dnsruby 1.30 → 1.31

data/lib/Dnsruby/Cache.rb

@@ -66,7 +66,7 @@ module Dnsruby
         @cache.delete(key)
       }
     end
-    class CacheKey
+    class CacheKey # :nodoc: all
       attr_accessor :qname, :qtype, :qclass
       def initialize(*args)
         self.qclass = Classes.IN
@@ -85,7 +85,7 @@ module Dnsruby
         return "#{qname.inspect.downcase} #{qclass} #{qtype}"
       end
     end
-    class CacheData
+    class CacheData # :nodoc: all
       attr_reader :expiration
       def message=(m)
         @expiration = get_expiration(m)

data/lib/Dnsruby/Recursor.rb

@@ -14,48 +14,6 @@
 #limitations under the License.
 #++
 module Dnsruby
-  class Recursor
-    class AddressCache # :nodoc: all
-      # Like an array, but stores the expiration of each record.
-      def initialize(*args)
-        @hash = Hash.new # stores addresses against their expiration
-        @mutex = Mutex.new # This class is thread-safe
-      end
-      def push(item)
-        address, ttl = item
-        expiration = Time.now + ttl
-        @mutex.synchronize {
-          @hash[address] = expiration
-        }
-      end
-      def values
-        ret =[]
-        keys_to_delete = []
-        @mutex.synchronize {
-          @hash.keys.each {|address|
-            if (@hash[address] > Time.now)
-              ret.push(address)
-            else
-              keys_to_delete.push(address)
-            end
-          }
-          keys_to_delete.each {|key|
-            @hash.delete(key)
-          }
-        }
-        return ret
-      end
-      def length
-        @mutex.synchronize {
-          return @hash.length
-        }
-      end
-      def each()
-        values.each {|v|
-          yield v
-        }
-      end
-    end
     #Dnsruby::Recursor - Perform recursive dns lookups
     #
     #  require 'Dnsruby'
@@ -152,6 +110,48 @@ module Dnsruby
     #;; Received 135 bytes from 139.134.2.18#53(sy-dns02.tmns.net.au) in 525 ms
     #  ;;; FINALLY, THE ANSWER!
     # Now,DNSSEC validation is performed (unless disabled).
+  class Recursor
+    class AddressCache # :nodoc: all
+      # Like an array, but stores the expiration of each record.
+      def initialize(*args)
+        @hash = Hash.new # stores addresses against their expiration
+        @mutex = Mutex.new # This class is thread-safe
+      end
+      def push(item)
+        address, ttl = item
+        expiration = Time.now + ttl
+        @mutex.synchronize {
+          @hash[address] = expiration
+        }
+      end
+      def values
+        ret =[]
+        keys_to_delete = []
+        @mutex.synchronize {
+          @hash.keys.each {|address|
+            if (@hash[address] > Time.now)
+              ret.push(address)
+            else
+              keys_to_delete.push(address)
+            end
+          }
+          keys_to_delete.each {|key|
+            @hash.delete(key)
+          }
+        }
+        return ret
+      end
+      def length
+        @mutex.synchronize {
+          return @hash.length
+        }
+      end
+      def each()
+        values.each {|v|
+          yield v
+        }
+      end
+    end
     attr_accessor :nameservers, :callback, :recurse, :ipv6_ok
     attr_reader :hints
     # The resolver to use for the queries

data/lib/Dnsruby/dnssec.rb

@@ -149,7 +149,7 @@ module Dnsruby
 
 
     @@do_validation_with_recursor = true # Many nameservers don't handle DNSSEC correctly yet
-    @@default_resolver = nil
+    @@default_resolver = Resolver.new
     # This method defines the choice of Resolver or Recursor, when the validator
     # is checking responses.
     # If set to true, then a Recursor will be used to query for the DNSSEC records.

data/lib/Dnsruby/message.rb

@@ -282,6 +282,16 @@ module Dnsruby
         exception = NotImp.new
       elsif (rcode==RCode.REFUSED)
         exception = Refused.new
+      elsif (rcode==RCode.NOTZONE)
+        exception = NotZone.new
+      elsif (rcode==RCode.NOTAUTH)
+        exception = NotAuth.new
+      elsif (rcode==RCode.NXRRSET)
+        exception = NXRRSet.new
+      elsif (rcode==RCode.YXRRSET)
+        exception = YXRRSet.new
+      elsif (rcode==RCode.YXDOMAIN)
+        exception = YXDomain.new
       elsif (rcode >= RCode.BADSIG && rcode <= RCode.BADALG)
         return VerifyError.new # @TODO@
       end

data/lib/Dnsruby/name.rb

@@ -28,6 +28,7 @@ module Dnsruby
   #* Name#labels
   #
   class Name
+    include Comparable
     MaxNameLength=255
     #--
     # A Name is a collection of Labels. Each label is presentation-formatted
@@ -116,6 +117,24 @@ module Dnsruby
       return (labels[0].string == '*')
     end
 
+    # Return the canonical form of this name (RFC 4034 section 6.2)
+    def canonical
+      #
+      return MessageEncoder.new {|msg|
+              msg.put_name(self, true)
+      }.to_s
+
+    end
+
+    def <=>(other)
+      # return -1 if other less than us, +1 if greater than us
+      return 0 if (canonical == other.canonical)
+      if (canonically_before(other))
+        return +1
+      end
+      return -1
+    end
+
     def canonically_before(n)
       if (!(Name === n))
         n = Name.create(n)

data/lib/Dnsruby/resource/DNSKEY.rb

@@ -52,6 +52,7 @@ module Dnsruby
         self.protocol=3
         self.flags=ZONE_KEY
         @algorithm=Algorithms.RSASHA1
+        @public_key = nil
       end
       
       def protocol=(p)
@@ -149,6 +150,7 @@ module Dnsruby
           # until we come to " )" at the end, and then gsub
           # the white space out
           # Also, brackets may or may not be present
+          # Not to mention comments! ";"
           buf = ""
           index = 3
           end_index = data.length - 1
@@ -157,7 +159,13 @@ module Dnsruby
             index = 4
           end
           (index..end_index).each {|i|
-            buf += data[i]
+            if (comment_index = data[i].index(";"))
+              buf += data[i].slice(0, comment_index)
+              # @TODO@ We lose the comments here - we should really keep them for when we write back to string format?
+              break
+            else
+              buf += data[i]
+            end
           }
           self.key=(buf)
         end
@@ -238,7 +246,7 @@ module Dnsruby
       end
       
       def public_key
-        if (@public_key.nil?)
+        if (!@public_key)
           if [Algorithms.RSASHA1,
               Algorithms.RSASHA1_NSEC3_SHA1].include?(@algorithm)
             @public_key = rsa_key

data/lib/Dnsruby/resource/NSEC.rb

@@ -75,6 +75,9 @@ module Dnsruby
           # from the wire, already decoded
           types =t
         elsif (t.instance_of?String)
+          if t[t.length-1, t.length]!=")"
+            t = t + " )"
+          end
           # List of mnemonics
           types=[]
           mnemonics = t.split(" ")
@@ -171,7 +174,7 @@ module Dnsruby
         0.step(65536,256) { |step|
           # Gather up the RR types for this set of 256
           types_to_go = []
-          while (type_codes[0] < step)
+          while (!type_codes.empty? && type_codes[0] < step)
             types_to_go.push(type_codes[0])
             # And delete them from type_codes
             type_codes=type_codes.last(type_codes.length-1)

data/lib/Dnsruby/resource/NSEC3.rb

@@ -13,6 +13,7 @@
 #See the License for the specific language governing permissions and 
 #limitations under the License.
 #++
+require 'digest/sha1'
 module Base32
   module_function
   def encode32hex(str)
@@ -73,9 +74,6 @@ module Dnsruby
       #The Salt Length field defines the length of the Salt field in octets,
       #ranging in value from 0 to 255.
       attr_reader :salt_length
-      #The Salt field is appended to the original owner name before hashing
-      #in order to defend against pre-calculated dictionary attacks.
-      attr_accessor :salt
       #The Hash Length field defines the length of the Next Hashed Owner
       #Name field, ranging in value from 1 to 255 octets.
       attr_reader :hash_length
@@ -96,6 +94,61 @@ module Dnsruby
         return false
       end
 
+      def calculate_hash
+        return NSEC3.calculate_hash(@name, @iterations, @salt, @hash_alg)
+      end
+
+      def NSEC3.calculate_hash(name, iterations, salt, hash_alg)
+        # RFC5155
+        #5.  Calculation of the Hash
+
+        #   Define H(x) to be the hash of x using the Hash Algorithm selected by
+        #   the NSEC3 RR, k to be the number of Iterations, and || to indicate
+        #   concatenation.  Then define:
+        #
+        #      IH(salt, x, 0) = H(x || salt), and
+        #
+        #      IH(salt, x, k) = H(IH(salt, x, k-1) || salt), if k > 0
+        #
+        #   Then the calculated hash of an owner name is
+        #
+        #      IH(salt, owner name, iterations),
+        #
+        #   where the owner name is in the canonical form, defined as:
+        #
+        #   The wire format of the owner name where:
+        #
+        #   1.  The owner name is fully expanded (no DNS name compression) and
+        #       fully qualified;
+        #   2.  All uppercase US-ASCII letters are replaced by the corresponding
+        #       lowercase US-ASCII letters;
+        #   3.  If the owner name is a wildcard name, the owner name is in its
+        #       original unexpanded form, including the "*" label (no wildcard
+        #       substitution);
+        #
+        #   This form is as defined in Section 6.2 of [RFC 4034].
+        #
+
+        n = Name.create(name)
+        out = n.canonical
+        (0..iterations).each  {
+          out =NSEC3.h(out + salt, hash_alg);
+        }
+        return Base32.encode32hex(out).downcase
+      end
+
+      def h(x) # :nodoc: all
+        return NSEC3.h(x, @hash_alg)
+      end
+
+      def NSEC3.h(x, hash_alg) # :nodoc: all
+        if Nsec3HashAlgorithms.SHA_1 == hash_alg
+          return Digest::SHA1.digest(x)
+        end
+        TheLog.error("Unknown hash algorithm #{hash_alg} used for NSEC3 hash")
+        return "Unknown NSEC3 hash algorithm"
+      end
+
       def hash_alg=(a)
         if (a.instance_of?String)
           if (a.length == 1)
@@ -103,7 +156,7 @@ module Dnsruby
           end
         end
         begin
-          alg = Algorithms.new(a)
+          alg = Nsec3HashAlgorithms.new(a)
           @hash_alg = alg
         rescue ArgumentError => e
           raise DecodeError.new(e)
@@ -118,27 +171,28 @@ module Dnsruby
         self.types=(@types + [t])
       end
       
+      OPT_OUT = 1
       def flags=(f)
-        if (f==0 || f==1)
+        if (f==0 || f==OPT_OUT)
           @flags=f
         else
           raise DecodeError.new("Unknown NSEC3 flags field - #{f}")
         end
       end
-      
+
       #If the Opt-Out flag is set, the NSEC3 record covers zero or more
       #unsigned delegations.
       def opt_out?
-        return (@flags==1)
-      end
-      
-      def salt_length=(l)
-        if ((l < 0) || (l > 255))
-          raise DecodeError.new("NSEC3 salt length must be between 0 and 255")
-        end
-        @salt_length = l
+        return (@flags==OPT_OUT)
       end
       
+      #      def salt_length=(l)
+      #        if ((l < 0) || (l > 255))
+      #          raise DecodeError.new("NSEC3 salt length must be between 0 and 255")
+      #        end
+      #        @salt_length = l
+      #      end
+      #
       def hash_length=(l)
         if ((l < 0) || (l > 255))
           raise DecodeError.new("NSEC3 hash length must be between 0 and 255")
@@ -151,34 +205,52 @@ module Dnsruby
         self.hash_alg=(hash_alg)
         self.flags=(flags)
         self.iterations=(iterations)
-        self.salt_length=(salt_length)
+#        self.salt_length=(salt_length)
         self.salt=(salt)
         self.hash_length=(hash_length)
         self.next_hashed=(next_hashed)
         self.types=(types)
       end
 
-      def decode_salt(input)
+      #The Salt field is appended to the original owner name before hashing
+      #in order to defend against pre-calculated dictionary attacks.
+      def salt
+        return NSEC3.encode_salt(@salt)
+      end
+
+      def salt=(s)
+        @salt = NSEC3.decode_salt(s)
+        @salt_length = @salt.length
+      end
+
+      def NSEC3.decode_salt(input)
         if (input == "-")
-          @salt = []
+          return []
         end
-        # @TODO@
-          @salt = input
+        return [input].pack("H*")
       end
 
-      def encode_salt(s)
-        if (s.length == 0)
+      def NSEC3.encode_salt(s)
+        if (!s || s.length == 0)
           return "-"
         end
-        return s
+        return s.unpack("H*")[0]
       end
 
       def decode_next_hashed(input)
-        @next_hashed = Base32.decode32hex(input)
+        @next_hashed = NSEC3.decode_next_hashed(input)
+        end
+
+      def NSEC3.decode_next_hashed(input)
+        return Base32.decode32hex(input)
       end
 
       def encode_next_hashed(n)
-        return Base32.encode32hex(n)
+        return NSEC3.encode_next_hashed(n)
+      end
+
+      def NSEC3.encode_next_hashed(n)
+        return Base32.encode32hex(n).downcase
       end
       
       def from_string(input)
@@ -187,8 +259,9 @@ module Dnsruby
           self.hash_alg=(data[0]).to_i
           self.flags=(data[1]).to_i
           self.iterations=(data[2]).to_i
-          self.salt=decode_salt(data[3])
-          self.salt_length=(@salt.length)
+          #          self.salt=NSEC3.decode_salt(data[3])
+          self.salt=(data[3])
+          #          self.salt_length=(@salt.length)
 
           len = data[0].length + data[1].length + data[2].length + data[3].length + 4
           # There may or may not be brackets around next_hashed
@@ -203,9 +276,9 @@ module Dnsruby
           self.hash_length=(@next_hashed.length)
           len2 = data2[0].length + 1
           self.types = next_hashed_and_types[len2, next_hashed_and_types.length - len2]
-#          self.types=data2[1]
-#          #          len = data[0].length + data[1].length + data[2].length + data[3].length + data[5].length + 7
-#          #          self.types=(input[len, input.length-len])
+          #          self.types=data2[1]
+          #          #          len = data[0].length + data[1].length + data[2].length + data[3].length + data[5].length + 7
+          #          #          self.types=(input[len, input.length-len])
         end
       end
       
@@ -215,7 +288,8 @@ module Dnsruby
           @types.each do |t|
             type_strings.push(t.string)
           end
-          salt = encode_salt(@salt)
+          #          salt = NSEC3.encode_salt(@salt)
+          salt = salt()
           next_hashed = encode_next_hashed(@next_hashed)
           types = type_strings.join(" ")
           return "#{@hash_alg.code} #{@flags} #{@iterations} #{salt} ( #{next_hashed} #{types} )"
@@ -225,8 +299,15 @@ module Dnsruby
       end
       
       def encode_rdata(msg, canonical=false) #:nodoc: all
-        msg.put_pack("ccnc", @hash_alg.code, @flags, @iterations, @salt_length)
-        msg.put_bytes(@salt)
+        s = salt()
+        sl = s.length()
+        if (s == "-")
+          sl = 0
+        end
+        msg.put_pack("ccnc", @hash_alg.code, @flags, @iterations, sl)
+        if (sl > 0)
+          msg.put_bytes(s)
+        end
         msg.put_pack("c", @hash_length)
         msg.put_bytes(@next_hashed)
         types = NSEC.encode_types(self)