Commit 65090329 authored by Ondrej Sury's avatar Ondrej Sury

Imported Upstream version 1.6.0

parent 957cd007
1.6.0
Additions:
* Addition of an ldns-config script which gives cflags and libs
values, for use in configure scripts for applications that use
use ldns. Can be disabled with ./configure --disable-ldns-config
* Added direct sha1, sha256, and sha512 support in ldns.
With these functions, all NSEC3 functionality can still be
used, even if ldns is built without OpenSSL. Thanks to OpenBSD,
Steve Reid, and Aaron D. Gifford for the code.
* Added reading/writing support for the SPF Resource Record
* Base32 functions are now exported
Bugfixes:
* ldns_is_rrset did not go through the complete rrset, but
only compared the first two records. Thanks to Olafur
Gudmundsson for report and patch
* Fixed a small memory bug in ldns_rr_list_subtype_by_rdf(),
thanks to Marius Rieder for finding an patching this.
* --without-ssl should now work. Make sure that examples/ and
drill also get the --without-ssl flag on their configure, if
this is used.
* Some malloc() return value checks have been added
* NSEC3 creation has been improved wrt to empty nonterminals,
and opt-out.
* Fixed a bug in the parser when reading large NSEC3 salt
values.
* Made the allowed length for domain names on wire
and presentation format the same.
Example tools:
* ldns-key2ds can now also generate DS records for keys without
the SEP flag
* ldns-signzone now equalizes the TTL of the DNSKEY RRset (to
the first non-default DNSKEY TTL value it sees)
1.5.1
Example tools:
* ldns-signzone was broken in 1.5.0 for multiple keys, this
......
......@@ -14,24 +14,26 @@ datadir = @datadir@
libdir = @libdir@
includedir = @includedir@
doxygen = @doxygen@
glibtool = @glibtool@
glibtool = @libtool@
libtool = ./libtool
ifdef glibtool
libtool = $(glibtool)
endif
CC = @CC@
CPPFLAGS = @CPPFLAGS@ @DEFS@ -I. -I$(srcdir)
CFLAGS = @CFLAGS@ -I. -I$(srcdir)
CPPFLAGS = -I. -I$(srcdir) @CPPFLAGS@ @DEFS@
CFLAGS = -I. -I$(srcdir) @CFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
LIBOBJS = @LIBOBJS@
RUNTIME_PATH = @RUNTIME_PATH@
DATE = $(shell date +%Y%m%d)
LIBTOOL = $(libtool) --tag=CC
ACLOCAL_AMFLAGS = -Im4
INSTALL_LDNS_CONFIG = @INSTALL_LDNS_CONFIG@
LINT = splint
LINTFLAGS = +quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -D__u16=uint16_t
LINTFLAGS = +quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -D__u16=uint16_t -fixedformalarray
INSTALL = $(srcdir)/install-sh
......@@ -39,7 +41,8 @@ LIBDNS_SOURCES = rdata.c util.c rr.c packet.c wire2host.c \
host2str.c buffer.c str2host.c tsig.c resolver.c \
net.c host2wire.c dname.c dnssec.c dnssec_verify.c \
keys.c higher.c rr_functions.c parse.c update.c \
error.c zone.c dnssec_zone.c dnssec_sign.c rbtree.c
error.c zone.c dnssec_zone.c dnssec_sign.c rbtree.c \
sha1.c sha2.c
LIBDNS_HEADERS = $(srcdir)/ldns/error.h \
$(srcdir)/ldns/packet.h \
$(srcdir)/ldns/common.h \
......@@ -64,7 +67,9 @@ LIBDNS_HEADERS = $(srcdir)/ldns/error.h \
$(srcdir)/ldns/dnssec_zone.h \
$(srcdir)/ldns/update.h \
$(srcdir)/ldns/tsig.h \
$(srcdir)/ldns/rbtree.h
$(srcdir)/ldns/rbtree.h \
$(srcdir)/ldns/sha1.h \
$(srcdir)/ldns/sha2.h
LIBDNS_OBJECTS = $(LIBDNS_SOURCES:.c=.o) $(LIBOBJS)
LIBDNS_LOBJECTS = $(LIBDNS_SOURCES:.c=.lo) $(LIBOBJS:.o=.lo)
......@@ -72,8 +77,8 @@ ALL_SOURCES = $(LIBDNS_SOURCES)
COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS)
COMP_LIB = $(LIBTOOL) --mode=compile $(CC) $(CPPFLAGS) $(CFLAGS)
LINK = $(CC) $(CFLAGS) $(LDFLAGS)
LINK_LIB = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -version-number $(version_info) -no-undefined
LINK = $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS)
LINK_LIB = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) $(LIBS) -version-number $(version_info) -no-undefined
%.o: $(srcdir)/%.c $(LIBDNS_HEADERS) ldns/util.h ldns/config.h
$(COMP_LIB) -c $> $<
......@@ -85,7 +90,7 @@ LINK_LIB = $(LIBTOOL) --mode=link $(CC) $(CFLAGS) $(LDFLAGS) -version-number $(v
all: copy-headers lib linktest
linktest: $(srcdir)/linktest.c $(LIBDNS_HEADERS) ldns/util.h ldns/config.h libldns.la
$(LIBTOOL) --mode=link $(CC) $(srcdir)/linktest.c $(CPPFLAGS) $(CFLAGS) -lldns -o linktest
$(LIBTOOL) --mode=link $(CC) $(srcdir)/linktest.c $(CPPFLAGS) $(CFLAGS) -lldns $(LIBS) -o linktest
lib: libldns.la
if [ ! -d lib ] ; then ln -s .libs lib ; fi ;
......@@ -124,12 +129,18 @@ manpages: $(srcdir)/doc/function_manpages
cat $(srcdir)/ldns/*.h | $(srcdir)/doc/doxyparse.pl -m $(srcdir)/doc/function_manpages 2>&1 | \
grep -v ^doxygen | grep -v ^cat > doc/ldns_manpages
install: install-h install-lib install-manpages
install: install-h install-lib install-config install-manpages
uninstall: uninstall-manpages uninstall-h uninstall-lib
destclean: uninstall
install-config:
if [ $(INSTALL_LDNS_CONFIG) = "yes" ] ; then \
$(INSTALL) -d $(DESTDIR)$(bindir); \
$(INSTALL) -m 755 packaging/ldns-config $(DESTDIR)$(bindir)/; \
fi
install-manpages: manpages
${INSTALL} -d $(DESTDIR)$(mandir)/man3
cp -Rp doc/man/man3/* $(DESTDIR)$(mandir)/man3/
......@@ -137,7 +148,7 @@ install-manpages: manpages
uninstall-manpages:
for i in `cat doc/ldns_manpages`; do \
rm -f $(DESTDIR)$(mandir)/man3/$$i.3 ; done
rmdir -p $(DESTDIR)$(mandir)/man3
rmdir -p $(DESTDIR)$(mandir)/man3 || echo "ok, dir already gone"
install-h: lib
$(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/ldns
......@@ -149,7 +160,7 @@ install-h: lib
uninstall-h:
for i in $(LIBDNS_HEADERS); do \
rm -f $(DESTDIR)$(includedir)/$$i; done
[ ! -d $(DESTDIR)$(includedir)/ldns ] || rmdir -p $(DESTDIR)$(includedir)/ldns
[ ! -d $(DESTDIR)$(includedir)/ldns ] || rmdir -p $(DESTDI)$(includedir)/ldns || echo "ok, dir already gone"
exit 0
install-lib: lib
......@@ -159,7 +170,7 @@ install-lib: lib
uninstall-lib:
$(LIBTOOL) --mode=uninstall rm -f $(DESTDIR)$(libdir)/libldns.la
rmdir -p $(DESTDIR)$(libdir)
rmdir -p $(DESTDIR)$(libdir) || echo "ok, dir already gone"
clean:
rm -f *.o *.d *.lo
......
Contents:
REQUIREMENTS
INSTALLATION
......@@ -38,16 +39,14 @@ You can configure and compile it in a separate build directory.
There are some examples and dns related tools in the examples/ directory.
These can be built with:
1. cd examples/
2 autoreconf
3. ./configure [--with-ldns=<path to ldns installation or build>]
4. gmake
2. ./configure [--with-ldns=<path to ldns installation or build>]
3. gmake
* Drill
Drill can be built with:
1. cd drill/
2. autoreconf
3. ./configure [--with-ldns=<path to ldns installation or build>]
4. gmake
2. ./configure [--with-ldns=<path to ldns installation or build>]
3. gmake
Note that you need to set LD_LIBRARY_PATH if you want to run the binaries
and you have not installed the library to a system directory. You can use
......
......@@ -5,11 +5,18 @@
# small list of commands to build all on a linux system
# libtoolize is needed for most other targets
# on Solaris, and other systems that may not have
# the default 'automake' and 'aclocal' script aliases,
# the correct versions may need to be set. On those
# systems, the 'autoreconf' line should be changed to:
# AUTOMAKE=automake-1.10 ACLOCAL=aclocal-1.10 autoreconf
# (and these systems probably need gmake instead of make)
# older versions of libtoolize do not support --install
# so you might need to remove that (with newer versions
# it is needed)
libtoolize -c --install
autoreconf
autoreconf --install
./configure
make
make doc # needs doxygen for the html pages
......
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
This diff is collapsed.
......@@ -286,6 +286,12 @@ ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent)
for (i = par_lab -1; i >= 0; i--) {
tmp_sub = ldns_dname_label(sub, j);
tmp_par = ldns_dname_label(parent, i);
if (!tmp_sub || !tmp_par) {
/* deep free does null check */
ldns_rdf_deep_free(tmp_sub);
ldns_rdf_deep_free(tmp_par);
return false;
}
if (ldns_rdf_compare(tmp_sub, tmp_par) != 0) {
/* they are not equal */
......@@ -488,8 +494,15 @@ ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
if (labelcnt == labelpos) {
/* found our label */
tmpnew = LDNS_MALLOC(ldns_rdf);
if (!tmpnew) {
return NULL;
}
tmpnew->_type = LDNS_RDF_TYPE_DNAME;
tmpnew->_data = LDNS_XMALLOC(uint8_t, len + 2);
if (!tmpnew->_data) {
LDNS_FREE(tmpnew);
return NULL;
}
memset(tmpnew->_data, 0, len + 2);
memcpy(tmpnew->_data, ldns_rdf_data(rdf) + src_pos, len + 1);
tmpnew->_size = len + 2;
......
This diff is collapsed.
......@@ -17,6 +17,7 @@
#include <openssl/rand.h>
#include <openssl/err.h>
#include <openssl/md5.h>
#endif /* HAVE_SSL */
ldns_rr *
ldns_create_empty_rrsig(ldns_rr_list *rrset,
......@@ -105,7 +106,7 @@ ldns_create_empty_rrsig(ldns_rr_list *rrset,
return current_sig;
}
#ifdef HAVE_SSL
ldns_rdf *
ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
{
......@@ -128,14 +129,12 @@ ldns_sign_public_buffer(ldns_buffer *sign_buf, ldns_key *current_key)
break;
#ifdef USE_SHA2
case LDNS_SIGN_RSASHA256:
case LDNS_SIGN_RSASHA256_NSEC3:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
EVP_sha256());
break;
case LDNS_SIGN_RSASHA512:
case LDNS_SIGN_RSASHA512_NSEC3:
b64rdf = ldns_sign_public_evp(
sign_buf,
ldns_key_evp_key(current_key),
......@@ -385,7 +384,6 @@ ldns_sign_public_evp(ldns_buffer *to_sign,
return sigdata_rdf;
}
ldns_rdf *
ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
{
......@@ -454,6 +452,23 @@ ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key)
ldns_buffer_free(b64sig);
return sigdata_rdf;
}
#endif /* HAVE_SSL */
static int
ldns_dnssec_name_has_only_a(ldns_dnssec_name *cur_name)
{
ldns_dnssec_rrsets *cur_rrset;
cur_rrset = cur_name->rrsets;
while (cur_rrset) {
if (cur_rrset->type != LDNS_RR_TYPE_A &&
cur_rrset->type != LDNS_RR_TYPE_AAAA) {
return 0;
} else {
cur_rrset = cur_rrset->next;
}
}
return 1;
}
ldns_status
ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
......@@ -466,10 +481,7 @@ ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone)
while (cur_node != LDNS_RBTREE_NULL) {
cur_name = (ldns_dnssec_name *) cur_node->data;
cur_node = ldns_rbtree_next(cur_node);
if (cur_name->rrsets &&
(cur_name->rrsets->type == LDNS_RR_TYPE_A ||
cur_name->rrsets->type == LDNS_RR_TYPE_AAAA
)) {
if (ldns_dnssec_name_has_only_a(cur_name)) {
/* assume glue XXX check for zone cur */
cur_owner = ldns_rdf_clone(ldns_rr_owner(
cur_name->rrsets->rrs->rr));
......@@ -589,6 +601,7 @@ ldns_dnssec_zone_create_nsecs(ldns_dnssec_zone *zone,
return LDNS_STATUS_OK;
}
#ifdef HAVE_SSL
ldns_status
ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
ldns_rr_list *new_rrs,
......@@ -666,6 +679,7 @@ ldns_dnssec_zone_create_nsec3s(ldns_dnssec_zone *zone,
ldns_rr_list_free(nsec3_list);
return result;
}
#endif /* HAVE_SSL */
ldns_dnssec_rrs *
ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
......@@ -755,6 +769,7 @@ ldns_dnssec_remove_signatures(ldns_dnssec_rrs *signatures,
return base_rrs;
}
#ifdef HAVE_SSL
ldns_status
ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
ldns_rr_list *new_rrs,
......@@ -814,9 +829,18 @@ ldns_dnssec_zone_create_rrsigs(ldns_dnssec_zone *zone,
/* only sign non-delegation RRsets */
/* (glue should have been marked earlier) */
if (ldns_rr_list_type(rr_list) != LDNS_RR_TYPE_NS ||
if ((ldns_rr_list_type(rr_list) != LDNS_RR_TYPE_NS ||
ldns_dname_compare(ldns_rr_list_owner(rr_list),
zone->soa->name) == 0) {
zone->soa->name) == 0) &&
/* OK, there is also the possibility that the record
* is glue, but at the same owner name as other records that
* are not NS nor A/AAAA. Bleh, our current data structure
* doesn't really support that... */
!((ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_A ||
ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_AAAA) &&
!ldns_dname_compare(ldns_rr_list_owner(rr_list), zone->soa->name) == 0 &&
ldns_dnssec_zone_find_rrset(zone, ldns_rr_list_owner(rr_list), LDNS_RR_TYPE_NS)
)) {
siglist = ldns_sign_public(rr_list, key_list);
for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) {
......@@ -935,7 +959,7 @@ ldns_dnssec_zone_sign_nsec3(ldns_dnssec_zone *zone,
nsec3 = ((ldns_dnssec_name *)zone->names->root->data)->nsec;
if (nsec3 && ldns_rr_get_type(nsec3) == LDNS_RR_TYPE_NSEC3) {
// no need to recreate
/* no need to recreate */
} else {
if (!ldns_dnssec_zone_find_rrset(zone,
zone->soa->name,
......@@ -1066,5 +1090,5 @@ ldns_zone_sign_nsec3(ldns_zone *zone, ldns_key_list *key_list, uint8_t algorithm
return signed_zone;
}
#endif /* HAVE_SSL */
#endif
This diff is collapsed.
......@@ -340,6 +340,11 @@ ldns_dnssec_name_free_internal(ldns_dnssec_name *name,
if (name->nsec_signatures) {
ldns_dnssec_rrs_free_internal(name->nsec_signatures, deep);
}
if (name->hashed_name) {
if (deep) {
ldns_rdf_deep_free(name->hashed_name);
}
}
LDNS_FREE(name);
}
}
......@@ -409,7 +414,6 @@ ldns_dnssec_name_cmp(const void *a, const void *b)
}
}
ldns_status
ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
ldns_rr *rr)
......@@ -432,6 +436,7 @@ ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
}
#ifdef HAVE_SSL
if (rr_type == LDNS_RR_TYPE_NSEC3 ||
typecovered == LDNS_RR_TYPE_NSEC3) {
name_name = ldns_nsec3_hash_name_frm_nsec3(rr,
......@@ -440,6 +445,9 @@ ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
} else {
name_name = ldns_dnssec_name_name(name);
}
#else
name_name = ldns_dnssec_name_name(name);
#endif /* HAVE_SSL */
if (rr_type == LDNS_RR_TYPE_NSEC ||
rr_type == LDNS_RR_TYPE_NSEC3) {
......@@ -603,10 +611,10 @@ ldns_dname_compare_v(const void *a, const void *b) {
return ldns_dname_compare((ldns_rdf *)a, (ldns_rdf *)b);
}
#ifdef HAVE_SSL
ldns_rbnode_t *
ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone,
ldns_rr *rr) {
ldns_rr *rr) {
ldns_rbnode_t *current_node = ldns_rbtree_first(zone->names);
ldns_dnssec_name *current_name;
ldns_rdf *hashed_name;
......@@ -615,7 +623,6 @@ ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone,
while (current_node != LDNS_RBTREE_NULL) {
current_name = (ldns_dnssec_name *) current_node->data;
if (!current_name->hashed_name) {
current_name->hashed_name =
ldns_nsec3_hash_name_frm_nsec3(rr, current_name->name);
......@@ -623,10 +630,12 @@ ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone,
if (ldns_dname_compare(hashed_name,
current_name->hashed_name)
== 0) {
ldns_rdf_deep_free(hashed_name);
return current_node;
}
current_node = ldns_rbtree_next(current_node);
}
ldns_rdf_deep_free(hashed_name);
return NULL;
}
......@@ -686,6 +695,7 @@ ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
return result;
}
#endif /* HAVE_SSL */
void
ldns_dnssec_zone_names_print(FILE *out, ldns_rbtree_t *tree, bool print_soa)
......
......@@ -11,7 +11,7 @@ mandir = @mandir@
includedir = @includedir@
CC = @CC@
CFLAGS = @CFLAGS@ -I.
CFLAGS = -I. @CFLAGS@
CPPFLAGS = @CPPFLAGS@
LDFLAGS = @LDFLAGS@
LIBS = @LIBS@
......@@ -20,11 +20,11 @@ INSTALL_PROGRAM = $(INSTALL)
LDNSDIR = @LDNSDIR@
LIBS_STC = @LIBS_STC@
COMPILE = $(CC) -Wall $(CPPFLAGS) $(CFLAGS) -I. -I$(srcdir)
COMPILE = $(CC) $(CPPFLAGS) $(CFLAGS) -I. -I$(srcdir)
LINK = $(CC) $(CFLAGS) $(LDFLAGS)
LINT = splint
LINTFLAGS = +quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -D__signed__=signed -I../
LINTFLAGS = +quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -D__signed__=signed -I../ -fixedformalarray
OBJ=drill.o drill_util.o error.o root.o work.o chasetrace.o dnssec.o securetrace.o
SRC=$(OBJ:.o=.c)
......
......@@ -220,6 +220,7 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
* the last argument prev_key_list, if not null, and type == DS, then the ds
* rr list we have must all be a ds for the keys in this list
*/
#ifdef HAVE_SSL
ldns_status
do_chase(ldns_resolver *res,
ldns_rdf *name,
......@@ -341,23 +342,13 @@ do_chase(ldns_resolver *res,
/* if the answer had no answer section, we need to construct our own rr (for instance if
* the rr qe asked for doesn't exist. This rr will be destroyed when the chain is freed */
if (ldns_pkt_ancount(pkt) < 1) {
if (ldns_pkt_ancount(pkt) < 1) {
ldns_rr_set_type(orig_rr, type);
ldns_rr_set_owner(orig_rr, ldns_rdf_clone(name));
chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, ldns_rr_clone(orig_rr));
} else {
/* chase the first answer? */
/*
printf("[XX] answer RR:\n");
ldns_rr_print(stdout, ldns_rr_list_rr(ldns_pkt_answer(pkt), 0));
chain = ldns_dnssec_build_data_chain(res,
qflags,
rrset,
pkt,
ldns_rr_list_rr(ldns_pkt_answer(pkt), 0)
);
*/
/* chase the first answer */
chain = ldns_dnssec_build_data_chain(res, qflags, rrset, pkt, NULL);
}
......@@ -405,42 +396,6 @@ do_chase(ldns_resolver *res,
/* ldns_rr_free(orig_rr);*/
return result;
#if 0
sigs = ldns_pkt_rr_list_by_name_and_type(pkt,
name,
LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANY_NOQUESTION
);
/* these can contain sigs for other rrsets too! */
if (rrset) {
printf("GOT RRSET:\n");
ldns_rr_list_print(stdout, rrset);
printf("\n");
printf("GOT SIGS:\n");
ldns_rr_list_print(stdout, sigs);
printf("\n");
for (sig_i = 0; sig_i < ldns_rr_list_rr_count(sigs); sig_i++) {
cur_sig = ldns_rr_clone(ldns_rr_list_rr(sigs, sig_i));
if (ldns_rdf2native_int16(ldns_rr_rrsig_typecovered(cur_sig)) == type) {
keys = ldns_pkt_rr_list_by_name_and_type(pkt,
ldns_rr_rdf(cur_sig, 7),
LDNS_RR_TYPE_DNSKEY,
LDNS_SECTION_ANY_NOQUESTION
);
result = ldns_verify_trusted(res, rrset, sigs, keys);
}
ldns_rr_free(cur_sig);
}
ldns_rr_list_deep_free(rrset);
printf("[chase] returning: %s\n", ldns_get_errorstr_by_id(result));
return result;
}
#endif
}
#endif /* HAVE_SSL */
......@@ -123,15 +123,40 @@
/* Define to 1 if you have the ANSI C header files. */
#undef STDC_HEADERS
/* the version of the windows API enabled */
#undef WINVER
/* Define to 1 if on AIX 3.
System headers sometimes define this.
We just want to avoid a redefinition error message. */
/* Enable extensions on AIX 3, Interix. */
#ifndef _ALL_SOURCE
# undef _ALL_SOURCE
#endif
/* Enable GNU extensions on systems that have them. */
#ifndef _GNU_SOURCE
# undef _GNU_SOURCE
#endif
/* Enable threading extensions on Solaris. */
#ifndef _POSIX_PTHREAD_SEMANTICS
# undef _POSIX_PTHREAD_SEMANTICS
#endif
/* Enable extensions on HP NonStop. */
#ifndef _TANDEM_SOURCE
# undef _TANDEM_SOURCE
#endif
/* Enable general extensions on Solaris. */
#ifndef __EXTENSIONS__
# undef __EXTENSIONS__
#endif
/* the version of the windows API enabled */
#undef WINVER
/* Define to 1 if on MINIX. */
#undef _MINIX
/* Define to 2 if the system does not provide POSIX.1 features except with
this defined. */
#undef _POSIX_1_SOURCE
/* Define to 1 if you need to in order for `stat' and other things to work. */
#undef _POSIX_SOURCE
/* in_addr_t */
#undef in_addr_t
......
This diff is collapsed.
......@@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_INIT(ldns, 1.5.1, libdns@nlnetlabs.nl,libdns)
AC_INIT(ldns, 1.6.0, libdns@nlnetlabs.nl,libdns)
AC_CONFIG_SRCDIR([drill.c])
OURCPPFLAGS=''
......
......@@ -81,9 +81,8 @@ Chase the signature(s) of 'name' to a known key or as high up in
the tree as possible.
.TP
\fB\-V
Be more verbose. Enable once for more messages on the screen. Enable twice
for a hexdump of the packets sent.
\fB\-V \fIlevel\fR
Be more verbose. Set level to 5 to see the actual query that is sent.
.TP
\fB\-Q
......
......@@ -29,8 +29,10 @@ usage(FILE *stream, const char *progname)
fprintf(stream, "\n\targuments may be placed in random order\n");
fprintf(stream, "\n Options:\n");
fprintf(stream, "\t-D\t\tenable DNSSEC (DO bit)\n");
#ifdef HAVE_SSL
fprintf(stream, "\t-T\t\ttrace from the root down to <name>\n");
fprintf(stream, "\t-S\t\tchase signature(s) from <name> to a know key [*]\n");
#endif /*HAVE_SSL*/
fprintf(stream, "\t-V <number>\tverbosity (0-5)\n");
fprintf(stream, "\t-Q\t\tquiet mode (overrules -V)\n");
fprintf(stream, "\n");
......@@ -50,9 +52,6 @@ usage(FILE *stream, const char *progname)
fprintf(stream, "\t\t\tused to verify any signatures in the current answer\n");
fprintf(stream, "\t-o <mnemonic>\tset flags to: [QR|qr][AA|aa][TC|tc][RD|rd][CD|cd][RA|ra][AD|ad]\n");
fprintf(stream, "\t\t\tlowercase: unset bit, uppercase: set bit\n");
#if 0
fprintf(stream, "\t-O <opcode>\tset the opcode to: [query, iquery, status, notify, update]]\n");
#endif
fprintf(stream, "\t-p <port>\tuse <port> as remote port number\n");
fprintf(stream, "\t-s\t\tshow the DS RR for each key in a packet\n");
fprintf(stream, "\t-u\t\tsend the query with udp (the default)\n");
......@@ -117,11 +116,11 @@ main(int argc, char *argv[])
char *tsig_name = NULL;
char *tsig_data = NULL;
char *tsig_algorithm = NULL;
ldns_rr *dnssec_key;
size_t tsig_separator;
size_t tsig_separator2;
ldns_rr *axfr_rr;
ldns_status status;
char *type_str;
/* list of keys used in dnssec operations */
ldns_rr_list *key_list = ldns_rr_list_new();
......@@ -205,6 +204,7 @@ main(int argc, char *argv[])
case 'I':
/* reserved for backward compatibility */
break;
#ifdef HAVE_SSL
case 'T':
if (PURPOSE == DRILL_CHASE) {
fprintf(stderr, "-T and -S cannot be used at the same time.\n");
......@@ -219,6 +219,7 @@ main(int argc, char *argv[])
}
PURPOSE = DRILL_CHASE;
break;
#endif /* HAVE_SSL */
case 'V':
verbosity = atoi(optarg);
break;
......@@ -267,11 +268,10 @@ main(int argc, char *argv[])
qusevc = true;
break;
case 'k':
dnssec_key = read_key_file(optarg);
if (!dnssec_key) {
error("Could not parse the key file: %s", optarg);
status = read_key_file(optarg, key_list);
if (status != LDNS_STATUS_OK) {
error("Could not parse the key file %s: %s", optarg, ldns_get_errorstr_by_id(status));
}
ldns_rr_list_push_rr(key_list, dnssec_key);
qdnssec = true; /* enable that too */
break;
case 'o':
......@@ -567,7 +567,9 @@ main(int argc, char *argv[])
error("%s", "making qname");
}
/* don't care about return packet */
#ifdef HAVE_SSL
result = do_secure_trace(res, qname, type, clas, key_list, trace_start_name);
#endif /* HAVE_SSL */
clear_root();
break;
case DRILL_CHASE:
......@@ -593,6 +595,7 @@ main(int argc, char *argv[])
if (!ldns_pkt_answer(pkt)) {
mesg("No answer in packet");
} else {
#ifdef HAVE_SSL
ldns_resolver_set_dnssec_anchors(res, ldns_rr_list_clone(key_list));
result = do_chase(res, qname, type,
clas, key_list,
......@@ -608,6 +611,7 @@ main(int argc, char *argv[])
mesg("Chase failed.");
}
}
#endif /* HAVE_SSL */
}
ldns_pkt_free(pkt);
}
......@@ -641,6 +645,9 @@ main(int argc, char *argv[])
case DRILL_REVERSE:
/* ipv4 or ipv6 addr? */
if (strchr(name, ':')) {
if (strchr(name, '.')) {
error("Syntax error: both '.' and ':' seen in address\n");
}
name2 = malloc(IP6_ARPA_MAX_LEN + 20);
c = 0;
for (i=0; i<(int)strlen(name); i++) {
......@@ -821,13 +828,34 @@ main(int argc, char *argv[])
}
/* verify */
result = ldns_pkt_verify(pkt, type, qname, key_list, NULL, NULL);
#ifdef HAVE_SSL
key_verified = ldns_rr_list_new();
result = ldns_pkt_verify(pkt, type, qname, key_list, NULL, key_verified);
if (result == LDNS_STATUS_OK) {
if (result == LDNS_STATUS_ERR) {
/* is the existence denied then? */
result = ldns_verify_denial(pkt, qname, type, NULL, NULL);
if (result == LDNS_STATUS_OK) {
if (verbosity != -1) {
printf("Existence denied for ");
ldns_rdf_print(stdout, qname);
type_str = ldns_rr_type2str(type);
printf("\t%s\n", type_str);
LDNS_FREE(type_str);
}
} else {
if (verbosity != -1) {
printf("Bad data; RR for name and "
"type not found or failed to "
"verify, and denial of "
"existence failed.\n");
}
}
} else if (result == LDNS_STATUS_OK) {
for(key_count = 0; key_count < ldns_rr_list_rr_count(key_verified);