dnresolve.c 22 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844845846847848849850851852853854855856857858859860861862863864865866867868869870871872873874875876877878879880881882883884885886887888889890891892893894895896897898899900901902903904905906907908909910911912913914915916917918919920921922923924925926927928929930931932933934935936937938939940941942943944945946947948949950951952953954955956957958959960961962963964965966967968969970971972973974975976977978979980981982983984985986987988989990991992993994995996997998999100010011002100310041005100610071008100910101011101210131014101510161017101810191020102110221023102410251026102710281029103010311032103310341035103610371038
  1. #include <u.h>
  2. #include <libc.h>
  3. #include <ip.h>
  4. #include <bio.h>
  5. #include <ndb.h>
  6. #include "dns.h"
  7. enum
  8. {
  9. Maxdest= 24, /* maximum destinations for a request message */
  10. Maxtrans= 3, /* maximum transmissions to a server */
  11. };
  12. int inside, straddle, serve;
  13. static int netquery(DN*, int, RR*, Request*, int);
  14. static RR* dnresolve1(char*, int, int, Request*, int, int);
  15. char *LOG = "dns";
  16. /*
  17. * reading /proc/pid/args yields either "name" or "name [display args]",
  18. * so return only display args, if any.
  19. */
  20. static char *
  21. procgetname(void)
  22. {
  23. int fd, n;
  24. char *lp, *rp;
  25. char buf[256];
  26. snprint(buf, sizeof buf, "#p/%d/args", getpid());
  27. if((fd = open(buf, OREAD)) < 0)
  28. return strdup("");
  29. *buf = '\0';
  30. n = read(fd, buf, sizeof buf-1);
  31. close(fd);
  32. if (n >= 0)
  33. buf[n] = '\0';
  34. if ((lp = strchr(buf, '[')) == nil ||
  35. (rp = strrchr(buf, ']')) == nil)
  36. return strdup("");
  37. *rp = '\0';
  38. return strdup(lp+1);
  39. }
  40. /*
  41. * lookup 'type' info for domain name 'name'. If it doesn't exist, try
  42. * looking it up as a canonical name.
  43. */
  44. RR*
  45. dnresolve(char *name, int class, int type, Request *req, RR **cn, int depth,
  46. int recurse, int rooted, int *status)
  47. {
  48. RR *rp, *nrp, *drp;
  49. DN *dp;
  50. int loops;
  51. char *procname;
  52. char nname[Domlen];
  53. if(status)
  54. *status = 0;
  55. procname = procgetname();
  56. /*
  57. * hack for systems that don't have resolve search
  58. * lists. Just look up the simple name in the database.
  59. */
  60. if(!rooted && strchr(name, '.') == 0){
  61. rp = nil;
  62. drp = domainlist(class);
  63. for(nrp = drp; nrp != nil; nrp = nrp->next){
  64. snprint(nname, sizeof nname, "%s.%s", name,
  65. nrp->ptr->name);
  66. rp = dnresolve(nname, class, type, req, cn, depth,
  67. recurse, rooted, status);
  68. rrfreelist(rrremneg(&rp));
  69. if(rp != nil)
  70. break;
  71. }
  72. if(drp != nil)
  73. rrfree(drp);
  74. procsetname(procname);
  75. free(procname);
  76. return rp;
  77. }
  78. /*
  79. * try the name directly
  80. */
  81. rp = dnresolve1(name, class, type, req, depth, recurse);
  82. if(rp) {
  83. procsetname(procname);
  84. free(procname);
  85. return randomize(rp);
  86. }
  87. /* try it as a canonical name if we weren't told the name didn't exist */
  88. dp = dnlookup(name, class, 0);
  89. if(type != Tptr && dp->respcode != Rname)
  90. for(loops = 0; rp == nil && loops < 32; loops++){
  91. rp = dnresolve1(name, class, Tcname, req, depth, recurse);
  92. if(rp == nil)
  93. break;
  94. if(rp->negative){
  95. rrfreelist(rp);
  96. rp = nil;
  97. break;
  98. }
  99. name = rp->host->name;
  100. if(cn)
  101. rrcat(cn, rp);
  102. else
  103. rrfreelist(rp);
  104. rp = dnresolve1(name, class, type, req, depth, recurse);
  105. }
  106. /* distinction between not found and not good */
  107. if(rp == nil && status != nil && dp->respcode != 0)
  108. *status = dp->respcode;
  109. procsetname(procname);
  110. free(procname);
  111. return randomize(rp);
  112. }
  113. static RR*
  114. dnresolve1(char *name, int class, int type, Request *req, int depth,
  115. int recurse)
  116. {
  117. DN *dp, *nsdp;
  118. RR *rp, *nsrp, *dbnsrp;
  119. char *cp;
  120. if(debug)
  121. syslog(0, LOG, "[%d] dnresolve1 %s %d %d",
  122. getpid(), name, type, class);
  123. /* only class Cin implemented so far */
  124. if(class != Cin)
  125. return nil;
  126. dp = dnlookup(name, class, 1);
  127. /*
  128. * Try the cache first
  129. */
  130. rp = rrlookup(dp, type, OKneg);
  131. if(rp)
  132. if(rp->db){
  133. /* unauthenticated db entries are hints */
  134. if(rp->auth)
  135. return rp;
  136. } else
  137. /* cached entry must still be valid */
  138. if(rp->ttl > now)
  139. /* but Tall entries are special */
  140. if(type != Tall || rp->query == Tall)
  141. return rp;
  142. rrfreelist(rp);
  143. /*
  144. * try the cache for a canonical name. if found punt
  145. * since we'll find it during the canonical name search
  146. * in dnresolve().
  147. */
  148. if(type != Tcname){
  149. rp = rrlookup(dp, Tcname, NOneg);
  150. rrfreelist(rp);
  151. if(rp)
  152. return nil;
  153. }
  154. /*
  155. * if we're running as just a resolver, go to our
  156. * designated name servers
  157. */
  158. if(resolver){
  159. nsrp = randomize(getdnsservers(class));
  160. if(nsrp != nil) {
  161. if(netquery(dp, type, nsrp, req, depth+1)){
  162. rrfreelist(nsrp);
  163. return rrlookup(dp, type, OKneg);
  164. }
  165. rrfreelist(nsrp);
  166. }
  167. }
  168. /*
  169. * walk up the domain name looking for
  170. * a name server for the domain.
  171. */
  172. for(cp = name; cp; cp = walkup(cp)){
  173. /*
  174. * if this is a local (served by us) domain,
  175. * return answer
  176. */
  177. dbnsrp = randomize(dblookup(cp, class, Tns, 0, 0));
  178. if(dbnsrp && dbnsrp->local){
  179. rp = dblookup(name, class, type, 1, dbnsrp->ttl);
  180. rrfreelist(dbnsrp);
  181. return rp;
  182. }
  183. /*
  184. * if recursion isn't set, just accept local
  185. * entries
  186. */
  187. if(recurse == Dontrecurse){
  188. if(dbnsrp)
  189. rrfreelist(dbnsrp);
  190. continue;
  191. }
  192. /* look for ns in cache */
  193. nsdp = dnlookup(cp, class, 0);
  194. nsrp = nil;
  195. if(nsdp)
  196. nsrp = randomize(rrlookup(nsdp, Tns, NOneg));
  197. /* if the entry timed out, ignore it */
  198. if(nsrp && nsrp->ttl < now){
  199. rrfreelist(nsrp);
  200. nsrp = nil;
  201. }
  202. if(nsrp){
  203. rrfreelist(dbnsrp);
  204. /* try the name servers found in cache */
  205. if(netquery(dp, type, nsrp, req, depth+1)){
  206. rrfreelist(nsrp);
  207. return rrlookup(dp, type, OKneg);
  208. }
  209. rrfreelist(nsrp);
  210. continue;
  211. }
  212. /* use ns from db */
  213. if(dbnsrp){
  214. /* try the name servers found in db */
  215. if(netquery(dp, type, dbnsrp, req, depth+1)){
  216. /* we got an answer */
  217. rrfreelist(dbnsrp);
  218. return rrlookup(dp, type, NOneg);
  219. }
  220. rrfreelist(dbnsrp);
  221. }
  222. }
  223. /* settle for a non-authoritative answer */
  224. rp = rrlookup(dp, type, OKneg);
  225. if(rp)
  226. return rp;
  227. /* noone answered. try the database, we might have a chance. */
  228. return dblookup(name, class, type, 0, 0);
  229. }
  230. /*
  231. * walk a domain name one element to the right.
  232. * return a pointer to that element.
  233. * in other words, return a pointer to the parent domain name.
  234. */
  235. char*
  236. walkup(char *name)
  237. {
  238. char *cp;
  239. cp = strchr(name, '.');
  240. if(cp)
  241. return cp+1;
  242. else if(*name)
  243. return "";
  244. else
  245. return 0;
  246. }
  247. /*
  248. * Get a udpport for requests and replies. Put the port
  249. * into "headers" mode.
  250. */
  251. static char *hmsg = "headers";
  252. static char *ohmsg = "oldheaders";
  253. int
  254. udpport(char *mtpt)
  255. {
  256. int fd, ctl;
  257. char ds[64], adir[64];
  258. /* get a udp port */
  259. snprint(ds, sizeof ds, "%s/udp!*!0", (mtpt? mtpt: "/net"));
  260. ctl = announce(ds, adir);
  261. if(ctl < 0){
  262. /* warning("can't get udp port"); */
  263. return -1;
  264. }
  265. /* turn on header style interface */
  266. if(write(ctl, hmsg, strlen(hmsg)) , 0){
  267. close(ctl);
  268. warning(hmsg);
  269. return -1;
  270. }
  271. write(ctl, ohmsg, strlen(ohmsg));
  272. /* grab the data file */
  273. snprint(ds, sizeof ds, "%s/data", adir);
  274. fd = open(ds, ORDWR);
  275. close(ctl);
  276. if(fd < 0)
  277. warning("can't open udp port %s: %r", ds);
  278. return fd;
  279. }
  280. int
  281. mkreq(DN *dp, int type, uchar *buf, int flags, ushort reqno)
  282. {
  283. DNSmsg m;
  284. int len;
  285. OUdphdr *uh = (OUdphdr*)buf;
  286. /* stuff port number into output buffer */
  287. memset(uh, 0, sizeof(*uh));
  288. hnputs(uh->rport, 53);
  289. /* make request and convert it to output format */
  290. memset(&m, 0, sizeof(m));
  291. m.flags = flags;
  292. m.id = reqno;
  293. m.qd = rralloc(type);
  294. m.qd->owner = dp;
  295. m.qd->type = type;
  296. len = convDNS2M(&m, &buf[OUdphdrsize], Maxudp);
  297. if(len < 0)
  298. abort(); /* "can't convert" */
  299. rrfree(m.qd);
  300. return len;
  301. }
  302. /* for alarms in readreply */
  303. static void
  304. ding(void *x, char *msg)
  305. {
  306. USED(x);
  307. if(strcmp(msg, "alarm") == 0)
  308. noted(NCONT);
  309. else
  310. noted(NDFLT);
  311. }
  312. static void
  313. freeanswers(DNSmsg *mp)
  314. {
  315. rrfreelist(mp->qd);
  316. rrfreelist(mp->an);
  317. rrfreelist(mp->ns);
  318. rrfreelist(mp->ar);
  319. mp->qd = mp->an = mp->ns = mp->ar = nil;
  320. }
  321. /*
  322. * read replies to a request. ignore any of the wrong type.
  323. * wait at most 5 seconds.
  324. */
  325. static int
  326. readreply(int fd, DN *dp, int type, ushort req,
  327. uchar *ibuf, DNSmsg *mp, ulong endtime, Request *reqp)
  328. {
  329. char *err;
  330. int len;
  331. ulong now;
  332. RR *rp;
  333. notify(ding);
  334. for(; ; freeanswers(mp)){
  335. now = time(0);
  336. if(now >= endtime)
  337. return -1; /* timed out */
  338. /* timed read */
  339. alarm((endtime - now) * 1000);
  340. len = read(fd, ibuf, OUdphdrsize+Maxudpin);
  341. alarm(0);
  342. len -= OUdphdrsize;
  343. if(len < 0)
  344. return -1; /* timed out */
  345. /* convert into internal format */
  346. memset(mp, 0, sizeof(*mp));
  347. err = convM2DNS(&ibuf[OUdphdrsize], len, mp, nil);
  348. if(err){
  349. syslog(0, LOG, "input err: %s: %I", err, ibuf);
  350. continue;
  351. }
  352. if(debug)
  353. logreply(reqp->id, ibuf, mp);
  354. /* answering the right question? */
  355. if(mp->id != req){
  356. syslog(0, LOG, "%d: id %d instead of %d: %I", reqp->id,
  357. mp->id, req, ibuf);
  358. continue;
  359. }
  360. if(mp->qd == 0){
  361. syslog(0, LOG, "%d: no question RR: %I", reqp->id, ibuf);
  362. continue;
  363. }
  364. if(mp->qd->owner != dp){
  365. syslog(0, LOG, "%d: owner %s instead of %s: %I",
  366. reqp->id, mp->qd->owner->name, dp->name, ibuf);
  367. continue;
  368. }
  369. if(mp->qd->type != type){
  370. syslog(0, LOG, "%d: type %d instead of %d: %I",
  371. reqp->id, mp->qd->type, type, ibuf);
  372. continue;
  373. }
  374. /* remember what request this is in answer to */
  375. for(rp = mp->an; rp; rp = rp->next)
  376. rp->query = type;
  377. return 0;
  378. }
  379. }
  380. /*
  381. * return non-0 if first list includes second list
  382. */
  383. int
  384. contains(RR *rp1, RR *rp2)
  385. {
  386. RR *trp1, *trp2;
  387. for(trp2 = rp2; trp2; trp2 = trp2->next){
  388. for(trp1 = rp1; trp1; trp1 = trp1->next){
  389. if(trp1->type == trp2->type)
  390. if(trp1->host == trp2->host)
  391. if(trp1->owner == trp2->owner)
  392. break;
  393. }
  394. if(trp1 == nil)
  395. return 0;
  396. }
  397. return 1;
  398. }
  399. typedef struct Dest Dest;
  400. struct Dest
  401. {
  402. uchar a[IPaddrlen]; /* ip address */
  403. DN *s; /* name server */
  404. int nx; /* number of transmissions */
  405. int code; /* response code; used to clear dp->respcode */
  406. };
  407. /*
  408. * return multicast version if any
  409. */
  410. int
  411. ipisbm(uchar *ip)
  412. {
  413. if(isv4(ip)){
  414. if (ip[IPv4off] >= 0xe0 && ip[IPv4off] < 0xf0 ||
  415. ipcmp(ip, IPv4bcast) == 0)
  416. return 4;
  417. } else
  418. if(ip[0] == 0xff)
  419. return 6;
  420. return 0;
  421. }
  422. static Ndb *db;
  423. static Ndbtuple *indoms, *innmsrvs, *outnmsrvs;
  424. static QLock ndblock;
  425. static void
  426. loaddomsrvs(Ndb *db)
  427. {
  428. Ndbs s;
  429. if (indoms == nil) {
  430. free(ndbgetvalue(db, &s, "sys", "inside-dom", "dom", &indoms));
  431. free(ndbgetvalue(db, &s, "sys", "inside-ns", "ip", &innmsrvs));
  432. free(ndbgetvalue(db, &s, "sys", "outside-ns", "ip", &outnmsrvs));
  433. syslog(0, LOG, "reloaded inside-dom, inside-ns, outside-ns");
  434. }
  435. }
  436. /*
  437. * is this domain (or DOMAIN or Domain or dOMAIN)
  438. * internal to our organisation (behind our firewall)?
  439. * only inside straddling servers care, everybody else gets told `yes',
  440. * so they'll use mntpt for their queries.
  441. */
  442. static int
  443. insideaddr(char *dom)
  444. {
  445. int domlen, vallen, rv;
  446. Ndbtuple *t;
  447. if (!inside || !straddle || !serve)
  448. return 1;
  449. qlock(&ndblock);
  450. if (indoms == nil) {
  451. db = ndbopen(nil);
  452. if (db != nil)
  453. loaddomsrvs(db);
  454. /* leave db open so we can quickly test for changes */
  455. } else if (ndbchanged(db)) {
  456. ndbfree(indoms);
  457. ndbfree(innmsrvs);
  458. ndbfree(outnmsrvs);
  459. indoms = innmsrvs = outnmsrvs = nil;
  460. ndbreopen(db);
  461. loaddomsrvs(db);
  462. }
  463. if (indoms == nil) {
  464. qunlock(&ndblock);
  465. return 1; /* no "inside" sys, try inside nameservers */
  466. }
  467. rv = 0;
  468. domlen = strlen(dom);
  469. for (t = indoms; t != nil; t = t->entry) {
  470. if (strcmp(t->attr, "dom") != 0)
  471. continue;
  472. vallen = strlen(t->val);
  473. if (cistrcmp(dom, t->val) == 0 ||
  474. domlen > vallen &&
  475. cistrcmp(dom + domlen - vallen, t->val) == 0 &&
  476. dom[domlen - vallen - 1] == '.') {
  477. rv = 1;
  478. break;
  479. }
  480. }
  481. qunlock(&ndblock);
  482. return rv;
  483. }
  484. static int
  485. insidens(uchar *ip)
  486. {
  487. uchar ipa[IPaddrlen];
  488. Ndbtuple *t;
  489. for (t = innmsrvs; t != nil; t = t->entry)
  490. if (strcmp(t->attr, "ip") == 0) {
  491. parseip(ipa, t->val);
  492. if (memcmp(ipa, ip, sizeof ipa) == 0)
  493. return 1;
  494. }
  495. return 0;
  496. }
  497. static uchar *
  498. outsidens(void)
  499. {
  500. Ndbtuple *t;
  501. static uchar ipa[IPaddrlen];
  502. for (t = outnmsrvs; t != nil; t = t->entry)
  503. if (strcmp(t->attr, "ip") == 0) {
  504. parseip(ipa, t->val);
  505. return ipa;
  506. }
  507. return nil;
  508. }
  509. /*
  510. * Get next server address
  511. */
  512. static int
  513. serveraddrs(DN *dp, RR *nsrp, Dest *dest, int nd, int depth, Request *reqp)
  514. {
  515. RR *rp, *arp, *trp;
  516. Dest *cur;
  517. if(nd >= Maxdest)
  518. return 0;
  519. /*
  520. * look for a server whose address we already know.
  521. * if we find one, mark it so we ignore this on
  522. * subsequent passes.
  523. */
  524. arp = 0;
  525. for(rp = nsrp; rp; rp = rp->next){
  526. assert(rp->magic == RRmagic);
  527. if(rp->marker)
  528. continue;
  529. arp = rrlookup(rp->host, Ta, NOneg);
  530. if(arp){
  531. rp->marker = 1;
  532. break;
  533. }
  534. arp = dblookup(rp->host->name, Cin, Ta, 0, 0);
  535. if(arp){
  536. rp->marker = 1;
  537. break;
  538. }
  539. }
  540. /*
  541. * if the cache and database lookup didn't find any new
  542. * server addresses, try resolving one via the network.
  543. * Mark any we try to resolve so we don't try a second time.
  544. */
  545. if(arp == 0)
  546. for(rp = nsrp; rp; rp = rp->next){
  547. if(rp->marker)
  548. continue;
  549. rp->marker = 1;
  550. /*
  551. * avoid loops looking up a server under itself
  552. */
  553. if(subsume(rp->owner->name, rp->host->name))
  554. continue;
  555. arp = dnresolve(rp->host->name, Cin, Ta, reqp, 0,
  556. depth+1, Recurse, 1, 0);
  557. rrfreelist(rrremneg(&arp));
  558. if(arp)
  559. break;
  560. }
  561. /* use any addresses that we found */
  562. for(trp = arp; trp; trp = trp->next){
  563. if(nd >= Maxdest)
  564. break;
  565. cur = &dest[nd];
  566. parseip(cur->a, trp->ip->name);
  567. if (ipisbm(cur->a) ||
  568. !insideaddr(dp->name) && insidens(cur->a))
  569. continue;
  570. cur->nx = 0;
  571. cur->s = trp->owner;
  572. cur->code = Rtimeout;
  573. nd++;
  574. }
  575. rrfreelist(arp);
  576. return nd;
  577. }
  578. /*
  579. * cache negative responses
  580. */
  581. static void
  582. cacheneg(DN *dp, int type, int rcode, RR *soarr)
  583. {
  584. RR *rp;
  585. DN *soaowner;
  586. ulong ttl;
  587. /* no cache time specified, don't make anything up */
  588. if(soarr != nil){
  589. if(soarr->next != nil){
  590. rrfreelist(soarr->next);
  591. soarr->next = nil;
  592. }
  593. soaowner = soarr->owner;
  594. } else
  595. soaowner = nil;
  596. /* the attach can cause soarr to be freed so mine it now */
  597. if(soarr != nil && soarr->soa != nil)
  598. ttl = soarr->soa->minttl+now;
  599. else
  600. ttl = 5*Min;
  601. /* add soa and negative RR to the database */
  602. rrattach(soarr, 1);
  603. rp = rralloc(type);
  604. rp->owner = dp;
  605. rp->negative = 1;
  606. rp->negsoaowner = soaowner;
  607. rp->negrcode = rcode;
  608. rp->ttl = ttl;
  609. rrattach(rp, 1);
  610. }
  611. /*
  612. * query name servers. If the name server returns a pointer to another
  613. * name server, recurse.
  614. */
  615. static int
  616. netquery1(int fd, DN *dp, int type, RR *nsrp, Request *reqp, int depth,
  617. uchar *ibuf, uchar *obuf, int waitsecs, int inns)
  618. {
  619. int ndest, j, len, replywaits, rv;
  620. ulong endtime;
  621. ushort req;
  622. char buf[12];
  623. DN *ndp;
  624. DNSmsg m;
  625. Dest *p, *l, *np;
  626. Dest dest[Maxdest];
  627. RR *tp, *soarr;
  628. /* pack request into a message */
  629. req = rand();
  630. len = mkreq(dp, type, obuf, Frecurse|Oquery, req);
  631. /* no server addresses yet */
  632. l = dest;
  633. /*
  634. * transmit requests and wait for answers.
  635. * at most Maxtrans attempts to each address.
  636. * each cycle send one more message than the previous.
  637. */
  638. for(ndest = 1; ndest < Maxdest; ndest++){
  639. p = dest;
  640. endtime = time(0);
  641. if(endtime >= reqp->aborttime)
  642. break;
  643. /* get a server address if we need one */
  644. if(ndest > l - p){
  645. j = serveraddrs(dp, nsrp, dest, l - p, depth, reqp);
  646. l = &dest[j];
  647. }
  648. /* no servers, punt */
  649. if(l == dest)
  650. if (straddle && inside) {
  651. /* HACK: use sys=outside ips */
  652. if (outsidens() == nil)
  653. sysfatal("no outside-ns in ndb");
  654. p = dest;
  655. memmove(p->a, outsidens(), sizeof p->a);
  656. p->s = dnlookup("outside", Cin, 1);
  657. p->nx = p->code = 0;
  658. l = p + 1;
  659. } else {
  660. syslog(0, LOG, "netquery1: no servers for %s", dp->name); // DEBUG
  661. break;
  662. }
  663. /* send to first 'ndest' destinations */
  664. j = 0;
  665. for(; p < &dest[ndest] && p < l; p++){
  666. /* skip destinations we've finished with */
  667. if(p->nx >= Maxtrans)
  668. continue;
  669. j++;
  670. /* exponential backoff of requests */
  671. if((1<<p->nx) > ndest)
  672. continue;
  673. memmove(obuf, p->a, sizeof p->a);
  674. procsetname("req slave: %sside query to %I/%s %s %s",
  675. (inns? "in": "out"), obuf, p->s->name, dp->name,
  676. rrname(type, buf, sizeof buf));
  677. if(debug)
  678. logsend(reqp->id, depth, obuf, p->s->name,
  679. dp->name, type);
  680. /* actually send the UDP packet */
  681. if(write(fd, obuf, len + OUdphdrsize) < 0)
  682. warning("sending udp msg %r");
  683. p->nx++;
  684. }
  685. if(j == 0)
  686. break; /* no destinations left */
  687. endtime = time(0) + waitsecs;
  688. if(endtime > reqp->aborttime)
  689. endtime = reqp->aborttime;
  690. for(replywaits = 0; replywaits < ndest; replywaits++){
  691. procsetname(
  692. "req slave: reading %sside reply from %I for %s %s",
  693. (inns? "in": "out"), obuf, dp->name,
  694. rrname(type, buf, sizeof buf));
  695. memset(&m, 0, sizeof m);
  696. if(readreply(fd, dp, type, req, ibuf, &m, endtime, reqp) < 0)
  697. break; /* timed out */
  698. /* find responder */
  699. for(p = dest; p < l; p++)
  700. if(memcmp(p->a, ibuf, sizeof(p->a)) == 0)
  701. break;
  702. /* remove all addrs of responding server from list */
  703. for(np = dest; np < l; np++)
  704. if(np->s == p->s)
  705. p->nx = Maxtrans;
  706. /* ignore any error replies */
  707. if((m.flags & Rmask) == Rserver){
  708. rrfreelist(m.qd);
  709. rrfreelist(m.an);
  710. rrfreelist(m.ar);
  711. rrfreelist(m.ns);
  712. if(p != l)
  713. p->code = Rserver;
  714. continue;
  715. }
  716. /* ignore any bad delegations */
  717. if(m.ns && baddelegation(m.ns, nsrp, ibuf)){
  718. rrfreelist(m.ns);
  719. m.ns = nil;
  720. if(m.an == nil){
  721. rrfreelist(m.qd);
  722. rrfreelist(m.ar);
  723. if(p != l)
  724. p->code = Rserver;
  725. continue;
  726. }
  727. }
  728. /* remove any soa's from the authority section */
  729. soarr = rrremtype(&m.ns, Tsoa);
  730. /* incorporate answers */
  731. if(m.an)
  732. rrattach(m.an, (m.flags & Fauth) != 0);
  733. if(m.ar)
  734. rrattach(m.ar, 0);
  735. if(m.ns){
  736. ndp = m.ns->owner;
  737. rrattach(m.ns, 0);
  738. } else
  739. ndp = nil;
  740. /* free the question */
  741. if(m.qd)
  742. rrfreelist(m.qd);
  743. /*
  744. * Any reply from an authoritative server,
  745. * or a positive reply terminates the search
  746. */
  747. if(m.an != nil || (m.flags & Fauth)){
  748. if(m.an == nil && (m.flags & Rmask) == Rname)
  749. dp->respcode = Rname;
  750. else
  751. dp->respcode = 0;
  752. /*
  753. * cache any negative responses, free soarr
  754. */
  755. if((m.flags & Fauth) && m.an == nil)
  756. cacheneg(dp, type, (m.flags & Rmask),
  757. soarr);
  758. else
  759. rrfreelist(soarr);
  760. return 1;
  761. }
  762. rrfreelist(soarr);
  763. /*
  764. * if we've been given better name servers,
  765. * recurse. we're called from udpquery, called from
  766. * netquery, which current holds dp->querylck,
  767. * so release it now and acquire it upon return.
  768. */
  769. if(m.ns){
  770. tp = rrlookup(ndp, Tns, NOneg);
  771. if(!contains(nsrp, tp)){
  772. procsetname(
  773. "req slave: recursive query for %s %s",
  774. dp->name,
  775. rrname(type, buf, sizeof buf));
  776. qunlock(&dp->querylck);
  777. rv = netquery(dp, type, tp, reqp,
  778. depth + 1);
  779. qlock(&dp->querylck);
  780. rrfreelist(tp);
  781. return rv;
  782. } else
  783. rrfreelist(tp);
  784. }
  785. }
  786. }
  787. /* if all servers returned failure, propagate it */
  788. dp->respcode = Rserver;
  789. for(p = dest; p < l; p++)
  790. if(p->code != Rserver)
  791. dp->respcode = 0;
  792. return 0;
  793. }
  794. /*
  795. * run a command with a supplied fd as standard input
  796. */
  797. char *
  798. system(int fd, char *cmd)
  799. {
  800. int pid, p, i;
  801. static Waitmsg msg;
  802. if((pid = fork()) == -1)
  803. sysfatal("fork failed: %r");
  804. else if(pid == 0){
  805. dup(fd, 0);
  806. close(fd);
  807. for (i = 3; i < 200; i++)
  808. close(i); /* don't leak fds */
  809. execl("/bin/rc", "rc", "-c", cmd, nil);
  810. sysfatal("exec rc: %r");
  811. }
  812. for(p = waitpid(); p >= 0; p = waitpid())
  813. if(p == pid)
  814. return msg.msg;
  815. return "lost child";
  816. }
  817. enum { Hurry, Patient, };
  818. enum { Outns, Inns, };
  819. static int
  820. udpquery(char *mntpt, DN *dp, int type, RR *nsrp, Request *reqp, int depth,
  821. int patient, int inns)
  822. {
  823. int fd, rv = 0;
  824. char *msg;
  825. uchar *obuf, *ibuf;
  826. /* use alloced buffers rather than ones from the stack */
  827. ibuf = emalloc(Maxudpin+OUdphdrsize);
  828. obuf = emalloc(Maxudp+OUdphdrsize);
  829. fd = udpport(mntpt);
  830. if (fd < 0 && straddle && strcmp(mntpt, "/net.alt") == 0) {
  831. /* HACK: remount /net.alt */
  832. syslog(0, LOG, "remounting /net.alt");
  833. unmount(nil, "/net.alt");
  834. msg = system(open("/dev/null", ORDWR), "outside");
  835. if (msg && *msg) {
  836. syslog(0, LOG, "can't remount /net.alt: %s", msg);
  837. sleep(2000); /* don't spin wildly */
  838. } else
  839. fd = udpport(mntpt);
  840. }
  841. if(fd >= 0) {
  842. reqp->aborttime = time(0) + (patient? Maxreqtm: Maxreqtm/2);
  843. rv = netquery1(fd, dp, type, nsrp, reqp, depth,
  844. ibuf, obuf, (patient? 15: 10), inns);
  845. close(fd);
  846. }
  847. free(obuf);
  848. free(ibuf);
  849. return rv;
  850. }
  851. /* look up (dp->name,type) via *nsrp with results in *reqp */
  852. static int
  853. netquery(DN *dp, int type, RR *nsrp, Request *reqp, int depth)
  854. {
  855. int lock, rv, triedin;
  856. RR *rp;
  857. if(depth > 12) /* in a recursive loop? */
  858. return 0;
  859. slave(reqp); /* might fork */
  860. /* if so, parent process longjmped to req->mret; we're child slave */
  861. if (!reqp->isslave)
  862. syslog(0, LOG,
  863. "[%d] netquery: slave returned with reqp->isslave==0",
  864. getpid());
  865. /* don't lock before call to slave so only children can block */
  866. lock = reqp->isslave != 0;
  867. if(lock) {
  868. procsetname("waiting for query lock on %s", dp->name);
  869. /* don't make concurrent queries for this name */
  870. qlock(&dp->querylck);
  871. procsetname("netquery: %s", dp->name);
  872. }
  873. /* prepare server RR's for incremental lookup */
  874. for(rp = nsrp; rp; rp = rp->next)
  875. rp->marker = 0;
  876. rv = 0; /* pessimism */
  877. triedin = 0;
  878. /*
  879. * normal resolvers and servers will just use mntpt for all addresses,
  880. * even on the outside. straddling servers will use mntpt (/net)
  881. * for inside addresses and /net.alt for outside addresses,
  882. * thus bypassing other inside nameservers.
  883. */
  884. if (!straddle || insideaddr(dp->name)) {
  885. rv = udpquery(mntpt, dp, type, nsrp, reqp, depth, Hurry,
  886. (inside? Inns: Outns));
  887. triedin = 1;
  888. }
  889. /*
  890. * if we're still looking, are inside, and have an outside domain,
  891. * try it on our outside interface, if any.
  892. */
  893. if (rv == 0 && inside && !insideaddr(dp->name)) {
  894. if (triedin)
  895. syslog(0, LOG,
  896. "[%d] netquery: internal nameservers failed for %s; trying external",
  897. getpid(), dp->name);
  898. /* prepare server RR's for incremental lookup */
  899. for(rp = nsrp; rp; rp = rp->next)
  900. rp->marker = 0;
  901. rv = udpquery("/net.alt", dp, type, nsrp, reqp, depth, Patient,
  902. Outns);
  903. if (rv == 0)
  904. syslog(0, LOG, "[%d] netquery: no luck for %s",
  905. getpid(), dp->name);
  906. }
  907. if(lock)
  908. qunlock(&dp->querylck);
  909. return rv;
  910. }