2 * Copyright (c) 2014-2018 Andreas Schneider <asn@samba.org>
3 * Copyright (c) 2014-2016 Jakub Hrozek <jakub.hrozek@posteo.se>
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
14 * 2. Redistributions in binary form must reproduce the above copyright
15 * notice, this list of conditions and the following disclaimer in the
16 * documentation and/or other materials provided with the distribution.
18 * 3. Neither the name of the author nor the names of its contributors
19 * may be used to endorse or promote products derived from this software
20 * without specific prior written permission.
22 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
23 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
26 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
27 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
28 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
29 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
30 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
31 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
38 #include <arpa/inet.h>
39 #ifdef HAVE_ARPA_NAMESER_H
40 #include <arpa/nameser.h>
41 #endif /* HAVE_ARPA_NAMESER_H */
42 #include <netinet/in.h>
43 #include <sys/socket.h>
44 #include <sys/types.h>
55 /* GCC has printf type attribute check. */
56 #ifdef HAVE_ATTRIBUTE_PRINTF_FORMAT
57 #define PRINTF_ATTRIBUTE(a,b) __attribute__ ((__format__ (__printf__, a, b)))
59 #define PRINTF_ATTRIBUTE(a,b)
60 #endif /* HAVE_ATTRIBUTE_PRINTF_FORMAT */
62 #ifdef HAVE_DESTRUCTOR_ATTRIBUTE
63 #define DESTRUCTOR_ATTRIBUTE __attribute__ ((destructor))
65 #define DESTRUCTOR_ATTRIBUTE
66 #endif /* HAVE_DESTRUCTOR_ATTRIBUTE */
68 #ifndef RWRAP_DEFAULT_FAKE_TTL
69 #define RWRAP_DEFAULT_FAKE_TTL 600
70 #endif /* RWRAP_DEFAULT_FAKE_TTL */
72 #ifndef HAVE_NS_NAME_COMPRESS
73 #define ns_name_compress dn_comp
86 static void rwrap_log(enum rwrap_dbglvl_e dbglvl, const char *func, const char *format, ...) PRINTF_ATTRIBUTE(3, 4);
87 # define RWRAP_LOG(dbglvl, ...) rwrap_log((dbglvl), __func__, __VA_ARGS__)
89 static void rwrap_log(enum rwrap_dbglvl_e dbglvl,
91 const char *format, ...)
98 const char *prefix = NULL;
100 d = getenv("RESOLV_WRAPPER_DEBUGLEVEL");
109 va_start(va, format);
110 vsnprintf(buffer, sizeof(buffer), format, va);
114 case RWRAP_LOG_ERROR:
115 prefix = "RWRAP_ERROR";
118 prefix = "RWRAP_WARN";
120 case RWRAP_LOG_NOTICE:
121 prefix = "RWRAP_NOTICE";
123 case RWRAP_LOG_DEBUG:
124 prefix = "RWRAP_DEBUG";
126 case RWRAP_LOG_TRACE:
127 prefix = "RWRAP_TRACE";
140 #define SAFE_FREE(x) do { if ((x) != NULL) {free(x); (x)=NULL;} } while(0)
143 #define NEXT_KEY(buf, key) do { \
144 (key) = (buf) ? strpbrk((buf), " \t") : NULL; \
145 if ((key) != NULL) { \
149 while ((key) != NULL \
150 && (isblank((int)(key)[0]))) { \
155 #define RWRAP_MAX_RECURSION 64
157 /* Priority and weight can be omitted from the hosts file, but need to be part
160 #define DFL_SRV_PRIO 1
161 #define DFL_SRV_WEIGHT 100
162 #define DFL_URI_PRIO 1
163 #define DFL_URI_WEIGHT 100
165 struct rwrap_srv_rrdata {
169 char hostname[MAXDNAME];
172 struct rwrap_uri_rrdata {
178 struct rwrap_soa_rrdata {
184 char nameserver[MAXDNAME];
185 char mailbox[MAXDNAME];
188 struct rwrap_fake_rr {
190 struct in_addr a_rec;
191 struct in6_addr aaaa_rec;
192 struct rwrap_srv_rrdata srv_rec;
193 struct rwrap_uri_rrdata uri_rec;
194 struct rwrap_soa_rrdata soa_rec;
195 char cname_rec[MAXDNAME];
196 char ptr_rec[MAXDNAME];
197 char txt_rec[MAXDNAME];
201 int type; /* ns_t_* */
204 static void rwrap_fake_rr_init(struct rwrap_fake_rr *rr, size_t len)
208 for (i = 0; i < len; i++) {
209 rr[i].type = ns_t_invalid;
213 static int rwrap_create_fake_a_rr(const char *key,
215 struct rwrap_fake_rr *rr)
219 ok = inet_pton(AF_INET, value, &rr->rrdata.a_rec);
221 RWRAP_LOG(RWRAP_LOG_ERROR,
222 "Failed to convert [%s] to binary\n", value);
226 memcpy(rr->key, key, strlen(key) + 1);
231 static int rwrap_create_fake_aaaa_rr(const char *key,
233 struct rwrap_fake_rr *rr)
237 ok = inet_pton(AF_INET6, value, &rr->rrdata.aaaa_rec);
239 RWRAP_LOG(RWRAP_LOG_ERROR,
240 "Failed to convert [%s] to binary\n", value);
244 memcpy(rr->key, key, strlen(key) + 1);
245 rr->type = ns_t_aaaa;
248 static int rwrap_create_fake_ns_rr(const char *key,
250 struct rwrap_fake_rr *rr)
252 memcpy(rr->rrdata.srv_rec.hostname, value, strlen(value) + 1);
253 memcpy(rr->key, key, strlen(key) + 1);
258 static int rwrap_create_fake_srv_rr(const char *key,
260 struct rwrap_fake_rr *rr)
265 const char *hostname;
267 /* parse the value into priority, weight, port and hostname
268 * and check the validity */
270 NEXT_KEY(hostname, str_port);
271 NEXT_KEY(str_port, str_prio);
272 NEXT_KEY(str_prio, str_weight);
273 if (str_port == NULL || hostname == NULL) {
274 RWRAP_LOG(RWRAP_LOG_ERROR,
275 "Malformed SRV entry [%s]\n", value);
280 rr->rrdata.srv_rec.prio = atoi(str_prio);
282 rr->rrdata.srv_rec.prio = DFL_SRV_PRIO;
285 rr->rrdata.srv_rec.weight = atoi(str_weight);
287 rr->rrdata.srv_rec.weight = DFL_SRV_WEIGHT;
289 rr->rrdata.srv_rec.port = atoi(str_port);
290 memcpy(rr->rrdata.srv_rec.hostname , hostname, strlen(hostname) + 1);
292 memcpy(rr->key, key, strlen(key) + 1);
297 static int rwrap_create_fake_uri_rr(const char *key,
299 struct rwrap_fake_rr *rr)
305 /* parse the value into priority, weight, and uri
306 * and check the validity */
308 NEXT_KEY(uri, str_prio);
309 NEXT_KEY(str_prio, str_weight);
311 RWRAP_LOG(RWRAP_LOG_ERROR,
312 "Malformed URI entry [<null>]\n");
317 rr->rrdata.uri_rec.prio = atoi(str_prio);
319 rr->rrdata.uri_rec.prio = DFL_URI_PRIO;
322 rr->rrdata.uri_rec.weight = atoi(str_weight);
324 rr->rrdata.uri_rec.weight = DFL_URI_WEIGHT;
326 memcpy(rr->rrdata.uri_rec.uri, uri, strlen(uri) + 1);
328 memcpy(rr->key, key, strlen(key) + 1);
333 static int rwrap_create_fake_txt_rr(const char *key,
335 struct rwrap_fake_rr *rr)
337 memcpy(rr->rrdata.txt_rec, value, strlen(value) + 1);
339 memcpy(rr->key, key, strlen(key) + 1);
344 static int rwrap_create_fake_soa_rr(const char *key,
346 struct rwrap_fake_rr *rr)
348 const char *nameserver;
356 /* parse the value into nameserver, mailbox, serial, refresh,
357 * retry, expire, minimum and check the validity
360 NEXT_KEY(nameserver, mailbox);
361 NEXT_KEY(mailbox, str_serial);
362 NEXT_KEY(str_serial, str_refresh);
363 NEXT_KEY(str_refresh, str_retry);
364 NEXT_KEY(str_retry, str_expire);
365 NEXT_KEY(str_expire, str_minimum);
366 if (nameserver == NULL || mailbox == NULL || str_serial == NULL ||
367 str_refresh == NULL || str_retry == NULL || str_expire == NULL ||
368 str_minimum == NULL) {
369 RWRAP_LOG(RWRAP_LOG_ERROR,
370 "Malformed SOA entry [%s]\n", value);
374 memcpy(rr->rrdata.soa_rec.nameserver, nameserver, strlen(nameserver)+1);
375 memcpy(rr->rrdata.soa_rec.mailbox, mailbox, strlen(mailbox)+1);
377 rr->rrdata.soa_rec.serial = atoi(str_serial);
378 rr->rrdata.soa_rec.refresh = atoi(str_refresh);
379 rr->rrdata.soa_rec.retry = atoi(str_retry);
380 rr->rrdata.soa_rec.expire = atoi(str_expire);
381 rr->rrdata.soa_rec.minimum = atoi(str_minimum);
383 memcpy(rr->key, key, strlen(key) + 1);
388 static int rwrap_create_fake_cname_rr(const char *key,
390 struct rwrap_fake_rr *rr)
392 memcpy(rr->rrdata.cname_rec , value, strlen(value) + 1);
393 memcpy(rr->key, key, strlen(key) + 1);
394 rr->type = ns_t_cname;
398 static int rwrap_create_fake_ptr_rr(const char *key,
400 struct rwrap_fake_rr *rr)
402 memcpy(rr->rrdata.ptr_rec , value, strlen(value) + 1);
403 memcpy(rr->key, key, strlen(key) + 1);
408 /* Prepares a fake header with a single response. Advances header_blob */
409 static ssize_t rwrap_fake_header(uint8_t **header_blob, size_t remaining,
410 size_t ancount, size_t arcount)
417 if (remaining < NS_HFIXEDSZ) {
418 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n");
422 h.blob = *header_blob;
423 memset(h.blob, 0, NS_HFIXEDSZ);
425 h.header->id = res_randomid(); /* random query ID */
426 h.header->qr = 1; /* response flag */
427 h.header->rd = 1; /* recursion desired */
428 h.header->ra = 1; /* recursion available */
430 h.header->qdcount = htons(1); /* no. of questions */
431 h.header->ancount = htons(ancount); /* no. of answers */
432 h.header->arcount = htons(arcount); /* no. of add'tl records */
434 /* move past the header */
435 *header_blob = h.blob += NS_HFIXEDSZ;
440 static ssize_t rwrap_fake_question(const char *question,
442 uint8_t **question_ptr,
445 uint8_t *qb = *question_ptr;
448 n = ns_name_compress(question, qb, remaining, NULL, NULL);
450 RWRAP_LOG(RWRAP_LOG_ERROR,
451 "Failed to compress [%s]\n", question);
458 if (remaining < 2 * sizeof(uint16_t)) {
459 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small!\n");
464 NS_PUT16(ns_c_in, qb);
467 return n + 2 * sizeof(uint16_t);
470 static ssize_t rwrap_fake_rdata_common(uint16_t type,
476 uint8_t *rd = *rdata_ptr;
479 written = ns_name_compress(key, rd, remaining, NULL, NULL);
481 RWRAP_LOG(RWRAP_LOG_ERROR,
482 "Failed to compress [%s]\n", key);
486 remaining -= written;
488 if (remaining < 3 * sizeof(uint16_t) + sizeof(uint32_t)) {
489 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small\n");
494 NS_PUT16(ns_c_in, rd);
495 NS_PUT32(RWRAP_DEFAULT_FAKE_TTL, rd);
496 NS_PUT16(rdata_size, rd);
498 if (remaining < rdata_size) {
499 RWRAP_LOG(RWRAP_LOG_ERROR, "Buffer too small\n");
504 return written + 3 * sizeof(uint16_t) + sizeof(uint32_t) + rdata_size;
507 static ssize_t rwrap_fake_a(struct rwrap_fake_rr *rr,
511 uint8_t *a = answer_ptr;
514 if (rr->type != ns_t_a) {
515 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
518 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding A RR");
520 resp_size = rwrap_fake_rdata_common(ns_t_a, sizeof(struct in_addr), rr->key,
526 memcpy(a, &rr->rrdata.a_rec, sizeof(struct in_addr));
531 static ssize_t rwrap_fake_aaaa(struct rwrap_fake_rr *rr,
538 if (rr->type != ns_t_aaaa) {
539 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
542 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding AAAA RR");
544 resp_size = rwrap_fake_rdata_common(ns_t_aaaa, sizeof(struct in6_addr),
545 rr->key, anslen, &a);
550 memcpy(a, &rr->rrdata.aaaa_rec, sizeof(struct in6_addr));
555 static ssize_t rwrap_fake_ns(struct rwrap_fake_rr *rr,
560 ssize_t resp_size = 0;
562 unsigned char hostname_compressed[MAXDNAME];
563 ssize_t compressed_len;
565 if (rr->type != ns_t_ns) {
566 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
569 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding NS RR");
571 /* Prepare the data to write */
572 compressed_len = ns_name_compress(rr->rrdata.srv_rec.hostname,
577 if (compressed_len < 0) {
581 /* Is this enough? */
582 rdata_size = compressed_len;
584 resp_size = rwrap_fake_rdata_common(ns_t_ns, rdata_size,
585 rr->key, anslen, &a);
590 memcpy(a, hostname_compressed, compressed_len);
595 static ssize_t rwrap_fake_srv(struct rwrap_fake_rr *rr,
602 unsigned char hostname_compressed[MAXDNAME];
603 ssize_t compressed_len;
605 if (rr->type != ns_t_srv) {
606 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
609 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SRV RR");
610 rdata_size = 3 * sizeof(uint16_t);
612 /* Prepare the data to write */
613 compressed_len = ns_name_compress(rr->rrdata.srv_rec.hostname,
614 hostname_compressed, MAXDNAME,
616 if (compressed_len < 0) {
619 rdata_size += compressed_len;
621 resp_size = rwrap_fake_rdata_common(ns_t_srv, rdata_size,
622 rr->key, anslen, &a);
627 NS_PUT16(rr->rrdata.srv_rec.prio, a);
628 NS_PUT16(rr->rrdata.srv_rec.weight, a);
629 NS_PUT16(rr->rrdata.srv_rec.port, a);
630 memcpy(a, hostname_compressed, compressed_len);
635 static ssize_t rwrap_fake_uri(struct rwrap_fake_rr *rr,
644 if (rr->type != ns_t_uri) {
645 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
648 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding URI RR");
649 rdata_size = 3 * sizeof(uint16_t);
650 uri_len = strlen(rr->rrdata.uri_rec.uri) + 1;
651 rdata_size += uri_len;
653 resp_size = rwrap_fake_rdata_common(ns_t_uri, rdata_size,
654 rr->key, anslen, &a);
659 NS_PUT16(rr->rrdata.uri_rec.prio, a);
660 NS_PUT16(rr->rrdata.uri_rec.weight, a);
661 memcpy(a, rr->rrdata.uri_rec.uri, uri_len);
666 static ssize_t rwrap_fake_txt(struct rwrap_fake_rr *rr,
675 if (rr->type != ns_t_txt) {
676 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
679 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding TXT RR");
680 txt_len = strlen(rr->rrdata.txt_rec) + 1;
681 rdata_size = txt_len;
683 resp_size = rwrap_fake_rdata_common(ns_t_txt, rdata_size,
684 rr->key, anslen, &a);
689 memcpy(a, rr->rrdata.txt_rec, txt_len);
694 static ssize_t rwrap_fake_soa(struct rwrap_fake_rr *rr,
701 unsigned char nameser_compressed[MAXDNAME];
702 ssize_t compressed_ns_len;
703 unsigned char mailbox_compressed[MAXDNAME];
704 ssize_t compressed_mb_len;
706 if (rr->type != ns_t_soa) {
707 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
710 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding SOA RR");
711 rdata_size = 5 * sizeof(uint16_t);
713 compressed_ns_len = ns_name_compress(rr->rrdata.soa_rec.nameserver,
715 MAXDNAME, NULL, NULL);
716 if (compressed_ns_len < 0) {
719 rdata_size += compressed_ns_len;
721 compressed_mb_len = ns_name_compress(rr->rrdata.soa_rec.mailbox,
723 MAXDNAME, NULL, NULL);
724 if (compressed_mb_len < 0) {
727 rdata_size += compressed_mb_len;
729 resp_size = rwrap_fake_rdata_common(ns_t_soa, rdata_size,
730 rr->key, anslen, &a);
735 memcpy(a, nameser_compressed, compressed_ns_len);
736 a += compressed_ns_len;
737 memcpy(a, mailbox_compressed, compressed_mb_len);
738 a += compressed_mb_len;
739 NS_PUT32(rr->rrdata.soa_rec.serial, a);
740 NS_PUT32(rr->rrdata.soa_rec.refresh, a);
741 NS_PUT32(rr->rrdata.soa_rec.retry, a);
742 NS_PUT32(rr->rrdata.soa_rec.expire, a);
743 NS_PUT32(rr->rrdata.soa_rec.minimum, a);
748 static ssize_t rwrap_fake_cname(struct rwrap_fake_rr *rr,
754 unsigned char hostname_compressed[MAXDNAME];
757 if (rr->type != ns_t_cname) {
758 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
761 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding CNAME RR");
763 /* Prepare the data to write */
764 rdata_size = ns_name_compress(rr->rrdata.cname_rec,
765 hostname_compressed, MAXDNAME,
767 if (rdata_size < 0) {
771 resp_size = rwrap_fake_rdata_common(ns_t_cname, rdata_size,
772 rr->key, anslen, &a);
777 memcpy(a, hostname_compressed, rdata_size);
782 static ssize_t rwrap_fake_ptr(struct rwrap_fake_rr *rr,
789 unsigned char hostname_compressed[MAXDNAME];
791 if (rr->type != ns_t_ptr) {
792 RWRAP_LOG(RWRAP_LOG_ERROR, "Wrong type!\n");
795 RWRAP_LOG(RWRAP_LOG_TRACE, "Adding PTR RR");
797 /* Prepare the data to write */
798 rdata_size = ns_name_compress(rr->rrdata.ptr_rec,
799 hostname_compressed, MAXDNAME,
801 if (rdata_size < 0) {
805 resp_size = rwrap_fake_rdata_common(ns_t_ptr, rdata_size,
806 rr->key, anslen, &a);
811 memcpy(a, hostname_compressed, rdata_size);
816 #define RESOLV_MATCH(line, name) \
817 (strncmp(line, name, sizeof(name) - 1) == 0 && \
818 (line[sizeof(name) - 1] == ' ' || \
819 line[sizeof(name) - 1] == '\t'))
821 #define TYPE_MATCH(type, ns_type, rec_type, str_type, key, query) \
822 ((type) == (ns_type) && \
823 (strncmp((rec_type), (str_type), sizeof(str_type)) == 0) && \
824 (strcasecmp(key, query)) == 0)
827 static int rwrap_get_record(const char *hostfile, unsigned recursion,
828 const char *query, int type,
829 struct rwrap_fake_rr *rr);
831 static int rwrap_uri_recurse(const char *hostfile, unsigned recursion,
832 const char *query, struct rwrap_fake_rr *rr)
836 rc = rwrap_get_record(hostfile, recursion, query, ns_t_uri, rr);
844 static int rwrap_srv_recurse(const char *hostfile, unsigned recursion,
845 const char *query, struct rwrap_fake_rr *rr)
849 rc = rwrap_get_record(hostfile, recursion, query, ns_t_a, rr);
850 if (rc == 0) return 0;
852 rc = rwrap_get_record(hostfile, recursion, query, ns_t_aaaa, rr);
853 if (rc == ENOENT) rc = 0;
858 static int rwrap_cname_recurse(const char *hostfile, unsigned recursion,
859 const char *query, struct rwrap_fake_rr *rr)
863 rc = rwrap_get_record(hostfile, recursion, query, ns_t_a, rr);
864 if (rc == 0) return 0;
866 rc = rwrap_get_record(hostfile, recursion, query, ns_t_aaaa, rr);
867 if (rc == 0) return 0;
869 rc = rwrap_get_record(hostfile, recursion, query, ns_t_cname, rr);
870 if (rc == ENOENT) rc = 0;
875 static int rwrap_get_record(const char *hostfile, unsigned recursion,
876 const char *query, int type,
877 struct rwrap_fake_rr *rr)
884 unsigned num_uris = 0;
886 if (recursion >= RWRAP_MAX_RECURSION) {
887 RWRAP_LOG(RWRAP_LOG_ERROR, "Recursed too deep!\n");
891 RWRAP_LOG(RWRAP_LOG_TRACE,
892 "Searching in fake hosts file %s for %s:%d\n", hostfile,
895 fp = fopen(hostfile, "r");
897 RWRAP_LOG(RWRAP_LOG_WARN,
898 "Opening %s failed: %s",
899 hostfile, strerror(errno));
903 while (fgets(buf, sizeof(buf), fp) != NULL) {
910 NEXT_KEY(rec_type, key);
911 NEXT_KEY(key, value);
913 if (key == NULL || value == NULL) {
914 RWRAP_LOG(RWRAP_LOG_WARN,
915 "Malformed line: not enough parts, use \"rec_type key data\n"
916 "For example \"A cwrap.org 10.10.10.10\"");
921 while(q[0] != '\n' && q[0] != '\0') {
926 if (type == ns_t_uri && recursion > 0) {
927 /* Skip non-URI records. */
928 if (!TYPE_MATCH(type, ns_t_uri, rec_type, "URI", key, query)) {
931 /* Skip previous records based on the recurse depth. */
933 if (num_uris <= recursion) {
938 if (TYPE_MATCH(type, ns_t_a, rec_type, "A", key, query)) {
939 rc = rwrap_create_fake_a_rr(key, value, rr);
941 } else if (TYPE_MATCH(type, ns_t_aaaa,
942 rec_type, "AAAA", key, query)) {
943 rc = rwrap_create_fake_aaaa_rr(key, value, rr);
945 } else if (TYPE_MATCH(type, ns_t_ns,
946 rec_type, "NS", key, query)) {
947 rc = rwrap_create_fake_ns_rr(key, value, rr);
949 } else if (TYPE_MATCH(type, ns_t_srv,
950 rec_type, "SRV", key, query)) {
951 rc = rwrap_create_fake_srv_rr(key, value, rr);
953 rc = rwrap_srv_recurse(hostfile, recursion+1,
954 rr->rrdata.srv_rec.hostname,
958 } else if (TYPE_MATCH(type, ns_t_uri,
959 rec_type, "URI", key, query)) {
960 rc = rwrap_create_fake_uri_rr(key, value, rr);
962 /* Recurse to collect multiple URI answers under a single key. */
963 rc = rwrap_uri_recurse(hostfile, recursion + 1, key, rr + 1);
966 } else if (TYPE_MATCH(type, ns_t_soa,
967 rec_type, "SOA", key, query)) {
968 rc = rwrap_create_fake_soa_rr(key, value, rr);
970 } else if (TYPE_MATCH(type, ns_t_cname,
971 rec_type, "CNAME", key, query)) {
972 rc = rwrap_create_fake_cname_rr(key, value, rr);
974 rc = rwrap_cname_recurse(hostfile, recursion+1,
978 } else if (TYPE_MATCH(type, ns_t_a, rec_type, "CNAME", key, query)) {
979 rc = rwrap_create_fake_cname_rr(key, value, rr);
981 rc = rwrap_cname_recurse(hostfile, recursion+1,
985 } else if (TYPE_MATCH(type, ns_t_ptr,
986 rec_type, "PTR", key, query)) {
987 rc = rwrap_create_fake_ptr_rr(key, value, rr);
990 else if (TYPE_MATCH(type, ns_t_txt,
991 rec_type, "TXT", key, query)) {
992 rc = rwrap_create_fake_txt_rr(key, value, rr);
997 if (rc == ENOENT && recursion == 0 && key != NULL) {
998 RWRAP_LOG(RWRAP_LOG_TRACE, "Record for [%s] not found\n", query);
999 memcpy(rr->key, key, strlen(key) + 1);
1006 static ssize_t rwrap_fake_empty(int type,
1007 const char *question,
1012 size_t remaining = anslen;
1014 resp_data = rwrap_fake_header(&answer, remaining, 0, 0);
1015 if (resp_data < 0) {
1018 remaining -= resp_data;
1020 resp_data += rwrap_fake_question(question, type, &answer, remaining);
1021 if (resp_data < 0) {
1024 remaining -= resp_data;
1026 resp_data += rwrap_fake_rdata_common(type, 0, question,
1027 remaining, &answer);
1028 if (resp_data < 0) {
1035 static inline bool rwrap_known_type(int type)
1053 static int rwrap_ancount(struct rwrap_fake_rr *rrs, int qtype)
1058 /* For URI return the number of URIs. */
1059 if (qtype == ns_t_uri) {
1060 for (i = 0; i < RWRAP_MAX_RECURSION; i++) {
1061 if (rwrap_known_type(rrs[i].type) &&
1062 rrs[i].type == qtype) {
1069 /* Include all RRs in the stack until the sought type
1070 * in the answer section. This is the case i.e. when looking
1071 * up an A record but the name points to a CNAME
1073 for (i = 0; i < RWRAP_MAX_RECURSION; i++) {
1076 if (rwrap_known_type(rrs[i].type) &&
1077 rrs[i].type == qtype) {
1082 /* Return 0 records if the sought type wasn't in the stack */
1083 return i < RWRAP_MAX_RECURSION ? ancount : 0;
1086 static int rwrap_arcount(struct rwrap_fake_rr *rrs, int ancount)
1091 /* start from index ancount */
1092 for (i = ancount; i < RWRAP_MAX_RECURSION; i++) {
1093 if (rwrap_known_type(rrs[i].type)) {
1101 static ssize_t rwrap_add_rr(struct rwrap_fake_rr *rr,
1108 RWRAP_LOG(RWRAP_LOG_ERROR, "Internal error!\n");
1114 resp_data = rwrap_fake_a(rr, answer, anslen);
1117 resp_data = rwrap_fake_aaaa(rr, answer, anslen);
1120 resp_data = rwrap_fake_ns(rr, answer, anslen);
1123 resp_data = rwrap_fake_srv(rr, answer, anslen);
1126 resp_data = rwrap_fake_uri(rr, answer, anslen);
1129 resp_data = rwrap_fake_soa(rr, answer, anslen);
1132 resp_data = rwrap_fake_cname(rr, answer, anslen);
1135 resp_data = rwrap_fake_ptr(rr, answer, anslen);
1138 resp_data = rwrap_fake_txt(rr, answer, anslen);
1147 static ssize_t rwrap_fake_answer(struct rwrap_fake_rr *rrs,
1155 size_t remaining = anslen;
1160 ancount = rwrap_ancount(rrs, type);
1161 arcount = rwrap_arcount(rrs, ancount);
1162 RWRAP_LOG(RWRAP_LOG_TRACE,
1163 "Got %d answers and %d additional records\n", ancount, arcount);
1165 resp_data = rwrap_fake_header(&answer, remaining, ancount, arcount);
1166 if (resp_data < 0) {
1169 remaining -= resp_data;
1171 resp_data += rwrap_fake_question(rrs->key, rrs->type, &answer, remaining);
1172 if (resp_data < 0) {
1175 remaining -= resp_data;
1178 for (i = 0; i < ancount; i++) {
1179 rrlen = rwrap_add_rr(&rrs[i], answer, remaining);
1188 /* add authoritative NS here? */
1190 /* additional records */
1191 for (i = ancount; i < ancount + arcount; i++) {
1192 rrlen = rwrap_add_rr(&rrs[i], answer, remaining);
1204 /* Reads in a file in the following format:
1207 * Malformed entries are silently skipped.
1208 * Allocates answer buffer of size anslen that has to be freed after use.
1210 static int rwrap_res_fake_hosts(const char *hostfile,
1213 unsigned char *answer,
1217 char *query_name = NULL;
1218 size_t qlen = strlen(query);
1219 struct rwrap_fake_rr rrs[RWRAP_MAX_RECURSION];
1222 RWRAP_LOG(RWRAP_LOG_TRACE,
1223 "Searching in fake hosts file %s\n", hostfile);
1225 if (qlen > 0 && query[qlen-1] == '.') {
1229 query_name = strndup(query, qlen);
1230 if (query_name == NULL) {
1234 rwrap_fake_rr_init(rrs, RWRAP_MAX_RECURSION);
1236 rc = rwrap_get_record(hostfile, 0, query_name, type, rrs);
1239 RWRAP_LOG(RWRAP_LOG_TRACE,
1240 "Found record for [%s]\n", query_name);
1241 resp_size = rwrap_fake_answer(rrs, type, answer, anslen);
1244 RWRAP_LOG(RWRAP_LOG_TRACE,
1245 "No record for [%s]\n", query_name);
1246 resp_size = rwrap_fake_empty(type, rrs->key, answer, anslen);
1249 RWRAP_LOG(RWRAP_LOG_NOTICE,
1250 "Searching for [%s] did not return any results\n",
1256 switch (resp_size) {
1258 RWRAP_LOG(RWRAP_LOG_ERROR,
1259 "Error faking answer for [%s]\n", query_name);
1262 RWRAP_LOG(RWRAP_LOG_TRACE,
1263 "Successfully faked answer for [%s]\n",
1272 /*********************************************************
1273 * RWRAP LOADING LIBC FUNCTIONS
1274 *********************************************************/
1278 typedef int (*__libc_res_ninit)(struct __res_state *state);
1279 typedef int (*__libc___res_ninit)(struct __res_state *state);
1280 typedef void (*__libc_res_nclose)(struct __res_state *state);
1281 typedef void (*__libc___res_nclose)(struct __res_state *state);
1282 typedef int (*__libc_res_nquery)(struct __res_state *state,
1286 unsigned char *answer,
1288 typedef int (*__libc___res_nquery)(struct __res_state *state,
1292 unsigned char *answer,
1294 typedef int (*__libc_res_nsearch)(struct __res_state *state,
1298 unsigned char *answer,
1300 typedef int (*__libc___res_nsearch)(struct __res_state *state,
1304 unsigned char *answer,
1307 #define RWRAP_SYMBOL_ENTRY(i) \
1313 struct rwrap_libc_symbols {
1314 RWRAP_SYMBOL_ENTRY(res_ninit);
1315 RWRAP_SYMBOL_ENTRY(__res_ninit);
1316 RWRAP_SYMBOL_ENTRY(res_nclose);
1317 RWRAP_SYMBOL_ENTRY(__res_nclose);
1318 RWRAP_SYMBOL_ENTRY(res_nquery);
1319 RWRAP_SYMBOL_ENTRY(__res_nquery);
1320 RWRAP_SYMBOL_ENTRY(res_nsearch);
1321 RWRAP_SYMBOL_ENTRY(__res_nsearch);
1323 #undef RWRAP_SYMBOL_ENTRY
1328 struct rwrap_libc_symbols symbols;
1333 struct rwrap_libc_symbols symbols;
1342 static struct rwrap rwrap;
1349 static const char *rwrap_str_lib(enum rwrap_lib lib)
1354 case RWRAP_LIBRESOLV:
1358 /* Compiler would warn us about unhandled enum value if we get here */
1362 static void *rwrap_load_lib_handle(enum rwrap_lib lib)
1364 int flags = RTLD_LAZY;
1365 void *handle = NULL;
1368 #ifdef RTLD_DEEPBIND
1369 const char *env_preload = getenv("LD_PRELOAD");
1370 const char *env_deepbind = getenv("RESOLV_WRAPPER_DISABLE_DEEPBIND");
1371 bool enable_deepbind = true;
1373 /* Don't do a deepbind if we run with libasan */
1374 if (env_preload != NULL && strlen(env_preload) < 1024) {
1375 const char *p = strstr(env_preload, "libasan.so");
1377 enable_deepbind = false;
1381 if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
1382 enable_deepbind = false;
1385 if (enable_deepbind) {
1386 flags |= RTLD_DEEPBIND;
1391 case RWRAP_LIBRESOLV:
1392 #ifdef HAVE_LIBRESOLV
1393 handle = rwrap.libresolv.handle;
1394 if (handle == NULL) {
1395 for (i = 10; i >= 0; i--) {
1396 char soname[256] = {0};
1398 snprintf(soname, sizeof(soname), "libresolv.so.%d", i);
1399 handle = dlopen(soname, flags);
1400 if (handle != NULL) {
1405 rwrap.libresolv.handle = handle;
1411 handle = rwrap.libc.handle;
1413 if (handle == NULL) {
1414 handle = dlopen(LIBC_SO, flags);
1416 rwrap.libc.handle = handle;
1419 if (handle == NULL) {
1420 for (i = 10; i >= 0; i--) {
1421 char soname[256] = {0};
1423 snprintf(soname, sizeof(soname), "libc.so.%d", i);
1424 handle = dlopen(soname, flags);
1425 if (handle != NULL) {
1430 rwrap.libc.handle = handle;
1435 if (handle == NULL) {
1437 handle = rwrap.libc.handle = rwrap.libresolv.handle = RTLD_NEXT;
1439 RWRAP_LOG(RWRAP_LOG_ERROR,
1440 "Failed to dlopen library: %s\n",
1449 static void *_rwrap_bind_symbol(enum rwrap_lib lib, const char *fn_name)
1454 handle = rwrap_load_lib_handle(lib);
1456 func = dlsym(handle, fn_name);
1458 RWRAP_LOG(RWRAP_LOG_ERROR,
1459 "Failed to find %s: %s\n",
1460 fn_name, dlerror());
1464 RWRAP_LOG(RWRAP_LOG_TRACE,
1465 "Loaded %s from %s",
1466 fn_name, rwrap_str_lib(lib));
1470 #define rwrap_bind_symbol_libc(sym_name) \
1471 if (rwrap.libc.symbols._libc_##sym_name.obj == NULL) { \
1472 rwrap.libc.symbols._libc_##sym_name.obj = \
1473 _rwrap_bind_symbol(RWRAP_LIBC, #sym_name); \
1476 #define rwrap_bind_symbol_libresolv(sym_name) \
1477 if (rwrap.libresolv.symbols._libc_##sym_name.obj == NULL) { \
1478 rwrap.libresolv.symbols._libc_##sym_name.obj = \
1479 _rwrap_bind_symbol(RWRAP_LIBRESOLV, #sym_name); \
1485 * Functions especially from libc need to be loaded individually, you can't load
1486 * all at once or gdb will segfault at startup. The same applies to valgrind and
1487 * has probably something todo with with the linker.
1488 * So we need load each function at the point it is called the first time.
1491 static int libc_res_ninit(struct __res_state *state)
1493 #if !defined(res_ninit) && defined(HAVE_RES_NINIT)
1494 rwrap_bind_symbol_libresolv(res_ninit);
1496 return rwrap.libresolv.symbols._libc_res_ninit.f(state);
1497 #elif defined(HAVE___RES_NINIT)
1498 rwrap_bind_symbol_libresolv(__res_ninit);
1500 return rwrap.libresolv.symbols._libc___res_ninit.f(state);
1502 #error "No res_ninit function"
1506 static void libc_res_nclose(struct __res_state *state)
1508 #if !defined(res_close) && defined(HAVE_RES_NCLOSE)
1509 rwrap_bind_symbol_libresolv(res_nclose);
1511 rwrap.libresolv.symbols._libc_res_nclose.f(state);
1513 #elif defined(HAVE___RES_NCLOSE)
1514 rwrap_bind_symbol_libresolv(__res_nclose);
1516 rwrap.libresolv.symbols._libc___res_nclose.f(state);
1518 #error "No res_nclose function"
1522 static int libc_res_nquery(struct __res_state *state,
1526 unsigned char *answer,
1529 #if !defined(res_nquery) && defined(HAVE_RES_NQUERY)
1530 rwrap_bind_symbol_libresolv(res_nquery);
1532 return rwrap.libresolv.symbols._libc_res_nquery.f(state,
1538 #elif defined(HAVE___RES_NQUERY)
1539 rwrap_bind_symbol_libresolv(__res_nquery);
1541 return rwrap.libresolv.symbols._libc___res_nquery.f(state,
1548 #error "No res_nquery function"
1552 static int libc_res_nsearch(struct __res_state *state,
1556 unsigned char *answer,
1559 #if !defined(res_nsearch) && defined(HAVE_RES_NSEARCH)
1560 rwrap_bind_symbol_libresolv(res_nsearch);
1562 return rwrap.libresolv.symbols._libc_res_nsearch.f(state,
1568 #elif defined(HAVE___RES_NSEARCH)
1569 rwrap_bind_symbol_libresolv(__res_nsearch);
1571 return rwrap.libresolv.symbols._libc___res_nsearch.f(state,
1578 #error "No res_nsearch function"
1582 /****************************************************************************
1584 ***************************************************************************/
1586 static int rwrap_parse_resolv_conf(struct __res_state *state,
1587 const char *resolv_conf)
1593 fp = fopen(resolv_conf, "r");
1595 RWRAP_LOG(RWRAP_LOG_ERROR,
1596 "Opening %s failed: %s",
1597 resolv_conf, strerror(errno));
1601 while(fgets(buf, sizeof(buf), fp) != NULL) {
1604 /* Ignore comments */
1605 if (buf[0] == '#' || buf[0] == ';') {
1609 if (RESOLV_MATCH(buf, "nameserver") && nserv < MAXNS) {
1614 p = buf + strlen("nameserver");
1616 /* Skip spaces and tabs */
1617 while(isblank((int)p[0])) {
1622 while(q[0] != '\n' && q[0] != '\0') {
1627 ok = inet_pton(AF_INET, p, &a);
1629 state->nsaddr_list[state->nscount] = (struct sockaddr_in) {
1630 .sin_family = AF_INET,
1632 .sin_port = htons(53),
1639 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1642 ok = inet_pton(AF_INET6, p, &a6);
1644 struct sockaddr_in6 *sa6;
1646 sa6 = malloc(sizeof(*sa6));
1652 sa6->sin6_family = AF_INET6;
1653 sa6->sin6_port = htons(53);
1654 sa6->sin6_flowinfo = 0;
1655 sa6->sin6_addr = a6;
1657 state->_u._ext.nsaddrs[state->_u._ext.nscount] = sa6;
1658 state->_u._ext.nssocks[state->_u._ext.nscount] = -1;
1659 state->_u._ext.nsmap[state->_u._ext.nscount] = MAXNS + 1;
1661 state->_u._ext.nscount++;
1664 RWRAP_LOG(RWRAP_LOG_ERROR,
1665 "Malformed DNS server");
1668 #else /* !HAVE_RESOLV_IPV6_NSADDRS */
1670 * BSD uses an opaque structure to store the
1671 * IPv6 addresses. So we can not simply store
1672 * these addresses the same way as above.
1674 RWRAP_LOG(RWRAP_LOG_WARN,
1675 "resolve_wrapper does not support "
1676 "IPv6 on this platform");
1681 } /* TODO: match other keywords */
1685 RWRAP_LOG(RWRAP_LOG_ERROR,
1686 "Reading from %s failed",
1696 /****************************************************************************
1698 ***************************************************************************/
1700 static int rwrap_res_ninit(struct __res_state *state)
1704 rc = libc_res_ninit(state);
1706 const char *resolv_conf = getenv("RESOLV_WRAPPER_CONF");
1708 if (resolv_conf != NULL) {
1711 (void)i; /* maybe unused */
1713 /* Delete name servers */
1715 memset(state->nsaddr_list, 0, sizeof(state->nsaddr_list));
1717 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1718 state->_u._ext.nscount = 0;
1719 for (i = 0; i < state->_u._ext.nscount; i++) {
1720 SAFE_FREE(state->_u._ext.nsaddrs[i]);
1724 rc = rwrap_parse_resolv_conf(state, resolv_conf);
1731 #if !defined(res_ninit) && defined(HAVE_RES_NINIT)
1732 int res_ninit(struct __res_state *state)
1733 #elif defined(HAVE___RES_NINIT)
1734 int __res_ninit(struct __res_state *state)
1737 return rwrap_res_ninit(state);
1740 /****************************************************************************
1742 ***************************************************************************/
1744 static struct __res_state rwrap_res_state;
1746 static int rwrap_res_init(void)
1750 rc = rwrap_res_ninit(&rwrap_res_state);
1755 #if !defined(res_ninit) && defined(HAVE_RES_INIT)
1757 #elif defined(HAVE___RES_INIT)
1758 int __res_init(void)
1761 return rwrap_res_init();
1764 /****************************************************************************
1766 ***************************************************************************/
1768 static void rwrap_res_nclose(struct __res_state *state)
1770 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1774 libc_res_nclose(state);
1776 #ifdef HAVE_RESOLV_IPV6_NSADDRS
1777 if (state != NULL) {
1778 for (i = 0; i < state->_u._ext.nscount; i++) {
1779 SAFE_FREE(state->_u._ext.nsaddrs[i]);
1785 #if !defined(res_nclose) && defined(HAVE_RES_NCLOSE)
1786 void res_nclose(struct __res_state *state)
1787 #elif defined(HAVE___RES_NCLOSE)
1788 void __res_nclose(struct __res_state *state)
1791 rwrap_res_nclose(state);
1794 /****************************************************************************
1796 ***************************************************************************/
1798 static void rwrap_res_close(void)
1800 rwrap_res_nclose(&rwrap_res_state);
1803 #if defined(HAVE_RES_CLOSE)
1804 void res_close(void)
1805 #elif defined(HAVE___RES_CLOSE)
1806 void __res_close(void)
1812 /****************************************************************************
1814 ***************************************************************************/
1816 static int rwrap_res_nquery(struct __res_state *state,
1820 unsigned char *answer,
1824 const char *fake_hosts;
1829 RWRAP_LOG(RWRAP_LOG_TRACE,
1830 "Resolve the domain name [%s] - class=%d, type=%d",
1831 dname, class, type);
1833 for (i = 0; i < state->nscount; i++) {
1834 char ip[INET6_ADDRSTRLEN];
1836 inet_ntop(AF_INET, &state->nsaddr_list[i].sin_addr, ip, sizeof(ip));
1837 RWRAP_LOG(RWRAP_LOG_TRACE,
1843 fake_hosts = getenv("RESOLV_WRAPPER_HOSTS");
1844 if (fake_hosts != NULL) {
1845 rc = rwrap_res_fake_hosts(fake_hosts, dname, type, answer, anslen);
1847 rc = libc_res_nquery(state, dname, class, type, answer, anslen);
1851 RWRAP_LOG(RWRAP_LOG_TRACE,
1852 "The returned response length is: %d",
1858 #if !defined(res_nquery) && defined(HAVE_RES_NQUERY)
1859 int res_nquery(struct __res_state *state,
1863 unsigned char *answer,
1865 #elif defined(HAVE___RES_NQUERY)
1866 int __res_nquery(struct __res_state *state,
1870 unsigned char *answer,
1874 return rwrap_res_nquery(state, dname, class, type, answer, anslen);
1877 /****************************************************************************
1879 ***************************************************************************/
1881 static int rwrap_res_query(const char *dname,
1884 unsigned char *answer,
1889 rc = rwrap_res_ninit(&rwrap_res_state);
1894 rc = rwrap_res_nquery(&rwrap_res_state,
1904 #if !defined(res_query) && defined(HAVE_RES_QUERY)
1905 int res_query(const char *dname,
1908 unsigned char *answer,
1910 #elif defined(HAVE___RES_QUERY)
1911 int __res_query(const char *dname,
1914 unsigned char *answer,
1918 return rwrap_res_query(dname, class, type, answer, anslen);
1921 /****************************************************************************
1923 ***************************************************************************/
1925 static int rwrap_res_nsearch(struct __res_state *state,
1929 unsigned char *answer,
1933 const char *fake_hosts;
1938 RWRAP_LOG(RWRAP_LOG_TRACE,
1939 "Resolve the domain name [%s] - class=%d, type=%d",
1940 dname, class, type);
1942 for (i = 0; i < state->nscount; i++) {
1943 char ip[INET6_ADDRSTRLEN];
1945 inet_ntop(AF_INET, &state->nsaddr_list[i].sin_addr, ip, sizeof(ip));
1946 RWRAP_LOG(RWRAP_LOG_TRACE,
1952 fake_hosts = getenv("RESOLV_WRAPPER_HOSTS");
1953 if (fake_hosts != NULL) {
1954 rc = rwrap_res_fake_hosts(fake_hosts, dname, type, answer, anslen);
1956 rc = libc_res_nsearch(state, dname, class, type, answer, anslen);
1959 RWRAP_LOG(RWRAP_LOG_TRACE,
1960 "The returned response length is: %d",
1966 #if !defined(res_nsearch) && defined(HAVE_RES_NSEARCH)
1967 int res_nsearch(struct __res_state *state,
1971 unsigned char *answer,
1973 #elif defined(HAVE___RES_NSEARCH)
1974 int __res_nsearch(struct __res_state *state,
1978 unsigned char *answer,
1982 return rwrap_res_nsearch(state, dname, class, type, answer, anslen);
1985 /****************************************************************************
1987 ***************************************************************************/
1989 static int rwrap_res_search(const char *dname,
1992 unsigned char *answer,
1997 rc = rwrap_res_ninit(&rwrap_res_state);
2002 rc = rwrap_res_nsearch(&rwrap_res_state,
2012 #if !defined(res_search) && defined(HAVE_RES_SEARCH)
2013 int res_search(const char *dname,
2016 unsigned char *answer,
2018 #elif defined(HAVE___RES_SEARCH)
2019 int __res_search(const char *dname,
2022 unsigned char *answer,
2026 return rwrap_res_search(dname, class, type, answer, anslen);