1/* 2 * checkconf/unbound-host.c - replacement for host that supports validation. 3 * 4 * Copyright (c) 2007, NLnet Labs. All rights reserved. 5 * 6 * This software is open source. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * Redistributions of source code must retain the above copyright notice, 13 * this list of conditions and the following disclaimer. 14 * 15 * Redistributions in binary form must reproduce the above copyright notice, 16 * this list of conditions and the following disclaimer in the documentation 17 * and/or other materials provided with the distribution. 18 * 19 * Neither the name of the NLNET LABS nor the names of its contributors may 20 * be used to endorse or promote products derived from this software without 21 * specific prior written permission. 22 * 23 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 24 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 25 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 26 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 27 * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 28 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED 29 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 30 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF 31 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING 32 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS 33 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 34 */ 35 36/** 37 * \file 38 * 39 * This file performs functionality like 'host', and also supports validation. 40 * It uses the libunbound library. 41 */ 42 43#include "config.h" 44#ifdef HAVE_GETOPT_H 45#include <getopt.h> 46#endif 47/* remove alloc checks, not in this part of the code */ 48#ifdef UNBOUND_ALLOC_STATS 49#undef malloc 50#undef calloc 51#undef free 52#undef realloc 53#endif 54#ifdef UNBOUND_ALLOC_LITE 55#undef malloc 56#undef calloc 57#undef free 58#undef realloc 59#undef strdup 60#define unbound_lite_wrapstr(s) s 61#endif 62#include "libunbound/unbound.h" 63#include "ldns/rrdef.h" 64#include "ldns/wire2str.h" 65#ifdef HAVE_NSS 66/* nss3 */ 67#include "nss.h" 68#endif 69 70/** verbosity for unbound-host app */ 71static int verb = 0; 72 73/** Give unbound-host usage, and exit (1). */ 74static void 75usage() 76{ 77 printf("Usage: unbound-host [-vdhr46] [-c class] [-t type] hostname\n"); 78 printf(" [-y key] [-f keyfile] [-F namedkeyfile]\n"); 79 printf(" [-C configfile]\n"); 80 printf(" Queries the DNS for information.\n"); 81 printf(" The hostname is looked up for IP4, IP6 and mail.\n"); 82 printf(" If an ip-address is given a reverse lookup is done.\n"); 83 printf(" Use the -v option to see DNSSEC security information.\n"); 84 printf(" -t type what type to look for.\n"); 85 printf(" -c class what class to look for, if not class IN.\n"); 86 printf(" -y 'keystring' specify trust anchor, DS or DNSKEY, like\n"); 87 printf(" -y 'example.com DS 31560 5 1 1CFED8478...'\n"); 88 printf(" -f keyfile read trust anchors from file, with lines as -y.\n"); 89 printf(" -F keyfile read named.conf-style trust anchors.\n"); 90 printf(" -C config use the specified unbound.conf (none read by default)\n"); 91 printf(" -r read forwarder information from /etc/resolv.conf\n"); 92 printf(" breaks validation if the fwder does not do DNSSEC.\n"); 93 printf(" -v be more verbose, shows nodata and security.\n"); 94 printf(" -d debug, traces the action, -d -d shows more.\n"); 95 printf(" -4 use ipv4 network, avoid ipv6.\n"); 96 printf(" -6 use ipv6 network, avoid ipv4.\n"); 97 printf(" -h show this usage help.\n"); 98 printf("Version %s\n", PACKAGE_VERSION); 99 printf("BSD licensed, see LICENSE in source package for details.\n"); 100 printf("Report bugs to %s\n", PACKAGE_BUGREPORT); 101 exit(1); 102} 103 104/** determine if str is ip4 and put into reverse lookup format */ 105static int 106isip4(const char* nm, char** res) 107{ 108 struct in_addr addr; 109 /* ddd.ddd.ddd.ddd.in-addr.arpa. is less than 32 */ 110 char buf[32]; 111 if(inet_pton(AF_INET, nm, &addr) <= 0) { 112 return 0; 113 } 114 snprintf(buf, sizeof(buf), "%u.%u.%u.%u.in-addr.arpa", 115 (unsigned)((uint8_t*)&addr)[3], (unsigned)((uint8_t*)&addr)[2], 116 (unsigned)((uint8_t*)&addr)[1], (unsigned)((uint8_t*)&addr)[0]); 117 *res = strdup(buf); 118 return 1; 119} 120 121/** determine if str is ip6 and put into reverse lookup format */ 122static int 123isip6(const char* nm, char** res) 124{ 125 struct in6_addr addr; 126 /* [nibble.]{32}.ip6.arpa. is less than 128 */ 127 const char* hex = "0123456789abcdef"; 128 char buf[128]; 129 char *p; 130 int i; 131 if(inet_pton(AF_INET6, nm, &addr) <= 0) { 132 return 0; 133 } 134 p = buf; 135 for(i=15; i>=0; i--) { 136 uint8_t b = ((uint8_t*)&addr)[i]; 137 *p++ = hex[ (b&0x0f) ]; 138 *p++ = '.'; 139 *p++ = hex[ (b&0xf0) >> 4 ]; 140 *p++ = '.'; 141 } 142 snprintf(buf+16*4, sizeof(buf)-16*4, "ip6.arpa"); 143 *res = strdup(buf); 144 if(!*res) { 145 fprintf(stderr, "error: out of memory\n"); 146 exit(1); 147 } 148 return 1; 149} 150 151/** massage input name */ 152static char* 153massage_qname(const char* nm, int* reverse) 154{ 155 /* recognise IP4 and IP6, create reverse addresses if needed */ 156 char* res; 157 if(isip4(nm, &res)) { 158 *reverse = 1; 159 } else if(isip6(nm, &res)) { 160 *reverse = 1; 161 } else { 162 res = strdup(nm); 163 } 164 if(!res) { 165 fprintf(stderr, "error: out of memory\n"); 166 exit(1); 167 } 168 return res; 169} 170 171/** massage input type */ 172static int 173massage_type(const char* t, int reverse, int* multi) 174{ 175 if(t) { 176 int r = sldns_get_rr_type_by_name(t); 177 if(r == 0 && strcasecmp(t, "TYPE0") != 0 && 178 strcmp(t, "") != 0) { 179 fprintf(stderr, "error unknown type %s\n", t); 180 exit(1); 181 } 182 return r; 183 } 184 if(!t && reverse) 185 return LDNS_RR_TYPE_PTR; 186 *multi = 1; 187 return LDNS_RR_TYPE_A; 188} 189 190/** massage input class */ 191static int 192massage_class(const char* c) 193{ 194 if(c) { 195 int r = sldns_get_rr_class_by_name(c); 196 if(r == 0 && strcasecmp(c, "CLASS0") != 0 && 197 strcmp(c, "") != 0) { 198 fprintf(stderr, "error unknown class %s\n", c); 199 exit(1); 200 } 201 return r; 202 } 203 return LDNS_RR_CLASS_IN; 204} 205 206/** nice security status string */ 207static const char* 208secure_str(struct ub_result* result) 209{ 210 if(result->secure) return "(secure)"; 211 if(result->bogus) return "(BOGUS (security failure))"; 212 return "(insecure)"; 213} 214 215/** nice string for type */ 216static void 217pretty_type(char* s, size_t len, int t) 218{ 219 char d[16]; 220 sldns_wire2str_type_buf((uint16_t)t, d, sizeof(d)); 221 snprintf(s, len, "%s", d); 222} 223 224/** nice string for class */ 225static void 226pretty_class(char* s, size_t len, int c) 227{ 228 char d[16]; 229 sldns_wire2str_class_buf((uint16_t)c, d, sizeof(d)); 230 snprintf(s, len, "%s", d); 231} 232 233/** nice string for rcode */ 234static void 235pretty_rcode(char* s, size_t len, int r) 236{ 237 char d[16]; 238 sldns_wire2str_rcode_buf(r, d, sizeof(d)); 239 snprintf(s, len, "%s", d); 240} 241 242/** convert and print rdata */ 243static void 244print_rd(int t, char* data, size_t len) 245{ 246 char s[65535]; 247 sldns_wire2str_rdata_buf((uint8_t*)data, len, s, sizeof(s), (uint16_t)t); 248 printf(" %s", s); 249} 250 251/** pretty line of RR data for results */ 252static void 253pretty_rdata(char* q, char* cstr, char* tstr, int t, const char* sec, 254 char* data, size_t len) 255{ 256 printf("%s", q); 257 if(strcmp(cstr, "IN") != 0) 258 printf(" in class %s", cstr); 259 if(t == LDNS_RR_TYPE_A) 260 printf(" has address"); 261 else if(t == LDNS_RR_TYPE_AAAA) 262 printf(" has IPv6 address"); 263 else if(t == LDNS_RR_TYPE_MX) 264 printf(" mail is handled by"); 265 else if(t == LDNS_RR_TYPE_PTR) 266 printf(" domain name pointer"); 267 else printf(" has %s record", tstr); 268 print_rd(t, data, len); 269 if(verb > 0) 270 printf(" %s", sec); 271 printf("\n"); 272} 273 274/** pretty line of output for results */ 275static void 276pretty_output(char* q, int t, int c, struct ub_result* result, int docname) 277{ 278 int i; 279 const char *secstatus = secure_str(result); 280 char tstr[16]; 281 char cstr[16]; 282 char rcodestr[16]; 283 pretty_type(tstr, 16, t); 284 pretty_class(cstr, 16, c); 285 pretty_rcode(rcodestr, 16, result->rcode); 286 287 if(!result->havedata && result->rcode) { 288 printf("Host %s not found: %d(%s).", 289 q, result->rcode, rcodestr); 290 if(verb > 0) 291 printf(" %s", secstatus); 292 printf("\n"); 293 if(result->bogus && result->why_bogus) 294 printf("%s\n", result->why_bogus); 295 return; 296 } 297 if(docname && result->canonname && 298 result->canonname != result->qname) { 299 printf("%s is an alias for %s", result->qname, 300 result->canonname); 301 if(verb > 0) 302 printf(" %s", secstatus); 303 printf("\n"); 304 } 305 /* remove trailing . from long canonnames for nicer output */ 306 if(result->canonname && strlen(result->canonname) > 1 && 307 result->canonname[strlen(result->canonname)-1] == '.') 308 result->canonname[strlen(result->canonname)-1] = 0; 309 if(!result->havedata) { 310 if(verb > 0) { 311 printf("%s", result->canonname?result->canonname:q); 312 if(strcmp(cstr, "IN") != 0) 313 printf(" in class %s", cstr); 314 if(t == LDNS_RR_TYPE_A) 315 printf(" has no address"); 316 else if(t == LDNS_RR_TYPE_AAAA) 317 printf(" has no IPv6 address"); 318 else if(t == LDNS_RR_TYPE_PTR) 319 printf(" has no domain name ptr"); 320 else if(t == LDNS_RR_TYPE_MX) 321 printf(" has no mail handler record"); 322 else if(t == LDNS_RR_TYPE_ANY) { 323 char* s = sldns_wire2str_pkt( 324 result->answer_packet, 325 (size_t)result->answer_len); 326 if(!s) { 327 fprintf(stderr, "alloc failure\n"); 328 exit(1); 329 } 330 printf("%s\n", s); 331 } else printf(" has no %s record", tstr); 332 printf(" %s\n", secstatus); 333 } 334 /* else: emptiness to indicate no data */ 335 if(result->bogus && result->why_bogus) 336 printf("%s\n", result->why_bogus); 337 return; 338 } 339 i=0; 340 while(result->data[i]) 341 { 342 pretty_rdata( 343 result->canonname?result->canonname:q, 344 cstr, tstr, t, secstatus, result->data[i], 345 (size_t)result->len[i]); 346 i++; 347 } 348 if(result->bogus && result->why_bogus) 349 printf("%s\n", result->why_bogus); 350} 351 352/** perform a lookup and printout return if domain existed */ 353static int 354dnslook(struct ub_ctx* ctx, char* q, int t, int c, int docname) 355{ 356 int ret; 357 struct ub_result* result; 358 359 ret = ub_resolve(ctx, q, t, c, &result); 360 if(ret != 0) { 361 fprintf(stderr, "resolve error: %s\n", ub_strerror(ret)); 362 exit(1); 363 } 364 pretty_output(q, t, c, result, docname); 365 ret = result->nxdomain; 366 ub_resolve_free(result); 367 return ret; 368} 369 370/** perform host lookup */ 371static void 372lookup(struct ub_ctx* ctx, const char* nm, const char* qt, const char* qc) 373{ 374 /* massage input into a query name, type and class */ 375 int multi = 0; /* no type, so do A, AAAA, MX */ 376 int reverse = 0; /* we are doing a reverse lookup */ 377 char* realq = massage_qname(nm, &reverse); 378 int t = massage_type(qt, reverse, &multi); 379 int c = massage_class(qc); 380 381 /* perform the query */ 382 if(multi) { 383 if(!dnslook(ctx, realq, LDNS_RR_TYPE_A, c, 1)) { 384 /* domain exists, lookup more */ 385 (void)dnslook(ctx, realq, LDNS_RR_TYPE_AAAA, c, 0); 386 (void)dnslook(ctx, realq, LDNS_RR_TYPE_MX, c, 0); 387 } 388 } else { 389 (void)dnslook(ctx, realq, t, c, 1); 390 } 391 ub_ctx_delete(ctx); 392 free(realq); 393} 394 395/** print error if any */ 396static void 397check_ub_res(int r) 398{ 399 if(r != 0) { 400 fprintf(stderr, "error: %s\n", ub_strerror(r)); 401 exit(1); 402 } 403} 404 405/** getopt global, in case header files fail to declare it. */ 406extern int optind; 407/** getopt global, in case header files fail to declare it. */ 408extern char* optarg; 409 410/** Main routine for checkconf */ 411int main(int argc, char* argv[]) 412{ 413 int c; 414 char* qclass = NULL; 415 char* qtype = NULL; 416 struct ub_ctx* ctx = NULL; 417 int debuglevel = 0; 418 419 ctx = ub_ctx_create(); 420 if(!ctx) { 421 fprintf(stderr, "error: out of memory\n"); 422 exit(1); 423 } 424 425 /* parse the options */ 426 while( (c=getopt(argc, argv, "46F:c:df:hrt:vy:C:")) != -1) { 427 switch(c) { 428 case '4': 429 check_ub_res(ub_ctx_set_option(ctx, "do-ip6:", "no")); 430 break; 431 case '6': 432 check_ub_res(ub_ctx_set_option(ctx, "do-ip4:", "no")); 433 break; 434 case 'c': 435 qclass = optarg; 436 break; 437 case 'C': 438 check_ub_res(ub_ctx_config(ctx, optarg)); 439 break; 440 case 'd': 441 debuglevel++; 442 if(debuglevel < 2) 443 debuglevel = 2; /* at least VERB_DETAIL */ 444 break; 445 case 'r': 446 check_ub_res(ub_ctx_resolvconf(ctx, "/etc/resolv.conf")); 447 break; 448 case 't': 449 qtype = optarg; 450 break; 451 case 'v': 452 verb++; 453 break; 454 case 'y': 455 check_ub_res(ub_ctx_add_ta(ctx, optarg)); 456 break; 457 case 'f': 458 check_ub_res(ub_ctx_add_ta_file(ctx, optarg)); 459 break; 460 case 'F': 461 check_ub_res(ub_ctx_trustedkeys(ctx, optarg)); 462 break; 463 case '?': 464 case 'h': 465 default: 466 usage(); 467 } 468 } 469 if(debuglevel != 0) /* set after possible -C options */ 470 check_ub_res(ub_ctx_debuglevel(ctx, debuglevel)); 471 if(ub_ctx_get_option(ctx, "use-syslog", &optarg) == 0) { 472 if(strcmp(optarg, "yes") == 0) /* disable use-syslog */ 473 check_ub_res(ub_ctx_set_option(ctx, 474 "use-syslog:", "no")); 475 free(optarg); 476 } 477 argc -= optind; 478 argv += optind; 479 if(argc != 1) 480 usage(); 481 482#ifdef HAVE_NSS 483 if(NSS_NoDB_Init(".") != SECSuccess) { 484 fprintf(stderr, "could not init NSS\n"); 485 return 1; 486 } 487#endif 488 lookup(ctx, argv[0], qtype, qclass); 489 return 0; 490} 491