From 91e023d896dd5ca49dd440276f2241570acffd96 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Thu, 28 Jan 2016 18:24:27 -0500 Subject: Move initialize_libgcrypt to separate file It's annoying to have the exact same function in three places. It's stored in src/shared, but it's not added to the library to avoid the dependency on libgcrypt. --- Makefile.am | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index db95b109ce..d2cf9360ed 100644 --- a/Makefile.am +++ b/Makefile.am @@ -4274,7 +4274,9 @@ libsystemd_journal_internal_la_SOURCES += \ src/journal/journal-authenticate.c \ src/journal/journal-authenticate.h \ src/journal/fsprg.c \ - src/journal/fsprg.h + src/journal/fsprg.h \ + src/shared/gcrypt-util.c \ + src/shared/gcrypt-util.h libsystemd_journal_internal_la_LIBADD += \ $(GCRYPT_LIBS) @@ -5216,7 +5218,9 @@ systemd_resolved_SOURCES = \ src/resolve/resolved-etc-hosts.h \ src/resolve/resolved-etc-hosts.c \ src/resolve/dns-type.c \ - src/resolve/dns-type.h + src/resolve/dns-type.h \ + src/shared/gcrypt-util.c \ + src/shared/gcrypt-util.h nodist_systemd_resolved_SOURCES = \ src/resolve/dns_type-from-name.h \ -- cgit v1.2.3-54-g00ecf From 4ac2ca1bdb8ff0e862927c3e1162c3686449c50a Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Thu, 28 Jan 2016 18:24:27 -0500 Subject: systemd-resolve: allow easy querying of openpgp keys $ systemd-resolve --openpgp zbyszek@fedoraproject.org d08ee310438ca124a6149ea5cc21b6313b390dce485576eff96f8722._openpgpkey.fedoraproject.org. IN OPENPGPKEY mQINBFBHPMsBEACeInGYJCb+7TurKfb6wGyTottCDtiSJB310i37/6ZYoeIay/5soJjlM yfMFQ9T2XNT/0LM6gTa0MpC1st9LnzYTMsT6tzRly1D1UbVI6xw0g0vE5y2Cjk3xUwAyn ... --- Makefile.am | 4 ++- man/systemd-resolve.xml | 19 +++++++++++++ src/resolve/resolve-tool.c | 69 ++++++++++++++++++++++++++++++++++++++++------ src/shared/gcrypt-util.c | 29 +++++++++++++++++++ src/shared/gcrypt-util.h | 1 + 5 files changed, 113 insertions(+), 9 deletions(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index d2cf9360ed..e63015476c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5291,7 +5291,9 @@ systemd_resolve_SOURCES = \ src/resolve/resolved-dns-question.c \ src/resolve/resolved-dns-question.h \ src/resolve/dns-type.c \ - src/resolve/dns-type.h + src/resolve/dns-type.h \ + src/shared/gcrypt-util.c \ + src/shared/gcrypt-util.h nodist_systemd_resolve_SOURCES = \ src/resolve/dns_type-from-name.h \ diff --git a/man/systemd-resolve.xml b/man/systemd-resolve.xml index f1e663c5bb..0defa2d7fb 100644 --- a/man/systemd-resolve.xml +++ b/man/systemd-resolve.xml @@ -76,6 +76,13 @@ TYPE DOMAIN + + systemd-resolve + OPTIONS + --openpgp + USER@DOMAIN + + systemd-resolve OPTIONS @@ -114,6 +121,10 @@ is assumed to be a domain name, that is already prefixed with an SRV type, and an SRV lookup is done (no TXT). + The switch may be use to query PGP keys stored as the + OPENPGPKEY resource records. + When this option is specified one or more e-mail address must be specified. + The switch may be used to show resolver statistics, including information about the number of succesful and failed DNSSEC validations. @@ -197,6 +208,14 @@ the TXT service metadata record is resolved as well. + + + + Enables OPENPGPKEY resource record resolution (see above). Specified e-mail + addresses are converted to the corresponding DNS domain name, and any OPENPGPKEY keys are + printed. + + BOOL diff --git a/src/resolve/resolve-tool.c b/src/resolve/resolve-tool.c index 9bee953839..6d1bc6d0f9 100644 --- a/src/resolve/resolve-tool.c +++ b/src/resolve/resolve-tool.c @@ -19,6 +19,7 @@ along with systemd; If not, see . ***/ +#include #include #include @@ -30,6 +31,7 @@ #include "bus-util.h" #include "escape.h" #include "in-addr-util.h" +#include "gcrypt-util.h" #include "parse-util.h" #include "resolved-def.h" #include "resolved-dns-packet.h" @@ -48,6 +50,7 @@ static enum { MODE_RESOLVE_HOST, MODE_RESOLVE_RECORD, MODE_RESOLVE_SERVICE, + MODE_RESOLVE_OPENPGP, MODE_STATISTICS, MODE_RESET_STATISTICS, } arg_mode = MODE_RESOLVE_HOST; @@ -547,15 +550,10 @@ static int resolve_rfc4501(sd_bus *bus, const char *name) { } else n = p; - if (type == 0) - type = arg_type; - if (type == 0) - type = DNS_TYPE_A; - if (class == 0) - class = arg_class; - if (class == 0) - class = DNS_CLASS_IN; + class = arg_class ?: DNS_CLASS_IN; + if (type == 0) + type = arg_type ?: DNS_TYPE_A; return resolve_record(bus, n, class, type); @@ -765,6 +763,36 @@ static int resolve_service(sd_bus *bus, const char *name, const char *type, cons return 0; } +static int resolve_openpgp(sd_bus *bus, const char *address) { + const char *domain, *full; + int r; + _cleanup_free_ char *hashed = NULL; + + assert(bus); + assert(address); + + domain = strrchr(address, '@'); + if (!domain) { + log_error("Address does not contain '@': \"%s\"", address); + return -EINVAL; + } else if (domain == address || domain[1] == '\0') { + log_error("Address starts or ends with '@': \"%s\"", address); + return -EINVAL; + } + domain++; + + r = string_hashsum(address, domain - 1 - address, GCRY_MD_SHA224, &hashed); + if (r < 0) + return log_error_errno(r, "Hashing failed: %m"); + + full = strjoina(hashed, "._openpgpkey.", domain); + log_debug("Looking up \"%s\".", full); + + return resolve_record(bus, full, + arg_class ?: DNS_CLASS_IN, + arg_type ?: DNS_TYPE_OPENPGPKEY); +} + static int show_statistics(sd_bus *bus) { _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL; _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL; @@ -947,6 +975,7 @@ static void help(void) { " --service Resolve service (SRV)\n" " --service-address=BOOL Do [not] resolve address for services\n" " --service-txt=BOOL Do [not] resolve TXT records for services\n" + " --openpgp Query OpenPGP public key\n" " --cname=BOOL Do [not] follow CNAME redirects\n" " --search=BOOL Do [not] use search domains\n" " --legend=BOOL Do [not] print column headers and meta information\n" @@ -963,6 +992,7 @@ static int parse_argv(int argc, char *argv[]) { ARG_CNAME, ARG_SERVICE_ADDRESS, ARG_SERVICE_TXT, + ARG_OPENPGP, ARG_SEARCH, ARG_STATISTICS, ARG_RESET_STATISTICS, @@ -980,6 +1010,7 @@ static int parse_argv(int argc, char *argv[]) { { "service", no_argument, NULL, ARG_SERVICE }, { "service-address", required_argument, NULL, ARG_SERVICE_ADDRESS }, { "service-txt", required_argument, NULL, ARG_SERVICE_TXT }, + { "openpgp", no_argument, NULL, ARG_OPENPGP }, { "search", required_argument, NULL, ARG_SEARCH }, { "statistics", no_argument, NULL, ARG_STATISTICS, }, { "reset-statistics", no_argument, NULL, ARG_RESET_STATISTICS }, @@ -1089,6 +1120,10 @@ static int parse_argv(int argc, char *argv[]) { arg_mode = MODE_RESOLVE_SERVICE; break; + case ARG_OPENPGP: + arg_mode = MODE_RESOLVE_OPENPGP; + break; + case ARG_CNAME: r = parse_boolean(optarg); if (r < 0) @@ -1248,6 +1283,24 @@ int main(int argc, char **argv) { break; + case MODE_RESOLVE_OPENPGP: + if (argc < optind + 1) { + log_error("E-mail address required."); + r = -EINVAL; + goto finish; + + } + + r = 0; + while (optind < argc) { + int k; + + k = resolve_openpgp(bus, argv[optind++]); + if (k < 0) + r = k; + } + break; + case MODE_STATISTICS: if (argc > optind) { log_error("Too many arguments."); diff --git a/src/shared/gcrypt-util.c b/src/shared/gcrypt-util.c index 3bbc161ef2..b887243849 100644 --- a/src/shared/gcrypt-util.c +++ b/src/shared/gcrypt-util.c @@ -38,3 +38,32 @@ void initialize_libgcrypt(bool secmem) { gcry_control(GCRYCTL_DISABLE_SECMEM); gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); } + +int string_hashsum(const char *s, size_t len, int md_algorithm, char **out) { + gcry_md_hd_t md = NULL; + size_t hash_size; + void *hash; + char *enc; + + initialize_libgcrypt(false); + + hash_size = gcry_md_get_algo_dlen(md_algorithm); + assert(hash_size > 0); + + gcry_md_open(&md, md_algorithm, 0); + if (!md) + return -EIO; + + gcry_md_write(md, s, len); + + hash = gcry_md_read(md, 0); + if (!hash) + return -EIO; + + enc = hexmem(hash, hash_size); + if (!enc) + return -ENOMEM; + + *out = enc; + return 0; +} diff --git a/src/shared/gcrypt-util.h b/src/shared/gcrypt-util.h index 42ce3fd121..c7652c22d1 100644 --- a/src/shared/gcrypt-util.h +++ b/src/shared/gcrypt-util.h @@ -22,3 +22,4 @@ #include void initialize_libgcrypt(bool secmem); +int string_hashsum(const char *s, size_t len, int md_algorithm, char **out); -- cgit v1.2.3-54-g00ecf From 6d99904f5a263cc119ac79718d83d7136dde349d Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sun, 31 Jan 2016 00:10:42 -0500 Subject: test-dns-packet: add framework to read and dump packets Packets are stored in a simple format: ... Packets for some example domains are dumped, to test rr code for various record types. Currently: A AAAA CAA DNSKEY LOC MX NS NSEC OPENPGPKEY SOA SPF TXT The hashing code is executed, but results are not checked. Also build other tests in src/resolve only with --enable-resolve. --- .gitignore | 1 + Makefile.am | 91 ++++++++++--------- src/resolve/resolved-dns-rr.c | 2 +- src/resolve/resolved-dns-rr.h | 2 + .../test-data/_openpgpkey.fedoraproject.org.pkts | Bin 0 -> 986 bytes src/resolve/test-data/fedoraproject.org.pkts | Bin 0 -> 1483 bytes src/resolve/test-data/gandi.net.pkts | Bin 0 -> 1010 bytes src/resolve/test-data/google.com.pkts | Bin 0 -> 747 bytes src/resolve/test-data/root.pkts | Bin 0 -> 1061 bytes ...sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts | Bin 0 -> 330 bytes src/resolve/test-data/teamits.com.pkts | Bin 0 -> 1021 bytes .../test-data/zbyszek@fedoraproject.org.pkts | Bin 0 -> 2533 bytes src/resolve/test-dns-packet.c | 100 +++++++++++++++++++++ 13 files changed, 149 insertions(+), 47 deletions(-) create mode 100644 src/resolve/test-data/_openpgpkey.fedoraproject.org.pkts create mode 100644 src/resolve/test-data/fedoraproject.org.pkts create mode 100644 src/resolve/test-data/gandi.net.pkts create mode 100644 src/resolve/test-data/google.com.pkts create mode 100644 src/resolve/test-data/root.pkts create mode 100644 src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts create mode 100644 src/resolve/test-data/teamits.com.pkts create mode 100644 src/resolve/test-data/zbyszek@fedoraproject.org.pkts create mode 100644 src/resolve/test-dns-packet.c (limited to 'Makefile.am') diff --git a/.gitignore b/.gitignore index 586b3796b1..81b97c4add 100644 --- a/.gitignore +++ b/.gitignore @@ -184,6 +184,7 @@ /test-dhcp-server /test-dhcp6-client /test-dns-domain +/test-dns-packet /test-dnssec /test-efi-disk.img /test-ellipsize diff --git a/Makefile.am b/Makefile.am index e63015476c..4e6a27a77d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1501,6 +1501,7 @@ tests += \ test-af-list \ test-arphrd-list \ test-dns-domain \ + test-dns-packet \ test-resolve-tables \ test-install-root \ test-rlimit-util \ @@ -1666,16 +1667,6 @@ test_dns_domain_LDADD = \ libsystemd-network.la \ libshared.la -test_resolve_tables_SOURCES = \ - src/resolve/test-resolve-tables.c \ - src/shared/test-tables.h \ - src/resolve/dns-type.c \ - src/resolve/dns-type.h \ - src/resolve/dns_type-from-name.h \ - src/resolve/dns_type-to-name.h - -test_resolve_tables_LDADD = \ - libshared.la if ENABLE_EFI manual_tests += \ @@ -5166,6 +5157,20 @@ EXTRA_DIST += \ # ------------------------------------------------------------------------------ if ENABLE_RESOLVED +basic_dns_sources = \ + src/resolve/resolved-dns-dnssec.c \ + src/resolve/resolved-dns-dnssec.h \ + src/resolve/resolved-dns-packet.c \ + src/resolve/resolved-dns-packet.h \ + src/resolve/resolved-dns-rr.c \ + src/resolve/resolved-dns-rr.h \ + src/resolve/resolved-dns-answer.c \ + src/resolve/resolved-dns-answer.h \ + src/resolve/resolved-dns-question.c \ + src/resolve/resolved-dns-question.h \ + src/resolve/dns-type.c \ + src/resolve/dns-type.h + systemd_resolved_SOURCES = \ src/resolve/resolved.c \ src/resolve/resolved-manager.c \ @@ -5185,14 +5190,7 @@ systemd_resolved_SOURCES = \ src/resolve/resolved-mdns.h \ src/resolve/resolved-mdns.c \ src/resolve/resolved-def.h \ - src/resolve/resolved-dns-rr.h \ - src/resolve/resolved-dns-rr.c \ - src/resolve/resolved-dns-question.h \ - src/resolve/resolved-dns-question.c \ - src/resolve/resolved-dns-answer.h \ - src/resolve/resolved-dns-answer.c \ - src/resolve/resolved-dns-packet.h \ - src/resolve/resolved-dns-packet.c \ + $(basic_dns_sources) \ src/resolve/resolved-dns-query.h \ src/resolve/resolved-dns-query.c \ src/resolve/resolved-dns-synthesize.h \ @@ -5211,14 +5209,10 @@ systemd_resolved_SOURCES = \ src/resolve/resolved-dns-zone.c \ src/resolve/resolved-dns-stream.h \ src/resolve/resolved-dns-stream.c \ - src/resolve/resolved-dns-dnssec.h \ - src/resolve/resolved-dns-dnssec.c \ src/resolve/resolved-dns-trust-anchor.h \ src/resolve/resolved-dns-trust-anchor.c \ src/resolve/resolved-etc-hosts.h \ src/resolve/resolved-etc-hosts.c \ - src/resolve/dns-type.c \ - src/resolve/dns-type.h \ src/shared/gcrypt-util.c \ src/shared/gcrypt-util.h @@ -5280,18 +5274,7 @@ lib_LTLIBRARIES += \ systemd_resolve_SOURCES = \ src/resolve/resolve-tool.c \ - src/resolve/resolved-dns-dnssec.c \ - src/resolve/resolved-dns-dnssec.h \ - src/resolve/resolved-dns-packet.c \ - src/resolve/resolved-dns-packet.h \ - src/resolve/resolved-dns-rr.c \ - src/resolve/resolved-dns-rr.h \ - src/resolve/resolved-dns-answer.c \ - src/resolve/resolved-dns-answer.h \ - src/resolve/resolved-dns-question.c \ - src/resolve/resolved-dns-question.h \ - src/resolve/dns-type.c \ - src/resolve/dns-type.h \ + $(basic_dns_sources) \ src/shared/gcrypt-util.c \ src/shared/gcrypt-util.h @@ -5312,20 +5295,36 @@ tests += \ manual_tests += \ test-dnssec-complex +test_resolve_tables_SOURCES = \ + src/resolve/test-resolve-tables.c \ + src/resolve/dns_type-from-name.h \ + src/resolve/dns_type-to-name.h \ + $(basic_dns_sources) \ + src/shared/test-tables.h + +test_resolve_tables_LDADD = \ + libshared.la + +test_dns_packet_SOURCES = \ + src/resolve/test-dns-packet.c \ + $(basic_dns_sources) + +test_dns_packet_LDADD = \ + libshared.la + +EXTRA_DIST += \ + src/resolve/test-data/_openpgpkey.fedoraproject.org.pkts \ + src/resolve/test-data/fedoraproject.org.pkts \ + src/resolve/test-data/gandi.net.pkts \ + src/resolve/test-data/google.com.pkts \ + src/resolve/test-data/root.pkts \ + src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts \ + src/resolve/test-data/teamits.com.pkts \ + src/resolve/test-data/zbyszek@fedoraproject.org.pkts + test_dnssec_SOURCES = \ src/resolve/test-dnssec.c \ - src/resolve/resolved-dns-packet.c \ - src/resolve/resolved-dns-packet.h \ - src/resolve/resolved-dns-rr.c \ - src/resolve/resolved-dns-rr.h \ - src/resolve/resolved-dns-answer.c \ - src/resolve/resolved-dns-answer.h \ - src/resolve/resolved-dns-question.c \ - src/resolve/resolved-dns-question.h \ - src/resolve/resolved-dns-dnssec.c \ - src/resolve/resolved-dns-dnssec.h \ - src/resolve/dns-type.c \ - src/resolve/dns-type.h + $(basic_dns_sources) test_dnssec_LDADD = \ libshared.la diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 783ec7516c..2803ec017e 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -1302,7 +1302,7 @@ int dns_resource_record_is_synthetic(DnsResourceRecord *rr) { return !r; } -static void dns_resource_record_hash_func(const void *i, struct siphash *state) { +void dns_resource_record_hash_func(const void *i, struct siphash *state) { const DnsResourceRecord *rr = i; assert(rr); diff --git a/src/resolve/resolved-dns-rr.h b/src/resolve/resolved-dns-rr.h index 37c4487332..01c7091645 100644 --- a/src/resolve/resolved-dns-rr.h +++ b/src/resolve/resolved-dns-rr.h @@ -325,6 +325,8 @@ int dns_resource_record_is_synthetic(DnsResourceRecord *rr); DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i); bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b); +void dns_resource_record_hash_func(const void *i, struct siphash *state); + extern const struct hash_ops dns_resource_key_hash_ops; extern const struct hash_ops dns_resource_record_hash_ops; diff --git a/src/resolve/test-data/_openpgpkey.fedoraproject.org.pkts b/src/resolve/test-data/_openpgpkey.fedoraproject.org.pkts new file mode 100644 index 0000000000..15de02e997 Binary files /dev/null and b/src/resolve/test-data/_openpgpkey.fedoraproject.org.pkts differ diff --git a/src/resolve/test-data/fedoraproject.org.pkts b/src/resolve/test-data/fedoraproject.org.pkts new file mode 100644 index 0000000000..17874844d9 Binary files /dev/null and b/src/resolve/test-data/fedoraproject.org.pkts differ diff --git a/src/resolve/test-data/gandi.net.pkts b/src/resolve/test-data/gandi.net.pkts new file mode 100644 index 0000000000..5ef51e0c8e Binary files /dev/null and b/src/resolve/test-data/gandi.net.pkts differ diff --git a/src/resolve/test-data/google.com.pkts b/src/resolve/test-data/google.com.pkts new file mode 100644 index 0000000000..f98c4cd855 Binary files /dev/null and b/src/resolve/test-data/google.com.pkts differ diff --git a/src/resolve/test-data/root.pkts b/src/resolve/test-data/root.pkts new file mode 100644 index 0000000000..54ba668c75 Binary files /dev/null and b/src/resolve/test-data/root.pkts differ diff --git a/src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts b/src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts new file mode 100644 index 0000000000..a854249532 Binary files /dev/null and b/src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts differ diff --git a/src/resolve/test-data/teamits.com.pkts b/src/resolve/test-data/teamits.com.pkts new file mode 100644 index 0000000000..11deb39677 Binary files /dev/null and b/src/resolve/test-data/teamits.com.pkts differ diff --git a/src/resolve/test-data/zbyszek@fedoraproject.org.pkts b/src/resolve/test-data/zbyszek@fedoraproject.org.pkts new file mode 100644 index 0000000000..f0a6f982df Binary files /dev/null and b/src/resolve/test-data/zbyszek@fedoraproject.org.pkts differ diff --git a/src/resolve/test-dns-packet.c b/src/resolve/test-dns-packet.c new file mode 100644 index 0000000000..d8a5d9bbef --- /dev/null +++ b/src/resolve/test-dns-packet.c @@ -0,0 +1,100 @@ +/*** + This file is part of systemd + + Copyright 2016 Zbigniew Jędrzejewski-Szmek + + systemd is free software; you can redistribute it and/or modify it + under the terms of the GNU Lesser General Public License as published by + the Free Software Foundation; either version 2.1 of the License, or + (at your option) any later version. + + systemd is distributed in the hope that it will be useful, but + WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public License + along with systemd; If not, see . +***/ + +#include + +#include "alloc-util.h" +#include "fileio.h" +#include "macro.h" +#include "log.h" +#include "resolved-dns-packet.h" +#include "resolved-dns-rr.h" +#include "string-util.h" + +#define HASH_KEY SD_ID128_MAKE(d3,1e,48,90,4b,fa,4c,fe,af,9d,d5,a1,d7,2e,8a,b1) + +static uint64_t hash(DnsResourceRecord *rr) { + struct siphash state; + + siphash24_init(&state, HASH_KEY.bytes); + dns_resource_record_hash_func(rr, &state); + return siphash24_finalize(&state); +} + +static void test_packet_from_file(const char* filename, bool canonical) { + _cleanup_free_ char *data = NULL; + size_t data_size, packet_size, offset; + + assert_se(read_full_file(filename, &data, &data_size) >= 0); + assert_se(data); + assert_se(data_size > 8); + + log_info("============== %s %s==============", filename, canonical ? "canonical " : ""); + + for (offset = 0; offset < data_size; offset += 8 + packet_size) { + _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL, *p2 = NULL; + _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL, *rr2 = NULL; + const char *s, *s2; + uint64_t hash1, hash2; + + packet_size = le64toh( *(uint64_t*)(data + offset) ); + assert_se(packet_size > 0); + assert_se(offset + 8 + packet_size <= data_size); + + assert_se(dns_packet_new(&p, DNS_PROTOCOL_DNS, 0) >= 0); + + assert_se(dns_packet_append_blob(p, data + offset + 8, packet_size, NULL) >= 0); + assert_se(dns_packet_read_rr(p, &rr, NULL, NULL) >= 0); + + s = dns_resource_record_to_string(rr); + assert_se(s); + puts(s); + + hash1 = hash(rr); + + assert_se(dns_resource_record_to_wire_format(rr, canonical) >= 0); + + assert_se(dns_packet_new(&p2, DNS_PROTOCOL_DNS, 0) >= 0); + assert_se(dns_packet_append_blob(p2, rr->wire_format, rr->wire_format_size, NULL) >= 0); + assert_se(dns_packet_read_rr(p2, &rr2, NULL, NULL) >= 0); + + s2 = dns_resource_record_to_string(rr); + assert_se(s2); + assert_se(streq(s, s2)); + + hash2 = hash(rr); + assert_se(hash1 == hash2); + } +} + +int main(int argc, char **argv) { + int i; + + log_parse_environment(); + + for (i = 1; i < argc; i++) { + test_packet_from_file(argv[i], false); + puts(""); + test_packet_from_file(argv[i], true); + if (i + 1 < argc) + puts(""); + } + + return EXIT_SUCCESS; +} -- cgit v1.2.3-54-g00ecf From fff85dbe15475c35fed2af66fabef3bdfb94f389 Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Thu, 11 Feb 2016 09:18:32 -0500 Subject: test-dns-packet: allow running without arguments --- Makefile.am | 4 ++++ src/resolve/test-dns-packet.c | 27 +++++++++++++++++++++------ 2 files changed, 25 insertions(+), 6 deletions(-) (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 4e6a27a77d..754772156c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5309,6 +5309,10 @@ test_dns_packet_SOURCES = \ src/resolve/test-dns-packet.c \ $(basic_dns_sources) +test_dns_packet_CPPFLAGS = \ + $(AM_CPPFLAGS) \ + -DRESOLVE_TEST_DIR=\"$(abs_top_srcdir)/src/resolve/test-data\" + test_dns_packet_LDADD = \ libshared.la diff --git a/src/resolve/test-dns-packet.c b/src/resolve/test-dns-packet.c index d8a5d9bbef..1abbd3fa2e 100644 --- a/src/resolve/test-dns-packet.c +++ b/src/resolve/test-dns-packet.c @@ -18,14 +18,17 @@ ***/ #include +#include #include "alloc-util.h" #include "fileio.h" -#include "macro.h" +#include "glob-util.h" #include "log.h" +#include "macro.h" #include "resolved-dns-packet.h" #include "resolved-dns-rr.h" #include "string-util.h" +#include "strv.h" #define HASH_KEY SD_ID128_MAKE(d3,1e,48,90,4b,fa,4c,fe,af,9d,d5,a1,d7,2e,8a,b1) @@ -84,15 +87,27 @@ static void test_packet_from_file(const char* filename, bool canonical) { } int main(int argc, char **argv) { - int i; + int i, N; + _cleanup_globfree_ glob_t g = {}; + _cleanup_strv_free_ char **globs = NULL; + char **fnames; log_parse_environment(); - for (i = 1; i < argc; i++) { - test_packet_from_file(argv[i], false); + if (argc >= 2) { + N = argc - 1; + fnames = argv + 1; + } else { + assert_se(glob(RESOLVE_TEST_DIR "/*.pkts", GLOB_NOSORT, NULL, &g) == 0); + N = g.gl_pathc; + fnames = g.gl_pathv; + } + + for (i = 0; i < N; i++) { + test_packet_from_file(fnames[i], false); puts(""); - test_packet_from_file(argv[i], true); - if (i + 1 < argc) + test_packet_from_file(fnames[i], true); + if (i + 1 < N) puts(""); } -- cgit v1.2.3-54-g00ecf From fa45182ed6b833017dde5a7cee27cdf25985790a Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sun, 31 Jan 2016 16:23:00 -0500 Subject: Fix hashing of TLSA packets Also add example files with TLSA and SSHFP records. --- Makefile.am | 4 +++- src/resolve/resolved-dns-rr.c | 2 +- src/resolve/test-data/_443._tcp.fedoraproject.org.pkts | Bin 0 -> 169 bytes src/resolve/test-data/kyhwana.org.pkts | Bin 0 -> 1803 bytes 4 files changed, 4 insertions(+), 2 deletions(-) create mode 100644 src/resolve/test-data/_443._tcp.fedoraproject.org.pkts create mode 100644 src/resolve/test-data/kyhwana.org.pkts (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 754772156c..8ab04e74ba 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5324,7 +5324,9 @@ EXTRA_DIST += \ src/resolve/test-data/root.pkts \ src/resolve/test-data/sw1a1aa-sw1a2aa-sw1a2ab-sw1a2ac.find.me.uk.pkts \ src/resolve/test-data/teamits.com.pkts \ - src/resolve/test-data/zbyszek@fedoraproject.org.pkts + src/resolve/test-data/zbyszek@fedoraproject.org.pkts \ + src/resolve/test-data/_443._tcp.fedoraproject.org.pkts \ + src/resolve/test-data/kyhwana.org.pkts test_dnssec_SOURCES = \ src/resolve/test-dnssec.c \ diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 2803ec017e..422bbe4bc4 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -1429,7 +1429,7 @@ void dns_resource_record_hash_func(const void *i, struct siphash *state) { siphash24_compress(&rr->tlsa.cert_usage, sizeof(rr->tlsa.cert_usage), state); siphash24_compress(&rr->tlsa.selector, sizeof(rr->tlsa.selector), state); siphash24_compress(&rr->tlsa.matching_type, sizeof(rr->tlsa.matching_type), state); - siphash24_compress(&rr->tlsa.data, rr->tlsa.data_size, state); + siphash24_compress(rr->tlsa.data, rr->tlsa.data_size, state); break; case DNS_TYPE_OPENPGPKEY: diff --git a/src/resolve/test-data/_443._tcp.fedoraproject.org.pkts b/src/resolve/test-data/_443._tcp.fedoraproject.org.pkts new file mode 100644 index 0000000000..a383c6286d Binary files /dev/null and b/src/resolve/test-data/_443._tcp.fedoraproject.org.pkts differ diff --git a/src/resolve/test-data/kyhwana.org.pkts b/src/resolve/test-data/kyhwana.org.pkts new file mode 100644 index 0000000000..e28a725c9a Binary files /dev/null and b/src/resolve/test-data/kyhwana.org.pkts differ -- cgit v1.2.3-54-g00ecf From 718af59e9ac1a525b0a73b99a74bc376f1b4d49d Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Mon, 1 Feb 2016 21:35:44 -0500 Subject: resolve: always align flags to 8th column and print CAA flags Left-over unknown flags are printed numerically. Otherwise, it wouldn't be known what bits are remaining without knowning what the known bits are. A test case is added to verify the flag printing code: ============== src/resolve/test-data/fake-caa.pkts ============== google.com. IN CAA 0 issue "symantec.com" google.com. IN CAA 128 issue "symantec.com" -- Flags: critical google.com. IN CAA 129 issue "symantec.com" -- Flags: critical 1 google.com. IN CAA 22 issue "symantec.com" -- Flags: 22 --- Makefile.am | 3 ++- src/resolve/dns-type.h | 3 +++ src/resolve/resolved-dns-rr.c | 31 ++++++++++++++++--------------- src/resolve/test-data/fake-caa.pkts | Bin 0 -> 196 bytes 4 files changed, 21 insertions(+), 16 deletions(-) create mode 100644 src/resolve/test-data/fake-caa.pkts (limited to 'Makefile.am') diff --git a/Makefile.am b/Makefile.am index 8ab04e74ba..5d39967f2c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -5326,7 +5326,8 @@ EXTRA_DIST += \ src/resolve/test-data/teamits.com.pkts \ src/resolve/test-data/zbyszek@fedoraproject.org.pkts \ src/resolve/test-data/_443._tcp.fedoraproject.org.pkts \ - src/resolve/test-data/kyhwana.org.pkts + src/resolve/test-data/kyhwana.org.pkts \ + src/resolve/test-data/fake-caa.pkts test_dnssec_SOURCES = \ src/resolve/test-dnssec.c \ diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h index d025544bab..ea51dfdb65 100644 --- a/src/resolve/dns-type.h +++ b/src/resolve/dns-type.h @@ -154,3 +154,6 @@ const char *tlsa_selector_to_string(uint8_t selector); /* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.4 */ const char *tlsa_matching_type_to_string(uint8_t selector); + +/* https://tools.ietf.org/html/rfc6844#section-5.1 */ +#define CAA_FLAG_CRITICAL (1u << 7) diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 35c0de1a6d..d54645fc7a 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -980,7 +980,7 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { case DNS_TYPE_DNSKEY: { _cleanup_free_ char *alg = NULL; char *ss; - int n, n1; + int n; uint16_t key_tag; key_tag = dnssec_keytag(rr, true); @@ -989,9 +989,8 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { if (r < 0) return NULL; - r = asprintf(&s, "%s %n%u %u %s %n", + r = asprintf(&s, "%s %u %u %s %n", k, - &n1, rr->dnskey.flags, rr->dnskey.protocol, alg, @@ -1006,14 +1005,12 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { return NULL; r = asprintf(&ss, "%s\n" - "%*s-- Flags:%s%s%s\n" - "%*s-- Key tag: %u", + " -- Flags:%s%s%s\n" + " -- Key tag: %u", s, - n1, "", rr->dnskey.flags & DNSKEY_FLAG_SEP ? " SEP" : "", rr->dnskey.flags & DNSKEY_FLAG_REVOKE ? " REVOKE" : "", rr->dnskey.flags & DNSKEY_FLAG_ZONE_KEY ? " ZONE_KEY" : "", - n1, "", key_tag); if (r < 0) return NULL; @@ -1139,13 +1136,13 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { return NULL; r = asprintf(&ss, "%s\n" - "%*s-- Cert. usage: %s\n" - "%*s-- Selector: %s\n" - "%*s-- Matching type: %s", + " -- Cert. usage: %s\n" + " -- Selector: %s\n" + " -- Matching type: %s", s, - n - 6, "", cert_usage, - n - 6, "", selector, - n - 6, "", matching_type); + cert_usage, + selector, + matching_type); if (r < 0) return NULL; free(s); @@ -1161,11 +1158,15 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) { if (!value) return NULL; - r = asprintf(&s, "%s %u %s \"%s\"", + r = asprintf(&s, "%s %u %s \"%s\"%s%s%s%.0u", k, rr->caa.flags, rr->caa.tag, - value); + value, + rr->caa.flags ? "\n -- Flags:" : "", + rr->caa.flags & CAA_FLAG_CRITICAL ? " critical" : "", + rr->caa.flags & ~CAA_FLAG_CRITICAL ? " " : "", + rr->caa.flags & ~CAA_FLAG_CRITICAL); if (r < 0) return NULL; diff --git a/src/resolve/test-data/fake-caa.pkts b/src/resolve/test-data/fake-caa.pkts new file mode 100644 index 0000000000..1c3ecc5491 Binary files /dev/null and b/src/resolve/test-data/fake-caa.pkts differ -- cgit v1.2.3-54-g00ecf