1/* update.c 2 * 3 * Functions for RFC 2136 Dynamic Update 4 * 5 * Copyright (c) 2005-2008, NLnet Labs. All rights reserved. 6 * 7 * See LICENSE for the license. 8 */ 9 10#include <ldns/config.h> 11 12#include <ldns/ldns.h> 13 14#include <strings.h> 15#include <stdlib.h> 16#include <limits.h> 17 18/* 19 * RFC 2136 sections mapped to RFC 1035: 20 * zone/ZO -- QD/question 21 * prerequisites/PR -- AN/answers 22 * updates/UP -- NS/authority records 23 * additional data/AD -- AR/additional records 24 */ 25 26ldns_pkt * 27ldns_update_pkt_new(ldns_rdf *zone_rdf, ldns_rr_class c, 28 const ldns_rr_list *pr_rrlist, const ldns_rr_list *up_rrlist, const ldns_rr_list *ad_rrlist) 29{ 30 ldns_pkt *p; 31 32 if (!zone_rdf || !up_rrlist) { 33 return NULL; 34 } 35 36 if (c == 0) { 37 c = LDNS_RR_CLASS_IN; 38 } 39 40 /* Create packet, fill in Zone Section. */ 41 p = ldns_pkt_query_new(zone_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); 42 if (!p) { 43 return NULL; 44 } 45 zone_rdf = NULL; /* No longer safe to use. */ 46 47 ldns_pkt_set_opcode(p, LDNS_PACKET_UPDATE); 48 49 ldns_rr_list_deep_free(p->_authority); 50 51 ldns_pkt_set_authority(p, ldns_rr_list_clone(up_rrlist)); 52 53 ldns_update_set_upcount(p, ldns_rr_list_rr_count(up_rrlist)); 54 55 if (pr_rrlist) { 56 ldns_rr_list_deep_free(p->_answer); /*XXX access function */ 57 ldns_pkt_set_answer(p, ldns_rr_list_clone(pr_rrlist)); 58 ldns_update_set_prcount(p, ldns_rr_list_rr_count(pr_rrlist)); 59 } 60 61 if (ad_rrlist) { 62 ldns_rr_list_deep_free(p->_additional); 63 ldns_pkt_set_additional(p, ldns_rr_list_clone(ad_rrlist)); 64 ldns_update_set_adcount(p, ldns_rr_list_rr_count(ad_rrlist)); 65 } 66 return p; 67} 68 69ldns_status 70ldns_update_pkt_tsig_add(ldns_pkt *p, const ldns_resolver *r) 71{ 72#ifdef HAVE_SSL 73 uint16_t fudge = 300; /* Recommended fudge. [RFC2845 6.4] */ 74 if (ldns_resolver_tsig_keyname(r) && ldns_resolver_tsig_keydata(r)) 75 return ldns_pkt_tsig_sign(p, ldns_resolver_tsig_keyname(r), 76 ldns_resolver_tsig_keydata(r), fudge, 77 ldns_resolver_tsig_algorithm(r), NULL); 78#else 79 /* do nothing */ 80 (void)p; 81 (void)r; 82#endif /* HAVE_SSL */ 83 /* No TSIG to do. */ 84 return LDNS_STATUS_OK; 85} 86 87/* Move to higher.c or similar? */ 88/* XXX doc */ 89ldns_status 90ldns_update_soa_mname(ldns_rdf *zone, ldns_resolver *r, 91 ldns_rr_class c, ldns_rdf **mname) 92{ 93 ldns_rr *soa_rr; 94 ldns_pkt *query, *resp; 95 96 /* Nondestructive, so clone 'zone' here */ 97 query = ldns_pkt_query_new(ldns_rdf_clone(zone), LDNS_RR_TYPE_SOA, 98 c, LDNS_RD); 99 if (!query) { 100 return LDNS_STATUS_ERR; 101 } 102 103 ldns_pkt_set_random_id(query); 104 if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { 105 ldns_pkt_free(query); 106 return LDNS_STATUS_ERR; 107 } 108 ldns_pkt_free(query); 109 if (!resp) { 110 return LDNS_STATUS_ERR; 111 } 112 113 /* Expect a SOA answer. */ 114 *mname = NULL; 115 while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)))) { 116 if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA 117 || ldns_rr_rdf(soa_rr, 0) == NULL) 118 continue; 119 /* [RFC1035 3.3.13] */ 120 *mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); 121 break; 122 } 123 ldns_pkt_free(resp); 124 125 return *mname ? LDNS_STATUS_OK : LDNS_STATUS_ERR; 126} 127 128/* Try to get zone and MNAME from SOA queries. */ 129ldns_status 130ldns_update_soa_zone_mname(const char *fqdn, ldns_resolver *r, 131 ldns_rr_class c, ldns_rdf **zone_rdf, ldns_rdf **mname_rdf) 132{ 133 ldns_rr *soa_rr, *rr; 134 ldns_rdf *soa_zone = NULL, *soa_mname = NULL; 135 ldns_rdf *ipaddr, *fqdn_rdf, *tmp; 136 ldns_rdf **nslist; 137 ldns_pkt *query, *resp; 138 ldns_resolver *tmp_r; 139 size_t i; 140 141 /* 142 * XXX Ok, this cannot be the best way to find this...? 143 * XXX (I run into weird cache-related stuff here) 144 */ 145 146 /* Step 1 - first find a nameserver that should know *something* */ 147 fqdn_rdf = ldns_dname_new_frm_str(fqdn); 148 query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); 149 if (!query) { 150 return LDNS_STATUS_ERR; 151 } 152 fqdn_rdf = NULL; 153 154 ldns_pkt_set_random_id(query); 155 if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { 156 ldns_pkt_free(query); 157 return LDNS_STATUS_ERR; 158 } 159 ldns_pkt_free(query); 160 if (!resp) { 161 return LDNS_STATUS_ERR; 162 } 163 164 /* XXX Is it safe to only look in authority section here? */ 165 while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { 166 if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA 167 || ldns_rr_rdf(soa_rr, 0) == NULL) 168 continue; 169 /* [RFC1035 3.3.13] */ 170 soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); 171 break; 172 } 173 ldns_pkt_free(resp); 174 if (!soa_rr) { 175 return LDNS_STATUS_ERR; 176 } 177 178 /* Step 2 - find SOA MNAME IP address, add to resolver */ 179 query = ldns_pkt_query_new(soa_mname, LDNS_RR_TYPE_A, c, LDNS_RD); 180 if (!query) { 181 return LDNS_STATUS_ERR; 182 } 183 soa_mname = NULL; 184 185 ldns_pkt_set_random_id(query); 186 if (ldns_resolver_send_pkt(&resp, r, query) != LDNS_STATUS_OK) { 187 ldns_pkt_free(query); 188 return LDNS_STATUS_ERR; 189 } 190 ldns_pkt_free(query); 191 if (!resp) { 192 return LDNS_STATUS_ERR; 193 } 194 195 if (ldns_pkt_ancount(resp) == 0) { 196 ldns_pkt_free(resp); 197 return LDNS_STATUS_ERR; 198 } 199 200 /* XXX There may be more than one answer RR here. */ 201 rr = ldns_rr_list_pop_rr(ldns_pkt_answer(resp)); 202 ipaddr = ldns_rr_rdf(rr, 0); 203 204 /* Put the SOA mname IP first in the nameserver list. */ 205 if (!(tmp_r = ldns_resolver_clone(r))) { 206 return LDNS_STATUS_MEM_ERR; 207 } 208 nslist = ldns_resolver_nameservers(tmp_r); 209 for (i = 0; i < ldns_resolver_nameserver_count(tmp_r); i++) { 210 if (ldns_rdf_compare(ipaddr, nslist[i]) == 0) { 211 if (i) { 212 tmp = nslist[0]; 213 nslist[0] = nslist[i]; 214 nslist[i] = tmp; 215 } 216 break; 217 } 218 } 219 if (i >= ldns_resolver_nameserver_count(tmp_r)) { 220 /* SOA mname was not part of the resolver so add it first. */ 221 (void) ldns_resolver_push_nameserver(tmp_r, ipaddr); 222 nslist = ldns_resolver_nameservers(tmp_r); 223 i = ldns_resolver_nameserver_count(tmp_r) - 1; 224 tmp = nslist[0]; 225 nslist[0] = nslist[i]; 226 nslist[i] = tmp; 227 } 228 ldns_pkt_free(resp); 229 230 /* Make sure to ask the first in the list, i.e SOA mname */ 231 ldns_resolver_set_random(tmp_r, false); 232 233 /* Step 3 - Redo SOA query, sending to SOA MNAME directly. */ 234 fqdn_rdf = ldns_dname_new_frm_str(fqdn); 235 query = ldns_pkt_query_new(fqdn_rdf, LDNS_RR_TYPE_SOA, c, LDNS_RD); 236 if (!query) { 237 ldns_resolver_free(tmp_r); 238 return LDNS_STATUS_ERR; 239 } 240 fqdn_rdf = NULL; 241 242 ldns_pkt_set_random_id(query); 243 if (ldns_resolver_send_pkt(&resp, tmp_r, query) != LDNS_STATUS_OK) { 244 ldns_pkt_free(query); 245 ldns_resolver_free(tmp_r); 246 return LDNS_STATUS_ERR; 247 } 248 ldns_resolver_free(tmp_r); 249 ldns_pkt_free(query); 250 if (!resp) { 251 return LDNS_STATUS_ERR; 252 } 253 254 /* XXX Is it safe to only look in authority section here, too? */ 255 while ((soa_rr = ldns_rr_list_pop_rr(ldns_pkt_authority(resp)))) { 256 if (ldns_rr_get_type(soa_rr) != LDNS_RR_TYPE_SOA 257 || ldns_rr_rdf(soa_rr, 0) == NULL) 258 continue; 259 /* [RFC1035 3.3.13] */ 260 soa_mname = ldns_rdf_clone(ldns_rr_rdf(soa_rr, 0)); 261 soa_zone = ldns_rdf_clone(ldns_rr_owner(soa_rr)); 262 break; 263 } 264 ldns_pkt_free(resp); 265 if (!soa_rr) { 266 return LDNS_STATUS_ERR; 267 } 268 269 /* That seems to have worked, pass results to caller. */ 270 *zone_rdf = soa_zone; 271 *mname_rdf = soa_mname; 272 return LDNS_STATUS_OK; 273} 274 275/* 276 * ldns_update_{get,set}_{zo,pr,up,ad}count 277 */ 278 279uint16_t 280ldns_update_zocount(const ldns_pkt *p) 281{ 282 return ldns_pkt_qdcount(p); 283} 284 285uint16_t 286ldns_update_prcount(const ldns_pkt *p) 287{ 288 return ldns_pkt_ancount(p); 289} 290 291uint16_t 292ldns_update_upcount(const ldns_pkt *p) 293{ 294 return ldns_pkt_nscount(p); 295} 296 297uint16_t 298ldns_update_ad(const ldns_pkt *p) 299{ 300 return ldns_pkt_arcount(p); 301} 302 303void 304ldns_update_set_zo(ldns_pkt *p, uint16_t v) 305{ 306 ldns_pkt_set_qdcount(p, v); 307} 308 309void 310ldns_update_set_prcount(ldns_pkt *p, uint16_t v) 311{ 312 ldns_pkt_set_ancount(p, v); 313} 314 315void 316ldns_update_set_upcount(ldns_pkt *p, uint16_t v) 317{ 318 ldns_pkt_set_nscount(p, v); 319} 320 321void 322ldns_update_set_adcount(ldns_pkt *p, uint16_t v) 323{ 324 ldns_pkt_set_arcount(p, v); 325} 326