1 /*
2  * Copyright (c) 1996 by Internet Software Consortium.
3  *
4  * Permission to use, copy, modify, and distribute this software for any
5  * purpose with or without fee is hereby granted, provided that the above
6  * copyright notice and this permission notice appear in all copies.
7  *
8  * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
9  * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
10  * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
11  * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
12  * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
13  * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
14  * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
15  * SOFTWARE.
16  */
17 
18 /*
19  * Based on the Dynamic DNS reference implementation by Viraj Bais
20  * <viraj_bais@ccm.fm.intel.com>
21  */
22 
23 #include <sys/cdefs.h>
24 #include <sys/types.h>
25 #include <machine/endian.h>
26 
27 #include <sys/types.h>
28 #include <sys/param.h>
29 
30 #include <netinet/in.h>
31 #include <arpa/nameser.h>
32 #include <arpa/inet.h>
33 
34 #include <limits.h>
35 #include <netdb.h>
36 #include <resolv.h>
37 #include <stdio.h>
38 #include <stdlib.h>
39 #include <string.h>
40 #include <unistd.h>
41 #include <ctype.h>
42 
43 #include "res_config.h"
44 
45 static int getnum_str(u_char **, u_char *);
46 static int getword_str(char *, int, u_char **, u_char *);
47 
48 #define ShrinkBuffer(x)  if ((buflen -= x) < 0) return (-2);
49 
50 /*
51  * Form update packets.
52  * Returns the size of the resulting packet if no error
53  * On error,
54  *	returns -1 if error in reading a word/number in rdata
55  *		   portion for update packets
56  *		-2 if length of buffer passed is insufficient
57  *		-3 if zone section is not the first section in
58  *		   the linked list, or section order has a problem
59  *		-4 on a number overflow
60  *		-5 unknown operation or no records
61  */
62 int
res_mkupdate(ns_updrec * rrecp_in,u_char * buf,int buflen)63 res_mkupdate(ns_updrec *rrecp_in, u_char *buf, int buflen) {
64 	ns_updrec *rrecp_start = rrecp_in;
65 	HEADER *hp;
66 	u_char *cp, *sp1, *sp2, *startp, *endp;
67 	int n, i, soanum, multiline;
68 	ns_updrec *rrecp;
69 	struct in_addr ina;
70         char buf2[MAXDNAME];
71 	int section, numrrs = 0, counts[ns_s_max];
72 	u_int16_t rtype, rclass;
73 	u_int32_t n1, rttl;
74 	u_char *dnptrs[20], **dpp, **lastdnptr;
75 
76 	if ((_res.options & RES_INIT) == 0 && res_init() == -1) {
77 		h_errno = NETDB_INTERNAL;
78 		return (-1);
79 	}
80 
81 	/*
82 	 * Initialize header fields.
83 	 */
84 	if ((buf == NULL) || (buflen < HFIXEDSZ))
85 		return (-1);
86 	memset(buf, 0, HFIXEDSZ);
87 	hp = (HEADER *) buf;
88 	hp->id = htons(++_res.id);
89 	hp->opcode = ns_o_update;
90 	hp->rcode = NOERROR;
91 	sp1 = buf + 2*INT16SZ;  /* save pointer to zocount */
92 	cp = buf + HFIXEDSZ;
93 	buflen -= HFIXEDSZ;
94 	dpp = dnptrs;
95 	*dpp++ = buf;
96 	*dpp++ = NULL;
97 	lastdnptr = dnptrs + sizeof dnptrs / sizeof dnptrs[0];
98 
99 	if (rrecp_start == NULL)
100 		return (-5);
101 	else if (rrecp_start->r_section != S_ZONE)
102 		return (-3);
103 
104 	memset(counts, 0, sizeof counts);
105 	for (rrecp = rrecp_start; rrecp; rrecp = rrecp->r_grpnext) {
106 		numrrs++;
107                 section = rrecp->r_section;
108 		if (section < 0 || section >= ns_s_max)
109 			return (-1);
110 		counts[section]++;
111 		for (i = section + 1; i < ns_s_max; i++)
112 			if (counts[i])
113 				return (-3);
114 		rtype = rrecp->r_type;
115 		rclass = rrecp->r_class;
116 		rttl = rrecp->r_ttl;
117 		/* overload class and type */
118 		if (section == S_PREREQ) {
119 			rttl = 0;
120 			switch (rrecp->r_opcode) {
121 			case YXDOMAIN:
122 				rclass = C_ANY;
123 				rtype = T_ANY;
124 				rrecp->r_size = 0;
125 				break;
126 			case NXDOMAIN:
127 				rclass = C_NONE;
128 				rtype = T_ANY;
129 				rrecp->r_size = 0;
130 				break;
131 			case NXRRSET:
132 				rclass = C_NONE;
133 				rrecp->r_size = 0;
134 				break;
135 			case YXRRSET:
136 				if (rrecp->r_size == 0)
137 					rclass = C_ANY;
138 				break;
139 			default:
140 				fprintf(stderr,
141 					"res_mkupdate: incorrect opcode: %d\n",
142 					rrecp->r_opcode);
143 				fflush(stderr);
144 				return (-1);
145 			}
146 		} else if (section == S_UPDATE) {
147 			switch (rrecp->r_opcode) {
148 			case DELETE:
149 				rclass = rrecp->r_size == 0 ? C_ANY : C_NONE;
150 				break;
151 			case ADD:
152 				break;
153 			default:
154 				fprintf(stderr,
155 					"res_mkupdate: incorrect opcode: %d\n",
156 					rrecp->r_opcode);
157 				fflush(stderr);
158 				return (-1);
159 			}
160 		}
161 
162 		/*
163 		 * XXX	appending default domain to owner name is omitted,
164 		 *	fqdn must be provided
165 		 */
166 		if ((n = dn_comp(rrecp->r_dname, cp, buflen, dnptrs,
167 				 lastdnptr)) < 0)
168 			return (-1);
169 		cp += n;
170 		ShrinkBuffer(n + 2*INT16SZ);
171 		PUTSHORT(rtype, cp);
172 		PUTSHORT(rclass, cp);
173 		if (section == S_ZONE) {
174 			if (numrrs != 1 || rrecp->r_type != T_SOA)
175 				return (-3);
176 			continue;
177 		}
178 		ShrinkBuffer(INT32SZ + INT16SZ);
179 		PUTLONG(rttl, cp);
180 		sp2 = cp;  /* save pointer to length byte */
181 		cp += INT16SZ;
182 		if (rrecp->r_size == 0) {
183 			if (section == S_UPDATE && rclass != C_ANY)
184 				return (-1);
185 			else {
186 				PUTSHORT(0, sp2);
187 				continue;
188 			}
189 		}
190 		startp = rrecp->r_data;
191 		endp = startp + rrecp->r_size - 1;
192 		/* XXX this should be done centrally. */
193 		switch (rrecp->r_type) {
194 		case T_A:
195 			if (!getword_str(buf2, sizeof buf2, &startp, endp))
196 				return (-1);
197 			if (!inet_aton(buf2, &ina))
198 				return (-1);
199 			n1 = ntohl(ina.s_addr);
200 			ShrinkBuffer(INT32SZ);
201 			PUTLONG(n1, cp);
202 			break;
203 		case T_CNAME:
204 		case T_MB:
205 		case T_MG:
206 		case T_MR:
207 		case T_NS:
208 		case T_PTR:
209 			if (!getword_str(buf2, sizeof buf2, &startp, endp))
210 				return (-1);
211 			n = dn_comp(buf2, cp, buflen, dnptrs, lastdnptr);
212 			if (n < 0)
213 				return (-1);
214 			cp += n;
215 			ShrinkBuffer(n);
216 			break;
217 		case T_MINFO:
218 		case T_SOA:
219 		case T_RP:
220 			for (i = 0; i < 2; i++) {
221 				if (!getword_str(buf2, sizeof buf2, &startp,
222 						 endp))
223 				return (-1);
224 				n = dn_comp(buf2, cp, buflen,
225 					    dnptrs, lastdnptr);
226 				if (n < 0)
227 					return (-1);
228 				cp += n;
229 				ShrinkBuffer(n);
230 			}
231 			if (rrecp->r_type == T_SOA) {
232 				ShrinkBuffer(5 * INT32SZ);
233 				while (isspace(*startp) || !*startp)
234 					startp++;
235 				if (*startp == '(') {
236 					multiline = 1;
237 					startp++;
238 				} else
239 					multiline = 0;
240 				/* serial, refresh, retry, expire, minimum */
241 				for (i = 0; i < 5; i++) {
242 					soanum = getnum_str(&startp, endp);
243 					if (soanum < 0)
244 						return (-1);
245 					PUTLONG(soanum, cp);
246 				}
247 				if (multiline) {
248 					while (isspace(*startp) || !*startp)
249 						startp++;
250 					if (*startp != ')')
251 						return (-1);
252 				}
253 			}
254 			break;
255 		case T_MX:
256 		case T_AFSDB:
257 		case T_RT:
258 			n = getnum_str(&startp, endp);
259 			if (n < 0)
260 				return (-1);
261 			PUTSHORT(n, cp);
262 			ShrinkBuffer(INT16SZ);
263 			if (!getword_str(buf2, sizeof buf2, &startp, endp))
264 				return (-1);
265 			n = dn_comp(buf2, cp, buflen, dnptrs, lastdnptr);
266 			if (n < 0)
267 				return (-1);
268 			cp += n;
269 			ShrinkBuffer(n);
270 			break;
271 		case T_PX:
272 			n = getnum_str(&startp, endp);
273 			if (n < 0)
274 				return (-1);
275 			PUTSHORT(n, cp);
276 			ShrinkBuffer(INT16SZ);
277 			for (i = 0; i < 2; i++) {
278 				if (!getword_str(buf2, sizeof buf2, &startp,
279 						 endp))
280 					return (-1);
281 				n = dn_comp(buf2, cp, buflen, dnptrs,
282 					    lastdnptr);
283 				if (n < 0)
284 					return (-1);
285 				cp += n;
286 				ShrinkBuffer(n);
287 			}
288 			break;
289 		case T_WKS:
290 		case T_HINFO:
291 		case T_TXT:
292 		case T_X25:
293 		case T_ISDN:
294 		case T_NSAP:
295 		case T_LOC:
296 			/* XXX - more fine tuning needed here */
297 			ShrinkBuffer(rrecp->r_size);
298 			memcpy(cp, rrecp->r_data, rrecp->r_size);
299 			cp += rrecp->r_size;
300 			break;
301 		default:
302 			return (-1);
303 		} /*switch*/
304 		n = (u_int16_t)((cp - sp2) - INT16SZ);
305 		PUTSHORT(n, sp2);
306 	} /*for*/
307 
308 	hp->qdcount = htons(counts[0]);
309 	hp->ancount = htons(counts[1]);
310 	hp->nscount = htons(counts[2]);
311 	hp->arcount = htons(counts[3]);
312 	return (cp - buf);
313 }
314 
315 /*
316  * Get a whitespace delimited word from a string (not file)
317  * into buf. modify the start pointer to point after the
318  * word in the string.
319  */
320 static int
getword_str(char * buf,int size,u_char ** startpp,u_char * endp)321 getword_str(char *buf, int size, u_char **startpp, u_char *endp) {
322         char *cp;
323         int c;
324 
325         for (cp = buf; *startpp <= endp; ) {
326                 c = **startpp;
327                 if (isspace(c) || c == '\0') {
328                         if (cp != buf) /* trailing whitespace */
329                                 break;
330                         else { /* leading whitespace */
331                                 (*startpp)++;
332                                 continue;
333                         }
334                 }
335                 (*startpp)++;
336                 if (cp >= buf+size-1)
337                         break;
338                 *cp++ = (u_char)c;
339         }
340         *cp = '\0';
341         return (cp != buf);
342 }
343 
344 /*
345  * Get a whitespace delimited number from a string (not file) into buf
346  * update the start pointer to point after the number in the string.
347  */
348 static int
getnum_str(u_char ** startpp,u_char * endp)349 getnum_str(u_char **startpp, u_char *endp) {
350         int c, n;
351         int seendigit = 0;
352         int m = 0;
353 
354         for (n = 0; *startpp <= endp; ) {
355                 c = **startpp;
356                 if (isspace(c) || c == '\0') {
357                         if (seendigit) /* trailing whitespace */
358                                 break;
359                         else { /* leading whitespace */
360                                 (*startpp)++;
361                                 continue;
362                         }
363                 }
364                 if (c == ';') {
365                         while ((*startpp <= endp) &&
366 			       ((c = **startpp) != '\n'))
367 					(*startpp)++;
368                         if (seendigit)
369                                 break;
370                         continue;
371                 }
372                 if (!isdigit(c)) {
373                         if (c == ')' && seendigit) {
374                                 (*startpp)--;
375                                 break;
376                         }
377 			return (-1);
378                 }
379                 (*startpp)++;
380                 n = n * 10 + (c - '0');
381                 seendigit = 1;
382         }
383         return (n + m);
384 }
385 
386 /*
387  * Allocate a resource record buffer & save rr info.
388  */
389 ns_updrec *
res_mkupdrec(int section,const char * dname,u_int class,u_int type,u_long ttl)390 res_mkupdrec(int section, const char *dname,
391 	     u_int class, u_int type, u_long ttl) {
392 	ns_updrec *rrecp = (ns_updrec *)calloc(1, sizeof(ns_updrec));
393 
394 	if (!rrecp || !(rrecp->r_dname = strdup(dname)))
395 		return (NULL);
396  	rrecp->r_class = class;
397 	rrecp->r_type = type;
398 	rrecp->r_ttl = ttl;
399 	rrecp->r_section = section;
400 	return (rrecp);
401 }
402 
403 /*
404  * Free a resource record buffer created by res_mkupdrec.
405  */
406 void
res_freeupdrec(ns_updrec * rrecp)407 res_freeupdrec(ns_updrec *rrecp) {
408 	/* Note: freeing r_dp is the caller's responsibility. */
409 	if (rrecp->r_dname != NULL)
410 		free(rrecp->r_dname);
411 	free(rrecp);
412 }
413