src/resolv_wrapper.c

   1 /*
   2  * Copyright (c) 2014-2018 Andreas Schneider <asn@samba.org>
   3  * Copyright (c) 2014-2016 Jakub Hrozek <jakub.hrozek@posteo.se>
   4  *
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  *
  11  * 1. Redistributions of source code must retain the above copyright
  12  *    notice, this list of conditions and the following disclaimer.
  13  *
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  *
  18  * 3. Neither the name of the author nor the names of its contributors
  19  *    may be used to endorse or promote products derived from this software
  20  *    without specific prior written permission.
  21  *
  22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32  * SUCH DAMAGE.
  33  */
  34
  35 #include "config.h"
  36
  37 #include <errno.h>
  38 #include <arpa/inet.h>
  39 #ifdef HAVE_ARPA_NAMESER_H
  40 #include <arpa/nameser.h>
  41 #endif /* HAVE_ARPA_NAMESER_H */
  42 #include <netinet/in.h>
  43 #include <sys/socket.h>
  44 #include <sys/types.h>
  45 #include <stdarg.h>
  46 #include <stdlib.h>
  47 #include <stdio.h>
  48 #include <stdbool.h>
  49 #include <string.h>
  50 #include <unistd.h>
  51 #include <ctype.h>
  52
  53 #include <resolv.h>
  54
  55 /* GCC has printf type attribute check. */
  56 #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT
  57 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
  58 #else
  59 #define PRINTF_ATTRIBUTE(a,b)
  60 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
  61
  62 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
  63 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
  64 #else
  65 #define DESTRUCTOR_ATTRIBUTE
  66 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
  67
  68 #ifndef RWRAP_DEFAULT_FAKE_TTL
  69 #define RWRAP_DEFAULT_FAKE_TTL 600
  70 #endif  /* RWRAP_DEFAULT_FAKE_TTL */
  71
  72 #ifndef HAVE_NS_NAME_COMPRESS
  73 #define ns_name_compress dn_comp
  74 #endif
  75
  76 #define ns_t_uri 256
  77
  78 enum rwrap_dbglvl_e {
  79         RWRAP_LOG_ERROR = 0,
  80         RWRAP_LOG_WARN,
  81         RWRAP_LOG_NOTICE,
  82         RWRAP_LOG_DEBUG,
  83         RWRAP_LOG_TRACE
  84 };
  85
  86 static void rwrap_log(enum rwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
  87 # define RWRAP_LOG(dbglvl, ...) rwrap_log((dbglvl), __func__, __VA_ARGS__)
  88
  89 static void rwrap_log(enum rwrap_dbglvl_e dbglvl,
  90                       const char *func,
  91                       const char *format, ...)
  92 {
  93         char buffer[1024];
  94         va_list va;
  95         const char *d;
  96         unsigned int lvl = 0;
  97         int pid = getpid();
  98         const char *prefix = NULL;
  99
 100         d = getenv("RESOLV_WRAPPER_DEBUGLEVEL");
 101         if (d != NULL) {
 102                 lvl = atoi(d);
 103         }
 104
 105         if (lvl < dbglvl) {
 106                 return;
 107         }
 108
 109         va_start(va, format);
 110         vsnprintf(buffer, sizeof(buffer), format, va);
 111         va_end(va);
 112
 113         switch (dbglvl) {
 114                 case RWRAP_LOG_ERROR:
 115                         prefix = "RWRAP_ERROR";
 116                         break;
 117                 case RWRAP_LOG_WARN:
 118                         prefix = "RWRAP_WARN";
 119                         break;
 120                 case RWRAP_LOG_NOTICE:
 121                         prefix = "RWRAP_NOTICE";
 122                         break;
 123                 case RWRAP_LOG_DEBUG:
 124                         prefix = "RWRAP_DEBUG";
 125                         break;
 126                 case RWRAP_LOG_TRACE:
 127                         prefix = "RWRAP_TRACE";
 128                         break;
 129         }
 130
 131         fprintf(stderr,
 132                 "%s(%d) - %s: %s\n",
 133                 prefix,
 134                 pid,
 135                 func,
 136                 buffer);
 137 }
 138
 139 #ifndef SAFE_FREE
 140 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
 141 #endif
 142
 143 #define NEXT_KEY(buf, key) do {                                 \
 144         (key) = (buf) ? strpbrk((buf), " \t") : NULL;           \
 145         if ((key) != NULL) {                                    \
 146                 (key)[0] = '\0';                                \
 147                 (key)++;                                        \
 148         }                                                       \
 149         while ((key) != NULL                                    \
 150                && (isblank((int)(key)[0]))) {                   \
 151                 (key)++;                                        \
 152         }                                                       \
 153 } while(0);
 154
 155 #define RWRAP_MAX_RECURSION 64
 156
 157 /* Priority and weight can be omitted from the hosts file, but need to be part
 158  * of the output
 159  */
 160 #define DFL_SRV_PRIO    1
 161 #define DFL_SRV_WEIGHT  100
 162 #define DFL_URI_PRIO    1
 163 #define DFL_URI_WEIGHT  100
 164
 165 struct rwrap_srv_rrdata {
 166         uint16_t port;
 167         uint16_t prio;
 168         uint16_t weight;
 169         char hostname[MAXDNAME];
 170 };
 171
 172 struct rwrap_uri_rrdata {
 173         uint16_t prio;
 174         uint16_t weight;
 175         char uri[MAXDNAME];
 176 };
 177
 178 struct rwrap_soa_rrdata {
 179         uint32_t serial;
 180         uint32_t refresh;
 181         uint32_t retry;
 182         uint32_t expire;
 183         uint32_t minimum;
 184         char nameserver[MAXDNAME];
 185         char mailbox[MAXDNAME];
 186 };
 187
 188 struct rwrap_fake_rr {
 189         union fake_rrdata {
 190                 struct in_addr a_rec;
 191                 struct in6_addr aaaa_rec;
 192                 struct rwrap_srv_rrdata srv_rec;
 193                 struct rwrap_uri_rrdata uri_rec;
 194                 struct rwrap_soa_rrdata soa_rec;
 195                 char cname_rec[MAXDNAME];
 196                 char ptr_rec[MAXDNAME];
 197                 char txt_rec[MAXDNAME];
 198         } rrdata;
 199
 200         char key[MAXDNAME];
 201         int type; /* ns_t_* */
 202 };
 203
 204 static void rwrap_fake_rr_init(struct rwrap_fake_rr *rr, size_t len)
 205 {
 206         size_t i;
 207
 208         for (i = 0; i < len; i++) {
 209                 rr[i].type = ns_t_invalid;
 210         }
 211 }
 212
 213 static int rwrap_create_fake_a_rr(const char *key,
 214                                   const char *value,
 215                                   struct rwrap_fake_rr *rr)
 216 {
 217         int ok;
 218
 219         ok = inet_pton(AF_INET, value, &rr->rrdata.a_rec);
 220         if (!ok) {
 221                 RWRAP_LOG(RWRAP_LOG_ERROR,
 222                           "Failed to convert [%s] to binary\n", value);
 223                 return -1;
 224         }
 225
 226         memcpy(rr->key, key, strlen(key) + 1);
 227         rr->type = ns_t_a;
 228         return 0;
 229 }
 230
 231 static int rwrap_create_fake_aaaa_rr(const char *key,
 232                                      const char *value,
 233                                      struct rwrap_fake_rr *rr)
 234 {
 235         int ok;
 236
 237         ok = inet_pton(AF_INET6, value, &rr->rrdata.aaaa_rec);
 238         if (!ok) {
 239                 RWRAP_LOG(RWRAP_LOG_ERROR,
 240                           "Failed to convert [%s] to binary\n", value);
 241                 return -1;
 242         }
 243
 244         memcpy(rr->key, key, strlen(key) + 1);
 245         rr->type = ns_t_aaaa;
 246         return 0;
 247 }
 248 static int rwrap_create_fake_ns_rr(const char *key,
 249                                    const char *value,
 250                                    struct rwrap_fake_rr *rr)
 251 {
 252         memcpy(rr->rrdata.srv_rec.hostname, value, strlen(value) + 1);
 253         memcpy(rr->key, key, strlen(key) + 1);
 254         rr->type = ns_t_ns;
 255         return 0;
 256 }
 257
 258 static int rwrap_create_fake_srv_rr(const char *key,
 259                                     const char *value,
 260                                     struct rwrap_fake_rr *rr)
 261 {
 262         char *str_prio;
 263         char *str_weight;
 264         char *str_port;
 265         const char *hostname;
 266
 267         /* parse the value into priority, weight, port and hostname
 268          * and check the validity */
 269         hostname = value;
 270         NEXT_KEY(hostname, str_port);
 271         NEXT_KEY(str_port, str_prio);
 272         NEXT_KEY(str_prio, str_weight);
 273         if (str_port == NULL || hostname == NULL) {
 274                 RWRAP_LOG(RWRAP_LOG_ERROR,
 275                           "Malformed SRV entry [%s]\n", value);
 276                 return -1;
 277         }
 278
 279         if (str_prio) {
 280                 rr->rrdata.srv_rec.prio = atoi(str_prio);
 281         } else {
 282                 rr->rrdata.srv_rec.prio = DFL_SRV_PRIO;
 283         }
 284         if (str_weight) {
 285                 rr->rrdata.srv_rec.weight = atoi(str_weight);
 286         } else {
 287                 rr->rrdata.srv_rec.weight = DFL_SRV_WEIGHT;
 288         }
 289         rr->rrdata.srv_rec.port = atoi(str_port);
 290         memcpy(rr->rrdata.srv_rec.hostname , hostname, strlen(hostname) + 1);
 291
 292         memcpy(rr->key, key, strlen(key) + 1);
 293         rr->type = ns_t_srv;
 294         return 0;
 295 }
 296
 297 static int rwrap_create_fake_uri_rr(const char *key,
 298                                     const char *value,
 299                                     struct rwrap_fake_rr *rr)
 300 {
 301         char *str_prio;
 302         char *str_weight;
 303         const char *uri;
 304
 305         /* parse the value into priority, weight, and uri
 306          * and check the validity */
 307         uri = value;
 308         NEXT_KEY(uri, str_prio);
 309         NEXT_KEY(str_prio, str_weight);
 310         if (uri == NULL) {
 311                 RWRAP_LOG(RWRAP_LOG_ERROR,
 312                           "Malformed URI entry [%s]\n", value);
 313                 return -1;
 314         }
 315
 316         if (str_prio) {
 317                 rr->rrdata.uri_rec.prio = atoi(str_prio);
 318         } else {
 319                 rr->rrdata.uri_rec.prio = DFL_URI_PRIO;
 320         }
 321         if (str_weight) {
 322                 rr->rrdata.uri_rec.weight = atoi(str_weight);
 323         } else {
 324                 rr->rrdata.uri_rec.weight = DFL_URI_WEIGHT;
 325         }
 326         memcpy(rr->rrdata.uri_rec.uri, uri, strlen(uri) + 1);
 327
 328         memcpy(rr->key, key, strlen(key) + 1);
 329         rr->type = ns_t_uri;
 330         return 0;
 331 }
 332
 333 static int rwrap_create_fake_txt_rr(const char *key,
 334                                     const char *value,
 335                                     struct rwrap_fake_rr *rr)
 336 {
 337         memcpy(rr->rrdata.txt_rec, value, strlen(value) + 1);
 338
 339         memcpy(rr->key, key, strlen(key) + 1);
 340         rr->type = ns_t_txt;
 341         return 0;
 342 }
 343
 344 static int rwrap_create_fake_soa_rr(const char *key,
 345                                     const char *value,
 346                                     struct rwrap_fake_rr *rr)
 347 {
 348         const char *nameserver;
 349         char *mailbox;
 350         char *str_serial;
 351         char *str_refresh;
 352         char *str_retry;
 353         char *str_expire;
 354         char *str_minimum;
 355
 356         /* parse the value into nameserver, mailbox, serial, refresh,
 357          * retry, expire, minimum and check the validity
 358          */
 359         nameserver = value;
 360         NEXT_KEY(nameserver, mailbox);
 361         NEXT_KEY(mailbox, str_serial);
 362         NEXT_KEY(str_serial, str_refresh);
 363         NEXT_KEY(str_refresh, str_retry);
 364         NEXT_KEY(str_retry, str_expire);
 365         NEXT_KEY(str_expire, str_minimum);
 366         if (nameserver == NULL || mailbox == NULL || str_serial == NULL ||
 367             str_refresh == NULL || str_retry == NULL || str_expire == NULL ||
 368             str_minimum == NULL) {
 369                 RWRAP_LOG(RWRAP_LOG_ERROR,
 370                           "Malformed SOA entry [%s]\n", value);
 371                 return -1;
 372         }
 373
 374         memcpy(rr->rrdata.soa_rec.nameserver, nameserver, strlen(nameserver)+1);
 375         memcpy(rr->rrdata.soa_rec.mailbox, mailbox, strlen(mailbox)+1);
 376
 377         rr->rrdata.soa_rec.serial = atoi(str_serial);
 378         rr->rrdata.soa_rec.refresh = atoi(str_refresh);
 379         rr->rrdata.soa_rec.retry = atoi(str_retry);
 380         rr->rrdata.soa_rec.expire = atoi(str_expire);
 381         rr->rrdata.soa_rec.minimum = atoi(str_minimum);
 382
 383         memcpy(rr->key, key, strlen(key) + 1);
 384         rr->type = ns_t_soa;
 385         return 0;
 386 }
 387
 388 static int rwrap_create_fake_cname_rr(const char *key,
 389                                       const char *value,
 390                                       struct rwrap_fake_rr *rr)
 391 {
 392         memcpy(rr->rrdata.cname_rec , value, strlen(value) + 1);
 393         memcpy(rr->key, key, strlen(key) + 1);
 394         rr->type = ns_t_cname;
 395         return 0;
 396 }
 397
 398 static int rwrap_create_fake_ptr_rr(const char *key,
 399                                     const char *value,
 400                                     struct rwrap_fake_rr *rr)
 401 {
 402         memcpy(rr->rrdata.ptr_rec , value, strlen(value) + 1);
 403         memcpy(rr->key, key, strlen(key) + 1);
 404         rr->type = ns_t_ptr;
 405         return 0;
 406 }
 407
 408 /* Prepares a fake header with a single response. Advances header_blob */
 409 static ssize_t rwrap_fake_header(uint8_t **header_blob, size_t remaining,
 410                                  size_t ancount, size_t arcount)
 411 {
 412         union {
 413                 uint8_t *blob;
 414                 HEADER *header;
 415         } h;
 416
 417         if (remaining < NS_HFIXEDSZ) {
 418                 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n");
 419                 return -1;
 420         }
 421
 422         h.blob = *header_blob;
 423         memset(h.blob, 0, NS_HFIXEDSZ);
 424
 425         h.header->id = res_randomid();          /* random query ID */
 426         h.header->qr = 1;                       /* response flag */
 427         h.header->rd = 1;                       /* recursion desired */
 428         h.header->ra = 1;                       /* recursion available */
 429
 430         h.header->qdcount = htons(1);           /* no. of questions */
 431         h.header->ancount = htons(ancount);     /* no. of answers */
 432         h.header->arcount = htons(arcount);     /* no. of add'tl records */
 433
 434         /* move past the header */
 435         *header_blob = h.blob += NS_HFIXEDSZ;
 436
 437         return NS_HFIXEDSZ;
 438 }
 439
 440 static ssize_t rwrap_fake_question(const char *question,
 441                                    uint16_t type,
 442                                    uint8_t **question_ptr,
 443                                    size_t remaining)
 444 {
 445         uint8_t *qb = *question_ptr;
 446         int n;
 447
 448         n = ns_name_compress(question, qb, remaining, NULL, NULL);
 449         if (n < 0) {
 450                 RWRAP_LOG(RWRAP_LOG_ERROR,
 451                           "Failed to compress [%s]\n", question);
 452                 return -1;
 453         }
 454
 455         qb += n;
 456         remaining -= n;
 457
 458         if (remaining < 2 * sizeof(uint16_t)) {
 459                 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n");
 460                 return -1;
 461         }
 462
 463         NS_PUT16(type, qb);
 464         NS_PUT16(ns_c_in, qb);
 465
 466         *question_ptr = qb;
 467         return n + 2 * sizeof(uint16_t);
 468 }
 469
 470 static ssize_t rwrap_fake_rdata_common(uint16_t type,
 471                                        size_t rdata_size,
 472                                        const char *key,
 473                                        size_t remaining,
 474                                        uint8_t **rdata_ptr)
 475 {
 476         uint8_t *rd = *rdata_ptr;
 477         ssize_t written = 0;
 478
 479         written = ns_name_compress(key, rd, remaining, NULL, NULL);
 480         if (written < 0) {
 481                 RWRAP_LOG(RWRAP_LOG_ERROR,
 482                           "Failed to compress [%s]\n", key);
 483                 return -1;
 484         }
 485         rd += written;
 486         remaining -= written;
 487
 488         if (remaining < 3 * sizeof(uint16_t) + sizeof(uint32_t)) {
 489                 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small\n");
 490                 return -1;
 491         }
 492
 493         NS_PUT16(type, rd);
 494         NS_PUT16(ns_c_in, rd);
 495         NS_PUT32(RWRAP_DEFAULT_FAKE_TTL, rd);
 496         NS_PUT16(rdata_size, rd);
 497
 498         if (remaining < rdata_size) {
 499                 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small\n");
 500                 return -1;
 501         }
 502
 503         *rdata_ptr = rd;
 504         return written + 3 * sizeof(uint16_t) + sizeof(uint32_t) + rdata_size;
 505 }
 506
 507 static ssize_t rwrap_fake_a(struct rwrap_fake_rr *rr,
 508                             uint8_t *answer_ptr,
 509                             size_t anslen)
 510 {
 511         uint8_t *a = answer_ptr;
 512         ssize_t resp_size;
 513
 514         if (rr->type != ns_t_a) {
 515                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 516                 return -1;
 517         }
 518         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding A RR");
 519
 520         resp_size = rwrap_fake_rdata_common(ns_t_a, sizeof(struct in_addr), rr->key,
 521                                             anslen, &a);
 522         if (resp_size < 0) {
 523                 return -1;
 524         }
 525
 526         memcpy(a, &rr->rrdata.a_rec, sizeof(struct in_addr));
 527
 528         return resp_size;
 529 }
 530
 531 static ssize_t rwrap_fake_aaaa(struct rwrap_fake_rr *rr,
 532                                uint8_t *answer,
 533                                size_t anslen)
 534 {
 535         uint8_t *a = answer;
 536         ssize_t resp_size;
 537
 538         if (rr->type != ns_t_aaaa) {
 539                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 540                 return -1;
 541         }
 542         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding AAAA RR");
 543
 544         resp_size = rwrap_fake_rdata_common(ns_t_aaaa, sizeof(struct in6_addr),
 545                                             rr->key, anslen, &a);
 546         if (resp_size < 0) {
 547                 return -1;
 548         }
 549
 550         memcpy(a, &rr->rrdata.aaaa_rec, sizeof(struct in6_addr));
 551
 552         return resp_size;
 553 }
 554
 555 static ssize_t rwrap_fake_ns(struct rwrap_fake_rr *rr,
 556                              uint8_t *answer,
 557                             size_t anslen)
 558 {
 559         uint8_t *a = answer;
 560         ssize_t resp_size = 0;
 561         size_t rdata_size;
 562         unsigned char hostname_compressed[MAXDNAME];
 563         ssize_t compressed_len;
 564
 565         if (rr->type != ns_t_ns) {
 566                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 567                 return -1;
 568         }
 569         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding NS RR");
 570
 571         /* Prepare the data to write */
 572         compressed_len = ns_name_compress(rr->rrdata.srv_rec.hostname,
 573                                           hostname_compressed,
 574                                           MAXDNAME,
 575                                           NULL,
 576                                           NULL);
 577         if (compressed_len < 0) {
 578                 return -1;
 579         }
 580
 581         /* Is this enough? */
 582         rdata_size = compressed_len;
 583
 584         resp_size = rwrap_fake_rdata_common(ns_t_ns, rdata_size,
 585                                             rr->key, anslen, &a);
 586         if (resp_size < 0) {
 587                 return -1;
 588         }
 589
 590         memcpy(a, hostname_compressed, compressed_len);
 591
 592         return resp_size;
 593 }
 594
 595 static ssize_t rwrap_fake_srv(struct rwrap_fake_rr *rr,
 596                               uint8_t *answer,
 597                               size_t anslen)
 598 {
 599         uint8_t *a = answer;
 600         ssize_t resp_size;
 601         size_t rdata_size;
 602         unsigned char hostname_compressed[MAXDNAME];
 603         ssize_t compressed_len;
 604
 605         if (rr->type != ns_t_srv) {
 606                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 607                 return -1;
 608         }
 609         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SRV RR");
 610         rdata_size = 3 * sizeof(uint16_t);
 611
 612         /* Prepare the data to write */
 613         compressed_len = ns_name_compress(rr->rrdata.srv_rec.hostname,
 614                                           hostname_compressed, MAXDNAME,
 615                                           NULL, NULL);
 616         if (compressed_len < 0) {
 617                 return -1;
 618         }
 619         rdata_size += compressed_len;
 620
 621         resp_size = rwrap_fake_rdata_common(ns_t_srv, rdata_size,
 622                                             rr->key, anslen, &a);
 623         if (resp_size < 0) {
 624                 return -1;
 625         }
 626
 627         NS_PUT16(rr->rrdata.srv_rec.prio, a);
 628         NS_PUT16(rr->rrdata.srv_rec.weight, a);
 629         NS_PUT16(rr->rrdata.srv_rec.port, a);
 630         memcpy(a, hostname_compressed, compressed_len);
 631
 632         return resp_size;
 633 }
 634
 635 static ssize_t rwrap_fake_uri(struct rwrap_fake_rr *rr,
 636                               uint8_t *answer,
 637                               size_t anslen)
 638 {
 639         uint8_t *a = answer;
 640         ssize_t resp_size;
 641         size_t rdata_size;
 642         size_t uri_len;
 643
 644         if (rr->type != ns_t_uri) {
 645                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 646                 return -1;
 647         }
 648         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding URI RR");
 649         rdata_size = 3 * sizeof(uint16_t);
 650         uri_len = strlen(rr->rrdata.uri_rec.uri) + 1;
 651         rdata_size += uri_len;
 652
 653         resp_size = rwrap_fake_rdata_common(ns_t_uri, rdata_size,
 654                                             rr->key, anslen, &a);
 655         if (resp_size < 0) {
 656                 return -1;
 657         }
 658
 659         NS_PUT16(rr->rrdata.uri_rec.prio, a);
 660         NS_PUT16(rr->rrdata.uri_rec.weight, a);
 661         memcpy(a, rr->rrdata.uri_rec.uri, uri_len);
 662
 663         return resp_size;
 664 }
 665
 666 static ssize_t rwrap_fake_txt(struct rwrap_fake_rr *rr,
 667                               uint8_t *answer,
 668                               size_t anslen)
 669 {
 670         uint8_t *a = answer;
 671         ssize_t resp_size;
 672         size_t rdata_size;
 673         size_t txt_len;
 674
 675         if (rr->type != ns_t_txt) {
 676                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 677                 return -1;
 678         }
 679         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding TXT RR");
 680         txt_len = strlen(rr->rrdata.txt_rec) + 1;
 681         rdata_size = txt_len;
 682
 683         resp_size = rwrap_fake_rdata_common(ns_t_txt, rdata_size,
 684                                             rr->key, anslen, &a);
 685         if (resp_size < 0) {
 686                 return -1;
 687         }
 688
 689         memcpy(a, rr->rrdata.txt_rec, txt_len);
 690
 691         return resp_size;
 692 }
 693
 694 static ssize_t rwrap_fake_soa(struct rwrap_fake_rr *rr,
 695                               uint8_t *answer,
 696                               size_t anslen)
 697 {
 698         uint8_t *a = answer;
 699         ssize_t resp_size;
 700         size_t rdata_size;
 701         unsigned char nameser_compressed[MAXDNAME];
 702         ssize_t compressed_ns_len;
 703         unsigned char mailbox_compressed[MAXDNAME];
 704         ssize_t compressed_mb_len;
 705
 706         if (rr->type != ns_t_soa) {
 707                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 708                 return -1;
 709         }
 710         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SOA RR");
 711         rdata_size = 5 * sizeof(uint16_t);
 712
 713         compressed_ns_len = ns_name_compress(rr->rrdata.soa_rec.nameserver,
 714                                              nameser_compressed,
 715                                              MAXDNAME, NULL, NULL);
 716         if (compressed_ns_len < 0) {
 717                 return -1;
 718         }
 719         rdata_size += compressed_ns_len;
 720
 721         compressed_mb_len = ns_name_compress(rr->rrdata.soa_rec.mailbox,
 722                                              mailbox_compressed,
 723                                              MAXDNAME, NULL, NULL);
 724         if (compressed_mb_len < 0) {
 725                 return -1;
 726         }
 727         rdata_size += compressed_mb_len;
 728
 729         resp_size = rwrap_fake_rdata_common(ns_t_soa, rdata_size,
 730                                             rr->key, anslen, &a);
 731         if (resp_size < 0) {
 732                 return -1;
 733         }
 734
 735         memcpy(a, nameser_compressed, compressed_ns_len);
 736         a += compressed_ns_len;
 737         memcpy(a, mailbox_compressed, compressed_mb_len);
 738         a += compressed_mb_len;
 739         NS_PUT32(rr->rrdata.soa_rec.serial, a);
 740         NS_PUT32(rr->rrdata.soa_rec.refresh, a);
 741         NS_PUT32(rr->rrdata.soa_rec.retry, a);
 742         NS_PUT32(rr->rrdata.soa_rec.expire, a);
 743         NS_PUT32(rr->rrdata.soa_rec.minimum, a);
 744
 745         return resp_size;
 746 }
 747
 748 static ssize_t rwrap_fake_cname(struct rwrap_fake_rr *rr,
 749                                 uint8_t *answer,
 750                                 size_t anslen)
 751 {
 752         uint8_t *a = answer;
 753         ssize_t resp_size;
 754         unsigned char hostname_compressed[MAXDNAME];
 755         ssize_t rdata_size;
 756
 757         if (rr->type != ns_t_cname) {
 758                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 759                 return -1;
 760         }
 761         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding CNAME RR");
 762
 763         /* Prepare the data to write */
 764         rdata_size = ns_name_compress(rr->rrdata.cname_rec,
 765                                       hostname_compressed, MAXDNAME,
 766                                       NULL, NULL);
 767         if (rdata_size < 0) {
 768                 return -1;
 769         }
 770
 771         resp_size = rwrap_fake_rdata_common(ns_t_cname, rdata_size,
 772                                             rr->key, anslen, &a);
 773         if (resp_size < 0) {
 774                 return -1;
 775         }
 776
 777         memcpy(a, hostname_compressed, rdata_size);
 778
 779         return resp_size;
 780 }
 781
 782 static ssize_t rwrap_fake_ptr(struct rwrap_fake_rr *rr,
 783                               uint8_t *answer,
 784                               size_t anslen)
 785 {
 786         uint8_t *a = answer;
 787         ssize_t rdata_size;
 788         ssize_t resp_size;
 789         unsigned char hostname_compressed[MAXDNAME];
 790
 791         if (rr->type != ns_t_ptr) {
 792                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 793                 return -1;
 794         }
 795         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding PTR RR");
 796
 797         /* Prepare the data to write */
 798         rdata_size = ns_name_compress(rr->rrdata.ptr_rec,
 799                                       hostname_compressed, MAXDNAME,
 800                                       NULL, NULL);
 801         if (rdata_size < 0) {
 802                 return -1;
 803         }
 804
 805         resp_size = rwrap_fake_rdata_common(ns_t_ptr, rdata_size,
 806                                             rr->key, anslen, &a);
 807         if (resp_size < 0) {
 808                 return -1;
 809         }
 810
 811         memcpy(a, hostname_compressed, rdata_size);
 812
 813         return resp_size;
 814 }
 815
 816 #define RESOLV_MATCH(line, name) \
 817         (strncmp(line, name, sizeof(name) - 1) == 0 && \
 818         (line[sizeof(name) - 1] == ' ' || \
 819          line[sizeof(name) - 1] == '\t'))
 820
 821 #define TYPE_MATCH(type, ns_type, rec_type, str_type, key, query) \
 822         ((type) == (ns_type) && \
 823          (strncmp((rec_type), (str_type), sizeof(str_type)) == 0) && \
 824          (strcasecmp(key, query)) == 0)
 825
 826
 827 static int rwrap_get_record(const char *hostfile, unsigned recursion,
 828                             const char *query, int type,
 829                             struct rwrap_fake_rr *rr);
 830
 831 static int rwrap_uri_recurse(const char *hostfile, unsigned recursion,
 832                              const char *query, struct rwrap_fake_rr *rr)
 833 {
 834         int rc;
 835
 836         rc = rwrap_get_record(hostfile, recursion, query, ns_t_uri, rr);
 837         if (rc == ENOENT) {
 838                 rc = 0;
 839         }
 840
 841         return rc;
 842 }
 843
 844 static int rwrap_srv_recurse(const char *hostfile, unsigned recursion,
 845                              const char *query, struct rwrap_fake_rr *rr)
 846 {
 847         int rc;
 848
 849         rc = rwrap_get_record(hostfile, recursion, query, ns_t_a, rr);
 850         if (rc == 0) return 0;
 851
 852         rc = rwrap_get_record(hostfile, recursion, query, ns_t_aaaa, rr);
 853         if (rc == ENOENT) rc = 0;
 854
 855         return rc;
 856 }
 857
 858 static int rwrap_cname_recurse(const char *hostfile, unsigned recursion,
 859                                const char *query, struct rwrap_fake_rr *rr)
 860 {
 861         int rc;
 862
 863         rc = rwrap_get_record(hostfile, recursion, query, ns_t_a, rr);
 864         if (rc == 0) return 0;
 865
 866         rc = rwrap_get_record(hostfile, recursion, query, ns_t_aaaa, rr);
 867         if (rc == 0) return 0;
 868
 869         rc = rwrap_get_record(hostfile, recursion, query, ns_t_cname, rr);
 870         if (rc == ENOENT) rc = 0;
 871
 872         return rc;
 873 }
 874
 875 static int rwrap_get_record(const char *hostfile, unsigned recursion,
 876                             const char *query, int type,
 877                             struct rwrap_fake_rr *rr)
 878 {
 879         FILE *fp = NULL;
 880         char buf[BUFSIZ];
 881         char *key = NULL;
 882         char *value = NULL;
 883         int rc = ENOENT;
 884         unsigned num_uris = 0;
 885
 886         if (recursion >= RWRAP_MAX_RECURSION) {
 887                 RWRAP_LOG(RWRAP_LOG_ERROR, "Recursed too deep!\n");
 888                 return -1;
 889         }
 890
 891         RWRAP_LOG(RWRAP_LOG_TRACE,
 892                   "Searching in fake hosts file %s for %s:%d\n", hostfile,
 893                   query, type);
 894
 895         fp = fopen(hostfile, "r");
 896         if (fp == NULL) {
 897                 RWRAP_LOG(RWRAP_LOG_WARN,
 898                           "Opening %s failed: %s",
 899                           hostfile, strerror(errno));
 900                 return -1;
 901         }
 902
 903         while (fgets(buf, sizeof(buf), fp) != NULL) {
 904                 char *rec_type;
 905                 char *q;
 906
 907                 rec_type = buf;
 908                 key = value = NULL;
 909
 910                 NEXT_KEY(rec_type, key);
 911                 NEXT_KEY(key, value);
 912
 913                 if (key == NULL || value == NULL) {
 914                         RWRAP_LOG(RWRAP_LOG_WARN,
 915                                 "Malformed line: not enough parts, use \"rec_type key data\n"
 916                                 "For example \"A cwrap.org 10.10.10.10\"");
 917                         continue;
 918                 }
 919
 920                 q = value;
 921                 while(q[0] != '\n' && q[0] != '\0') {
 922                         q++;
 923                 }
 924                 q[0] = '\0';
 925
 926                 if (type == ns_t_uri && recursion > 0) {
 927                         /* Skip non-URI records. */
 928                         if (!TYPE_MATCH(type, ns_t_uri, rec_type, "URI", key, query)) {
 929                                 continue;
 930                         }
 931                         /* Skip previous records based on the recurse depth. */
 932                         num_uris++;
 933                         if (num_uris <= recursion) {
 934                                 continue;
 935                         }
 936                 }
 937
 938                 if (TYPE_MATCH(type, ns_t_a, rec_type, "A", key, query)) {
 939                         rc = rwrap_create_fake_a_rr(key, value, rr);
 940                         break;
 941                 } else if (TYPE_MATCH(type, ns_t_aaaa,
 942                                       rec_type, "AAAA", key, query)) {
 943                         rc = rwrap_create_fake_aaaa_rr(key, value, rr);
 944                         break;
 945                 } else if (TYPE_MATCH(type, ns_t_ns,
 946                                       rec_type, "NS", key, query)) {
 947                         rc = rwrap_create_fake_ns_rr(key, value, rr);
 948                         break;
 949                 } else if (TYPE_MATCH(type, ns_t_srv,
 950                                       rec_type, "SRV", key, query)) {
 951                         rc = rwrap_create_fake_srv_rr(key, value, rr);
 952                         if (rc == 0) {
 953                                 rc = rwrap_srv_recurse(hostfile, recursion+1,
 954                                                 rr->rrdata.srv_rec.hostname,
 955                                                 rr + 1);
 956                         }
 957                         break;
 958                 } else if (TYPE_MATCH(type, ns_t_uri,
 959                                       rec_type, "URI", key, query)) {
 960                         rc = rwrap_create_fake_uri_rr(key, value, rr);
 961                         if (rc == 0) {
 962                                 /* Recurse to collect multiple URI answers under a single key. */
 963                                 rc = rwrap_uri_recurse(hostfile, recursion + 1, key, rr + 1);
 964                         }
 965                         break;
 966                 } else if (TYPE_MATCH(type, ns_t_soa,
 967                                       rec_type, "SOA", key, query)) {
 968                         rc = rwrap_create_fake_soa_rr(key, value, rr);
 969                         break;
 970                 } else if (TYPE_MATCH(type, ns_t_cname,
 971                                       rec_type, "CNAME", key, query)) {
 972                         rc = rwrap_create_fake_cname_rr(key, value, rr);
 973                         if (rc == 0) {
 974                                 rc = rwrap_cname_recurse(hostfile, recursion+1,
 975                                                          value, rr + 1);
 976                         }
 977                         break;
 978                 } else if (TYPE_MATCH(type, ns_t_a, rec_type, "CNAME", key, query)) {
 979                         rc = rwrap_create_fake_cname_rr(key, value, rr);
 980                         if (rc == 0) {
 981                                 rc = rwrap_cname_recurse(hostfile, recursion+1,
 982                                                          value, rr + 1);
 983                         }
 984                         break;
 985                 } else if (TYPE_MATCH(type, ns_t_ptr,
 986                                       rec_type, "PTR", key, query)) {
 987                         rc = rwrap_create_fake_ptr_rr(key, value, rr);
 988                         break;
 989                 }
 990                 else if (TYPE_MATCH(type, ns_t_txt,
 991                                       rec_type, "TXT", key, query)) {
 992                         rc = rwrap_create_fake_txt_rr(key, value, rr);
 993                         break;
 994                 }
 995         }
 996
 997         if (rc == ENOENT && recursion == 0 && key != NULL) {
 998                 RWRAP_LOG(RWRAP_LOG_TRACE, "Record for [%s] not found\n", query);
 999                 memcpy(rr->key, key, strlen(key) + 1);
1000         }
1001
1002         fclose(fp);
1003         return rc;
1004 }
1005
1006 static ssize_t rwrap_fake_empty(int type,
1007                                 const char *question,
1008                                 uint8_t *answer,
1009                                 size_t anslen)
1010 {
1011         ssize_t resp_data;
1012         size_t remaining = anslen;
1013
1014         resp_data = rwrap_fake_header(&answer, remaining, 0, 0);
1015         if (resp_data < 0) {
1016                 return -1;
1017         }
1018         remaining -= resp_data;
1019
1020         resp_data += rwrap_fake_question(question, type, &answer, remaining);
1021         if (resp_data < 0) {
1022                 return -1;
1023         }
1024         remaining -= resp_data;
1025
1026         resp_data += rwrap_fake_rdata_common(type, 0, question,
1027                                             remaining, &answer);
1028         if (resp_data < 0) {
1029                 return -1;
1030         }
1031
1032         return resp_data;
1033 }
1034
1035 static inline bool rwrap_known_type(int type)
1036 {
1037         switch (type) {
1038         case ns_t_a:
1039         case ns_t_aaaa:
1040         case ns_t_ns:
1041         case ns_t_srv:
1042         case ns_t_uri:
1043         case ns_t_soa:
1044         case ns_t_cname:
1045         case ns_t_ptr:
1046         case ns_t_txt:
1047                 return true;
1048         }
1049
1050         return false;
1051 }
1052
1053 static int rwrap_ancount(struct rwrap_fake_rr *rrs, int qtype)
1054 {
1055         int i;
1056         int ancount = 0;
1057
1058         /* For URI return the number of URIs. */
1059         if (qtype == ns_t_uri) {
1060                 for (i = 0; i < RWRAP_MAX_RECURSION; i++) {
1061                         if (rwrap_known_type(rrs[i].type) &&
1062                             rrs[i].type == qtype) {
1063                                 ancount++;
1064                         }
1065                 }
1066                 return ancount;
1067         }
1068
1069         /* Include all RRs in the stack until the sought type
1070          * in the answer section. This is the case i.e. when looking
1071          * up an A record but the name points to a CNAME
1072          */
1073         for (i = 0; i < RWRAP_MAX_RECURSION; i++) {
1074                 ancount++;
1075
1076                 if (rwrap_known_type(rrs[i].type) &&
1077                     rrs[i].type == qtype) {
1078                         break;
1079                 }
1080         }
1081
1082         /* Return 0 records if the sought type wasn't in the stack */
1083         return i < RWRAP_MAX_RECURSION ? ancount : 0;
1084 }
1085
1086 static int rwrap_arcount(struct rwrap_fake_rr *rrs, int ancount)
1087 {
1088         int i;
1089         int arcount = 0;
1090
1091         /* start from index ancount */
1092         for (i = ancount; i < RWRAP_MAX_RECURSION; i++) {
1093                 if (rwrap_known_type(rrs[i].type)) {
1094                         arcount++;
1095                 }
1096         }
1097
1098         return arcount;
1099 }
1100
1101 static ssize_t rwrap_add_rr(struct rwrap_fake_rr *rr,
1102                             uint8_t *answer,
1103                             size_t anslen)
1104 {
1105         ssize_t resp_data;
1106
1107         if (rr == NULL) {
1108                 RWRAP_LOG(RWRAP_LOG_ERROR, "Internal error!\n");
1109                 return -1;
1110         }
1111
1112         switch (rr->type) {
1113         case ns_t_a:
1114                 resp_data = rwrap_fake_a(rr, answer, anslen);
1115                 break;
1116         case ns_t_aaaa:
1117                 resp_data = rwrap_fake_aaaa(rr, answer, anslen);
1118                 break;
1119         case ns_t_ns:
1120                 resp_data = rwrap_fake_ns(rr, answer, anslen);
1121                 break;
1122         case ns_t_srv:
1123                 resp_data = rwrap_fake_srv(rr, answer, anslen);
1124                 break;
1125         case ns_t_uri:
1126                 resp_data = rwrap_fake_uri(rr, answer, anslen);
1127                 break;
1128         case ns_t_soa:
1129                 resp_data = rwrap_fake_soa(rr, answer, anslen);
1130                 break;
1131         case ns_t_cname:
1132                 resp_data = rwrap_fake_cname(rr, answer, anslen);
1133                 break;
1134         case ns_t_ptr:
1135                 resp_data = rwrap_fake_ptr(rr, answer, anslen);
1136                 break;
1137         case ns_t_txt:
1138                 resp_data = rwrap_fake_txt(rr, answer, anslen);
1139                 break;
1140         default:
1141                 return -1;
1142         }
1143
1144         return resp_data;
1145 }
1146
1147 static ssize_t rwrap_fake_answer(struct rwrap_fake_rr *rrs,
1148                                  int type,
1149                                  uint8_t *answer,
1150                                  size_t anslen)
1151
1152 {
1153         ssize_t resp_data;
1154         ssize_t rrlen;
1155         size_t remaining = anslen;
1156         int ancount;
1157         int arcount;
1158         int i;
1159
1160         ancount = rwrap_ancount(rrs, type);
1161         arcount = rwrap_arcount(rrs, ancount);
1162         RWRAP_LOG(RWRAP_LOG_TRACE,
1163                   "Got %d answers and %d additional records\n", ancount, arcount);
1164
1165         resp_data = rwrap_fake_header(&answer, remaining, ancount, arcount);
1166         if (resp_data < 0) {
1167                 return -1;
1168         }
1169         remaining -= resp_data;
1170
1171         resp_data += rwrap_fake_question(rrs->key, rrs->type, &answer, remaining);
1172         if (resp_data < 0) {
1173                 return -1;
1174         }
1175         remaining -= resp_data;
1176
1177         /* answer */
1178         for (i = 0; i < ancount; i++) {
1179                 rrlen = rwrap_add_rr(&rrs[i], answer, remaining);
1180                 if (rrlen < 0) {
1181                         return -1;
1182                 }
1183                 remaining -= rrlen;
1184                 answer += rrlen;
1185                 resp_data += rrlen;
1186         }
1187
1188         /* add authoritative NS here? */
1189
1190         /* additional records */
1191         for (i = ancount; i < ancount + arcount; i++) {
1192                 rrlen = rwrap_add_rr(&rrs[i], answer, remaining);
1193                 if (rrlen < 0) {
1194                         return -1;
1195                 }
1196                 remaining -= rrlen;
1197                 answer += rrlen;
1198                 resp_data += rrlen;
1199         }
1200
1201         return resp_data;
1202 }
1203
1204 /* Reads in a file in the following format:
1205  * TYPE RDATA
1206  *
1207  * Malformed entries are silently skipped.
1208  * Allocates answer buffer of size anslen that has to be freed after use.
1209  */
1210 static int rwrap_res_fake_hosts(const char *hostfile,
1211                                 const char *query,
1212                                 int type,
1213                                 unsigned char *answer,
1214                                 size_t anslen)
1215 {
1216         int rc = ENOENT;
1217         char *query_name = NULL;
1218         size_t qlen = strlen(query);
1219         struct rwrap_fake_rr rrs[RWRAP_MAX_RECURSION];
1220         ssize_t resp_size;
1221
1222         RWRAP_LOG(RWRAP_LOG_TRACE,
1223                   "Searching in fake hosts file %s\n", hostfile);
1224
1225         if (qlen > 0 && query[qlen-1] == '.') {
1226                 qlen--;
1227         }
1228
1229         query_name = strndup(query, qlen);
1230         if (query_name == NULL) {
1231                 return -1;
1232         }
1233
1234         rwrap_fake_rr_init(rrs, RWRAP_MAX_RECURSION);
1235
1236         rc = rwrap_get_record(hostfile, 0, query_name, type, rrs);
1237         switch (rc) {
1238         case 0:
1239                 RWRAP_LOG(RWRAP_LOG_TRACE,
1240                                 "Found record for [%s]\n", query_name);
1241                 resp_size = rwrap_fake_answer(rrs, type, answer, anslen);
1242                 break;
1243         case ENOENT:
1244                 RWRAP_LOG(RWRAP_LOG_TRACE,
1245                                 "No record for [%s]\n", query_name);
1246                 resp_size = rwrap_fake_empty(type, rrs->key, answer, anslen);
1247                 break;
1248         default:
1249                 RWRAP_LOG(RWRAP_LOG_NOTICE,
1250                           "Searching for [%s] did not return any results\n",
1251                           query_name);
1252                 free(query_name);
1253                 return -1;
1254         }
1255
1256         switch (resp_size) {
1257         case -1:
1258                 RWRAP_LOG(RWRAP_LOG_ERROR,
1259                                 "Error faking answer for [%s]\n", query_name);
1260                 break;
1261         default:
1262                 RWRAP_LOG(RWRAP_LOG_TRACE,
1263                                 "Successfully faked answer for [%s]\n",
1264                                 query_name);
1265                 break;
1266         }
1267
1268         free(query_name);
1269         return resp_size;
1270 }
1271
1272 /*********************************************************
1273  * RWRAP LOADING LIBC FUNCTIONS
1274  *********************************************************/
1275
1276 #include <dlfcn.h>
1277
1278 typedef int (*__libc_res_ninit)(struct __res_state *state);
1279 typedef int (*__libc___res_ninit)(struct __res_state *state);
1280 typedef void (*__libc_res_nclose)(struct __res_state *state);
1281 typedef void (*__libc___res_nclose)(struct __res_state *state);
1282 typedef int (*__libc_res_nquery)(struct __res_state *state,
1283                                  const char *dname,
1284                                  int class,
1285                                  int type,
1286                                  unsigned char *answer,
1287                                  int anslen);
1288 typedef int (*__libc___res_nquery)(struct __res_state *state,
1289                                    const char *dname,
1290                                    int class,
1291                                    int type,
1292                                    unsigned char *answer,
1293                                    int anslen);
1294 typedef int (*__libc_res_nsearch)(struct __res_state *state,
1295                                   const char *dname,
1296                                   int class,
1297                                   int type,
1298                                   unsigned char *answer,
1299                                   int anslen);
1300 typedef int (*__libc___res_nsearch)(struct __res_state *state,
1301                                     const char *dname,
1302                                     int class,
1303                                     int type,
1304                                     unsigned char *answer,
1305                                     int anslen);
1306
1307 #define RWRAP_SYMBOL_ENTRY(i) \
1308         union { \
1309                 __libc_##i f; \
1310                 void *obj; \
1311         } _libc_##i
1312
1313 struct rwrap_libc_symbols {
1314         RWRAP_SYMBOL_ENTRY(res_ninit);
1315         RWRAP_SYMBOL_ENTRY(__res_ninit);
1316         RWRAP_SYMBOL_ENTRY(res_nclose);
1317         RWRAP_SYMBOL_ENTRY(__res_nclose);
1318         RWRAP_SYMBOL_ENTRY(res_nquery);
1319         RWRAP_SYMBOL_ENTRY(__res_nquery);
1320         RWRAP_SYMBOL_ENTRY(res_nsearch);
1321         RWRAP_SYMBOL_ENTRY(__res_nsearch);
1322 };
1323 #undef RWRAP_SYMBOL_ENTRY
1324
1325 struct rwrap {
1326         struct {
1327                 void *handle;
1328                 struct rwrap_libc_symbols symbols;
1329         } libc;
1330
1331         struct {
1332                 void *handle;
1333                 struct rwrap_libc_symbols symbols;
1334         } libresolv;
1335
1336         bool initialised;
1337         bool enabled;
1338
1339         char *socket_dir;
1340 };
1341
1342 static struct rwrap rwrap;
1343
1344 enum rwrap_lib {
1345     RWRAP_LIBC,
1346     RWRAP_LIBRESOLV
1347 };
1348
1349 static const char *rwrap_str_lib(enum rwrap_lib lib)
1350 {
1351         switch (lib) {
1352         case RWRAP_LIBC:
1353                 return "libc";
1354         case RWRAP_LIBRESOLV:
1355                 return "libresolv";
1356         }
1357
1358         /* Compiler would warn us about unhandled enum value if we get here */
1359         return "unknown";
1360 }
1361
1362 static void *rwrap_load_lib_handle(enum rwrap_lib lib)
1363 {
1364         int flags = RTLD_LAZY;
1365         void *handle = NULL;
1366         int i;
1367
1368 #ifdef RTLD_DEEPBIND
1369         const char *env_preload = getenv("LD_PRELOAD");
1370         const char *env_deepbind = getenv("RESOLV_WRAPPER_DISABLE_DEEPBIND");
1371         bool enable_deepbind = true;
1372
1373         /* Don't do a deepbind if we run with libasan */
1374         if (env_preload != NULL && strlen(env_preload) < 1024) {
1375                 const char *p = strstr(env_preload, "libasan.so");
1376                 if (p != NULL) {
1377                         enable_deepbind = false;
1378                 }
1379         }
1380
1381         if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
1382                 enable_deepbind = false;
1383         }
1384
1385         if (enable_deepbind) {
1386                 flags |= RTLD_DEEPBIND;
1387         }
1388 #endif
1389
1390         switch (lib) {
1391         case RWRAP_LIBRESOLV:
1392 #ifdef HAVE_LIBRESOLV
1393                 handle = rwrap.libresolv.handle;
1394                 if (handle == NULL) {
1395                         for (i = 10; i >= 0; i--) {
1396                                 char soname[256] = {0};
1397
1398                                 snprintf(soname, sizeof(soname), "libresolv.so.%d", i);
1399                                 handle = dlopen(soname, flags);
1400                                 if (handle != NULL) {
1401                                         break;
1402                                 }
1403                         }
1404
1405                         rwrap.libresolv.handle = handle;
1406                 }
1407                 break;
1408 #endif
1409                 /* FALL TROUGH */
1410         case RWRAP_LIBC:
1411                 handle = rwrap.libc.handle;
1412 #ifdef LIBC_SO
1413                 if (handle == NULL) {
1414                         handle = dlopen(LIBC_SO, flags);
1415
1416                         rwrap.libc.handle = handle;
1417                 }
1418 #endif
1419                 if (handle == NULL) {
1420                         for (i = 10; i >= 0; i--) {
1421                                 char soname[256] = {0};
1422
1423                                 snprintf(soname, sizeof(soname), "libc.so.%d", i);
1424                                 handle = dlopen(soname, flags);
1425                                 if (handle != NULL) {
1426                                         break;
1427                                 }
1428                         }
1429
1430                         rwrap.libc.handle = handle;
1431                 }
1432                 break;
1433         }
1434
1435         if (handle == NULL) {
1436 #ifdef RTLD_NEXT
1437                 handle = rwrap.libc.handle = rwrap.libresolv.handle = RTLD_NEXT;
1438 #else
1439                 RWRAP_LOG(RWRAP_LOG_ERROR,
1440                           "Failed to dlopen library: %s\n",
1441                           dlerror());
1442                 exit(-1);
1443 #endif
1444         }
1445
1446         return handle;
1447 }
1448
1449 static void *_rwrap_bind_symbol(enum rwrap_lib lib, const char *fn_name)
1450 {
1451         void *handle;
1452         void *func;
1453
1454         handle = rwrap_load_lib_handle(lib);
1455
1456         func = dlsym(handle, fn_name);
1457         if (func == NULL) {
1458                 RWRAP_LOG(RWRAP_LOG_ERROR,
1459                                 "Failed to find %s: %s\n",
1460                                 fn_name, dlerror());
1461                 exit(-1);
1462         }
1463
1464         RWRAP_LOG(RWRAP_LOG_TRACE,
1465                         "Loaded %s from %s",
1466                         fn_name, rwrap_str_lib(lib));
1467         return func;
1468 }
1469
1470 #define rwrap_bind_symbol_libc(sym_name) \
1471         if (rwrap.libc.symbols._libc_##sym_name.obj == NULL) { \
1472                 rwrap.libc.symbols._libc_##sym_name.obj = \
1473                         _rwrap_bind_symbol(RWRAP_LIBC, #sym_name); \
1474         }
1475
1476 #define rwrap_bind_symbol_libresolv(sym_name) \
1477         if (rwrap.libresolv.symbols._libc_##sym_name.obj == NULL) { \
1478                 rwrap.libresolv.symbols._libc_##sym_name.obj = \
1479                         _rwrap_bind_symbol(RWRAP_LIBRESOLV, #sym_name); \
1480         }
1481
1482 /*
1483  * IMPORTANT
1484  *
1485  * Functions especially from libc need to be loaded individually, you can't load
1486  * all at once or gdb will segfault at startup. The same applies to valgrind and
1487  * has probably something todo with with the linker.
1488  * So we need load each function at the point it is called the first time.
1489  */
1490
1491 static int libc_res_ninit(struct __res_state *state)
1492 {
1493 #if !defined(res_ninit) && defined(HAVE_RES_NINIT)
1494
1495 #if defined(HAVE_RES_NINIT_IN_LIBRESOLV)
1496         rwrap_bind_symbol_libresolv(res_ninit);
1497
1498         return rwrap.libresolv.symbols._libc_res_ninit.f(state);
1499 #else /* HAVE_RES_NINIT_IN_LIBRESOLV */
1500         rwrap_bind_symbol_libc(res_ninit);
1501
1502         return rwrap.libc.symbols._libc_res_ninit.f(state);
1503 #endif /* HAVE_RES_NINIT_IN_LIBRESOLV */
1504
1505 #elif defined(HAVE___RES_NINIT)
1506         rwrap_bind_symbol_libc(__res_ninit);
1507
1508         return rwrap.libc.symbols._libc___res_ninit.f(state);
1509 #else
1510 #error "No res_ninit function"
1511 #endif
1512 }
1513
1514 static void libc_res_nclose(struct __res_state *state)
1515 {
1516 #if !defined(res_close) && defined(HAVE_RES_NCLOSE)
1517
1518 #if defined(HAVE_RES_NCLOSE_IN_LIBRESOLV)
1519         rwrap_bind_symbol_libresolv(res_nclose);
1520
1521         rwrap.libresolv.symbols._libc_res_nclose.f(state);
1522         return;
1523 #else /* HAVE_RES_NCLOSE_IN_LIBRESOLV */
1524         rwrap_bind_symbol_libc(res_nclose);
1525
1526         rwrap.libc.symbols._libc_res_nclose.f(state);
1527         return;
1528 #endif /* HAVE_RES_NCLOSE_IN_LIBRESOLV */
1529
1530 #elif defined(HAVE___RES_NCLOSE)
1531         rwrap_bind_symbol_libc(__res_nclose);
1532
1533         rwrap.libc.symbols._libc___res_nclose.f(state);
1534 #else
1535 #error "No res_nclose function"
1536 #endif
1537 }
1538
1539 static int libc_res_nquery(struct __res_state *state,
1540                            const char *dname,
1541                            int class,
1542                            int type,
1543                            unsigned char *answer,
1544                            int anslen)
1545 {
1546 #if !defined(res_nquery) && defined(HAVE_RES_NQUERY)
1547         rwrap_bind_symbol_libresolv(res_nquery);
1548
1549         return rwrap.libresolv.symbols._libc_res_nquery.f(state,
1550                                                           dname,
1551                                                           class,
1552                                                           type,
1553                                                           answer,
1554                                                           anslen);
1555 #elif defined(HAVE___RES_NQUERY)
1556         rwrap_bind_symbol_libresolv(__res_nquery);
1557
1558         return rwrap.libresolv.symbols._libc___res_nquery.f(state,
1559                                                             dname,
1560                                                             class,
1561                                                             type,
1562                                                             answer,
1563                                                             anslen);
1564 #else
1565 #error "No res_nquery function"
1566 #endif
1567 }
1568
1569 static int libc_res_nsearch(struct __res_state *state,
1570                             const char *dname,
1571                             int class,
1572                             int type,
1573                             unsigned char *answer,
1574                             int anslen)
1575 {
1576 #if !defined(res_nsearch) && defined(HAVE_RES_NSEARCH)
1577         rwrap_bind_symbol_libresolv(res_nsearch);
1578
1579         return rwrap.libresolv.symbols._libc_res_nsearch.f(state,
1580                                                            dname,
1581                                                            class,
1582                                                            type,
1583                                                            answer,
1584                                                            anslen);
1585 #elif defined(HAVE___RES_NSEARCH)
1586         rwrap_bind_symbol_libresolv(__res_nsearch);
1587
1588         return rwrap.libresolv.symbols._libc___res_nsearch.f(state,
1589                                                              dname,
1590                                                              class,
1591                                                              type,
1592                                                              answer,
1593                                                              anslen);
1594 #else
1595 #error "No res_nsearch function"
1596 #endif
1597 }
1598
1599 /****************************************************************************
1600  *   RES_HELPER
1601  ***************************************************************************/
1602
1603 static int rwrap_parse_resolv_conf(struct __res_state *state,
1604                                    const char *resolv_conf)
1605 {
1606         FILE *fp;
1607         char buf[BUFSIZ];
1608         int nserv = 0;
1609
1610         fp = fopen(resolv_conf, "r");
1611         if (fp == NULL) {
1612                 RWRAP_LOG(RWRAP_LOG_ERROR,
1613                           "Opening %s failed: %s",
1614                           resolv_conf, strerror(errno));
1615                 return -1;
1616         }
1617
1618         while(fgets(buf, sizeof(buf), fp) != NULL) {
1619                 char *p;
1620
1621                 /* Ignore comments */
1622                 if (buf[0] == '#' || buf[0] == ';') {
1623                         continue;
1624                 }
1625
1626                 if (RESOLV_MATCH(buf, "nameserver") && nserv < MAXNS) {
1627                         struct in_addr a;
1628                         char *q;
1629                         int ok;
1630
1631                         p = buf + strlen("nameserver");
1632
1633                         /* Skip spaces and tabs */
1634                         while(isblank((int)p[0])) {
1635                                 p++;
1636                         }
1637
1638                         q = p;
1639                         while(q[0] != '\n' && q[0] != '\0') {
1640                                 q++;
1641                         }
1642                         q[0] = '\0';
1643
1644                         ok = inet_pton(AF_INET, p, &a);
1645                         if (ok) {
1646                                 state->nsaddr_list[state->nscount] = (struct sockaddr_in) {
1647                                         .sin_family = AF_INET,
1648                                         .sin_addr = a,
1649                                         .sin_port = htons(53),
1650                                         .sin_zero = { 0 },
1651                                 };
1652
1653                                 state->nscount++;
1654                                 nserv++;
1655                         } else {
1656 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1657                                 /* IPv6 */
1658                                 struct in6_addr a6;
1659                                 ok = inet_pton(AF_INET6, p, &a6);
1660                                 if (ok) {
1661                                         struct sockaddr_in6 *sa6;
1662
1663                                         sa6 = malloc(sizeof(*sa6));
1664                                         if (sa6 == NULL) {
1665                                                 fclose(fp);
1666                                                 return -1;
1667                                         }
1668
1669                                         sa6->sin6_family = AF_INET6;
1670                                         sa6->sin6_port = htons(53);
1671                                         sa6->sin6_flowinfo = 0;
1672                                         sa6->sin6_addr = a6;
1673
1674                                         state->_u._ext.nsaddrs[state->_u._ext.nscount] = sa6;
1675                                         state->_u._ext.nssocks[state->_u._ext.nscount] = -1;
1676                                         state->_u._ext.nsmap[state->_u._ext.nscount] = MAXNS + 1;
1677
1678                                         state->_u._ext.nscount++;
1679                                         nserv++;
1680                                 } else {
1681                                         RWRAP_LOG(RWRAP_LOG_ERROR,
1682                                                 "Malformed DNS server");
1683                                         continue;
1684                                 }
1685 #else /* !HAVE_RESOLV_IPV6_NSADDRS */
1686                                 /*
1687                                  * BSD uses an opaque structure to store the
1688                                  * IPv6 addresses. So we can not simply store
1689                                  * these addresses the same way as above.
1690                                  */
1691                                 RWRAP_LOG(RWRAP_LOG_WARN,
1692                                           "resolve_wrapper does not support "
1693                                           "IPv6 on this platform");
1694                                         continue;
1695 #endif
1696                         }
1697                         continue;
1698                 } /* TODO: match other keywords */
1699         }
1700
1701         if (ferror(fp)) {
1702                 RWRAP_LOG(RWRAP_LOG_ERROR,
1703                           "Reading from %s failed",
1704                           resolv_conf);
1705                 fclose(fp);
1706                 return -1;
1707         }
1708
1709         fclose(fp);
1710         return 0;
1711 }
1712
1713 /****************************************************************************
1714  *   RES_NINIT
1715  ***************************************************************************/
1716
1717 static int rwrap_res_ninit(struct __res_state *state)
1718 {
1719         int rc;
1720
1721         rc = libc_res_ninit(state);
1722         if (rc == 0) {
1723                 const char *resolv_conf = getenv("RESOLV_WRAPPER_CONF");
1724
1725                 if (resolv_conf != NULL) {
1726                         uint16_t i;
1727
1728                         (void)i; /* maybe unused */
1729
1730                         /* Delete name servers */
1731                         state->nscount = 0;
1732                         memset(state->nsaddr_list, 0, sizeof(state->nsaddr_list));
1733
1734 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1735                         state->_u._ext.nscount = 0;
1736                         for (i = 0; i < state->_u._ext.nscount; i++) {
1737                                 SAFE_FREE(state->_u._ext.nsaddrs[i]);
1738                         }
1739 #endif
1740
1741                         rc = rwrap_parse_resolv_conf(state, resolv_conf);
1742                 }
1743         }
1744
1745         return rc;
1746 }
1747
1748 #if !defined(res_ninit) && defined(HAVE_RES_NINIT)
1749 int res_ninit(struct __res_state *state)
1750 #elif defined(HAVE___RES_NINIT)
1751 int __res_ninit(struct __res_state *state)
1752 #endif
1753 {
1754         return rwrap_res_ninit(state);
1755 }
1756
1757 /****************************************************************************
1758  *   RES_INIT
1759  ***************************************************************************/
1760
1761 static struct __res_state rwrap_res_state;
1762
1763 static int rwrap_res_init(void)
1764 {
1765         int rc;
1766
1767         rc = rwrap_res_ninit(&rwrap_res_state);
1768
1769         return rc;
1770 }
1771
1772 #if !defined(res_ninit) && defined(HAVE_RES_INIT)
1773 int res_init(void)
1774 #elif defined(HAVE___RES_INIT)
1775 int __res_init(void)
1776 #endif
1777 {
1778         return rwrap_res_init();
1779 }
1780
1781 /****************************************************************************
1782  *   RES_NCLOSE
1783  ***************************************************************************/
1784
1785 static void rwrap_res_nclose(struct __res_state *state)
1786 {
1787 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1788         int i;
1789 #endif
1790
1791         libc_res_nclose(state);
1792
1793 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1794         if (state != NULL) {
1795                 for (i = 0; i < state->_u._ext.nscount; i++) {
1796                         SAFE_FREE(state->_u._ext.nsaddrs[i]);
1797                 }
1798         }
1799 #endif
1800 }
1801
1802 #if !defined(res_nclose) && defined(HAVE_RES_NCLOSE)
1803 void res_nclose(struct __res_state *state)
1804 #elif defined(HAVE___RES_NCLOSE)
1805 void __res_nclose(struct __res_state *state)
1806 #endif
1807 {
1808         rwrap_res_nclose(state);
1809 }
1810
1811 /****************************************************************************
1812  *   RES_CLOSE
1813  ***************************************************************************/
1814
1815 static void rwrap_res_close(void)
1816 {
1817         rwrap_res_nclose(&rwrap_res_state);
1818 }
1819
1820 #if defined(HAVE_RES_CLOSE)
1821 void res_close(void)
1822 #elif defined(HAVE___RES_CLOSE)
1823 void __res_close(void)
1824 #endif
1825 {
1826         rwrap_res_close();
1827 }
1828
1829 /****************************************************************************
1830  *   RES_NQUERY
1831  ***************************************************************************/
1832
1833 static int rwrap_res_nquery(struct __res_state *state,
1834                             const char *dname,
1835                             int class,
1836                             int type,
1837                             unsigned char *answer,
1838                             int anslen)
1839 {
1840         int rc;
1841         const char *fake_hosts;
1842 #ifndef NDEBUG
1843         int i;
1844 #endif
1845
1846         RWRAP_LOG(RWRAP_LOG_TRACE,
1847                   "Resolve the domain name [%s] - class=%d, type=%d",
1848                   dname, class, type);
1849 #ifndef NDEBUG
1850         for (i = 0; i < state->nscount; i++) {
1851                 char ip[INET6_ADDRSTRLEN];
1852
1853                 inet_ntop(AF_INET, &state->nsaddr_list[i].sin_addr, ip, sizeof(ip));
1854                 RWRAP_LOG(RWRAP_LOG_TRACE,
1855                           "        nameserver: %s",
1856                           ip);
1857         }
1858 #endif
1859
1860         fake_hosts = getenv("RESOLV_WRAPPER_HOSTS");
1861         if (fake_hosts != NULL) {
1862                 rc = rwrap_res_fake_hosts(fake_hosts, dname, type, answer, anslen);
1863         } else {
1864                 rc = libc_res_nquery(state, dname, class, type, answer, anslen);
1865         }
1866
1867
1868         RWRAP_LOG(RWRAP_LOG_TRACE,
1869                   "The returned response length is: %d",
1870                   rc);
1871
1872         return rc;
1873 }
1874
1875 #if !defined(res_nquery) && defined(HAVE_RES_NQUERY)
1876 int res_nquery(struct __res_state *state,
1877                const char *dname,
1878                int class,
1879                int type,
1880                unsigned char *answer,
1881                int anslen)
1882 #elif defined(HAVE___RES_NQUERY)
1883 int __res_nquery(struct __res_state *state,
1884                  const char *dname,
1885                  int class,
1886                  int type,
1887                  unsigned char *answer,
1888                  int anslen)
1889 #endif
1890 {
1891         return rwrap_res_nquery(state, dname, class, type, answer, anslen);
1892 }
1893
1894 /****************************************************************************
1895  *   RES_QUERY
1896  ***************************************************************************/
1897
1898 static int rwrap_res_query(const char *dname,
1899                            int class,
1900                            int type,
1901                            unsigned char *answer,
1902                            int anslen)
1903 {
1904         int rc;
1905
1906         rc = rwrap_res_ninit(&rwrap_res_state);
1907         if (rc != 0) {
1908                 return rc;
1909         }
1910
1911         rc = rwrap_res_nquery(&rwrap_res_state,
1912                               dname,
1913                               class,
1914                               type,
1915                               answer,
1916                               anslen);
1917
1918         return rc;
1919 }
1920
1921 #if !defined(res_query) && defined(HAVE_RES_QUERY)
1922 int res_query(const char *dname,
1923               int class,
1924               int type,
1925               unsigned char *answer,
1926               int anslen)
1927 #elif defined(HAVE___RES_QUERY)
1928 int __res_query(const char *dname,
1929                 int class,
1930                 int type,
1931                 unsigned char *answer,
1932                 int anslen)
1933 #endif
1934 {
1935         return rwrap_res_query(dname, class, type, answer, anslen);
1936 }
1937
1938 /****************************************************************************
1939  *   RES_NSEARCH
1940  ***************************************************************************/
1941
1942 static int rwrap_res_nsearch(struct __res_state *state,
1943                              const char *dname,
1944                              int class,
1945                              int type,
1946                              unsigned char *answer,
1947                              int anslen)
1948 {
1949         int rc;
1950         const char *fake_hosts;
1951 #ifndef NDEBUG
1952         int i;
1953 #endif
1954
1955         RWRAP_LOG(RWRAP_LOG_TRACE,
1956                   "Resolve the domain name [%s] - class=%d, type=%d",
1957                   dname, class, type);
1958 #ifndef NDEBUG
1959         for (i = 0; i < state->nscount; i++) {
1960                 char ip[INET6_ADDRSTRLEN];
1961
1962                 inet_ntop(AF_INET, &state->nsaddr_list[i].sin_addr, ip, sizeof(ip));
1963                 RWRAP_LOG(RWRAP_LOG_TRACE,
1964                           "        nameserver: %s",
1965                           ip);
1966         }
1967 #endif
1968
1969         fake_hosts = getenv("RESOLV_WRAPPER_HOSTS");
1970         if (fake_hosts != NULL) {
1971                 rc = rwrap_res_fake_hosts(fake_hosts, dname, type, answer, anslen);
1972         } else {
1973                 rc = libc_res_nsearch(state, dname, class, type, answer, anslen);
1974         }
1975
1976         RWRAP_LOG(RWRAP_LOG_TRACE,
1977                   "The returned response length is: %d",
1978                   rc);
1979
1980         return rc;
1981 }
1982
1983 #if !defined(res_nsearch) && defined(HAVE_RES_NSEARCH)
1984 int res_nsearch(struct __res_state *state,
1985                 const char *dname,
1986                 int class,
1987                 int type,
1988                 unsigned char *answer,
1989                 int anslen)
1990 #elif defined(HAVE___RES_NSEARCH)
1991 int __res_nsearch(struct __res_state *state,
1992                   const char *dname,
1993                   int class,
1994                   int type,
1995                   unsigned char *answer,
1996                   int anslen)
1997 #endif
1998 {
1999         return rwrap_res_nsearch(state, dname, class, type, answer, anslen);
2000 }
2001
2002 /****************************************************************************
2003  *   RES_SEARCH
2004  ***************************************************************************/
2005
2006 static int rwrap_res_search(const char *dname,
2007                             int class,
2008                             int type,
2009                             unsigned char *answer,
2010                             int anslen)
2011 {
2012         int rc;
2013
2014         rc = rwrap_res_ninit(&rwrap_res_state);
2015         if (rc != 0) {
2016                 return rc;
2017         }
2018
2019         rc = rwrap_res_nsearch(&rwrap_res_state,
2020                                dname,
2021                                class,
2022                                type,
2023                                answer,
2024                                anslen);
2025
2026         return rc;
2027 }
2028
2029 #if !defined(res_search) && defined(HAVE_RES_SEARCH)
2030 int res_search(const char *dname,
2031                int class,
2032                int type,
2033                unsigned char *answer,
2034                int anslen)
2035 #elif defined(HAVE___RES_SEARCH)
2036 int __res_search(const char *dname,
2037                  int class,
2038                  int type,
2039                  unsigned char *answer,
2040                  int anslen)
2041 #endif
2042 {
2043         return rwrap_res_search(dname, class, type, answer, anslen);
2044 }