Gitiles
Code Review Sign In
gerrit.nordix.org / thekelleys / dnsmasq / 1d7e0a36e3b46e630e90c9d9d18dfe06200802b9 / . / src / auth.c
blob: 066a9e449b832825208e6215a4a8c576d075b893 [file] [log] [blame]
Simon Kelleyc47e3ba2014-01-08 17:07:54 +0000[diff] [blame]1/* dnsmasq is Copyright (c) 2000-2014 Simon Kelley
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]2
3 This program is free software; you can redistribute it and/or modify
4 it under the terms of the GNU General Public License as published by
5 the Free Software Foundation; version 2 dated June, 1991, or
6 (at your option) version 3 dated 29 June, 2007.
7
8 This program is distributed in the hope that it will be useful,
9 but WITHOUT ANY WARRANTY; without even the implied warranty of
10 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
11 GNU General Public License for more details.
12
13 You should have received a copy of the GNU General Public License
14 along with this program. If not, see <http://www.gnu.org/licenses/>.
15*/
16
17#include "dnsmasq.h"
18
Simon Kelley4820dce2012-12-18 18:30:30 +0000[diff] [blame]19#ifdef HAVE_AUTH
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]20
Simon Kelleyc50f25a2013-11-21 11:29:27 +0000[diff] [blame]21static struct addrlist *find_subnet(struct auth_zone *zone, int flag, struct all_addr *addr_u)
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]22{
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]23 struct addrlist *subnet;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]24
25 for (subnet = zone->subnet; subnet; subnet = subnet->next)
26 {
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]27 if (!(subnet->flags & ADDRLIST_IPV6))
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]28 {
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]29 struct in_addr netmask, addr = addr_u->addr.addr4;
30
31 if (!(flag & F_IPV4))
32 continue;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]33
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]34 netmask.s_addr = htonl(~((1 << (32 - subnet->prefixlen)) - 1));
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]35
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]36 if (is_same_net(addr, subnet->addr.addr.addr4, netmask))
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]37 return subnet;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]38 }
39#ifdef HAVE_IPV6
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]40 else if (is_same_net6(&(addr_u->addr.addr6), &subnet->addr.addr.addr6, subnet->prefixlen))
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]41 return subnet;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]42#endif
43
44 }
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]45 return NULL;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]46}
47
Simon Kelleyc50f25a2013-11-21 11:29:27 +0000[diff] [blame]48static int filter_zone(struct auth_zone *zone, int flag, struct all_addr *addr_u)
49{
50 /* No zones specified, no filter */
51 if (!zone->subnet)
52 return 1;
53
54 return find_subnet(zone, flag, addr_u) != NULL;
55}
56
Simon Kelleyb485ed92013-10-18 22:00:39 +0100[diff] [blame]57int in_zone(struct auth_zone *zone, char *name, char **cut)
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]58{
59 size_t namelen = strlen(name);
60 size_t domainlen = strlen(zone->domain);
61
62 if (cut)
63 *cut = NULL;
64
65 if (namelen >= domainlen &&
66 hostname_isequal(zone->domain, &name[namelen - domainlen]))
67 {
68
69 if (namelen == domainlen)
70 return 1;
71
72 if (name[namelen - domainlen - 1] == '.')
73 {
74 if (cut)
75 *cut = &name[namelen - domainlen - 1];
76 return 1;
77 }
78 }
79
80 return 0;
81}
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]82
83
Simon Kelley19b16892013-10-20 10:19:39 +0100[diff] [blame]84size_t answer_auth(struct dns_header *header, char *limit, size_t qlen, time_t now, union mysockaddr *peer_addr, int local_query)
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]85{
86 char *name = daemon->namebuff;
87 unsigned char *p, *ansp;
88 int qtype, qclass;
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]89 int nameoffset, axfroffset = 0;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]90 int q, anscount = 0, authcount = 0;
91 struct crec *crecp;
Simon Kelley19b16892013-10-20 10:19:39 +0100[diff] [blame]92 int auth = !local_query, trunc = 0, nxdomain = 1, soa = 0, ns = 0, axfr = 0;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]93 struct auth_zone *zone = NULL;
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]94 struct addrlist *subnet = NULL;
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]95 char *cut;
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]96 struct mx_srv_record *rec, *move, **up;
97 struct txt_record *txt;
98 struct interface_name *intr;
99 struct naptr *na;
100 struct all_addr addr;
101 struct cname *a;
102
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]103 if (ntohs(header->qdcount) == 0 || OPCODE(header) != QUERY )
104 return 0;
Simon Kelley6008bdb2013-10-21 21:47:03 +0100[diff] [blame]105
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]106 /* determine end of question section (we put answers there) */
107 if (!(ansp = skip_questions(header, qlen)))
108 return 0; /* bad packet */
109
110 /* now process each question, answers go in RRs after the question */
111 p = (unsigned char *)(header+1);
112
113 for (q = ntohs(header->qdcount); q != 0; q--)
114 {
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]115 unsigned short flag = 0;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]116 int found = 0;
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]117
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]118 /* save pointer to name for copying into answers */
119 nameoffset = p - (unsigned char *)header;
120
121 /* now extract name as .-concatenated string into name */
122 if (!extract_name(header, qlen, &p, name, 1, 4))
123 return 0; /* bad packet */
124
125 GETSHORT(qtype, p);
126 GETSHORT(qclass, p);
127
128 if (qclass != C_IN)
Simon Kelleyf8abe0c2012-12-15 11:59:25 +0000[diff] [blame]129 {
130 auth = 0;
131 continue;
132 }
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]133
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]134 if (qtype == T_PTR)
135 {
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]136 if (!(flag = in_arpa_name_2_addr(name, &addr)))
137 continue;
138
Simon Kelley19b16892013-10-20 10:19:39 +0100[diff] [blame]139 if (!local_query)
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]140 {
Simon Kelley19b16892013-10-20 10:19:39 +0100[diff] [blame]141 for (zone = daemon->auth_zones; zone; zone = zone->next)
Simon Kelleyc50f25a2013-11-21 11:29:27 +0000[diff] [blame]142 if ((subnet = find_subnet(zone, flag, &addr)))
Simon Kelley19b16892013-10-20 10:19:39 +0100[diff] [blame]143 break;
144
145 if (!zone)
146 {
147 auth = 0;
148 continue;
149 }
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]150 }
Simon Kelley19b16892013-10-20 10:19:39 +0100[diff] [blame]151
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]152 intr = NULL;
Simon Kelley86e3b9a2012-11-30 13:46:48 +0000[diff] [blame]153
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]154 if (flag == F_IPV4)
155 for (intr = daemon->int_names; intr; intr = intr->next)
156 {
157 struct addrlist *addrlist;
158
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]159 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
160 if (!(addrlist->flags & ADDRLIST_IPV6) && addr.addr.addr4.s_addr == addrlist->addr.addr.addr4.s_addr)
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]161 break;
162
163 if (addrlist)
164 break;
165 else
166 while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
167 intr = intr->next;
168 }
169#ifdef HAVE_IPV6
170 else if (flag == F_IPV6)
171 for (intr = daemon->int_names; intr; intr = intr->next)
172 {
173 struct addrlist *addrlist;
174
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]175 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
176 if ((addrlist->flags & ADDRLIST_IPV6) && IN6_ARE_ADDR_EQUAL(&addr.addr.addr6, &addrlist->addr.addr.addr6))
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]177 break;
178
179 if (addrlist)
180 break;
181 else
182 while (intr->next && strcmp(intr->intr, intr->next->intr) == 0)
183 intr = intr->next;
184 }
185#endif
186
187 if (intr)
188 {
189 if (in_zone(zone, intr->name, NULL))
190 {
191 found = 1;
Simon Kelley8ab91e92013-10-21 20:50:04 +0100[diff] [blame]192 log_query(flag | F_REVERSE | F_CONFIG, intr->name, &addr, NULL);
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]193 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
194 daemon->auth_ttl, NULL,
195 T_PTR, C_IN, "d", intr->name))
196 anscount++;
Simon Kelley86e3b9a2012-11-30 13:46:48 +0000[diff] [blame]197 }
198 }
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]199
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]200 if ((crecp = cache_find_by_addr(NULL, &addr, now, flag)))
201 do {
202 strcpy(name, cache_get_name(crecp));
203
204 if (crecp->flags & F_DHCP && !option_bool(OPT_DHCP_FQDN))
205 {
206 char *p = strchr(name, '.');
207 if (p)
208 *p = 0; /* must be bare name */
209
210 /* add external domain */
211 strcat(name, ".");
212 strcat(name, zone->domain);
213 log_query(flag | F_DHCP | F_REVERSE, name, &addr, record_source(crecp->uid));
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]214 found = 1;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]215 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
216 daemon->auth_ttl, NULL,
217 T_PTR, C_IN, "d", name))
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]218 anscount++;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]219 }
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]220 else if (crecp->flags & (F_DHCP | F_HOSTS) && in_zone(zone, name, NULL))
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]221 {
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]222 log_query(crecp->flags & ~F_FORWARD, name, &addr, record_source(crecp->uid));
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]223 found = 1;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]224 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
225 daemon->auth_ttl, NULL,
226 T_PTR, C_IN, "d", name))
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]227 anscount++;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]228 }
229 else
230 continue;
231
232 } while ((crecp = cache_find_by_addr(crecp, &addr, now, flag)));
Simon Kelley86e3b9a2012-11-30 13:46:48 +0000[diff] [blame]233
Simon Kelley10068602014-04-03 21:16:40 +0100[diff] [blame]234 if (found)
235 nxdomain = 0;
236 else
237 log_query(flag | F_NEG | F_NXDOMAIN | F_REVERSE | (auth ? F_AUTH : 0), NULL, &addr, NULL);
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]238
239 continue;
240 }
241
Simon Kelley5c0bd5b2012-12-01 16:42:47 +0000[diff] [blame]242 cname_restart:
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]243 for (zone = daemon->auth_zones; zone; zone = zone->next)
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]244 if (in_zone(zone, name, &cut))
245 break;
Simon Kelley86e3b9a2012-11-30 13:46:48 +0000[diff] [blame]246
247 if (!zone)
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]248 {
249 auth = 0;
250 continue;
251 }
252
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]253 for (rec = daemon->mxnames; rec; rec = rec->next)
254 if (!rec->issrv && hostname_isequal(name, rec->name))
Simon Kelley86e3b9a2012-11-30 13:46:48 +0000[diff] [blame]255 {
256 nxdomain = 0;
257
258 if (qtype == T_MX)
259 {
260 found = 1;
261 log_query(F_CONFIG | F_RRNAME, name, NULL, "<MX>");
262 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
263 NULL, T_MX, C_IN, "sd", rec->weight, rec->target))
264 anscount++;
265 }
266 }
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]267
Simon Kelley86e3b9a2012-11-30 13:46:48 +0000[diff] [blame]268 for (move = NULL, up = &daemon->mxnames, rec = daemon->mxnames; rec; rec = rec->next)
269 if (rec->issrv && hostname_isequal(name, rec->name))
270 {
271 nxdomain = 0;
272
273 if (qtype == T_SRV)
274 {
275 found = 1;
276 log_query(F_CONFIG | F_RRNAME, name, NULL, "<SRV>");
277 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
278 NULL, T_SRV, C_IN, "sssd",
279 rec->priority, rec->weight, rec->srvport, rec->target))
280
281 anscount++;
282 }
283
284 /* unlink first SRV record found */
285 if (!move)
286 {
287 move = rec;
288 *up = rec->next;
289 }
290 else
291 up = &rec->next;
292 }
293 else
294 up = &rec->next;
295
296 /* put first SRV record back at the end. */
297 if (move)
298 {
299 *up = move;
300 move->next = NULL;
301 }
302
303 for (txt = daemon->rr; txt; txt = txt->next)
304 if (hostname_isequal(name, txt->name))
305 {
306 nxdomain = 0;
307 if (txt->class == qtype)
308 {
309 found = 1;
310 log_query(F_CONFIG | F_RRNAME, name, NULL, "<RR>");
311 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
312 NULL, txt->class, C_IN, "t", txt->len, txt->txt))
313 anscount++;
314 }
315 }
316
317 for (txt = daemon->txt; txt; txt = txt->next)
318 if (txt->class == C_IN && hostname_isequal(name, txt->name))
319 {
320 nxdomain = 0;
321 if (qtype == T_TXT)
322 {
323 found = 1;
324 log_query(F_CONFIG | F_RRNAME, name, NULL, "<TXT>");
325 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
326 NULL, T_TXT, C_IN, "t", txt->len, txt->txt))
327 anscount++;
328 }
329 }
330
331 for (na = daemon->naptr; na; na = na->next)
332 if (hostname_isequal(name, na->name))
333 {
334 nxdomain = 0;
335 if (qtype == T_NAPTR)
336 {
337 found = 1;
338 log_query(F_CONFIG | F_RRNAME, name, NULL, "<NAPTR>");
339 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp, daemon->auth_ttl,
340 NULL, T_NAPTR, C_IN, "sszzzd",
341 na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
342 anscount++;
343 }
344 }
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]345
346 if (qtype == T_A)
347 flag = F_IPV4;
348
349#ifdef HAVE_IPV6
350 if (qtype == T_AAAA)
351 flag = F_IPV6;
352#endif
353
Simon Kelley8ab91e92013-10-21 20:50:04 +0100[diff] [blame]354 for (intr = daemon->int_names; intr; intr = intr->next)
355 if (hostname_isequal(name, intr->name))
356 {
357 struct addrlist *addrlist;
358
Simon Kelley8ab91e92013-10-21 20:50:04 +0100[diff] [blame]359 nxdomain = 0;
360
361 if (flag)
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]362 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
363 if (((addrlist->flags & ADDRLIST_IPV6) ? T_AAAA : T_A) == qtype &&
364 (local_query || filter_zone(zone, flag, &addrlist->addr)))
Simon Kelleyfb63dd12013-10-21 18:19:35 +0100[diff] [blame]365 {
366 found = 1;
367 log_query(F_FORWARD | F_CONFIG | flag, name, &addrlist->addr, NULL);
368 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
369 daemon->auth_ttl, NULL, qtype, C_IN,
370 qtype == T_A ? "4" : "6", &addrlist->addr))
371 anscount++;
372 }
373 }
Simon Kelley5c0bd5b2012-12-01 16:42:47 +0000[diff] [blame]374
375 for (a = daemon->cnames; a; a = a->next)
376 if (hostname_isequal(name, a->alias) )
377 {
378 log_query(F_CONFIG | F_CNAME, name, NULL, NULL);
379 strcpy(name, a->target);
380 if (!strchr(name, '.'))
381 {
382 strcat(name, ".");
383 strcat(name, zone->domain);
384 }
385 found = 1;
386 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
Simon Kelley93bafe62013-10-21 21:19:34 +0100[diff] [blame]387 daemon->auth_ttl, &nameoffset,
Simon Kelley5c0bd5b2012-12-01 16:42:47 +0000[diff] [blame]388 T_CNAME, C_IN, "d", name))
389 anscount++;
390
391 goto cname_restart;
392 }
Simon Kelley86e3b9a2012-11-30 13:46:48 +0000[diff] [blame]393
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]394 if (!cut)
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]395 {
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]396 nxdomain = 0;
397
398 if (qtype == T_SOA)
399 {
Simon Kelley5f8002f2013-10-21 17:40:18 +0100[diff] [blame]400 auth = soa = 1; /* inhibits auth section */
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]401 found = 1;
402 log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<SOA>");
403 }
404 else if (qtype == T_AXFR)
405 {
Simon Kelleyc6cb7402013-01-07 21:55:54 +0000[diff] [blame]406 struct iname *peers;
407
408 if (peer_addr->sa.sa_family == AF_INET)
409 peer_addr->in.sin_port = 0;
410#ifdef HAVE_IPV6
411 else
412 peer_addr->in6.sin6_port = 0;
413#endif
414
415 for (peers = daemon->auth_peers; peers; peers = peers->next)
416 if (sockaddr_isequal(peer_addr, &peers->addr))
417 break;
418
419 /* Refuse all AXFR unless --auth-sec-servers is set */
420 if ((!peers && daemon->auth_peers) || !daemon->secondary_forward_server)
Simon Kelley49678762012-12-09 18:24:58 +0000[diff] [blame]421 {
Simon Kelley49678762012-12-09 18:24:58 +0000[diff] [blame]422 if (peer_addr->sa.sa_family == AF_INET)
Simon Kelleyc6cb7402013-01-07 21:55:54 +0000[diff] [blame]423 inet_ntop(AF_INET, &peer_addr->in.sin_addr, daemon->addrbuff, ADDRSTRLEN);
Simon Kelley49678762012-12-09 18:24:58 +0000[diff] [blame]424#ifdef HAVE_IPV6
425 else
Simon Kelleyc6cb7402013-01-07 21:55:54 +0000[diff] [blame]426 inet_ntop(AF_INET6, &peer_addr->in6.sin6_addr, daemon->addrbuff, ADDRSTRLEN);
Simon Kelley49678762012-12-09 18:24:58 +0000[diff] [blame]427#endif
428
Simon Kelleyc6cb7402013-01-07 21:55:54 +0000[diff] [blame]429 my_syslog(LOG_WARNING, _("ignoring zone transfer request from %s"), daemon->addrbuff);
430 return 0;
Simon Kelley49678762012-12-09 18:24:58 +0000[diff] [blame]431 }
Simon Kelleyc6cb7402013-01-07 21:55:54 +0000[diff] [blame]432
Simon Kelley5f8002f2013-10-21 17:40:18 +0100[diff] [blame]433 auth = 1;
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]434 soa = 1; /* inhibits auth section */
435 ns = 1; /* ensure we include NS records! */
436 axfr = 1;
437 found = 1;
438 axfroffset = nameoffset;
439 log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<AXFR>");
440 }
441 else if (qtype == T_NS)
442 {
Simon Kelley5f8002f2013-10-21 17:40:18 +0100[diff] [blame]443 auth = 1;
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]444 ns = 1; /* inhibits auth section */
445 found = 1;
446 log_query(F_RRNAME | F_AUTH, zone->domain, NULL, "<NS>");
447 }
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]448 }
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]449
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]450 if (!option_bool(OPT_DHCP_FQDN) && cut)
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]451 {
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]452 *cut = 0; /* remove domain part */
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]453
Simon Kelley5c0bd5b2012-12-01 16:42:47 +0000[diff] [blame]454 if (!strchr(name, '.') && (crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6)))
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]455 {
456 if (crecp->flags & F_DHCP)
457 do
458 {
459 nxdomain = 0;
Simon Kelley60225f42012-12-28 11:29:01 +0000[diff] [blame]460 if ((crecp->flags & flag) &&
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]461 (local_query || filter_zone(zone, flag, &(crecp->addr.addr))))
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]462 {
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]463 *cut = '.'; /* restore domain part */
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]464 log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]465 *cut = 0; /* remove domain part */
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]466 found = 1;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]467 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
468 daemon->auth_ttl, NULL, qtype, C_IN,
469 qtype == T_A ? "4" : "6", &crecp->addr))
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]470 anscount++;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]471 }
472 } while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4 | F_IPV6)));
473 }
474
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]475 *cut = '.'; /* restore domain part */
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]476 }
477
Simon Kelley86e3b9a2012-11-30 13:46:48 +0000[diff] [blame]478 if ((crecp = cache_find_by_name(NULL, name, now, F_IPV4 | F_IPV6)))
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]479 {
480 if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))
481 do
482 {
483 nxdomain = 0;
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]484 if ((crecp->flags & flag) && (local_query || filter_zone(zone, flag, &(crecp->addr.addr))))
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]485 {
486 log_query(crecp->flags, name, &crecp->addr.addr, record_source(crecp->uid));
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]487 found = 1;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]488 if (add_resource_record(header, limit, &trunc, nameoffset, &ansp,
489 daemon->auth_ttl, NULL, qtype, C_IN,
490 qtype == T_A ? "4" : "6", &crecp->addr))
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]491 anscount++;
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]492 }
493 } while ((crecp = cache_find_by_name(crecp, name, now, F_IPV4 | F_IPV6)));
494 }
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]495
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]496 if (!found)
497 log_query(flag | F_NEG | (nxdomain ? F_NXDOMAIN : 0) | F_FORWARD | F_AUTH, name, NULL, NULL);
Simon Kelley8273ea52012-11-29 21:12:33 +0000[diff] [blame]498
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]499 }
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]500
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]501 /* Add auth section */
Simon Kelleyaa67fe72013-02-04 21:32:34 +0000[diff] [blame]502 if (auth && zone)
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]503 {
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]504 char *authname;
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]505 int newoffset, offset = 0;
506
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]507 if (!subnet)
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]508 authname = zone->domain;
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]509 else
510 {
511 /* handle NS and SOA for PTR records */
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]512
513 authname = name;
514
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]515 if (!(subnet->flags & ADDRLIST_IPV6))
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]516 {
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]517 in_addr_t a = ntohl(subnet->addr.addr.addr4.s_addr) >> 8;
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]518 char *p = name;
519
Simon Kelleybaa80ae2013-05-29 16:32:07 +0100[diff] [blame]520 if (subnet->prefixlen >= 24)
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]521 p += sprintf(p, "%d.", a & 0xff);
522 a = a >> 8;
Simon Kelleybaa80ae2013-05-29 16:32:07 +0100[diff] [blame]523 if (subnet->prefixlen >= 16 )
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]524 p += sprintf(p, "%d.", a & 0xff);
525 a = a >> 8;
526 p += sprintf(p, "%d.in-addr.arpa", a & 0xff);
527
528 }
529#ifdef HAVE_IPV6
530 else
531 {
532 char *p = name;
533 int i;
534
535 for (i = subnet->prefixlen-1; i >= 0; i -= 4)
536 {
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]537 int dig = ((unsigned char *)&subnet->addr.addr.addr6)[i>>3];
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]538 p += sprintf(p, "%.1x.", (i>>2) & 1 ? dig & 15 : dig >> 4);
539 }
540 p += sprintf(p, "ip6.arpa");
541
542 }
543#endif
544 }
545
546 /* handle NS and SOA in auth section or for explicit queries */
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]547 newoffset = ansp - (unsigned char *)header;
548 if (((anscount == 0 && !ns) || soa) &&
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]549 add_resource_record(header, limit, &trunc, 0, &ansp,
550 daemon->auth_ttl, NULL, T_SOA, C_IN, "ddlllll",
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]551 authname, daemon->authserver, daemon->hostmaster,
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]552 daemon->soa_sn, daemon->soa_refresh,
553 daemon->soa_retry, daemon->soa_expiry,
554 daemon->auth_ttl))
555 {
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]556 offset = newoffset;
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]557 if (soa)
558 anscount++;
559 else
560 authcount++;
561 }
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]562
563 if (anscount != 0 || ns)
564 {
565 struct name_list *secondary;
566
567 newoffset = ansp - (unsigned char *)header;
568 if (add_resource_record(header, limit, &trunc, -offset, &ansp,
569 daemon->auth_ttl, NULL, T_NS, C_IN, "d", offset == 0 ? authname : NULL, daemon->authserver))
570 {
571 if (offset == 0)
572 offset = newoffset;
573 if (ns)
574 anscount++;
575 else
576 authcount++;
577 }
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]578
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]579 if (!subnet)
580 for (secondary = daemon->secondary_forward_server; secondary; secondary = secondary->next)
581 if (add_resource_record(header, limit, &trunc, offset, &ansp,
582 daemon->auth_ttl, NULL, T_NS, C_IN, "d", secondary->name))
583 {
584 if (ns)
585 anscount++;
586 else
587 authcount++;
588 }
589 }
590
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]591 if (axfr)
592 {
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]593 for (rec = daemon->mxnames; rec; rec = rec->next)
594 if (in_zone(zone, rec->name, &cut))
595 {
596 if (cut)
597 *cut = 0;
598
599 if (rec->issrv)
600 {
601 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
602 NULL, T_SRV, C_IN, "sssd", cut ? rec->name : NULL,
603 rec->priority, rec->weight, rec->srvport, rec->target))
604
605 anscount++;
606 }
607 else
608 {
609 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
610 NULL, T_MX, C_IN, "sd", cut ? rec->name : NULL, rec->weight, rec->target))
611 anscount++;
612 }
613
614 /* restore config data */
615 if (cut)
616 *cut = '.';
617 }
618
619 for (txt = daemon->rr; txt; txt = txt->next)
620 if (in_zone(zone, txt->name, &cut))
621 {
622 if (cut)
623 *cut = 0;
624
625 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
626 NULL, txt->class, C_IN, "t", cut ? txt->name : NULL, txt->len, txt->txt))
627 anscount++;
628
629 /* restore config data */
630 if (cut)
631 *cut = '.';
632 }
633
634 for (txt = daemon->txt; txt; txt = txt->next)
635 if (txt->class == C_IN && in_zone(zone, txt->name, &cut))
636 {
637 if (cut)
638 *cut = 0;
639
640 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
641 NULL, T_TXT, C_IN, "t", cut ? txt->name : NULL, txt->len, txt->txt))
642 anscount++;
643
644 /* restore config data */
645 if (cut)
646 *cut = '.';
647 }
648
649 for (na = daemon->naptr; na; na = na->next)
650 if (in_zone(zone, na->name, &cut))
651 {
652 if (cut)
653 *cut = 0;
654
655 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp, daemon->auth_ttl,
656 NULL, T_NAPTR, C_IN, "sszzzd", cut ? na->name : NULL,
657 na->order, na->pref, na->flags, na->services, na->regexp, na->replace))
658 anscount++;
659
660 /* restore config data */
661 if (cut)
662 *cut = '.';
663 }
664
665 for (intr = daemon->int_names; intr; intr = intr->next)
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]666 if (in_zone(zone, intr->name, &cut))
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]667 {
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]668 struct addrlist *addrlist;
669
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]670 if (cut)
671 *cut = 0;
672
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]673 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
Simon Kelley587ad4f2013-11-15 15:47:51 +0000[diff] [blame]674 if (!(addrlist->flags & ADDRLIST_IPV6) &&
675 (local_query || filter_zone(zone, F_IPV4, &addrlist->addr)) &&
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]676 add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
677 daemon->auth_ttl, NULL, T_A, C_IN, "4", cut ? intr->name : NULL, &addrlist->addr))
678 anscount++;
679
680#ifdef HAVE_IPV6
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]681 for (addrlist = intr->addr; addrlist; addrlist = addrlist->next)
Simon Kelley587ad4f2013-11-15 15:47:51 +0000[diff] [blame]682 if ((addrlist->flags & ADDRLIST_IPV6) &&
683 (local_query || filter_zone(zone, F_IPV6, &addrlist->addr)) &&
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]684 add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
685 daemon->auth_ttl, NULL, T_AAAA, C_IN, "6", cut ? intr->name : NULL, &addrlist->addr))
686 anscount++;
687#endif
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]688
689 /* restore config data */
690 if (cut)
691 *cut = '.';
692 }
Simon Kelley115ac3e2013-05-20 11:28:32 +0100[diff] [blame]693
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]694 for (a = daemon->cnames; a; a = a->next)
695 if (in_zone(zone, a->alias, &cut))
696 {
697 strcpy(name, a->target);
698 if (!strchr(name, '.'))
699 {
700 strcat(name, ".");
701 strcat(name, zone->domain);
702 }
703
704 if (cut)
705 *cut = 0;
706
707 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
708 daemon->auth_ttl, NULL,
709 T_CNAME, C_IN, "d", cut ? a->alias : NULL, name))
710 anscount++;
711 }
712
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]713 cache_enumerate(1);
714 while ((crecp = cache_enumerate(0)))
715 {
716 if ((crecp->flags & (F_IPV4 | F_IPV6)) &&
717 !(crecp->flags & (F_NEG | F_NXDOMAIN)) &&
718 (crecp->flags & F_FORWARD))
719 {
720 if ((crecp->flags & F_DHCP) && !option_bool(OPT_DHCP_FQDN))
721 {
722 char *cache_name = cache_get_name(crecp);
Simon Kelley19b16892013-10-20 10:19:39 +0100[diff] [blame]723 if (!strchr(cache_name, '.') &&
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]724 (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))))
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]725 {
726 qtype = T_A;
727#ifdef HAVE_IPV6
728 if (crecp->flags & F_IPV6)
729 qtype = T_AAAA;
730#endif
731 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
732 daemon->auth_ttl, NULL, qtype, C_IN,
733 (crecp->flags & F_IPV4) ? "4" : "6", cache_name, &crecp->addr))
734 anscount++;
735 }
736 }
737
738 if ((crecp->flags & F_HOSTS) || (((crecp->flags & F_DHCP) && option_bool(OPT_DHCP_FQDN))))
739 {
740 strcpy(name, cache_get_name(crecp));
Simon Kelley19b16892013-10-20 10:19:39 +0100[diff] [blame]741 if (in_zone(zone, name, &cut) &&
Simon Kelley376d48c2013-11-13 13:04:30 +0000[diff] [blame]742 (local_query || filter_zone(zone, (crecp->flags & (F_IPV6 | F_IPV4)), &(crecp->addr.addr))))
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]743 {
744 qtype = T_A;
745#ifdef HAVE_IPV6
746 if (crecp->flags & F_IPV6)
747 qtype = T_AAAA;
748#endif
749 if (cut)
Simon Kelleye1ff4192012-12-09 17:08:47 +0000[diff] [blame]750 *cut = 0;
751
752 if (add_resource_record(header, limit, &trunc, -axfroffset, &ansp,
753 daemon->auth_ttl, NULL, qtype, C_IN,
754 (crecp->flags & F_IPV4) ? "4" : "6", cut ? name : NULL, &crecp->addr))
755 anscount++;
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]756 }
757 }
758 }
759 }
760
761 /* repeat SOA as last record */
762 if (add_resource_record(header, limit, &trunc, axfroffset, &ansp,
763 daemon->auth_ttl, NULL, T_SOA, C_IN, "ddlllll",
764 daemon->authserver, daemon->hostmaster,
765 daemon->soa_sn, daemon->soa_refresh,
766 daemon->soa_retry, daemon->soa_expiry,
767 daemon->auth_ttl))
768 anscount++;
Simon Kelley4c985da2013-03-22 14:07:38 +0000[diff] [blame]769
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]770 }
Simon Kelley4c985da2013-03-22 14:07:38 +0000[diff] [blame]771
772 }
Simon Kelley45dd1fe2012-12-04 20:49:24 +0000[diff] [blame]773
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]774 /* done all questions, set up header and return length of result */
775 /* clear authoritative and truncated flags, set QR flag */
776 header->hb3 = (header->hb3 & ~(HB3_AA | HB3_TC)) | HB3_QR;
Simon Kelley93bafe62013-10-21 21:19:34 +0100[diff] [blame]777
778 if (local_query)
779 {
780 /* set RA flag */
781 header->hb4 |= HB4_RA;
782 }
783 else
784 {
785 /* clear RA flag */
786 header->hb4 &= ~HB4_RA;
787 }
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]788
789 /* authoritive */
790 if (auth)
791 header->hb3 |= HB3_AA;
792
793 /* truncation */
794 if (trunc)
795 header->hb3 |= HB3_TC;
796
Simon Kelley57310502013-10-21 18:26:20 +0100[diff] [blame]797 if ((auth || local_query) && nxdomain)
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]798 SET_RCODE(header, NXDOMAIN);
799 else
800 SET_RCODE(header, NOERROR); /* no error */
801 header->ancount = htons(anscount);
802 header->nscount = htons(authcount);
Simon Kelleyaa792352012-12-06 19:41:35 +0000[diff] [blame]803 header->arcount = htons(0);
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]804 return ansp - (unsigned char *)header;
805}
806
Simon Kelley4820dce2012-12-18 18:30:30 +0000[diff] [blame]807#endif
Simon Kelleyb75e9362012-12-07 11:50:41 +0000[diff] [blame]808
Simon Kelley4f7b3042012-11-28 21:27:02 +0000[diff] [blame]809
810