + if (!new_list) { + return NULL; + } + + if (old_list->_option_count == 0) { + return new_list; + } + + /* adding options also updates the total options size */ + for (i = 0; i < old_list->_option_count; i++) { + ldns_edns_option *option = ldns_edns_clone(ldns_edns_option_list_get_option(old_list, i)); + if (!ldns_edns_option_list_push(new_list, option)) { + ldns_edns_deep_free(option); + ldns_edns_option_list_deep_free(new_list); + return NULL; + } + } + return new_list; +} + +void +ldns_edns_option_list_free(ldns_edns_option_list *option_list) +{ + if (option_list) { + LDNS_FREE(option_list->_options); + LDNS_FREE(option_list); + } +} + +void +ldns_edns_option_list_deep_free(ldns_edns_option_list *option_list) +{ + size_t i; + + if (option_list) { + for (i=0; i < ldns_edns_option_list_get_count(option_list); i++) { + ldns_edns_deep_free(ldns_edns_option_list_get_option(option_list, i)); + } + ldns_edns_option_list_free(option_list); + } +} + +size_t +ldns_edns_option_list_get_count(const ldns_edns_option_list *option_list) +{ + if (option_list) { + return option_list->_option_count; + } else { + return 0; + } +} + +ldns_edns_option * +ldns_edns_option_list_get_option(const ldns_edns_option_list *option_list, size_t index) +{ + if (option_list && index < ldns_edns_option_list_get_count(option_list)) { + assert(option_list->_options[index]); + return option_list->_options[index]; + } else { + return NULL; + } +} + +size_t +ldns_edns_option_list_get_options_size(const ldns_edns_option_list *option_list) +{ + if (option_list) { + return option_list->_options_size; + } else { + return 0; + } +} + + +ldns_edns_option * +ldns_edns_option_list_set_option(ldns_edns_option_list *option_list, + ldns_edns_option *option, size_t index) +{ + ldns_edns_option* old; + + assert(option_list != NULL); + + if (index > ldns_edns_option_list_get_count(option_list)) { + return NULL; + } + + if (option == NULL) { + return NULL; + } + + old = ldns_edns_option_list_get_option(option_list, index); + + /* shrink the total EDNS size if the old EDNS option exists */ + if (old != NULL) { + option_list->_options_size -= (ldns_edns_get_size(old) + 4); + } + + option_list->_options_size += (ldns_edns_get_size(option) + 4); + + option_list->_options[index] = option; + return old; +} + +bool +ldns_edns_option_list_push(ldns_edns_option_list *option_list, + ldns_edns_option *option) +{ + size_t cap; + size_t option_count; + + assert(option_list != NULL); + + if (option == NULL) { + return false; + } + + cap = option_list->_option_capacity; + option_count = ldns_edns_option_list_get_count(option_list); + + /* verify we need to grow the array to fit the new option */ + if (option_count+1 > cap) { + ldns_edns_option **new_list; + + /* initialize the capacity if needed, otherwise grow by doubling */ + if (cap == 0) { + cap = LDNS_OPTIONLIST_INIT; /* initial list size */ + } else { + cap *= 2; + } + + new_list = LDNS_XREALLOC(option_list->_options, + ldns_edns_option *, cap); + + if (!new_list) { + return false; + } + + option_list->_options = new_list; + option_list->_option_capacity = cap; + } + + /* add the new option */ + ldns_edns_option_list_set_option(option_list, option, + option_list->_option_count); + option_list->_option_count += 1; + + return true; +} + +ldns_edns_option * +ldns_edns_option_list_pop(ldns_edns_option_list *option_list) +{ + ldns_edns_option* pop; + size_t count; + size_t cap; + + assert(option_list != NULL); + + cap = option_list->_option_capacity; + count = ldns_edns_option_list_get_count(option_list); + + if (count == 0) { + return NULL; + } + /* get the last option from the list */ + pop = ldns_edns_option_list_get_option(option_list, count-1); + + /* shrink the array */ + if (cap > LDNS_OPTIONLIST_INIT && count-1 <= cap/2) { + ldns_edns_option **new_list; + + cap /= 2; + + new_list = LDNS_XREALLOC(option_list->_options, + ldns_edns_option *, cap); + if (new_list) { + option_list->_options = new_list; + } + /* if the realloc fails, the capacity for the list remains unchanged */ + } + + /* shrink the total EDNS size of the options if the popped EDNS option exists */ + if (pop != NULL) { + option_list->_options_size -= (ldns_edns_get_size(pop) + 4); + } + + option_list->_option_count = count - 1; + + return pop; +} + +ldns_buffer * +ldns_edns_option_list2wireformat_buffer(const ldns_edns_option_list *option_list) +{ + size_t i, list_size, options_size, option, size; + ldns_buffer* buffer; + ldns_edns_option *edns; + uint8_t* data = NULL; + + if (!option_list) { + return NULL; + } + + /* get the number of EDNS options in the list*/ + list_size = ldns_edns_option_list_get_count(option_list); + + /* create buffer the size of the total EDNS wireformat options */ + options_size = ldns_edns_option_list_get_options_size(option_list); + buffer = ldns_buffer_new(options_size); + + if (!buffer) { + return NULL; + } + + /* write individual serialized EDNS options to final buffer*/ + for (i = 0; i < list_size; i++) { + edns = ldns_edns_option_list_get_option(option_list, i); + + if (edns == NULL) { + /* this shouldn't be possible */ + return NULL; + } + + option = ldns_edns_get_code(edns); + size = ldns_edns_get_size(edns); + data = ldns_edns_get_data(edns); + + /* make sure the option fits */ + if (!(ldns_buffer_available(buffer, size + 4))) { + ldns_buffer_free(buffer); + return NULL; + } + + ldns_buffer_write_u16(buffer, option); + ldns_buffer_write_u16(buffer, size); + ldns_buffer_write(buffer, data, size); + } + + ldns_buffer_flip(buffer); + + return buffer; +} diff --git a/zonemaster-ldns/ldns/error.c b/zonemaster-ldns/ldns/error.c new file mode 100644 index 0000000..50cdc63 --- /dev/null +++ b/zonemaster-ldns/ldns/error.c @@ -0,0 +1,206 @@ +/* + * a error2str function to make sense of all the + * error codes we have laying around + * + * a Net::DNS like library for C + * LibDNS Team @ NLnet Labs + * (c) NLnet Labs, 2005-2006 + * See the file LICENSE for the license + */ + +#include + +#include + +ldns_lookup_table ldns_error_str[] = { + { LDNS_STATUS_OK, "All OK" }, + { LDNS_STATUS_EMPTY_LABEL, "Empty label" }, + { LDNS_STATUS_LABEL_OVERFLOW, "Label length overflow" }, + { LDNS_STATUS_DOMAINNAME_OVERFLOW, "Domainname length overflow" }, + { LDNS_STATUS_DOMAINNAME_UNDERFLOW, "Domainname length underflow (zero length)" }, + { LDNS_STATUS_DDD_OVERFLOW, "\\DDD sequence overflow (>255)" }, + { LDNS_STATUS_PACKET_OVERFLOW, "Packet size overflow" }, + { LDNS_STATUS_INVALID_POINTER, "Invalid compression pointer" }, + { LDNS_STATUS_MEM_ERR, "General memory error" }, + { LDNS_STATUS_INTERNAL_ERR, "Internal error, this should not happen" }, + { LDNS_STATUS_SSL_ERR, "Error in SSL library" }, + { LDNS_STATUS_ERR, "General LDNS error" }, + { LDNS_STATUS_INVALID_INT, "Conversion error, integer expected" }, + { LDNS_STATUS_INVALID_IP4, "Conversion error, ip4 addr expected" }, + { LDNS_STATUS_INVALID_IP6, "Conversion error, ip6 addr expected" }, + { LDNS_STATUS_INVALID_STR, "Conversion error, string expected" }, + { LDNS_STATUS_INVALID_B32_EXT, "Conversion error, b32 ext encoding expected" }, + { LDNS_STATUS_INVALID_B64, "Conversion error, b64 encoding expected" }, + { LDNS_STATUS_INVALID_HEX, "Conversion error, hex encoding expected" }, + { LDNS_STATUS_INVALID_TIME, "Conversion error, time encoding expected" }, + { LDNS_STATUS_NETWORK_ERR, "Could not send or receive, because of network error" }, + { LDNS_STATUS_ADDRESS_ERR, "Could not start AXFR, because of address error" }, + { LDNS_STATUS_FILE_ERR, "Could not open the files" }, + { LDNS_STATUS_UNKNOWN_INET, "Unknown address family" }, + { LDNS_STATUS_NOT_IMPL, "This function is not implemented (yet), please notify the developers - or not..." }, + { LDNS_STATUS_NULL, "Supplied value pointer null" }, + { LDNS_STATUS_CRYPTO_UNKNOWN_ALGO, "Unknown cryptographic algorithm" }, + { LDNS_STATUS_CRYPTO_ALGO_NOT_IMPL, "Cryptographic algorithm not implemented" }, + { LDNS_STATUS_CRYPTO_NO_RRSIG, "No DNSSEC signature(s)" }, + { LDNS_STATUS_CRYPTO_NO_DNSKEY, "No DNSSEC public key(s)" }, + { LDNS_STATUS_CRYPTO_TYPE_COVERED_ERR, "The signature does not cover this RRset" }, + { LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY, "No signatures found for trusted DNSSEC public key(s)" }, + { LDNS_STATUS_CRYPTO_NO_DS, "No DS record(s)" }, + { LDNS_STATUS_CRYPTO_NO_TRUSTED_DS, "Could not validate DS record(s)" }, + { LDNS_STATUS_CRYPTO_NO_MATCHING_KEYTAG_DNSKEY, "No keys with the keytag and algorithm from the RRSIG found" }, + { LDNS_STATUS_CRYPTO_VALIDATED, "Valid DNSSEC signature" }, + { LDNS_STATUS_CRYPTO_BOGUS, "Bogus DNSSEC signature" }, + { LDNS_STATUS_CRYPTO_SIG_EXPIRED, "DNSSEC signature has expired" }, + { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED, "DNSSEC signature not incepted yet" }, + { LDNS_STATUS_CRYPTO_TSIG_BOGUS, "Bogus TSIG signature" }, + { LDNS_STATUS_CRYPTO_TSIG_ERR, "Could not create TSIG signature" }, + { LDNS_STATUS_CRYPTO_EXPIRATION_BEFORE_INCEPTION, "DNSSEC signature has expiration date earlier than inception date" }, + { LDNS_STATUS_ENGINE_KEY_NOT_LOADED, "Unable to load private key from engine" }, + { LDNS_STATUS_NSEC3_ERR, "Error in NSEC3 denial of existence proof" }, + { LDNS_STATUS_RES_NO_NS, "No (valid) nameservers defined in the resolver" }, + { LDNS_STATUS_RES_QUERY, "No correct query given to resolver" }, + { LDNS_STATUS_WIRE_INCOMPLETE_HEADER, "header section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_QUESTION, "question section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_ANSWER, "answer section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_AUTHORITY, "authority section incomplete" }, + { LDNS_STATUS_WIRE_INCOMPLETE_ADDITIONAL, "additional section incomplete" }, + { LDNS_STATUS_NO_DATA, "No data" }, + { LDNS_STATUS_EXISTS_ERR, "Element already exists" }, + { LDNS_STATUS_CERT_BAD_ALGORITHM, "Bad algorithm type for CERT record" }, + { LDNS_STATUS_SYNTAX_TYPE_ERR, "Syntax error, could not parse the RR's type" }, + { LDNS_STATUS_SYNTAX_CLASS_ERR, "Syntax error, could not parse the RR's class" }, + { LDNS_STATUS_SYNTAX_TTL_ERR, "Syntax error, could not parse the RR's TTL" }, + { LDNS_STATUS_SYNTAX_INCLUDE_ERR_NOTIMPL, "Syntax error, $INCLUDE not implemented" }, + { LDNS_STATUS_SYNTAX_RDATA_ERR, "Syntax error, could not parse the RR's rdata" }, + { LDNS_STATUS_SYNTAX_DNAME_ERR, "Syntax error, could not parse the RR's dname(s)" }, + { LDNS_STATUS_SYNTAX_VERSION_ERR, "Syntax error, version mismatch" }, + { LDNS_STATUS_SYNTAX_ALG_ERR, "Syntax error, algorithm unknown or non parseable" }, + { LDNS_STATUS_SYNTAX_KEYWORD_ERR, "Syntax error, unknown keyword in input" }, + { LDNS_STATUS_SYNTAX_ERR, "Syntax error, could not parse the RR" }, + { LDNS_STATUS_SYNTAX_EMPTY, "Empty line was returned" }, + { LDNS_STATUS_SYNTAX_TTL, "$TTL directive was seen in the zone" }, + { LDNS_STATUS_SYNTAX_ORIGIN, "$ORIGIN directive was seen in the zone" }, + { LDNS_STATUS_SYNTAX_INCLUDE, "$INCLUDE directive was seen in the zone" }, + { LDNS_STATUS_SYNTAX_ITERATIONS_OVERFLOW, "Iterations count for NSEC3 record higher than maximum" }, + { LDNS_STATUS_SYNTAX_MISSING_VALUE_ERR, "Syntax error, value expected" }, + { LDNS_STATUS_SYNTAX_INTEGER_OVERFLOW, "Syntax error, integer value too large" }, + { LDNS_STATUS_SYNTAX_BAD_ESCAPE, "Syntax error, bad escape sequence" }, + { LDNS_STATUS_SOCKET_ERROR, "Error creating socket" }, + { LDNS_STATUS_DNSSEC_EXISTENCE_DENIED, "Existence denied by NSEC" }, + { LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED, "RR not covered by the given NSEC RRs" }, + { LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED, "wildcard not covered by the given NSEC RRs" }, + { LDNS_STATUS_DNSSEC_NSEC3_ORIGINAL_NOT_FOUND, "original of NSEC3 hashed name could not be found" }, + { LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG, "The RRSIG has to few rdata fields" }, + { LDNS_STATUS_MISSING_RDATA_FIELDS_KEY, "The DNSKEY has to few rdata fields" }, + { LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN, + "DNSSEC signature will expire too soon" }, + { LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN, + "DNSSEC signature not incepted long enough" }, + { LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE, + "Unknown TLSA Certificate Usage" }, + { LDNS_STATUS_DANE_UNKNOWN_SELECTOR, "Unknown TLSA Selector" }, + { LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE, + "Unknown TLSA Matching Type" }, + { LDNS_STATUS_DANE_UNKNOWN_PROTOCOL, + "Unknown protocol. Only IPv4 and IPv6 are understood" }, + { LDNS_STATUS_DANE_UNKNOWN_TRANSPORT, + "Unknown transport. Should be one of {tcp, udp, sctp}" }, + { LDNS_STATUS_DANE_MISSING_EXTRA_CERTS, /* Trust anchor assertion */ + "More than one certificate should be provided" }, + { LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED, /* Trust anchor assertion */ + "Non of the extra certificates is used to sign the first" }, + { LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE, /* Trust anchor assertion */ + "The offset was out of range" }, + { LDNS_STATUS_DANE_INSECURE, /* Unused by library */ + "The queried resource records were insecure" }, + { LDNS_STATUS_DANE_BOGUS, /* Unused by library */ + "The queried resource records were bogus" }, + { LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH, + "The TLSA record(s) " + "did not match with the server certificate (chain)" }, + { LDNS_STATUS_DANE_NON_CA_CERTIFICATE, + "The certificate was not a CA certificate" }, + { LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE, + "Could not PKIX validate" }, + { LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR, + "The validation path " + "did not end in a self-signed certificate" }, + { LDNS_STATUS_INVALID_ILNP64, + "Conversion error, 4 colon separated hex numbers expected" }, + { LDNS_STATUS_INVALID_EUI48, + "Conversion error, 6 two character hex numbers " + "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx" }, + { LDNS_STATUS_INVALID_EUI64, + "Conversion error, 8 two character hex numbers " + "separated by dashes expected (i.e. xx-xx-xx-xx-xx-xx-xx-xx" }, + { LDNS_STATUS_WIRE_RDATA_ERR, "invalid rdata in wire format" }, + { LDNS_STATUS_INVALID_TAG, + "Conversion error, a non-zero sequence of US-ASCII letters " + "and numbers in lower case expected" }, + { LDNS_STATUS_TYPE_NOT_IN_BITMAP, + "The RR type bitmap rdata field did not have " + "a bit reserved for the specific RR type" }, + { LDNS_STATUS_INVALID_RDF_TYPE, + "The rdata field was not of the expected type" }, + { LDNS_STATUS_RDATA_OVERFLOW, "Rdata size overflow" }, + { LDNS_STATUS_SYNTAX_SUPERFLUOUS_TEXT_ERR, + "Syntax error, superfluous text present" }, + { LDNS_STATUS_NSEC3_DOMAINNAME_OVERFLOW, + "The NSEC3 domainname length overflow" }, +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) + { LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA, + "ldns needs to be linked with OpenSSL >= 1.1.0 to be able " + "to verify the DANE-TA usage type." }, +#else + { LDNS_STATUS_DANE_NEED_OPENSSL_GE_1_1_FOR_DANE_TA, + "ldns depends on the availability of the SSL_get0_dane() and " + "X509_STORE_CTX_set0_dane() functions within OpenSSL >= 1.1.0 " + "to be able to verify the DANE-TA usage type." }, +#endif + { LDNS_STATUS_ZONEMD_DOUBLE_OCCURRENCE, "A ZONEMD with the same " + " and hash algorithm occurred more than once." }, + { LDNS_STATUS_ZONEMD_UNKNOWN_SCHEME, "Unknown ZONEMD " }, + { LDNS_STATUS_ZONEMD_UNKNOWN_HASH, "Unknown ZONEMD hash algorithm" }, + { LDNS_STATUS_ZONEMD_INVALID_SOA, + "Missing or invalid SOA to associate with ZONEMD RR" }, + { LDNS_STATUS_NO_ZONEMD, + "NSEC(3) RRs indicate that a ZONEMD exists, " + "but it is not found in the zone" }, + { LDNS_STATUS_NO_VALID_ZONEMD, + "No ZONEMD matching the zone data was found" }, + { LDNS_STATUS_SYNTAX_SVCPARAM_KEY_ERR, "Syntax error in a key in " + "the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_SYNTAX_SVCPARAM_VALUE_ERR, "Syntax error in a value in " + "the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_RESERVED_SVCPARAM_KEY, + "key65535 is reserved and MUST NOT be used " + "in the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_NO_SVCPARAM_VALUE_EXPECTED, + "A value was found for a key that SHOULD not have a value " + "in the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_SVCPARAM_KEY_MORE_THAN_ONCE, + "A key was found more than once " + "in the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_INVALID_SVCPARAM_VALUE, + "Invalid wireformat of a value " + "in the ServiceParam rdata field of SVCB or HTTPS RR" }, + { LDNS_STATUS_NOT_EDE, + "The EDNS option is not an extended error code" }, + { LDNS_STATUS_EDE_OPTION_MALFORMED, + "The extended error code option is malformed, expected " + "at least 2 bytes of option data" }, + { 0, NULL } +}; + +const char * +ldns_get_errorstr_by_id(ldns_status err) +{ + ldns_lookup_table *lt; + + lt = ldns_lookup_by_id(ldns_error_str, err); + + if (lt) { + return lt->name; + } + return NULL; +} diff --git a/zonemaster-ldns/ldns/examples/README b/zonemaster-ldns/ldns/examples/README new file mode 100644 index 0000000..f84fe9d --- /dev/null +++ b/zonemaster-ldns/ldns/examples/README @@ -0,0 +1,5 @@ +These tools are examples of ldns usage. They are not meant for production +systems and will not be supported as such. + +Compilation: +autoreconf && ./configure && make diff --git a/zonemaster-ldns/ldns/examples/fake-rfc2553.h b/zonemaster-ldns/ldns/examples/fake-rfc2553.h new file mode 100644 index 0000000..1e9add1 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/fake-rfc2553.h @@ -0,0 +1,175 @@ +/* From openssh 4.3p2 filename openbsd-compat/fake-rfc2553.h */ +/* + * Copyright (C) 2000-2003 Damien Miller. All rights reserved. + * Copyright (C) 1999 WIDE Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. Neither the name of the project nor the names of its contributors + * may be used to endorse or promote products derived from this software + * without specific prior written permission. + * + * THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + */ + +/* + * Pseudo-implementation of RFC2553 name / address resolution functions + * + * But these functions are not implemented correctly. The minimum subset + * is implemented for ssh use only. For example, this routine assumes + * that ai_family is AF_INET. Don't use it for another purpose. + */ + +#ifndef _FAKE_RFC2553_H +#define _FAKE_RFC2553_H + +#include +#include +#include +#include + +/* + * First, socket and INET6 related definitions + */ +#ifndef HAVE_STRUCT_SOCKADDR_STORAGE +#ifndef _SS_MAXSIZE +# define _SS_MAXSIZE 128 /* Implementation specific max size */ +# define _SS_PADSIZE (_SS_MAXSIZE - sizeof (struct sockaddr)) +struct sockaddr_storage { + struct sockaddr ss_sa; + char __ss_pad2[_SS_PADSIZE]; +}; +# define ss_family ss_sa.sa_family +#endif /* _SS_MAXSIZE */ +#endif /* !HAVE_STRUCT_SOCKADDR_STORAGE */ + +#ifndef IN6_IS_ADDR_LOOPBACK +# define IN6_IS_ADDR_LOOPBACK(a) \ + (((uint32_t *)(a))[0] == 0 && ((uint32_t *)(a))[1] == 0 && \ + ((uint32_t *)(a))[2] == 0 && ((uint32_t *)(a))[3] == htonl(1)) +#endif /* !IN6_IS_ADDR_LOOPBACK */ + +#ifndef HAVE_STRUCT_IN6_ADDR +struct in6_addr { + uint8_t s6_addr[16]; +}; +#endif /* !HAVE_STRUCT_IN6_ADDR */ + +#ifndef HAVE_STRUCT_SOCKADDR_IN6 +struct sockaddr_in6 { + unsigned short sin6_family; + uint16_t sin6_port; + uint32_t sin6_flowinfo; + struct in6_addr sin6_addr; +}; +#endif /* !HAVE_STRUCT_SOCKADDR_IN6 */ + +#ifndef AF_INET6 +/* Define it to something that should never appear */ +#define AF_INET6 AF_MAX +#endif + +/* + * Next, RFC2553 name / address resolution API + */ + +#ifndef NI_NUMERICHOST +# define NI_NUMERICHOST (1) +#endif +#ifndef NI_NAMEREQD +# define NI_NAMEREQD (1<<1) +#endif +#ifndef NI_NUMERICSERV +# define NI_NUMERICSERV (1<<2) +#endif + +#ifndef AI_PASSIVE +# define AI_PASSIVE (1) +#endif +#ifndef AI_CANONNAME +# define AI_CANONNAME (1<<1) +#endif +#ifndef AI_NUMERICHOST +# define AI_NUMERICHOST (1<<2) +#endif + +#ifndef NI_MAXSERV +# define NI_MAXSERV 32 +#endif /* !NI_MAXSERV */ +#ifndef NI_MAXHOST +# define NI_MAXHOST 1025 +#endif /* !NI_MAXHOST */ + +#ifndef INT_MAX +#define INT_MAX 0xffffffff +#endif + +#ifndef EAI_NODATA +# define EAI_NODATA (INT_MAX - 1) +#endif +#ifndef EAI_MEMORY +# define EAI_MEMORY (INT_MAX - 2) +#endif +#ifndef EAI_NONAME +# define EAI_NONAME (INT_MAX - 3) +#endif +#ifndef EAI_SYSTEM +# define EAI_SYSTEM (INT_MAX - 4) +#endif + +#ifndef HAVE_STRUCT_ADDRINFO +struct addrinfo { + int ai_flags; /* AI_PASSIVE, AI_CANONNAME */ + int ai_family; /* PF_xxx */ + int ai_socktype; /* SOCK_xxx */ + int ai_protocol; /* 0 or IPPROTO_xxx for IPv4 and IPv6 */ + size_t ai_addrlen; /* length of ai_addr */ + char *ai_canonname; /* canonical name for hostname */ + struct sockaddr *ai_addr; /* binary address */ + struct addrinfo *ai_next; /* next structure in linked list */ +}; +#endif /* !HAVE_STRUCT_ADDRINFO */ + +#ifndef HAVE_GETADDRINFO +#ifdef getaddrinfo +# undef getaddrinfo +#endif +#define getaddrinfo(a,b,c,d) (ssh_getaddrinfo(a,b,c,d)) +int getaddrinfo(const char *, const char *, + const struct addrinfo *, struct addrinfo **); +#endif /* !HAVE_GETADDRINFO */ + +#if !defined(HAVE_GAI_STRERROR) && !defined(HAVE_CONST_GAI_STRERROR_PROTO) +#define gai_strerror(a) (ssh_gai_strerror(a)) +char *gai_strerror(int); +#endif /* !HAVE_GAI_STRERROR */ + +#ifndef HAVE_FREEADDRINFO +#define freeaddrinfo(a) (ssh_freeaddrinfo(a)) +void freeaddrinfo(struct addrinfo *); +#endif /* !HAVE_FREEADDRINFO */ + +#ifndef HAVE_GETNAMEINFO +#define getnameinfo(a,b,c,d,e,f,g) (ssh_getnameinfo(a,b,c,d,e,f,g)) +int getnameinfo(const struct sockaddr *, size_t, char *, size_t, + char *, size_t, int); +#endif /* !HAVE_GETNAMEINFO */ + +#endif /* !_FAKE_RFC2553_H */ + diff --git a/zonemaster-ldns/ldns/examples/ldns-chaos.1 b/zonemaster-ldns/ldns/examples/ldns-chaos.1 new file mode 100644 index 0000000..6cb7a94 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-chaos.1 @@ -0,0 +1,26 @@ +.TH ldns-chaos 1 "27 Apr 2005" +.SH NAME +ldns-chaos \- give some information about a nameserver +.SH SYNOPSIS +.B ldns-chaos +.IR NAMESERVER + +.SH DESCRIPTION +\fBldns-chaos\fR retrieves all the addresses of the nameserver and then queries +each address for its \fIversion.bind\fR and \fIhostname.bind\fR. +.PP +\fBldns-chaos\fR is a bit more complex than \fBldns-mx\fR. + +.SH OPTIONS +\fBldns-chaos\fR has no options. + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-chaos.c b/zonemaster-ldns/ldns/examples/ldns-chaos.c new file mode 100644 index 0000000..a1e1b79 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-chaos.c @@ -0,0 +1,125 @@ +/* + * chaos is a small programs that prints some information + * about a nameserver + * + * (c) NLnet Labs, 2005 - 2008 + * + * See the file LICENSE for the license + */ + +#include "config.h" + +#include + +static int +usage(FILE *fp, char *prog) { + fprintf(fp, "%s server\n", prog); + fprintf(fp, " print out some information about server\n"); + return 0; +} + +int +main(int argc, char *argv[]) +{ + ldns_resolver *res; + ldns_rdf *name; + ldns_rdf *version, *id; + ldns_pkt *p; + ldns_rr_list *addr; + ldns_rr_list *info; + ldns_status s; + ldns_rdf *pop; + size_t i; + + if (argc != 2) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } else { + /* create a rdf from the command line arg */ + name = ldns_dname_new_frm_str(argv[1]); + if (!name) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } + } + + /* create rdf for what we are going to ask */ + version = ldns_dname_new_frm_str("version.bind"); + id = ldns_dname_new_frm_str("hostname.bind"); + + /* create a new resolver from /etc/resolv.conf */ + s = ldns_resolver_new_frm_file(&res, NULL); + if (s != LDNS_STATUS_OK) { + ldns_rdf_deep_free(name); + exit(EXIT_FAILURE); + } + ldns_resolver_set_retry(res, 1); /* don't want to wait too long */ + + /* use the resolver to send it a query for the a/aaaa of name */ + addr = ldns_get_rr_list_addr_by_name(res, name, LDNS_RR_CLASS_IN, LDNS_RD); + if (!addr) { + fprintf(stderr, " *** could not get an address for %s\n", argv[1]); + ldns_rdf_deep_free(name); + ldns_resolver_deep_free(res); + exit(EXIT_FAILURE); + } + + /* remove current list of nameservers from resolver */ + while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } + + + /* can be multihomed */ + for(i = 0; i < ldns_rr_list_rr_count(addr); i++) { + if (i > 0) { + fprintf(stdout, "\n"); + } + + if (ldns_resolver_push_nameserver_rr(res, + ldns_rr_list_rr(addr, i)) != LDNS_STATUS_OK) { + printf("Error adding nameserver to resolver\n"); + } + + ldns_rr_print(stdout, ldns_rr_list_rr(addr, i)); + fprintf(stdout, "\n"); + + p = ldns_resolver_query(res, version, LDNS_RR_TYPE_TXT, + LDNS_RR_CLASS_CH, LDNS_RD); + if (p) { + ldns_pkt_print(stdout, p); + info = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_TXT, LDNS_SECTION_ANSWER); + + if (info) { + ldns_rr_list_print(stdout, info); + ldns_rr_list_deep_free(info); + } else { + printf(" *** version retrieval failed\n"); + } + ldns_pkt_free(p); + } else { + printf(" *** query failed\n"); + } + + p = ldns_resolver_query(res, id, LDNS_RR_TYPE_TXT, + LDNS_RR_CLASS_CH, LDNS_RD); + if (p) { + info = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_TXT, LDNS_SECTION_ANSWER); + if (info) { + ldns_rr_list_print(stdout, info); + ldns_rr_list_deep_free(info); + } else { + printf(" *** id retrieval failed\n"); + } + ldns_pkt_free(p); + } else { + printf(" *** query failed for\n"); + } + ldns_rdf_deep_free(ldns_resolver_pop_nameserver(res)); + + } + + ldns_rdf_deep_free(name); + ldns_resolver_deep_free(res); + exit(EXIT_SUCCESS); +} diff --git a/zonemaster-ldns/ldns/examples/ldns-compare-zones.1 b/zonemaster-ldns/ldns/examples/ldns-compare-zones.1 new file mode 100644 index 0000000..5a4a579 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-compare-zones.1 @@ -0,0 +1,71 @@ +.TH ldns-compare-zones 1 "17 Oct 2007" +.SH NAME +ldns-compare-zones \- read and compare two zonefiles and print differences +.SH SYNOPSIS +.B ldns-compare-zones +.IR [-c] +.IR [-U] +.IR [-u] +.IR [-i] +.IR [-d] +.IR [-z] +.IR [-s] +.IR ZONEFILE1 +.IR ZONEFILE2 +.SH DESCRIPTION +\fBldns-compare-zones\fR reads two DNS zone files and prints number of differences. +.nf +Output is formatted to: + +NUM_INS \-NUM_DEL ~NUM_CHG + +Except with the \fI-U\fR or \fI-u\fR option. Then the output is formatted to: + +NUM_INS \-NUM_DEL ~NUM_CHG =NUM_EQ + +.fi +The major comparison is based on the owner name. If an owner name is present in zonefile 1, but not in zonefile 2, the resource records with this owner name are considered deleted, and counted as NUM_DEL. If an owner name is present in zonefile 2, but not in zonefile 1, the resource records with this owner name are considered inserted, and counted as NUM_INS. If an owner name is present in both, but there is a difference in the amount or content of the records, these are considered changed, and counted as NUM_CHG. +.SH OPTIONS +.TP +\fB-c\fR +Print resource records whose owner names are in both zone files, but with different resource records. (a.k.a. changed) +.TP +\fB-U\fR +From resource records whose owner names are in both zone files, but with different resource records, print the unchanged records too (a.k.a. changed++). +.TP +\fB-u\fR +Print resource records whose owner names are in both zone files, and which resource records are the same. (a.k.a. unchanged) +.TP +\fB-i\fR +Print resource records whose owner names are present only in ZONEFILE2 (a.k.a. inserted) +.TP +\fB-d\fR +Print resource records whose owner names are present only in ZONEFILE1 (a.k.a. deleted) +.TP +\fB-a\fR +Print all changes (except unchanged). Specifying this option is the same as specifying \-c \-i +and \-d. +.TP +\fB-z\fR +Suppress zone sorting; this option is not recommended; it can cause records +to be incorrectly marked as changed, depending of the nature of the changes. +.TP +\fB-s\fR +Do not exclude the SOA record from the comparison. The SOA record may +then show up as changed due to a new serial number. Off by default since +you may be interested to know if (other zone apex elements) have changed. +.TP +\fB-e\fR +Exit with status code 2 when zones differ. +.TP +\fB-h\fR +Show usage and exit +.TP +\fB-v\fR +Show the version and exit +.SH AUTHOR +Written by Ondřej Surý for CZ.NIC, z.s.p.o. (czech domain registry) +.SH REPORTING BUGS +Report bugs to . +.SH COPYRIGHT +Copyright (C) 2005 CZ.NIC, z.s.p.o.. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-compare-zones.c b/zonemaster-ldns/ldns/examples/ldns-compare-zones.c new file mode 100644 index 0000000..750a845 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-compare-zones.c @@ -0,0 +1,361 @@ +/* + * ldns-compare-zones compares two zone files + * + * Written by Ondrej Sury in 2007 + * + * Modified a bit by NLnet Labs. + * + * See the file LICENSE for the license + */ + +#include "config.h" +#include +#include +#include +#include + +#include + +#include + +#define OP_INS '+' +#define OP_DEL '-' +#define OP_CHG '~' +#define OP_EQ '=' + +static void +usage(char *prog) +{ + printf("Usage: %s [-v] [-i] [-d] [-c] [-u] [-s] [-e] " + " \n", prog); + printf(" -i - print inserted\n"); + printf(" -d - print deleted\n"); + printf(" -c - print changed\n"); + printf(" -u - print unchanged\n"); + printf(" -U - print unchanged records in changed names\n"); + printf(" -a - print all differences (-i -d -c)\n"); + printf(" -s - do not exclude SOA record from comparison\n"); + printf(" -z - do not sort zones\n"); + printf(" -e - exit with status 2 on changed zones\n"); + printf(" -h - show usage and exit\n"); + printf(" -v - show the version and exit\n"); +} + +int +main(int argc, char **argv) +{ + char *fn1, *fn2; + FILE *fp1, *fp2; + ldns_zone *z1, *z2; + ldns_status s; + size_t i , j; + size_t k , l; + size_t nc1 , nc2; + ldns_rr_list *rrl1, *rrl2; + int rr_cmp, rr_chg = 0; + ldns_rr *rr1 = NULL, *rr2 = NULL, *rrx = NULL; + int line_nr1 = 0, line_nr2 = 0; + size_t rrc1 , rrc2; + size_t num_ins = 0, num_del = 0, num_chg = 0, num_eq = 0; + int c; + bool opt_deleted = false, opt_inserted = false; + bool opt_changed = false, opt_unchanged = false, opt_Unchanged = false; + bool sort = true, inc_soa = false; + bool opt_exit_status = false; + char op = 0; + + while ((c = getopt(argc, argv, "ahvdicuUesz")) != -1) { + switch (c) { + case 'h': + usage(argv[0]); + exit(EXIT_SUCCESS); + break; + case 'v': + printf("%s version %s (ldns version %s)\n", + argv[0], + LDNS_VERSION, + ldns_version()); + exit(EXIT_SUCCESS); + break; + case 'e': + opt_exit_status = true; + break; + case 's': + inc_soa = true; + break; + case 'z': + sort = false; + break; + case 'd': + opt_deleted = true; + break; + case 'i': + opt_inserted = true; + break; + case 'c': + opt_changed = true; + break; + + case 'u': + opt_unchanged = true; + opt_Unchanged = true; + break; + + case 'U': + opt_Unchanged = true; + opt_changed = true; + break; + + case 'a': + opt_deleted = true; + opt_inserted = true; + opt_changed = true; + break; + } + } + + argc -= optind; + argv += optind; + + if (argc != 2) { + argv -= optind; + usage(argv[0]); + exit(EXIT_FAILURE); + } + fn1 = argv[0]; + fp1 = fopen(fn1, "r"); + if (!fp1) { + fprintf(stderr, "Unable to open %s: %s\n", fn1, strerror(errno)); + exit(EXIT_FAILURE); + } + /* Read first zone */ + s = ldns_zone_new_frm_fp_l(&z1, fp1, NULL, 0, + LDNS_RR_CLASS_IN, &line_nr1); + if (s != LDNS_STATUS_OK) { + fclose(fp1); + fprintf(stderr, "%s: %s at line %d\n", + fn1, + ldns_get_errorstr_by_id(s), + line_nr1); + exit(EXIT_FAILURE); + } + fclose(fp1); + + fn2 = argv[1]; + fp2 = fopen(fn2, "r"); + if (!fp2) { + fprintf(stderr, "Unable to open %s: %s\n", fn2, strerror(errno)); + exit(EXIT_FAILURE); + } + /* Read second zone */ + s = ldns_zone_new_frm_fp_l(&z2, fp2, NULL, 0, + LDNS_RR_CLASS_IN, &line_nr2); + if (s != LDNS_STATUS_OK) { + ldns_zone_deep_free(z1); + fclose(fp2); + fprintf(stderr, "%s: %s at line %d\n", + fn2, + ldns_get_errorstr_by_id(s), + line_nr2); + exit(EXIT_FAILURE); + } + fclose(fp2); + + rrl1 = ldns_zone_rrs(z1); + rrc1 = ldns_rr_list_rr_count(rrl1); + + rrl2 = ldns_zone_rrs(z2); + rrc2 = ldns_rr_list_rr_count(rrl2); + + if (sort) { + /* canonicalize zone 1 */ + ldns_rr2canonical(ldns_zone_soa(z1)); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z1)); i++) { + ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z1), i)); + } + /* sort zone 1 */ + ldns_zone_sort(z1); + /* canonicalize zone 2 */ + ldns_rr2canonical(ldns_zone_soa(z2)); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z2)); i++) { + ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z2), i)); + } + /* sort zone 2 */ + ldns_zone_sort(z2); + } + + if(inc_soa) { + ldns_rr_list* wsoa = ldns_rr_list_new(); + ldns_rr_list_push_rr(wsoa, ldns_zone_soa(z1)); + ldns_rr_list_cat(wsoa, rrl1); + rrl1 = wsoa; + rrc1 = ldns_rr_list_rr_count(rrl1); + wsoa = ldns_rr_list_new(); + ldns_rr_list_push_rr(wsoa, ldns_zone_soa(z2)); + ldns_rr_list_cat(wsoa, rrl2); + rrl2 = wsoa; + rrc2 = ldns_rr_list_rr_count(rrl2); + if(sort) { + ldns_rr_list_sort(rrl1); + ldns_rr_list_sort(rrl2); + } + } + + /* + * Walk through both zones. The previously seen resource record is + * kept (in the variable rrx) so that we can recognize when we are + * handling a new owner name. If the owner name changes, we have to + * set the operator again. + */ + for (i = 0, j = 0; i < rrc1 || j < rrc2;) { + rr_cmp = 0; + if (i < rrc1 && j < rrc2) { + rr1 = ldns_rr_list_rr(rrl1, i); + rr2 = ldns_rr_list_rr(rrl2, j); + rr_cmp = ldns_rr_compare(rr1, rr2); + + rr_chg = ldns_dname_compare(ldns_rr_owner(rr1), + ldns_rr_owner(rr2)); + } else if (i >= rrc1) { + /* we have reached the end of zone 1, so the current record + * from zone 2 automatically sorts higher + */ + rr1 = NULL; + rr2 = ldns_rr_list_rr(rrl2, j); + rr_chg = rr_cmp = 1; + } else if (j >= rrc2) { + /* we have reached the end of zone 2, so the current record + * from zone 1 automatically sorts lower + */ + rr1 = ldns_rr_list_rr(rrl1, i); + rr2 = NULL; + rr_chg = rr_cmp = -1; + } + if (rr_cmp < 0) { + if ((rrx != NULL) && (ldns_dname_compare(ldns_rr_owner(rr1), + ldns_rr_owner(rrx) + ) != 0)) { + /* The owner name is different, forget previous rr */ + rrx = NULL; + } + if (rrx == NULL) { + if (rr_chg == 0) { + num_chg++; + op = OP_CHG; + } else { + num_del++; + op = OP_DEL; + } + rrx = rr1; + } + if (((op == OP_DEL) && opt_deleted) || + ((op == OP_CHG) && opt_changed)) { + printf("%c-", op); + ldns_rr_print(stdout, rr1); + } + i++; + } else if (rr_cmp > 0) { + if ((rrx != NULL) && (ldns_dname_compare(ldns_rr_owner(rr2), + ldns_rr_owner(rrx) + ) != 0)) { + rrx = NULL; + } + if (rrx == NULL) { + if (rr_chg == 0) { + num_chg++; + op = OP_CHG; + } else { + num_ins++; + op = OP_INS; + } + /* remember this rr for it's name in the next iteration */ + rrx = rr2; + } + if (((op == OP_INS) && opt_inserted) || + ((op == OP_CHG) && opt_changed)) { + printf("%c+", op); + ldns_rr_print(stdout, rr2); + } + j++; + } else { + if ((rrx != NULL) && (ldns_dname_compare(ldns_rr_owner(rr1), + ldns_rr_owner(rrx) + ) != 0)) { + rrx = NULL; + } + if (rrx == NULL) { + rrx = rr1; + + /* Are all rrs with this name equal? */ + for ( k = i + 1 + ; k < rrc1 && + ldns_dname_compare(ldns_rr_owner(rr1), + ldns_rr_owner(ldns_rr_list_rr(rrl1, k))) == 0 + ; k++); + + + for ( l = j + 1 + ; l < rrc2 && + ldns_dname_compare(ldns_rr_owner(rr2), + ldns_rr_owner(ldns_rr_list_rr(rrl2, l))) == 0 + ; l++); + + if ((k - i) != (l - j)) { + op = OP_CHG; + num_chg++; + } else { + nc1 = k - i; + nc2 = l - j; + for ( k = i + 1, l = j + 1 + ; (k - i) < nc1 && (l - j) < nc2 && + ldns_rr_compare(ldns_rr_list_rr(rrl1, k), + ldns_rr_list_rr(rrl2, l)) == 0 + ; k++, l++); + if ((k - i) < nc1) { + op = OP_CHG; + num_chg++; + } else { + op = OP_EQ; + num_eq++; + } + } + } + if (((op == OP_EQ ) && opt_unchanged) || + ((op == OP_CHG) && opt_Unchanged && opt_changed)) { + printf("%c=", op); + ldns_rr_print(stdout, rr1); + } + i++; + j++; + } + } + + if (opt_unchanged || opt_Unchanged) + printf("\t%c%u\t%c%u\t%c%u\t%c%u\n", + OP_INS, + (unsigned int) num_ins, + OP_DEL, + (unsigned int) num_del, + OP_CHG, + (unsigned int) num_chg, + OP_EQ, + (unsigned int) num_eq); + else + printf("\t%c%u\t%c%u\t%c%u\n", + OP_INS, + (unsigned int) num_ins, + OP_DEL, + (unsigned int) num_del, + OP_CHG, + (unsigned int) num_chg); + + /* Free resources */ + if(inc_soa) { + ldns_rr_list_free(rrl1); + ldns_rr_list_free(rrl2); + } + ldns_zone_deep_free(z2); + ldns_zone_deep_free(z1); + + return opt_exit_status && (num_ins || num_del || num_chg) ? 2 : 0; +} diff --git a/zonemaster-ldns/ldns/examples/ldns-dane.1.in b/zonemaster-ldns/ldns/examples/ldns-dane.1.in new file mode 100644 index 0000000..e87c27c --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-dane.1.in @@ -0,0 +1,179 @@ +.TH ldns-dane 1 "17 September 2012" +.SH NAME +ldns-dane \- verify or create TLS authentication with DANE (RFC6698) +.SH SYNOPSIS +.PD 0 +.B ldns-dane +.IR [OPTIONS] +.IR verify +.IR name +.IR port +.PP +.B ldns-dane +.IR [OPTIONS] +.IR -t +.IR tlsafile +.IR verify + +.B ldns-dane +.IR [OPTIONS] +.IR create +.IR name +.IR port +.PP + [ +.IR Certificate-usage +[ +.IR Selector +[ +.IR Matching-type +] ] ] + +.B ldns-dane +.IR -h +.PP +.B ldns-dane +.IR -v +.PD 1 + +.SH DESCRIPTION + +In the first form: +A TLS connection to \fIname\fR:\fIport\fR is established. +The TLSA resource record(s) for \fIname\fR are used to authenticate +the connection. + +In the second form: +The TLSA record(s) are read from \fItlsafile\fR and used to authenticate +the TLS service they reference. + +In the third form: +A TLS connection to \fIname\fR:\fIport\fR is established and used to +create the TLSA resource record(s) that would authenticate the connection. +The parameters for TLSA rr creation are: + +.PD 0 +.I Certificate-usage\fR: +.RS +.IP "0 | PKIX-TA" +CA constraint +.IP "1 | PKIX-EE" +Service certificate constraint +.IP "2 | DANE-TA" +Trust anchor assertion +.IP "3 | DANE-EE" +Domain-issued certificate (default) +.RE + +.I Selector\fR: +.RS +.IP "0 | Cert" +Full certificate +.IP "1 | SPKI" +SubjectPublicKeyInfo (default) +.RE + +.I Matching-type\fR: +.RS +.IP "0 | Full" +No hash used +.IP "1 | SHA2-256" +SHA-256 (default) +.IP "2 | SHA2-512" +SHA-512 +.RE +.PD 1 + +.SH OPTIONS +.IP -4 +TLS connect IPv4 only +.IP -6 +TLS connect IPv6 only +.IP "-a \fIaddress\fR" +Don't try to resolve \fIname\fR, but connect to \fIaddress\fR instead. + +This option may be given more than once. +.IP -b +print "\fIname\fR\. TYPE52 \\# \fIsize\fR \fIhexdata\fR" form instead +of TLSA presentation format. +.IP "-c \fIcertfile\fR" +Do not TLS connect to \fIname\fR:\fIport\fR, but authenticate (or make +TLSA records) for the certificate (chain) in \fIcertfile\fR instead. +.IP -d +Assume DNSSEC validity even when the TLSA records were acquired insecure +or were bogus. +.IP "-f \fICAfile\fR" +Use CAfile to validate. @DEFAULT_CAFILE@ +.IP -h +Print short usage help +.IP -i +Interact after connecting. +.IP "-k \fIkeyfile\fR" +Specify a file that contains a trusted DNSKEY or DS rr. +Key(s) are used when chasing signatures (i.e. \fI-S\fR is given). + +This option may be given more than once. + +Alternatively, if \fB-k\fR is not specified, and a default trust anchor +(@LDNS_TRUST_ANCHOR_FILE@) exists and contains a valid DNSKEY or DS record, +it will be used as the trust anchor. +.IP -n +Do \fBnot\fR verify server name in certificate. +.IP "-o \fIoffset\fR" +When creating a "Trust anchor assertion" TLSA resource record, +select the \fIoffset\fRth certificate offset from the end +of the validation chain. 0 means the last certificate, 1 the one but last, +2 the second but last, etc. + +When \fIoffset\fR is \-1 (the default), the last certificate +is used (like with 0) that MUST be self-signed. This can help to make +sure that the intended (self signed) trust anchor is actually present +in the server certificate chain (which is a DANE requirement). +.IP "-p \fICApath\fR" +Use certificates in the \fICApath\fR directory to validate. @DEFAULT_CAPATH@ +.IP -s +When creating TLSA resource records with the "CA Constraint" and the +"Service Certificate Constraint" certificate usage, do not validate and +assume PKIX is valid. + +For "CA Constraint" this means that verification should end with a +self-signed certificate. +.IP -S +Chase signature(s) to a known key. + +Without this option, the local network is trusted to provide +a DNSSEC resolver (i.e. AD bit is checked). +.IP "-t \fItlsafile\fR" +Read TLSA record(s) from \fItlsafile\fR. When \fIname\fR and \fIport\fR +are also given, only TLSA records that match the \fIname\fR, \fIport\fR and +\fItransport\fR are used. Otherwise the owner name of the TLSA record(s) +will be used to determine \fIname\fR, \fIport\fR and \fItransport\fR. +.IP -T +Return exit status 2 for PKIX validated connections without (secure) +TLSA records(s) +.IP -u +Use UDP transport instead of TCP. +.IP -v +Show version and exit. + +.SH "FILES" +.TP +@LDNS_TRUST_ANCHOR_FILE@ +The file from which trusted keys are loaded for signature chasing, +when no \fB-k\fR option is given. + +.SH "SEE ALSO" +.LP +unbound-anchor(8) + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2012 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. + diff --git a/zonemaster-ldns/ldns/examples/ldns-dane.c b/zonemaster-ldns/ldns/examples/ldns-dane.c new file mode 100644 index 0000000..58bdc2f --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-dane.c @@ -0,0 +1,2053 @@ +/* + * Verify or create TLS authentication with DANE (RFC6698) + * + * (c) NLnetLabs 2012 + * + * See the file LICENSE for the license. + * + * wish list: + * - nicer reporting (tracing of evaluation process) + * - verbosity levels + * - STARTTLS support + */ + +#include "config.h" +#include +#include +#include + +#ifdef HAVE_NETINET_IN_H +#include +#endif +#ifdef HAVE_SYS_SOCKET_H +#include +#endif +#ifdef HAVE_NETDB_H +#include +#endif +#ifdef HAVE_ARPA_INET_H +#include +#endif +#include +#include +#include + +#include + +#ifdef USE_DANE +#ifdef HAVE_SSL +#include +#include +#include + +#ifndef IPPROTO_SCTP +#define IPPROTO_SCTP 132 +#endif + +#define LDNS_ERR(code, msg) do { if (code != LDNS_STATUS_OK) \ + ldns_err(msg, code); } while (false) +#define MEMERR(msg) do { fprintf(stderr, "memory error in %s\n", msg); \ + exit(EXIT_FAILURE); } while (false) +#define BUFSIZE 16384 + +/* Exit status on a PKIX validated connection but without TLSA records + * when the -T option was given: + */ +#define NO_TLSAS_EXIT_STATUS 2 + +/* int verbosity = 3; */ + +static void +print_usage(const char* progname) +{ +#ifdef USE_DANE_VERIFY + printf("Usage: %s [OPTIONS] verify \n", progname); + printf(" or: %s [OPTIONS] -t verify\n", progname); + printf("\n\tVerify the TLS connection at : or" + "\n\tuse TLSA record(s) from to verify the\n" + "\tTLS service they reference.\n"); + printf("\n or: %s [OPTIONS] create [ " +#else + printf("Usage: %s [OPTIONS] create [ " +#endif + "[ []]]\n", progname); + printf("\n\tUse the TLS connection(s) to " + "to create the TLSA\n\t" + "resource record(s) that would " + "authenticate the connection.\n"); + printf("\n\t" + "\t\t0 | PKIX-TA : CA constraint\n" + "\t\t\t1 | PKIX-EE : Service certificate constraint\n" + "\t\t\t2 | DANE-TA : Trust anchor assertion\n" + "\t\t\t3 | DANE-EE : Domain-issued certificate " + "(default)\n"); + printf("\n\t" + "\t0 | Cert : Full certificate\n" + "\t\t\t1 | SPKI : SubjectPublicKeyInfo " + "(default)\n"); + printf("\n\t" + "\t\t0 | Full : No hash used\n" + "\t\t\t1 | SHA2-256 : SHA-256 (default)\n" + "\t\t\t2 | SHA2-512 : SHA-512\n"); + + printf("OPTIONS:\n"); + printf("\t-h\t\tshow this text\n"); + printf("\t-4\t\tTLS connect IPv4 only\n"); + printf("\t-6\t\tTLS connect IPv6 only\n"); + printf("\t-r
\t" + "use resolver at
instead of local resolver\n"); + printf("\t-a
\t" + "don't resolve , but connect to
(es)\n"); + printf("\t-b\t\t" + "print \". TYPE52 \\# \" form\n" + ); + printf("\t-c \t" + "verify or create TLSA records for the\n" + "\t\t\tcertificate (chain) in \n" + ); + printf("\t-d\t\tassume DNSSEC validity even when insecure or bogus\n"); + printf("\t-f \tuse CAfile to validate\n"); +#if HAVE_DANE_CA_FILE + printf("\t\t\tDefault is %s\n", LDNS_DANE_CA_FILE); +#endif + printf("\t-i\t\tinteract after connecting\n"); + printf("\t-k \t" + "use DNSKEY/DS rr(s) in to validate TLSAs\n" + "\t\t\twhen signature chasing (i.e. -S)\n" + ); + printf("\t\t\tDefault is %s\n", LDNS_TRUST_ANCHOR_FILE); + printf("\t-n\t\tdo *not* verify server name in certificate\n"); + printf("\t-o \t" + "select th certificate from the end of\n" + "\t\t\tthe validation chain. -1 means self-signed at end\n" + ); + printf("\t-p \t" + "use certificates in the directory to validate\n" + ); +#if HAVE_DANE_CA_PATH + printf("\t\t\tDefaults is %s\n", LDNS_DANE_CA_PATH); +#endif + printf("\t-s\t\tassume PKIX validity\n"); + printf("\t-S\t\tChase signature(s) to a known key\n"); + printf("\t-t \tdo not use DNS, " + "but read TLSA record(s) from \n" + ); + printf("\t-T\t\tReturn exit status 2 for PKIX validated connections\n" + "\t\t\twithout (secure) TLSA records(s)\n"); + printf("\t-u\t\tuse UDP transport instead of TCP\n"); + printf("\t-v\t\tshow version and exit\n"); + /* printf("\t-V [0-5]\tset verbosity level (default 3)\n"); */ + exit(EXIT_SUCCESS); +} + +static int +dane_int_within_range(const char* arg, int max, const char* name) +{ + char* endptr; /* utility var for strtol usage */ + int val = strtol(arg, &endptr, 10); + + if ((val < 0 || val > max) + || (errno != 0 && val == 0) /* out of range */ + || endptr == arg /* no digits */ + || *endptr != '\0' /* more chars */ + ) { + fprintf(stderr, "<%s> should be in range [0-%d]\n", name, max); + exit(EXIT_FAILURE); + } + return val; +} + +struct dane_param_choice_struct { + const char* name; + int number; +}; +typedef struct dane_param_choice_struct dane_param_choice; + +dane_param_choice dane_certificate_usage_table[] = { + { "PKIX-TA" , 0 }, + { "CA constraint" , 0 }, + { "CA-constraint" , 0 }, + { "PKIX-EE" , 1 }, + { "Service certificate constraint" , 1 }, + { "Service-certificate-constraint" , 1 }, + { "DANE-TA" , 2 }, + { "Trust anchor assertion" , 2 }, + { "Trust-anchor-assertion" , 2 }, + { "anchor" , 2 }, + { "DANE-EE" , 3 }, + { "Domain-issued certificate" , 3 }, + { "Domain-issued-certificate" , 3 }, + { "PrivCert" , 255 }, + { NULL, -1 } +}; + +dane_param_choice dane_selector_table[] = { + { "Cert" , 0 }, + { "Full certificate" , 0 }, + { "Full-certificate" , 0 }, + { "certificate" , 0 }, + { "SPKI" , 1 }, + { "SubjectPublicKeyInfo", 1 }, + { "PublicKey" , 1 }, + { "pubkey" , 1 }, + { "key" , 1 }, + { "PrivSel" , 255 }, + { NULL, -1 } +}; + +dane_param_choice dane_matching_type_table[] = { + { "Full" , 0 }, + { "no-hash-used" , 0 }, + { "no hash used" , 0 }, + { "SHA2-256" , 1 }, + { "sha256" , 1 }, + { "sha-256" , 1 }, + { "SHA2-512" , 2 }, + { "sha512" , 2 }, + { "sha-512" , 2 }, + { "PrivMatch" , 255 }, + { NULL, -1 } +}; + +static int +dane_int_within_range_table(const char* arg, int max, const char* name, + dane_param_choice table[]) +{ + dane_param_choice* t; + + if (*arg) { + for (t = table; t->name; t++) { + if (strncasecmp(arg, t->name, strlen(arg)) == 0) { + return t->number; + } + } + } + return dane_int_within_range(arg, max, name); +} + +static void +ssl_err(const char* s) +{ + fprintf(stderr, "error: %s\n", s); + ERR_print_errors_fp(stderr); + exit(EXIT_FAILURE); +} + +static void +ldns_err(const char* s, ldns_status err) +{ + if (err == LDNS_STATUS_SSL_ERR) { + ssl_err(s); + } else { + fprintf(stderr, "%s: %s\n", s, ldns_get_errorstr_by_id(err)); + exit(EXIT_FAILURE); + } +} + +static ldns_status +ssl_connect_and_get_cert_chain( + X509** cert, STACK_OF(X509)** extra_certs, + SSL* ssl, const char* name_str, + ldns_rdf* address, uint16_t port, + ldns_dane_transport transport) +{ + struct sockaddr_storage *a = NULL; + size_t a_len = 0; + int sock; + int r; + + assert(cert != NULL); + assert(extra_certs != NULL); + + a = ldns_rdf2native_sockaddr_storage(address, port, &a_len); + switch (transport) { + case LDNS_DANE_TRANSPORT_TCP: + + sock = socket((int)((struct sockaddr*)a)->sa_family, + SOCK_STREAM, IPPROTO_TCP); + break; + + case LDNS_DANE_TRANSPORT_UDP: + + sock = socket((int)((struct sockaddr*)a)->sa_family, + SOCK_DGRAM, IPPROTO_UDP); + break; + + case LDNS_DANE_TRANSPORT_SCTP: + + sock = socket((int)((struct sockaddr*)a)->sa_family, + SOCK_STREAM, IPPROTO_SCTP); + break; + + default: + LDNS_FREE(a); + return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT; + } + if (sock == -1) { + LDNS_FREE(a); + return LDNS_STATUS_NETWORK_ERR; + } + if (connect(sock, (struct sockaddr*)a, (socklen_t)a_len) == -1) { + LDNS_FREE(a); + return LDNS_STATUS_NETWORK_ERR; + } + LDNS_FREE(a); + if (! SSL_clear(ssl)) { + close(sock); + fprintf(stderr, "SSL_clear\n"); + return LDNS_STATUS_SSL_ERR; + } +#ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME + (void) SSL_set_tlsext_host_name(ssl, name_str); +#endif + SSL_set_connect_state(ssl); + (void) SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY); + if (! SSL_set_fd(ssl, sock)) { + close(sock); + fprintf(stderr, "SSL_set_fd\n"); + return LDNS_STATUS_SSL_ERR; + } + for (;;) { + ERR_clear_error(); + if ((r = SSL_do_handshake(ssl)) == 1) { + break; + } + r = SSL_get_error(ssl, r); + if (r != SSL_ERROR_WANT_READ && r != SSL_ERROR_WANT_WRITE) { + fprintf(stderr, "handshaking SSL_get_error: %d\n", r); + return LDNS_STATUS_SSL_ERR; + } + } + *cert = SSL_get_peer_certificate(ssl); + *extra_certs = SSL_get_peer_cert_chain(ssl); + + return LDNS_STATUS_OK; +} + + +#ifdef USE_DANE_VERIFY +static void +ssl_interact(SSL* ssl) +{ + fd_set rfds; + int maxfd; + int sock; + int r; + + char buf[BUFSIZE]; + char* bufptr; + int to_write; + int written; + + sock = SSL_get_fd(ssl); + if (sock == -1) { + return; + } + maxfd = (STDIN_FILENO > sock ? STDIN_FILENO : sock) + 1; + for (;;) { +#ifndef S_SPLINT_S + FD_ZERO(&rfds); +#endif /* splint */ + FD_SET(sock, &rfds); + FD_SET(STDIN_FILENO, &rfds); + + r = select(maxfd, &rfds, NULL, NULL, NULL); + if (r == -1) { + perror("select"); + break; + } + if (FD_ISSET(sock, &rfds)) { + to_write = SSL_read(ssl, buf, BUFSIZE); + if (to_write <= 0) { + r = SSL_get_error(ssl, to_write); + if (r != SSL_ERROR_ZERO_RETURN) { + fprintf(stderr, + "reading SSL_get_error:" + " %d\n", r); + } + break; + } + bufptr = buf; + while (to_write > 0) { + written = (int) fwrite(bufptr, 1, + (size_t) to_write, stdout); + if (written == 0) { + perror("fwrite"); + break; + } + to_write -= written; + bufptr += written; + } + } /* if (FD_ISSET(sock, &rfds)) */ + + if (FD_ISSET(STDIN_FILENO, &rfds)) { + to_write = (int) read(STDIN_FILENO, buf, BUFSIZE - 1); + if (to_write <= 0) { + if (to_write == -1) { + perror("read"); + } + break; + } + if (buf[to_write - 1] == '\n') { + buf[to_write - 1] = '\r'; + buf[to_write ] = '\n'; + to_write += 1; + } + bufptr = buf; + while (to_write > 0) { + written = SSL_write(ssl, bufptr, to_write); + if (written <= 0) { + r = SSL_get_error(ssl, to_write); + if (r != SSL_ERROR_ZERO_RETURN) { + fprintf(stderr, + "writing SSL_get_error" + ": %d\n", r); + } + break; + } + to_write -= written; + bufptr += written; + } + } /* if (FD_ISSET(STDIN_FILENO, &rfds)) */ + + } /* for (;;) */ +} +#endif /* USE_DANE_VERIFY */ + + +static ldns_rr_list* +rr_list_filter_rr_type(ldns_rr_list* l, ldns_rr_type t) +{ + size_t i; + ldns_rr* rr; + ldns_rr_list* r = ldns_rr_list_new(); + + if (r == NULL) { + return r; + } + for (i = 0; i < ldns_rr_list_rr_count(l); i++) { + rr = ldns_rr_list_rr(l, i); + if (ldns_rr_get_type(rr) == t) { + if (! ldns_rr_list_push_rr(r, rr)) { + ldns_rr_list_free(r); + return NULL; + } + } + } + return r; +} + + +/* Return a copy of the list of tlsa records where the usage types + * "CA constraint" are replaced with "Trust anchor assertion" and the usage + * types "Service certificate constraint" are replaced with + * "Domain-issued certificate". + * + * This to check what would happen if PKIX validation was successful always. + */ +static ldns_rr_list* +dane_no_pkix_transform(const ldns_rr_list* tlas) +{ + size_t i; + ldns_rr* rr; + ldns_rr* new_rr; + ldns_rdf* rdf; + ldns_rr_list* r = ldns_rr_list_new(); + + if (r == NULL) { + return r; + } + for (i = 0; i < ldns_rr_list_rr_count(tlas); i++) { + rr = ldns_rr_list_rr(tlas, i); + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_TLSA) { + + new_rr = ldns_rr_clone(rr); + if (!new_rr) { + ldns_rr_list_deep_free(r); + return NULL; + } + switch(ldns_rdf2native_int8(ldns_rr_rdf(new_rr, 0))) { + + case LDNS_TLSA_USAGE_CA_CONSTRAINT: + + rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, + (uint8_t) LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION); + if (! rdf) { + ldns_rr_free(new_rr); + ldns_rr_list_deep_free(r); + return NULL; + } + (void) ldns_rr_set_rdf(new_rr, rdf, 0); + break; + + + case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT: + + rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, + (uint8_t) LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE); + if (! rdf) { + ldns_rr_free(new_rr); + ldns_rr_list_deep_free(r); + return NULL; + } + (void) ldns_rr_set_rdf(new_rr, rdf, 0); + break; + + + default: + break; + } + if (! ldns_rr_list_push_rr(r, new_rr)) { + ldns_rr_free(new_rr); + ldns_rr_list_deep_free(r); + return NULL; + } + } + } + return r; +} + +static void +print_rr_as_TYPEXXX(FILE* out, ldns_rr* rr) +{ + size_t i, sz; + ldns_status s; + ldns_buffer* buf = ldns_buffer_new(LDNS_MAX_PACKETLEN); + char* str; + + ldns_buffer_clear(buf); + s = ldns_rdf2buffer_str_dname(buf, ldns_rr_owner(rr)); + LDNS_ERR(s, "could not ldns_rdf2buffer_str_dname"); + ldns_buffer_printf(buf, "\t%d", ldns_rr_ttl(rr)); + ldns_buffer_printf(buf, "\t"); + s = ldns_rr_class2buffer_str(buf, ldns_rr_get_class(rr)); + LDNS_ERR(s, "could not ldns_rr_class2buffer_str"); + ldns_buffer_printf(buf, "\tTYPE%d", ldns_rr_get_type(rr)); + sz = 0; + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + sz += ldns_rdf_size(ldns_rr_rdf(rr, i)); + } + ldns_buffer_printf(buf, "\t\\# %d ", sz); + for (i = 0; i < ldns_rr_rd_count(rr); i++) { + s = ldns_rdf2buffer_str_hex(buf, ldns_rr_rdf(rr, i)); + LDNS_ERR(s, "could not ldns_rdf2buffer_str_hex"); + } + str = ldns_buffer_export2str(buf); + ldns_buffer_free(buf); + fprintf(out, "%s\n", str); + LDNS_FREE(str); +} + +static void +print_rr_list_as_TYPEXXX(FILE* out, ldns_rr_list* l) +{ + size_t i; + + for (i = 0; i < ldns_rr_list_rr_count(l); i++) { + print_rr_as_TYPEXXX(out, ldns_rr_list_rr(l, i)); + } +} + +static ldns_status +read_key_file(const char *filename, ldns_rr_list *keys) +{ + ldns_status status = LDNS_STATUS_ERR; + ldns_rr *rr; + FILE *fp; + uint32_t my_ttl = 0; + ldns_rdf *my_origin = NULL; + ldns_rdf *my_prev = NULL; + int line_nr; + + if (!(fp = fopen(filename, "r"))) { + return LDNS_STATUS_FILE_ERR; + } + while (!feof(fp)) { + status = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, + &my_prev, &line_nr); + + if (status == LDNS_STATUS_OK) { + + if ( ldns_rr_get_type(rr) == LDNS_RR_TYPE_DS + || ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY) + + ldns_rr_list_push_rr(keys, rr); + + } else if ( status == LDNS_STATUS_SYNTAX_EMPTY + || status == LDNS_STATUS_SYNTAX_TTL + || status == LDNS_STATUS_SYNTAX_ORIGIN + || status == LDNS_STATUS_SYNTAX_INCLUDE) + + status = LDNS_STATUS_OK; + else + break; + } + fclose(fp); + return status; +} + + +static ldns_status +dane_setup_resolver(ldns_resolver** res, ldns_rdf* nameserver_addr, + ldns_rr_list* keys, bool dnssec_off) +{ + ldns_status s = LDNS_STATUS_OK; + + assert(res != NULL); + + if (nameserver_addr) { + *res = ldns_resolver_new(); + if (*res) { + s = ldns_resolver_push_nameserver(*res, nameserver_addr); + } else { + s = LDNS_STATUS_MEM_ERR; + } + } else { + s = ldns_resolver_new_frm_file(res, NULL); + } + if (s == LDNS_STATUS_OK) { + ldns_resolver_set_dnssec(*res, ! dnssec_off); + + if (keys && ldns_rr_list_rr_count(keys) > 0) { + /* anchors must trigger signature chasing */ + ldns_resolver_set_dnssec_anchors(*res, keys); + ldns_resolver_set_dnssec_cd(*res, true); + } + } + return s; +} + + +static ldns_status +dane_query(ldns_rr_list** rrs, ldns_resolver* r, + ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, + bool insecure_is_ok) +{ + ldns_pkt* p = NULL; + ldns_rr_list* keys = NULL; + ldns_rr_list* rrsigs = NULL; + ldns_rdf* signame = NULL; + ldns_status s; + + assert(rrs != NULL); + + p = ldns_resolver_query(r, name, t, c, LDNS_RD); + if (! p) { + return LDNS_STATUS_MEM_ERR; + } + *rrs = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANSWER); + + if (! ldns_resolver_dnssec(r)) { /* DNSSEC explicitly disabled, + anything goes */ + ldns_pkt_free(p); + return LDNS_STATUS_OK; + } + if (ldns_rr_list_rr_count(*rrs) == 0) { /* assert(*rrs == NULL) */ + + if (ldns_pkt_get_rcode(p) == LDNS_RCODE_SERVFAIL) { + + ldns_pkt_free(p); + return LDNS_STATUS_DANE_BOGUS; + } else { + ldns_pkt_free(p); + return LDNS_STATUS_OK; + } + } + /* We have answers and we have dnssec. */ + + if (! ldns_pkt_cd(p)) { /* we act as stub resolver (no sigchase) */ + + if (! ldns_pkt_ad(p)) { /* Not secure */ + + goto insecure; + } + ldns_pkt_free(p); + return LDNS_STATUS_OK; + } + + /* sigchase */ + + /* TODO: handle cname reference check */ + + rrsigs = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_RRSIG, + LDNS_SECTION_ANSWER); + + if (! rrsigs || ldns_rr_list_rr_count(rrsigs) == 0) { + goto insecure; + } + + signame = ldns_rr_rrsig_signame(ldns_rr_list_rr(rrsigs, 0)); + if (! signame) { + s = LDNS_STATUS_ERR; + goto error; + } + /* First try with the keys we already have */ + s = ldns_verify(*rrs, rrsigs, ldns_resolver_dnssec_anchors(r), NULL); + if (s == LDNS_STATUS_OK) { + goto cleanup; + } + /* Fetch the necessary keys and recheck */ + keys = ldns_fetch_valid_domain_keys(r, signame, + ldns_resolver_dnssec_anchors(r), &s); + + if (s != LDNS_STATUS_OK) { + goto error; + } + if (ldns_rr_list_rr_count(keys) == 0) { /* An insecure island */ + goto insecure; + } + s = ldns_verify(*rrs, rrsigs, keys, NULL); + switch (s) { + case LDNS_STATUS_CRYPTO_BOGUS: goto bogus; + case LDNS_STATUS_OK : goto cleanup; + default : break; + } +insecure: + s = LDNS_STATUS_DANE_INSECURE; +bogus: + if (! insecure_is_ok) { +error: + ldns_rr_list_deep_free(*rrs); + *rrs = ldns_rr_list_new(); + } +cleanup: + if (keys) { + ldns_rr_list_deep_free(keys); + } + if (rrsigs) { + ldns_rr_list_deep_free(rrsigs); + } + ldns_pkt_free(p); + return s; +} + + +static ldns_rr_list* +dane_lookup_addresses(ldns_resolver* res, ldns_rdf* dname, + int ai_family) +{ + ldns_status s; + ldns_rr_list *as = NULL; + ldns_rr_list *aaas = NULL; + ldns_rr_list *r = ldns_rr_list_new(); + + if (r == NULL) { + MEMERR("ldns_rr_list_new"); + } + if (ai_family == AF_UNSPEC || ai_family == AF_INET) { + + s = dane_query(&as, res, + dname, LDNS_RR_TYPE_A, LDNS_RR_CLASS_IN, + true); + + if (s == LDNS_STATUS_DANE_INSECURE && + ldns_rr_list_rr_count(as) > 0) { + fprintf(stderr, "Warning! Insecure IPv4 addresses. " + "Continuing with them...\n"); + + } else if (s == LDNS_STATUS_DANE_BOGUS || + LDNS_STATUS_CRYPTO_BOGUS == s) { + fprintf(stderr, "Warning! Bogus IPv4 addresses. " + "Discarding...\n"); + ldns_rr_list_deep_free(as); + as = ldns_rr_list_new(); + + } else if (s != LDNS_STATUS_OK) { + LDNS_ERR(s, "dane_query"); + + } + if (! ldns_rr_list_push_rr_list(r, as)) { + MEMERR("ldns_rr_list_push_rr_list"); + } + } + if (ai_family == AF_UNSPEC || ai_family == AF_INET6) { + + s = dane_query(&aaas, res, + dname, LDNS_RR_TYPE_AAAA, LDNS_RR_CLASS_IN, + true); + + if (s == LDNS_STATUS_DANE_INSECURE && + ldns_rr_list_rr_count(aaas) > 0) { + fprintf(stderr, "Warning! Insecure IPv6 addresses. " + "Continuing with them...\n"); + + } else if (s == LDNS_STATUS_DANE_BOGUS || + LDNS_STATUS_CRYPTO_BOGUS == s) { + fprintf(stderr, "Warning! Bogus IPv6 addresses. " + "Discarding...\n"); + ldns_rr_list_deep_free(aaas); + aaas = ldns_rr_list_new(); + + } else if (s != LDNS_STATUS_OK) { + LDNS_ERR(s, "dane_query"); + + } + if (! ldns_rr_list_push_rr_list(r, aaas)) { + MEMERR("ldns_rr_list_push_rr_list"); + } + } + return r; +} + +static ldns_status +dane_read_tlsas_from_file(ldns_rr_list** tlsas, + char* filename, ldns_rdf* origin) +{ + FILE* fp = NULL; + ldns_rr* rr = NULL; + ldns_rdf *my_origin = NULL; + ldns_rdf *my_prev = NULL; + ldns_rdf *origin_lc = NULL; + int line_nr; + ldns_status s = LDNS_STATUS_MEM_ERR; + + assert(tlsas != NULL); + assert(filename != NULL); + + if (strcmp(filename, "-") == 0) { + fp = stdin; + } else { + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s: %s\n", + filename, strerror(errno)); + exit(EXIT_FAILURE); + } + } + if (origin) { + my_origin = ldns_rdf_clone(origin); + if (! my_origin) { + goto error; + } + my_prev = ldns_rdf_clone(origin); + if (! my_prev) { + goto error; + } + origin_lc = ldns_rdf_clone(origin); + if (! origin_lc) { + goto error; + } + ldns_dname2canonical(origin_lc); + } + *tlsas = ldns_rr_list_new(); + if (! *tlsas) { + goto error; + } + while (! feof(fp)) { + s = ldns_rr_new_frm_fp_l(&rr, fp, NULL, + &my_origin, &my_prev, &line_nr); + if (s != LDNS_STATUS_OK) { + goto error; + } + if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_TLSA) { + ldns_dname2canonical(ldns_rr_owner(rr)); + if (! origin || ldns_dname_compare(ldns_rr_owner(rr), + origin_lc) == 0) { + if (ldns_rr_list_push_rr(*tlsas, rr)) { + continue; + } else { + s = LDNS_STATUS_MEM_ERR; + goto error; + } + } + } + ldns_rr_free(rr); + } + + ldns_rdf_deep_free(origin_lc); + ldns_rdf_deep_free(my_prev); + ldns_rdf_deep_free(my_origin); + fclose(fp); + + return LDNS_STATUS_OK; + +error: + if (*tlsas) { + ldns_rr_list_deep_free(*tlsas); + *tlsas = NULL; + } + if (origin_lc) { + ldns_rdf_deep_free(origin_lc); + } + if (my_prev) { + ldns_rdf_deep_free(my_prev); + } + if (my_origin) { + ldns_rdf_deep_free(my_origin); + } + if (fp && fp != stdin) { + fclose(fp); + } + return s; +} + +static bool +dane_wildcard_label_cmp(uint8_t iw, const char* w, uint8_t il, const char* l) +{ + if (iw == 0) { /* End of match label */ + if (il == 0) { /* And end in the to be matched label */ + return true; + } + return false; + } + do { + if (*w == '*') { + if (iw == 1) { /* '*' is the last match char, + remainder matches wildcard */ + return true; + } + while (il > 0) { /* more to match? */ + + if (w[1] == *l) { /* Char after '*' matches. + * Recursion for backtracking + */ + if (dane_wildcard_label_cmp( + iw - 1, w + 1, + il , l)) { + return true; + } + } + l += 1; + il -= 1; + } + } + /* Skip up till next wildcard (if possible) */ + while (il > 0 && iw > 0 && *w != '*' && *w == *l) { + w += 1; + l += 1; + il -= 1; + iw -= 1; + } + } while (iw > 0 && *w == '*' && /* More to match a next wildcard? */ + (il > 0 || iw == 1)); + + return iw == 0 && il == 0; +} + +static bool +dane_label_matches_label(ldns_rdf* w, ldns_rdf* l) +{ + uint8_t iw; + uint8_t il; + + iw = ldns_rdf_data(w)[0]; + il = ldns_rdf_data(l)[0]; + return dane_wildcard_label_cmp( + iw, (const char*)ldns_rdf_data(w) + 1, + il, (const char*)ldns_rdf_data(l) + 1); +} + +static bool +dane_name_matches_server_name(const char* name_str, ldns_rdf* server_name) +{ + ldns_rdf* name; + uint8_t nn, ns, i; + ldns_rdf* ln; + ldns_rdf* ls; + + name = ldns_dname_new_frm_str((const char*)name_str); + if (! name) { + LDNS_ERR(LDNS_STATUS_ERR, "ldns_dname_new_frm_str"); + } + nn = ldns_dname_label_count(name); + ns = ldns_dname_label_count(server_name); + if (nn != ns) { + ldns_rdf_free(name); + return false; + } + ldns_dname2canonical(name); + for (i = 0; i < nn; i++) { + ln = ldns_dname_label(name, i); + if (! ln) { + return false; + } + ls = ldns_dname_label(server_name, i); + if (! ls) { + ldns_rdf_free(ln); + return false; + } + if (! dane_label_matches_label(ln, ls)) { + ldns_rdf_free(ln); + ldns_rdf_free(ls); + return false; + } + ldns_rdf_free(ln); + ldns_rdf_free(ls); + } + return true; +} + +static bool +dane_X509_any_subject_alt_name_matches_server_name( + X509 *cert, ldns_rdf* server_name) +{ + GENERAL_NAMES* names; + GENERAL_NAME* name; + unsigned char* subject_alt_name_str = NULL; + int i, n; + + names = X509_get_ext_d2i(cert, NID_subject_alt_name, 0, 0 ); + if (! names) { /* No subjectAltName extension */ + return false; + } + n = sk_GENERAL_NAME_num(names); + for (i = 0; i < n; i++) { + name = sk_GENERAL_NAME_value(names, i); + if (name->type == GEN_DNS) { + (void) ASN1_STRING_to_UTF8(&subject_alt_name_str, + name->d.dNSName); + if (subject_alt_name_str) { + if (dane_name_matches_server_name((char*) + subject_alt_name_str, + server_name)) { + OPENSSL_free(subject_alt_name_str); + return true; + } + OPENSSL_free(subject_alt_name_str); + } + } + } + /* sk_GENERAL_NAMES_pop_free(names, sk_GENERAL_NAME_free); */ + return false; +} + +static bool +dane_X509_subject_name_matches_server_name(X509 *cert, ldns_rdf* server_name) +{ + X509_NAME* subject_name; + int i; + X509_NAME_ENTRY* entry; + ASN1_STRING* entry_data; + unsigned char* subject_name_str = NULL; + bool r; + + subject_name = X509_get_subject_name(cert); + if (! subject_name ) { + ssl_err("could not X509_get_subject_name"); + } + i = X509_NAME_get_index_by_NID(subject_name, NID_commonName, -1); + entry = X509_NAME_get_entry(subject_name, i); + entry_data = X509_NAME_ENTRY_get_data(entry); + (void) ASN1_STRING_to_UTF8(&subject_name_str, entry_data); + if (subject_name_str) { + r = dane_name_matches_server_name( + (char*)subject_name_str, server_name); + OPENSSL_free(subject_name_str); + return r; + } else { + return false; + } +} + +static bool +dane_verify_server_name(X509* cert, ldns_rdf* server_name) +{ + ldns_rdf* server_name_lc; + bool r; + server_name_lc = ldns_rdf_clone(server_name); + if (! server_name_lc) { + LDNS_ERR(LDNS_STATUS_MEM_ERR, "ldns_rdf_clone"); + } + ldns_dname2canonical(server_name_lc); + r = dane_X509_any_subject_alt_name_matches_server_name( + cert, server_name_lc) || + dane_X509_subject_name_matches_server_name( + cert, server_name_lc); + ldns_rdf_free(server_name_lc); + return r; +} + +static void +dane_create(ldns_rr_list* tlsas, ldns_rdf* tlsa_owner, + ldns_tlsa_certificate_usage certificate_usage, int offset, + ldns_tlsa_selector selector, + ldns_tlsa_matching_type matching_type, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* validate_store, + bool verify_server_name, ldns_rdf* name) +{ + ldns_status s; + X509* selected_cert; + ldns_rr* tlsa_rr; + + if (verify_server_name && ! dane_verify_server_name(cert, name)) { + fprintf(stderr, "The certificate does not match the " + "server name\n"); + exit(EXIT_FAILURE); + } + + s = ldns_dane_select_certificate(&selected_cert, + cert, extra_certs, validate_store, + certificate_usage, offset); + LDNS_ERR(s, "could not select certificate"); + + s = ldns_dane_create_tlsa_rr(&tlsa_rr, + certificate_usage, selector, matching_type, + selected_cert); + LDNS_ERR(s, "could not create tlsa rr"); + + ldns_rr_set_owner(tlsa_rr, ldns_rdf_clone(tlsa_owner)); + + if (! ldns_rr_list_contains_rr(tlsas, tlsa_rr)) { + if (! ldns_rr_list_push_rr(tlsas, tlsa_rr)) { + MEMERR("ldns_rr_list_push_rr"); + } + } +} + +#if defined(USE_DANE_VERIFY) && ( OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) ) +static bool +dane_verify(ldns_rr_list* tlsas, ldns_rdf* address, + X509* cert, STACK_OF(X509)* extra_certs, + X509_STORE* validate_store, + bool verify_server_name, ldns_rdf* name, + bool assume_pkix_validity) +{ + ldns_status s; + char* address_str = NULL; + + s = ldns_dane_verify(tlsas, cert, extra_certs, validate_store); + if (address) { + address_str = ldns_rdf2str(address); + fprintf(stdout, "%s", address_str ? address_str : "
"); + free(address_str); + } else { + X509_NAME_print_ex_fp(stdout, + X509_get_subject_name(cert), 0, 0); + } + if (s == LDNS_STATUS_OK) { + if (verify_server_name && + ! dane_verify_server_name(cert, name)) { + + fprintf(stdout, " did not dane-validate, because:" + " the certificate name did not match" + " the server name\n"); + return false; + } + fprintf(stdout, " dane-validated successfully\n"); + return true; + } else if (assume_pkix_validity && + s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) { + fprintf(stdout, " dane-validated successfully," + " because PKIX is assumed valid\n"); + return true; + } + fprintf(stdout, " did not dane-validate, because: %s\n", + ldns_get_errorstr_by_id(s)); + return false; +} +#endif /* defined(USE_DANE_VERIFY) && OPENSSL_VERSION_NUMBER < 0x10100000 */ + +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL) +static int _ldns_tls_verify_always_ok(int ok, X509_STORE_CTX *ctx) +{ + (void)ok; + (void)ctx; + return 1; +} +#endif + +/** + * Return either an A or AAAA rdf, based on the given + * string. If it it not a valid ip address, return null. + * + * Caller receives ownership of returned rdf (if not null), + * and must free it. + */ +static inline ldns_rdf* rdf_addr_frm_str(const char* str) { + ldns_rdf *a = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, str); + if (!a) { + a = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_AAAA, str); + } + return a; +} + + +int +main(int argc, char* const* argv) +{ + int c; + enum { UNDETERMINED, VERIFY, CREATE } mode = UNDETERMINED; + + ldns_status s; + size_t i; + +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL) + size_t j, usable_tlsas = 0; +# ifdef USE_DANE_VERIFY + X509_STORE_CTX *store_ctx = NULL; +# endif /* USE_DANE_VERIFY */ +#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */ + + bool print_tlsa_as_type52 = false; + bool assume_dnssec_validity = false; + bool assume_pkix_validity = false; + bool verify_server_name = true; + bool interact = false; + +#if HAVE_DANE_CA_FILE + const char* CAfile = LDNS_DANE_CA_FILE; +#else + const char* CAfile = NULL; +#endif +#if HAVE_DANE_CA_PATH + const char* CApath = LDNS_DANE_CA_PATH; +#else + const char* CApath = NULL; +#endif + char* cert_file = NULL; + X509* cert = NULL; + STACK_OF(X509)* extra_certs = NULL; + + ldns_rr_list* keys = ldns_rr_list_new(); + size_t nkeys = 0; + bool do_sigchase = false; + + ldns_rr_list* addresses = ldns_rr_list_new(); + ldns_rr* address_rr; + ldns_rdf* address; + + int ai_family = AF_UNSPEC; + int transport = LDNS_DANE_TRANSPORT_TCP; + + char* name_str = NULL; /* suppress uninitialized warning */ + ldns_rdf* name; + uint16_t port = 0; /* suppress uninitialized warning */ + + ldns_resolver* res = NULL; + ldns_rdf* nameserver_rdf = NULL; + ldns_rdf* tlsa_owner = NULL; + char* tlsa_owner_str = NULL; + ldns_rr_list* tlsas = NULL; + char* tlsas_file = NULL; + + /* For extracting service port and transport from tla_owner. */ + ldns_rdf* port_rdf = NULL; + char* port_str = NULL; + ldns_rdf* transport_rdf = NULL; + char* transport_str = NULL; + + ldns_rr_list* originals = NULL; /* original tlsas (before + * transform), but also used + * as temporary. + */ + + ldns_tlsa_certificate_usage certificate_usage = 666; + int offset = -1; + ldns_tlsa_selector selector = 666; + ldns_tlsa_matching_type matching_type = 666; + + + X509_STORE *store = NULL; + + SSL_CTX* ctx = NULL; + SSL* ssl = NULL; + + int no_tlsas_exit_status = EXIT_SUCCESS; + int exit_success = EXIT_SUCCESS; + + bool success = true; + + if (! keys || ! addresses) { + MEMERR("ldns_rr_list_new"); + } + while((c = getopt(argc, argv, "46a:bc:df:hik:no:p:r:sSt:TuvV:")) != -1){ + switch(c) { + case 'h': + print_usage("ldns-dane"); + break; + case '4': + ai_family = AF_INET; + break; + case '6': + ai_family = AF_INET6; + break; + case 'r': + if (nameserver_rdf) { + fprintf(stderr, "Can only specify -r once\n"); + exit(EXIT_FAILURE); + } + nameserver_rdf = rdf_addr_frm_str(optarg); + if (!nameserver_rdf) { + fprintf(stderr, + "Could not interpret address %s\n", + optarg); + exit(EXIT_FAILURE); + } + break; + case 'a': + s = ldns_str2rdf_a(&address, optarg); + if (s == LDNS_STATUS_OK) { + address_rr = ldns_rr_new_frm_type( + LDNS_RR_TYPE_A); + } else { + s = ldns_str2rdf_aaaa(&address, optarg); + if (s == LDNS_STATUS_OK) { + address_rr = ldns_rr_new_frm_type( + LDNS_RR_TYPE_AAAA); + } else { + fprintf(stderr, + "Could not interpret address " + "%s\n", + optarg); + exit(EXIT_FAILURE); + } + } + (void) ldns_rr_a_set_address(address_rr, address); + for (i = 0; i < ldns_rr_list_rr_count(addresses); i++){ + if (ldns_rdf_compare(address, + ldns_rr_a_address( + ldns_rr_list_rr(addresses, i))) == 0) { + break; + } + } + if (i >= ldns_rr_list_rr_count(addresses)) { + if (! ldns_rr_list_push_rr(addresses, + address_rr)) { + MEMERR("ldns_rr_list_push_rr"); + } + } + break; + case 'b': + print_tlsa_as_type52 = true; + /* TODO: do it with output formats... maybe... */ + break; + case 'c': + cert_file = optarg; /* checking in SSL stuff below */ + break; + case 'd': + assume_dnssec_validity = true; + break; + case 'f': + CAfile = optarg; + break; + case 'i': + interact = true; + break; + case 'k': + s = read_key_file(optarg, keys); + if (s == LDNS_STATUS_FILE_ERR) { + fprintf(stderr, "Error opening %s: %s\n", + optarg, strerror(errno)); + } + LDNS_ERR(s, "Could not parse key file"); + if (ldns_rr_list_rr_count(keys) == nkeys) { + fprintf(stderr, "No keys found in file" + " %s\n", optarg); + exit(EXIT_FAILURE); + } + nkeys = ldns_rr_list_rr_count(keys); + break; + case 'n': + verify_server_name = false; + break; + case 'o': + offset = atoi(optarg); /* todo check if all numeric */ + break; + case 'p': + CApath = optarg; + break; + case 's': + assume_pkix_validity = true; + break; + case 'S': + do_sigchase = true; + break; + case 't': + tlsas_file = optarg; + break; + case 'T': + no_tlsas_exit_status = NO_TLSAS_EXIT_STATUS; + break; + case 'u': + transport = LDNS_DANE_TRANSPORT_UDP; + break; + case 'v': + printf("ldns-dane version %s (ldns version %s)\n", + LDNS_VERSION, ldns_version()); + exit(EXIT_SUCCESS); + break; +/* case 'V': + verbosity = atoi(optarg); + break; + */ + } + } + + /* Filter out given IPv4 addresses when -6 was given, + * and IPv6 addresses when -4 was given. + */ + if (ldns_rr_list_rr_count(addresses) > 0 && + ai_family != AF_UNSPEC) { + originals = addresses; + addresses = rr_list_filter_rr_type(originals, + (ai_family == AF_INET + ? LDNS_RR_TYPE_A : LDNS_RR_TYPE_AAAA)); + ldns_rr_list_free(originals); + if (addresses == NULL) { + MEMERR("rr_list_filter_rr_type"); + } + if (ldns_rr_list_rr_count(addresses) == 0) { + fprintf(stderr, + "No addresses of the specified type remain\n"); + exit(EXIT_FAILURE); + } + } + + if (do_sigchase) { + if (nkeys == 0) { + (void) read_key_file(LDNS_TRUST_ANCHOR_FILE, keys); + nkeys = ldns_rr_list_rr_count(keys); + + if (nkeys == 0) { + fprintf(stderr, "Unable to chase " + "signature without keys.\n"); + exit(EXIT_FAILURE); + } + } + } else { + keys = NULL; + } + + argc -= optind; + argv += optind; + + if (argc == 0) { + + print_usage("ldns-dane"); + } + if (strncasecmp(*argv, "create", strlen(*argv)) == 0) { + + mode = CREATE; + argc--; + argv++; + +#ifdef USE_DANE_VERIFY + } else if (strncasecmp(*argv, "verify", strlen(*argv)) == 0) { + + mode = VERIFY; + argc--; + argv++; + + } else { + fprintf(stderr, "Specify create or verify mode\n"); +#else + } else { + fprintf(stderr, "Specify create mode\n"); +#endif + exit(EXIT_FAILURE); + } + +#ifndef USE_DANE_VERIFY + (void)transport_str; + (void)transport_rdf; + (void)port_str; + (void)port_rdf; + (void)interact; +#else + if (mode == VERIFY && argc == 0) { + + if (! tlsas_file) { + fprintf(stderr, "ERROR! Nothing given to verify\n"); + exit(EXIT_FAILURE); + } + s = dane_read_tlsas_from_file(&tlsas, tlsas_file, NULL); + LDNS_ERR(s, "could not read tlsas from file"); + + /* extract port, transport and hostname from TLSA owner name */ + + if (ldns_rr_list_rr_count(tlsas) == 0) { + + fprintf(stderr, "ERROR! No TLSA records to extract " + "service port, transport and hostname" + "\n"); + exit(EXIT_FAILURE); + } + tlsa_owner = ldns_rr_list_owner(tlsas); + if (ldns_dname_label_count(tlsa_owner) < 2) { + fprintf(stderr, "ERROR! To few labels in TLSA owner\n"); + exit(EXIT_FAILURE); + } + do { + s = LDNS_STATUS_MEM_ERR; + port_rdf = ldns_dname_label(tlsa_owner, 0); + if (! port_rdf) { + break; + } + port_str = ldns_rdf2str(port_rdf); + if (! port_str) { + break; + } + if (*port_str != '_') { + fprintf(stderr, "ERROR! Badly formatted " + "service port label in the " + "TLSA owner name\n"); + exit(EXIT_FAILURE); + } + if (port_str[strlen(port_str) - 1] == '.') { + port_str[strlen(port_str) - 1] = '\000'; + } + port = (uint16_t) dane_int_within_range( + port_str + 1, 65535, "port"); + s = LDNS_STATUS_OK; + } while (false); + LDNS_ERR(s, "could not extract service port from TLSA owner"); + + do { + s = LDNS_STATUS_MEM_ERR; + transport_rdf = ldns_dname_label(tlsa_owner, 1); + if (! transport_rdf) { + break; + } + transport_str = ldns_rdf2str(transport_rdf); + if (! transport_str) { + break; + } + if (transport_str[strlen(transport_str) - 1] == '.') { + transport_str[strlen(transport_str) - 1] = + '\000'; + } + if (strcmp(transport_str, "_tcp") == 0) { + + transport = LDNS_DANE_TRANSPORT_TCP; + + } else if (strcmp(transport_str, "_udp") == 0) { + + transport = LDNS_DANE_TRANSPORT_UDP; + + } else if (strcmp(transport_str, "_sctp") == 0) { + + transport = LDNS_DANE_TRANSPORT_SCTP; + + } else { + fprintf(stderr, "ERROR! Badly formatted " + "transport label in the " + "TLSA owner name\n"); + exit(EXIT_FAILURE); + } + s = LDNS_STATUS_OK; + break; + } while(false); + LDNS_ERR(s, "could not extract transport from TLSA owner"); + + tlsa_owner_str = ldns_rdf2str(tlsa_owner); + if (! tlsa_owner_str) { + MEMERR("ldns_rdf2str"); + } + name = ldns_dname_clone_from(tlsa_owner, 2); + if (! name) { + MEMERR("ldns_dname_clone_from"); + } + name_str = ldns_rdf2str(name); + if (! name_str) { + MEMERR("ldns_rdf2str"); + } + + + } else +#endif /* USE_DANE_VERIFY */ + if (argc < 2) { + + print_usage("ldns-dane"); + + } else { + name_str = *argv++; argc--; + s = ldns_str2rdf_dname(&name, name_str); + LDNS_ERR(s, "could not ldns_str2rdf_dname"); + + port = (uint16_t)dane_int_within_range(*argv++, 65535, "port"); + --argc; + + s = ldns_dane_create_tlsa_owner(&tlsa_owner, + name, port, transport); + LDNS_ERR(s, "could not create TLSA owner name"); + tlsa_owner_str = ldns_rdf2str(tlsa_owner); + if (! tlsa_owner_str) { + MEMERR("ldns_rdf2str"); + } + } + + switch (mode) { + case VERIFY: + if (argc > 0) { + + print_usage("ldns-dane"); + } + if (tlsas_file) { + + s = dane_read_tlsas_from_file(&tlsas, tlsas_file, + tlsa_owner); + LDNS_ERR(s, "could not read tlas from file"); + } else { + /* lookup tlsas */ + s = dane_setup_resolver(&res, nameserver_rdf, + keys, assume_dnssec_validity); + LDNS_ERR(s, "could not dane_setup_resolver"); + s = dane_query(&tlsas, res, tlsa_owner, + LDNS_RR_TYPE_TLSA, LDNS_RR_CLASS_IN, + false); + ldns_resolver_free(res); + } + + if (s == LDNS_STATUS_DANE_INSECURE) { + + fprintf(stderr, "Warning! TLSA records for %s " + "were found, but were insecure.\n" + "PKIX validation without DANE will be " + "performed. If you wish to perform DANE\n" + "even though the RR's are insecure, " + "use the -d option.\n", tlsa_owner_str); + + exit_success = no_tlsas_exit_status; + + } else if (s != LDNS_STATUS_OK) { + + ldns_err("dane_query", s); + + } else if (ldns_rr_list_rr_count(tlsas) == 0) { + + fprintf(stderr, "Warning! No TLSA records for %s " + "were found.\n" + "PKIX validation without DANE will be " + "performed.\n", ldns_rdf2str(tlsa_owner)); + + exit_success = no_tlsas_exit_status; + + } else if (assume_pkix_validity) { /* number of tlsa's > 0 */ + + /* transform type "CA constraint" to "Trust anchor + * assertion" and "Service Certificate Constraint" + * to "Domain Issues Certificate" + */ + originals = tlsas; + tlsas = dane_no_pkix_transform(originals); + } + + break; + + case CREATE: + if (argc > 0) { + certificate_usage = dane_int_within_range_table( + *argv++, 3, "certificate usage", + dane_certificate_usage_table); + argc--; + } else { + certificate_usage = LDNS_TLSA_USAGE_DANE_EE; + } + if (argc > 0) { + selector = dane_int_within_range_table( + *argv++, 1, "selector", + dane_selector_table); + argc--; + } else { + selector = LDNS_TLSA_SELECTOR_SPKI; + } + if (argc > 0) { + matching_type = dane_int_within_range_table( + *argv++, 2, "matching type", + dane_matching_type_table); + + argc--; + } else { + matching_type = LDNS_TLSA_MATCHING_TYPE_SHA2_256; + } + if (argc > 0) { + + print_usage("ldns-dane"); + } + if ((certificate_usage == LDNS_TLSA_USAGE_CA_CONSTRAINT || + certificate_usage == + LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT) && + ! CAfile && ! CApath && ! assume_pkix_validity) { + + fprintf(stderr, + "When using the \"CA constraint\" or " + "\"Service certificate constraint\",\n" + "-f and/or -p options " + "must be given to perform PKIX validation.\n\n" + "PKIX validation may be turned off " + "with the -s option. Note that with\n" + "\"CA constraint\" the verification process " + "should then end with a self-signed\n" + "certificate which must be present " + "in the server certificate chain.\n\n"); + + exit(EXIT_FAILURE); + } + tlsas = ldns_rr_list_new(); + break; + default: + fprintf(stderr, "Unreachable code\n"); + assert(0); + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) + /* ssl initialize */ + SSL_load_error_strings(); + SSL_library_init(); +#endif + + /* ssl load validation store */ + if (! assume_pkix_validity || CAfile || CApath) { + store = X509_STORE_new(); + if (! store) { + ssl_err("could not X509_STORE_new"); + } + if ((CAfile || CApath) && X509_STORE_load_locations( + store, CAfile, CApath) != 1) { + ssl_err("error loading CA certificates"); + } + } + +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) + ctx = SSL_CTX_new(SSLv23_client_method()); +#else + ctx = SSL_CTX_new(TLS_client_method()); + if (ctx && SSL_CTX_dane_enable(ctx) <= 0) { + ssl_err("could not SSL_CTX_dane_enable"); + } + + /* Use TLSv1.0 or above for connection. */ + long flags = 0; +# ifdef SSL_OP_NO_SSLv2 + flags |= SSL_OP_NO_SSLv2; +# endif +# ifdef SSL_OP_NO_SSLv3 + flags |= SSL_OP_NO_SSLv3; +# endif +# ifdef SSL_OP_NO_COMPRESSION + flags |= SSL_OP_NO_COMPRESSION; +# endif + SSL_CTX_set_options(ctx, flags); + + if (CAfile || CApath) { + if (!SSL_CTX_load_verify_locations(ctx, CAfile, CApath)) + ssl_err("could not set verify locations\n"); + + } else if (!SSL_CTX_set_default_verify_paths(ctx)) + ssl_err("could not set default verify paths\n"); +#endif + if (! ctx) { + ssl_err("could not SSL_CTX_new"); + } + if (cert_file && + SSL_CTX_use_certificate_chain_file(ctx, cert_file) != 1) { + ssl_err("error loading certificate"); + } + + if (cert_file) { /* ssl load certificate */ + + ssl = SSL_new(ctx); + if (! ssl) { + ssl_err("could not SSL_new"); + } + cert = SSL_get_certificate(ssl); + if (! cert) { + ssl_err("could not SSL_get_certificate"); + } +#ifndef SSL_CTX_get_extra_chain_certs +#ifndef S_SPLINT_S + extra_certs = ctx->extra_certs; +#endif /* splint */ +#else + if(!SSL_CTX_get_extra_chain_certs(ctx, &extra_certs)) { + ssl_err("could not SSL_CTX_get_extra_chain_certs"); + } +#endif + switch (mode) { + case CREATE: dane_create(tlsas, tlsa_owner, certificate_usage, + offset, selector, matching_type, + cert, extra_certs, store, + verify_server_name, name); + break; +#ifdef USE_DANE_VERIFY +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) + case VERIFY: if (! dane_verify(tlsas, NULL, + cert, extra_certs, store, + verify_server_name, name, + assume_pkix_validity)) { + success = false; + } + break; +#else /* OPENSSL_VERSION_NUMBER < 0x10100000 */ + case VERIFY: + usable_tlsas = 0; + SSL_set_connect_state(ssl); + if (SSL_dane_enable(ssl, name_str) <= 0) { + ssl_err("could not SSL_dane_enable"); + } + if (!verify_server_name) { + SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); + } + for (j = 0; j < ldns_rr_list_rr_count(tlsas); j++) { + int ret; + ldns_rr *tlsa_rr = ldns_rr_list_rr(tlsas, j); + + if (ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA) { + fprintf(stderr, "Skipping non TLSA RR: "); + ldns_rr_print(stderr, tlsa_rr); + fprintf(stderr, "\n"); + continue; + } + if (ldns_rr_rd_count(tlsa_rr) != 4) { + fprintf(stderr, "Skipping TLSA with wrong rdata RR: "); + ldns_rr_print(stderr, tlsa_rr); + fprintf(stderr, "\n"); + continue; + } + ret = SSL_dane_tlsa_add(ssl, + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)), + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)), + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)), + ldns_rdf_data(ldns_rr_rdf(tlsa_rr, 3)), + ldns_rdf_size(ldns_rr_rdf(tlsa_rr, 3))); + if (ret < 0) { + ssl_err("could not SSL_dane_tlsa_add"); + } + if (ret == 0) { + fprintf(stderr, "Skipping unusable TLSA RR: "); + ldns_rr_print(stderr, tlsa_rr); + fprintf(stderr, "\n"); + continue; + } + usable_tlsas += 1; + } + if (!usable_tlsas) { + fprintf(stderr, "No usable TLSA records were found.\n" + "PKIX validation without DANE will be performed.\n"); + exit_success = no_tlsas_exit_status; + } + if (!(store_ctx = X509_STORE_CTX_new())) { + ssl_err("could not SSL_new"); + } + if (!X509_STORE_CTX_init(store_ctx, store, cert, extra_certs)) { + ssl_err("could not X509_STORE_CTX_init"); + } + X509_STORE_CTX_set_default(store_ctx, + SSL_is_server(ssl) ? "ssl_client" : "ssl_server"); + X509_VERIFY_PARAM_set1(X509_STORE_CTX_get0_param(store_ctx), + SSL_get0_param(ssl)); + X509_STORE_CTX_set0_dane(store_ctx, SSL_get0_dane(ssl)); + X509_NAME_print_ex_fp(stdout, + X509_get_subject_name(cert), 0, 0); + if (X509_verify_cert(store_ctx)) { + fprintf(stdout, " %s-validated successfully\n", + usable_tlsas + ? "dane" : "PKIX"); + } else { + fprintf(stdout, " did not dane-validate, because: %s\n", + X509_verify_cert_error_string( + X509_STORE_CTX_get_error(store_ctx))); + success = false; + } + if (store_ctx) { + X509_STORE_CTX_free(store_ctx); + } + break; +#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ +#endif /* ifdef USE_DANE_VERIFY */ + default: break; /* suppress warning */ + } + SSL_free(ssl); + + } else {/* No certificate file given, creation/validation via TLS. */ + + /* We need addresses to connect to */ + if (ldns_rr_list_rr_count(addresses) == 0) { + s = dane_setup_resolver(&res, nameserver_rdf, + keys, assume_dnssec_validity); + LDNS_ERR(s, "could not dane_setup_resolver"); + ldns_rr_list_free(addresses); + addresses =dane_lookup_addresses(res, name, ai_family); + ldns_resolver_free(res); + } + if (ldns_rr_list_rr_count(addresses) == 0) { + fprintf(stderr, "No addresses for %s\n", name_str); + exit(EXIT_FAILURE); + } + + /* for all addresses, setup SSL and retrieve certificates */ + for (i = 0; i < ldns_rr_list_rr_count(addresses); i++) { + + ssl = SSL_new(ctx); + if (! ssl) { + ssl_err("could not SSL_new"); + } + address = ldns_rr_a_address( + ldns_rr_list_rr(addresses, i)); + assert(address != NULL); +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL) + if (mode == VERIFY) { + usable_tlsas = 0; + if (SSL_dane_enable(ssl, name_str) <= 0) { + ssl_err("could not SSL_dane_enable"); + } + if (!verify_server_name) { + SSL_dane_set_flags(ssl, DANE_FLAG_NO_DANE_EE_NAMECHECKS); + } + for (j = 0; j < ldns_rr_list_rr_count(tlsas); j++) { + int ret; + ldns_rr *tlsa_rr = ldns_rr_list_rr(tlsas, j); + + if (ldns_rr_get_type(tlsa_rr) != LDNS_RR_TYPE_TLSA) { + fprintf(stderr, "Skipping non TLSA RR: "); + ldns_rr_print(stderr, tlsa_rr); + fprintf(stderr, "\n"); + continue; + } + if (ldns_rr_rd_count(tlsa_rr) != 4) { + fprintf(stderr, "Skipping TLSA with wrong rdata RR: "); + ldns_rr_print(stderr, tlsa_rr); + fprintf(stderr, "\n"); + continue; + } + ret = SSL_dane_tlsa_add(ssl, + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) | (assume_pkix_validity ? 2 : 0), + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)), + ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)), + ldns_rdf_data(ldns_rr_rdf(tlsa_rr, 3)), + ldns_rdf_size(ldns_rr_rdf(tlsa_rr, 3))); + if (ret < 0) { + ssl_err("could not SSL_dane_tlsa_add"); + } + if (ret == 0) { + fprintf(stderr, "Skipping unusable TLSA RR: "); + ldns_rr_print(stderr, tlsa_rr); + fprintf(stderr, "\n"); + continue; + } + usable_tlsas += 1; + } + if (!usable_tlsas) { + fprintf(stderr, "No usable TLSA records were found.\n" + "PKIX validation without DANE will be performed.\n"); + + exit_success = no_tlsas_exit_status; + if (assume_pkix_validity) + SSL_set_verify(ssl, SSL_VERIFY_PEER, _ldns_tls_verify_always_ok); + } + } +#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */ + s = ssl_connect_and_get_cert_chain(&cert, &extra_certs, + ssl, name_str, address,port, transport); + if (s == LDNS_STATUS_NETWORK_ERR) { + fprintf(stderr, "Could not connect to "); + ldns_rdf_print(stderr, address); + fprintf(stderr, " %d\n", (int) port); + + /* All addresses should succeed */ + success = false; + continue; + } + LDNS_ERR(s, "could not get cert chain from ssl"); +#if OPENSSL_VERSION_NUMBER >= 0x10100000 && ! defined(HAVE_LIBRESSL) + + if (mode == VERIFY) { + char *address_str = ldns_rdf2str(address); + long verify_result = SSL_get_verify_result(ssl); + + fprintf(stdout, "%s", address_str ? address_str : "
"); + free(address_str); + + if (verify_result == X509_V_OK) { + fprintf(stdout, " %s-validated successfully\n", + usable_tlsas + ? "dane" : "PKIX"); + } else { + fprintf(stdout, " did not dane-validate, because: %s\n", + X509_verify_cert_error_string(verify_result)); + success = false; + } + } +#endif /* OPENSSL_VERSION_NUMBER >= 0x10100000 */ + switch (mode) { + case CREATE: dane_create(tlsas, tlsa_owner, + certificate_usage, offset, + selector, matching_type, + cert, extra_certs, store, + verify_server_name, name); + break; + +#ifdef USE_DANE_VERIFY + case VERIFY: +#if OPENSSL_VERSION_NUMBER < 0x10100000 || defined(HAVE_LIBRESSL) + if (! dane_verify(tlsas, address, + cert, extra_certs, store, + verify_server_name, name, + assume_pkix_validity)) { + success = false; + + } +#endif /* OPENSSL_VERSION_NUMBER < 0x10100000 */ + if (success && interact) { + ssl_interact(ssl); + } + break; +#endif /* USE_DANE_VERIFY */ + + default: break; /* suppress warning */ + } + (void)SSL_shutdown(ssl); + SSL_free(ssl); + } /* end for all addresses */ + } /* end No certification file */ + + if (mode == CREATE) { + if (print_tlsa_as_type52) { + print_rr_list_as_TYPEXXX(stdout, tlsas); + } else { + ldns_rr_list_print(stdout, tlsas); + } + } + ldns_rr_list_deep_free(tlsas); + + /* cleanup */ + SSL_CTX_free(ctx); + + if (nameserver_rdf) { + ldns_rdf_deep_free(nameserver_rdf); + } + if (store) { + X509_STORE_free(store); + } + if (tlsa_owner_str) { + LDNS_FREE(tlsa_owner_str); + } + if (tlsa_owner) { + ldns_rdf_free(tlsa_owner); + } + if (addresses) { + ldns_rr_list_deep_free(addresses); + } + if (success) { + exit(exit_success); + } else { + exit(EXIT_FAILURE); + } +} +#else /* HAVE_SSL */ + +int +main(int argc, char **argv) +{ + fprintf(stderr, "ldns-dane needs OpenSSL support, " + "which has not been compiled in\n"); + return 1; +} +#endif /* HAVE_SSL */ + +#else /* USE_DANE */ + +int +main(int argc, char **argv) +{ + (void)argc; + (void)argv; + + fprintf(stderr, "dane support was disabled with this build of ldns, " + "and has not been compiled in\n"); + return 1; +} + +#endif /* USE_DANE */ diff --git a/zonemaster-ldns/ldns/examples/ldns-dpa.1 b/zonemaster-ldns/ldns/examples/ldns-dpa.1 new file mode 100644 index 0000000..c3239f0 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-dpa.1 @@ -0,0 +1,151 @@ +.TH dpa 1 "1 Nov 2005" +.SH NAME +dpa \- DNS Packet Analyzer. Analyze DNS packets in ip trace files +.SH SYNOPSIS +.B dpa +[ +.IR OPTION +] +.IR TRACEFILE + +.SH DESCRIPTION +\fBdpa\fR is used to analyze dns packets in trace files. It has 3 main options: count, filter, and count uniques (i.e. count all different occurrences). + +.SH OPTIONS +.TP +\fB-c\fR \fIexpressionlist\fR +Count occurrences of matching expressions + +.TP +\fB-f\fR \fIexpression\fR +Filter: only process packets that match the expression + +.TP +\fB-h\fR +Show usage + +.TP +\fB-p\fR +Show the total number of correct DNS packets, and percentage of \-u and +\-c values (of the total of matching on the \-f filter. if no filter is +given, percentages are on all correct dns packets) + +.TP +\fB-of\fR \fIfile\fR +Write all packets that match the \-f flag to file, as pcap data. + +.TP +\fB-ofh\fR \fIfile\fR +Write all packets that match the \-f flag to file, in hexadecimal format, +readable by drill. + +.TP +\fB-s\fR +Show possible match names + +.TP +\fB-s\fR \fImatchname\fR +show possible match operators and values for name + +.TP +\fB-sf\fR +Only evaluate packets (in representation format) that match the \-f filter. +If no \-f was given, evaluate all correct dns packets. + +.TP +\fB-u\fR \fImatchnamelist\fR +Count every occurrence of every value of the matchname (for instance, count all packetsizes, see EXAMPLES in ldns-dpa(1) ). + +.TP +\fB-ua\fR +For every matchname in \-u, show the average value of all matches. Behaviour for match types that do not have an integer value is undefined. + +.TP +\fB-uac\fR +For every matchname in \-u, show the average number of times this value was encountered. + +.TP +\fB-um\fR \fInumber\fR +Only show the results from \-u for values that occurred more than times. + +.TP +\fB-v\fR \fIlevel\fR +Set verbosity to level (1-5, 5 being the highest). Mostly used for debugging. + +.TP +\fB-notip\fR \fIfile\fR +Write packets that were not recognized as IP packets to file (as pcap data). + +.TP +\fB-baddns\fR \fIfile\fR +Write dns packets that were too mangled to parse to file (as pcap data). + +.TP +\fB-version\fR +Show version and exit + +.SH LIST AND MATCHES + +A is a comma separated list of match names (use \-s to see possible match names). +A is a comma separated list of expressions. + +An expression has the following form: +: () + | + & + + +: + +: + = equal to + != not equal to + > greater than + < lesser than + >= greater than or equal to + <= lesser than or equal to + ~= contains + +See the \-s option for possible matchnames, operators and values. + +.SH EXAMPLES + +.TP +ldns-dpa \-u packetsize \-p test.tr +Count all different packetsizes in test.tr and show the percentages. + +.TP +ldns-dpa \-f "edns=1&qr=0" \-of edns.tr test.tr +Filter out all edns enable queries in test.tr and put them in edns.tr + +.TP +ldns-dpa \-f edns=1 \-c tc=1 \-u rcode test.tr +For all edns packets, count the number of truncated packets and all their rcodes in test.tr. + +.TP +ldns-dpa \-c tc=1,qr=0,qr=1,opcode=QUERY test.tr +For all packets, count the number of truncated packets, the number of packets with qr=0, the number of packets with qr=1 and the number of queries in test.tr. + +.TP +ldns-dpa \-u packetsize \-ua test.tr +Show all packet sizes and the average packet size per packet. + +.TP +ldns-dpa \-u srcaddress \-uac test.tr +Show all packet source addresses and the average number of packets sent from this address. + +.TP +sudo tcpdump \-i eth0 \-s 0 \-U \-w \- port 53 | ldns-dpa \-f qr=0 \-sf +Print all query packets seen on the specified interface. + + +.SH AUTHOR +Written by Jelte Jansen for NLnetLabs. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-dpa.c b/zonemaster-ldns/ldns/examples/ldns-dpa.c new file mode 100644 index 0000000..46d8f9a --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-dpa.c @@ -0,0 +1,2857 @@ +/* + * ldns-dpa inspects the (udp) DNS packets found in a pcap file + * and provides statistics about them + * + * (C) NLnet Labs 2006 - 2008 + * + * See the file LICENSE for the license + */ +#include "config.h" + +#include + +#ifdef HAVE_PCAP_H +#ifdef HAVE_LIBPCAP +#include "ldns-dpa.h" + +#ifdef HAVE_NETINET_IP6_H +#include +#endif +#include + +#ifndef IP_OFFMASK +#define IP_OFFMASK 0x1fff +#endif + +int verbosity = 1; + +#define ETHER_HEADER_LENGTH 14 +#define UDP_HEADER_LENGTH 8 +#define IP6_HEADER_LENGTH 40 + +/* some systems don't have this? */ +#ifndef ETHERTYPE_IPV6 +#define ETHERTYPE_IPV6 0x86dd +#endif + +#define MAX_MATCHES 20 +#define MAX_OPERATORS 7 + + +/* global options */ +bool show_filter_matches = false; +size_t total_nr_of_dns_packets = 0; +size_t total_nr_of_filtered_packets = 0; +size_t not_ip_packets = 0; +size_t bad_dns_packets = 0; +size_t arp_packets = 0; +size_t udp_packets = 0; +size_t tcp_packets = 0; +size_t fragmented_packets = 0; +size_t lost_packet_fragments = 0; +FILE *hexdumpfile = NULL; +pcap_dumper_t *dumper = NULL; +pcap_dumper_t *not_ip_dump = NULL; +pcap_dumper_t *bad_dns_dump = NULL; + + +struct +fragment_part { + uint16_t ip_id; + uint8_t data[65536]; + size_t cur_len; +}; + +struct fragment_part *fragment_p; + +/* To add a match, + * - add it to the enum + * - add it to the table_matches const + * - add a handler to value_matches + * - tell in get_string_value() where in the packet the data lies + * - add to parser? + * - add to show_match_ function + */ +enum enum_match_ids { + MATCH_ID, + MATCH_OPCODE, + MATCH_RCODE, + MATCH_PACKETSIZE, + MATCH_QR, + MATCH_TC, + MATCH_AD, + MATCH_CD, + MATCH_RD, + MATCH_EDNS, + MATCH_EDNS_PACKETSIZE, + MATCH_DO, + MATCH_QUESTION_SIZE, + MATCH_ANSWER_SIZE, + MATCH_AUTHORITY_SIZE, + MATCH_ADDITIONAL_SIZE, + MATCH_SRC_ADDRESS, + MATCH_DST_ADDRESS, + MATCH_TIMESTAMP, + MATCH_QUERY, + MATCH_QTYPE, + MATCH_QNAME, + MATCH_ANSWER, + MATCH_AUTHORITY, + MATCH_ADDITIONAL, + MATCH_LAST +}; +typedef enum enum_match_ids match_id; + +enum enum_counter_types { + TYPE_INT, + TYPE_BOOL, + TYPE_OPCODE, + TYPE_RCODE, + TYPE_STRING, + TYPE_TIMESTAMP, + TYPE_ADDRESS, + TYPE_RR, + TYPE_RR_TYPE, + TYPE_LAST +}; +typedef enum enum_counter_types counter_type; + +const ldns_lookup_table lt_types[] = { + {TYPE_INT, "int" }, + {TYPE_BOOL, "bool" }, + {TYPE_OPCODE, "opcode" }, + {TYPE_RCODE, "rcode" }, + {TYPE_STRING, "string" }, + {TYPE_TIMESTAMP, "timestamp" }, + {TYPE_ADDRESS, "address" }, + {TYPE_RR, "rr" }, + { 0, NULL } +}; + +enum enum_type_operators { + OP_EQUAL, + OP_NOTEQUAL, + OP_GREATER, + OP_LESSER, + OP_GREATEREQUAL, + OP_LESSEREQUAL, + OP_CONTAINS, + OP_LAST +}; +typedef enum enum_type_operators type_operator; + +const ldns_lookup_table lt_operators[] = { + { OP_EQUAL, "=" }, + { OP_NOTEQUAL, "!=" }, + { OP_GREATER, ">" }, + { OP_LESSER, "<" }, + { OP_GREATEREQUAL, ">=" }, + { OP_LESSEREQUAL, "<=" }, + { OP_CONTAINS, "~=" }, + { 0, NULL } +}; + +static const char *get_op_str(type_operator op) { + const ldns_lookup_table *lt; + lt = ldns_lookup_by_id((ldns_lookup_table *) lt_operators, op); + if (lt) { + return lt->name; + } else { + fprintf(stderr, "Unknown operator id: %u\n", op); + exit(1); + } +} + +static type_operator +get_op_id(char *op_str) +{ + const ldns_lookup_table *lt; + lt = ldns_lookup_by_name((ldns_lookup_table *) lt_operators, op_str); + if (lt) { + return (type_operator) lt->id; + } else { + fprintf(stderr, "Unknown operator: %s\n", op_str); + exit(1); + } +} + +struct struct_type_operators { + counter_type type; + size_t operator_count; + type_operator operators[10]; +}; +typedef struct struct_type_operators type_operators; + +const type_operators const_type_operators[] = { + { TYPE_INT, 6, { OP_EQUAL, OP_NOTEQUAL, OP_GREATER, OP_LESSER, OP_GREATEREQUAL, OP_LESSEREQUAL, 0, 0, 0, 0 } }, + { TYPE_BOOL, 2, { OP_EQUAL, OP_NOTEQUAL, 0, 0, 0, 0, 0, 0, 0, 0} }, + { TYPE_OPCODE, 2, { OP_EQUAL, OP_NOTEQUAL, 0, 0, 0, 0, 0, 0, 0, 0} }, + { TYPE_RCODE, 2, { OP_EQUAL, OP_NOTEQUAL, 0, 0, 0, 0, 0, 0, 0, 0} }, + { TYPE_STRING, 3, { OP_EQUAL, OP_NOTEQUAL, OP_CONTAINS, 0, 0, 0, 0, 0, 0, 0} }, + { TYPE_TIMESTAMP, 6, { OP_EQUAL, OP_NOTEQUAL, OP_GREATER, OP_LESSER, OP_GREATEREQUAL, OP_LESSEREQUAL, 0, 0, 0, 0 } }, + { TYPE_ADDRESS, 3, { OP_EQUAL, OP_NOTEQUAL, OP_CONTAINS, 0, 0, 0, 0, 0, 0, 0} }, + { TYPE_RR, 3, { OP_EQUAL, OP_NOTEQUAL, OP_CONTAINS, 0, 0, 0, 0, 0, 0, 0} }, + { TYPE_RR_TYPE, 6, { OP_EQUAL, OP_NOTEQUAL, OP_GREATER, OP_LESSER, OP_GREATEREQUAL, OP_LESSEREQUAL, 0, 0, 0, 0 } }, + { 0, 0, { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 } } +}; + +const type_operators * +get_type_operators(counter_type type) { + const type_operators *to = const_type_operators; + while (to) { + if (to->type == type) { + return to; + } + to++; + } + return NULL; +} + +struct struct_match_table { + match_id id; + const char *name; + const char *description; + const counter_type type; +}; +typedef struct struct_match_table match_table; + +/* order of entries has been changed after gprof analysis, and reasoning + * about the uses of -u arguments + */ +const match_table matches[] = { + { MATCH_QUERY, "query", "String representation of the query RR", TYPE_RR }, + { MATCH_QTYPE, "qtype", "RR Type of the question RR, if present", TYPE_RR_TYPE }, + { MATCH_QNAME, "qname", "Owner name of the question RR, if present", TYPE_STRING }, + { MATCH_SRC_ADDRESS, "srcaddress", "address the packet was sent from", TYPE_ADDRESS }, + { MATCH_TIMESTAMP, "timestamp", "time the packet was sent", TYPE_TIMESTAMP }, + { MATCH_DST_ADDRESS, "dstaddress", "address the packet was sent to", TYPE_ADDRESS }, + { MATCH_EDNS_PACKETSIZE, "edns-packetsize", "packets size specified in edns rr", TYPE_INT }, + { MATCH_ID, "id", "id of the packet", TYPE_INT }, + { MATCH_OPCODE, "opcode", "opcode of packet (rfc1035)", TYPE_OPCODE }, + { MATCH_RCODE, "rcode", "response code of packet", TYPE_RCODE }, + { MATCH_PACKETSIZE, "packetsize", "size of packet in bytes", TYPE_INT }, + { MATCH_QR, "qr", "value of qr bit", TYPE_BOOL }, + { MATCH_TC, "tc", "value of tc bit", TYPE_BOOL }, + { MATCH_AD, "ad", "value of ad bit", TYPE_BOOL }, + { MATCH_CD, "cd", "value of cd bit", TYPE_BOOL }, + { MATCH_RD, "rd", "value of rd bit", TYPE_BOOL }, + { MATCH_EDNS, "edns", "existence of edns rr", TYPE_BOOL }, + { MATCH_DO, "do", "value of do bit", TYPE_BOOL }, + { MATCH_QUESTION_SIZE, "questionsize", "number of rrs in the question section", TYPE_INT }, + { MATCH_ANSWER_SIZE, "answersize", "number of rrs in the answer section", TYPE_INT }, + { MATCH_AUTHORITY_SIZE, "authoritysize", "number of rrs in the authority section", TYPE_INT }, + { MATCH_ADDITIONAL_SIZE, "additionalsize", "number of rrs in the additional section", TYPE_INT }, + { MATCH_ANSWER, "answer", "String representation of the answer RRs", TYPE_RR }, + { MATCH_AUTHORITY, "authority", "String representation of the authority RRs", TYPE_RR }, + { MATCH_ADDITIONAL, "additional", "String representation of the additional RRs", TYPE_RR }, + { 0, NULL , NULL, TYPE_INT} +}; + +enum enum_match_expression_operators { + MATCH_EXPR_OR, + MATCH_EXPR_AND, + MATCH_EXPR_LEAF +}; +typedef enum enum_match_expression_operators match_expression_operator; + +struct struct_match_operation { + match_id id; + type_operator operator; + char *value; +}; +typedef struct struct_match_operation match_operation; + +typedef struct struct_match_expression match_expression; +struct struct_match_expression { + /* and or or, or leaf (in which case there are no subtrees, but only a match_table */ + match_expression_operator op; + match_expression *left; + match_expression *right; + match_operation *match; + size_t count; +}; + +typedef struct struct_match_counters match_counters; +struct struct_match_counters { +/* + match_expression **counter; + size_t size; +*/ + match_expression *match; + match_counters *left; + match_counters *right; +}; + +match_table * +get_match_by_name(char *name) { + match_table *mt = (match_table *) matches; + if (name) { + while (mt->name != NULL) { + if (strcasecmp(name, mt->name) == 0) { + return mt; + } + mt++; + } + } + return NULL; +} + +static match_table * +get_match_by_id(match_id id) { + match_table *mt = (match_table *) matches; + + while (mt->name != NULL) { + if (mt->id == id) { + return mt; + } + mt++; + } + return NULL; +} + +static const char * +get_match_name_str(match_id id) { + match_table *mt = get_match_by_id(id); + if (mt) { + return mt->name; + } else { + fprintf(stderr, "Unknown match id: %u\n", id); + exit(1); + return "Unknown match id"; + } +} + +static void +print_match_operation(FILE *output, match_operation *mc) +{ + match_table *mt = NULL; + ldns_lookup_table *lt; + struct timeval time; + time_t time_tt; + int value; + size_t pos; + char *tmp, *tmp2; + + if (mc) { + mt = get_match_by_id(mc->id); + + if (mt) { + fprintf(output, "%s %s ",mt->name, get_op_str(mc->operator)); + + switch (mt->type) { + case TYPE_INT: + case TYPE_STRING: + case TYPE_ADDRESS: + case TYPE_RR: + fprintf(output, "'%s'", mc->value); + break; + case TYPE_BOOL: + if (strncmp(mc->value, "1", 2) == 0) { + fprintf(output,"'true'"); + } else { + fprintf(output,"'false'"); + } + break; + case TYPE_OPCODE: + value = atoi(mc->value); + lt = ldns_lookup_by_id(ldns_opcodes, value); + if (lt) { + fprintf(output, "%s", lt->name); + } else { + fprintf(output, "%s", mc->value); + } + break; + case TYPE_RCODE: + value = atoi(mc->value); + lt = ldns_lookup_by_id(ldns_rcodes, value); + if (lt) { + fprintf(output, "%s", lt->name); + } else { + fprintf(output, "%s", mc->value); + } + break; + case TYPE_TIMESTAMP: +#ifndef S_SPLINT_S + time.tv_sec = (long int) atol(mc->value); +#endif + time_tt = (time_t)time.tv_sec; + tmp = ctime(&time_tt); + tmp2 = malloc(strlen(tmp) + 1); + for (pos = 0; pos < strlen(tmp); pos++) { + if (tmp[pos] == '\n') { + tmp2[pos] = '\0'; + } else { + tmp2[pos] = tmp[pos]; + } + } + tmp2[pos] = '\0'; + fprintf(output, "%s", tmp2); + free(tmp2); + break; + default: + fprintf(output, "'%s'", mc->value); + } + + } else { + fprintf(output, "%u %s '%s'", mc->id, get_op_str(mc->operator), mc->value); + } + } else { + fprintf(output, "(nil)"); + } +} + +static void +print_match_expression(FILE *output, match_expression *expr) +{ + if (expr) { + switch (expr->op) { + case MATCH_EXPR_OR: + fprintf(output, "("); + print_match_expression(output, expr->left); + fprintf(output, " | "); + print_match_expression(output, expr->right); + fprintf(output, ")"); + break; + case MATCH_EXPR_AND: + fprintf(output, "("); + print_match_expression(output, expr->left); + fprintf(output, " & "); + print_match_expression(output, expr->right); + fprintf(output, ")"); + break; + case MATCH_EXPR_LEAF: + print_match_operation(output, expr->match); + break; + default: +/* + fprintf(output, "ERROR PRINTING MATCH: unknown op: %u\n", expr->op); + exit(1); +*/ + fprintf(output, "("); +if (expr->left) { + print_match_expression(output, expr->left); +} + fprintf(output, " ? "); +if (expr->right) { + print_match_expression(output, expr->right); +} + fprintf(output, ") _"); +if (expr->match) { + print_match_operation(output, expr->match); +} +fprintf(output, "_"); + } + } else { + printf("(nil)"); + } +} + +static void +print_counters(FILE *output, match_counters *counters, bool show_percentages, size_t total, int count_minimum) +{ + double percentage; + + if (!counters || !output) { + return; + } + + if (counters->left) { + print_counters(output, counters->left, show_percentages, total, count_minimum); + } + if (counters->match) { + if (count_minimum < (int) counters->match->count) { + print_match_expression(output, counters->match); + printf(": %u", (unsigned int) counters->match->count); + if (show_percentages) { + percentage = (double) counters->match->count / (double) total * 100.0; + printf(" (%.2f%%)", percentage); + } + printf("\n"); + } + } + if (counters->right) { + print_counters(output, counters->right, show_percentages, total, count_minimum); + } + + return; +} + +static void +ldns_pkt2file_hex(FILE *fp, const ldns_pkt *pkt) +{ + uint8_t *wire; + size_t size, i; + ldns_status status; + + status = ldns_pkt2wire(&wire, pkt, &size); + + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Unable to convert packet: error code %u", status); + return; + } + + fprintf(fp, "; 0"); + for (i = 1; i < 20; i++) { + fprintf(fp, " %2u", (unsigned int) i); + } + fprintf(fp, "\n"); + fprintf(fp, ";--"); + for (i = 1; i < 20; i++) { + fprintf(fp, " --"); + } + fprintf(fp, "\n"); + for (i = 0; i < size; i++) { + if (i % 20 == 0 && i > 0) { + fprintf(fp, "\t; %4u-%4u\n", (unsigned int) i-19, (unsigned int) i); + } + fprintf(fp, " %02x", (unsigned int)wire[i]); + } + fprintf(fp, "\n\n"); +} + +/* + * Calculate the total for all match operations with the same id as this one + * (if they are 'under' this one in the tree, which should be the case in + * the unique counter tree + */ +static size_t +calculate_total_value(match_counters *counters, match_operation *cur) +{ + size_t result = 0; + + if (!counters) { + return 0; + } + + if (counters->match->match->id == cur->id) { + result = (size_t) atol(counters->match->match->value) * counters->match->count; + } + + if (counters->left) { + result += calculate_total_value(counters->left, cur); + } + if (counters->right) { + result += calculate_total_value(counters->right, cur); + } + + return result; +} + +static size_t +calculate_total_count_matches(match_counters *counters, match_operation *cur) +{ + size_t result = 0; + + if (!counters) { + return 0; + } + + if (counters->match->match->id == cur->id) { + result = 1; + } + + if (counters->left) { + /* In some cases, you don't want the number of actual + counted matches, for instance when calculating the + average number of queries per second. In this case + you want the number of seconds */ + if (cur->id == MATCH_TIMESTAMP) { + result += (size_t) abs((int) (atol(counters->match->match->value) - atol(counters->left->match->match->value))) - 1; + } + result += calculate_total_count_matches(counters->left, cur); + } + if (counters->right) { + if (cur->id == MATCH_TIMESTAMP) { + result += (size_t) abs((int) (atol(counters->right->match->match->value) - atol(counters->match->match->value))) - 1; + } + result += calculate_total_count_matches(counters->right, cur); + } + + return result; +} + +/** + * Returns true if there is a previous match operation with the given type + * in the counters structure + */ +static bool +has_previous_match(match_counters *counters, match_operation *cur) +{ + if (!counters) { + return false; + } + + if (counters->left) { + if (counters->left->match->match->id == cur->id) { + return true; + } else if (has_previous_match(counters->left, cur)) { + return true; + } else if (counters->left->right) { + if (counters->left->right->match->match->id == cur->id) { + return true; + } else if (has_previous_match(counters->left->right, cur)) { + return true; + } + } + } + return false; +} + +/** + * Returns true if there is a later match operation with the given type + * in the counters structure + */ +static bool +has_next_match(match_counters *counters, match_operation *cur) +{ + if (!counters) { + return false; + } + + if (counters->right) { + if (counters->right->match->match->id == cur->id) { + return true; + } else if (has_next_match(counters->right, cur)) { + return true; + } else if (counters->right->left) { + if (counters->right->left->match->match->id == cur->id) { + return true; + } else if (has_next_match(counters->right->left, cur)) { + return true; + } + } + } + return false; +} + +/** + * Returns the first match with the same type at *cur in + * the counter list, or NULL if it is not found + */ +static match_expression * +get_first_match_expression(match_counters *counters, match_operation *cur) +{ + if (!counters) { + return NULL; + } + + if (has_previous_match(counters, cur)) { + return get_first_match_expression(counters->left, cur); + } else if (counters->match->match->id == cur->id) { + return counters->match; + } else if (counters->right) { + return get_first_match_expression(counters->right, cur); + } else { + return NULL; + } +} + +/** + * Returns the second match expression with the same type at *cur in + * the counter list, or NULL if it is not found + */ +static match_expression * +get_second_match_expression(match_counters *counters, match_operation *cur) +{ + if (!counters) { + return NULL; + } + + if (has_previous_match(counters, cur)) { + if (has_previous_match(counters->left, cur)) { + return get_second_match_expression(counters->left, cur); + } else { + return counters->left->match; + } +/* + } else if (counters->match->match->id == cur->id) { + return counters->match->match->value; +*/ } else if (counters->right) { + return get_first_match_expression(counters->right, cur); + } else { + return NULL; + } +} + +/** + * Returns the last match expression with the same type at *cur in + * the counter list, or NULL if it is not found + */ +static match_expression * +get_last_match_expression(match_counters *counters, match_operation *cur) +{ + if (!counters) { + return NULL; + } + + if (has_next_match(counters, cur)) { + return get_last_match_expression(counters->right, cur); + } else if (counters->match->match->id == cur->id) { + return counters->match; + } else if (counters->left) { + return get_last_match_expression(counters->left, cur); + } else { + return NULL; + } +} + +/** + * Returns the last but one match expression with the same type at *cur in + * the counter list, or NULL if it is not found + */ +static match_expression * +get_last_but_one_match_expression(match_counters *counters, match_operation *cur) +{ + if (!counters) { + return NULL; + } + + if (has_next_match(counters, cur)) { + if (has_next_match(counters->right, cur)) { + return get_last_but_one_match_expression(counters->right, cur); + } else { + return counters->match; + } +/* + } else if (counters->match->match->id == cur->id) { + return counters->match->match->value; +*/ } else if (counters->left) { + return get_last_match_expression(counters->right, cur); + } else { + return NULL; + } +} + +static size_t +get_first_count(match_counters *counters, match_operation *cur) +{ + match_expression *o = get_first_match_expression(counters, cur); + if (o) { + return o->count; + } else { + return 0; + } +} + +static size_t +get_last_count(match_counters *counters, match_operation *cur) +{ + match_expression *o = get_last_match_expression(counters, cur); + if (o) { + return o->count; + } else { + return 0; + } +} + + +static size_t +calculate_total_count(match_counters *counters, match_operation *cur) +{ + size_t result = 0; + + if (!counters) { + return 0; + } + + if (counters->match->match->id == cur->id) { + result = counters->match->count; + } + + if (counters->left) { + result += calculate_total_count(counters->left, cur); + } + if (counters->right) { + result += calculate_total_count(counters->right, cur); + } + + return result; +} + +static void +print_counter_averages(FILE *output, match_counters *counters, match_operation *cur) +{ + size_t total_value; + size_t total_count; + match_table *mt; + + if (!counters || !output) { + return; + } + + if (!cur) { + cur = counters->match->match; + mt = get_match_by_id(cur->id); + total_value = calculate_total_value(counters, cur); + total_count = calculate_total_count(counters, cur); + printf("Average for %s: (%u / %u) %.02f\n", mt->name, (unsigned int) total_value, (unsigned int) total_count, (float) total_value / (float) total_count); + if (counters->left) { + print_counter_averages(output, counters->left, cur); + } + if (counters->right) { + print_counter_averages(output, counters->right, cur); + } + } else { + if (counters->left) { + if (counters->left->match->match->id != cur->id) { + print_counter_averages(output, counters->left, NULL); + } + } + if (counters->right) { + if (counters->right->match->match->id != cur->id) { + print_counter_averages(output, counters->right, NULL); + } + } + } + + return; +} + +static void +print_counter_average_count(FILE *output, match_counters *counters, match_operation *cur, bool remove_first_last) +{ + size_t total_matches; + size_t total_count; + match_table *mt; + + if (!counters || !output) { + return; + } + + if (!cur) { + cur = counters->match->match; + mt = get_match_by_id(cur->id); + total_matches = calculate_total_count_matches(counters, cur); + total_count = calculate_total_count(counters, cur); + /* Remove the first and last for instance for timestamp average counts (half seconds drag down the average) */ + if (remove_first_last) { + total_count -= get_first_count(counters, cur); + total_count -= get_last_count(counters, cur); + printf("Removing first count from average: %u\n", (unsigned int) get_first_count(counters,cur)); + printf("Removing last count from average: %u\n", (unsigned int) get_last_count(counters,cur)); + /* in the case where we count the differences between match values too + * (like with timestamps) we need to subtract from the match count too + */ + if (cur->id == MATCH_TIMESTAMP) { + if (get_first_match_expression(counters, cur) && get_second_match_expression(counters, cur)) { + total_matches -= atol(get_second_match_expression(counters, cur)->match->value) - atol(get_first_match_expression(counters, cur)->match->value); + } + if (get_last_match_expression(counters, cur) && get_last_but_one_match_expression(counters, cur)) { + total_matches -= atol(get_last_match_expression(counters, cur)->match->value) - atol(get_last_but_one_match_expression(counters, cur)->match->value); + } + } else { + total_matches -= 2; + } + } + printf("Average count for %s: (%u / %u) %.02f\n", mt->name, (unsigned int) total_count, (unsigned int) total_matches, (float) total_count / (float) total_matches); + if (counters->left) { + print_counter_averages(output, counters->left, cur); + } + if (counters->right) { + print_counter_averages(output, counters->right, cur); + } + } else { + if (counters->left) { + if (counters->left->match->match->id != cur->id) { + print_counter_averages(output, counters->left, NULL); + } + } + if (counters->right) { + if (counters->right->match->match->id != cur->id) { + print_counter_averages(output, counters->right, NULL); + } + } + } + + return; +} + +static bool +match_int(type_operator operator, + char *value, + char *mvalue) +{ + int a, b; + + if (!value || !mvalue) { + return false; + } + + a = atoi(value); + b = atoi(mvalue); + + switch (operator) { + case OP_EQUAL: + return a == b; + break; + case OP_NOTEQUAL: + return a != b; + break; + case OP_GREATER: + return a > b; + break; + case OP_LESSER: + return a < b; + break; + case OP_GREATEREQUAL: + return a >= b; + break; + case OP_LESSEREQUAL: + return a <= b; + break; + default: + fprintf(stderr, "Unknown operator: %u\n", operator); + exit(2); + } +} + +static bool +match_opcode(type_operator operator, + char *value, + char *mvalue) +{ + ldns_pkt_opcode a, b; + int i; + ldns_lookup_table *lt; + + /* try parse name first, then parse as int */ + lt = ldns_lookup_by_name(ldns_opcodes, value); + if (lt) { + a = lt->id; + } else { + i = atoi(value); + if (i >= 0 && isdigit((unsigned char)value[0])) { + lt = ldns_lookup_by_id(ldns_opcodes, i); + if (lt) { + a = lt->id; + } else { + fprintf(stderr, "Unknown opcode: %s\n", value); + exit(1); + return false; + } + } else { + fprintf(stderr, "Unknown opcode: %s\n", value); + exit(1); + return false; + } + } + + lt = ldns_lookup_by_name(ldns_opcodes, mvalue); + if (lt) { + b = lt->id; + } else { + i = atoi(mvalue); + if (i >= 0 && isdigit((unsigned char)mvalue[0])) { + lt = ldns_lookup_by_id(ldns_opcodes, i); + if (lt) { + b = lt->id; + } else { + fprintf(stderr, "Unknown opcode: %s\n", mvalue); + exit(1); + return false; + } + } else { + fprintf(stderr, "Unknown opcode: %s\n", mvalue); + exit(1); + return false; + } + } + + switch(operator) { + case OP_EQUAL: + return a == b; + break; + case OP_NOTEQUAL: + return a != b; + break; + default: + fprintf(stderr, "Error bad operator for opcode: %s\n", get_op_str(operator)); + return false; + break; + } +} + +static bool +match_str(type_operator operator, + char *value, + char *mvalue) +{ + char *valuedup, *mvaluedup; + size_t i; + bool result; + + if (operator == OP_CONTAINS) { + /* strcasestr is not C89 + return strcasestr(value, mvalue) != 0; + */ + valuedup = strdup(value); + mvaluedup = strdup(mvalue); + for (i = 0; i < strlen(valuedup); i++) { + valuedup[i] = tolower((unsigned char)valuedup[i]); + } + for (i = 0; i < strlen(mvaluedup); i++) { + mvaluedup[i] = tolower((unsigned char)mvaluedup[i]); + } + result = strstr(valuedup, mvaluedup) != 0; + free(valuedup); + free(mvaluedup); + return result; + } else if (operator == OP_EQUAL) { + return strcmp(value, mvalue) == 0; + } else { + return strcmp(value, mvalue) != 0; + } +} + +static bool +match_rr_type(type_operator operator, + char *value, + char *mvalue) +{ + ldns_rr_type a,b; + + a = ldns_get_rr_type_by_name(value); + b = ldns_get_rr_type_by_name(mvalue); + + switch (operator) { + case OP_EQUAL: + return a == b; + break; + case OP_NOTEQUAL: + return a != b; + break; + case OP_GREATER: + return a > b; + break; + case OP_LESSER: + return a < b; + break; + case OP_GREATEREQUAL: + return a >= b; + break; + case OP_LESSEREQUAL: + return a <= b; + break; + default: + fprintf(stderr, "Unknown operator: %u\n", operator); + exit(2); + } +} + +static bool +match_rcode(type_operator operator, + char *value, + char *mvalue) +{ + int a, b; + int i; + ldns_lookup_table *lt; + + /* try parse name first, then parse as int */ + lt = ldns_lookup_by_name(ldns_rcodes, value); + if (lt) { + a = lt->id; + } else { + i = atoi(value); + if (i >= 0 && isdigit((unsigned char)value[0])) { + lt = ldns_lookup_by_id(ldns_rcodes, i); + if (lt) { + a = lt->id; + } else { + fprintf(stderr, "Unknown rcode: %s\n", value); + exit(1); + return false; + } + } else { + fprintf(stderr, "Unknown rcode: %s\n", value); + exit(1); + return false; + } + } + + lt = ldns_lookup_by_name(ldns_rcodes, mvalue); + if (lt) { + b = lt->id; + } else { + i = atoi(mvalue); + if (i >= 0 && isdigit((unsigned char)mvalue[0])) { + lt = ldns_lookup_by_id(ldns_rcodes, i); + if (lt) { + b = lt->id; + } else { + fprintf(stderr, "Unknown rcode: %s\n", mvalue); + exit(1); + return false; + } + } else { + fprintf(stderr, "Unknown rcode: %s\n", mvalue); + exit(1); + return false; + } + } + + switch(operator) { + case OP_EQUAL: + return a == b; + break; + case OP_NOTEQUAL: + return a != b; + break; + default: + fprintf(stderr, "Error bad operator for rcode: %s\n", get_op_str(operator)); + return false; + break; + } +} + +static bool +value_matches(match_id id, + type_operator operator, + char *value, + char *mvalue) +{ + int result; + + if (verbosity >= 5) { + printf("Match %s: %s %s %s: ", get_match_name_str(id), value, get_op_str(operator), mvalue); + } + switch(id) { + case MATCH_OPCODE: + result = match_opcode(operator, value, mvalue); + break; + case MATCH_RCODE: + result = match_rcode(operator, value, mvalue); + break; + case MATCH_ID: + case MATCH_QR: + case MATCH_TC: + case MATCH_AD: + case MATCH_CD: + case MATCH_RD: + case MATCH_DO: + case MATCH_PACKETSIZE: + case MATCH_EDNS: + case MATCH_EDNS_PACKETSIZE: + case MATCH_QUESTION_SIZE: + case MATCH_ANSWER_SIZE: + case MATCH_AUTHORITY_SIZE: + case MATCH_ADDITIONAL_SIZE: + case MATCH_TIMESTAMP: + result = match_int(operator, value, mvalue); + break; + case MATCH_QUERY: + case MATCH_QNAME: + case MATCH_ANSWER: + case MATCH_AUTHORITY: + case MATCH_ADDITIONAL: + result = match_str(operator, value, mvalue); + break; + case MATCH_SRC_ADDRESS: + case MATCH_DST_ADDRESS: + result = match_str(operator, value, mvalue); + break; + case MATCH_QTYPE: + result = match_rr_type(operator, value, mvalue); + break; + default: + fprintf(stderr, "Error: value_matches() for operator %s not implemented yet.\n", get_op_str((type_operator) id)); + exit(3); + } + if (verbosity >= 5) { + if (result) { + printf("true\n"); + } else { + printf("false\n"); + } + } + return result; +} + +static char * +get_string_value(match_id id, ldns_pkt *pkt, ldns_rdf *src_addr, ldns_rdf *dst_addr) +{ + char *val; + match_table *mt; + size_t valsize = 100; + + val = malloc(valsize); + memset(val, 0, valsize); + + switch(id) { + case MATCH_QR: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_qr(pkt)); + break; + case MATCH_ID: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_id(pkt)); + break; + case MATCH_OPCODE: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_get_opcode(pkt)); + break; + case MATCH_RCODE: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_get_rcode(pkt)); + break; + case MATCH_PACKETSIZE: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_size(pkt)); + break; + case MATCH_TC: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_tc(pkt)); + break; + case MATCH_AD: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_ad(pkt)); + break; + case MATCH_CD: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_cd(pkt)); + break; + case MATCH_RD: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_rd(pkt)); + break; + case MATCH_EDNS: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_edns(pkt)); + break; + case MATCH_EDNS_PACKETSIZE: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_edns_udp_size(pkt)); + break; + case MATCH_DO: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_edns_do(pkt)); + break; + case MATCH_QUESTION_SIZE: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_qdcount(pkt)); + break; + case MATCH_ANSWER_SIZE: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_ancount(pkt)); + break; + case MATCH_AUTHORITY_SIZE: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_nscount(pkt)); + break; + case MATCH_ADDITIONAL_SIZE: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_arcount(pkt)); + break; + case MATCH_SRC_ADDRESS: + free(val); + val = ldns_rdf2str(src_addr); + break; + case MATCH_DST_ADDRESS: + free(val); + val = ldns_rdf2str(dst_addr); + break; + case MATCH_TIMESTAMP: + snprintf(val, valsize, "%u", (unsigned int) ldns_pkt_timestamp(pkt).tv_sec); + break; + case MATCH_QUERY: + if (ldns_pkt_qdcount(pkt) > 0) { + free(val); + val = ldns_rr2str(ldns_rr_list_rr(ldns_pkt_question(pkt), 0)); + /* replace \n for nicer printing later */ + if (strchr(val, '\n')) { + *(strchr(val, '\n')) = '\0'; + } + } else { + val[0] = '\0'; + } + break; + case MATCH_QNAME: + if (ldns_pkt_qdcount(pkt) > 0) { + free(val); + val = ldns_rdf2str(ldns_rr_owner(ldns_rr_list_rr(ldns_pkt_question(pkt), 0))); + /* replace \n for nicer printing later */ + if (strchr(val, '\n')) { + *(strchr(val, '\n')) = '\0'; + } + } else { + val[0] = '\0'; + } + break; + case MATCH_QTYPE: + if (ldns_pkt_qdcount(pkt) > 0) { + free(val); + val = ldns_rr_type2str(ldns_rr_get_type(ldns_rr_list_rr(ldns_pkt_question(pkt), 0))); + } else { + val[0] = '\0'; + } + break; + case MATCH_ANSWER: + if (ldns_pkt_ancount(pkt) > 0) { + free(val); + val = ldns_rr_list2str(ldns_pkt_answer(pkt)); + } else { + val[0] = '\0'; + } + break; + case MATCH_AUTHORITY: + if (ldns_pkt_nscount(pkt) > 0) { + free(val); + val = ldns_rr_list2str(ldns_pkt_authority(pkt)); + } else { + val[0] = '\0'; + } + break; + case MATCH_ADDITIONAL: + if (ldns_pkt_arcount(pkt) > 0) { + free(val); + val = ldns_rr_list2str(ldns_pkt_additional(pkt)); + } else { + val[0] = '\0'; + } + break; + default: + mt = get_match_by_id(id); + if (!mt) { + printf("ERROR UNKNOWN MATCH_TABLE ID %u\n", id); + exit(1); + } + printf("Matcher for %s not implemented yet\n", mt->name); + exit(1); + return NULL; + } + + return val; +} + +static bool +match_packet_to_operation(ldns_pkt *pkt, ldns_rdf *src_addr, ldns_rdf *dst_addr, match_operation *operation) +{ + bool result; + char *val; + + if (!pkt || !operation) { + return false; + } else { + val = get_string_value(operation->id, pkt, src_addr, dst_addr); + if (!val) { + return false; + } + result = value_matches(operation->id, operation->operator, val, operation->value); + free(val); + return result; + } +} + +static int +match_operation_compare(const void *a, const void *b) +{ + match_operation *moa, *mob; + match_table *mt; + long ia, ib; + + if (!a) { + return 1; + } else if (!b) { + return -1; + } else { + moa = (match_operation *) a; + mob = (match_operation *) b; + + if (moa->id < mob->id) { + return -1; + } else if (moa->id > mob->id) { + return 1; + } else { + if (moa->operator < mob->operator) { + return -1; + } else if (moa->operator > mob->operator) { + return 1; + } else { + mt = get_match_by_id(moa->id); + if (mt) { + switch (mt->type) { + case TYPE_INT: + case TYPE_TIMESTAMP: + case TYPE_BOOL: + case TYPE_OPCODE: + case TYPE_RCODE: + ia = atol(moa->value); + ib = atol(mob->value); + return ia - ib; + break; + case TYPE_STRING: + case TYPE_ADDRESS: + case TYPE_RR: + default: + return strcmp(moa->value, mob->value); + break; + } + } else { + return strcmp(moa->value, mob->value); + } + } + } + } +} + +static int +match_expression_compare(const void *a, const void *b) +{ + match_expression *mea, *meb; + + if (!a) { + return 1; + } else if (!b) { + return -1; + } else { + mea = (match_expression *) a; + meb = (match_expression *) b; + + if (mea->op < meb->op) { + return -1; + } else if (mea->op > meb->op) { + return 1; + } else { + switch(mea->op) { + case MATCH_EXPR_AND: + case MATCH_EXPR_OR: + if (match_expression_compare(mea->left, meb->left) < 0) { + return -1; + } else if (match_expression_compare(mea->left, meb->left) > 0) { + return 1; + } else { + return match_expression_compare(mea->right, meb->right); + } + break; + case MATCH_EXPR_LEAF: + return match_operation_compare(mea->match, meb->match); + break; + default: + fprintf(stderr, "Unknown Match Expression logic operator: %u\n", mea->op); + exit(1); + } + } + } +} + +/** + * If count is true, and the counter is found, its count is increased by 1 + */ +static int +add_match_counter(match_counters *counters, + match_expression *expr, + bool count) +{ + int cmp; + match_counters *new; + + if (!counters || !expr) { + return -1; + } else { + if (counters->match) { + cmp = match_expression_compare(counters->match, + expr); + if (cmp > 0) { + if (counters->left) { + return add_match_counter(counters->left, + expr, + count); + } else { + new = malloc(sizeof(match_counters)); + new->left = NULL; + new->right = NULL; + new->match = expr; + counters->left = new; + return 0; + } + } else if (cmp < 0) { + if (counters->right) { + return add_match_counter(counters->right, + expr, + count); + } else { + new = malloc(sizeof(match_counters)); + new->left = NULL; + new->right = NULL; + new->match = expr; + counters->right = new; + return 0; + } + } else { + /* already there? */ + if (count) { + counters->match->count++; + } + return 1; + } + } else { + /* shouldn't happen but anyway */ + counters->match = expr; + } + } + return 0; +} + +static bool +match_dns_packet_to_expr(ldns_pkt *pkt, ldns_rdf *src_addr, ldns_rdf *dst_addr, match_expression *expr) +{ + bool result; + + if (!pkt || !expr) { + return false; + } + + switch(expr->op) { + case MATCH_EXPR_OR: + result = (match_dns_packet_to_expr(pkt, src_addr, dst_addr, expr->left) || + match_dns_packet_to_expr(pkt, src_addr, dst_addr, expr->right)); + break; + case MATCH_EXPR_AND: + result = (match_dns_packet_to_expr(pkt, src_addr, dst_addr, expr->left) && + match_dns_packet_to_expr(pkt, src_addr, dst_addr, expr->right)); + break; + case MATCH_EXPR_LEAF: + result = match_packet_to_operation(pkt, src_addr, dst_addr, expr->match); + break; + default: + fprintf(stderr, "Error, unknown expression operator %u\n", expr->op); + fprintf(stderr, "full expression:\n"); + print_match_expression(stderr, expr); + fprintf(stderr, "\n"); + exit(1); + } + + if (result) { + if (verbosity >= 5) { + printf("Found Match:\n"); + print_match_expression(stdout, expr); + printf("\nCount now %u\n", (unsigned int) expr->count); + } + expr->count++; + } + + return result; +} + +static void +free_match_operation(match_operation *operation) +{ + if (operation) { + if (operation->value) { + free(operation->value); + } + free(operation); + } +} + +static void +free_match_expression(match_expression *expr) +{ + if (expr) { + switch(expr->op) { + case MATCH_EXPR_OR: + case MATCH_EXPR_AND: + free_match_expression(expr->left); + free_match_expression(expr->right); + break; + case MATCH_EXPR_LEAF: + free_match_operation(expr->match); + break; + } + free(expr); + } +} + +static void +free_counters(match_counters *counters) +{ + if (counters) { + if (counters->left) { + free_counters(counters->left); + } + if (counters->match) { + free_match_expression(counters->match); + } + if (counters->right) { + free_counters(counters->right); + } + free(counters); + } +} + +static void +match_pkt_counters(ldns_pkt *pkt, ldns_rdf *src_addr, ldns_rdf *dst_addr, match_counters *counts) +{ + if (counts->left) { + match_pkt_counters(pkt, src_addr, dst_addr, counts->left); + } + if (counts->match) { + if (match_dns_packet_to_expr(pkt, src_addr, dst_addr, counts->match)) { +/* + counts->match->count++; +*/ + } + } + if (counts->right) { + match_pkt_counters(pkt, src_addr, dst_addr, counts->right); + } +} + +static void +match_pkt_uniques(ldns_pkt *pkt, ldns_rdf *src_addr, ldns_rdf *dst_addr, match_counters *uniques, match_id unique_ids[], size_t unique_id_count) +{ + match_expression *me; + size_t i; + match_operation *mo; + int add_result; + + for (i = 0; i < unique_id_count; i++) { + mo = malloc(sizeof(match_operation)); + mo->id = unique_ids[i]; + mo->operator = OP_EQUAL; + mo->value = get_string_value(mo->id, pkt, src_addr, dst_addr); + + me = malloc(sizeof(match_expression)); + me->op = MATCH_EXPR_LEAF; + me->left = NULL; + me->right = NULL; + me->match = mo; + me->count = 1; + + add_result = add_match_counter(uniques, me, true); + /* if result=1 it was already found, so delete new one */ + if (add_result == 1) { + free_match_expression(me); + } + } + +#if 0 + size_t i, j; + bool found; + match_expression *me; + match_operation *mo; + + /* get the value, match uniques for that, if not match, add new */ + /* all unique values should be MATCH_EXPR_LEAF */ + found = false; + for (j = 0; j < uniques->size; j++) { + if (uniques->counter[j]->match->id == unique_ids[i]) { + if (match_dns_packet_to_expr(pkt, src_addr, dst_addr, uniques->counter[j])) { + found = true; + } + } + } + if (!found) { + mo = malloc(sizeof(match_operation)); + mo->id = unique_ids[i]; + mo->operator = OP_EQUAL; + mo->value = get_string_value(mo->id, pkt, src_addr, dst_addr); + + me = malloc(sizeof(match_expression)); + me->match = mo; + me->op = MATCH_EXPR_LEAF; + me->left = NULL; + me->right = NULL; + me->count = 1; + + add_counter(uniques, me); + } + } +#endif +} + +static match_expression * +parse_match_expression(char *string) +{ + match_expression *expr; + size_t i,j; + size_t leftstart, leftend = 0; + char *left_str, *op = NULL, *val; + match_table *mt; + match_operation *mo = NULL; + const type_operators *tos; + match_expression *result; + ldns_lookup_table *lt = NULL; + + /* remove whitespace */ + char *str = calloc(1, strlen(string) + 1); + + j = 0; + for (i = 0; i < strlen(string); i++) { + if(!isspace((unsigned char)string[i])) { + str[j] = string[i]; + j++; + } + } + str[j] = '\0'; + + expr = malloc(sizeof(match_expression)); + expr->left = NULL; + expr->right = NULL; + expr->match = NULL; + expr->count = 0; + leftstart = 0; + for (i = 0; i < strlen(str); i++) { + if (str[i] == '&') { + expr->op = MATCH_EXPR_AND; + if (!expr->left) { + left_str = malloc(leftend - leftstart + 2); + strncpy(left_str, &str[leftstart], leftend-leftstart+1); + left_str[leftend - leftstart + 1] = '\0'; + expr->left = parse_match_expression(left_str); + free(left_str); + } + expr->right = parse_match_expression(&str[i+1]); + if (expr->left && expr->right) { + result = expr; + goto done; + } else { + result = NULL; + goto done; + } + } else if (str[i] == '|') { + expr->op = MATCH_EXPR_OR; + if (!expr->left) { + left_str = malloc(leftend - leftstart + 2); + strncpy(left_str, &str[leftstart], leftend-leftstart+1); + left_str[leftend - leftstart + 1] = '\0'; + expr->left = parse_match_expression(left_str); + free(left_str); + } + expr->right = parse_match_expression(&str[i+1]); + expr->count = 0; + if (expr->left && expr->right) { + result = expr; + goto done; + } else { + result = NULL; + goto done; + } + } else if (str[i] == '(') { + leftstart = i + 1; + j = 1; + while (j > 0) { + i++; + if (i > strlen(str)) { + printf("parse error: no closing bracket: %s\n", str); + printf(" "); + for (j = 0; j < leftstart - 1; j++) { + printf(" "); + } + printf("^\n"); + result = NULL; + goto done; + } + if (str[i] == ')') { + j--; + } else if (str[i] == '(') { + j++; + } else { + } + } + leftend = i-1; + left_str = malloc(leftend - leftstart + 1); + strncpy(left_str, &str[leftstart], leftend - leftstart + 1); + expr->left = parse_match_expression(left_str); + free(left_str); + if (i >= strlen(str)-1) { + result = expr->left; + free_match_expression(expr); + goto done; + } + } else if (str[i] == ')') { + printf("parse error: ) without (\n"); + result = NULL; + goto done; + } else { + leftend = i; + } + } + + /* no operators or hooks left, expr should be of the form + now */ + for (i = 0; i < strlen(str); i++) { + if (str[i] == '=' || + str[i] == '>' || + str[i] == '<' || + str[i] == '!' || + str[i] == '~' + ) { + leftend = i-1; + op = malloc(3); + j = 0; + op[j] = str[i]; + i++; + j++; + + if (i > strlen(str)) { + printf("parse error no right hand side: %s\n", str); + result = NULL; + goto done; + } + if (str[i] == '=' || + str[i] == '>' || + str[i] == '<' || + str[i] == '!' || + str[i] == '~' + ) { + op[j] = str[i]; + i++; + j++; + if (i > strlen(str)) { + printf("parse error no right hand side: %s\n", str); + result = NULL; + if (op) + free(op); + goto done; + } + } + op[j] = '\0'; + left_str = malloc(leftend - leftstart + 2); + strncpy(left_str, &str[leftstart], leftend - leftstart + 1); + left_str[leftend - leftstart + 1] = '\0'; + mt = get_match_by_name(left_str); + if (!mt) { + printf("parse error: unknown match name: %s\n", left_str); + if (op) + free(op); + result = NULL; + goto done; + } else { + /* check if operator is allowed */ + tos = get_type_operators(mt->type); + for (j = 0; j < tos->operator_count; j++) { + if (get_op_id(op) == tos->operators[j]) { + if (mo) + free(mo); + mo = malloc(sizeof(match_operation)); + mo->id = mt->id; + mo->operator = get_op_id(op); + switch (mt->type) { + case TYPE_BOOL: + val = malloc(2); + if (strncmp(&str[i], "true", 5) == 0 || + strncmp(&str[i], "TRUE", 5) == 0 || + strncmp(&str[i], "True", 5) == 0 || + strncmp(&str[i], "1", 2) == 0 + ) { + val[0] = '1'; + val[1] = '\0'; + } else if (strncmp(&str[i], "false", 5) == 0 || + strncmp(&str[i], "FALSE", 5) == 0 || + strncmp(&str[i], "False", 5) == 0 || + strncmp(&str[i], "0", 2) == 0 + ) { + + val[0] = '0'; + } else { + fprintf(stderr, "Bad value for bool: %s\n", &str[i]); + exit(EXIT_FAILURE); + } + val[1] = '\0'; + break; + case TYPE_RR: + /* convert first so we have the same strings for the same rrs in match_ later */ + /* + qrr = ldns_rr_new_frm_str(&str[i], LDNS_DEFAULT_TTL, NULL); + if (!qrr) { + fprintf(stderr, "Bad value for RR: %s\n", &str[i]); + exit(EXIT_FAILURE); + } + val = ldns_rr2str(qrr); + */ + /* remove \n for readability */ + /* + if (strchr(val, '\n')) { + *(strchr(val, '\n')) = '\0'; + } + ldns_rr_free(qrr); + */ + val = strdup(&str[i]); + break; + case TYPE_OPCODE: + lt = ldns_lookup_by_name(ldns_opcodes, &str[i]); + if (lt) { + val = malloc(4); + snprintf(val, 3, "%u", (unsigned int) lt->id); + } else { + val = strdup(&str[i]); + } + break; + case TYPE_RCODE: + lt = ldns_lookup_by_name(ldns_rcodes, &str[i]); + if (lt) { + val = malloc(4); + snprintf(val, 3, "%u", (unsigned int) lt->id); + } else { + val = strdup(&str[i]); + } + break; + default: + val = strdup(&str[i]); + break; + } + mo->value = val; + } + } + if (!mo) { + printf("parse error: operator %s not allowed for match %s\n", op, left_str); + result = NULL; + if (op) + free(op); + goto done; + } + } + free(left_str); + free(op); + expr->match = mo; + expr->op = MATCH_EXPR_LEAF; + result = expr; + goto done; + } + } + + result = NULL; + + done: + free(str); + if (!result) { + free_match_expression(expr); + } + return result; + +} +/* end of matches and counts */ +void +usage(FILE *output) +{ + fprintf(output, "Usage: ldns-dpa [OPTIONS] \n"); + fprintf(output, "Options:\n"); + fprintf(output, "\t-c :\tCount occurrences of matching expressions\n"); + fprintf(output, "\t-f :\tFilter occurrences of matching expressions\n"); + fprintf(output, "\t-h:\t\tshow this help\n"); + fprintf(output, "\t-p:\t\tshow percentage of -u and -c values (of the total of\n\t\t\tmatching on the -f filter. if no filter is given,\n\t\t\tpercentages are on all correct dns packets)\n"); + fprintf(output, "\t-of :\tWrite pcap packets that match the -f flag to file\n"); + fprintf(output, "\t-ofh :\tWrite pcap packets that match the -f flag to file\n\t\tin a hexadecimal format readable by drill\n"); + fprintf(output, "\t-s:\t\tshow possible match names\n"); + fprintf(output, "\t-s :\tshow possible match operators and values for \n"); + fprintf(output, "\t-sf:\t\tPrint packet that match -f. If no -f is given, print\n\t\t\tall dns packets\n"); + fprintf(output, "\t-u :\tCount all occurrences of matchname\n"); + fprintf(output, "\t-ua:\t\tShow average value of every -u matchname\n"); + fprintf(output, "\t-uac:\t\tShow average count of every -u matchname\n"); + fprintf(output, "\t-um :\tOnly show -u results that occurred more than number times\n"); + fprintf(output, "\t-v :\tbe more verbose\n"); + fprintf(output, "\t-notip :\tDump pcap packets that were not recognized as\n\t\t\tIP packets to file\n"); + fprintf(output, "\t-baddns :\tDump mangled dns packets to file\n"); + fprintf(output, "\t-version:\tShow the version and exit\n"); + fprintf(output, "\n"); + fprintf(output, "The filename '-' stands for stdin or stdout, so you can use \"-of -\" if you want to pipe the output to another process\n"); + fprintf(output, "\n"); + fprintf(output, "A is a comma separated list of items\n"); + fprintf(output, "\n"); + fprintf(output, "An expression has the following form:\n"); + fprintf(output, ":\t()\n"); + fprintf(output, "\t | \n"); + fprintf(output, "\t & \n"); + fprintf(output, "\t\n"); + fprintf(output, "\n"); + fprintf(output, ":\t \n"); + fprintf(output, "\n"); + fprintf(output, "See the -s option for possible matchnames, operators and values.\n"); +} + +void +show_match_names(char *name) +{ + size_t j; + match_table *mt; + ldns_lookup_table *lt; + const type_operators *tos; + char *str; + size_t i; + + if (name) { + mt = get_match_by_name(name); + if (mt) { + printf("%s:\n", mt->name); + printf("\t%s.\n", mt->description); + printf("\toperators: "); + printf("\t"); + tos = get_type_operators(mt->type); + if (tos) { + for (j = 0; j < tos->operator_count; j++) { + printf("%s ", get_op_str(tos->operators[j])); +/* + lt = ldns_lookup_by_id((ldns_lookup_table *) lt_operators, tos->operators[j]); + if (lt) { + printf("%s ", lt->name); + } else { + printf("? "); + } +*/ + } + } else { + printf("unknown type"); + } + + printf("\n"); + printf("\tValues:\n"); + switch (mt->type) { + case TYPE_INT: + printf("\t\t\n"); + break; + case TYPE_BOOL: + printf("\t\t0\n"); + printf("\t\t1\n"); + printf("\t\ttrue\n"); + printf("\t\tfalse\n"); + break; + case TYPE_OPCODE: + printf("\t\t\n"); + lt = ldns_opcodes; + while (lt->name != NULL) { + printf("\t\t%s\n", lt->name); + lt++; + } + break; + case TYPE_RCODE: + printf("\t\t\n"); + lt = ldns_rcodes; + while (lt->name != NULL) { + printf("\t\t%s\n", lt->name); + lt++; + } + break; + case TYPE_STRING: + printf("\t\t\n"); + break; + case TYPE_TIMESTAMP: + printf("\t\t (seconds since epoch)\n"); + break; + case TYPE_ADDRESS: + printf("\t\t\n"); + break; + case TYPE_RR: + printf("\t\t\n"); + break; + default: + break; + } + } else { + printf("Unknown match name: %s\n", name); + } + } else { + mt = (match_table *) matches; + while (mt->name != NULL) { + str = (char *) mt->name; + printf("%s:", str); + i = strlen(str) + 1; + while (i < 24) { + printf(" "); + i++; + } + printf("%s\n", mt->description); + mt++; + } + } +} + +int +handle_ether_packet(const u_char *data, struct pcap_pkthdr cur_hdr, match_counters *count, match_expression *match_expr, match_counters *uniques, match_id unique_ids[], size_t unique_id_count) +{ + struct ether_header *eptr; + struct ip *iptr; + struct ip6_hdr *ip6_hdr; + int ip_hdr_size; + uint8_t protocol; + size_t data_offset = 0; + ldns_rdf *src_addr = NULL, *dst_addr = NULL; + uint8_t *ap; + char *astr; + bpf_u_int32 len = cur_hdr.caplen; + struct timeval timestamp; + uint16_t ip_flags; + uint16_t ip_len; + uint16_t ip_id; + uint16_t ip_f_offset; + const u_char *newdata = NULL; +/* +printf("timeval: %u ; %u\n", cur_hdr.ts.tv_sec, cur_hdr.ts.tv_usec); +*/ + + uint8_t *dnspkt; + + ldns_pkt *pkt; + ldns_status status; + + /* lets start with the ether header... */ + eptr = (struct ether_header *) data; + /* Do a couple of checks to see what packet type we have..*/ + if (ntohs (eptr->ether_type) == ETHERTYPE_IP) + { + if (verbosity >= 5) { + printf("Ethernet type hex:%x dec:%u is an IP packet\n", + (unsigned int) ntohs(eptr->ether_type), + (unsigned int) ntohs(eptr->ether_type)); + } + + data_offset = ETHER_HEADER_LENGTH; + iptr = (struct ip *) (data + data_offset); + /* + printf("IP_OFF: %u (%04x) %04x %04x (%d) (%d)\n", iptr->ip_off, iptr->ip_off, IP_MF, IP_DF, iptr->ip_off & 0x4000, iptr->ip_off & 0x2000); + */ + ip_flags = ldns_read_uint16(&(iptr->ip_off)); + ip_id = ldns_read_uint16(&(iptr->ip_id)); + ip_len = ldns_read_uint16(&(iptr->ip_len)); + ip_f_offset = (ip_flags & IP_OFFMASK)*8; + if (ip_flags & IP_MF && ip_f_offset == 0) { + /*printf("First Frag id %u len\n", ip_id, ip_len);*/ + fragment_p->ip_id = ip_id; + memset(fragment_p->data, 0, 65535); + memcpy(fragment_p->data, iptr, ip_len); + fragment_p->cur_len = ip_len + 20; +/* + for (ip_len = 0; ip_len < fragment_p->cur_len; ip_len++) { + if (ip_len > 0 && ip_len % 20 == 0) { + printf("\t; %u - %u\n", ip_len - 19, ip_len); + } + printf("%02x ", fragment_p->data[ip_len]); + } + printf("\t; ??? - %u\n", ip_len); +*/ + return 0; + } else + if (ip_flags & IP_MF && ip_f_offset != 0) { + /*printf("Next frag\n");*/ + if (ip_id == fragment_p->ip_id) { + /*printf("add fragment to current id %u len %u offset %u\n", ip_id, ip_len, ip_f_offset);*/ + memcpy(fragment_p->data + (ip_f_offset) + 20, data+data_offset+20, ip_len - (iptr->ip_hl)*4); + /*printf("COPIED %u\n", ip_len);*/ + fragment_p->cur_len = fragment_p->cur_len + ip_len - 20; + /*printf("cur len now %u\n", fragment_p->cur_len);*/ +/* + for (ip_len = 0; ip_len < fragment_p->cur_len; ip_len++) { + if (ip_len > 0 && ip_len % 20 == 0) { + printf("\t; %u - %u\n", ip_len - 19, ip_len); + } + printf("%02x ", fragment_p->data[ip_len]); + } + printf("\t; ??? - %u\n", ip_len); +*/ + return 0; + } else { + /*printf("Lost fragment %u\n", iptr->ip_id);*/ + lost_packet_fragments++; + return 1; + } + } else + if (!(ip_flags & IP_MF) && ip_f_offset != 0) { + /*printf("Last frag\n");*/ + if (ip_id == fragment_p->ip_id) { + /*printf("add fragment to current id %u len %u offset %u\n", ip_id, ip_len, ip_f_offset);*/ + memcpy(fragment_p->data + ip_f_offset + 20, data+data_offset+20, ip_len - 20); + fragment_p->cur_len = fragment_p->cur_len + ip_len - 20; + iptr = (struct ip *) fragment_p->data; + newdata = malloc(fragment_p->cur_len + data_offset); + if (!newdata) { + printf("Malloc failed, out of mem?\n"); + exit(4); + } + memcpy((char *) newdata, data, data_offset); + memcpy((char *) newdata+data_offset, fragment_p->data, fragment_p->cur_len); + iptr->ip_len = (u_short) ldns_read_uint16(&(fragment_p->cur_len)); + iptr->ip_off = 0; + len = (bpf_u_int32) fragment_p->cur_len; + cur_hdr.caplen = len; + fragment_p->ip_id = 0; + fragmented_packets++; +/* + for (ip_len = 0; ip_len < fragment_p->cur_len; ip_len++) { + if (ip_len > 0 && ip_len % 20 == 0) { + printf("\t; %u - %u\n", ip_len - 19, ip_len); + } + printf("%02x ", fragment_p->data[ip_len]); + } + printf("\t; ??? - %u\n", ip_len); +*/ + } else { + /*printf("Lost fragment %u\n", iptr->ip_id);*/ + lost_packet_fragments++; + return 1; + } + } else { + newdata = data; + } +/* + if (iptr->ip_off & 0x0040) { + printf("Don't fragment\n"); + } +*/ + + /* in_addr portability woes, going manual for now */ + /* ipv4 */ + ap = (uint8_t *) &(iptr->ip_src); + astr = malloc(INET_ADDRSTRLEN); + if (inet_ntop(AF_INET, ap, astr, INET_ADDRSTRLEN)) { + if (ldns_str2rdf_a(&src_addr, astr) == LDNS_STATUS_OK) { + + } + } + free(astr); + ap = (uint8_t *) &(iptr->ip_dst); + astr = malloc(INET_ADDRSTRLEN); + if (inet_ntop(AF_INET, ap, astr, INET_ADDRSTRLEN)) { + if (ldns_str2rdf_a(&dst_addr, astr) == LDNS_STATUS_OK) { + + } + } + free(astr); + + ip_hdr_size = (int) iptr->ip_hl * 4; + protocol = (uint8_t) iptr->ip_p; + + data_offset += ip_hdr_size; + + if (protocol == IPPROTO_UDP) { + udp_packets++; + data_offset += UDP_HEADER_LENGTH; + + dnspkt = (uint8_t *) (newdata + data_offset); + + /*printf("packet starts at byte %u\n", data_offset);*/ + + /*printf("Len: %u\n", len);*/ + + status = ldns_wire2pkt(&pkt, dnspkt, len - data_offset); + + if (status != LDNS_STATUS_OK) { + if (verbosity >= 3) { + printf("No dns packet: %s\n", ldns_get_errorstr_by_id(status)); + } + if (verbosity >= 5) { + for (ip_len = 0; ip_len < len - data_offset; ip_len++) { + if (ip_len > 0 && ip_len % 20 == 0) { + printf("\t; %u - %u\n", (unsigned int) ip_len - 19, (unsigned int) ip_len); + } + printf("%02x ", (unsigned int) dnspkt[ip_len]); + } + printf("\t; ??? - %u\n", (unsigned int) ip_len); + + } + bad_dns_packets++; + if (bad_dns_dump) { + pcap_dump((u_char *)bad_dns_dump, &cur_hdr, newdata); + } + } else { + timestamp.tv_sec = cur_hdr.ts.tv_sec; + timestamp.tv_usec = cur_hdr.ts.tv_usec; + ldns_pkt_set_timestamp(pkt, timestamp); + + if (verbosity >= 4) { + printf("DNS packet\n"); + ldns_pkt_print(stdout, pkt); + printf("\n\n"); + } + + total_nr_of_dns_packets++; + + if (match_expr) { + if (match_dns_packet_to_expr(pkt, src_addr, dst_addr, match_expr)) { + /* if outputfile write */ + if (dumper) { + pcap_dump((u_char *)dumper, &cur_hdr, data); + } + if (hexdumpfile) { + fprintf(hexdumpfile, ";; %u\n", (unsigned int) total_nr_of_dns_packets); + ldns_pkt2file_hex(hexdumpfile, pkt); + } + if (show_filter_matches) { + printf(";; From: "); + ldns_rdf_print(stdout, src_addr); + printf("\n"); + printf(";; To: "); + ldns_rdf_print(stdout, dst_addr); + printf("\n"); + ldns_pkt_print(stdout, pkt); + printf("------------------------------------------------------------\n\n"); + } + } else { + ldns_pkt_free(pkt); + ldns_rdf_deep_free(src_addr); + ldns_rdf_deep_free(dst_addr); + if (newdata && newdata != data) + free((void *)newdata); + return 0; + } + } else { + if (dumper) { + pcap_dump((u_char *)dumper, &cur_hdr, data); + } + if (hexdumpfile) { + fprintf(hexdumpfile, ";; %u\n", (unsigned int) total_nr_of_dns_packets); + ldns_pkt2file_hex(hexdumpfile, pkt); + } + if (show_filter_matches) { + printf(";; From: "); + ldns_rdf_print(stdout, src_addr); + printf("\n"); + printf(";; To: "); + ldns_rdf_print(stdout, dst_addr); + printf("\n"); + ldns_pkt_print(stdout, pkt); + printf("------------------------------------------------------------\n\n"); + } + } + + /* General counters here */ + total_nr_of_filtered_packets++; + + match_pkt_counters(pkt, src_addr, dst_addr, count); + match_pkt_uniques(pkt, src_addr, dst_addr, uniques, unique_ids, unique_id_count); + + ldns_pkt_free(pkt); + pkt = NULL; + } + ldns_rdf_deep_free(src_addr); + ldns_rdf_deep_free(dst_addr); + + } else if (protocol == IPPROTO_TCP) { + /* tcp packets are skipped */ + tcp_packets++; + } + if (newdata && newdata != data) { + free((void *)newdata); + newdata = NULL; + } + /* don't have a define for ethertype ipv6 */ + } else if (ntohs (eptr->ether_type) == ETHERTYPE_IPV6) { + /*printf("IPv6!\n");*/ + + + /* copied from ipv4, move this to function? */ + + data_offset = ETHER_HEADER_LENGTH; + ip6_hdr = (struct ip6_hdr *) (data + data_offset); + + newdata = data; + + /* in_addr portability woes, going manual for now */ + /* ipv6 */ + ap = (uint8_t *) &(ip6_hdr->ip6_src); + astr = malloc(INET6_ADDRSTRLEN); + if (inet_ntop(AF_INET6, ap, astr, INET6_ADDRSTRLEN)) { + if (ldns_str2rdf_aaaa(&src_addr, astr) == LDNS_STATUS_OK) { + + } + } + free(astr); + ap = (uint8_t *) &(ip6_hdr->ip6_dst); + astr = malloc(INET6_ADDRSTRLEN); + if (inet_ntop(AF_INET6, ap, astr, INET6_ADDRSTRLEN)) { + if (ldns_str2rdf_aaaa(&dst_addr, astr) == LDNS_STATUS_OK) { + + } + } + free(astr); + + ip_hdr_size = IP6_HEADER_LENGTH; + protocol = (uint8_t) ip6_hdr->ip6_ctlun.ip6_un1.ip6_un1_nxt; + + data_offset += ip_hdr_size; + + if (protocol == IPPROTO_UDP) { + udp_packets++; + /*printf("V6 UDP!\n");*/ + data_offset += UDP_HEADER_LENGTH; + + dnspkt = (uint8_t *) (newdata + data_offset); + + /*printf("Len: %u\n", len);*/ + + status = ldns_wire2pkt(&pkt, dnspkt, len - data_offset); + + if (status != LDNS_STATUS_OK) { + if (verbosity >= 3) { + printf("No dns packet: %s\n", ldns_get_errorstr_by_id(status)); + } + bad_dns_packets++; + if (bad_dns_dump) { + pcap_dump((u_char *)bad_dns_dump, &cur_hdr, newdata); + } + } else { + timestamp.tv_sec = cur_hdr.ts.tv_sec; + timestamp.tv_usec = cur_hdr.ts.tv_usec; + ldns_pkt_set_timestamp(pkt, timestamp); + + if (verbosity >= 4) { + printf("DNS packet\n"); + ldns_pkt_print(stdout, pkt); + printf("\n\n"); + } + + total_nr_of_dns_packets++; + + if (match_expr) { + if (match_dns_packet_to_expr(pkt, src_addr, dst_addr, match_expr)) { + /* if outputfile write */ + if (dumper) { + pcap_dump((u_char *)dumper, &cur_hdr, data); + } + if (show_filter_matches) { + printf(";; From: "); + ldns_rdf_print(stdout, src_addr); + printf("\n"); + printf(";; To: "); + ldns_rdf_print(stdout, dst_addr); + printf("\n"); + ldns_pkt_print(stdout, pkt); + printf("------------------------------------------------------------\n\n"); + } + } else { + ldns_pkt_free(pkt); + ldns_rdf_deep_free(src_addr); + ldns_rdf_deep_free(dst_addr); + return 0; + } + } else { + if (show_filter_matches) { + printf(";; From: "); + ldns_rdf_print(stdout, src_addr); + printf("\n"); + printf(";; To: "); + ldns_rdf_print(stdout, dst_addr); + printf("\n"); + ldns_pkt_print(stdout, pkt); + printf("------------------------------------------------------------\n\n"); + } + } + + /* General counters here */ + total_nr_of_filtered_packets++; + + match_pkt_counters(pkt, src_addr, dst_addr, count); + match_pkt_uniques(pkt, src_addr, dst_addr, uniques, unique_ids, unique_id_count); + + ldns_pkt_free(pkt); + pkt = NULL; + } + ldns_rdf_deep_free(src_addr); + ldns_rdf_deep_free(dst_addr); + + } else if (protocol == IPPROTO_TCP) { + /* tcp packets are skipped */ + tcp_packets++; + } else { + printf("ipv6 unknown next header type: %u\n", (unsigned int) protocol); + } + + + + } else if (ntohs (eptr->ether_type) == ETHERTYPE_ARP) { + if (verbosity >= 5) { + printf("Ethernet type hex:%x dec:%u is an ARP packet\n", + (unsigned int) ntohs(eptr->ether_type), + (unsigned int) ntohs(eptr->ether_type)); + } + arp_packets++; + } else { + printf("Ethernet type %x not IP\n", (unsigned int) ntohs(eptr->ether_type)); + if (verbosity >= 5) { + printf("Ethernet type %x not IP\n", (unsigned int) ntohs(eptr->ether_type)); + } + not_ip_packets++; + if (not_ip_dump) { + pcap_dump((u_char *)not_ip_dump, &cur_hdr, data); + } + } + + return 0; +} + +bool +parse_match_list(match_counters *counters, char *string) +{ + size_t i; + match_expression *expr; +/* match_counter *mc;*/ + size_t lastpos = 0; + char *substring; + + /*printf("Parsing match list: '%s'\n", string);*/ + + for (i = 0; i < strlen(string); i++) { + if (string[i] == ',') { + if (i<2) { + fprintf(stderr, "Matchlist cannot start with ,\n"); + return false; + } else { + substring = malloc(strlen(string)+1); + strncpy(substring, &string[lastpos], i - lastpos + 1); + substring[i - lastpos] = '\0'; + expr = parse_match_expression(substring); + free(substring); + if (!expr) { + return false; + } + /* + if (expr->op != MATCH_EXPR_LEAF) { + fprintf(stderr, "Matchlist can only contain , not a logic expression\n"); + return false; + } + */ + add_match_counter(counters, expr, false); + lastpos = i+1; + } + } + } + substring = malloc(strlen(string) + 1); + strncpy(substring, &string[lastpos], i - lastpos + 1); + substring[i - lastpos] = '\0'; + expr = parse_match_expression(substring); + + if (!expr) { + fprintf(stderr, "Bad match: %s\n", substring); + free(substring); + return false; + } + free(substring); + /* + if (expr->op != MATCH_EXPR_LEAF) { + fprintf(stderr, "Matchlist can only contain , not a logic expression\n"); + return false; + } + */ + add_match_counter(counters, expr, false); + return true; +} + +bool +parse_uniques(match_id ids[], size_t *count, char *string) +{ + size_t i, j, lastpos; + char *str, *strpart; + match_table *mt; + + /*printf("Parsing unique counts: '%s'\n", string);*/ + str = calloc(1, strlen(string) + 1); + j = 0; + for (i = 0; i < strlen(string); i++) { + if (!isspace((unsigned char)string[i])) { + str[j] = string[i]; + j++; + } + } + str[j] = '\0'; + + lastpos = 0; + for (i = 0; i <= strlen(str); i++) { + if (str[i] == ',' || i >= strlen(str)) { + if (!(strpart = malloc(i - lastpos + 1))) { + free(str); + return false; + } + strncpy(strpart, &str[lastpos], i - lastpos); + strpart[i - lastpos] = '\0'; + if ((mt = get_match_by_name(strpart))) { + ids[*count] = mt->id; + *count = *count + 1; + } else { + printf("Error parsing match list; unknown match name: %s\n", strpart); + free(strpart); + free(str); + return false; + } + free(strpart); + lastpos = i + 1; + } + } + if (i > lastpos) { + strpart = malloc(i - lastpos + 1); + strncpy(strpart, &str[lastpos], i - lastpos); + strpart[i - lastpos] = '\0'; + if ((mt = get_match_by_name(strpart))) { + ids[*count] = mt->id; + *count = *count + 1; + } else { + printf("Error parsing match list; unknown match name: %s\n", strpart); + return false; + } + free(strpart); + } + free(str); + return true; +} + +int main(int argc, char *argv[]) { + + int i; + int status = EXIT_SUCCESS; + match_counters *count = malloc(sizeof(match_counters)); + const char *inputfile = NULL; + char errbuf[PCAP_ERRBUF_SIZE]; + pcap_t *pc = NULL; + const u_char *cur; + struct pcap_pkthdr cur_hdr; + match_expression *expr = NULL; + match_id unique_ids[MAX_MATCHES]; + size_t unique_id_count = 0; /* number of unique counters */ + match_counters *uniques = malloc(sizeof(match_counters)); + char *dumpfile = NULL; + char *hexdumpfilename = NULL; + char *not_ip_dumpfile = NULL; + char *bad_dns_dumpfile = NULL; + + bool show_percentages = false; + bool show_averages = false; + bool show_average_count = false; + int unique_minimum = 0; + + count->left = NULL; + count->match = NULL; + count->right = NULL; + uniques->left = NULL; + uniques->match = NULL; + uniques->right = NULL; + + fragment_p = malloc(sizeof(struct fragment_part)); + fragment_p->ip_id = 0; + fragment_p->cur_len = 0; + + for (i = 1; i < argc; i++) { + + if (strncmp(argv[i], "-baddns", 8) == 0) { + if (i + 1 < argc) { + bad_dns_dumpfile = argv[i + 1]; + i++; + } else { + usage(stderr); + status = EXIT_FAILURE; + goto exit; + } + } else if (strncmp(argv[i], "-notip", 7) == 0) { + if (i + 1 < argc) { + not_ip_dumpfile = argv[i + 1]; + i++; + } else { + usage(stderr); + status = EXIT_FAILURE; + goto exit; + } + } else if (strncmp(argv[i], "-c", 3) == 0) { + if (i + 1 < argc) { + if (!parse_match_list(count, argv[i + 1])) { + status = EXIT_FAILURE; + goto exit; + } + i++; + } else { + usage(stderr); + status = EXIT_FAILURE; + goto exit; + } + } else if (strncmp(argv[i], "-f", 3) == 0) { + if (i + 1 < argc) { + if (expr || strchr(argv[i+1], ',')) { + fprintf(stderr, "You can only specify 1 filter expression.\n"); + status = EXIT_FAILURE; + goto exit; + } + expr = parse_match_expression(argv[i + 1]); + i++; + } else { + usage(stderr); + status = EXIT_FAILURE; + goto exit; + } + } else if (strncmp(argv[i], "-h", 3) == 0) { + usage(stdout); + status = EXIT_SUCCESS; + goto exit; + } else if (strncmp(argv[i], "-p", 3) == 0) { + show_percentages = true; + } else if (strncmp(argv[i], "-of", 4) == 0) { + if (i + 1 < argc) { + dumpfile = argv[i + 1]; + i++; + } else { + usage(stderr); + status = EXIT_FAILURE; + goto exit; + } + } else if (strncmp(argv[i], "-ofh", 5) == 0) { + if (i + 1 < argc) { + hexdumpfilename = argv[i + 1]; + i++; + } else { + usage(stderr); + status = EXIT_FAILURE; + goto exit; + } + } else if (strncmp(argv[i], "-s", 3) == 0) { + if (i + 1 < argc) { + show_match_names(argv[i + 1]); + } else { + show_match_names(NULL); + } + status = EXIT_SUCCESS; + goto exit; + } else if (strncmp(argv[i], "-sf", 4) == 0) { + show_filter_matches = true; + } else if (strncmp(argv[i], "-u", 3) == 0) { + if (i + 1 < argc) { + if (!parse_uniques(unique_ids, &unique_id_count, argv[i + 1])) { + status = EXIT_FAILURE; + goto exit; + } + i++; + } else { + usage(stderr); + status = EXIT_FAILURE; + goto exit; + } + } else if (strcmp("-ua", argv[i]) == 0) { + show_averages = true; + } else if (strcmp("-uac", argv[i]) == 0) { + show_average_count = true; + } else if (strcmp("-um", argv[i]) == 0) { + if (i + 1 < argc) { + unique_minimum = atoi(argv[i+1]); + i++; + } else { + fprintf(stderr, "-um requires an argument"); + usage(stderr); + status = EXIT_FAILURE; + goto exit; + } + } else if (strcmp("-v", argv[i]) == 0) { + i++; + if (i < argc) { + verbosity = atoi(argv[i]); + } + } else if (strcmp("-version", argv[i]) == 0) { + printf("dns packet analyzer, version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); + goto exit; + } else { + if (inputfile) { + fprintf(stderr, "You can only specify 1 input file\n"); + exit(1); + } + inputfile = argv[i]; + } + } + + if (!inputfile) { + inputfile = "-"; + } + + if (verbosity >= 5) { + printf("Filter:\n"); + print_match_expression(stdout, expr); + printf("\n\n"); + } + + pc = pcap_open_offline(inputfile, errbuf); + + if (!pc) { + if (errno != 0) { + printf("Error opening pcap file %s: %s\n", inputfile, errbuf); + exit(1); + } else { + goto showresult; + } + } + + if (dumpfile) { + dumper = pcap_dump_open(pc, dumpfile); + + if (!dumper) { + printf("Error opening pcap dump file %s: %s\n", dumpfile, errbuf); + exit(1); + } + } + + if (hexdumpfilename) { + if (strncmp(hexdumpfilename, "-", 2) != 0) { + printf("hexdump is file\n"); + hexdumpfile = fopen(hexdumpfilename, "w"); + } else { + printf("hexdump is stdout\n"); + hexdumpfile = stdout; + } + + if (!hexdumpfile) { + printf("Error opening hex dump file %s: %s\n", hexdumpfilename, strerror(errno)); + exit(1); + } + } + + if (not_ip_dumpfile) { + not_ip_dump = pcap_dump_open(pc, not_ip_dumpfile); + if (!not_ip_dump) { + printf("Error opening pcap dump file NOT_IP: %s\n", errbuf); + } + } + if (bad_dns_dumpfile) { + bad_dns_dump = pcap_dump_open(pc, bad_dns_dumpfile); + if (!bad_dns_dump) { + printf("Error opening pcap dump file NOT_IP: %s\n", errbuf); + } + } + + while ((cur = pcap_next(pc, &cur_hdr))) { + if (verbosity >= 5) { + printf("\n\n\n[PKT_HDR] caplen: %u \tlen: %u\n", (unsigned int)cur_hdr.caplen, (unsigned int)cur_hdr.len); + } + handle_ether_packet(cur, cur_hdr, count, expr, uniques, unique_ids, unique_id_count); + } + + if (not_ip_dump) { + pcap_dump_close(not_ip_dump); + } + + if (bad_dns_dump) { + pcap_dump_close(bad_dns_dump); + } + + if (dumper) { + pcap_dump_close(dumper); + } + + if (hexdumpfile && hexdumpfile != stdout) { + fclose(hexdumpfile); + } + + pcap_close(pc); + + showresult: + if (show_percentages) { + fprintf(stdout, "Packets that are not IP: %u\n", (unsigned int) not_ip_packets); + fprintf(stdout, "bad dns packets: %u\n", (unsigned int) bad_dns_packets); + fprintf(stdout, "arp packets: %u\n", (unsigned int) arp_packets); + fprintf(stdout, "udp packets: %u\n", (unsigned int) udp_packets); + fprintf(stdout, "tcp packets (skipped): %u\n", (unsigned int) tcp_packets); + fprintf(stdout, "reassembled fragmented packets: %u\n", (unsigned int) fragmented_packets); + fprintf(stdout, "packet fragments lost: %u\n", (unsigned int) lost_packet_fragments); + fprintf(stdout, "Total number of DNS packets: %u\n", (unsigned int) total_nr_of_dns_packets); + fprintf(stdout, "Total number of DNS packets after filter: %u\n", (unsigned int) total_nr_of_filtered_packets); + } + if (count->match) { + print_counters(stdout, count, show_percentages, total_nr_of_filtered_packets, 0); + } + if (uniques->match) { + print_counters(stdout, uniques, show_percentages, total_nr_of_filtered_packets, unique_minimum); + if (show_averages) { + print_counter_averages(stdout, uniques, NULL); + } + if (show_average_count) { + print_counter_average_count(stdout, uniques, NULL, true); + } + } + + exit: + + free_match_expression(expr); + free_counters(count); + free_counters(uniques); + + return status; +} + +#else +int main(void) { + fprintf(stderr, "ldns-dpa was not built because there is no pcap library on this system, or there was no pcap header file at compilation time. Please install pcap and rebuild.\n"); + return 1; +} +#endif +#else +int main(void) { + fprintf(stderr, "ldns-dpa was not built because there is no pcap library on this system, or there was no pcap header file at compilation time. Please install pcap and rebuild.\n"); + return 1; +} +#endif + + diff --git a/zonemaster-ldns/ldns/examples/ldns-dpa.h b/zonemaster-ldns/ldns/examples/ldns-dpa.h new file mode 100644 index 0000000..b56530d --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-dpa.h @@ -0,0 +1,92 @@ +#include +#include +#include +#include + +#if STDC_HEADERS +#include +#include +#endif + +#ifdef HAVE_STDINT_H +#include +#endif + +#ifdef HAVE_SYS_SOCKET_H +#include +#endif + +#ifdef HAVE_NETINET_IN_H +#include +#endif + +#ifdef HAVE_ARPA_INET_H +#include +#endif + +#ifdef HAVE_NETINET_UDP_H +#include +#endif + +#ifdef HAVE_TIME_H +#include +#endif + +#ifdef HAVE_PCAP_H +#include +#endif + +#ifdef HAVE_NETINET_IN_SYSTM_H +#include +#endif + +#ifdef HAVE_NETINET_IP_H +#include +#endif + +#ifdef HAVE_NET_IF_H +#include +#endif + +#ifdef HAVE_NETINET_IF_ETHER_H +#include +#endif + +#ifdef HAVE_WINSOCK2_H +#define USE_WINSOCK 1 +#include +#endif + +#ifdef HAVE_WS2TCPIP_H +#include +#endif + +#ifndef HAVE_GETADDRINFO +#include +#endif + +#ifndef HAVE_RANDOM +/* random can be replaced by rand for ldnsexamples */ +#define random rand +#endif + +#ifndef HAVE_SRANDOM +/* srandom can be replaced by srand for ldnsexamples */ +#define srandom srand +#endif + +extern char *optarg; +extern int optind, opterr; + +#ifndef EXIT_FAILURE +#define EXIT_FAILURE 1 +#endif +#ifndef EXIT_SUCCESS +#define EXIT_SUCCESS 0 +#endif + +#ifdef S_SPLINT_S +#define FD_ZERO(a) /* a */ +#define FD_SET(a,b) /* a, b */ +#endif + diff --git a/zonemaster-ldns/ldns/examples/ldns-gen-zone.1 b/zonemaster-ldns/ldns/examples/ldns-gen-zone.1 new file mode 100644 index 0000000..db6bca6 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-gen-zone.1 @@ -0,0 +1,98 @@ +.TH ldns-gen-zone 1 "10 June 2010" +.SH NAME +ldns-gen-zone \- read a zonefile and print it while adding DS records and extra RR's +.SH SYNOPSIS +.B ldns-gen-zone +.IR ZONEFILE + +.SH DESCRIPTION + +\fBldns-gen-zone\fR reads a DNS zone file and prints it. + +It is build for speed, not for a nice formatting. The output +has one resource record per line and no pretty-printing makeup. + +DNSSEC data (NSEC, NSEC3, RRSIG or DNSKEY) is not stripped. You may want to +use \fBldns-read-zone\fR for that. Existing DS records are also not stripped. + +The idea is to use this tool for quickly generating a representative +artificial zonefile from a real zonefile, to use it for testing purposes. + +.SH OPTIONS +.TP +\fB-a NUM\fR +Adds NUM extra artificial NS RRSets to the output. +The RRSets owner names start +with 'xn--' in an attempt to ensure uniqueness (nl.-zone does not support +IDN's - and this tool was written with that knowledge in mind). + +An artificial NS RRSet has two NS records; ns1.example.com and +ns2.example.com. + +.TP +\fB-p NUM\fR +Add NUM% of DS RRSets to the NS RRSets (anywhere between +1-4 DS records per RRSet). + +.TP +\fB-o ORIGIN\fR +Sets an $ORIGIN, which can be handy if the one in the zonefile +is set to '@' for example. If there is an $ORIGIN in the zonefile, +this option will silently be ignored. + +.TP +\fB-s\fR +This is the recommended way of processing large zones that +are already sorted and canonicalized (ie lowercase). It skips the +sorting and canonicalization step that is required for properly +grouping RRSets together (before adding any DS records to them. Skipping +this step will speed things up. + +It is not recommended to use this option if you want to add DS records +to unsorted, non-canonicalized zones. + +.TP +\fB-h\fR +Show usage and exit. + +.TP +\fB-v\fR +Show version and exit. + +.SH EXAMPLES + +.TP +\fBldns-gen-zone \-a 100000 \-p 10 \-s ./zonefile.txt\fR +Read a zonefile, add 100.000 artificial NS RRSets and 10% of DS records, +print it to standard output. Don't sort (will only work well if the input +zonefile is already sorted and canonicalized). + +.TP +\fBldns-gen-zone \-p 10 \-s \-o nl zonefile.txt | named-compilezone \-s relative \-i none \-o zonefile_10.txt nl /dev/stdin\fR +This creates a nicely formatted zone file with the help of \fBnamed-compilezone\fR. +It adds 10% DS records to the .nl zone, reformats it and saves it as \fBzonefile_10.txt\fR. + +.SH AUTHOR +Initially written by Marco Davids, several modifications added by Miek +Gieben, both from SIDN. + +.SH REPORTING BUGS +Report bugs to . + +.SH BUGS +Only undiscovered ones. + +.SH CAVEATS +May require a machine with a considerable amount of memory for large zone files. + +Fake DS records hashes are generated as digest type SHA-256 (RFC4509). Be aware not to change +the DIGESTTYPE #define in the source code in anything else but 2 if you want +to keep things realistic. + +Despite a number of efforts, this program is still not the fastest in the +world. + +.SH COPYRIGHT +Copyright (C) 2010 SIDN. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-gen-zone.c b/zonemaster-ldns/ldns/examples/ldns-gen-zone.c new file mode 100644 index 0000000..9050f67 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-gen-zone.c @@ -0,0 +1,307 @@ +/* + * Reads a zone file from disk and prints it to stdout, one RR per line. + * Adds artificial DS records and RRs. + * For the purpose of generating a test zone file + * + * (c) SIDN 2010/2011 - Marco Davids/Miek Gieben + * + * See the LICENSE file for the license + */ + +#include "config.h" +#include +#include +#include +#include + +#define NUM_DS 4 /* maximum of 4 DS records per delegation */ +#define ALGO 8 /* Algorithm to use for fake DS records - RSASHA256 - RFC5702 */ +#define DIGESTTYPE 2 /* Digest type to use for fake DS records - SHA-256 - RFC 4509 */ + + +/** + * Usage function. + * + */ +static void +usage(FILE *fp, char *prog) { + fprintf(fp, "\n\nUsage: %s [-hsv] [-ap NUM] [-o ORIGIN] []\n", prog); + fprintf(fp, "\tReads a zonefile and add some artificial NS RRsets and DS records.\n"); + fprintf(fp, "\tIf no zonefile is given, the zone is read from stdin.\n"); + fprintf(fp, "\t-a add NUM artificial delegations (NS RRSets) to output.\n"); + fprintf(fp, "\t-p add NUM percent of DS RRset's to the NS RRsets (1-%d RR's per DS RRset).\n", NUM_DS); + fprintf(fp, "\t-o ORIGIN sets an $ORIGIN, which can be handy if the one in the zonefile is set to @.\n"); + fprintf(fp, "\t-s if input zone file is already sorted and canonicalized (ie all lowercase),\n\t use this option to speed things up while inserting DS records.\n"); + fprintf(fp, "\t-h show this text.\n"); + fprintf(fp, "\t-v shows the version and exits.\n"); + fprintf(fp, "\nif no file is given standard input is read.\n\n"); +} + +/** + * Insert the DS records, return the amount added. + * + */ +static int +insert_ds(ldns_rdf *dsowner, uint32_t ttl) +{ + int d, dsrand; + int keytag = 0; + char *dsownerstr; + char digeststr[70]; + + /** + * Average the amount of DS records per delegation a little. + */ + dsrand = 1+rand() % NUM_DS; + for(d = 0; d < dsrand; d++) { + keytag = 1+rand() % 65535; + /** + * Dynamic hashes method below is still too slow... 20% slower than a fixed string... + * + * We assume RAND_MAX is 32 bit, http://www.gnu.org/s/libc/manual/html_node/ISO-Random.html + * 2147483647 or 0x7FFFFFFF + */ + snprintf(digeststr, 65, + "%08x%08x%08x%08x%08x%08x%08x%08x", + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX); + dsownerstr = ldns_rdf2str(dsowner); + fprintf(stdout, "%s\t%u\tIN\tDS\t%d %d %d %s\n", dsownerstr, (unsigned) ttl, keytag, ALGO, DIGESTTYPE, digeststr); + } + return dsrand; +} + +int +main(int argc, char **argv) { + char *filename, *rrstr, *ownerstr; + const char *classtypestr1 = "IN NS ns1.example.com."; + const char *classtypestr2 = "IN NS ns2.example.com."; + const size_t classtypelen = strlen(classtypestr1); + /* Simply because this was developed by SIDN and we don't use xn-- for .nl :-) */ + const char *punystr = "xn--fake-rr"; + const size_t punylen = strlen(punystr); + size_t rrstrlen, ownerlen; + FILE *fp; + int c, nsrand; + uint32_t ttl; + int counta,countd,countr; + ldns_zone *z; + ldns_rdf *origin = NULL; + int line_nr = 0; + int addrrs = 0; + int dsperc = 0; + bool canonicalize = true; + bool sort = true; + bool do_ds = false; + ldns_status s; + size_t i; + ldns_rr_list *rrset_list; + ldns_rdf *owner; + ldns_rr_type cur_rr_type; + ldns_rr *cur_rr; + ldns_status status; + + counta = countd = countr = 0; + + /** + * Set some random seed. + */ + srand((unsigned int)time(NULL)); + + /** + * Commandline options. + */ + while ((c = getopt(argc, argv, "a:p:shvo:")) != -1) { + switch (c) { + case 'a': + addrrs = atoi(optarg); + if (addrrs <= 0) { + fprintf(stderr, "error\n"); + exit(EXIT_FAILURE); + } + break; + case 'o': + origin = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, optarg); + if (!origin) { + fprintf(stderr, "error: creating origin from -o %s failed.\n", optarg); + exit(EXIT_FAILURE); + } + break; + case 'p': + dsperc = atoi(optarg); + if (dsperc < 0 || dsperc > 100) { + fprintf(stderr, "error: percentage of signed delegations must be between [0-100].\n"); + exit(EXIT_FAILURE); + } + do_ds = true; + break; + case 's': + sort = false; + canonicalize = false; + break; + case 'h': + usage(stdout, argv[0]); + exit(EXIT_SUCCESS); + case 'v': + fprintf(stdout, "ldns-gen-zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); + exit(EXIT_SUCCESS); + default: + fprintf(stderr, "\nTry -h for more information.\n\n"); + exit(EXIT_FAILURE); + } + } + argc -= optind; + argv += optind; + + /** + * Read zone. + */ + if (argc == 0) { + fp = stdin; + } else { + filename = argv[0]; + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror (errno)); + exit(EXIT_FAILURE); + } + } + s = ldns_zone_new_frm_fp_l(&z, fp, origin, 0, LDNS_RR_CLASS_IN, &line_nr); + if (s != LDNS_STATUS_OK) { + fprintf(stderr, "%s at line %d\n", ldns_get_errorstr_by_id(s), line_nr); + exit(EXIT_FAILURE); + } + if (!ldns_zone_soa(z)) { + fprintf(stderr, "No zone data seen\n"); + exit(EXIT_FAILURE); + } + + ttl = ldns_rr_ttl(ldns_zone_soa(z)); + if (!origin) { + origin = ldns_rr_owner(ldns_zone_soa(z)); + // Check for root (.) origin here TODO(MG) + } + ownerstr = ldns_rdf2str(origin); + if (!ownerstr) { + fprintf(stderr, "ldns_rdf2str(origin) failed\n"); + exit(EXIT_FAILURE); + } + ownerlen = strlen(ownerstr); + + ldns_rr_print(stdout, ldns_zone_soa(z)); + + if (addrrs > 0) { + while (addrrs > counta) { + counta++; + rrstrlen = punylen + ownerlen + classtypelen + 4; + rrstrlen *= 2; /* estimate */ + rrstr = (char*)malloc(rrstrlen); + if (!rrstr) { + fprintf(stderr, "malloc() failed: Out of memory\n"); + exit(EXIT_FAILURE); + } + (void)snprintf(rrstr, rrstrlen, "%s%d.%s %u %s", punystr, counta, + ownerstr, (unsigned) ttl, classtypestr1); + status = ldns_rr_new_frm_str(&cur_rr, rrstr, 0, NULL, NULL); + if (status == LDNS_STATUS_OK) { + ldns_rr_print(stdout, cur_rr); + ldns_rr_free(cur_rr); + } else { + fprintf(stderr, "ldns_rr_new_frm_str() failed\n"); + exit(EXIT_FAILURE); + } + + (void)snprintf(rrstr, rrstrlen, "%s%d.%s %u %s", punystr, counta, + ownerstr, (unsigned) ttl, classtypestr2); + status = ldns_rr_new_frm_str(&cur_rr, rrstr, 0, NULL, NULL); + if (status == LDNS_STATUS_OK) { + ldns_rr_print(stdout, cur_rr); + } else { + fprintf(stderr, "ldns_rr_new_frm_str() failed\n"); + exit(EXIT_FAILURE); + } + + free(rrstr); + + /* may we add a DS record as well? */ + if (do_ds) { + /* + * Per definition this may not be the same as the origin, so no + * check required same for NS check - so the only thing left is some + * randomization. + */ + nsrand = rand() % 100; + if (nsrand < dsperc) { + owner = ldns_rr_owner(cur_rr); + ttl = ldns_rr_ttl(cur_rr); + countd += insert_ds(owner, ttl); + } + } + ldns_rr_free(cur_rr); + } + } + + if (!do_ds) { + ldns_rr_list_print(stdout, ldns_zone_rrs(z)); + } else { + /* + * We use dns_rr_list_pop_rrset and that requires a sorted list weird things may happen + * if the -s option was used on unsorted, non-canonicalized input + */ + if (canonicalize) { + ldns_rr2canonical(ldns_zone_soa(z)); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { + ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i)); + } + } + + if (sort) { + ldns_zone_sort(z); + } + + /* Work on a per RRset basis for DS records - weird things will happen if the -s option + * was used in combination with an unsorted zone file + */ + while((rrset_list = ldns_rr_list_pop_rrset(ldns_zone_rrs(z)))) { + owner = ldns_rr_list_owner(rrset_list); + cur_rr_type = ldns_rr_list_type(rrset_list); + /** + * Print them... + */ + cur_rr = ldns_rr_list_pop_rr(rrset_list); + while (cur_rr) { + ttl = ldns_rr_ttl(cur_rr); + fprintf(stdout, "%s", ldns_rr2str(cur_rr)); + cur_rr = ldns_rr_list_pop_rr(rrset_list); + } + /* + * And all the way at the end a DS record if + * we are dealing with an NS rrset + */ + nsrand = rand() % 100; + if (nsrand == 0) { + nsrand = 100; + } + + if ((cur_rr_type == LDNS_RR_TYPE_NS) && + (ldns_rdf_compare(owner, origin) != 0) && (nsrand < dsperc)) { + /** + * No DS records for the $ORIGIN, only for delegations, obey dsperc. + */ + countr++; + countd += insert_ds(owner, ttl); + } + ldns_rr_list_free(rrset_list); + ldns_rdf_free(owner); + } + } + + /** + * And done... + */ + fclose(fp); + fprintf(stdout, ";; Added %d DS records (percentage was %d) to %d NS RRset's (from input-zone: %d, from added: %d)\n;; lines in original input-zone: %d\n", + countd, dsperc, counta + countr, countr, counta, line_nr); + exit(EXIT_SUCCESS); +} diff --git a/zonemaster-ldns/ldns/examples/ldns-key2ds.1 b/zonemaster-ldns/ldns/examples/ldns-key2ds.1 new file mode 100644 index 0000000..6225eef --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-key2ds.1 @@ -0,0 +1,52 @@ +.TH ldns-key2ds 1 "30 May 2005" +.SH NAME +ldns-key2ds \- transform a DNSKEY RR to a DS RR +.SH SYNOPSIS +.B ldns-key2ds +.IR file + +.SH DESCRIPTION +\fBldns-key2ds\fR is used to transform a public DNSKEY RR to a DS RR. +When run it will read \fIfile\fR with a DNSKEY RR in it and +it will create a .ds file with the DS RR in it. + +It prints out the basename for this file (K++). + +By default it takes a pick of algorithm similar to the key algorithm, +SHA1 for RSASHA1, and so on. + +.SH OPTIONS +.TP +\fB-f\fR +Ignore SEP flag (i.e. make DS records for any key) + +.TP +\fB-n\fR +Write the result DS Resource Record to stdout instead of a file + +.TP +\fB-1\fR +Use SHA1 as the hash function. + +.TP +\fB-2\fR +Use SHA256 as the hash function + +.TP +\fB-g\fR +Use GOST as the hash function + +.TP +\fB-4\fR +Use SHA384 as the hash function + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-key2ds.c b/zonemaster-ldns/ldns/examples/ldns-key2ds.c new file mode 100644 index 0000000..898755d --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-key2ds.c @@ -0,0 +1,205 @@ +/* + * key2ds transforms a public key into its DS + * It (currently) prints out the public key + * + * (c) NLnet Labs, 2005 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" + +#include + +#include + +static void +usage(FILE *fp, char *prog) { + fprintf(fp, "%s [-fn] [-1|-2] keyfile\n", prog); + fprintf(fp, " Generate a DS RR from the DNSKEYS in keyfile\n"); + fprintf(fp, " The following file will be created: "); + fprintf(fp, "K++.ds\n"); + fprintf(fp, " The base name (K++ will be printed to stdout\n"); + fprintf(fp, "Options:\n"); + fprintf(fp, " -f: ignore SEP flag (i.e. make DS records for any key)\n"); + fprintf(fp, " -n: do not write DS records to file(s) but to stdout\n"); + fprintf(fp, " (default) use similar hash to the key algorithm.\n"); + fprintf(fp, " -1: use SHA1 for the DS hash\n"); + fprintf(fp, " -2: use SHA256 for the DS hash\n"); +#ifdef USE_GOST + fprintf(fp, " -g: use GOST for the DS hash\n"); +#endif +#ifdef USE_ECDSA + fprintf(fp, " -4: use SHA384 for the DS hash\n"); +#endif +} + +static int +is_suitable_dnskey(ldns_rr *rr, int sep_only) +{ + if (!rr || ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY) { + return 0; + } + return !sep_only || + (ldns_rdf2native_int16(ldns_rr_dnskey_flags(rr)) & + LDNS_KEY_SEP_KEY); +} + +static ldns_hash +suitable_hash(ldns_signing_algorithm algorithm) +{ + switch (algorithm) { + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: + return LDNS_SHA256; + case LDNS_SIGN_ECC_GOST: +#ifdef USE_GOST + return LDNS_HASH_GOST; +#else + return LDNS_SHA256; +#endif +#ifdef USE_ECDSA + case LDNS_SIGN_ECDSAP256SHA256: + return LDNS_SHA256; + case LDNS_SIGN_ECDSAP384SHA384: + return LDNS_SHA384; +#endif +#ifdef USE_ED25519 + case LDNS_SIGN_ED25519: + return LDNS_SHA256; +#endif +#ifdef USE_ED448 + case LDNS_SIGN_ED448: + return LDNS_SHA256; +#endif + default: break; + } + return LDNS_SHA1; +} + +int +main(int argc, char *argv[]) +{ + FILE *keyfp, *dsfp; + char *keyname; + char *dsname; + char *owner; + ldns_rr *k, *ds; + ldns_signing_algorithm alg; + ldns_hash h; + int similar_hash=1; + char *program = argv[0]; + int nofile = 0; + ldns_rdf *origin = NULL; + ldns_status result = LDNS_STATUS_OK; + int sep_only = 1; + + h = LDNS_SHA1; + + argv++, argc--; + while (argc && argv[0][0] == '-') { + if (strcmp(argv[0], "-1") == 0) { + h = LDNS_SHA1; + similar_hash = 0; + } + if (strcmp(argv[0], "-2") == 0) { + h = LDNS_SHA256; + similar_hash = 0; + } +#ifdef USE_GOST + if (strcmp(argv[0], "-g") == 0) { + if(!ldns_key_EVP_load_gost_id()) { + fprintf(stderr, "error: libcrypto does not provide GOST\n"); + exit(EXIT_FAILURE); + } + h = LDNS_HASH_GOST; + similar_hash = 0; + } +#endif +#ifdef USE_ECDSA + if (strcmp(argv[0], "-4") == 0) { + h = LDNS_SHA384; + similar_hash = 0; + } +#endif + if (strcmp(argv[0], "-f") == 0) { + sep_only = 0; + } + if (strcmp(argv[0], "-n") == 0) { + nofile=1; + } + argv++, argc--; + } + + if (argc != 1) { + usage(stderr, program); + exit(EXIT_FAILURE); + } + keyname = strdup(argv[0]); + + keyfp = fopen(keyname, "r"); + if (!keyfp) { + fprintf(stderr, "Failed to open public key file %s: %s\n", keyname, + strerror(errno)); + exit(EXIT_FAILURE); + } + + while (result == LDNS_STATUS_OK) { + result = ldns_rr_new_frm_fp(&k, keyfp, 0, &origin, NULL); + while (result == LDNS_STATUS_SYNTAX_ORIGIN || + result == LDNS_STATUS_SYNTAX_TTL || + (result == LDNS_STATUS_OK && !is_suitable_dnskey(k, sep_only)) + ) { + if (result == LDNS_STATUS_OK) { + ldns_rr_free(k); + } + result = ldns_rr_new_frm_fp(&k, keyfp, 0, &origin, NULL); + } + if (result == LDNS_STATUS_SYNTAX_EMPTY) { + /* we're done */ + break; + } + if (result != LDNS_STATUS_OK) { + fprintf(stderr, "Could not read public key from file %s: %s\n", keyname, ldns_get_errorstr_by_id(result)); + exit(EXIT_FAILURE); + } + + owner = ldns_rdf2str(ldns_rr_owner(k)); + alg = ldns_rdf2native_int8(ldns_rr_dnskey_algorithm(k)); + if(similar_hash) + h = suitable_hash(alg); + + ds = ldns_key_rr2ds(k, h); + if (!ds) { + fprintf(stderr, "Conversion to a DS RR failed\n"); + ldns_rr_free(k); + free(owner); + exit(EXIT_FAILURE); + } + + /* print the public key RR to .key */ + dsname = LDNS_XMALLOC(char, strlen(owner) + 16); + snprintf(dsname, strlen(owner) + 15, "K%s+%03u+%05u.ds", owner, alg, (unsigned int) ldns_calc_keytag(k)); + + if (nofile) + ldns_rr_print(stdout,ds); + else { + dsfp = fopen(dsname, "w"); + if (!dsfp) { + fprintf(stderr, "Unable to open %s: %s\n", dsname, strerror(errno)); + exit(EXIT_FAILURE); + } else { + ldns_rr_print(dsfp, ds); + fclose(dsfp); + fprintf(stdout, "K%s+%03u+%05u\n", owner, alg, (unsigned int) ldns_calc_keytag(k)); + } + } + + ldns_rr_free(ds); + ldns_rr_free(k); + free(owner); + LDNS_FREE(dsname); + } + fclose(keyfp); + free(keyname); + exit(EXIT_SUCCESS); +} diff --git a/zonemaster-ldns/ldns/examples/ldns-keyfetcher.1 b/zonemaster-ldns/ldns/examples/ldns-keyfetcher.1 new file mode 100644 index 0000000..13931fb --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-keyfetcher.1 @@ -0,0 +1,64 @@ +.TH ldns-keyfetcher 1 "4 Apr 2006" +.SH NAME +ldns-keyfetcher \- retrieve the DNSSEC DNSKEYs for a zone +.SH SYNOPSIS +.B ldns-keyfetcher +[ +.IR OPTIONS +] +.IR DOMAIN + +.SH DESCRIPTION +\fBldns-keyfetcher\fR is used to retrieve the DNSKEYs of a zone. + +First it finds all authoritative nameservers of the zone by tracing it from +the root down. All authoritative nameservers are then queried (using TCP) +for the DNSKEY RRset of the zone apex. If the results are all the same, +the key resource record set is printed. + + +.SH OPTIONS +\fB-4\fR \fI\fR +Only use IPv4 + +\fB-6\fR \fI\fR +Only use IPv6 + +\fB-h\fR \fI\fR +Show a help text and exit + +\fB-i\fR +Insecurer mode; there will only be one query for the DNSKEYS. There will not +be crosschecking of all authoritative nameservers. + +\fB-v\fR \fIverbosity\fR + +Set the verbosity level. The following levels are available: + + 0: default, only print the DNSKEY RRset found, or an error on failure. + 1: Show the nameservers that are queried + 2: Show more info on what is checked + 3: Show the intermediate results (authority and dnskey rrsets) + 4: Print the answer packets that are returned + +\fB-r\fR \fIfile\fR + +Use file as the root hints file, should contain A records in presentation +format. The default is /etc/named.root. You can get this file from +http://www.internic.net/zones/named.root. + +\fB-s\fR \fI\fR +Don't print the keys to stdout, but store them in files. + +The filenames will be of the format K.+.+.key + +.SH AUTHOR +Written by Jelte Jansen for NLnet Labs. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2006 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-keyfetcher.c b/zonemaster-ldns/ldns/examples/ldns-keyfetcher.c new file mode 100644 index 0000000..2f48e7a --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-keyfetcher.c @@ -0,0 +1,737 @@ +/* + * ldns-keyfetcher retrieves the DNSKEYS for a certain domain + * It traces the authoritative nameservers down from the root + * And uses TCP, to minimize spoofing danger. + * + * (c) NLnet Labs, 2006 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" +#include +#include + +int verbosity = 0; +/* 0=use both ip4 and ip6 (default). 1=ip4only. 2=ip6only. */ +uint8_t address_family = 0; +bool store_in_file = false; + +static void +usage(FILE *fp, char *prog) { + fprintf(fp, "%s domain\n", prog); + fprintf(fp, " retrieve the dnskeys for a domain\n"); + fprintf(fp, "Options:\n"); + fprintf(fp, "-4\t\tUse IPv4 only\n"); + fprintf(fp, "-6\t\tUse IPv6 only\n"); + fprintf(fp, "-h\t\tShow this help\n"); + fprintf(fp, "-i\t\tInsecurer mode; don't do checks, just query for the keys\n"); + fprintf(fp, "-r \tUse file to read root hints from\n"); + fprintf(fp, "-s\t\tDon't print the keys but store them in files\n\t\tcalled K.+.+.key\n"); + fprintf(fp, "-v \tVerbosity level (0-5, not verbose-very verbose)\n"); +} + +static ldns_rr_list * +retrieve_dnskeys(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t, + ldns_rr_class c, ldns_rr_list *dns_root) +{ + ldns_resolver *res; + ldns_pkt *p; + ldns_rr_list *new_nss_a; + ldns_rr_list *new_nss_aaaa; + ldns_rr_list *new_nss; + ldns_rr_list *ns_addr; + ldns_rr_list *ns_addr2; + uint16_t loop_count; + ldns_rdf *pop; + ldns_status status; + size_t i; + + size_t nss_i; + ldns_rr_list *answer_list = NULL; + ldns_rr_list *authority_list = NULL; + + size_t last_nameserver_count; + ldns_rdf **last_nameservers; + + loop_count = 0; + new_nss_a = NULL; + new_nss_aaaa = NULL; + new_nss = NULL; + ns_addr = NULL; + ns_addr2 = NULL; + p = ldns_pkt_new(); + res = ldns_resolver_new(); + + if (!p || !res) { + fprintf(stderr, "Memory allocation failed"); + return NULL; + } + + if (verbosity >= 2) { + printf("Finding dnskey data for zone: "); + ldns_rdf_print(stdout, name); + printf("\n\n"); + } + + /* transfer some properties of local_res to res, + * because they were given on the command line */ + ldns_resolver_set_ip6(res, + ldns_resolver_ip6(local_res)); + ldns_resolver_set_port(res, + ldns_resolver_port(local_res)); + ldns_resolver_set_debug(res, + ldns_resolver_debug(local_res)); + ldns_resolver_set_dnssec(res, + ldns_resolver_dnssec(local_res)); + ldns_resolver_set_fail(res, + ldns_resolver_fail(local_res)); + ldns_resolver_set_usevc(res, + ldns_resolver_usevc(local_res)); + ldns_resolver_set_random(res, + ldns_resolver_random(local_res)); + ldns_resolver_set_recursive(res, false); + + /* setup the root nameserver in the new resolver */ + status = ldns_resolver_push_nameserver_rr_list(res, dns_root); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error setting root nameservers in resolver: %s\n", ldns_get_errorstr_by_id(status)); + return NULL; + } + + ldns_pkt_free(p); + status = ldns_resolver_send(&p, res, name, t, c, 0); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error querying root servers: %s\n", ldns_get_errorstr_by_id(status)); + return NULL; + } + + if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { + printf("Error in packet:\n"); + ldns_pkt_print(stdout, p); + return NULL; + } + + if (verbosity >= 4) { + ldns_pkt_print(stdout, p); + printf("\n\n"); + } + + /* from now on, use TCP */ + ldns_resolver_set_usevc(res, true); + + while(status == LDNS_STATUS_OK && + ldns_pkt_reply_type(p) == LDNS_PACKET_REFERRAL) { + + if (verbosity >= 3) { + printf("This is a delegation!\n\n"); + } + if (address_family == 0 || address_family == 1) { + new_nss_a = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_A, LDNS_SECTION_ADDITIONAL); + } else { + new_nss_a = ldns_rr_list_new(); + } + if (address_family == 0 || address_family == 2) { + new_nss_aaaa = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_AAAA, LDNS_SECTION_ADDITIONAL); + } else { + new_nss_aaaa = ldns_rr_list_new(); + } + new_nss = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_NS, LDNS_SECTION_AUTHORITY); + + /* remove the old nameserver from the resolver */ + while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } + + /* also check for new_nss emptiness */ + + if (!new_nss_aaaa && !new_nss_a) { + /* + * no nameserver found!!! + * try to resolve the names we do got + */ + if (verbosity >= 3) { + printf("Did not get address record for nameserver, doing separate query.\n"); + } + ns_addr = ldns_rr_list_new(); + for(i = 0; (size_t) i < ldns_rr_list_rr_count(new_nss); i++) { + /* get the name of the nameserver */ + pop = ldns_rr_rdf(ldns_rr_list_rr(new_nss, i), 0); + if (!pop) { + break; + } + + /* retrieve it's addresses */ + ns_addr2 = ldns_get_rr_list_addr_by_name(local_res, pop, c, 0); + if (!ldns_rr_list_cat(ns_addr, ns_addr2)) { + fprintf(stderr, "Internal error adding nameserver address.\n"); + exit(EXIT_FAILURE); + } + ldns_rr_list_free(ns_addr2); + } + + if (ns_addr) { + if (ldns_resolver_push_nameserver_rr_list(res, ns_addr) != + LDNS_STATUS_OK) { + fprintf(stderr, "Error adding new nameservers"); + ldns_pkt_free(p); + return NULL; + } + ldns_rr_list_deep_free(ns_addr); + } else { + ldns_rr_list_print(stdout, ns_addr); + fprintf(stderr, "Could not find the nameserver ip addr; abort"); + ldns_pkt_free(p); + return NULL; + } + } + + /* normally, the first working ns is used, but we need all now, so do it one by one + * if the answer is null, take it from the next resolver + * if the answer is not, compare it to that of the next resolver + * error if different, continue if the same + * if answer list null and no resolvers left die. + */ + + ldns_rr_list_deep_free(answer_list); + ldns_rr_list_deep_free(authority_list); + answer_list = NULL; + authority_list = NULL; + for (nss_i = 0; nss_i < ldns_rr_list_rr_count(new_nss_aaaa); nss_i++) { + while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } + + status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); + } + + if (verbosity >= 1) { + fprintf(stdout, "Querying nameserver: "); + ldns_rdf_print(stdout, ldns_rr_owner(ldns_rr_list_rr(new_nss_aaaa, nss_i))); + fprintf(stdout, " ("); + ldns_rdf_print(stdout, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); + fprintf(stdout, ")\n"); + } + status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_aaaa, nss_i), 0)); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); + } + + ldns_pkt_free(p); + status = ldns_resolver_send(&p, res, name, t, c, 0); + if (status == LDNS_STATUS_OK && p) { + if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { + printf("Error in packet:\n"); + ldns_pkt_print(stdout, p); + return NULL; + } + + if (verbosity >= 4) { + ldns_pkt_print(stdout, p); + printf("\n\n"); + } + + if (answer_list) { + if (verbosity >= 2) { + printf("Comparing answer list of answer to previous\n\n"); + } + ldns_rr_list_sort(ldns_pkt_answer(p)); + ldns_rr_list_sort(answer_list); + if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { + fprintf(stderr, "ERROR: different answer answer from nameserver\n"); + fprintf(stderr, "\nI had (from previous servers):\n"); + ldns_rr_list_print(stderr, answer_list); + fprintf(stderr, "\nI received (from nameserver at "); + ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); + fprintf(stderr, "):\n"); + ldns_rr_list_print(stderr, ldns_pkt_answer(p)); + exit(EXIT_FAILURE); + } + } else { + answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); + ldns_rr_list_sort(answer_list); + if (verbosity >= 2) { + printf("First answer list for this set, nothing to compare with\n\n"); + } + } + if (authority_list) { + if (verbosity >= 2) { + printf("Comparing authority list of answer to previous\n\n"); + } + ldns_rr_list_sort(ldns_pkt_authority(p)); + ldns_rr_list_sort(authority_list); + if (ldns_rr_list_compare(authority_list, ldns_pkt_authority(p)) != 0) { + fprintf(stderr, "ERROR: different authority answer from nameserver\n"); + fprintf(stderr, "\nI had (from previous servers):\n"); + ldns_rr_list_print(stderr, authority_list); + fprintf(stderr, "\nI received (from nameserver at "); + ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); + fprintf(stderr, "):\n"); + ldns_rr_list_print(stderr, ldns_pkt_authority(p)); + exit(EXIT_FAILURE); + } + } else { + authority_list = ldns_rr_list_clone(ldns_pkt_authority(p)); + ldns_rr_list_sort(authority_list); + if (verbosity >= 2) { + printf("First authority list for this set, nothing to compare with\n\n"); + } + if (verbosity >= 3) { + printf("NS RRset:\n"); + ldns_rr_list_print(stdout, authority_list); + printf("\n"); + } + } + } + } + + ldns_rr_list_deep_free(answer_list); + ldns_rr_list_deep_free(authority_list); + answer_list = NULL; + authority_list = NULL; + for (nss_i = 0; nss_i < ldns_rr_list_rr_count(new_nss_a); nss_i++) { + + while((pop = ldns_resolver_pop_nameserver(res))) {ldns_rdf_deep_free(pop); } + + if (verbosity >= 1) { + fprintf(stdout, "Querying nameserver: "); + ldns_rdf_print(stdout, ldns_rr_owner(ldns_rr_list_rr(new_nss_a, nss_i))); + fprintf(stdout, " ("); + ldns_rdf_print(stdout, ldns_rr_rdf(ldns_rr_list_rr(new_nss_a, nss_i), 0)); + fprintf(stdout, ")\n"); + } + status = ldns_resolver_push_nameserver(res, ldns_rr_rdf(ldns_rr_list_rr(new_nss_a, nss_i), 0)); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); + } + + ldns_pkt_free(p); + status = ldns_resolver_send(&p, res, name, t, c, 0); + + if (status == LDNS_STATUS_OK) { + if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { + printf("Error in packet:\n"); + ldns_pkt_print(stdout, p); + return NULL; + } + + if (verbosity >= 4) { + ldns_pkt_print(stdout, p); + printf("\n\n"); + } + + if (answer_list) { + if (verbosity >= 2) { + printf("Comparing answer list of answer to previous\n\n"); + } + ldns_rr_list_sort(ldns_pkt_answer(p)); + ldns_rr_list_sort(answer_list); + if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { + fprintf(stderr, "ERROR: different answer answer from nameserver\n"); + fprintf(stderr, "\nI had (from previous servers):\n"); + ldns_rr_list_print(stderr, answer_list); + fprintf(stderr, "\nI received (from nameserver at "); + ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); + fprintf(stderr, "):\n"); + ldns_rr_list_print(stderr, ldns_pkt_answer(p)); + exit(EXIT_FAILURE); + } + } else { + if (verbosity >= 2) { + printf("First answer list for this set, nothing to compare with\n\n"); + } + answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); + ldns_rr_list_sort(answer_list); + } + if (authority_list) { + if (verbosity >= 2) { + printf("Comparing authority list of answer to previous\n\n"); + } + ldns_rr_list_sort(ldns_pkt_authority(p)); + ldns_rr_list_sort(authority_list); + if (ldns_rr_list_compare(authority_list, ldns_pkt_authority(p)) != 0) { + fprintf(stderr, "ERROR: different authority answer from nameserver\n"); + fprintf(stderr, "\nI had (from previous servers):\n"); + ldns_rr_list_print(stderr, authority_list); + fprintf(stderr, "\nI received (from nameserver at "); + ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); + fprintf(stderr, "):\n"); + ldns_rr_list_print(stderr, ldns_pkt_authority(p)); + exit(EXIT_FAILURE); + } + } else { + if (verbosity >= 2) { + printf("First authority list for this set, nothing to compare with\n\n"); + } + authority_list = ldns_rr_list_clone(ldns_pkt_authority(p)); + ldns_rr_list_sort(authority_list); + if (verbosity >= 3) { + printf("NS RRset:\n"); + ldns_rr_list_print(stdout, authority_list); + printf("\n"); + } + } + } + } + ldns_rr_list_deep_free(authority_list); + authority_list = NULL; + + if (loop_count++ > 20) { + /* unlikely that we are doing something useful */ + fprintf(stderr, "Looks like we are looping"); + ldns_pkt_free(p); + return NULL; + } + + ldns_pkt_free(p); + + if (verbosity >= 3) { + fprintf(stdout, "This level ok. Continuing to next.\n\n"); + } + + status = ldns_resolver_send(&p, res, name, t, c, 0); + + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error querying root servers: %s\n", ldns_get_errorstr_by_id(status)); + return NULL; + } + + if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { + printf("Error in packet:\n"); + ldns_pkt_print(stdout, p); + return NULL; + } + + if (verbosity >= 4) { + ldns_pkt_print(stdout, p); + printf("\n\n"); + } + + + ldns_rr_list_deep_free(new_nss_aaaa); + ldns_rr_list_deep_free(new_nss_a); + ldns_rr_list_deep_free(new_nss); + new_nss_aaaa = NULL; + new_nss_a = NULL; + ns_addr = NULL; + } + + ldns_rr_list_deep_free(answer_list); + answer_list = NULL; + /* clone the nameserver list, we are going to handle them one by one */ + last_nameserver_count = 0; + last_nameservers = LDNS_XMALLOC(ldns_rdf *, ldns_resolver_nameserver_count(res)); + + pop = NULL; + while((pop = ldns_resolver_pop_nameserver(res))) { + last_nameservers[last_nameserver_count] = pop; + last_nameserver_count++; + } + + for (nss_i = 0; nss_i < last_nameserver_count; nss_i++) { + /* remove previous nameserver */ + while((pop = ldns_resolver_pop_nameserver(res))) { ldns_rdf_deep_free(pop); } + + if (verbosity >= 1) { + printf("Querying nameserver: "); + ldns_rdf_print(stdout, last_nameservers[nss_i]); + printf("\n"); + } + status = ldns_resolver_push_nameserver(res, last_nameservers[nss_i]); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error adding nameserver to resolver: %s\n", ldns_get_errorstr_by_id(status)); + } + + ldns_pkt_free(p); + status = ldns_resolver_send(&p, res, name, t, c, 0); + + if (!p) { + fprintf(stderr, "no packet received\n"); + LDNS_FREE(last_nameservers); + return NULL; + } + + if (status == LDNS_STATUS_RES_NO_NS) { + fprintf(stderr, "Error: nameserver at "); + ldns_rdf_print(stderr, last_nameservers[nss_i]); + fprintf(stderr, " not responding. Unable to check RRset here, aborting.\n"); + LDNS_FREE(last_nameservers); + return NULL; + } + + if (ldns_pkt_get_rcode(p) != LDNS_RCODE_NOERROR) { + printf("Error in packet:\n"); + ldns_pkt_print(stdout, p); + LDNS_FREE(last_nameservers); + return NULL; + } + + if (answer_list) { + if (verbosity >= 2) { + printf("1Comparing answer rr list of answer to previous\n"); + } + ldns_rr_list_sort(ldns_pkt_answer(p)); + ldns_rr_list_sort(answer_list); + if (ldns_rr_list_compare(answer_list, ldns_pkt_answer(p)) != 0) { + printf("ERROR: different answer section in response from nameserver\n"); + fprintf(stderr, "\nI had:\n"); + ldns_rr_list_print(stderr, answer_list); + fprintf(stderr, "\nI received (from nameserver at "); + ldns_rdf_print(stderr, ldns_resolver_nameservers(res)[0]); + fprintf(stderr, "):\n"); + ldns_rr_list_print(stderr, ldns_pkt_answer(p)); + exit(EXIT_FAILURE); + } + } else { + if (verbosity >= 2) { + printf("First answer rr list for this set, nothing to compare with\n"); + } + answer_list = ldns_rr_list_clone(ldns_pkt_answer(p)); + if (verbosity >= 3) { + printf("DNSKEY RRset:\n"); + ldns_rr_list_print(stdout, answer_list); + } + } + + } + + for (nss_i = 0; nss_i < last_nameserver_count; nss_i++) { + ldns_rdf_deep_free(last_nameservers[nss_i]); + } + LDNS_FREE(last_nameservers); + ldns_resolver_deep_free(res); + ldns_pkt_free(p); + return answer_list; +} + + +/* + * The file with the given path should contain a list of NS RRs + * for the root zone and A records for those NS RRs. + * Read them, check them, and append the a records to the rr list given. + */ +static ldns_rr_list * +read_root_hints(const char *filename) +{ + FILE *fp = NULL; + int line_nr = 0; + ldns_zone *z; + ldns_status status; + ldns_rr_list *addresses = NULL; + ldns_rr *rr; + size_t i; + + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s for reading: %s\n", filename, strerror(errno)); + return NULL; + } + + status = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, 0, &line_nr); + fclose(fp); + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Error reading root hints file: %s\n", ldns_get_errorstr_by_id(status)); + return NULL; + } else { + addresses = ldns_rr_list_new(); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { + rr = ldns_rr_list_rr(ldns_zone_rrs(z), i); + if ((address_family == 0 || address_family == 1) && + ldns_rr_get_type(rr) == LDNS_RR_TYPE_A ) { + ldns_rr_list_push_rr(addresses, ldns_rr_clone(rr)); + } + if ((address_family == 0 || address_family == 2) && + ldns_rr_get_type(rr) == LDNS_RR_TYPE_AAAA) { + ldns_rr_list_push_rr(addresses, ldns_rr_clone(rr)); + } + } + ldns_zone_deep_free(z); + return addresses; + } +} + + +int +main(int argc, char *argv[]) +{ + ldns_resolver *res; + ldns_rdf *ns; + ldns_rdf *domain; + ldns_rr_list *l = NULL; + + ldns_rr_list *dns_root = NULL; + const char *root_file = "/etc/named.root"; + + ldns_status status; + + int i; + + char *domain_str; + char *outputfile_str; + ldns_buffer *outputfile_buffer; + FILE *outputfile; + ldns_rr *k; + + bool insecure = false; + ldns_pkt *pkt; + + domain = NULL; + res = NULL; + + if (argc < 2) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } else { + for (i = 1; i < argc; i++) { + if (strncmp("-4", argv[i], 3) == 0) { + if (address_family != 0) { + fprintf(stderr, "Options -4 and -6 cannot be specified at the same time\n"); + exit(EXIT_FAILURE); + } + address_family = 1; + } else if (strncmp("-6", argv[i], 3) == 0) { + if (address_family != 0) { + fprintf(stderr, "Options -4 and -6 cannot be specified at the same time\n"); + exit(EXIT_FAILURE); + } + address_family = 2; + } else if (strncmp("-h", argv[i], 3) == 0) { + usage(stdout, argv[0]); + exit(EXIT_SUCCESS); + } else if (strncmp("-i", argv[i], 2) == 0) { + insecure = true; + } else if (strncmp("-r", argv[i], 2) == 0) { + if (strlen(argv[i]) > 2) { + root_file = argv[i]+2; + } else if (i+1 >= argc) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } else { + root_file = argv[i+1]; + i++; + } + } else if (strncmp("-s", argv[i], 3) == 0) { + store_in_file = true; + } else if (strncmp("-v", argv[i], 2) == 0) { + if (strlen(argv[i]) > 2) { + verbosity = atoi(argv[i]+2); + } else if (i+1 > argc) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } else { + verbosity = atoi(argv[i+1]); + i++; + } + } else { + /* create a rdf from the command line arg */ + if (domain) { + fprintf(stdout, "You can only specify one domain at a time\n"); + exit(EXIT_FAILURE); + } + + domain = ldns_dname_new_frm_str(argv[i]); + } + + } + if (!domain) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } + } + + dns_root = read_root_hints(root_file); + if (!dns_root) { + fprintf(stderr, "cannot read the root hints file\n"); + exit(EXIT_FAILURE); + } + + /* create a new resolver from /etc/resolv.conf */ + status = ldns_resolver_new_frm_file(&res, NULL); + + if (status != LDNS_STATUS_OK) { + fprintf(stderr, "Warning: Unable to create stub resolver from /etc/resolv.conf:\n"); + fprintf(stderr, "%s\n", ldns_get_errorstr_by_id(status)); + fprintf(stderr, "defaulting to nameserver at 127.0.0.1 for separate nameserver name lookups\n"); + do { + res = ldns_resolver_new(); + if (res) { + ns = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, + "127.0.0.1"); + if (ns) { + status = ldns_resolver_push_nameserver( + res, ns); + if (status == LDNS_STATUS_OK) { + break; + } + ldns_rdf_deep_free(ns); + } + ldns_resolver_free(res); + } + fprintf(stderr, "Unable to create stub resolver: %s\n", + ldns_get_errorstr_by_id(status)); + exit(EXIT_FAILURE); + + } while (false); + ldns_rdf_deep_free(ns); + } + + ldns_resolver_set_ip6(res, address_family); + + if (insecure) { + pkt = ldns_resolver_query(res, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, LDNS_RD); + if (pkt) { + l = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_DNSKEY, LDNS_SECTION_ANY_NOQUESTION); + } + } else { + l = retrieve_dnskeys(res, domain, LDNS_RR_TYPE_DNSKEY, LDNS_RR_CLASS_IN, dns_root); + } + + /* separator for result data and verbosity data */ + if (verbosity > 0) { + fprintf(stdout, "; ---------------------------\n"); + fprintf(stdout, "; Got the following keys:\n"); + } + if (l) { + if (store_in_file) { + /* create filename: + * K.+.+.key + */ + for (i = 0; (size_t) i < ldns_rr_list_rr_count(l); i++) { + k = ldns_rr_list_rr(l, (size_t) i); + + outputfile_buffer = ldns_buffer_new(300); + domain_str = ldns_rdf2str(ldns_rr_owner(k)); + ldns_buffer_printf(outputfile_buffer, "K%s+%03u+%05u.key", domain_str, ldns_rdf2native_int8(ldns_rr_rdf(k, 2)), + (unsigned int) ldns_calc_keytag(k)); + outputfile_str = ldns_buffer_export(outputfile_buffer); + + if (verbosity >= 1) { + fprintf(stdout, "Writing key to file %s\n", outputfile_str); + } + + outputfile = fopen(outputfile_str, "w"); + if (!outputfile) { + fprintf(stderr, "Error writing key to file %s: %s\n", outputfile_str, strerror(errno)); + } else { + ldns_rr_print(outputfile, k); + fclose(outputfile); + } + + LDNS_FREE(domain_str); + LDNS_FREE(outputfile_str); + LDNS_FREE(outputfile_buffer); + } + } else { + ldns_rr_list_print(stdout, l); + } + } else { + fprintf(stderr, "no answer packet received, stub resolver config:\n"); + ldns_resolver_print(stderr, res); + } + + ldns_rdf_deep_free(domain); + ldns_resolver_deep_free(res); + ldns_rr_list_deep_free(l); + ldns_rr_list_deep_free(dns_root); + return EXIT_SUCCESS; +} diff --git a/zonemaster-ldns/ldns/examples/ldns-keygen.1 b/zonemaster-ldns/ldns/examples/ldns-keygen.1 new file mode 100644 index 0000000..7e52a60 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-keygen.1 @@ -0,0 +1,69 @@ +.TH ldns-keygen 1 "27 May 2008" +.SH NAME +ldns-keygen \- generate a DNSSEC key pair +.SH SYNOPSIS +.B ldns-keygen +[ +.IR OPTION +] +.IR DOMAIN + +.SH DESCRIPTION +\fBldns-keygen\fR is used to generate a private/public keypair. When run, it +will create 3 files; a .key file with the public DNSKEY, a .private +file with the private keydata and a .ds with the DS record of the +DNSKEY record. + +\fBldns-keygen\fR can also be used to create symmetric keys (for TSIG) by +selecting the appropriate algorithm: \%\fIhmac-md5.sig-alg.reg.int\fR, +\%\fIhmac-sha1\fR, \%\fIhmac-sha224\fR, \%\fIhmac-sha256\fR, \%\fIhmac-sha384\fR or \%\fIhmac-sha512\fR. +In that case no DS record will be created and no .ds file. + +\fBldns-keygen\fR prints the basename for the key files: +K++ + +.SH OPTIONS +.TP +\fB-a \fI\fR +Create a key with this algorithm. Specifying 'list' here gives a list of supported algorithms. +Several alias names are also accepted (from older versions and other software), +the list gives names from the RFC. Also the plain algo number is accepted. + +.TP +\fB-b \fI\fR +Use this many bits for the key length. + +.TP +\fB-k\fR +When given, generate a key signing key. This just sets the flag field to +257 instead of 256 in the DNSKEY RR in the .key file. + +.TP +\fB-r \fIdevice\fR +Make ldns-keygen use this file to seed the random generator with. This will +default to /dev/random. + +.TP +\fB-s\fR +ldns-keygen will create symbolic links named \fB.private\fR to +the new generated private key, \fB.key\fR to the public DNSKEY +and \fB.ds\fR to the file containing DS record data. + +.TP +\fB-f\fR +force symlinks to be overwritten if they exist. + +.TP +\fB-v\fR +Show the version and exit + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005-2008 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-keygen.c b/zonemaster-ldns/ldns/examples/ldns-keygen.c new file mode 100644 index 0000000..351fc1b --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-keygen.c @@ -0,0 +1,475 @@ +/* + * keygen is a small programs that generate a dnskey and private key + * for a particular domain. + * + * (c) NLnet Labs, 2005 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" + +#include + +#include +#include +#include +#include +#include + +#ifdef HAVE_SSL +static void +usage(FILE *fp, char *prog) { + fprintf(fp, "%s -a [-b bits] [-r /dev/random] [-s] [-f] [-v] domain\n", + prog); + fprintf(fp, " generate a new key pair for domain\n"); + fprintf(fp, " -a \tuse the specified algorithm (-a list to"); + fprintf(fp, " show a list)\n"); + fprintf(fp, " -k\t\tset the flags to 257; key signing key\n"); + fprintf(fp, " -b \tspecify the keylength\n"); + fprintf(fp, " -r \tspecify a random device (defaults to /dev/random)\n"); + fprintf(fp, "\t\tto seed the random generator with\n"); + fprintf(fp, " -s\t\tcreate additional symlinks with constant names\n"); + fprintf(fp, " -f\t\tforce override of existing symlinks\n"); + fprintf(fp, " -v\t\tshow the version and exit\n"); + fprintf(fp, " The following files will be created:\n"); + fprintf(fp, " K++.key\tPublic key in RR format\n"); + fprintf(fp, " K++.private\tPrivate key in key format\n"); + fprintf(fp, " K++.ds\tDS in RR format (only for DNSSEC KSK keys)\n"); + fprintf(fp, " The base name (K++ will be printed to stdout\n"); +} + +static void +show_algorithms(FILE *out) +{ + ldns_lookup_table *lt = ldns_signing_algorithms; + fprintf(out, "Possible algorithms:\n"); + + while (lt->name) { + fprintf(out, "%s\n", lt->name); + lt++; + } +} + +static int +remove_symlink(const char *symlink_name) +{ + int result; + + if ((result = unlink(symlink_name)) == -1) { + if (errno == ENOENT) { + /* it's OK if the link simply didn't exist */ + result = 0; + } else { + /* error if unlink fail */ + fprintf(stderr, "Can't delete symlink %s: %s\n", symlink_name, strerror(errno)); + } + } + return result; +} + +static int +create_symlink(const char *symlink_destination, const char *symlink_name) +{ + int result = 0; + + if (!symlink_name) + return result; /* no arg "-s" at all */ + +#ifdef HAVE_SYMLINK + if ((result = symlink(symlink_destination, symlink_name)) == -1) { + fprintf(stderr, "Unable to create symlink %s -> %s: %s\n", symlink_name, symlink_destination, strerror(errno)); + } +#else + fprintf(stderr, "Unable to create symlink %s -> %s: no symlink()\n", symlink_name, symlink_destination); +#endif + return result; +} + +int +main(int argc, char *argv[]) +{ + int c; + int fd; + char *prog; + + /* default key size */ + uint16_t def_bits = 1024; + uint16_t bits = def_bits; + bool had_bits = false; + bool ksk; + + FILE *file; + FILE *random; + char *filename; + char *owner; + bool symlink_create; + bool symlink_override; + + ldns_signing_algorithm algorithm; + ldns_rdf *domain; + ldns_rr *pubkey; + ldns_key *key; + ldns_rr *ds; + + prog = strdup(argv[0]); + algorithm = 0; + random = NULL; + ksk = false; /* don't create a ksk per default */ + symlink_create = false; + symlink_override = false; + + while ((c = getopt(argc, argv, "a:kb:r:sfv")) != -1) { + switch (c) { + case 'a': + if (algorithm != 0) { + fprintf(stderr, "The -a argument can only be used once\n"); + exit(1); + } + if (strncmp(optarg, "list", 5) == 0) { + show_algorithms(stdout); + exit(EXIT_SUCCESS); + } + algorithm = ldns_get_signing_algorithm_by_name(optarg); + if (algorithm == 0) { + fprintf(stderr, "Algorithm %s not found\n", optarg); + show_algorithms(stderr); + exit(EXIT_FAILURE); + } + break; + case 'b': + bits = (uint16_t) atoi(optarg); + if (bits == 0) { + fprintf(stderr, "%s: %s %d", prog, "Can not parse the -b argument, setting it to the default\n", (int) def_bits); + bits = def_bits; + } else + had_bits = true; + break; + case 'k': + ksk = true; + break; + case 'r': + random = fopen(optarg, "r"); + if (!random) { + fprintf(stderr, "Cannot open random file %s: %s\n", optarg, strerror(errno)); + exit(EXIT_FAILURE); + } + break; + case 's': + symlink_create = true; + break; + case 'f': + symlink_override = true; + break; + case 'v': + printf("DNSSEC key generator version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); + exit(EXIT_SUCCESS); + break; + default: + usage(stderr, prog); + exit(EXIT_FAILURE); + } + } + argc -= optind; + argv += optind; + + if (algorithm == 0) { + printf("Please use the -a argument to provide an algorithm\n"); + exit(1); + } + + if (argc != 1) { + usage(stderr, prog); + exit(EXIT_FAILURE); + } + free(prog); + + /* check whether key size is within RFC boundaries */ + switch (algorithm) { + case LDNS_SIGN_RSAMD5: + case LDNS_SIGN_RSASHA1: + case LDNS_SIGN_RSASHA1_NSEC3: + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: + if (bits < 512 || bits > 4096) { + fprintf(stderr, "For RSA, the key size must be between "); + fprintf(stderr, " 512 and 4096 bits. Aborting.\n"); + exit(1); + } + break; +#ifdef USE_DSA + case LDNS_SIGN_DSA: + case LDNS_SIGN_DSA_NSEC3: + if (bits < 512 || bits > 1024) { + fprintf(stderr, "For DSA, the key size must be between "); + fprintf(stderr, " 512 and 1024 bits. Aborting.\n"); + exit(1); + } + break; +#endif /* USE_DSA */ +#ifdef USE_GOST + case LDNS_SIGN_ECC_GOST: + if(!ldns_key_EVP_load_gost_id()) { + fprintf(stderr, "error: libcrypto does not provide GOST\n"); + exit(EXIT_FAILURE); + } + break; +#endif +#ifdef USE_ECDSA + case LDNS_SIGN_ECDSAP256SHA256: + case LDNS_SIGN_ECDSAP384SHA384: + break; +#endif + case LDNS_SIGN_HMACMD5: + if (!had_bits) { + bits = 512; + } else if (bits < 1 || bits > 512) { + fprintf(stderr, "For hmac-md5, the key size must be "); + fprintf(stderr, "between 1 and 512 bits. Aborting.\n"); + exit(1); + } + break; + case LDNS_SIGN_HMACSHA1: + if (!had_bits) { + bits = 160; + } else if (bits < 1 || bits > 160) { + fprintf(stderr, "For hmac-sha1, the key size must be "); + fprintf(stderr, "between 1 and 160 bits. Aborting.\n"); + exit(1); + } + break; + + case LDNS_SIGN_HMACSHA224: + if (!had_bits) { + bits = 224; + } else if (bits < 1 || bits > 224) { + fprintf(stderr, "For hmac-sha224, the key size must be "); + fprintf(stderr, "between 1 and 224 bits. Aborting.\n"); + exit(1); + } + break; + + case LDNS_SIGN_HMACSHA256: + if (!had_bits) { + bits = 256; + } else if (bits < 1 || bits > 256) { + fprintf(stderr, "For hmac-sha256, the key size must be "); + fprintf(stderr, "between 1 and 256 bits. Aborting.\n"); + exit(1); + } + break; + + case LDNS_SIGN_HMACSHA384: + if (!had_bits) { + bits = 384; + } else if (bits < 1 || bits > 384) { + fprintf(stderr, "For hmac-sha384, the key size must be "); + fprintf(stderr, "between 1 and 384 bits. Aborting.\n"); + exit(1); + } + break; + + case LDNS_SIGN_HMACSHA512: + if (!had_bits) { + bits = 512; + } else if (bits < 1 || bits > 512) { + fprintf(stderr, "For hmac-sha512, the key size must be "); + fprintf(stderr, "between 1 and 512 bits. Aborting.\n"); + exit(1); + } + break; + default: + break; + } + + if (!random) { + random = fopen("/dev/random", "r"); + if (!random) { + fprintf(stderr, "Cannot open random file %s: %s\n", optarg, strerror(errno)); + exit(EXIT_FAILURE); + } + } + + (void)ldns_init_random(random, (unsigned int) bits/8); + fclose(random); + + /* create an rdf from the domain name */ + domain = ldns_dname_new_frm_str(argv[0]); + + /* generate a new key */ + key = ldns_key_new_frm_algorithm(algorithm, bits); + if(!key) { + fprintf(stderr, "cannot generate key of algorithm %s\n", + ldns_pkt_algorithm2str((ldns_algorithm)algorithm)); + exit(EXIT_FAILURE); + } + + /* set the owner name in the key - this is a /separate/ step */ + ldns_key_set_pubkey_owner(key, domain); + + /* ksk flag */ + if (ksk) { + ldns_key_set_flags(key, ldns_key_flags(key) + 1); + } + + /* create the public from the ldns_key */ + pubkey = ldns_key2rr(key); + if (!pubkey) { + fprintf(stderr, "Could not extract the public key from the key structure..."); + ldns_key_deep_free(key); + exit(EXIT_FAILURE); + } + owner = ldns_rdf2str(ldns_rr_owner(pubkey)); + + /* calculate and set the keytag */ + ldns_key_set_keytag(key, ldns_calc_keytag(pubkey)); + + /* build the DS record */ + switch (algorithm) { +#ifdef USE_ECDSA + case LDNS_SIGN_ECDSAP384SHA384: + ds = ldns_key_rr2ds(pubkey, LDNS_SHA384); + break; + case LDNS_SIGN_ECDSAP256SHA256: +#endif +#ifdef USE_ED25519 + case LDNS_SIGN_ED25519: +#endif +#ifdef USE_ED448 + case LDNS_SIGN_ED448: +#endif + case LDNS_SIGN_RSASHA256: + case LDNS_SIGN_RSASHA512: + ds = ldns_key_rr2ds(pubkey, LDNS_SHA256); + break; + case LDNS_SIGN_ECC_GOST: +#ifdef USE_GOST + ds = ldns_key_rr2ds(pubkey, LDNS_HASH_GOST); +#else + ds = ldns_key_rr2ds(pubkey, LDNS_SHA256); +#endif + break; + default: + ds = ldns_key_rr2ds(pubkey, LDNS_SHA1); + break; + } + + /* maybe a symlinks should be removed */ + if (symlink_create && symlink_override) { + if (remove_symlink(".key") != 0) { + exit(EXIT_FAILURE); + } + if (remove_symlink(".private") != 0) { + exit(EXIT_FAILURE); + } + if (remove_symlink(".ds") != 0) { + exit(EXIT_FAILURE); + } + } + + /* print the public key RR to .key */ + filename = LDNS_XMALLOC(char, strlen(owner) + 17); + snprintf(filename, strlen(owner) + 16, "K%s+%03u+%05u.key", owner, algorithm, (unsigned int) ldns_key_keytag(key)); + file = fopen(filename, "w"); + if (!file) { + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); + ldns_key_deep_free(key); + free(owner); + ldns_rr_free(pubkey); + ldns_rr_free(ds); + LDNS_FREE(filename); + exit(EXIT_FAILURE); + } else { + /* temporarily set question so that TTL is not printed */ + ldns_rr_set_question(pubkey, true); + ldns_rr_print(file, pubkey); + ldns_rr_set_question(pubkey, false); + fclose(file); + if (symlink_create) { + if (create_symlink(filename, ".key") != 0) { + goto silentfail; + } + } + LDNS_FREE(filename); + } + + /* print the priv key to stderr */ + filename = LDNS_XMALLOC(char, strlen(owner) + 21); + snprintf(filename, strlen(owner) + 20, "K%s+%03u+%05u.private", owner, algorithm, (unsigned int) ldns_key_keytag(key)); + /* use open() here to prevent creating world-readable private keys (CVE-2014-3209)*/ + fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); + if (fd < 0) { + goto fail; + } + + file = fdopen(fd, "w"); + if (!file) { + goto fail; + } + + ldns_key_print(file, key); + fclose(file); + if (symlink_create) { + if (create_symlink(filename, ".private") != 0) { + goto silentfail; + } + } + LDNS_FREE(filename); + + /* print the DS to .ds */ + if (ksk && algorithm != LDNS_SIGN_HMACMD5 && + algorithm != LDNS_SIGN_HMACSHA1 && + algorithm != LDNS_SIGN_HMACSHA224 && + algorithm != LDNS_SIGN_HMACSHA256 && + algorithm != LDNS_SIGN_HMACSHA384 && + algorithm != LDNS_SIGN_HMACSHA512) { + filename = LDNS_XMALLOC(char, strlen(owner) + 16); + snprintf(filename, strlen(owner) + 15, "K%s+%03u+%05u.ds", owner, algorithm, (unsigned int) ldns_key_keytag(key)); + file = fopen(filename, "w"); + if (!file) { + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); + ldns_key_deep_free(key); + free(owner); + ldns_rr_free(pubkey); + ldns_rr_free(ds); + LDNS_FREE(filename); + exit(EXIT_FAILURE); + } else { + /* temporarily set question so that TTL is not printed */ + ldns_rr_set_question(ds, true); + ldns_rr_print(file, ds); + ldns_rr_set_question(ds, false); + fclose(file); + if (symlink_create) { + if (create_symlink(filename, ".ds") != 0) { + goto silentfail; + } + } + LDNS_FREE(filename); + } + } + + fprintf(stdout, "K%s+%03u+%05u\n", owner, algorithm, (unsigned int) ldns_key_keytag(key)); + ldns_key_deep_free(key); + free(owner); + ldns_rr_free(pubkey); + ldns_rr_free(ds); + exit(EXIT_SUCCESS); + +fail: + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); +silentfail: + ldns_key_deep_free(key); + free(owner); + ldns_rr_free(pubkey); + ldns_rr_free(ds); + LDNS_FREE(filename); + exit(EXIT_FAILURE); +} +#else +int +main(int argc, char **argv) +{ + fprintf(stderr, "ldns-keygen needs OpenSSL support, which has not been compiled in\n"); + return 1; +} +#endif /* HAVE_SSL */ diff --git a/zonemaster-ldns/ldns/examples/ldns-mx.1 b/zonemaster-ldns/ldns/examples/ldns-mx.1 new file mode 100644 index 0000000..ec110cb --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-mx.1 @@ -0,0 +1,23 @@ +.TH ldns-mx 1 "27 Apr 2005" +.SH NAME +ldns-mx \- print out the mx record(s) for a domain +.SH SYNOPSIS +.B ldns-mx +.IR DOMAIN + +.SH DESCRIPTION +\fBldns-mx\fR is used to print out mx information of a domain. + +.SH OPTIONS +\fBldns-mx\fR has no options. + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-mx.c b/zonemaster-ldns/ldns/examples/ldns-mx.c new file mode 100644 index 0000000..84d27c8 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-mx.c @@ -0,0 +1,97 @@ +/* + * mx is a small program that prints out the mx records + * for a particular domain + * (c) NLnet Labs, 2005 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" + +#include + +static int +usage(FILE *fp, char *prog) { + fprintf(fp, "%s domain\n", prog); + fprintf(fp, " print out the mx for domain\n"); + return 0; +} + +int +main(int argc, char *argv[]) +{ + ldns_resolver *res; + ldns_rdf *domain; + ldns_pkt *p; + ldns_rr_list *mx; + ldns_status s; + + p = NULL; + mx = NULL; + domain = NULL; + res = NULL; + + if (argc != 2) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } else { + /* create a rdf from the command line arg */ + domain = ldns_dname_new_frm_str(argv[1]); + if (!domain) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } + if (! ldns_dname_str_absolute(argv[1]) && + ldns_dname_absolute(domain)) { + + /* ldns_dname_new_frm_str makes absolute dnames always! + * So deabsolutify domain. + * TODO: Create ldns_dname_new_frm_str_relative? Yuck! + */ + ldns_rdf_set_size(domain, ldns_rdf_size(domain) - 1); + } + } + + /* create a new resolver from /etc/resolv.conf */ + s = ldns_resolver_new_frm_file(&res, NULL); + + if (s != LDNS_STATUS_OK) { + exit(EXIT_FAILURE); + } + + /* use the resolver to send a query for the mx + * records of the domain given on the command line + */ + p = ldns_resolver_search(res, + domain, + LDNS_RR_TYPE_MX, + LDNS_RR_CLASS_IN, + LDNS_RD); + + ldns_rdf_deep_free(domain); + + if (!p) { + exit(EXIT_FAILURE); + } else { + /* retrieve the MX records from the answer section of that + * packet + */ + mx = ldns_pkt_rr_list_by_type(p, + LDNS_RR_TYPE_MX, + LDNS_SECTION_ANSWER); + if (!mx) { + fprintf(stderr, + " *** invalid answer name %s after MX query for %s\n", + argv[1], argv[1]); + ldns_pkt_free(p); + ldns_resolver_deep_free(res); + exit(EXIT_FAILURE); + } else { + ldns_rr_list_sort(mx); + ldns_rr_list_print(stdout, mx); + ldns_rr_list_deep_free(mx); + } + } + ldns_pkt_free(p); + ldns_resolver_deep_free(res); + return 0; +} diff --git a/zonemaster-ldns/ldns/examples/ldns-notify.1 b/zonemaster-ldns/ldns/examples/ldns-notify.1 new file mode 100644 index 0000000..b77b0d4 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-notify.1 @@ -0,0 +1,70 @@ +.TH ldns-notify 1 "9 Jan 2007" +.SH NAME +ldns-notify \- notify DNS servers that updates are available +.SH SYNOPSIS +.B ldns-notify +[options] +\-z zone +.IR servers + +.SH DESCRIPTION + +\fBldns-notify\fR sends a NOTIFY message to DNS servers. This tells them +that an updated zone is available at the master servers. It can perform +TSIG signatures and it can add a SOA serial number of the updated zone. +If a server already has that serial number it will disregard the message. + +.SH OPTIONS +.TP +\fB-z zone\fR +The zone that is updated. + +.TP +\fB-I address\fR +Source IP to send query from. + +.TP +\fB-h\fR +Show usage and exit + +.TP +\fB-v\fR +Show the version and exit + +.TP +\fB-s serial\fR +Append a SOA record indicating the serial number of the updated zone. + +.TP +\fB-p port\fR +Use port as destination port (default the DNS port 53) for the UDP packets. + +.TP +\fB-y key:data[:algo] \fR +Use the given TSIG key and base64-data, and optionally an algorithm to sign +the NOTIFY. The algorithm defaults to hmac-md5.sig-alg.reg.int. + +.TP +\fB-d\fR +Print verbose debug information. The query that is sent and the query +that is received. + +.TP +\fB-r num\fR +Specify the maximum number of retries before notify gives up trying to +send the UDP packet. + +.SH EXIT CODE +The program exits with a 0 exit code if all servers replied an +acknowledgement to the notify message, and a failure exit code otherwise. + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-notify.c b/zonemaster-ldns/ldns/examples/ldns-notify.c new file mode 100644 index 0000000..0c4f68d --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-notify.c @@ -0,0 +1,402 @@ +/* + * ldns-notify.c - ldns-notify(8) + * + * Copyright (c) 2001-2008, NLnet Labs, All right reserved + * + * See LICENSE for the license + * + * send a notify packet to a server + */ + +#include "config.h" + +/* ldns */ +#include + +#ifdef HAVE_NETDB_H +#include +#endif +#include + +static int verbose = 1; +static int max_num_retry = 15; /* times to try */ + +static void +usage(void) +{ + fprintf(stderr, "usage: ldns-notify [other options] -z zone \n"); + fprintf(stderr, "Ldns notify utility\n\n"); + fprintf(stderr, " Supported options:\n"); + fprintf(stderr, "\t-z zone\t\tThe zone\n"); + fprintf(stderr, "\t-I
\tsource address to query from\n"); + fprintf(stderr, "\t-s version\tSOA version number to include\n"); + fprintf(stderr, "\t-y \tspecify named base64 tsig key" + ", and optional an\n\t\t\t" + "algorithm (defaults to hmac-md5.sig-alg.reg.int)\n"); + fprintf(stderr, "\t-p port\t\tport to use to send to\n"); + fprintf(stderr, "\t-v\t\tPrint version information\n"); + fprintf(stderr, "\t-d\t\tPrint verbose debug information\n"); + fprintf(stderr, "\t-r num\t\tmax number of retries (%d)\n", + max_num_retry); + fprintf(stderr, "\t-h\t\tPrint this help information\n\n"); + fprintf(stderr, "Report bugs to \n"); + exit(1); +} + +static void +version(void) +{ + fprintf(stderr, "%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION); + fprintf(stderr, "Written by NLnet Labs.\n\n"); + fprintf(stderr, + "Copyright (C) 2001-2008 NLnet Labs. This is free software.\n" + "There is NO warranty; not even for MERCHANTABILITY or FITNESS\n" + "FOR A PARTICULAR PURPOSE.\n"); + exit(0); +} + +static void +notify_host(int s, struct addrinfo* res, uint8_t* wire, size_t wiresize, + const char* addrstr) +{ + int timeout_retry = 5; /* seconds */ + int num_retry = max_num_retry; +#ifndef S_SPLINT_S + fd_set rfds; +#endif + struct timeval tv; + int retval = 0; + ssize_t received = 0; + int got_ack = 0; + socklen_t addrlen = 0; + uint8_t replybuf[2048]; + ldns_status status; + ldns_pkt* pkt = NULL; + + while(!got_ack) { + /* send it */ + if(sendto(s, (void*)wire, wiresize, 0, + res->ai_addr, res->ai_addrlen) == -1) { + printf("warning: send to %s failed: %s\n", + addrstr, strerror(errno)); +#ifndef USE_WINSOCK + close(s); +#else + closesocket(s); +#endif + return; + } + + /* wait for ACK packet */ +#ifndef S_SPLINT_S + FD_ZERO(&rfds); + FD_SET(s, &rfds); + tv.tv_sec = timeout_retry; /* seconds */ +#endif + tv.tv_usec = 0; /* microseconds */ + retval = select(s + 1, &rfds, NULL, NULL, &tv); + if (retval == -1) { + printf("error waiting for reply from %s: %s\n", + addrstr, strerror(errno)); +#ifndef USE_WINSOCK + close(s); +#else + closesocket(s); +#endif + return; + } + if(retval == 0) { + num_retry--; + if(num_retry == 0) { + printf("error: failed to send notify to %s.\n", + addrstr); + exit(1); + } + printf("timeout (%d s) expired, retry notify to %s.\n", + timeout_retry, addrstr); + } + if (retval == 1) { + got_ack = 1; + } + } + + /* got reply */ + addrlen = res->ai_addrlen; + received = recvfrom(s, (void*)replybuf, sizeof(replybuf), 0, + res->ai_addr, &addrlen); + res->ai_addrlen = addrlen; + +#ifndef USE_WINSOCK + close(s); +#else + closesocket(s); +#endif + if (received == -1) { + printf("recv %s failed: %s\n", addrstr, strerror(errno)); + return; + } + + /* check reply */ + status = ldns_wire2pkt(&pkt, replybuf, (size_t)received); + if(status != LDNS_STATUS_OK) { + ssize_t i; + printf("Could not parse reply packet: %s\n", + ldns_get_errorstr_by_id(status)); + if (verbose > 1) { + printf("hexdump of reply: "); + for(i=0; i 1) { + printf("hexdump of reply: "); + for(i=0; i %s\n", optarg); + exit(1); + } + tsig_name = optarg; + *tsig_sep++ = '\0'; + tsig_data = tsig_sep; + if ((tsig_sep = strchr(tsig_sep, ':'))) { + *tsig_sep++ = '\0'; + tsig_algo = tsig_sep; + } else { + tsig_algo = "hmac-md5.sig-alg.reg.int."; + } + /* With dig TSIG keys are also specified with -y, + * but format with drill is: -y + * and with dig: -y [hmac:]name:key + * + * When we detect an unknown tsig algorithm in algo, + * but a known algorithm in name, we cane assume dig + * order was used. + * + * Following if statement is to anticipate and correct + * dig order + */ + if (strcasecmp(tsig_algo, "hmac-md5.sig-alg.reg.int")&& + strcasecmp(tsig_algo, "hmac-md5") && + strcasecmp(tsig_algo, "hmac-sha1") && + strcasecmp(tsig_algo, "hmac-sha256") && + strcasecmp(tsig_algo, "hmac-sha384") && + strcasecmp(tsig_algo, "hmac-sha512") && + ! (strcasecmp(tsig_name, "hmac-md5.sig-alg.reg.int") + && strcasecmp(tsig_name, "hmac-md5") + && strcasecmp(tsig_name, "hmac-sha1") + && strcasecmp(tsig_name, "hmac-sha256") + && strcasecmp(tsig_name, "hmac-sha384") + && strcasecmp(tsig_name, "hmac-sha512"))) { + + /* Roll options */ + const char *tmp_tsig_algo = tsig_name; + tsig_name = tsig_data; + tsig_data = tsig_algo; + tsig_algo = tmp_tsig_algo; + } + printf("Sign with name: %s, data: %s, algorithm: %s\n" + , tsig_name, tsig_data, tsig_algo); + break; + case 'z': + zone_name = optarg; + ldns_zone_name = ldns_dname_new_frm_str(zone_name); + if(!ldns_zone_name) { + printf("cannot parse zone name: %s\n", + zone_name); + exit(1); + } + break; + case 'I': + memset(&from_hints, 0, sizeof(from_hints)); + from_hints.ai_family = AF_UNSPEC; + from_hints.ai_socktype = SOCK_DGRAM; + from_hints.ai_protocol = IPPROTO_UDP; + from_hints.ai_flags = AI_NUMERICHOST; + error = getaddrinfo(optarg, 0, &from_hints, &from0); + if (error) { + printf("bad address: %s: %s\n", optarg, + gai_strerror(error)); + exit(EXIT_FAILURE); + } + break; + case 'v': + version(); + /* fallthrough */ + case 'h': + case '?': + default: + usage(); + } + } + argc -= optind; + argv += optind; + + if (argc == 0 || zone_name == NULL) { + usage(); + } + + notify = ldns_pkt_new(); + question = ldns_rr_new(); + + if (!notify || !question) { + /* bail out */ + printf("error: cannot create ldns types\n"); + exit(1); + } + + /* create the rr for inside the pkt */ + ldns_rr_set_class(question, LDNS_RR_CLASS_IN); + ldns_rr_set_owner(question, ldns_zone_name); + ldns_rr_set_type(question, LDNS_RR_TYPE_SOA); + ldns_rr_set_question(question, true); + ldns_pkt_set_opcode(notify, LDNS_PACKET_NOTIFY); + ldns_pkt_push_rr(notify, LDNS_SECTION_QUESTION, question); + ldns_pkt_set_aa(notify, true); + ldns_pkt_set_random_id(notify); + if(include_soa) { + char buf[10240]; + ldns_rr *soa_rr=NULL; + ldns_rdf *prev=NULL; + snprintf(buf, sizeof(buf), "%s 3600 IN SOA . . %u 0 0 0 0", + zone_name, (unsigned)soa_version); + /*printf("Adding soa %s\n", buf);*/ + status = ldns_rr_new_frm_str(&soa_rr, buf, 3600, NULL, &prev); + if(status != LDNS_STATUS_OK) { + printf("Error adding SOA version: %s\n", + ldns_get_errorstr_by_id(status)); + } + ldns_pkt_push_rr(notify, LDNS_SECTION_ANSWER, soa_rr); + } + + if(tsig_name && tsig_data) { +#ifdef HAVE_SSL + status = ldns_pkt_tsig_sign(notify, tsig_name, + tsig_data, 300, tsig_algo, NULL); + if(status != LDNS_STATUS_OK) { + printf("Error TSIG sign query: %s\n", + ldns_get_errorstr_by_id(status)); + } +#else + fprintf(stderr, "Warning: TSIG needs OpenSSL support, which has not been compiled in, TSIG skipped\n"); +#endif + } + + if(verbose) { + printf("# Sending packet:\n"); + ldns_pkt_print(stdout, notify); + + } + + status = ldns_pkt2wire(&wire, notify, &wiresize); + if (status) { + printf("Error converting notify packet to hex: %s\n", + ldns_get_errorstr_by_id(status)); + } else if(wiresize == 0) { + printf("Error converting notify packet to hex.\n"); + exit(1); + } + if(do_hexdump && verbose > 1) { + printf("Hexdump of notify packet:\n"); + for(i=0; i<(int)wiresize; i++) + printf("%02x", (unsigned)wire[i]); + printf("\n"); + } + + for(i=0; iai_next) { + int s; + + if (from0 && ai_res->ai_family != from0->ai_family) + continue; + + s = socket(ai_res->ai_family, ai_res->ai_socktype, + ai_res->ai_protocol); + if(s == -1) + continue; + if (from0 && bind(s, from0->ai_addr, from0->ai_addrlen)) { + perror("Could not bind to source IP"); + exit(EXIT_FAILURE); + } + /* send the notify */ + notify_host(s, ai_res, wire, wiresize, argv[i]); + } + freeaddrinfo(res0); + } + + ldns_pkt_free(notify); + free(wire); + return 0; +} diff --git a/zonemaster-ldns/ldns/examples/ldns-nsec3-hash.1 b/zonemaster-ldns/ldns/examples/ldns-nsec3-hash.1 new file mode 100644 index 0000000..9fd5bd5 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-nsec3-hash.1 @@ -0,0 +1,34 @@ +.TH ldns-nsec3-hash.c 1 "10 Dec 2008" +.SH NAME +ldns-nsec3-hash \- print out the NSEC3 hash for a domain name +.SH SYNOPSIS +.B ldns-nsec3-hash +.IR + +.SH DESCRIPTION +\fBldns-nsec3-hash\fR is used to print out the NSEC3 hash for the given domain name. + +.SH OPTIONS +.TP +\fB-a\fR \fInumber\fR +Use the given algorithm number for the hash calculation. Defaults to 1 (SHA-1). + +.TP +\fB-s\fR \fIsalt\fR +Use the given salt for the hash calculation. Salt value should be in hexadecimal format. + +.TP +\fB-t\fR \fIcount\fR +Use count iterations for the hash calculation. + + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2008 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-nsec3-hash.c b/zonemaster-ldns/ldns/examples/ldns-nsec3-hash.c new file mode 100644 index 0000000..f04f1aa --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-nsec3-hash.c @@ -0,0 +1,131 @@ +/* + * ldns-signzone signs a zone file + * + * (c) NLnet Labs, 2005 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" +#include +#include + +#include + +#include + +#include +#include + +#ifdef HAVE_SSL +#include +#endif /* HAVE_SSL */ + +#define MAX_FILENAME_LEN 250 +int verbosity = 1; + +static void +usage(FILE *fp, const char *prog) { + fprintf(fp, "%s [OPTIONS] \n", prog); + fprintf(fp, " prints the NSEC3 hash of the given domain name\n"); + fprintf(fp, "-a [algorithm] hashing algorithm\n"); + fprintf(fp, "-t [number] number of hash iterations\n"); + fprintf(fp, "-s [string] salt\n"); +} + +int +main(int argc, char *argv[]) +{ + ldns_rdf *dname, *hashed_dname; + uint8_t nsec3_algorithm = 1; + size_t nsec3_iterations_cmd = 1; + uint16_t nsec3_iterations = 1; + uint8_t nsec3_salt_length = 0; + uint8_t *nsec3_salt = NULL; + + char *prog = strdup(argv[0]); + + int c; + while ((c = getopt(argc, argv, "a:s:t:")) != -1) { + switch (c) { + case 'a': + nsec3_algorithm = (uint8_t) atoi(optarg); + break; + case 's': + if (strlen(optarg) % 2 != 0) { + fprintf(stderr, "Salt value is not valid hex data, not a multiple of 2 characters\n"); + exit(EXIT_FAILURE); + } + if (strlen(optarg) > 512) { + fprintf(stderr, "Salt too long\n"); + exit(EXIT_FAILURE); + } + if (nsec3_salt) LDNS_FREE(nsec3_salt); + nsec3_salt_length = (uint8_t) (strlen(optarg) / 2); + nsec3_salt = LDNS_XMALLOC(uint8_t, nsec3_salt_length); + for (c = 0; c < (int) strlen(optarg); c += 2) { + if (isxdigit((int) optarg[c]) && isxdigit((int) optarg[c+1])) { + nsec3_salt[c/2] = (uint8_t) ldns_hexdigit_to_int(optarg[c]) * 16 + + ldns_hexdigit_to_int(optarg[c+1]); + } else { + fprintf(stderr, "Salt value is not valid hex data.\n"); + exit(EXIT_FAILURE); + } + } + + break; + case 't': + nsec3_iterations_cmd = (size_t) atol(optarg); + if (nsec3_iterations_cmd > LDNS_NSEC3_MAX_ITERATIONS) { + fprintf(stderr, "Iterations count can not exceed %u, quitting\n", LDNS_NSEC3_MAX_ITERATIONS); + exit(EXIT_FAILURE); + } + nsec3_iterations = (uint16_t) nsec3_iterations_cmd; + break; + default: + usage(stderr, prog); + exit(EXIT_SUCCESS); + } + } + + argc -= optind; + argv += optind; + + if (argc < 1) { + printf("Error: not enough arguments\n"); + usage(stdout, prog); + exit(EXIT_FAILURE); + } else { + dname = ldns_dname_new_frm_str(argv[0]); + if (!dname) { + free(prog); + if (nsec3_salt) free(nsec3_salt); + fprintf(stderr, + "Error: unable to parse domain name\n"); + return EXIT_FAILURE; + } + hashed_dname = ldns_nsec3_hash_name(dname, + nsec3_algorithm, + nsec3_iterations, + nsec3_salt_length, + nsec3_salt); + if (!hashed_dname) { + free(prog); + if (nsec3_salt) free(nsec3_salt); + fprintf(stderr, + "Error creating NSEC3 hash\n"); + return EXIT_FAILURE; + } + ldns_rdf_print(stdout, hashed_dname); + printf("\n"); + ldns_rdf_deep_free(dname); + ldns_rdf_deep_free(hashed_dname); + } + + if (nsec3_salt) { + free(nsec3_salt); + } + + free(prog); + + return EXIT_SUCCESS; +} diff --git a/zonemaster-ldns/ldns/examples/ldns-read-zone.1 b/zonemaster-ldns/ldns/examples/ldns-read-zone.1 new file mode 100644 index 0000000..11ecad7 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-read-zone.1 @@ -0,0 +1,113 @@ +.TH ldns-read-zone 1 "30 May 2005" +.SH NAME +ldns-read-zone \- read a zonefile and print it +.SH SYNOPSIS +.B ldns-read-zone +.IR ZONEFILE + +.SH DESCRIPTION + +\fBldns-read-zone\fR reads a DNS zone file and prints it. The output has 1 +resource record per line, and no pretty-printing makeup. + +.SH OPTIONS +.TP +\fB-0\fR +Print a (null) for the RRSIG inception, expiry and key data. This option +can be used when comparing different signing systems that use the same +DNSKEYs for signing but would have a slightly different timings/jitter. + +.TP +\fB-b\fR +Include Bubble Babble encoding of DS's. + +.TP +\fB-c\fR +Canonicalize all resource records in the zone before printing + +.TP +\fB-d\fR +Only print DNSSEC data from the zone. This option skips every record +that is not of type NSEC, NSEC3 or RRSIG. DNSKEY and DS records are not +printed. + +.TP +\fB-e\fR \fIRR type\fR +Do not print RRs of the given \fIrr type\fR. +This option may be given multiple times. +\fB-e\fR is not meant to be used together with \fB-E\fR. + +.TP +\fB-E\fR \fIRR type\fR +Print only RRs of the given \fIrr type\fR. +This option may be given multiple times. +\fB-E\fR is not meant to be used together with \fB-e\fR. + +.TP +\fB-h\fR +Show usage and exit + +.TP +\fB-n\fR +Do not print the SOA record + +.TP +\fB-p\fR +Pad the SOA serial number with spaces so the number and the spaces together +take ten characters. This is useful for in file serial number increments. + +.TP +\fB-s\fR +Strip DNSSEC data from the zone. This option skips every record +that is of type NSEC, NSEC3 or RRSIG. DNSKEY and DS records are still +printed. + +.TP +\fB-S\fR \fI[[+|0]number | YYYYMMDDxx | unixtime ]\fR +Set serial number to the given \fInumber\fR, or when preceded by a sign, +offset the existing number with it. When giving the literal strings +\fIYYYYMMDDxx\fR or \fIunixtime\fR, the serial number is tried to be reset +in datecounter or in unixtime format respectively. Though is the updated serial +number is smaller than the original one, the original one is simply +increased by one. + +When updating a serial number, records of type NSEC, NSEC3, RRSIG and DNSKEY +will be skipped when printing the zone. + +.TP +\fB-u\fR \fIRR type\fR +Mark \fIRR type\fR for printing in unknown type format. + +\fB-u\fR is not meant to be used together with \fB-U\fR. + +.TP +\fB-U\fR \fIRR type\fR +Mark \fIRR type\fR for \fBnot\fR printing in unknown type format. + +The first occurrence of the \fB-U\fR option marks all RR types for printing +in unknown type format except for the given \fIRR type\fR. +Subsequent \fB-U\fR options will clear the mark for those \fIRR type\fRs too, +so that only the given \fIRR type\fRs will be printed in the presentation +format specific for those \fIRR type\fRs. + +\fB-U\fR is not meant to be used together with \fB-u\fR. + +.TP +\fB-v\fR +Show the version and exit + +.TP +\fB-z\fR +Sort the zone before printing (this implies \-c) + + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-read-zone.c b/zonemaster-ldns/ldns/examples/ldns-read-zone.c new file mode 100644 index 0000000..2a1bc99 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-read-zone.c @@ -0,0 +1,307 @@ +/* + * read a zone file from disk and prints it, one RR per line + * + * (c) NLnetLabs 2005-2008 + * + * See the file LICENSE for the license + */ + +#include "config.h" +#include +#include + +#include +#include + +#include + +static void print_usage(const char* progname) +{ + printf("Usage: %s [OPTIONS] \n", progname); + printf("\tReads the zonefile and prints it.\n"); + printf("\tThe RR count of the zone is printed to stderr.\n"); + printf("\t-0 zeroize timestamps and signature in RRSIG records.\n"); + printf("\t-b include Bubble Babble encoding of DS's.\n"); + printf("\t-c canonicalize all rrs in the zone.\n"); + printf("\t-d only show DNSSEC data from the zone\n"); + printf("\t-e \n"); + printf("\t\tDo not print RRs of the given .\n"); + printf("\t\tThis option may be given multiple times.\n"); + printf("\t\t-e is not meant to be used together with -E.\n"); + printf("\t-E \n"); + printf("\t\tPrint only RRs of the given .\n"); + printf("\t\tThis option may be given multiple times.\n"); + printf("\t\t-E is not meant to be used together with -e.\n"); + printf("\t-h show this text\n"); + printf("\t-n do not print the SOA record\n"); + printf("\t-p prepend SOA serial with spaces so" + " it takes exactly ten characters.\n"); + printf("\t-s strip DNSSEC data from the zone\n"); + printf("\t-S [[+|-] | YYYYMMDDxx | " + " unixtime ]\n" + "\t\tSet serial number to or," + " when preceded by a sign,\n" + "\t\toffset the existing number with " + ". With YYYYMMDDxx\n" + "\t\tthe serial is formatted as a datecounter" + ", and with unixtime as\n" + "\t\tthe number of seconds since 1-1-1970." + " However, on serial\n" + "\t\tnumber decrease, +1 is used in stead" + ". (implies -s)\n"); + printf("\t-u \n"); + printf("\t\tMark for printing in unknown type format.\n"); + printf("\t\tThis option may be given multiple times.\n"); + printf("\t\t-u is not meant to be used together with -U.\n"); + printf("\t-U \n"); + printf("\t\tMark for not printing in unknown type format.\n"); + printf("\t\tThis option may be given multiple times.\n"); + printf( + "\t\tThe first occurrence of the -U option marks all RR types for" + "\n\t\tprinting in unknown type format except for the given ." + "\n\t\tSubsequent -U options will clear the mark for those s" + "\n\t\ttoo, so that only the given s will be printed in the" + "\n\t\tpresentation format specific for those s.\n"); + printf("\t\t-U is not meant to be used together with -u.\n"); + printf("\t-v shows the version and exits\n"); + printf("\t-z sort the zone (implies -c).\n"); + printf("\nif no file is given standard input is read\n"); + exit(EXIT_SUCCESS); +} + +static void exclude_type(ldns_rdf **show_types, ldns_rr_type t) +{ + ldns_status s; + + assert(show_types != NULL); + + if (! *show_types && LDNS_STATUS_OK != + (s = ldns_rdf_bitmap_known_rr_types(show_types))) + goto fail; + + s = ldns_nsec_bitmap_clear_type(*show_types, t); + if (s == LDNS_STATUS_OK) + return; +fail: + fprintf(stderr, "Cannot exclude rr type %s: %s\n" + , ldns_rr_descript(t)->_name + , ldns_get_errorstr_by_id(s)); + exit(EXIT_FAILURE); +} + +static void include_type(ldns_rdf **show_types, ldns_rr_type t) +{ + ldns_status s; + + assert(show_types != NULL); + + if (! *show_types && LDNS_STATUS_OK != + (s = ldns_rdf_bitmap_known_rr_types_space(show_types))) + goto fail; + + s = ldns_nsec_bitmap_set_type(*show_types, t); + if (s == LDNS_STATUS_OK) + return; +fail: + fprintf(stderr, "Cannot exclude all rr types except %s: %s\n" + , ldns_rr_descript(t)->_name + , ldns_get_errorstr_by_id(s)); + exit(EXIT_FAILURE); +} + +int +main(int argc, char **argv) +{ + char *filename; + FILE *fp; + ldns_zone *z; + int line_nr = 0; + int c; + bool canonicalize = false; + bool sort = false; + bool print_soa = true; + ldns_status s; + size_t i; + ldns_rr_list *stripped_list; + ldns_rr *cur_rr; + ldns_output_format_storage fmt_storage; + ldns_output_format* fmt = ldns_output_format_init(&fmt_storage); + ldns_rdf *show_types = NULL; + + ldns_soa_serial_increment_func_t soa_serial_increment_func = NULL; + int soa_serial_increment_func_data = 0; + + while ((c = getopt(argc, argv, "0bcde:E:hnpsS:u:U:vz")) != -1) { + switch(c) { + case '0': + fmt->flags |= LDNS_FMT_ZEROIZE_RRSIGS; + break; + case 'b': + fmt->flags |= + ( LDNS_COMMENT_BUBBLEBABBLE | + LDNS_COMMENT_FLAGS ); + break; + case 'c': + canonicalize = true; + break; + case 'd': + include_type(&show_types, LDNS_RR_TYPE_RRSIG); + include_type(&show_types, LDNS_RR_TYPE_NSEC); + include_type(&show_types, LDNS_RR_TYPE_NSEC3); + break; + case 'e': + exclude_type(&show_types, + ldns_get_rr_type_by_name(optarg)); + break; + case 'E': + include_type(&show_types, + ldns_get_rr_type_by_name(optarg)); + break; + case 'h': + print_usage("ldns-read-zone"); + break; + case 'n': + print_soa = false; + break; + case 'p': + fmt->flags |= LDNS_FMT_PAD_SOA_SERIAL; + break; + case 's': + case 'S': + exclude_type(&show_types, LDNS_RR_TYPE_RRSIG); + exclude_type(&show_types, LDNS_RR_TYPE_NSEC); + exclude_type(&show_types, LDNS_RR_TYPE_NSEC3); + if (c == 's') break; + if (*optarg == '+' || *optarg == '-') { + soa_serial_increment_func_data = + atoi(optarg); + soa_serial_increment_func = + ldns_soa_serial_increment_by; + } else if (! strtok(optarg, "0123456789")) { + soa_serial_increment_func_data = + atoi(optarg); + soa_serial_increment_func = + ldns_soa_serial_identity; + } else if (!strcasecmp(optarg, "YYYYMMDDxx")){ + soa_serial_increment_func = + ldns_soa_serial_datecounter; + } else if (!strcasecmp(optarg, "unixtime")){ + soa_serial_increment_func = + ldns_soa_serial_unixtime; + } else { + fprintf(stderr, "-S expects a number " + "optionally preceded by a " + "+ or - sign to indicate an " + "offset, or the text YYYYMM" + "DDxx or unixtime\n"); + exit(EXIT_FAILURE); + } + break; + case 'u': + s = ldns_output_format_set_type(fmt, + ldns_get_rr_type_by_name(optarg)); + if (s != LDNS_STATUS_OK) { + fprintf( stderr + , "Cannot set rr type %s " + "in output format to " + "print as unknown type: %s\n" + , ldns_rr_descript( + ldns_get_rr_type_by_name(optarg) + )->_name + , ldns_get_errorstr_by_id(s) + ); + exit(EXIT_FAILURE); + } + break; + case 'U': + s = ldns_output_format_clear_type(fmt, + ldns_get_rr_type_by_name(optarg)); + if (s != LDNS_STATUS_OK) { + fprintf( stderr + , "Cannot set rr type %s " + "in output format to not " + "print as unknown type: %s\n" + , ldns_rr_descript( + ldns_get_rr_type_by_name(optarg) + )->_name + , ldns_get_errorstr_by_id(s) + ); + exit(EXIT_FAILURE); + } + break; + case 'v': + printf("read zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); + exit(EXIT_SUCCESS); + break; + case 'z': + canonicalize = true; + sort = true; + break; + } + } + argc -= optind; + argv += optind; + + if (argc == 0) { + fp = stdin; + } else { + filename = argv[0]; + + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror(errno)); + exit(EXIT_FAILURE); + } + } + + s = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, LDNS_RR_CLASS_IN, &line_nr); + + fclose(fp); + if (s != LDNS_STATUS_OK) { + fprintf(stderr, "%s at line %d\n", + ldns_get_errorstr_by_id(s), + line_nr); + exit(EXIT_FAILURE); + } + + if (show_types) { + if (print_soa) + print_soa = ldns_nsec_bitmap_covers_type(show_types, + LDNS_RR_TYPE_SOA); + stripped_list = ldns_rr_list_new(); + while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) + if (ldns_nsec_bitmap_covers_type(show_types, + ldns_rr_get_type(cur_rr))) + ldns_rr_list_push_rr(stripped_list, cur_rr); + else + ldns_rr_free(cur_rr); + ldns_rr_list_free(ldns_zone_rrs(z)); + ldns_zone_set_rrs(z, stripped_list); + } + + if (canonicalize) { + ldns_rr2canonical(ldns_zone_soa(z)); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { + ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i)); + } + } + if (sort) { + ldns_zone_sort(z); + } + + if (print_soa && ldns_zone_soa(z)) { + if (soa_serial_increment_func) { + ldns_rr_soa_increment_func_int( + ldns_zone_soa(z) + , soa_serial_increment_func + , soa_serial_increment_func_data + ); + } + ldns_rr_print_fmt(stdout, fmt, ldns_zone_soa(z)); + } + ldns_rr_list_print_fmt(stdout, fmt, ldns_zone_rrs(z)); + + ldns_zone_deep_free(z); + + exit(EXIT_SUCCESS); +} diff --git a/zonemaster-ldns/ldns/examples/ldns-resolver.1 b/zonemaster-ldns/ldns/examples/ldns-resolver.1 new file mode 100644 index 0000000..de7c259 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-resolver.1 @@ -0,0 +1,26 @@ +.TH ldns-resolver 1 "27 Apr 2005" +.SH NAME +ldns-resolver \- tries to create a resolver from a resolv.conf file. +.SH SYNOPSIS +.B ldns-resolver +.IR file + +.SH DESCRIPTION +\fBldns-resolver\fR tries to create a resolver from a resolv.conf file. +This is only useful to test the library for robustness with input data. + +.SH OPTIONS +\fBldns-resolver\fR takes a filename of the resolv.conf file as input. +For example \fIldns-resolver /etc/resolv.conf\fR will show if the file can +be parsed successfully. + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-resolver.c b/zonemaster-ldns/ldns/examples/ldns-resolver.c new file mode 100644 index 0000000..6f5f062 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-resolver.c @@ -0,0 +1,47 @@ +/* + * ldns-resolver tries to create a resolver structure from /dev/urandom + * this is only useful to test the library for robustness with input data + * + * (c) NLnet Labs 2006 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" +#include "errno.h" + +#include + +int +main(int argc, char **argv) { + + ldns_resolver *r; + int line = 1; + FILE *rand; + ldns_status s; + + if (argc != 2 || strncmp(argv[1], "-h", 3) == 0) { + printf("Usage: ldns-resolver \n"); + printf("Tries to create a stub resolver structure from the given file.\n"); + exit(EXIT_FAILURE); + } + + if (!(rand = fopen(argv[1], "r"))) { + printf("Error opening %s: %s\n", argv[1], strerror(errno)); + exit(EXIT_FAILURE); + } + + printf("Trying to read from %s\n", argv[1]); + s = ldns_resolver_new_frm_fp_l(&r, rand, &line); + if (s != LDNS_STATUS_OK) { + printf("Failed: %s at line %d\n", ldns_get_errorstr_by_id(s), line); + exit(EXIT_FAILURE); + } else { + printf("Success\n"); + ldns_resolver_print(stdout, r); + ldns_resolver_deep_free(r); + } + + fclose(rand); + + return EXIT_SUCCESS; +} diff --git a/zonemaster-ldns/ldns/examples/ldns-revoke.1 b/zonemaster-ldns/ldns/examples/ldns-revoke.1 new file mode 100644 index 0000000..3a8ee4b --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-revoke.1 @@ -0,0 +1,27 @@ +.TH ldns-revoke 1 "23 Jul 2008" +.SH NAME +ldns-revoke \- sets the revoke bit of a DNSKEY +.SH SYNOPSIS +.B ldns-revoke +.IR file + +.SH DESCRIPTION +\fBldns-revoke\fR is used to revoke a public DNSKEY RR. +When run it will read \fIfile\fR with a DNSKEY RR in it, +sets the revoke bit and write back the output to \fIfile\fR . + +.SH OPTIONS +.TP +\fB-n\fR +Write the result to stdout instead of a file + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2008 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-revoke.c b/zonemaster-ldns/ldns/examples/ldns-revoke.c new file mode 100644 index 0000000..f46c98f --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-revoke.c @@ -0,0 +1,104 @@ +/* + * revoke sets the revoke bit of a public key. + * + * (c) NLnet Labs, 2005 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" + +#include +#ifdef HAVE_SSL +#include +#endif /* HAVE_SSL */ + +#include + +static void +usage(FILE *fp, char *prog) { + fprintf(fp, "%s [-n] keyfile\n", prog); + fprintf(fp, " Revokes a key\n"); + fprintf(fp, "Options:\n"); + fprintf(fp, " -n: do not write to file but to stdout\n"); +} + +int +main(int argc, char *argv[]) +{ + FILE *keyfp; + char *keyname; + ldns_rr *k; + uint16_t flags; + char *program = argv[0]; + int nofile = 0; + ldns_rdf *origin = NULL; + ldns_status result; + + argv++, argc--; + while (argc && argv[0][0] == '-') { + if (strcmp(argv[0], "-n") == 0) { + nofile=1; + } + else { + usage(stderr, program); + exit(EXIT_FAILURE); + } + argv++, argc--; + } + + if (argc != 1) { + usage(stderr, program); + exit(EXIT_FAILURE); + } + keyname = strdup(argv[0]); + + keyfp = fopen(keyname, "r"); + if (!keyfp) { + fprintf(stderr, "Failed to open public key file %s: %s\n", keyname, + strerror(errno)); + exit(EXIT_FAILURE); + } + + result = ldns_rr_new_frm_fp(&k, keyfp, 0, &origin, NULL); + /* what does this while loop do? */ + while (result == LDNS_STATUS_SYNTAX_ORIGIN) { + result = ldns_rr_new_frm_fp(&k, keyfp, 0, &origin, NULL); + } + if (result != LDNS_STATUS_OK) { + fprintf(stderr, "Could not read public key from file %s: %s\n", keyname, ldns_get_errorstr_by_id(result)); + exit(EXIT_FAILURE); + } + fclose(keyfp); + + flags = ldns_read_uint16(ldns_rdf_data(ldns_rr_dnskey_flags(k))); + flags |= LDNS_KEY_REVOKE_KEY; + + if (!ldns_rr_dnskey_set_flags(k, + ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16, flags))) + { + fprintf(stderr, "Revocation failed\n"); + exit(EXIT_FAILURE); + } + + /* print the public key RR to .key */ + + if (nofile) + ldns_rr_print(stdout,k); + else { + keyfp = fopen(keyname, "w"); + if (!keyfp) { + fprintf(stderr, "Unable to open %s: %s\n", keyname, + strerror(errno)); + exit(EXIT_FAILURE); + } else { + ldns_rr_print(keyfp, k); + fclose(keyfp); + fprintf(stdout, "DNSKEY revoked\n"); + } + } + + free(keyname); + ldns_rr_free(k); + + exit(EXIT_SUCCESS); +} diff --git a/zonemaster-ldns/ldns/examples/ldns-rrsig.1 b/zonemaster-ldns/ldns/examples/ldns-rrsig.1 new file mode 100644 index 0000000..8262e3d --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-rrsig.1 @@ -0,0 +1,30 @@ +.TH ldns-rrsig 1 "27 Apr 2005" +.SH NAME +ldns-rrsig \- print out the inception and expiration dates in human +readable form +.SH SYNOPSIS +.B ldns-rrsig +.IR domain +[ +.IR type +] + +.SH DESCRIPTION +\fBldns-rrsig\fR is used to print the expiration and inception date of +a RRSIG. The first argument is a domain name. \fBldns-rrsig\fR will +query the authoritative servers for that domain to get a list of RRSIGs. +It will then print out the inception and expiration dates for the RRSIG +covering the SOA record. +.PP +If the second argument \fBtype\fR is given the RRSIG covering that type will be shown. + +.SH AUTHOR +Written by the ldns team as an example for ldns usage. + +.SH REPORTING BUGS +Report bugs to . + +.SH COPYRIGHT +Copyright (C) 2005 NLnet Labs. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE. diff --git a/zonemaster-ldns/ldns/examples/ldns-rrsig.c b/zonemaster-ldns/ldns/examples/ldns-rrsig.c new file mode 100644 index 0000000..9b7aac4 --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-rrsig.c @@ -0,0 +1,219 @@ +/* + * ldns-rrsig prints out the inception and expiration dates in a more readable + * way than the normal RRSIG presentation format + * + * for a particularly domain + * (c) NLnet Labs, 2005 - 2008 + * See the file LICENSE for the license + */ + +#include "config.h" + +#include + +static int +usage(FILE *fp, char *prog) { + fprintf(fp, "%s domain [type]\n", prog); + fprintf(fp, " print out the inception and expiration dates\n"); + fprintf(fp, " in a more human readable form\n"); + fprintf(fp, " \tquery for RRSIG(), defaults to SOA\n"); + return 0; +} + +int +main(int argc, char *argv[]) +{ + ldns_resolver *res; + ldns_resolver *localres; + ldns_rdf *domain; + ldns_pkt *p; + ldns_rr_list *rrsig; + ldns_rr_list *rrsig_type; + ldns_rr_list *ns; + ldns_rr_list *ns_ip; + uint8_t i, j; + ldns_rr_type t; + const char * type_name; + struct tm incep, expir; + char incep_buf[26]; + char expir_buf[26]; + ldns_status s; + time_t now = time(NULL); + + p = NULL; + rrsig = NULL; + rrsig_type = NULL; + domain = NULL; + + /* option parsing */ + + if (argc < 2) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } else { + /* create a rdf from the command line arg */ + domain = ldns_dname_new_frm_str(argv[1]); + if (!domain) { + usage(stdout, argv[0]); + exit(EXIT_FAILURE); + } + } + + if (argc == 3) { + /* optional type arg */ + type_name = argv[2]; + t = ldns_rdf2rr_type( + ldns_rdf_new_frm_str(LDNS_RDF_TYPE_TYPE, type_name)); + if (t == 0) { + fprintf(stderr, " *** %s is not a valid RR type\n", type_name); + exit(EXIT_FAILURE); + } + } else { + t = LDNS_RR_TYPE_SOA; + type_name = "SOA"; + } + + /* create a new resolver from /etc/resolv.conf */ + s = ldns_resolver_new_frm_file(&localres, NULL); + if (s != LDNS_STATUS_OK) { + exit(EXIT_FAILURE); + } + + /* first get the nameserver of the domain in question */ + p = ldns_resolver_query(localres, domain, LDNS_RR_TYPE_NS, + LDNS_RR_CLASS_IN, LDNS_RD); + if (!p) { + fprintf(stderr," *** Could not find any nameserver for %s", argv[1]); + ldns_resolver_deep_free(localres); + exit(EXIT_FAILURE); + } + ns = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER); + + if (!ns) { + fprintf(stderr," *** Could not find any nameserver for %s", argv[1]); + ldns_pkt_free(p); + ldns_resolver_deep_free(localres); + exit(EXIT_FAILURE); + } + + /* use our local resolver to resolv the names in the for usage in our + * new resolver */ + res = ldns_resolver_new(); + if (!res) { + ldns_pkt_free(p); + ldns_resolver_deep_free(localres); + ldns_rr_list_deep_free(ns); + exit(EXIT_FAILURE); + } + for(i = 0; i < ldns_rr_list_rr_count(ns); i++) { + ns_ip = ldns_get_rr_list_addr_by_name(localres, + ldns_rr_ns_nsdname(ldns_rr_list_rr(ns, i)), + LDNS_RR_CLASS_IN, LDNS_RD); + /* add these to new resolver */ + for(j = 0; j < ldns_rr_list_rr_count(ns_ip); j++) { + if (ldns_resolver_push_nameserver(res, + ldns_rr_a_address(ldns_rr_list_rr(ns_ip, j))) != LDNS_STATUS_OK) { + printf("Error adding nameserver to resolver\n"); + ldns_pkt_free(p); + ldns_resolver_deep_free(res); + ldns_resolver_deep_free(localres); + ldns_rr_list_deep_free(ns); + exit(EXIT_FAILURE); + } + } + ldns_rr_list_deep_free(ns_ip); + + } + + /* enable DNSSEC */ + ldns_resolver_set_dnssec(res, true); + /* also set CD, we want EVERYTHING! */ + ldns_resolver_set_dnssec_cd(res, true); + + /* use the resolver to send it a query for the soa + * records of the domain given on the command line + */ + ldns_pkt_free(p); + p = ldns_resolver_query(res, domain, LDNS_RR_TYPE_RRSIG, LDNS_RR_CLASS_IN, LDNS_RD); + + ldns_rdf_deep_free(domain); + + if (!p) { + ldns_resolver_deep_free(localres); + ldns_rr_list_deep_free(ns); + exit(EXIT_FAILURE); + } else { + /* retrieve the RRSIG records from the answer section of that + * packet + */ + rrsig = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANSWER); + if (!rrsig) { + fprintf(stderr, + " *** invalid answer name %s after RRSIG query for %s\n", + argv[1], argv[1]); + ldns_pkt_free(p); + ldns_resolver_deep_free(res); + ldns_rr_list_deep_free(ns); + exit(EXIT_FAILURE); + } else { + rrsig_type = ldns_rr_list_new(); + + for(i = 0; i < ldns_rr_list_rr_count(rrsig); i++) { + if (ldns_rdf2rr_type( + ldns_rr_rrsig_typecovered( + ldns_rr_list_rr(rrsig, i))) == t) { + ldns_rr_list_push_rr(rrsig_type, + ldns_rr_list_rr(rrsig, i)); + } + } + if (ldns_rr_list_rr_count(rrsig_type) == 0) { + fprintf(stderr, " *** No RRSIG(%s) type found\n", + type_name); + ldns_resolver_deep_free(localres); + ldns_resolver_deep_free(res); + ldns_pkt_free(p); + ldns_rr_list_deep_free(ns); + ldns_rr_list_free(rrsig); + ldns_rr_list_deep_free(rrsig_type); + exit(EXIT_FAILURE); + } + + for(i = 0; i < ldns_rr_list_rr_count(rrsig_type); i++) { + memset(&incep, 0, sizeof(incep)); + if (ldns_serial_arithmetics_gmtime_r( + ldns_rdf2native_time_t( + ldns_rr_rrsig_inception( + ldns_rr_list_rr(rrsig_type, i))), + now, &incep + ) + && asctime_r(&incep, incep_buf)) { + incep_buf[24] = '\0'; + } else { + incep_buf[0] = '\0'; + } + memset(&expir, 0, sizeof(expir)); + if (ldns_serial_arithmetics_gmtime_r( + ldns_rdf2native_time_t( + ldns_rr_rrsig_expiration( + ldns_rr_list_rr(rrsig_type, i))), + now, &expir + ) + && asctime_r(&expir, expir_buf)) { + expir_buf[24] = '\0'; + } else { + expir_buf[0] = '\0'; + } + + fprintf(stdout, "%s RRSIG(%s): %s - %s\n", + argv[1], type_name, incep_buf, expir_buf); + } + ldns_rr_list_free(rrsig); + ldns_rr_list_deep_free(rrsig_type); + } + } + ldns_pkt_free(p); + ldns_resolver_deep_free(localres); + ldns_resolver_deep_free(res); + ldns_rr_list_deep_free(ns); + return 0; +} diff --git a/zonemaster-ldns/ldns/examples/ldns-signzone.1 b/zonemaster-ldns/ldns/examples/ldns-signzone.1 new file mode 100644 index 0000000..b1cdeeb --- /dev/null +++ b/zonemaster-ldns/ldns/examples/ldns-signzone.1 @@ -0,0 +1,194 @@ +.TH ldns-signzone 1 "13 March 2018" +.SH NAME +ldns-signzone \- sign a zonefile with DNSSEC data +.SH SYNOPSIS +.B ldns-signzone +[ +.IR OPTIONS +] +.IR ZONEFILE +.IR +KEY +[KEY +[KEY] ... +] + +.SH DESCRIPTION + +\fBldns-signzone\fR is used to generate a DNSSEC signed zone. When run it +will create a new zonefile that contains RRSIG and NSEC resource records, as +specified in RFC 4033, RFC 4034 and RFC 4035. + +Keys must be specified by their base name (i.e. without .private). If +the DNSKEY that belongs to the key in the .private file is not present +in the zone, it will be read from the file .key. If that +file does not exist, the DNSKEY value will be generated from the +private key. + +Multiple keys can be specified, Key Signing Keys are used as such when +they are either already present in the zone, or specified in a .key +file, and have the KSK bit set. + +.SH OPTIONS +.TP +\fB-b\fR +Augments the zone and the RR's with extra comment texts for a more readable +layout, easier to debug. DS records will have a bubblebabble version of +the data in the comment text, NSEC3 records will have the unhashed owner names +in the comment text. + +Without this option, only DNSKEY RR's will have their Key Tag annotated in +the comment text. + +.TP +\fB-d\fR +Normally, if the DNSKEY RR for a key that is used to sign the zone is +not found in the zone file, it will be read from .key, or derived from +the private key (in that order). This option turns that feature off, +so that only the signatures are added to the zone. + +.TP +\fB-e\fR \fIdate\fR +Set expiration date of the signatures to this date, the format can be +YYYYMMDD[hhmmss], or a timestamp. + +.TP +\fB-f\fR \fIfile\fR +Use this file to store the signed zone in (default .signed) + +.TP +\fB-i\fR \fIdate\fR +Set inception date of the signatures to this date, the format can be +YYYYMMDD[hhmmss], or a timestamp. + +.TP +\fB-o\fR \fIorigin\fR +Use this as the origin of the zone + +.TP +\fB-u\fR +set SOA serial to the number of seconds since 1-1-1970 + +.TP +\fB-v\fR +Print the version and exit + +.TP +\fB-z\fR \fI[scheme:]hash\fR +Calculate the zone's digest and add those as ZONEMD RRs. The (optional) +`scheme' must be `simple` (or 1) and `hash' should be `sha384' (or 1) or +`sha512' (or 2). This option can be given more than once. + +.TP +\fB-Z\fR +Allow ZONEMDs to be added without signing + +.TP +\fB-A\fR +Sign the DNSKEY record with all keys. By default it is signed with a +minimal number of keys, to keep the response size for the DNSKEY query +small, and only the SEP keys that are passed are used. If there are no +SEP keys, the DNSKEY RRset is signed with the non\-SEP keys. This option +turns off the default and all keys are used to sign the DNSKEY RRset. + +.TP +\fB-U\fR +Sign with every unique algorithm in the provided keys. The DNSKEY set +is signed with all the SEP keys, plus all the non\-SEP keys that have an +algorithm that was not presen in the SEP key set. + +.TP +\fB-E\fR \fIname\fR +Use the EVP cryptographic engine with the given name for signing. This +can have some extra options; see ENGINE OPTIONS for more information. + +.TP +\fB-K\fR \fIalgorithm-id,key-id\fR + +Use the key `key-id' as the signing key for algorithm `algorithm-id' as +a Key Signing Key (KSK). This option is used when you use an OpenSSL engine, +see ENGINE OPTIONS for more information. + +.TP +\fB-k\fR \fIalgorithm-id,key-id\fR +Use the key `key-id' as the signing key for algorithm `algorithm-id' as +a Zone Signing Key (ZSK). This option is used when you use an OpenSSL +engine, see ENGINE OPTIONS for more information. + +.TP +\fB-n\fR +Use NSEC3 instead of NSEC. + +.TP +If you use NSEC3, you can specify the following extra options: + +.TP +\fB-a\fR \fIalgorithm\fR +Algorithm used to create the hashed NSEC3 owner names + +.TP +\fB-p\fR +Opt-out. All NSEC3 records in the zone will have the Opt-out flag set. After signing, you can add insecure delegations to the signed zone. + +.TP +\fB-s\fR \fIstring\fR +Salt + +.TP +\fB-t\fR \fInumber\fR +Number of hash iterations + +.SH ENGINE OPTIONS +You can modify the possible engines, if supported, by setting an +OpenSSL configuration file. This is done through the environment +variable OPENSSL_CONF. + +The key options (\-k and \-K) work as follows: you specify a DNSSEC +algorithm (using its symbolic name, for instance, RSASHA256 +or its numeric identifier, for instance, 8), followed by a comma +and a key identifier (white space is not allowed between the +algorithm and the comma and between the comma and the key identifier). + +The key identifier can be any of the following: + + + : + id_ + slot_-id_ + label_