diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2009-07-15 18:21:15 +0200 |
---|---|---|
committer | Simo Sorce <ssorce@redhat.com> | 2009-07-24 10:21:43 -0400 |
commit | b6bf81803977318aad8b876a56a42e4a3ffbae6a (patch) | |
tree | edc8117a07bce3e6cbe0a7ff5e2dd674afdcc2dc | |
parent | b919feeb115751ddda02a326e1d2636f1c83e32f (diff) | |
download | sssd-b6bf81803977318aad8b876a56a42e4a3ffbae6a.tar.gz sssd-b6bf81803977318aad8b876a56a42e4a3ffbae6a.tar.bz2 sssd-b6bf81803977318aad8b876a56a42e4a3ffbae6a.zip |
Add ares helpers into sssd
This patch adds ares parsing functions that are not yet upstreamed
together with a private ares header file (ares_dns.h) that contains
some necessary macros for parsing common structures in the replies.
Users of these two parsing functions must also include the header files
ares_parse_{srv,txt}_reply.h that contain the function and structures
declarations that should eventually end up in upstream ares.h
-rw-r--r-- | server/Makefile.am | 12 | ||||
-rw-r--r-- | server/external/libcares.m4 | 22 | ||||
-rw-r--r-- | server/resolv/ares/ares_dns.h | 91 | ||||
-rw-r--r-- | server/resolv/ares/ares_parse_srv_reply.c | 173 | ||||
-rw-r--r-- | server/resolv/ares/ares_parse_srv_reply.h | 14 | ||||
-rw-r--r-- | server/resolv/ares/ares_parse_txt_reply.c | 157 | ||||
-rw-r--r-- | server/resolv/ares/ares_parse_txt_reply.h | 12 | ||||
-rw-r--r-- | server/resolv/async_resolv.c | 10 | ||||
-rw-r--r-- | server/resolv/async_resolv.h | 8 |
9 files changed, 498 insertions, 1 deletions
diff --git a/server/Makefile.am b/server/Makefile.am index 575f5212..4ee344bb 100644 --- a/server/Makefile.am +++ b/server/Makefile.am @@ -151,6 +151,13 @@ SSSD_TOOLS_OBJ = \ SSSD_RESOLV_OBJ = \ resolv/async_resolv.c +if BUILD_ARES_PARSE_SRV + SSSD_RESOLV_OBJ += resolv/ares/ares_parse_srv_reply.c +endif +if BUILD_ARES_PARSE_TXT + SSSD_RESOLV_OBJ += resolv/ares/ares_parse_txt_reply.c +endif + SSSD_LIBS = \ $(TALLOC_LIBS) \ @@ -200,7 +207,10 @@ dist_noinst_HEADERS = \ providers/ldap/sdap_async.h \ tools/tools_util.h \ krb5_plugin/sssd_krb5_locator_plugin.h \ - resolv/async_resolv.h + resolv/async_resolv.h \ + resolv/ares/ares_parse_srv_reply.h \ + resolv/ares/ares_parse_txt_reply.h + #################### # Program Binaries # diff --git a/server/external/libcares.m4 b/server/external/libcares.m4 index 09451b3f..020a1708 100644 --- a/server/external/libcares.m4 +++ b/server/external/libcares.m4 @@ -7,3 +7,25 @@ AC_CHECK_HEADERS(ares.h, [AC_MSG_ERROR([c-ares header files are not installed])] ) +dnl Check if this particular version of c-ares supports parsing of SRV records +AC_CHECK_LIB([cares], + [ares_parse_srv_reply], + [AC_DEFINE([HAVE_ARES_PARSE_SRV], 1, [Does c-ares support srv parsing?]) + ], + [ + ares_build_srv=1 + ] +) + +dnl Check if this particular version of c-ares supports parsing of TXT records +AC_CHECK_LIB([cares], + [ares_parse_txt_reply], + [AC_DEFINE([HAVE_ARES_PARSE_TXT], 1, [Does c-ares support txt parsing?]) + ], + [ + ares_build_txt=1 + ] +) + +AM_CONDITIONAL(BUILD_ARES_PARSE_SRV, test x$ares_build_srv = x1) +AM_CONDITIONAL(BUILD_ARES_PARSE_TXT, test x$ares_build_txt = x1) diff --git a/server/resolv/ares/ares_dns.h b/server/resolv/ares/ares_dns.h new file mode 100644 index 00000000..c0a9dda6 --- /dev/null +++ b/server/resolv/ares/ares_dns.h @@ -0,0 +1,91 @@ +/* $Id: ares_dns.h,v 1.8 2007-02-16 14:22:08 yangtse Exp $ */ + +/* Copyright 1998 by the Massachusetts Institute of Technology. + * + * Permission to use, copy, modify, and distribute this + * software and its documentation for any purpose and without + * fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright + * notice and this permission notice appear in supporting + * documentation, and that the name of M.I.T. not be used in + * advertising or publicity pertaining to distribution of the + * software without specific, written prior permission. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" + * without express or implied warranty. + */ + +#ifndef ARES__DNS_H +#define ARES__DNS_H + +#define DNS__16BIT(p) (((p)[0] << 8) | (p)[1]) +#define DNS__32BIT(p) (((p)[0] << 24) | ((p)[1] << 16) | \ + ((p)[2] << 8) | (p)[3]) + +#define DNS__SET16BIT(p, v) (((p)[0] = (unsigned char)(((v) >> 8) & 0xff)), \ + ((p)[1] = (unsigned char)((v) & 0xff))) +#define DNS__SET32BIT(p, v) (((p)[0] = (unsigned char)(((v) >> 24) & 0xff)), \ + ((p)[1] = (unsigned char)(((v) >> 16) & 0xff)), \ + ((p)[2] = (unsigned char)(((v) >> 8) & 0xff)), \ + ((p)[3] = (unsigned char)((v) & 0xff))) + +#if 0 +/* we cannot use this approach on systems where we can't access 16/32 bit + data on un-aligned addresses */ +#define DNS__16BIT(p) ntohs(*(unsigned short*)(p)) +#define DNS__32BIT(p) ntohl(*(unsigned long*)(p)) +#define DNS__SET16BIT(p, v) *(unsigned short*)(p) = htons(v) +#define DNS__SET32BIT(p, v) *(unsigned long*)(p) = htonl(v) +#endif + +/* Macros for parsing a DNS header */ +#define DNS_HEADER_QID(h) DNS__16BIT(h) +#define DNS_HEADER_QR(h) (((h)[2] >> 7) & 0x1) +#define DNS_HEADER_OPCODE(h) (((h)[2] >> 3) & 0xf) +#define DNS_HEADER_AA(h) (((h)[2] >> 2) & 0x1) +#define DNS_HEADER_TC(h) (((h)[2] >> 1) & 0x1) +#define DNS_HEADER_RD(h) ((h)[2] & 0x1) +#define DNS_HEADER_RA(h) (((h)[3] >> 7) & 0x1) +#define DNS_HEADER_Z(h) (((h)[3] >> 4) & 0x7) +#define DNS_HEADER_RCODE(h) ((h)[3] & 0xf) +#define DNS_HEADER_QDCOUNT(h) DNS__16BIT((h) + 4) +#define DNS_HEADER_ANCOUNT(h) DNS__16BIT((h) + 6) +#define DNS_HEADER_NSCOUNT(h) DNS__16BIT((h) + 8) +#define DNS_HEADER_ARCOUNT(h) DNS__16BIT((h) + 10) + +/* Macros for constructing a DNS header */ +#define DNS_HEADER_SET_QID(h, v) DNS__SET16BIT(h, v) +#define DNS_HEADER_SET_QR(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 7)) +#define DNS_HEADER_SET_OPCODE(h, v) ((h)[2] |= (unsigned char)(((v) & 0xf) << 3)) +#define DNS_HEADER_SET_AA(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 2)) +#define DNS_HEADER_SET_TC(h, v) ((h)[2] |= (unsigned char)(((v) & 0x1) << 1)) +#define DNS_HEADER_SET_RD(h, v) ((h)[2] |= (unsigned char)((v) & 0x1)) +#define DNS_HEADER_SET_RA(h, v) ((h)[3] |= (unsigned char)(((v) & 0x1) << 7)) +#define DNS_HEADER_SET_Z(h, v) ((h)[3] |= (unsigned char)(((v) & 0x7) << 4)) +#define DNS_HEADER_SET_RCODE(h, v) ((h)[3] |= (unsigned char)((v) & 0xf)) +#define DNS_HEADER_SET_QDCOUNT(h, v) DNS__SET16BIT((h) + 4, v) +#define DNS_HEADER_SET_ANCOUNT(h, v) DNS__SET16BIT((h) + 6, v) +#define DNS_HEADER_SET_NSCOUNT(h, v) DNS__SET16BIT((h) + 8, v) +#define DNS_HEADER_SET_ARCOUNT(h, v) DNS__SET16BIT((h) + 10, v) + +/* Macros for parsing the fixed part of a DNS question */ +#define DNS_QUESTION_TYPE(q) DNS__16BIT(q) +#define DNS_QUESTION_CLASS(q) DNS__16BIT((q) + 2) + +/* Macros for constructing the fixed part of a DNS question */ +#define DNS_QUESTION_SET_TYPE(q, v) DNS__SET16BIT(q, v) +#define DNS_QUESTION_SET_CLASS(q, v) DNS__SET16BIT((q) + 2, v) + +/* Macros for parsing the fixed part of a DNS resource record */ +#define DNS_RR_TYPE(r) DNS__16BIT(r) +#define DNS_RR_CLASS(r) DNS__16BIT((r) + 2) +#define DNS_RR_TTL(r) DNS__32BIT((r) + 4) +#define DNS_RR_LEN(r) DNS__16BIT((r) + 8) + +/* Macros for constructing the fixed part of a DNS resource record */ +#define DNS_RR_SET_TYPE(r) DNS__SET16BIT(r, v) +#define DNS_RR_SET_CLASS(r) DNS__SET16BIT((r) + 2, v) +#define DNS_RR_SET_TTL(r) DNS__SET32BIT((r) + 4, v) +#define DNS_RR_SET_LEN(r) DNS__SET16BIT((r) + 8, v) + +#endif /* ARES__DNS_H */ diff --git a/server/resolv/ares/ares_parse_srv_reply.c b/server/resolv/ares/ares_parse_srv_reply.c new file mode 100644 index 00000000..9745fb07 --- /dev/null +++ b/server/resolv/ares/ares_parse_srv_reply.c @@ -0,0 +1,173 @@ +/* + SSSD + + Async resolver - SRV records parsing + + Authors: + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) Red Hat, Inc 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* + * This code is based on other c-ares parsing licensed as follows: + + * Copyright 1998 by the Massachusetts Institute of Technology. + * + * Permission to use, copy, modify, and distribute this + * software and its documentation for any purpose and without + * fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright + * notice and this permission notice appear in supporting + * documentation, and that the name of M.I.T. not be used in + * advertising or publicity pertaining to distribution of the + * software without specific, written prior permission. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" + * without express or implied warranty. + */ + + +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> +#include <arpa/nameser.h> +#include <stdlib.h> +#include <string.h> +#include "ares.h" +/* this drags in some private macros c-ares uses */ +#include "ares_dns.h" + +#include "ares_parse_srv_reply.h" + +int _ares_parse_srv_reply (const unsigned char *abuf, int alen, + struct srv_reply **srv_out, int *nsrvreply) +{ + unsigned int qdcount, ancount; + const unsigned char *aptr; + int status, i, rr_type, rr_class, rr_len; + long len; + char *hostname = NULL, *rr_name = NULL; + struct srv_reply *srv = NULL; + + /* Set *srv_out to NULL for all failure cases. */ + if (srv_out) + *srv_out = NULL; + /* Same with *nsrvreply. */ + if (nsrvreply) + *nsrvreply = 0; + + /* Give up if abuf doesn't have room for a header. */ + if (alen < HFIXEDSZ) + return ARES_EBADRESP; + + /* Fetch the question and answer count from the header. */ + qdcount = DNS_HEADER_QDCOUNT (abuf); + ancount = DNS_HEADER_ANCOUNT (abuf); + if (qdcount != 1) + return ARES_EBADRESP; + if (ancount == 0) + return ARES_ENODATA; + + /* Expand the name from the question, and skip past the question. */ + aptr = abuf + HFIXEDSZ; + status = ares_expand_name (aptr, abuf, alen, &hostname, &len); + if (status != ARES_SUCCESS) + return status; + + if (aptr + len + QFIXEDSZ > abuf + alen) + { + free (hostname); + return ARES_EBADRESP; + } + aptr += len + QFIXEDSZ; + + /* Allocate srv_reply array; ancount gives an upper bound */ + srv = malloc ((ancount) * sizeof (struct srv_reply)); + if (!srv) + { + free (hostname); + return ARES_ENOMEM; + } + + /* Examine each answer resource record (RR) in turn. */ + for (i = 0; i < (int) ancount; i++) + { + /* Decode the RR up to the data field. */ + status = ares_expand_name (aptr, abuf, alen, &rr_name, &len); + if (status != ARES_SUCCESS) + { + break; + } + aptr += len; + if (aptr + RRFIXEDSZ > abuf + alen) + { + status = ARES_EBADRESP; + break; + } + rr_type = DNS_RR_TYPE (aptr); + rr_class = DNS_RR_CLASS (aptr); + rr_len = DNS_RR_LEN (aptr); + aptr += RRFIXEDSZ; + + /* Check if we are really looking at a SRV record */ + if (rr_class == C_IN && rr_type == T_SRV) + { + /* parse the SRV record itself */ + if (rr_len < 6) + { + status = ARES_EBADRESP; + break; + } + + srv[i].priority = ntohs (*((const uint16_t *)aptr)); + aptr += sizeof(uint16_t); + srv[i].weight = ntohs (*((const uint16_t *)aptr)); + aptr += sizeof(uint16_t); + srv[i].port = ntohs (*((const uint16_t *)aptr)); + aptr += sizeof(uint16_t); + + status = ares_expand_name (aptr, abuf, alen, &srv[i].host, &len); + if (status != ARES_SUCCESS) + break; + + /* Move on to the next record */ + aptr += len; + + /* Don't lose memory in the next iteration */ + free (rr_name); + rr_name = NULL; + } + } + + /* clean up on error */ + if (status != ARES_SUCCESS) + { + free (srv); + free (hostname); + free (rr_name); + return status; + } + + /* everything looks fine, return the data */ + *srv_out = srv; + *nsrvreply = ancount; + + free (hostname); + free (rr_name); + return status; +} diff --git a/server/resolv/ares/ares_parse_srv_reply.h b/server/resolv/ares/ares_parse_srv_reply.h new file mode 100644 index 00000000..43eb4154 --- /dev/null +++ b/server/resolv/ares/ares_parse_srv_reply.h @@ -0,0 +1,14 @@ +#ifndef __ARES_PARSE_SRV_REPLY_H__ +#define __ARES_PARSE_SRV_REPLY_H__ + +struct srv_reply { + u_int16_t weight; + u_int16_t priority; + u_int16_t port; + char *host; +}; + +int _ares_parse_srv_reply (const unsigned char *abuf, int alen, + struct srv_reply **srv_out, int *nsrvreply); + +#endif /* __ARES_PARSE_SRV_REPLY_H__ */ diff --git a/server/resolv/ares/ares_parse_txt_reply.c b/server/resolv/ares/ares_parse_txt_reply.c new file mode 100644 index 00000000..feb6af23 --- /dev/null +++ b/server/resolv/ares/ares_parse_txt_reply.c @@ -0,0 +1,157 @@ +/* + SSSD + + Async resolver - TXT records parsing + + Authors: + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) Red Hat, Inc 2009 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +/* + * This code is based on other c-ares parsing licensed as follows: + + * Copyright 1998 by the Massachusetts Institute of Technology. + * + * Permission to use, copy, modify, and distribute this + * software and its documentation for any purpose and without + * fee is hereby granted, provided that the above copyright + * notice appear in all copies and that both that copyright + * notice and this permission notice appear in supporting + * documentation, and that the name of M.I.T. not be used in + * advertising or publicity pertaining to distribution of the + * software without specific, written prior permission. + * M.I.T. makes no representations about the suitability of + * this software for any purpose. It is provided "as is" + * without express or implied warranty. + */ + +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <netdb.h> +#include <arpa/nameser.h> +#include <stdlib.h> +#include <string.h> +#include "ares.h" +/* this drags in some private macros c-ares uses */ +#include "ares_dns.h" + +#include "ares_parse_txt_reply.h" + +int _ares_parse_txt_reply(const unsigned char* abuf, int alen, + struct txt_reply **txt_out, int *ntxtreply) +{ + unsigned int qdcount, ancount; + const unsigned char *aptr; + int status, i, rr_type, rr_class, rr_len; + long len; + char *hostname = NULL, *rr_name = NULL; + struct txt_reply *txt = NULL; + + if (txt_out) + *txt_out = NULL; + + /* Give up if abuf doesn't have room for a header. */ + if (alen < HFIXEDSZ) + return ARES_EBADRESP; + + /* Fetch the question and answer count from the header. */ + qdcount = DNS_HEADER_QDCOUNT(abuf); + ancount = DNS_HEADER_ANCOUNT(abuf); + if (qdcount != 1) + return ARES_EBADRESP; + if (ancount == 0) + return ARES_ENODATA; + + /* Expand the name from the question, and skip past the question. */ + aptr = abuf + HFIXEDSZ; + status = ares_expand_name(aptr, abuf, alen, &hostname, &len); + if (status != ARES_SUCCESS) + return status; + + if (aptr + len + QFIXEDSZ > abuf + alen) + { + free (hostname); + return ARES_EBADRESP; + } + aptr += len + QFIXEDSZ; + + /* Allocate txt_reply array; ancount gives an upper bound */ + txt = malloc ((ancount) * sizeof (struct txt_reply)); + if (!txt) + { + free (hostname); + return ARES_ENOMEM; + } + + /* Examine each answer resource record (RR) in turn. */ + for (i = 0; i < (int) ancount; i++) + { + /* Decode the RR up to the data field. */ + status = ares_expand_name(aptr, abuf, alen, &rr_name, &len); + if (status != ARES_SUCCESS) + { + break; + } + aptr += len; + if (aptr + RRFIXEDSZ > abuf + alen) + { + status = ARES_EBADRESP; + break; + } + rr_type = DNS_RR_TYPE(aptr); + rr_class = DNS_RR_CLASS(aptr); + rr_len = DNS_RR_LEN(aptr); + aptr += RRFIXEDSZ; + + /* Check if we are really looking at a TXT record */ + if (rr_class == C_IN && rr_type == T_TXT) + { + /* Grab the TXT payload */ + txt[i].length = rr_len; + txt[i].txt = malloc(sizeof(unsigned char) * rr_len); + if (txt[i].txt == NULL) + { + status = ARES_ENOMEM; + break; + } + memcpy((void *) txt[i].txt, aptr+1, sizeof(unsigned char) * rr_len); + /* Move on to the next record */ + aptr += rr_len; + } + + /* Don't lose memory in the next iteration */ + free(rr_name); + rr_name = NULL; + } + + free(hostname); + free(rr_name); + + /* clean up on error */ + if (status != ARES_SUCCESS) + { + free (txt); + return status; + } + + /* everything looks fine, return the data */ + *txt_out = txt; + *ntxtreply = ancount; + return 0; +} diff --git a/server/resolv/ares/ares_parse_txt_reply.h b/server/resolv/ares/ares_parse_txt_reply.h new file mode 100644 index 00000000..b1e32698 --- /dev/null +++ b/server/resolv/ares/ares_parse_txt_reply.h @@ -0,0 +1,12 @@ +#ifndef __ARES_PARSE_TXT_REPLY_H__ +#define __ARES_PARSE_TXT_REPLY_H__ + +struct txt_reply { + int length; /* length of the text */ + unsigned char *txt; /* may contain nulls */ +}; + +int _ares_parse_txt_reply(const unsigned char* abuf, int alen, + struct txt_reply **txt_out, int *ntxtreply); + +#endif /* __ARES_PARSE_TXT_REPLY_H__ */ diff --git a/server/resolv/async_resolv.c b/server/resolv/async_resolv.c index 70bea6c8..b77819c0 100644 --- a/server/resolv/async_resolv.c +++ b/server/resolv/async_resolv.c @@ -42,6 +42,16 @@ #include "util/dlinklist.h" #include "util/util.h" +#ifndef HAVE_ARES_PARSE_SRV +#define ares_parse_srv_reply(abuf, alen, srv_out, nsrvreply) \ + _ares_parse_srv_reply(abuf, alen, srv_out, nsrvreply) +#endif /* HAVE_ARES_PARSE_SRV */ + +#ifndef HAVE_ARES_PARSE_TXT +#define ares_parse_txt_reply(abuf, alen, txt_out, ntxtreply) \ + _ares_parse_txt_reply(abuf, alen, txt_out, ntxtreply) +#endif /* HAVE_ARES_PARSE_TXT */ + /* TODO: remove later * These functions are available in the latest tevent/talloc and are the ones * that should be used as tevent_req is rightfully opaque there */ diff --git a/server/resolv/async_resolv.h b/server/resolv/async_resolv.h index 6acb6b2a..aabf871b 100644 --- a/server/resolv/async_resolv.h +++ b/server/resolv/async_resolv.h @@ -29,6 +29,14 @@ #include <netdb.h> #include <ares.h> +#ifndef HAVE_ARES_PARSE_TXT +#include "resolv/ares/ares_parse_txt_reply.h" +#endif /* HAVE_ARES_PARSE_TXT */ + +#ifndef HAVE_ARES_PARSE_SRV +#include "resolv/ares/ares_parse_srv_reply.h" +#endif /* HAVE_ARES_PARSE_SRV */ + /* * An opaque structure which holds context for a module using the async * resolver. Is should be used as a "local-global" variable - in sssd, |