2015-12-31 08:39:56 +02:00
|
|
|
// Copyright (c) 2014-2016, The Monero Project
|
2015-12-15 19:28:52 +02:00
|
|
|
//
|
2014-09-17 21:55:28 +03:00
|
|
|
// All rights reserved.
|
2015-12-15 19:28:52 +02:00
|
|
|
//
|
2014-09-17 21:55:28 +03:00
|
|
|
// Redistribution and use in source and binary forms, with or without modification, are
|
|
|
|
// permitted provided that the following conditions are met:
|
2015-12-15 19:28:52 +02:00
|
|
|
//
|
2014-09-17 21:55:28 +03:00
|
|
|
// 1. Redistributions of source code must retain the above copyright notice, this list of
|
|
|
|
// conditions and the following disclaimer.
|
2015-12-15 19:28:52 +02:00
|
|
|
//
|
2014-09-17 21:55:28 +03:00
|
|
|
// 2. Redistributions in binary form must reproduce the above copyright notice, this list
|
|
|
|
// of conditions and the following disclaimer in the documentation and/or other
|
|
|
|
// materials provided with the distribution.
|
2015-12-15 19:28:52 +02:00
|
|
|
//
|
2014-09-17 21:55:28 +03:00
|
|
|
// 3. Neither the name of the copyright holder nor the names of its contributors may be
|
|
|
|
// used to endorse or promote products derived from this software without specific
|
|
|
|
// prior written permission.
|
2015-12-15 19:28:52 +02:00
|
|
|
//
|
2014-09-17 21:55:28 +03:00
|
|
|
// THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY
|
|
|
|
// EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
|
|
|
|
// MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL
|
|
|
|
// THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
|
|
|
|
// SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
|
|
|
|
// PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
|
|
// INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
|
|
|
// STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
|
|
|
|
// THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
|
|
|
|
|
|
#include "common/dns_utils.h"
|
2014-09-25 02:55:19 +03:00
|
|
|
#include <cstring>
|
2014-09-24 02:27:03 +03:00
|
|
|
#include <sstream>
|
2014-10-06 16:00:06 +03:00
|
|
|
// check local first (in the event of static or in-source compilation of libunbound)
|
|
|
|
#include "unbound.h"
|
2014-09-17 21:55:28 +03:00
|
|
|
|
2014-10-03 16:10:21 +03:00
|
|
|
#include <stdlib.h>
|
|
|
|
#include "include_base_utils.h"
|
2015-03-24 12:34:15 +02:00
|
|
|
#include <boost/filesystem/fstream.hpp>
|
2014-10-03 16:10:21 +03:00
|
|
|
using namespace epee;
|
2015-03-24 12:34:15 +02:00
|
|
|
namespace bf = boost::filesystem;
|
|
|
|
|
2015-08-27 23:08:03 +03:00
|
|
|
static std::mutex instance_lock;
|
|
|
|
|
2015-03-24 12:34:15 +02:00
|
|
|
namespace
|
|
|
|
{
|
|
|
|
|
|
|
|
/*
|
|
|
|
* The following two functions were taken from unbound-anchor.c, from
|
|
|
|
* the unbound library packaged with this source. The license and source
|
|
|
|
* can be found in $PROJECT_ROOT/external/unbound
|
|
|
|
*/
|
|
|
|
|
|
|
|
/* Cert builtin commented out until it's used, as the compiler complains
|
|
|
|
|
|
|
|
// return the built in root update certificate
|
|
|
|
static const char*
|
|
|
|
get_builtin_cert(void)
|
|
|
|
{
|
|
|
|
return
|
|
|
|
// The ICANN CA fetched at 24 Sep 2010. Valid to 2028
|
|
|
|
"-----BEGIN CERTIFICATE-----\n"
|
|
|
|
"MIIDdzCCAl+gAwIBAgIBATANBgkqhkiG9w0BAQsFADBdMQ4wDAYDVQQKEwVJQ0FO\n"
|
|
|
|
"TjEmMCQGA1UECxMdSUNBTk4gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkxFjAUBgNV\n"
|
|
|
|
"BAMTDUlDQU5OIFJvb3QgQ0ExCzAJBgNVBAYTAlVTMB4XDTA5MTIyMzA0MTkxMloX\n"
|
|
|
|
"DTI5MTIxODA0MTkxMlowXTEOMAwGA1UEChMFSUNBTk4xJjAkBgNVBAsTHUlDQU5O\n"
|
|
|
|
"IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRYwFAYDVQQDEw1JQ0FOTiBSb290IENB\n"
|
|
|
|
"MQswCQYDVQQGEwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKDb\n"
|
|
|
|
"cLhPNNqc1NB+u+oVvOnJESofYS9qub0/PXagmgr37pNublVThIzyLPGCJ8gPms9S\n"
|
|
|
|
"G1TaKNIsMI7d+5IgMy3WyPEOECGIcfqEIktdR1YWfJufXcMReZwU4v/AdKzdOdfg\n"
|
|
|
|
"ONiwc6r70duEr1IiqPbVm5T05l1e6D+HkAvHGnf1LtOPGs4CHQdpIUcy2kauAEy2\n"
|
|
|
|
"paKcOcHASvbTHK7TbbvHGPB+7faAztABLoneErruEcumetcNfPMIjXKdv1V1E3C7\n"
|
|
|
|
"MSJKy+jAqqQJqjZoQGB0necZgUMiUv7JK1IPQRM2CXJllcyJrm9WFxY0c1KjBO29\n"
|
|
|
|
"iIKK69fcglKcBuFShUECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B\n"
|
|
|
|
"Af8EBAMCAf4wHQYDVR0OBBYEFLpS6UmDJIZSL8eZzfyNa2kITcBQMA0GCSqGSIb3\n"
|
|
|
|
"DQEBCwUAA4IBAQAP8emCogqHny2UYFqywEuhLys7R9UKmYY4suzGO4nkbgfPFMfH\n"
|
|
|
|
"6M+Zj6owwxlwueZt1j/IaCayoKU3QsrYYoDRolpILh+FPwx7wseUEV8ZKpWsoDoD\n"
|
|
|
|
"2JFbLg2cfB8u/OlE4RYmcxxFSmXBg0yQ8/IoQt/bxOcEEhhiQ168H2yE5rxJMt9h\n"
|
|
|
|
"15nu5JBSewrCkYqYYmaxyOC3WrVGfHZxVI7MpIFcGdvSb2a1uyuua8l0BKgk3ujF\n"
|
|
|
|
"0/wsHNeP22qNyVO+XVBzrM8fk8BSUFuiT/6tZTYXRtEt5aKQZgXbKU5dUF3jT9qg\n"
|
|
|
|
"j/Br5BZw3X/zd325TvnswzMC1+ljLzHnQGGk\n"
|
|
|
|
"-----END CERTIFICATE-----\n"
|
|
|
|
;
|
|
|
|
}
|
|
|
|
*/
|
|
|
|
|
|
|
|
/** return the built in root DS trust anchor */
|
|
|
|
static const char*
|
|
|
|
get_builtin_ds(void)
|
|
|
|
{
|
2015-12-15 19:28:52 +02:00
|
|
|
return
|
2015-03-24 12:34:15 +02:00
|
|
|
". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5\n";
|
|
|
|
}
|
|
|
|
|
|
|
|
/************************************************************
|
|
|
|
************************************************************
|
|
|
|
***********************************************************/
|
|
|
|
|
|
|
|
} // anonymous namespace
|
2014-10-03 16:10:21 +03:00
|
|
|
|
2014-09-17 21:55:28 +03:00
|
|
|
namespace tools
|
|
|
|
{
|
2014-09-17 22:35:52 +03:00
|
|
|
|
2014-09-24 02:27:03 +03:00
|
|
|
// fuck it, I'm tired of dealing with getnameinfo()/inet_ntop/etc
|
2015-08-29 14:53:01 +03:00
|
|
|
std::string ipv4_to_string(const char* src, size_t len)
|
2014-09-24 02:27:03 +03:00
|
|
|
{
|
2015-09-27 19:30:40 +03:00
|
|
|
assert(len >= 4);
|
2015-08-29 14:53:01 +03:00
|
|
|
|
2014-09-24 02:27:03 +03:00
|
|
|
std::stringstream ss;
|
|
|
|
unsigned int bytes[4];
|
|
|
|
for (int i = 0; i < 4; i++)
|
|
|
|
{
|
|
|
|
unsigned char a = src[i];
|
|
|
|
bytes[i] = a;
|
|
|
|
}
|
|
|
|
ss << bytes[0] << "."
|
|
|
|
<< bytes[1] << "."
|
|
|
|
<< bytes[2] << "."
|
|
|
|
<< bytes[3];
|
|
|
|
return ss.str();
|
|
|
|
}
|
|
|
|
|
|
|
|
// this obviously will need to change, but is here to reflect the above
|
|
|
|
// stop-gap measure and to make the tests pass at least...
|
2015-08-29 14:53:01 +03:00
|
|
|
std::string ipv6_to_string(const char* src, size_t len)
|
2014-09-24 02:27:03 +03:00
|
|
|
{
|
2015-09-27 19:30:40 +03:00
|
|
|
assert(len >= 8);
|
2015-08-29 14:53:01 +03:00
|
|
|
|
2014-09-24 02:27:03 +03:00
|
|
|
std::stringstream ss;
|
|
|
|
unsigned int bytes[8];
|
|
|
|
for (int i = 0; i < 8; i++)
|
|
|
|
{
|
|
|
|
unsigned char a = src[i];
|
|
|
|
bytes[i] = a;
|
|
|
|
}
|
|
|
|
ss << bytes[0] << ":"
|
|
|
|
<< bytes[1] << ":"
|
|
|
|
<< bytes[2] << ":"
|
|
|
|
<< bytes[3] << ":"
|
|
|
|
<< bytes[4] << ":"
|
|
|
|
<< bytes[5] << ":"
|
|
|
|
<< bytes[6] << ":"
|
|
|
|
<< bytes[7];
|
|
|
|
return ss.str();
|
|
|
|
}
|
|
|
|
|
2015-08-29 14:53:01 +03:00
|
|
|
std::string txt_to_string(const char* src, size_t len)
|
|
|
|
{
|
|
|
|
return std::string(src+1, len-1);
|
|
|
|
}
|
|
|
|
|
2014-09-18 00:26:51 +03:00
|
|
|
// custom smart pointer.
|
|
|
|
// TODO: see if std::auto_ptr and the like support custom destructors
|
2015-06-07 18:57:01 +03:00
|
|
|
template<typename type, void (*freefunc)(type*)>
|
|
|
|
class scoped_ptr
|
2014-09-18 00:26:51 +03:00
|
|
|
{
|
|
|
|
public:
|
2015-06-07 18:57:01 +03:00
|
|
|
scoped_ptr():
|
|
|
|
ptr(nullptr)
|
2014-09-18 00:26:51 +03:00
|
|
|
{
|
|
|
|
}
|
2015-06-07 18:57:01 +03:00
|
|
|
scoped_ptr(type *p):
|
|
|
|
ptr(p)
|
2014-09-18 00:26:51 +03:00
|
|
|
{
|
|
|
|
}
|
2015-06-07 18:57:01 +03:00
|
|
|
~scoped_ptr()
|
|
|
|
{
|
|
|
|
freefunc(ptr);
|
|
|
|
}
|
|
|
|
operator type *() { return ptr; }
|
|
|
|
type **operator &() { return &ptr; }
|
|
|
|
type *operator->() { return ptr; }
|
|
|
|
operator const type*() const { return &ptr; }
|
|
|
|
|
|
|
|
private:
|
|
|
|
type* ptr;
|
2014-09-18 00:26:51 +03:00
|
|
|
};
|
|
|
|
|
2015-06-07 18:57:01 +03:00
|
|
|
typedef class scoped_ptr<ub_result,ub_resolve_free> ub_result_ptr;
|
|
|
|
|
2014-09-17 22:35:52 +03:00
|
|
|
struct DNSResolverData
|
|
|
|
{
|
|
|
|
ub_ctx* m_ub_context;
|
|
|
|
};
|
|
|
|
|
|
|
|
DNSResolver::DNSResolver() : m_data(new DNSResolverData())
|
2014-09-17 21:55:28 +03:00
|
|
|
{
|
2015-12-15 19:23:17 +02:00
|
|
|
int use_dns_public = 0;
|
|
|
|
const char* dns_public_addr = "8.8.4.4";
|
|
|
|
if (auto res = getenv("DNS_PUBLIC"))
|
|
|
|
{
|
|
|
|
std::string dns_public(res);
|
|
|
|
// TODO: could allow parsing of IP and protocol: e.g. DNS_PUBLIC=tcp:8.8.8.8
|
|
|
|
if (dns_public == "tcp")
|
|
|
|
{
|
|
|
|
LOG_PRINT_L0("Using public DNS server: " << dns_public_addr << " (TCP)");
|
|
|
|
use_dns_public = 1;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2014-09-17 22:35:52 +03:00
|
|
|
// init libunbound context
|
|
|
|
m_data->m_ub_context = ub_ctx_create();
|
2014-09-17 21:55:28 +03:00
|
|
|
|
2015-12-15 19:23:17 +02:00
|
|
|
if (use_dns_public)
|
|
|
|
{
|
|
|
|
ub_ctx_set_fwd(m_data->m_ub_context, dns_public_addr);
|
|
|
|
ub_ctx_set_option(m_data->m_ub_context, "do-udp:", "no");
|
|
|
|
ub_ctx_set_option(m_data->m_ub_context, "do-tcp:", "yes");
|
|
|
|
}
|
|
|
|
else {
|
|
|
|
// look for "/etc/resolv.conf" and "/etc/hosts" or platform equivalent
|
|
|
|
ub_ctx_resolvconf(m_data->m_ub_context, NULL);
|
|
|
|
ub_ctx_hosts(m_data->m_ub_context, NULL);
|
|
|
|
}
|
2015-03-24 12:34:15 +02:00
|
|
|
|
2015-12-15 19:28:52 +02:00
|
|
|
#ifdef DEVELOPER_LIBUNBOUND_OLD
|
|
|
|
#pragma message "Using the work around for old libunbound"
|
|
|
|
{ // work around for bug https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=515 needed for it to compile on e.g. Debian 7
|
|
|
|
char * ds_copy = NULL; // this will be the writable copy of string that bugged version of libunbound requires
|
|
|
|
try {
|
|
|
|
char * ds_copy = strdup( ::get_builtin_ds() );
|
|
|
|
ub_ctx_add_ta(m_data->m_ub_context, ds_copy);
|
|
|
|
} catch(...) { // probably not needed but to work correctly in every case...
|
|
|
|
if (ds_copy) { free(ds_copy); ds_copy=NULL; } // for the strdup
|
|
|
|
throw ;
|
|
|
|
}
|
|
|
|
if (ds_copy) { free(ds_copy); ds_copy=NULL; } // for the strdup
|
|
|
|
}
|
|
|
|
#else
|
|
|
|
// normal version for fixed libunbound
|
|
|
|
ub_ctx_add_ta(m_data->m_ub_context, ::get_builtin_ds() );
|
|
|
|
#endif
|
2015-04-01 20:00:45 +03:00
|
|
|
|
2014-09-17 22:35:52 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
DNSResolver::~DNSResolver()
|
|
|
|
{
|
|
|
|
if (m_data)
|
2014-09-17 21:55:28 +03:00
|
|
|
{
|
2014-09-17 22:35:52 +03:00
|
|
|
if (m_data->m_ub_context != NULL)
|
|
|
|
{
|
|
|
|
ub_ctx_delete(m_data->m_ub_context);
|
|
|
|
}
|
|
|
|
delete m_data;
|
2014-09-17 21:55:28 +03:00
|
|
|
}
|
2014-09-17 22:35:52 +03:00
|
|
|
}
|
2014-09-17 21:55:28 +03:00
|
|
|
|
2015-08-29 14:53:01 +03:00
|
|
|
std::vector<std::string> DNSResolver::get_record(const std::string& url, int record_type, std::string (*reader)(const char *,size_t), bool& dnssec_available, bool& dnssec_valid)
|
2014-09-17 22:35:52 +03:00
|
|
|
{
|
2014-09-18 16:07:46 +03:00
|
|
|
std::vector<std::string> addresses;
|
2014-09-25 07:14:22 +03:00
|
|
|
dnssec_available = false;
|
|
|
|
dnssec_valid = false;
|
2014-09-18 16:07:46 +03:00
|
|
|
|
2015-08-29 14:55:43 +03:00
|
|
|
if (!check_address_syntax(url.c_str()))
|
2014-09-18 16:07:46 +03:00
|
|
|
{
|
|
|
|
return addresses;
|
|
|
|
}
|
|
|
|
|
2014-09-18 00:26:51 +03:00
|
|
|
// destructor takes care of cleanup
|
|
|
|
ub_result_ptr result;
|
|
|
|
|
2014-09-17 22:35:52 +03:00
|
|
|
// call DNS resolver, blocking. if return value not zero, something went wrong
|
2015-08-29 14:55:43 +03:00
|
|
|
if (!ub_resolve(m_data->m_ub_context, url.c_str(), record_type, DNS_CLASS_IN, &result))
|
2014-09-17 21:55:28 +03:00
|
|
|
{
|
2015-06-07 18:57:01 +03:00
|
|
|
dnssec_available = (result->secure || (!result->secure && result->bogus));
|
2015-06-20 23:02:13 +03:00
|
|
|
dnssec_valid = result->secure && !result->bogus;
|
2015-06-07 18:57:01 +03:00
|
|
|
if (result->havedata)
|
2014-09-17 22:35:52 +03:00
|
|
|
{
|
2015-06-07 18:57:01 +03:00
|
|
|
for (size_t i=0; result->data[i] != NULL; i++)
|
2014-09-17 22:35:52 +03:00
|
|
|
{
|
2015-08-29 14:53:01 +03:00
|
|
|
addresses.push_back((*reader)(result->data[i], result->len[i]));
|
2014-09-17 22:35:52 +03:00
|
|
|
}
|
|
|
|
}
|
2014-09-17 21:55:28 +03:00
|
|
|
}
|
|
|
|
|
2014-09-18 16:07:46 +03:00
|
|
|
return addresses;
|
2014-09-17 22:35:52 +03:00
|
|
|
}
|
|
|
|
|
2015-08-29 14:53:01 +03:00
|
|
|
std::vector<std::string> DNSResolver::get_ipv4(const std::string& url, bool& dnssec_available, bool& dnssec_valid)
|
2014-09-17 22:35:52 +03:00
|
|
|
{
|
2015-08-29 14:53:01 +03:00
|
|
|
return get_record(url, DNS_TYPE_A, ipv4_to_string, dnssec_available, dnssec_valid);
|
|
|
|
}
|
2014-09-17 22:35:52 +03:00
|
|
|
|
2015-08-29 14:53:01 +03:00
|
|
|
std::vector<std::string> DNSResolver::get_ipv6(const std::string& url, bool& dnssec_available, bool& dnssec_valid)
|
|
|
|
{
|
|
|
|
return get_record(url, DNS_TYPE_AAAA, ipv6_to_string, dnssec_available, dnssec_valid);
|
2014-09-17 22:35:52 +03:00
|
|
|
}
|
|
|
|
|
2014-09-25 07:14:22 +03:00
|
|
|
std::vector<std::string> DNSResolver::get_txt_record(const std::string& url, bool& dnssec_available, bool& dnssec_valid)
|
2014-09-17 22:35:52 +03:00
|
|
|
{
|
2015-08-29 14:53:01 +03:00
|
|
|
return get_record(url, DNS_TYPE_TXT, txt_to_string, dnssec_available, dnssec_valid);
|
2014-09-17 22:35:52 +03:00
|
|
|
}
|
|
|
|
|
2015-05-19 12:33:30 +03:00
|
|
|
std::string DNSResolver::get_dns_format_from_oa_address(const std::string& oa_addr)
|
|
|
|
{
|
|
|
|
std::string addr(oa_addr);
|
|
|
|
auto first_at = addr.find("@");
|
|
|
|
if (first_at == std::string::npos)
|
|
|
|
return addr;
|
|
|
|
|
|
|
|
// convert name@domain.tld to name.domain.tld
|
|
|
|
addr.replace(first_at, 1, ".");
|
|
|
|
|
|
|
|
return addr;
|
|
|
|
}
|
|
|
|
|
2014-09-17 22:35:52 +03:00
|
|
|
DNSResolver& DNSResolver::instance()
|
|
|
|
{
|
2015-08-27 23:08:03 +03:00
|
|
|
std::lock_guard<std::mutex> lock(instance_lock);
|
|
|
|
|
2014-09-17 22:35:52 +03:00
|
|
|
static DNSResolver* staticInstance = NULL;
|
|
|
|
if (staticInstance == NULL)
|
2014-09-17 21:55:28 +03:00
|
|
|
{
|
2014-09-17 22:35:52 +03:00
|
|
|
staticInstance = new DNSResolver();
|
2014-09-17 21:55:28 +03:00
|
|
|
}
|
2014-09-17 22:35:52 +03:00
|
|
|
return *staticInstance;
|
|
|
|
}
|
2014-09-17 21:55:28 +03:00
|
|
|
|
2015-08-27 23:06:09 +03:00
|
|
|
DNSResolver DNSResolver::create()
|
|
|
|
{
|
|
|
|
return DNSResolver();
|
|
|
|
}
|
|
|
|
|
2015-08-27 23:08:40 +03:00
|
|
|
bool DNSResolver::check_address_syntax(const char *addr) const
|
2014-09-18 16:07:46 +03:00
|
|
|
{
|
|
|
|
// if string doesn't contain a dot, we won't consider it a url for now.
|
2015-06-07 18:57:01 +03:00
|
|
|
if (strchr(addr,'.') == NULL)
|
2014-09-18 16:07:46 +03:00
|
|
|
{
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2014-09-17 21:55:28 +03:00
|
|
|
} // namespace tools
|