src/resolv_wrapper.c

   1 /*
   2  * Copyright (c) 2014-2018 Andreas Schneider <asn@samba.org>
   3  * Copyright (c) 2014-2016 Jakub Hrozek <jakub.hrozek@posteo.se>
   4  *
   5  * All rights reserved.
   6  *
   7  * Redistribution and use in source and binary forms, with or without
   8  * modification, are permitted provided that the following conditions
   9  * are met:
  10  *
  11  * 1. Redistributions of source code must retain the above copyright
  12  *    notice, this list of conditions and the following disclaimer.
  13  *
  14  * 2. Redistributions in binary form must reproduce the above copyright
  15  *    notice, this list of conditions and the following disclaimer in the
  16  *    documentation and/or other materials provided with the distribution.
  17  *
  18  * 3. Neither the name of the author nor the names of its contributors
  19  *    may be used to endorse or promote products derived from this software
  20  *    without specific prior written permission.
  21  *
  22  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
  23  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
  24  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
  25  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
  26  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
  27  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
  28  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
  29  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
  30  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
  31  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  32  * SUCH DAMAGE.
  33  */
  34
  35 #include "config.h"
  36
  37 #include <errno.h>
  38 #include <arpa/inet.h>
  39 #ifdef HAVE_ARPA_NAMESER_H
  40 #include <arpa/nameser.h>
  41 #endif /* HAVE_ARPA_NAMESER_H */
  42 #include <netinet/in.h>
  43 #include <sys/socket.h>
  44 #include <sys/types.h>
  45 #include <stdarg.h>
  46 #include <stdlib.h>
  47 #include <stdio.h>
  48 #include <stdbool.h>
  49 #include <string.h>
  50 #include <unistd.h>
  51 #include <ctype.h>
  52
  53 #include <resolv.h>
  54
  55 /* GCC has printf type attribute check. */
  56 #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT
  57 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
  58 #else
  59 #define PRINTF_ATTRIBUTE(a,b)
  60 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
  61
  62 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
  63 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
  64 #else
  65 #define DESTRUCTOR_ATTRIBUTE
  66 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
  67
  68 #ifndef RWRAP_DEFAULT_FAKE_TTL
  69 #define RWRAP_DEFAULT_FAKE_TTL 600
  70 #endif  /* RWRAP_DEFAULT_FAKE_TTL */
  71
  72 #ifndef HAVE_NS_NAME_COMPRESS
  73 #define ns_name_compress dn_comp
  74 #endif
  75
  76 #define ns_t_uri 256
  77
  78 enum rwrap_dbglvl_e {
  79         RWRAP_LOG_ERROR = 0,
  80         RWRAP_LOG_WARN,
  81         RWRAP_LOG_NOTICE,
  82         RWRAP_LOG_DEBUG,
  83         RWRAP_LOG_TRACE
  84 };
  85
  86 static void rwrap_log(enum rwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
  87 # define RWRAP_LOG(dbglvl, ...) rwrap_log((dbglvl), __func__, __VA_ARGS__)
  88
  89 static void rwrap_log(enum rwrap_dbglvl_e dbglvl,
  90                       const char *func,
  91                       const char *format, ...)
  92 {
  93         char buffer[1024];
  94         va_list va;
  95         const char *d;
  96         unsigned int lvl = 0;
  97         int pid = getpid();
  98         const char *prefix = NULL;
  99
 100         d = getenv("RESOLV_WRAPPER_DEBUGLEVEL");
 101         if (d != NULL) {
 102                 lvl = atoi(d);
 103         }
 104
 105         if (lvl < dbglvl) {
 106                 return;
 107         }
 108
 109         va_start(va, format);
 110         vsnprintf(buffer, sizeof(buffer), format, va);
 111         va_end(va);
 112
 113         switch (dbglvl) {
 114                 case RWRAP_LOG_ERROR:
 115                         prefix = "RWRAP_ERROR";
 116                         break;
 117                 case RWRAP_LOG_WARN:
 118                         prefix = "RWRAP_WARN";
 119                         break;
 120                 case RWRAP_LOG_NOTICE:
 121                         prefix = "RWRAP_NOTICE";
 122                         break;
 123                 case RWRAP_LOG_DEBUG:
 124                         prefix = "RWRAP_DEBUG";
 125                         break;
 126                 case RWRAP_LOG_TRACE:
 127                         prefix = "RWRAP_TRACE";
 128                         break;
 129         }
 130
 131         fprintf(stderr,
 132                 "%s(%d) - %s: %s\n",
 133                 prefix,
 134                 pid,
 135                 func,
 136                 buffer);
 137 }
 138
 139 #ifndef SAFE_FREE
 140 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
 141 #endif
 142
 143 #define NEXT_KEY(buf, key) do {                                 \
 144         (key) = (buf) ? strpbrk((buf), " \t") : NULL;           \
 145         if ((key) != NULL) {                                    \
 146                 (key)[0] = '\0';                                \
 147                 (key)++;                                        \
 148         }                                                       \
 149         while ((key) != NULL                                    \
 150                && (isblank((int)(key)[0]))) {                   \
 151                 (key)++;                                        \
 152         }                                                       \
 153 } while(0);
 154
 155 #define RWRAP_MAX_RECURSION 64
 156
 157 /* Priority and weight can be omitted from the hosts file, but need to be part
 158  * of the output
 159  */
 160 #define DFL_SRV_PRIO    1
 161 #define DFL_SRV_WEIGHT  100
 162 #define DFL_URI_PRIO    1
 163 #define DFL_URI_WEIGHT  100
 164
 165 struct rwrap_srv_rrdata {
 166         uint16_t port;
 167         uint16_t prio;
 168         uint16_t weight;
 169         char hostname[MAXDNAME];
 170 };
 171
 172 struct rwrap_uri_rrdata {
 173         uint16_t prio;
 174         uint16_t weight;
 175         char uri[MAXDNAME];
 176 };
 177
 178 struct rwrap_soa_rrdata {
 179         uint32_t serial;
 180         uint32_t refresh;
 181         uint32_t retry;
 182         uint32_t expire;
 183         uint32_t minimum;
 184         char nameserver[MAXDNAME];
 185         char mailbox[MAXDNAME];
 186 };
 187
 188 struct rwrap_fake_rr {
 189         union fake_rrdata {
 190                 struct in_addr a_rec;
 191                 struct in6_addr aaaa_rec;
 192                 struct rwrap_srv_rrdata srv_rec;
 193                 struct rwrap_uri_rrdata uri_rec;
 194                 struct rwrap_soa_rrdata soa_rec;
 195                 char cname_rec[MAXDNAME];
 196                 char ptr_rec[MAXDNAME];
 197         } rrdata;
 198
 199         char key[MAXDNAME];
 200         int type; /* ns_t_* */
 201 };
 202
 203 static void rwrap_fake_rr_init(struct rwrap_fake_rr *rr, size_t len)
 204 {
 205         size_t i;
 206
 207         for (i = 0; i < len; i++) {
 208                 rr[i].type = ns_t_invalid;
 209         }
 210 }
 211
 212 static int rwrap_create_fake_a_rr(const char *key,
 213                                   const char *value,
 214                                   struct rwrap_fake_rr *rr)
 215 {
 216         int ok;
 217
 218         ok = inet_pton(AF_INET, value, &rr->rrdata.a_rec);
 219         if (!ok) {
 220                 RWRAP_LOG(RWRAP_LOG_ERROR,
 221                           "Failed to convert [%s] to binary\n", value);
 222                 return -1;
 223         }
 224
 225         memcpy(rr->key, key, strlen(key) + 1);
 226         rr->type = ns_t_a;
 227         return 0;
 228 }
 229
 230 static int rwrap_create_fake_aaaa_rr(const char *key,
 231                                      const char *value,
 232                                      struct rwrap_fake_rr *rr)
 233 {
 234         int ok;
 235
 236         ok = inet_pton(AF_INET6, value, &rr->rrdata.aaaa_rec);
 237         if (!ok) {
 238                 RWRAP_LOG(RWRAP_LOG_ERROR,
 239                           "Failed to convert [%s] to binary\n", value);
 240                 return -1;
 241         }
 242
 243         memcpy(rr->key, key, strlen(key) + 1);
 244         rr->type = ns_t_aaaa;
 245         return 0;
 246 }
 247 static int rwrap_create_fake_ns_rr(const char *key,
 248                                    const char *value,
 249                                    struct rwrap_fake_rr *rr)
 250 {
 251         memcpy(rr->rrdata.srv_rec.hostname, value, strlen(value) + 1);
 252         memcpy(rr->key, key, strlen(key) + 1);
 253         rr->type = ns_t_ns;
 254         return 0;
 255 }
 256
 257 static int rwrap_create_fake_srv_rr(const char *key,
 258                                     const char *value,
 259                                     struct rwrap_fake_rr *rr)
 260 {
 261         char *str_prio;
 262         char *str_weight;
 263         char *str_port;
 264         const char *hostname;
 265
 266         /* parse the value into priority, weight, port and hostname
 267          * and check the validity */
 268         hostname = value;
 269         NEXT_KEY(hostname, str_port);
 270         NEXT_KEY(str_port, str_prio);
 271         NEXT_KEY(str_prio, str_weight);
 272         if (str_port == NULL || hostname == NULL) {
 273                 RWRAP_LOG(RWRAP_LOG_ERROR,
 274                           "Malformed SRV entry [%s]\n", value);
 275                 return -1;
 276         }
 277
 278         if (str_prio) {
 279                 rr->rrdata.srv_rec.prio = atoi(str_prio);
 280         } else {
 281                 rr->rrdata.srv_rec.prio = DFL_SRV_PRIO;
 282         }
 283         if (str_weight) {
 284                 rr->rrdata.srv_rec.weight = atoi(str_weight);
 285         } else {
 286                 rr->rrdata.srv_rec.weight = DFL_SRV_WEIGHT;
 287         }
 288         rr->rrdata.srv_rec.port = atoi(str_port);
 289         memcpy(rr->rrdata.srv_rec.hostname , hostname, strlen(hostname) + 1);
 290
 291         memcpy(rr->key, key, strlen(key) + 1);
 292         rr->type = ns_t_srv;
 293         return 0;
 294 }
 295
 296 static int rwrap_create_fake_uri_rr(const char *key,
 297                                     const char *value,
 298                                     struct rwrap_fake_rr *rr)
 299 {
 300         char *str_prio;
 301         char *str_weight;
 302         const char *uri;
 303
 304         /* parse the value into priority, weight, and uri
 305          * and check the validity */
 306         uri = value;
 307         NEXT_KEY(uri, str_prio);
 308         NEXT_KEY(str_prio, str_weight);
 309         if (uri == NULL) {
 310                 RWRAP_LOG(RWRAP_LOG_ERROR,
 311                           "Malformed URI entry [%s]\n", value);
 312                 return -1;
 313         }
 314
 315         if (str_prio) {
 316                 rr->rrdata.uri_rec.prio = atoi(str_prio);
 317         } else {
 318                 rr->rrdata.uri_rec.prio = DFL_URI_PRIO;
 319         }
 320         if (str_weight) {
 321                 rr->rrdata.uri_rec.weight = atoi(str_weight);
 322         } else {
 323                 rr->rrdata.uri_rec.weight = DFL_URI_WEIGHT;
 324         }
 325         memcpy(rr->rrdata.uri_rec.uri, uri, strlen(uri) + 1);
 326
 327         memcpy(rr->key, key, strlen(key) + 1);
 328         rr->type = ns_t_uri;
 329         return 0;
 330 }
 331
 332 static int rwrap_create_fake_soa_rr(const char *key,
 333                                     const char *value,
 334                                     struct rwrap_fake_rr *rr)
 335 {
 336         const char *nameserver;
 337         char *mailbox;
 338         char *str_serial;
 339         char *str_refresh;
 340         char *str_retry;
 341         char *str_expire;
 342         char *str_minimum;
 343
 344         /* parse the value into nameserver, mailbox, serial, refresh,
 345          * retry, expire, minimum and check the validity
 346          */
 347         nameserver = value;
 348         NEXT_KEY(nameserver, mailbox);
 349         NEXT_KEY(mailbox, str_serial);
 350         NEXT_KEY(str_serial, str_refresh);
 351         NEXT_KEY(str_refresh, str_retry);
 352         NEXT_KEY(str_retry, str_expire);
 353         NEXT_KEY(str_expire, str_minimum);
 354         if (nameserver == NULL || mailbox == NULL || str_serial == NULL ||
 355             str_refresh == NULL || str_retry == NULL || str_expire == NULL ||
 356             str_minimum == NULL) {
 357                 RWRAP_LOG(RWRAP_LOG_ERROR,
 358                           "Malformed SOA entry [%s]\n", value);
 359                 return -1;
 360         }
 361
 362         memcpy(rr->rrdata.soa_rec.nameserver, nameserver, strlen(nameserver)+1);
 363         memcpy(rr->rrdata.soa_rec.mailbox, mailbox, strlen(mailbox)+1);
 364
 365         rr->rrdata.soa_rec.serial = atoi(str_serial);
 366         rr->rrdata.soa_rec.refresh = atoi(str_refresh);
 367         rr->rrdata.soa_rec.retry = atoi(str_retry);
 368         rr->rrdata.soa_rec.expire = atoi(str_expire);
 369         rr->rrdata.soa_rec.minimum = atoi(str_minimum);
 370
 371         memcpy(rr->key, key, strlen(key) + 1);
 372         rr->type = ns_t_soa;
 373         return 0;
 374 }
 375
 376 static int rwrap_create_fake_cname_rr(const char *key,
 377                                       const char *value,
 378                                       struct rwrap_fake_rr *rr)
 379 {
 380         memcpy(rr->rrdata.cname_rec , value, strlen(value) + 1);
 381         memcpy(rr->key, key, strlen(key) + 1);
 382         rr->type = ns_t_cname;
 383         return 0;
 384 }
 385
 386 static int rwrap_create_fake_ptr_rr(const char *key,
 387                                     const char *value,
 388                                     struct rwrap_fake_rr *rr)
 389 {
 390         memcpy(rr->rrdata.ptr_rec , value, strlen(value) + 1);
 391         memcpy(rr->key, key, strlen(key) + 1);
 392         rr->type = ns_t_ptr;
 393         return 0;
 394 }
 395
 396 /* Prepares a fake header with a single response. Advances header_blob */
 397 static ssize_t rwrap_fake_header(uint8_t **header_blob, size_t remaining,
 398                                  size_t ancount, size_t arcount)
 399 {
 400         union {
 401                 uint8_t *blob;
 402                 HEADER *header;
 403         } h;
 404
 405         if (remaining < NS_HFIXEDSZ) {
 406                 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n");
 407                 return -1;
 408         }
 409
 410         h.blob = *header_blob;
 411         memset(h.blob, 0, NS_HFIXEDSZ);
 412
 413         h.header->id = res_randomid();          /* random query ID */
 414         h.header->qr = 1;                       /* response flag */
 415         h.header->rd = 1;                       /* recursion desired */
 416         h.header->ra = 1;                       /* recursion available */
 417
 418         h.header->qdcount = htons(1);           /* no. of questions */
 419         h.header->ancount = htons(ancount);     /* no. of answers */
 420         h.header->arcount = htons(arcount);     /* no. of add'tl records */
 421
 422         /* move past the header */
 423         *header_blob = h.blob += NS_HFIXEDSZ;
 424
 425         return NS_HFIXEDSZ;
 426 }
 427
 428 static ssize_t rwrap_fake_question(const char *question,
 429                                    uint16_t type,
 430                                    uint8_t **question_ptr,
 431                                    size_t remaining)
 432 {
 433         uint8_t *qb = *question_ptr;
 434         int n;
 435
 436         n = ns_name_compress(question, qb, remaining, NULL, NULL);
 437         if (n < 0) {
 438                 RWRAP_LOG(RWRAP_LOG_ERROR,
 439                           "Failed to compress [%s]\n", question);
 440                 return -1;
 441         }
 442
 443         qb += n;
 444         remaining -= n;
 445
 446         if (remaining < 2 * sizeof(uint16_t)) {
 447                 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n");
 448                 return -1;
 449         }
 450
 451         NS_PUT16(type, qb);
 452         NS_PUT16(ns_c_in, qb);
 453
 454         *question_ptr = qb;
 455         return n + 2 * sizeof(uint16_t);
 456 }
 457
 458 static ssize_t rwrap_fake_rdata_common(uint16_t type,
 459                                        size_t rdata_size,
 460                                        const char *key,
 461                                        size_t remaining,
 462                                        uint8_t **rdata_ptr)
 463 {
 464         uint8_t *rd = *rdata_ptr;
 465         ssize_t written = 0;
 466
 467         written = ns_name_compress(key, rd, remaining, NULL, NULL);
 468         if (written < 0) {
 469                 RWRAP_LOG(RWRAP_LOG_ERROR,
 470                           "Failed to compress [%s]\n", key);
 471                 return -1;
 472         }
 473         rd += written;
 474         remaining -= written;
 475
 476         if (remaining < 3 * sizeof(uint16_t) + sizeof(uint32_t)) {
 477                 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small\n");
 478                 return -1;
 479         }
 480
 481         NS_PUT16(type, rd);
 482         NS_PUT16(ns_c_in, rd);
 483         NS_PUT32(RWRAP_DEFAULT_FAKE_TTL, rd);
 484         NS_PUT16(rdata_size, rd);
 485
 486         if (remaining < rdata_size) {
 487                 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small\n");
 488                 return -1;
 489         }
 490
 491         *rdata_ptr = rd;
 492         return written + 3 * sizeof(uint16_t) + sizeof(uint32_t) + rdata_size;
 493 }
 494
 495 static ssize_t rwrap_fake_a(struct rwrap_fake_rr *rr,
 496                             uint8_t *answer_ptr,
 497                             size_t anslen)
 498 {
 499         uint8_t *a = answer_ptr;
 500         ssize_t resp_size;
 501
 502         if (rr->type != ns_t_a) {
 503                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 504                 return -1;
 505         }
 506         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding A RR");
 507
 508         resp_size = rwrap_fake_rdata_common(ns_t_a, sizeof(struct in_addr), rr->key,
 509                                             anslen, &a);
 510         if (resp_size < 0) {
 511                 return -1;
 512         }
 513
 514         memcpy(a, &rr->rrdata.a_rec, sizeof(struct in_addr));
 515
 516         return resp_size;
 517 }
 518
 519 static ssize_t rwrap_fake_aaaa(struct rwrap_fake_rr *rr,
 520                                uint8_t *answer,
 521                                size_t anslen)
 522 {
 523         uint8_t *a = answer;
 524         ssize_t resp_size;
 525
 526         if (rr->type != ns_t_aaaa) {
 527                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 528                 return -1;
 529         }
 530         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding AAAA RR");
 531
 532         resp_size = rwrap_fake_rdata_common(ns_t_aaaa, sizeof(struct in6_addr),
 533                                             rr->key, anslen, &a);
 534         if (resp_size < 0) {
 535                 return -1;
 536         }
 537
 538         memcpy(a, &rr->rrdata.aaaa_rec, sizeof(struct in6_addr));
 539
 540         return resp_size;
 541 }
 542
 543 static ssize_t rwrap_fake_ns(struct rwrap_fake_rr *rr,
 544                              uint8_t *answer,
 545                             size_t anslen)
 546 {
 547         uint8_t *a = answer;
 548         ssize_t resp_size = 0;
 549         size_t rdata_size;
 550         unsigned char hostname_compressed[MAXDNAME];
 551         ssize_t compressed_len;
 552
 553         if (rr->type != ns_t_ns) {
 554                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 555                 return -1;
 556         }
 557         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding NS RR");
 558
 559         /* Prepare the data to write */
 560         compressed_len = ns_name_compress(rr->rrdata.srv_rec.hostname,
 561                                           hostname_compressed,
 562                                           MAXDNAME,
 563                                           NULL,
 564                                           NULL);
 565         if (compressed_len < 0) {
 566                 return -1;
 567         }
 568
 569         /* Is this enough? */
 570         rdata_size = compressed_len;
 571
 572         resp_size = rwrap_fake_rdata_common(ns_t_ns, rdata_size,
 573                                             rr->key, anslen, &a);
 574         if (resp_size < 0) {
 575                 return -1;
 576         }
 577
 578         memcpy(a, hostname_compressed, compressed_len);
 579
 580         return resp_size;
 581 }
 582
 583 static ssize_t rwrap_fake_srv(struct rwrap_fake_rr *rr,
 584                               uint8_t *answer,
 585                               size_t anslen)
 586 {
 587         uint8_t *a = answer;
 588         ssize_t resp_size;
 589         size_t rdata_size;
 590         unsigned char hostname_compressed[MAXDNAME];
 591         ssize_t compressed_len;
 592
 593         if (rr->type != ns_t_srv) {
 594                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 595                 return -1;
 596         }
 597         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SRV RR");
 598         rdata_size = 3 * sizeof(uint16_t);
 599
 600         /* Prepare the data to write */
 601         compressed_len = ns_name_compress(rr->rrdata.srv_rec.hostname,
 602                                           hostname_compressed, MAXDNAME,
 603                                           NULL, NULL);
 604         if (compressed_len < 0) {
 605                 return -1;
 606         }
 607         rdata_size += compressed_len;
 608
 609         resp_size = rwrap_fake_rdata_common(ns_t_srv, rdata_size,
 610                                             rr->key, anslen, &a);
 611         if (resp_size < 0) {
 612                 return -1;
 613         }
 614
 615         NS_PUT16(rr->rrdata.srv_rec.prio, a);
 616         NS_PUT16(rr->rrdata.srv_rec.weight, a);
 617         NS_PUT16(rr->rrdata.srv_rec.port, a);
 618         memcpy(a, hostname_compressed, compressed_len);
 619
 620         return resp_size;
 621 }
 622
 623 static ssize_t rwrap_fake_uri(struct rwrap_fake_rr *rr,
 624                               uint8_t *answer,
 625                               size_t anslen)
 626 {
 627         uint8_t *a = answer;
 628         ssize_t resp_size;
 629         size_t rdata_size;
 630         size_t uri_len;
 631
 632         if (rr->type != ns_t_uri) {
 633                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 634                 return -1;
 635         }
 636         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding URI RR");
 637         rdata_size = 3 * sizeof(uint16_t);
 638         uri_len = strlen(rr->rrdata.uri_rec.uri) + 1;
 639         rdata_size += uri_len;
 640
 641         resp_size = rwrap_fake_rdata_common(ns_t_uri, rdata_size,
 642                                             rr->key, anslen, &a);
 643         if (resp_size < 0) {
 644                 return -1;
 645         }
 646
 647         NS_PUT16(rr->rrdata.uri_rec.prio, a);
 648         NS_PUT16(rr->rrdata.uri_rec.weight, a);
 649         memcpy(a, rr->rrdata.uri_rec.uri, uri_len);
 650
 651         return resp_size;
 652 }
 653
 654 static ssize_t rwrap_fake_soa(struct rwrap_fake_rr *rr,
 655                               uint8_t *answer,
 656                               size_t anslen)
 657 {
 658         uint8_t *a = answer;
 659         ssize_t resp_size;
 660         size_t rdata_size;
 661         unsigned char nameser_compressed[MAXDNAME];
 662         ssize_t compressed_ns_len;
 663         unsigned char mailbox_compressed[MAXDNAME];
 664         ssize_t compressed_mb_len;
 665
 666         if (rr->type != ns_t_soa) {
 667                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 668                 return -1;
 669         }
 670         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SOA RR");
 671         rdata_size = 5 * sizeof(uint16_t);
 672
 673         compressed_ns_len = ns_name_compress(rr->rrdata.soa_rec.nameserver,
 674                                              nameser_compressed,
 675                                              MAXDNAME, NULL, NULL);
 676         if (compressed_ns_len < 0) {
 677                 return -1;
 678         }
 679         rdata_size += compressed_ns_len;
 680
 681         compressed_mb_len = ns_name_compress(rr->rrdata.soa_rec.mailbox,
 682                                              mailbox_compressed,
 683                                              MAXDNAME, NULL, NULL);
 684         if (compressed_mb_len < 0) {
 685                 return -1;
 686         }
 687         rdata_size += compressed_mb_len;
 688
 689         resp_size = rwrap_fake_rdata_common(ns_t_soa, rdata_size,
 690                                             rr->key, anslen, &a);
 691         if (resp_size < 0) {
 692                 return -1;
 693         }
 694
 695         memcpy(a, nameser_compressed, compressed_ns_len);
 696         a += compressed_ns_len;
 697         memcpy(a, mailbox_compressed, compressed_mb_len);
 698         a += compressed_mb_len;
 699         NS_PUT32(rr->rrdata.soa_rec.serial, a);
 700         NS_PUT32(rr->rrdata.soa_rec.refresh, a);
 701         NS_PUT32(rr->rrdata.soa_rec.retry, a);
 702         NS_PUT32(rr->rrdata.soa_rec.expire, a);
 703         NS_PUT32(rr->rrdata.soa_rec.minimum, a);
 704
 705         return resp_size;
 706 }
 707
 708 static ssize_t rwrap_fake_cname(struct rwrap_fake_rr *rr,
 709                                 uint8_t *answer,
 710                                 size_t anslen)
 711 {
 712         uint8_t *a = answer;
 713         ssize_t resp_size;
 714         unsigned char hostname_compressed[MAXDNAME];
 715         ssize_t rdata_size;
 716
 717         if (rr->type != ns_t_cname) {
 718                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 719                 return -1;
 720         }
 721         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding CNAME RR");
 722
 723         /* Prepare the data to write */
 724         rdata_size = ns_name_compress(rr->rrdata.cname_rec,
 725                                       hostname_compressed, MAXDNAME,
 726                                       NULL, NULL);
 727         if (rdata_size < 0) {
 728                 return -1;
 729         }
 730
 731         resp_size = rwrap_fake_rdata_common(ns_t_cname, rdata_size,
 732                                             rr->key, anslen, &a);
 733         if (resp_size < 0) {
 734                 return -1;
 735         }
 736
 737         memcpy(a, hostname_compressed, rdata_size);
 738
 739         return resp_size;
 740 }
 741
 742 static ssize_t rwrap_fake_ptr(struct rwrap_fake_rr *rr,
 743                               uint8_t *answer,
 744                               size_t anslen)
 745 {
 746         uint8_t *a = answer;
 747         ssize_t rdata_size;
 748         ssize_t resp_size;
 749         unsigned char hostname_compressed[MAXDNAME];
 750
 751         if (rr->type != ns_t_ptr) {
 752                 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
 753                 return -1;
 754         }
 755         RWRAP_LOG(RWRAP_LOG_TRACE, "Adding PTR RR");
 756
 757         /* Prepare the data to write */
 758         rdata_size = ns_name_compress(rr->rrdata.ptr_rec,
 759                                       hostname_compressed, MAXDNAME,
 760                                       NULL, NULL);
 761         if (rdata_size < 0) {
 762                 return -1;
 763         }
 764
 765         resp_size = rwrap_fake_rdata_common(ns_t_ptr, rdata_size,
 766                                             rr->key, anslen, &a);
 767         if (resp_size < 0) {
 768                 return -1;
 769         }
 770
 771         memcpy(a, hostname_compressed, rdata_size);
 772
 773         return resp_size;
 774 }
 775
 776 #define RESOLV_MATCH(line, name) \
 777         (strncmp(line, name, sizeof(name) - 1) == 0 && \
 778         (line[sizeof(name) - 1] == ' ' || \
 779          line[sizeof(name) - 1] == '\t'))
 780
 781 #define TYPE_MATCH(type, ns_type, rec_type, str_type, key, query) \
 782         ((type) == (ns_type) && \
 783          (strncmp((rec_type), (str_type), sizeof(str_type)) == 0) && \
 784          (strcasecmp(key, query)) == 0)
 785
 786
 787 static int rwrap_get_record(const char *hostfile, unsigned recursion,
 788                             const char *query, int type,
 789                             struct rwrap_fake_rr *rr);
 790
 791 static int rwrap_uri_recurse(const char *hostfile, unsigned recursion,
 792                              const char *query, struct rwrap_fake_rr *rr)
 793 {
 794         int rc;
 795
 796         rc = rwrap_get_record(hostfile, recursion, query, ns_t_uri, rr);
 797         if (rc == ENOENT) {
 798                 rc = 0;
 799         }
 800
 801         return rc;
 802 }
 803
 804 static int rwrap_srv_recurse(const char *hostfile, unsigned recursion,
 805                              const char *query, struct rwrap_fake_rr *rr)
 806 {
 807         int rc;
 808
 809         rc = rwrap_get_record(hostfile, recursion, query, ns_t_a, rr);
 810         if (rc == 0) return 0;
 811
 812         rc = rwrap_get_record(hostfile, recursion, query, ns_t_aaaa, rr);
 813         if (rc == ENOENT) rc = 0;
 814
 815         return rc;
 816 }
 817
 818 static int rwrap_cname_recurse(const char *hostfile, unsigned recursion,
 819                                const char *query, struct rwrap_fake_rr *rr)
 820 {
 821         int rc;
 822
 823         rc = rwrap_get_record(hostfile, recursion, query, ns_t_a, rr);
 824         if (rc == 0) return 0;
 825
 826         rc = rwrap_get_record(hostfile, recursion, query, ns_t_aaaa, rr);
 827         if (rc == 0) return 0;
 828
 829         rc = rwrap_get_record(hostfile, recursion, query, ns_t_cname, rr);
 830         if (rc == ENOENT) rc = 0;
 831
 832         return rc;
 833 }
 834
 835 static int rwrap_get_record(const char *hostfile, unsigned recursion,
 836                             const char *query, int type,
 837                             struct rwrap_fake_rr *rr)
 838 {
 839         FILE *fp = NULL;
 840         char buf[BUFSIZ];
 841         char *key = NULL;
 842         char *value = NULL;
 843         int rc = ENOENT;
 844         unsigned num_uris = 0;
 845
 846         if (recursion >= RWRAP_MAX_RECURSION) {
 847                 RWRAP_LOG(RWRAP_LOG_ERROR, "Recursed too deep!\n");
 848                 return -1;
 849         }
 850
 851         RWRAP_LOG(RWRAP_LOG_TRACE,
 852                   "Searching in fake hosts file %s for %s:%d\n", hostfile,
 853                   query, type);
 854
 855         fp = fopen(hostfile, "r");
 856         if (fp == NULL) {
 857                 RWRAP_LOG(RWRAP_LOG_WARN,
 858                           "Opening %s failed: %s",
 859                           hostfile, strerror(errno));
 860                 return -1;
 861         }
 862
 863         while (fgets(buf, sizeof(buf), fp) != NULL) {
 864                 char *rec_type;
 865                 char *q;
 866
 867                 rec_type = buf;
 868                 key = value = NULL;
 869
 870                 NEXT_KEY(rec_type, key);
 871                 NEXT_KEY(key, value);
 872
 873                 if (key == NULL || value == NULL) {
 874                         RWRAP_LOG(RWRAP_LOG_WARN,
 875                                 "Malformed line: not enough parts, use \"rec_type key data\n"
 876                                 "For example \"A cwrap.org 10.10.10.10\"");
 877                         continue;
 878                 }
 879
 880                 q = value;
 881                 while(q[0] != '\n' && q[0] != '\0') {
 882                         q++;
 883                 }
 884                 q[0] = '\0';
 885
 886                 if (type == ns_t_uri && recursion > 0) {
 887                         /* Skip non-URI records. */
 888                         if (!TYPE_MATCH(type, ns_t_uri, rec_type, "URI", key, query)) {
 889                                 continue;
 890                         }
 891                         /* Skip previous records based on the recurse depth. */
 892                         num_uris++;
 893                         if (num_uris <= recursion) {
 894                                 continue;
 895                         }
 896                 }
 897
 898                 if (TYPE_MATCH(type, ns_t_a, rec_type, "A", key, query)) {
 899                         rc = rwrap_create_fake_a_rr(key, value, rr);
 900                         break;
 901                 } else if (TYPE_MATCH(type, ns_t_aaaa,
 902                                       rec_type, "AAAA", key, query)) {
 903                         rc = rwrap_create_fake_aaaa_rr(key, value, rr);
 904                         break;
 905                 } else if (TYPE_MATCH(type, ns_t_ns,
 906                                       rec_type, "NS", key, query)) {
 907                         rc = rwrap_create_fake_ns_rr(key, value, rr);
 908                         break;
 909                 } else if (TYPE_MATCH(type, ns_t_srv,
 910                                       rec_type, "SRV", key, query)) {
 911                         rc = rwrap_create_fake_srv_rr(key, value, rr);
 912                         if (rc == 0) {
 913                                 rc = rwrap_srv_recurse(hostfile, recursion+1,
 914                                                 rr->rrdata.srv_rec.hostname,
 915                                                 rr + 1);
 916                         }
 917                         break;
 918                 } else if (TYPE_MATCH(type, ns_t_uri,
 919                                       rec_type, "URI", key, query)) {
 920                         rc = rwrap_create_fake_uri_rr(key, value, rr);
 921                         if (rc == 0) {
 922                                 /* Recurse to collect multiple URI answers under a single key. */
 923                                 rc = rwrap_uri_recurse(hostfile, recursion + 1, key, rr + 1);
 924                         }
 925                         break;
 926                 } else if (TYPE_MATCH(type, ns_t_soa,
 927                                       rec_type, "SOA", key, query)) {
 928                         rc = rwrap_create_fake_soa_rr(key, value, rr);
 929                         break;
 930                 } else if (TYPE_MATCH(type, ns_t_cname,
 931                                       rec_type, "CNAME", key, query)) {
 932                         rc = rwrap_create_fake_cname_rr(key, value, rr);
 933                         if (rc == 0) {
 934                                 rc = rwrap_cname_recurse(hostfile, recursion+1,
 935                                                          value, rr + 1);
 936                         }
 937                         break;
 938                 } else if (TYPE_MATCH(type, ns_t_a, rec_type, "CNAME", key, query)) {
 939                         rc = rwrap_create_fake_cname_rr(key, value, rr);
 940                         if (rc == 0) {
 941                                 rc = rwrap_cname_recurse(hostfile, recursion+1,
 942                                                          value, rr + 1);
 943                         }
 944                         break;
 945                 } else if (TYPE_MATCH(type, ns_t_ptr,
 946                                       rec_type, "PTR", key, query)) {
 947                         rc = rwrap_create_fake_ptr_rr(key, value, rr);
 948                         break;
 949                 }
 950         }
 951
 952         if (rc == ENOENT && recursion == 0 && key != NULL) {
 953                 RWRAP_LOG(RWRAP_LOG_TRACE, "Record for [%s] not found\n", query);
 954                 memcpy(rr->key, key, strlen(key) + 1);
 955         }
 956
 957         fclose(fp);
 958         return rc;
 959 }
 960
 961 static ssize_t rwrap_fake_empty(int type,
 962                                 const char *question,
 963                                 uint8_t *answer,
 964                                 size_t anslen)
 965 {
 966         ssize_t resp_data;
 967         size_t remaining = anslen;
 968
 969         resp_data = rwrap_fake_header(&answer, remaining, 0, 0);
 970         if (resp_data < 0) {
 971                 return -1;
 972         }
 973         remaining -= resp_data;
 974
 975         resp_data += rwrap_fake_question(question, type, &answer, remaining);
 976         if (resp_data < 0) {
 977                 return -1;
 978         }
 979         remaining -= resp_data;
 980
 981         resp_data += rwrap_fake_rdata_common(type, 0, question,
 982                                             remaining, &answer);
 983         if (resp_data < 0) {
 984                 return -1;
 985         }
 986
 987         return resp_data;
 988 }
 989
 990 static inline bool rwrap_known_type(int type)
 991 {
 992         switch (type) {
 993         case ns_t_a:
 994         case ns_t_aaaa:
 995         case ns_t_ns:
 996         case ns_t_srv:
 997         case ns_t_uri:
 998         case ns_t_soa:
 999         case ns_t_cname:
1000         case ns_t_ptr:
1001                 return true;
1002         }
1003
1004         return false;
1005 }
1006
1007 static int rwrap_ancount(struct rwrap_fake_rr *rrs, int qtype)
1008 {
1009         int i;
1010         int ancount = 0;
1011
1012         /* For URI return the number of URIs. */
1013         if (qtype == ns_t_uri) {
1014                 for (i = 0; i < RWRAP_MAX_RECURSION; i++) {
1015                         if (rwrap_known_type(rrs[i].type) &&
1016                             rrs[i].type == qtype) {
1017                                 ancount++;
1018                         }
1019                 }
1020                 return ancount;
1021         }
1022
1023         /* Include all RRs in the stack until the sought type
1024          * in the answer section. This is the case i.e. when looking
1025          * up an A record but the name points to a CNAME
1026          */
1027         for (i = 0; i < RWRAP_MAX_RECURSION; i++) {
1028                 ancount++;
1029
1030                 if (rwrap_known_type(rrs[i].type) &&
1031                     rrs[i].type == qtype) {
1032                         break;
1033                 }
1034         }
1035
1036         /* Return 0 records if the sought type wasn't in the stack */
1037         return i < RWRAP_MAX_RECURSION ? ancount : 0;
1038 }
1039
1040 static int rwrap_arcount(struct rwrap_fake_rr *rrs, int ancount)
1041 {
1042         int i;
1043         int arcount = 0;
1044
1045         /* start from index ancount */
1046         for (i = ancount; i < RWRAP_MAX_RECURSION; i++) {
1047                 if (rwrap_known_type(rrs[i].type)) {
1048                         arcount++;
1049                 }
1050         }
1051
1052         return arcount;
1053 }
1054
1055 static ssize_t rwrap_add_rr(struct rwrap_fake_rr *rr,
1056                             uint8_t *answer,
1057                             size_t anslen)
1058 {
1059         ssize_t resp_data;
1060
1061         if (rr == NULL) {
1062                 RWRAP_LOG(RWRAP_LOG_ERROR, "Internal error!\n");
1063                 return -1;
1064         }
1065
1066         switch (rr->type) {
1067         case ns_t_a:
1068                 resp_data = rwrap_fake_a(rr, answer, anslen);
1069                 break;
1070         case ns_t_aaaa:
1071                 resp_data = rwrap_fake_aaaa(rr, answer, anslen);
1072                 break;
1073         case ns_t_ns:
1074                 resp_data = rwrap_fake_ns(rr, answer, anslen);
1075                 break;
1076         case ns_t_srv:
1077                 resp_data = rwrap_fake_srv(rr, answer, anslen);
1078                 break;
1079         case ns_t_uri:
1080                 resp_data = rwrap_fake_uri(rr, answer, anslen);
1081                 break;
1082         case ns_t_soa:
1083                 resp_data = rwrap_fake_soa(rr, answer, anslen);
1084                 break;
1085         case ns_t_cname:
1086                 resp_data = rwrap_fake_cname(rr, answer, anslen);
1087                 break;
1088         case ns_t_ptr:
1089                 resp_data = rwrap_fake_ptr(rr, answer, anslen);
1090                 break;
1091         default:
1092                 return -1;
1093         }
1094
1095         return resp_data;
1096 }
1097
1098 static ssize_t rwrap_fake_answer(struct rwrap_fake_rr *rrs,
1099                                  int type,
1100                                  uint8_t *answer,
1101                                  size_t anslen)
1102
1103 {
1104         ssize_t resp_data;
1105         ssize_t rrlen;
1106         size_t remaining = anslen;
1107         int ancount;
1108         int arcount;
1109         int i;
1110
1111         ancount = rwrap_ancount(rrs, type);
1112         arcount = rwrap_arcount(rrs, ancount);
1113         RWRAP_LOG(RWRAP_LOG_TRACE,
1114                   "Got %d answers and %d additional records\n", ancount, arcount);
1115
1116         resp_data = rwrap_fake_header(&answer, remaining, ancount, arcount);
1117         if (resp_data < 0) {
1118                 return -1;
1119         }
1120         remaining -= resp_data;
1121
1122         resp_data += rwrap_fake_question(rrs->key, rrs->type, &answer, remaining);
1123         if (resp_data < 0) {
1124                 return -1;
1125         }
1126         remaining -= resp_data;
1127
1128         /* answer */
1129         for (i = 0; i < ancount; i++) {
1130                 rrlen = rwrap_add_rr(&rrs[i], answer, remaining);
1131                 if (rrlen < 0) {
1132                         return -1;
1133                 }
1134                 remaining -= rrlen;
1135                 answer += rrlen;
1136                 resp_data += rrlen;
1137         }
1138
1139         /* add authoritative NS here? */
1140
1141         /* additional records */
1142         for (i = ancount; i < ancount + arcount; i++) {
1143                 rrlen = rwrap_add_rr(&rrs[i], answer, remaining);
1144                 if (rrlen < 0) {
1145                         return -1;
1146                 }
1147                 remaining -= rrlen;
1148                 answer += rrlen;
1149                 resp_data += rrlen;
1150         }
1151
1152         return resp_data;
1153 }
1154
1155 /* Reads in a file in the following format:
1156  * TYPE RDATA
1157  *
1158  * Malformed entries are silently skipped.
1159  * Allocates answer buffer of size anslen that has to be freed after use.
1160  */
1161 static int rwrap_res_fake_hosts(const char *hostfile,
1162                                 const char *query,
1163                                 int type,
1164                                 unsigned char *answer,
1165                                 size_t anslen)
1166 {
1167         int rc = ENOENT;
1168         char *query_name = NULL;
1169         size_t qlen = strlen(query);
1170         struct rwrap_fake_rr rrs[RWRAP_MAX_RECURSION];
1171         ssize_t resp_size;
1172
1173         RWRAP_LOG(RWRAP_LOG_TRACE,
1174                   "Searching in fake hosts file %s\n", hostfile);
1175
1176         if (qlen > 0 && query[qlen-1] == '.') {
1177                 qlen--;
1178         }
1179
1180         query_name = strndup(query, qlen);
1181         if (query_name == NULL) {
1182                 return -1;
1183         }
1184
1185         rwrap_fake_rr_init(rrs, RWRAP_MAX_RECURSION);
1186
1187         rc = rwrap_get_record(hostfile, 0, query_name, type, rrs);
1188         switch (rc) {
1189         case 0:
1190                 RWRAP_LOG(RWRAP_LOG_TRACE,
1191                                 "Found record for [%s]\n", query_name);
1192                 resp_size = rwrap_fake_answer(rrs, type, answer, anslen);
1193                 break;
1194         case ENOENT:
1195                 RWRAP_LOG(RWRAP_LOG_TRACE,
1196                                 "No record for [%s]\n", query_name);
1197                 resp_size = rwrap_fake_empty(type, rrs->key, answer, anslen);
1198                 break;
1199         default:
1200                 RWRAP_LOG(RWRAP_LOG_NOTICE,
1201                           "Searching for [%s] did not return any results\n",
1202                           query_name);
1203                 free(query_name);
1204                 return -1;
1205         }
1206
1207         switch (resp_size) {
1208         case -1:
1209                 RWRAP_LOG(RWRAP_LOG_ERROR,
1210                                 "Error faking answer for [%s]\n", query_name);
1211                 break;
1212         default:
1213                 RWRAP_LOG(RWRAP_LOG_TRACE,
1214                                 "Successfully faked answer for [%s]\n",
1215                                 query_name);
1216                 break;
1217         }
1218
1219         free(query_name);
1220         return resp_size;
1221 }
1222
1223 /*********************************************************
1224  * RWRAP LOADING LIBC FUNCTIONS
1225  *********************************************************/
1226
1227 #include <dlfcn.h>
1228
1229 typedef int (*__libc_res_ninit)(struct __res_state *state);
1230 typedef int (*__libc___res_ninit)(struct __res_state *state);
1231 typedef void (*__libc_res_nclose)(struct __res_state *state);
1232 typedef void (*__libc___res_nclose)(struct __res_state *state);
1233 typedef int (*__libc_res_nquery)(struct __res_state *state,
1234                                  const char *dname,
1235                                  int class,
1236                                  int type,
1237                                  unsigned char *answer,
1238                                  int anslen);
1239 typedef int (*__libc___res_nquery)(struct __res_state *state,
1240                                    const char *dname,
1241                                    int class,
1242                                    int type,
1243                                    unsigned char *answer,
1244                                    int anslen);
1245 typedef int (*__libc_res_nsearch)(struct __res_state *state,
1246                                   const char *dname,
1247                                   int class,
1248                                   int type,
1249                                   unsigned char *answer,
1250                                   int anslen);
1251 typedef int (*__libc___res_nsearch)(struct __res_state *state,
1252                                     const char *dname,
1253                                     int class,
1254                                     int type,
1255                                     unsigned char *answer,
1256                                     int anslen);
1257
1258 #define RWRAP_SYMBOL_ENTRY(i) \
1259         union { \
1260                 __libc_##i f; \
1261                 void *obj; \
1262         } _libc_##i
1263
1264 struct rwrap_libc_symbols {
1265         RWRAP_SYMBOL_ENTRY(res_ninit);
1266         RWRAP_SYMBOL_ENTRY(__res_ninit);
1267         RWRAP_SYMBOL_ENTRY(res_nclose);
1268         RWRAP_SYMBOL_ENTRY(__res_nclose);
1269         RWRAP_SYMBOL_ENTRY(res_nquery);
1270         RWRAP_SYMBOL_ENTRY(__res_nquery);
1271         RWRAP_SYMBOL_ENTRY(res_nsearch);
1272         RWRAP_SYMBOL_ENTRY(__res_nsearch);
1273 };
1274 #undef RWRAP_SYMBOL_ENTRY
1275
1276 struct rwrap {
1277         struct {
1278                 void *handle;
1279                 struct rwrap_libc_symbols symbols;
1280         } libc;
1281
1282         struct {
1283                 void *handle;
1284                 struct rwrap_libc_symbols symbols;
1285         } libresolv;
1286
1287         bool initialised;
1288         bool enabled;
1289
1290         char *socket_dir;
1291 };
1292
1293 static struct rwrap rwrap;
1294
1295 enum rwrap_lib {
1296     RWRAP_LIBC,
1297     RWRAP_LIBRESOLV
1298 };
1299
1300 static const char *rwrap_str_lib(enum rwrap_lib lib)
1301 {
1302         switch (lib) {
1303         case RWRAP_LIBC:
1304                 return "libc";
1305         case RWRAP_LIBRESOLV:
1306                 return "libresolv";
1307         }
1308
1309         /* Compiler would warn us about unhandled enum value if we get here */
1310         return "unknown";
1311 }
1312
1313 static void *rwrap_load_lib_handle(enum rwrap_lib lib)
1314 {
1315         int flags = RTLD_LAZY;
1316         void *handle = NULL;
1317         int i;
1318
1319 #ifdef RTLD_DEEPBIND
1320         const char *env_preload = getenv("LD_PRELOAD");
1321         const char *env_deepbind = getenv("RESOLV_WRAPPER_DISABLE_DEEPBIND");
1322         bool enable_deepbind = true;
1323
1324         /* Don't do a deepbind if we run with libasan */
1325         if (env_preload != NULL && strlen(env_preload) < 1024) {
1326                 const char *p = strstr(env_preload, "libasan.so");
1327                 if (p != NULL) {
1328                         enable_deepbind = false;
1329                 }
1330         }
1331
1332         if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
1333                 enable_deepbind = false;
1334         }
1335
1336         if (enable_deepbind) {
1337                 flags |= RTLD_DEEPBIND;
1338         }
1339 #endif
1340
1341         switch (lib) {
1342         case RWRAP_LIBRESOLV:
1343 #ifdef HAVE_LIBRESOLV
1344                 handle = rwrap.libresolv.handle;
1345                 if (handle == NULL) {
1346                         for (i = 10; i >= 0; i--) {
1347                                 char soname[256] = {0};
1348
1349                                 snprintf(soname, sizeof(soname), "libresolv.so.%d", i);
1350                                 handle = dlopen(soname, flags);
1351                                 if (handle != NULL) {
1352                                         break;
1353                                 }
1354                         }
1355
1356                         rwrap.libresolv.handle = handle;
1357                 }
1358                 break;
1359 #endif
1360                 /* FALL TROUGH */
1361         case RWRAP_LIBC:
1362                 handle = rwrap.libc.handle;
1363 #ifdef LIBC_SO
1364                 if (handle == NULL) {
1365                         handle = dlopen(LIBC_SO, flags);
1366
1367                         rwrap.libc.handle = handle;
1368                 }
1369 #endif
1370                 if (handle == NULL) {
1371                         for (i = 10; i >= 0; i--) {
1372                                 char soname[256] = {0};
1373
1374                                 snprintf(soname, sizeof(soname), "libc.so.%d", i);
1375                                 handle = dlopen(soname, flags);
1376                                 if (handle != NULL) {
1377                                         break;
1378                                 }
1379                         }
1380
1381                         rwrap.libc.handle = handle;
1382                 }
1383                 break;
1384         }
1385
1386         if (handle == NULL) {
1387 #ifdef RTLD_NEXT
1388                 handle = rwrap.libc.handle = rwrap.libresolv.handle = RTLD_NEXT;
1389 #else
1390                 RWRAP_LOG(RWRAP_LOG_ERROR,
1391                           "Failed to dlopen library: %s\n",
1392                           dlerror());
1393                 exit(-1);
1394 #endif
1395         }
1396
1397         return handle;
1398 }
1399
1400 static void *_rwrap_bind_symbol(enum rwrap_lib lib, const char *fn_name)
1401 {
1402         void *handle;
1403         void *func;
1404
1405         handle = rwrap_load_lib_handle(lib);
1406
1407         func = dlsym(handle, fn_name);
1408         if (func == NULL) {
1409                 RWRAP_LOG(RWRAP_LOG_ERROR,
1410                                 "Failed to find %s: %s\n",
1411                                 fn_name, dlerror());
1412                 exit(-1);
1413         }
1414
1415         RWRAP_LOG(RWRAP_LOG_TRACE,
1416                         "Loaded %s from %s",
1417                         fn_name, rwrap_str_lib(lib));
1418         return func;
1419 }
1420
1421 #define rwrap_bind_symbol_libc(sym_name) \
1422         if (rwrap.libc.symbols._libc_##sym_name.obj == NULL) { \
1423                 rwrap.libc.symbols._libc_##sym_name.obj = \
1424                         _rwrap_bind_symbol(RWRAP_LIBC, #sym_name); \
1425         }
1426
1427 #define rwrap_bind_symbol_libresolv(sym_name) \
1428         if (rwrap.libresolv.symbols._libc_##sym_name.obj == NULL) { \
1429                 rwrap.libresolv.symbols._libc_##sym_name.obj = \
1430                         _rwrap_bind_symbol(RWRAP_LIBRESOLV, #sym_name); \
1431         }
1432
1433 /*
1434  * IMPORTANT
1435  *
1436  * Functions especially from libc need to be loaded individually, you can't load
1437  * all at once or gdb will segfault at startup. The same applies to valgrind and
1438  * has probably something todo with with the linker.
1439  * So we need load each function at the point it is called the first time.
1440  */
1441
1442 static int libc_res_ninit(struct __res_state *state)
1443 {
1444 #if !defined(res_ninit) && defined(HAVE_RES_NINIT)
1445
1446 #if defined(HAVE_RES_NINIT_IN_LIBRESOLV)
1447         rwrap_bind_symbol_libresolv(res_ninit);
1448
1449         return rwrap.libresolv.symbols._libc_res_ninit.f(state);
1450 #else /* HAVE_RES_NINIT_IN_LIBRESOLV */
1451         rwrap_bind_symbol_libc(res_ninit);
1452
1453         return rwrap.libc.symbols._libc_res_ninit.f(state);
1454 #endif /* HAVE_RES_NINIT_IN_LIBRESOLV */
1455
1456 #elif defined(HAVE___RES_NINIT)
1457         rwrap_bind_symbol_libc(__res_ninit);
1458
1459         return rwrap.libc.symbols._libc___res_ninit.f(state);
1460 #else
1461 #error "No res_ninit function"
1462 #endif
1463 }
1464
1465 static void libc_res_nclose(struct __res_state *state)
1466 {
1467 #if !defined(res_close) && defined(HAVE_RES_NCLOSE)
1468
1469 #if defined(HAVE_RES_NCLOSE_IN_LIBRESOLV)
1470         rwrap_bind_symbol_libresolv(res_nclose);
1471
1472         rwrap.libresolv.symbols._libc_res_nclose.f(state);
1473         return;
1474 #else /* HAVE_RES_NCLOSE_IN_LIBRESOLV */
1475         rwrap_bind_symbol_libc(res_nclose);
1476
1477         rwrap.libc.symbols._libc_res_nclose.f(state);
1478         return;
1479 #endif /* HAVE_RES_NCLOSE_IN_LIBRESOLV */
1480
1481 #elif defined(HAVE___RES_NCLOSE)
1482         rwrap_bind_symbol_libc(__res_nclose);
1483
1484         rwrap.libc.symbols._libc___res_nclose.f(state);
1485 #else
1486 #error "No res_nclose function"
1487 #endif
1488 }
1489
1490 static int libc_res_nquery(struct __res_state *state,
1491                            const char *dname,
1492                            int class,
1493                            int type,
1494                            unsigned char *answer,
1495                            int anslen)
1496 {
1497 #if !defined(res_nquery) && defined(HAVE_RES_NQUERY)
1498         rwrap_bind_symbol_libresolv(res_nquery);
1499
1500         return rwrap.libresolv.symbols._libc_res_nquery.f(state,
1501                                                           dname,
1502                                                           class,
1503                                                           type,
1504                                                           answer,
1505                                                           anslen);
1506 #elif defined(HAVE___RES_NQUERY)
1507         rwrap_bind_symbol_libresolv(__res_nquery);
1508
1509         return rwrap.libresolv.symbols._libc___res_nquery.f(state,
1510                                                             dname,
1511                                                             class,
1512                                                             type,
1513                                                             answer,
1514                                                             anslen);
1515 #else
1516 #error "No res_nquery function"
1517 #endif
1518 }
1519
1520 static int libc_res_nsearch(struct __res_state *state,
1521                             const char *dname,
1522                             int class,
1523                             int type,
1524                             unsigned char *answer,
1525                             int anslen)
1526 {
1527 #if !defined(res_nsearch) && defined(HAVE_RES_NSEARCH)
1528         rwrap_bind_symbol_libresolv(res_nsearch);
1529
1530         return rwrap.libresolv.symbols._libc_res_nsearch.f(state,
1531                                                            dname,
1532                                                            class,
1533                                                            type,
1534                                                            answer,
1535                                                            anslen);
1536 #elif defined(HAVE___RES_NSEARCH)
1537         rwrap_bind_symbol_libresolv(__res_nsearch);
1538
1539         return rwrap.libresolv.symbols._libc___res_nsearch.f(state,
1540                                                              dname,
1541                                                              class,
1542                                                              type,
1543                                                              answer,
1544                                                              anslen);
1545 #else
1546 #error "No res_nsearch function"
1547 #endif
1548 }
1549
1550 /****************************************************************************
1551  *   RES_HELPER
1552  ***************************************************************************/
1553
1554 static int rwrap_parse_resolv_conf(struct __res_state *state,
1555                                    const char *resolv_conf)
1556 {
1557         FILE *fp;
1558         char buf[BUFSIZ];
1559         int nserv = 0;
1560
1561         fp = fopen(resolv_conf, "r");
1562         if (fp == NULL) {
1563                 RWRAP_LOG(RWRAP_LOG_ERROR,
1564                           "Opening %s failed: %s",
1565                           resolv_conf, strerror(errno));
1566                 return -1;
1567         }
1568
1569         while(fgets(buf, sizeof(buf), fp) != NULL) {
1570                 char *p;
1571
1572                 /* Ignore comments */
1573                 if (buf[0] == '#' || buf[0] == ';') {
1574                         continue;
1575                 }
1576
1577                 if (RESOLV_MATCH(buf, "nameserver") && nserv < MAXNS) {
1578                         struct in_addr a;
1579                         char *q;
1580                         int ok;
1581
1582                         p = buf + strlen("nameserver");
1583
1584                         /* Skip spaces and tabs */
1585                         while(isblank((int)p[0])) {
1586                                 p++;
1587                         }
1588
1589                         q = p;
1590                         while(q[0] != '\n' && q[0] != '\0') {
1591                                 q++;
1592                         }
1593                         q[0] = '\0';
1594
1595                         ok = inet_pton(AF_INET, p, &a);
1596                         if (ok) {
1597                                 state->nsaddr_list[state->nscount] = (struct sockaddr_in) {
1598                                         .sin_family = AF_INET,
1599                                         .sin_addr = a,
1600                                         .sin_port = htons(53),
1601                                         .sin_zero = { 0 },
1602                                 };
1603
1604                                 state->nscount++;
1605                                 nserv++;
1606                         } else {
1607 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1608                                 /* IPv6 */
1609                                 struct in6_addr a6;
1610                                 ok = inet_pton(AF_INET6, p, &a6);
1611                                 if (ok) {
1612                                         struct sockaddr_in6 *sa6;
1613
1614                                         sa6 = malloc(sizeof(*sa6));
1615                                         if (sa6 == NULL) {
1616                                                 fclose(fp);
1617                                                 return -1;
1618                                         }
1619
1620                                         sa6->sin6_family = AF_INET6;
1621                                         sa6->sin6_port = htons(53);
1622                                         sa6->sin6_flowinfo = 0;
1623                                         sa6->sin6_addr = a6;
1624
1625                                         state->_u._ext.nsaddrs[state->_u._ext.nscount] = sa6;
1626                                         state->_u._ext.nssocks[state->_u._ext.nscount] = -1;
1627                                         state->_u._ext.nsmap[state->_u._ext.nscount] = MAXNS + 1;
1628
1629                                         state->_u._ext.nscount++;
1630                                         nserv++;
1631                                 } else {
1632                                         RWRAP_LOG(RWRAP_LOG_ERROR,
1633                                                 "Malformed DNS server");
1634                                         continue;
1635                                 }
1636 #else /* !HAVE_RESOLV_IPV6_NSADDRS */
1637                                 /*
1638                                  * BSD uses an opaque structure to store the
1639                                  * IPv6 addresses. So we can not simply store
1640                                  * these addresses the same way as above.
1641                                  */
1642                                 RWRAP_LOG(RWRAP_LOG_WARN,
1643                                           "resolve_wrapper does not support "
1644                                           "IPv6 on this platform");
1645                                         continue;
1646 #endif
1647                         }
1648                         continue;
1649                 } /* TODO: match other keywords */
1650         }
1651
1652         if (ferror(fp)) {
1653                 RWRAP_LOG(RWRAP_LOG_ERROR,
1654                           "Reading from %s failed",
1655                           resolv_conf);
1656                 fclose(fp);
1657                 return -1;
1658         }
1659
1660         fclose(fp);
1661         return 0;
1662 }
1663
1664 /****************************************************************************
1665  *   RES_NINIT
1666  ***************************************************************************/
1667
1668 static int rwrap_res_ninit(struct __res_state *state)
1669 {
1670         int rc;
1671
1672         rc = libc_res_ninit(state);
1673         if (rc == 0) {
1674                 const char *resolv_conf = getenv("RESOLV_WRAPPER_CONF");
1675
1676                 if (resolv_conf != NULL) {
1677                         uint16_t i;
1678
1679                         (void)i; /* maybe unused */
1680
1681                         /* Delete name servers */
1682                         state->nscount = 0;
1683                         memset(state->nsaddr_list, 0, sizeof(state->nsaddr_list));
1684
1685 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1686                         state->_u._ext.nscount = 0;
1687                         for (i = 0; i < state->_u._ext.nscount; i++) {
1688                                 SAFE_FREE(state->_u._ext.nsaddrs[i]);
1689                         }
1690 #endif
1691
1692                         rc = rwrap_parse_resolv_conf(state, resolv_conf);
1693                 }
1694         }
1695
1696         return rc;
1697 }
1698
1699 #if !defined(res_ninit) && defined(HAVE_RES_NINIT)
1700 int res_ninit(struct __res_state *state)
1701 #elif defined(HAVE___RES_NINIT)
1702 int __res_ninit(struct __res_state *state)
1703 #endif
1704 {
1705         return rwrap_res_ninit(state);
1706 }
1707
1708 /****************************************************************************
1709  *   RES_INIT
1710  ***************************************************************************/
1711
1712 static struct __res_state rwrap_res_state;
1713
1714 static int rwrap_res_init(void)
1715 {
1716         int rc;
1717
1718         rc = rwrap_res_ninit(&rwrap_res_state);
1719
1720         return rc;
1721 }
1722
1723 #if !defined(res_ninit) && defined(HAVE_RES_INIT)
1724 int res_init(void)
1725 #elif defined(HAVE___RES_INIT)
1726 int __res_init(void)
1727 #endif
1728 {
1729         return rwrap_res_init();
1730 }
1731
1732 /****************************************************************************
1733  *   RES_NCLOSE
1734  ***************************************************************************/
1735
1736 static void rwrap_res_nclose(struct __res_state *state)
1737 {
1738 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1739         int i;
1740 #endif
1741
1742         libc_res_nclose(state);
1743
1744 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1745         if (state != NULL) {
1746                 for (i = 0; i < state->_u._ext.nscount; i++) {
1747                         SAFE_FREE(state->_u._ext.nsaddrs[i]);
1748                 }
1749         }
1750 #endif
1751 }
1752
1753 #if !defined(res_nclose) && defined(HAVE_RES_NCLOSE)
1754 void res_nclose(struct __res_state *state)
1755 #elif defined(HAVE___RES_NCLOSE)
1756 void __res_nclose(struct __res_state *state)
1757 #endif
1758 {
1759         rwrap_res_nclose(state);
1760 }
1761
1762 /****************************************************************************
1763  *   RES_CLOSE
1764  ***************************************************************************/
1765
1766 static void rwrap_res_close(void)
1767 {
1768         rwrap_res_nclose(&rwrap_res_state);
1769 }
1770
1771 #if defined(HAVE_RES_CLOSE)
1772 void res_close(void)
1773 #elif defined(HAVE___RES_CLOSE)
1774 void __res_close(void)
1775 #endif
1776 {
1777         rwrap_res_close();
1778 }
1779
1780 /****************************************************************************
1781  *   RES_NQUERY
1782  ***************************************************************************/
1783
1784 static int rwrap_res_nquery(struct __res_state *state,
1785                             const char *dname,
1786                             int class,
1787                             int type,
1788                             unsigned char *answer,
1789                             int anslen)
1790 {
1791         int rc;
1792         const char *fake_hosts;
1793 #ifndef NDEBUG
1794         int i;
1795 #endif
1796
1797         RWRAP_LOG(RWRAP_LOG_TRACE,
1798                   "Resolve the domain name [%s] - class=%d, type=%d",
1799                   dname, class, type);
1800 #ifndef NDEBUG
1801         for (i = 0; i < state->nscount; i++) {
1802                 char ip[INET6_ADDRSTRLEN];
1803
1804                 inet_ntop(AF_INET, &state->nsaddr_list[i].sin_addr, ip, sizeof(ip));
1805                 RWRAP_LOG(RWRAP_LOG_TRACE,
1806                           "        nameserver: %s",
1807                           ip);
1808         }
1809 #endif
1810
1811         fake_hosts = getenv("RESOLV_WRAPPER_HOSTS");
1812         if (fake_hosts != NULL) {
1813                 rc = rwrap_res_fake_hosts(fake_hosts, dname, type, answer, anslen);
1814         } else {
1815                 rc = libc_res_nquery(state, dname, class, type, answer, anslen);
1816         }
1817
1818
1819         RWRAP_LOG(RWRAP_LOG_TRACE,
1820                   "The returned response length is: %d",
1821                   rc);
1822
1823         return rc;
1824 }
1825
1826 #if !defined(res_nquery) && defined(HAVE_RES_NQUERY)
1827 int res_nquery(struct __res_state *state,
1828                const char *dname,
1829                int class,
1830                int type,
1831                unsigned char *answer,
1832                int anslen)
1833 #elif defined(HAVE___RES_NQUERY)
1834 int __res_nquery(struct __res_state *state,
1835                  const char *dname,
1836                  int class,
1837                  int type,
1838                  unsigned char *answer,
1839                  int anslen)
1840 #endif
1841 {
1842         return rwrap_res_nquery(state, dname, class, type, answer, anslen);
1843 }
1844
1845 /****************************************************************************
1846  *   RES_QUERY
1847  ***************************************************************************/
1848
1849 static int rwrap_res_query(const char *dname,
1850                            int class,
1851                            int type,
1852                            unsigned char *answer,
1853                            int anslen)
1854 {
1855         int rc;
1856
1857         rc = rwrap_res_ninit(&rwrap_res_state);
1858         if (rc != 0) {
1859                 return rc;
1860         }
1861
1862         rc = rwrap_res_nquery(&rwrap_res_state,
1863                               dname,
1864                               class,
1865                               type,
1866                               answer,
1867                               anslen);
1868
1869         return rc;
1870 }
1871
1872 #if !defined(res_query) && defined(HAVE_RES_QUERY)
1873 int res_query(const char *dname,
1874               int class,
1875               int type,
1876               unsigned char *answer,
1877               int anslen)
1878 #elif defined(HAVE___RES_QUERY)
1879 int __res_query(const char *dname,
1880                 int class,
1881                 int type,
1882                 unsigned char *answer,
1883                 int anslen)
1884 #endif
1885 {
1886         return rwrap_res_query(dname, class, type, answer, anslen);
1887 }
1888
1889 /****************************************************************************
1890  *   RES_NSEARCH
1891  ***************************************************************************/
1892
1893 static int rwrap_res_nsearch(struct __res_state *state,
1894                              const char *dname,
1895                              int class,
1896                              int type,
1897                              unsigned char *answer,
1898                              int anslen)
1899 {
1900         int rc;
1901         const char *fake_hosts;
1902 #ifndef NDEBUG
1903         int i;
1904 #endif
1905
1906         RWRAP_LOG(RWRAP_LOG_TRACE,
1907                   "Resolve the domain name [%s] - class=%d, type=%d",
1908                   dname, class, type);
1909 #ifndef NDEBUG
1910         for (i = 0; i < state->nscount; i++) {
1911                 char ip[INET6_ADDRSTRLEN];
1912
1913                 inet_ntop(AF_INET, &state->nsaddr_list[i].sin_addr, ip, sizeof(ip));
1914                 RWRAP_LOG(RWRAP_LOG_TRACE,
1915                           "        nameserver: %s",
1916                           ip);
1917         }
1918 #endif
1919
1920         fake_hosts = getenv("RESOLV_WRAPPER_HOSTS");
1921         if (fake_hosts != NULL) {
1922                 rc = rwrap_res_fake_hosts(fake_hosts, dname, type, answer, anslen);
1923         } else {
1924                 rc = libc_res_nsearch(state, dname, class, type, answer, anslen);
1925         }
1926
1927         RWRAP_LOG(RWRAP_LOG_TRACE,
1928                   "The returned response length is: %d",
1929                   rc);
1930
1931         return rc;
1932 }
1933
1934 #if !defined(res_nsearch) && defined(HAVE_RES_NSEARCH)
1935 int res_nsearch(struct __res_state *state,
1936                 const char *dname,
1937                 int class,
1938                 int type,
1939                 unsigned char *answer,
1940                 int anslen)
1941 #elif defined(HAVE___RES_NSEARCH)
1942 int __res_nsearch(struct __res_state *state,
1943                   const char *dname,
1944                   int class,
1945                   int type,
1946                   unsigned char *answer,
1947                   int anslen)
1948 #endif
1949 {
1950         return rwrap_res_nsearch(state, dname, class, type, answer, anslen);
1951 }
1952
1953 /****************************************************************************
1954  *   RES_SEARCH
1955  ***************************************************************************/
1956
1957 static int rwrap_res_search(const char *dname,
1958                             int class,
1959                             int type,
1960                             unsigned char *answer,
1961                             int anslen)
1962 {
1963         int rc;
1964
1965         rc = rwrap_res_ninit(&rwrap_res_state);
1966         if (rc != 0) {
1967                 return rc;
1968         }
1969
1970         rc = rwrap_res_nsearch(&rwrap_res_state,
1971                                dname,
1972                                class,
1973                                type,
1974                                answer,
1975                                anslen);
1976
1977         return rc;
1978 }
1979
1980 #if !defined(res_search) && defined(HAVE_RES_SEARCH)
1981 int res_search(const char *dname,
1982                int class,
1983                int type,
1984                unsigned char *answer,
1985                int anslen)
1986 #elif defined(HAVE___RES_SEARCH)
1987 int __res_search(const char *dname,
1988                  int class,
1989                  int type,
1990                  unsigned char *answer,
1991                  int anslen)
1992 #endif
1993 {
1994         return rwrap_res_search(dname, class, type, answer, anslen);
1995 }