X-Git-Url: https://git.exim.org/exim.git/blobdiff_plain/dd2a32ad5058ad7831621b99a1eadc264d4982c9..97e939dfe2:/test/src/fakens.c diff --git a/test/src/fakens.c b/test/src/fakens.c index aff5f40f6..583b01282 100644 --- a/test/src/fakens.c +++ b/test/src/fakens.c @@ -25,7 +25,7 @@ The arguments to the program are: the DNS record type that is being sought The output from the program is written to stdout. It is supposed to be in -exactly the same format as a traditional namserver response (see RFC 1035) so +exactly the same format as a traditional nameserver response (see RFC 1035) so that Exim can process it as normal. At present, no compression is used. Error messages are written to stderr. @@ -53,14 +53,21 @@ HOST_NOT_FOUND. Any DNS record line in a zone file can be prefixed with "DELAY=" and a number of milliseconds (followed by one space). -Any DNS record line in a zone file can be prefixed with "DNSSEC "; +Any DNS record line can be prefixed with "DNSSEC "; if all the records found by a lookup are marked -as such then the response will have the "AD" bit set. +as such then the response will have the "AD" bit set. -Any DNS record line in a zone file can be prefixed with "AA " +Any DNS record line can be prefixed with "NXDOMAIN "; +The record will be ignored (but the prefix set still applied); +This lets us return a DNSSEC NXDOMAIN. + +Any DNS record line can be prefixed with "AA " if all the records found by a lookup are marked as such then the response will have the "AA" bit set. +Any DNS record line in a zone file can be prefixed with "TTL=" and +a number of seconds (followed by one space). + */ #include @@ -72,9 +79,14 @@ as such then the response will have the "AA" bit set. #include #include #include +#include #include #include #include +#include +#ifdef HAVE_SYS_SOCKET_H +#include +#endif #define FALSE 0 #define TRUE 1 @@ -94,6 +106,7 @@ typedef unsigned char uschar; #define Ustrlen(s) (int)strlen(CCS(s)) #define Ustrncmp(s,t,n) strncmp(CCS(s),CCS(t),n) #define Ustrncpy(s,t,n) strncpy(CS(s),CCS(t),n) +#define Ustrtok(s,t) (uschar*)strtok(CS(s),CCS(t)) typedef struct zoneitem { uschar *zone; @@ -105,6 +118,8 @@ typedef struct tlist { int value; } tlist; +#define DEFAULT_TTL 3600U + /* On some (older?) operating systems, the standard ns_t_xxx definitions are not available, and only the older T_xxx ones exist in nameser.h. If ns_t_a is not defined, assume we are in this state. A really old system might not even @@ -298,8 +313,8 @@ Arguments: qtypelen the length of qtype pkptr points to the output buffer pointer; this is updated countptr points to the record count; this is updated - dnssec points to the AD flag indicator; this updated - aa points to the AA flag indicator; this updated + dnssec points to the AD flag indicator; this is updated + aa points to the AA flag indicator; this is updated Returns: 0 on success, else HOST_NOT_FOUND or NO_DATA or NO_RECOVERY or PASS_ON - the latter if a "PASS ON NOT FOUND" line is seen @@ -318,8 +333,8 @@ uschar buffer[256]; uschar rrdomain[256]; uschar RRdomain[256]; -/* Decode the required type */ +/* Decode the required type */ for (typeptr = type_list; typeptr->name != NULL; typeptr++) { if (Ustrcmp(typeptr->name, qtype) == 0) break; } if (typeptr->name == NULL) @@ -331,9 +346,6 @@ if (typeptr->name == NULL) rrdomain[0] = 0; /* No previous domain */ (void)fseek(f, 0, SEEK_SET); /* Start again at the beginning */ -*dnssec = TRUE; /* cancelled by first nonsecure rec found */ -*aa = TRUE; /* cancelled by first non-authoritive record */ - /* Scan for RRs */ while (fgets(CS buffer, sizeof(buffer), f) != NULL) @@ -346,7 +358,9 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) int qtlen = qtypelen; BOOL rr_sec = FALSE; BOOL rr_aa = FALSE; + BOOL rr_ignore = FALSE; int delay = 0; + uint ttl = DEFAULT_TTL; p = buffer; while (isspace(*p)) p++; @@ -365,21 +379,32 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) p = buffer; for (;;) { - if (Ustrncmp(p, US"DNSSEC ", 7) == 0) /* tagged as secure */ + if (Ustrncmp(p, US"DNSSEC ", 7) == 0) /* tagged as secure */ { rr_sec = TRUE; p += 7; } - else if (Ustrncmp(p, US"AA ", 3) == 0) /* tagged as authoritive */ + if (Ustrncmp(p, US"NXDOMAIN ", 9) == 0) /* ignore record content */ + { + rr_ignore = TRUE; + p += 9; + } + else if (Ustrncmp(p, US"AA ", 3) == 0) /* tagged as authoritative */ { rr_aa = TRUE; p += 3; } - else if (Ustrncmp(p, US"DELAY=", 6) == 0) /* delay before response */ + else if (Ustrncmp(p, US"DELAY=", 6) == 0) /* delay before response */ { for (p += 6; *p >= '0' && *p <= '9'; p++) delay = delay*10 + *p - '0'; if (isspace(*p)) p++; } + else if (Ustrncmp(p, US"TTL=", 4) == 0) /* TTL for record */ + { + ttl = 0; + for (p += 4; *p >= '0' && *p <= '9'; p++) ttl = ttl*10 + *p - '0'; + if (isspace(*p)) p++; + } else break; } @@ -420,7 +445,12 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) /* The domain matches */ - if (yield == HOST_NOT_FOUND) yield = NO_DATA; + if (yield == HOST_NOT_FOUND) + { + yield = NO_DATA; + if (dnssec) *dnssec = TRUE; /* cancelled by first nonsecure rec found */ + if (aa) *aa = TRUE; /* cancelled by first non-aa rec found */ + } /* Compare RR types; a CNAME record is always returned */ @@ -435,15 +465,16 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) else if (Ustrncmp(p, qtype, qtypelen) != 0 || !isspace(p[qtypelen])) continue; /* Found a relevant record */ - if (delay) millisleep(delay); - if (!rr_sec) - *dnssec = FALSE; /* cancel AD return */ + if (dnssec && !rr_sec) + *dnssec = FALSE; /* cancel AD return */ - if (!rr_aa) - *aa = FALSE; /* cancel AA return */ + if (aa && !rr_aa) + *aa = FALSE; /* cancel AA return */ + + if (rr_ignore) continue; yield = 0; *countptr = *countptr + 1; @@ -460,7 +491,10 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) *pk++ = 0; *pk++ = 1; /* class = IN */ - pk += 4; /* TTL field; don't care */ + *pk++ = (ttl >>24) & 255; + *pk++ = (ttl >>16) & 255; + *pk++ = (ttl >> 8) & 255; + *pk++ = ttl & 255; rdlptr = pk; /* remember rdlength field */ pk += 2; @@ -470,51 +504,29 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) switch (tvalue) { case ns_t_soa: - p = strtok(p, " "); - ep = p + strlen(p); + p = Ustrtok(p, " "); + ep = p + Ustrlen(p); if (ep[-1] != '.') sprintf(CS ep, "%s.", zone); - pk = packname(p, pk); /* primary ns */ - p = strtok(NULL, " "); - pk = packname(p , pk); /* responsible mailbox */ - *(p += strlen(p)) = ' '; + pk = packname(p, pk); /* primary ns */ + p = Ustrtok(NULL, " "); + pk = packname(p , pk); /* responsible mailbox */ + *(p += Ustrlen(p)) = ' '; while (isspace(*p)) p++; - pk = longfield(&p, pk); /* serial */ - pk = longfield(&p, pk); /* refresh */ - pk = longfield(&p, pk); /* retry */ - pk = longfield(&p, pk); /* expire */ - pk = longfield(&p, pk); /* minimum */ + pk = longfield(&p, pk); /* serial */ + pk = longfield(&p, pk); /* refresh */ + pk = longfield(&p, pk); /* retry */ + pk = longfield(&p, pk); /* expire */ + pk = longfield(&p, pk); /* minimum */ break; case ns_t_a: - for (i = 0; i < 4; i++) - { - value = 0; - while (isdigit(*p)) value = value*10 + *p++ - '0'; - *pk++ = value; - p++; - } + inet_pton(AF_INET, CCS p, pk); /* FIXME: error checking */ + pk += 4; break; - /* The only occurrence of a double colon is for ::1 */ case ns_t_aaaa: - if (Ustrcmp(p, "::1") == 0) - { - memset(pk, 0, 15); - pk += 15; - *pk++ = 1; - } - else for (i = 0; i < 8; i++) - { - value = 0; - while (isxdigit(*p)) - { - value = value * 16 + toupper(*p) - (isdigit(*p)? '0' : '7'); - p++; - } - *pk++ = (value >> 8) & 255; - *pk++ = value & 255; - p++; - } + inet_pton(AF_INET6, CCS p, pk); /* FIXME: error checking */ + pk += 16; break; case ns_t_mx: @@ -531,17 +543,17 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) break; case ns_t_tlsa: - pk = bytefield(&p, pk); /* usage */ - pk = bytefield(&p, pk); /* selector */ - pk = bytefield(&p, pk); /* match type */ + pk = bytefield(&p, pk); /* usage */ + pk = bytefield(&p, pk); /* selector */ + pk = bytefield(&p, pk); /* match type */ while (isxdigit(*p)) { value = toupper(*p) - (isdigit(*p) ? '0' : '7') << 4; if (isxdigit(*++p)) - { - value |= toupper(*p) - (isdigit(*p) ? '0' : '7'); - p++; - } + { + value |= toupper(*p) - (isdigit(*p) ? '0' : '7'); + p++; + } *pk++ = value & 255; } @@ -549,13 +561,13 @@ while (fgets(CS buffer, sizeof(buffer), f) != NULL) case ns_t_srv: for (i = 0; i < 3; i++) - { - value = 0; - while (isdigit(*p)) value = value*10 + *p++ - '0'; - while (isspace(*p)) p++; - *pk++ = (value >> 8) & 255; - *pk++ = value & 255; - } + { + value = 0; + while (isdigit(*p)) value = value*10 + *p++ - '0'; + while (isspace(*p)) p++; + *pk++ = (value >> 8) & 255; + *pk++ = value & 255; + } /* Fall through */ @@ -654,6 +666,7 @@ uschar domain[256]; uschar buffer[256]; uschar qtype[12]; uschar packet[2048 * 32 + 32]; +HEADER *header = (HEADER *)packet; uschar *pk = packet; BOOL dnssec; BOOL aa; @@ -771,21 +784,28 @@ if (f == NULL) count = 0; yield = find_records(f, zone, domain, qtype, qtypelen, &pk, &count, &dnssec, &aa); if (yield == NO_RECOVERY) goto END_OFF; +header->ancount = htons(count); -packet[6] = (count >> 8) & 255; -packet[7] = count & 255; +/* If the AA bit should be set (as indicated by the AA prefix in the zone file), +we are expected to return some records in the authoritative section. Bind9: If +there is data in the answer section, the authoritative section contains the NS +records, otherwise it contains the SOA record. Currently we mimic this +behaviour for the first case (there is some answer record). +*/ + +if (aa) + find_records(f, zone, zone[0] == '.' ? zone+1 : zone, US"NS", 2, &pk, &count, NULL, NULL); +header->nscount = htons(count - ntohs(header->ancount)); /* There is no need to return any additional records because Exim no longer (from release 4.61) makes any use of them. */ - -packet[10] = 0; -packet[11] = 0; +header->arcount = 0; if (dnssec) - ((HEADER *)packet)->ad = 1; + header->ad = 1; if (aa) - ((HEADER *)packet)->aa = 1; + header->aa = 1; /* Close the zone file, write the result, and return. */