dnsruby 1.47 → 1.48

data/EXAMPLES

@@ -92,25 +92,6 @@ Dnsruby::Dnssec.clear_trust_anchors
 Dnsruby::PacketSender.clear_caches
 Dnsruby::Recursor.clear_caches
 
-# Load the IANA TAR and query some signed zones
-Dnssec.load_itar
-res = Recursor.new
-ret = res.query("frobbit.se", "NS")
-print "Security level for signed zone from ITAR : #{ret.security_level}\n"
-
-# Query a name with no validation to be performed
-res = Dnsruby::Resolver.new
-m = Message.new("frobbit.se", "MX")
-m.do_validation = false
-ret = res.send_message(m)
-print "Security level of secure domain with no validation : #{ret.security_level}\n"
-
-# Clear the keys and caches
-Dnsruby::Dnssec.clear_trusted_keys
-Dnsruby::Dnssec.clear_trust_anchors
-Dnsruby::PacketSender.clear_caches
-Dnsruby::Recursor.clear_caches
-
 # Load a specific trust anchor and query some signed zones
 trusted_key = Dnsruby::RR.create({:name => "uk-dnssec.nic.uk.",
         :type => Dnsruby::Types.DNSKEY,

data/demo/{digitar.rb → digroot.rb}

@@ -21,18 +21,14 @@
 #
 #= SYNOPSIS
 #
-#digitar name [ type [ class ] ]
+#digroot name [ type [ class ] ]
 #
 #= DESCRIPTION
 #
 #Performs a DNS query on the given name.  The record type
 #and class can also be specified; if left blank they default
 #to A and IN. The program firstly performs the requested DNS
-# query. The response is then validated
-#- the ITAR is searched for the keys of the closest ancestor
-#of the query name, and the chain of trust is followed to prove
-#that the DNSSEC records are correct, or that we do not expect the
-#response to be signed.
+# query. The response is then validated from the signed root.
 #
 #= AUTHOR
 #
@@ -48,30 +44,16 @@ include Dnsruby
 
 raise RuntimeError, "Usage: #{$0} name [ type [ class ] ]\n" unless (ARGV.length >= 1) && (ARGV.length <= 3)
 
-Dnssec.load_itar
-res = Dnsruby::Recursor.new
-zt=Dnsruby::ZoneTransfer.new
-  
-  
+resolver = Dnsruby::Resolver.new()
+resolver.do_validation = true
+res = Dnsruby::Recursor.new(resolver)
+
 #    Dnsruby::TheLog.level=Logger::DEBUG
 
 name, type, klass = ARGV
 type  ||= "A"
 klass ||= "IN"
   
-if (type.upcase == "AXFR")
-  rrs = zt.transfer(name) # , klass)
-    
-  if (rrs)
-    rrs.each do |rr|
-      print rr.to_s + "\n"
-    end
-  else
-    raise RuntimeError, "zone transfer failed: ", res.errorstring, "\n"
-  end
-    
-else
-
   begin
     answer = nil
     answer = res.query(name, type, klass)
@@ -79,4 +61,3 @@ else
   rescue Exception => e
     print "query failed: #{e}\n"
   end
-end

data/lib/Dnsruby/Recursor.rb

@@ -303,8 +303,8 @@ module Dnsruby
     #This method is much like the normal query() method except it disables
     #the recurse flag in the packet and explicitly performs the recursion.
     #
-    #  packet = res.query_dorecursion( "www.netscape.com.", "A")
-    #  packet = res.query_dorecursion( "www.netscape.com.", "A", "IN", true) # no validation
+    #  packet = res.query( "www.netscape.com.", "A")
+    #  packet = res.query( "www.netscape.com.", "A", "IN", true) # no validation
     #
     #The Recursor maintains a cache of known nameservers.
     #DNSSEC validation is performed unless true is passed as the fourth parameter.
@@ -525,7 +525,9 @@ module Dnsruby
           
       nameservers = []
       ns.each do |nss|
-        nss.each {|n| nameservers.push(n)}
+        nss.each {|n|
+          nameservers.push(n.to_s)
+        }
       end
       resolver = Resolver.new({:nameserver=>nameservers})
       servers = []

data/lib/Dnsruby/Resolver.rb

@@ -426,7 +426,6 @@ module Dnsruby
                 :use_tcp=>@use_tcp, :no_tcp=>@no_tcp, :packet_timeout=>@packet_timeout,
                 :tsig => @tsig, :ignore_truncation=>@ignore_truncation,
                 :src_address=>@src_address, :src_port=>@src_port,
-                :do_caching=>@do_caching,
                 :recurse=>@recurse, :udp_size=>@udp_size})
           @single_resolvers.push(res) if res
         end
@@ -453,7 +452,12 @@ module Dnsruby
       end
      
       # Attributes
-      @do_validation = true
+
+      # do_validation tells the Resolver whether to try to validate the response
+      # with DNSSEC. This should work for NSEC-signed domains, but NSEC3
+      # validation is not currently supported. This attribute now defaults to
+      # false. Please let me know if you require NSEC3 validation.
+      @do_validation = false
       @query_timeout = DefaultQueryTimeout
       @retry_delay = DefaultRetryDelay
       @retry_times = DefaultRetryTimes

data/lib/Dnsruby/dnssec.rb

@@ -77,11 +77,15 @@ module Dnsruby
 
     @@root_verifier = SingleVerifier.new(SingleVerifier::VerifierType::ROOT)
 
+    # #NOTE# You may wish to import these via a secure channel yourself, if
+    # using Dnsruby for validation.
+    @@root_key = RR.create(". IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5")
+    @@root_verifier.add_root_ds(@@root_key)
+
     @@dlv_verifier = SingleVerifier.new(SingleVerifier::VerifierType::DLV)
 
     # @TODO@ Could add a new one of these for each anchor.
     @@anchor_verifier = SingleVerifier.new(SingleVerifier::VerifierType::ANCHOR)
-    # Should we be loading IANA Trust Anchor Repository? - no need - imported by ISC DLV
 
 
     # Add a trusted Key Signing Key for the ISC DLV registry.
@@ -120,6 +124,7 @@ module Dnsruby
     def self.reset
       @@validation_policy = ValidationPolicy::LOCAL_ANCHORS_THEN_ROOT
       @@root_verifier = SingleVerifier.new(SingleVerifier::VerifierType::ROOT)
+      @@root_verifier.add_root_ds(@@root_key)
 
       @@dlv_verifier = SingleVerifier.new(SingleVerifier::VerifierType::DLV)
 
@@ -139,37 +144,6 @@ module Dnsruby
       }
       return no_keys
     end
-    # Load the IANA TAR.
-    # THIS METHOD IS NOT SECURE!!!
-    def self.load_itar
-      # @TODO@ THIS IS VERY INSECURE!! WRITE THIS PROPERLY!!
-      # Should really check the signatures here to make sure the keys are good!
-      Net::FTP::open("ftp.iana.org") { |ftp|
-        ftp.login("anonymous")
-        ftp.passive = true
-        ftp.chdir("/itar")
-        lastname=nil
-        ftp.gettextfile("anchors.mf") {|line|
-          next if (line.strip.length == 0)
-          first = line[0]
-          if (first.class == String)
-            first = first.getbyte(0) # Ruby 1.9
-          end
-          #            print "Reading ITAR : #{line}, first : #{first}\n"
-          next if (first==59) # ";")
-          if (line.strip=~(/^DS /) || line.strip=~(/^DNSKEY /))
-            line = lastname.to_s + ((lastname.absolute?)?".":"") + " " + line
-          end
-          ds = RR.create(line)
-          if ((ds.type == Types::DS) || (ds.type == Types::DNSKEY))
-            #            assert(ds.name.absolute?)
-            Dnssec.add_trust_anchor(ds)
-          end
-          lastname = ds.name
-        }
-      }
-    end
-
 
     @@do_validation_with_recursor = true # Many nameservers don't handle DNSSEC correctly yet
     @@default_resolver = Resolver.new

data/lib/Dnsruby/message.rb

@@ -591,33 +591,41 @@ module Dnsruby
     #Decode the encoded message
     def Message.decode(m)
       o = Message.new()
-      MessageDecoder.new(m) {|msg|
-        o.header = Header.new(msg)
-        o.header.qdcount.times {
-          question = msg.get_question
-          o.question << question
-        }
-        o.header.ancount.times {
-          rr = msg.get_rr
-          o.answer << rr
-        }
-        o.header.nscount.times {
-          rr = msg.get_rr
-          o.authority << rr
-        }
-        o.header.arcount.times { |count|
-          start = msg.index
-          rr = msg.get_rr
-          if (rr.type == Types::TSIG)
-            if (count!=o.header.arcount-1)
-              Dnsruby.log.Error("Incoming message has TSIG record before last record")
-              raise DecodeError.new("TSIG record present before last record")
+      begin
+        MessageDecoder.new(m) {|msg|
+          o.header = Header.new(msg)
+          o.header.qdcount.times {
+            question = msg.get_question
+            o.question << question
+          }
+          o.header.ancount.times {
+            rr = msg.get_rr
+            o.answer << rr
+          }
+          o.header.nscount.times {
+            rr = msg.get_rr
+            o.authority << rr
+          }
+          o.header.arcount.times { |count|
+            start = msg.index
+            rr = msg.get_rr
+            if (rr.type == Types::TSIG)
+              if (count!=o.header.arcount-1)
+                Dnsruby.log.Error("Incoming message has TSIG record before last record")
+                raise DecodeError.new("TSIG record present before last record")
+              end
+              o.tsigstart = start # needed for TSIG verification
             end
-            o.tsigstart = start # needed for TSIG verification
-          end
-          o.additional << rr
+            o.additional << rr
+          }
         }
-      }
+      rescue DecodeError => e
+        # So we got a decode error
+        # However, we might have been able to fill in many parts of the message
+        # So let's raise the DecodeError, but add the partially completed message
+        e.partial_message = o
+        raise e
+      end
       return o
     end
     

data/lib/Dnsruby/resource/DS.rb

@@ -92,7 +92,7 @@ module Dnsruby
     
       def algorithm=(a)
         if (a.instance_of?String)
-          if (a.length == 1)
+          if (a.length < 3)
             a = a.to_i
           end
         end

data/lib/Dnsruby/resource/HINFO.rb

@@ -30,7 +30,15 @@ module Dnsruby
       end
       
       def from_string(input) #:nodoc: all
-        cpu, os = input.split(" ")
+        strings = TXT.parse(input)
+        cpu = ""
+        os = ""
+        if (strings.length == 1)
+          cpu, os = input.split(" ")
+        else
+          cpu = strings[0]
+          os = strings[1]
+        end
         cpu.sub!(/^\"/, "")
         @cpu = cpu.sub(/\"$/, "")
         os.sub!(/^\"/, "")
@@ -38,7 +46,15 @@ module Dnsruby
       end
       
       def rdata_to_string #:nodoc: all
-        return "#{@cpu} #{@os}"
+        if (defined?@cpu)
+          temp = []
+          [@cpu, @os].each {|str|
+            output = TXT.display(str)
+            temp.push("\"#{output}\"")
+          }
+          return temp.join(' ')
+        end
+        return ''
       end
       
       def encode_rdata(msg, canonical=false) #:nodoc: all

data/lib/Dnsruby/resource/LOC.rb

@@ -89,7 +89,7 @@ module Dnsruby
       def dms2latlon(deg, min, sec, hem)
         retval=0
         
-        retval = (deg * CONV_DEG) + (min * CONV_MIN) + (sec * CONV_SEC);
+        retval = (deg * CONV_DEG) + (min * CONV_MIN) + (sec * CONV_SEC).round;
         retval = -retval if ((hem != nil) && ((hem == "S") || (hem == "W")));
         retval += REFERENCE_LATLON;
         return retval;
@@ -138,23 +138,28 @@ module Dnsruby
          (\s+ ([\d.]+) m?)?	# size
          (\s+ ([\d.]+) m?)?	# horiz precision
          (\s+ ([\d.]+) m?)? 	# vert precision
-          /ix)  # 
+          /ix)  #
+
+          size = DEFAULT_SIZE
           
           # What to do for other versions?
           version = 0;
           
           horiz_pre = DEFAULT_HORIZ_PRE
           vert_pre  = DEFAULT_VERT_PRE
-          latdeg, latmin, latsec, lathem = $1.to_i, $3.to_i, $5.to_i, $6;
-          londeg, lonmin, lonsec, lonhem = $7.to_i, $9.to_i, $11.to_i, $12
-          alt, size = $13.to_i, $15.to_i
+          latdeg, latmin, latsec, lathem = $1.to_i, $3.to_i, $5.to_f, $6;
+          londeg, lonmin, lonsec, lonhem = $7.to_i, $9.to_i, $11.to_f, $12
+          alt = $13.to_i
+          if ($15)
+            size = $15.to_f
+          end
           if ($17)
-          horiz_pre = $17.to_i
+          horiz_pre = $17.to_f
           end
           if ($19)
-            vert_pre = $19.to_i
+            vert_pre = $19.to_f
           end
-          
+
           latmin    = DEFAULT_MIN       unless latmin;
           latsec    = DEFAULT_SEC       unless latsec;
           lathem    = lathem.upcase;
@@ -163,8 +168,6 @@ module Dnsruby
           lonsec    = DEFAULT_SEC       unless lonsec;
           lonhem    = lonhem.upcase
           
-          size      = DEFAULT_SIZE      unless size;
-
           @version   = version;
           @size      = size * 100;
           @horiz_pre = horiz_pre * 100;
@@ -178,7 +181,7 @@ module Dnsruby
       def from_hash(hash) #:nodoc: all
         super(hash)
         if (@size == nil)
-          @size = DEFAULT_SIZE
+          @size = DEFAULT_SIZE * 100
         end
         if @horiz_pre == nil
           @horiz_pre = DEFAULT_HORIZ_PRE * 100

data/lib/Dnsruby/select_thread.rb

@@ -71,22 +71,25 @@ module Dnsruby
     end
     
     def get_socket_pair
+      # Emulate socketpair on platforms which don't support it
+      srv = nil
       begin
-        pair =  Socket::socketpair(Socket::AF_LOCAL, Socket::SOCK_DGRAM, 0)
-        return pair
-
-        # Emulate socketpair on platforms which don't support it
-      rescue Exception
         srv = TCPServer.new('localhost', 0)
-        rsock = TCPSocket.new(srv.addr[3], srv.addr[1])
-        lsock = srv.accept
-        srv.close
-        return [lsock, rsock]
+      rescue Errno::EADDRNOTAVAIL # OSX Snow Leopard issue - need to use explicit IP
+        begin
+          srv = TCPServer.new('127.0.0.1', 0)
+        rescue Error # Try IPv6
+          srv = TCPServer.new('::1', 0)
+        end
       end
+      rsock = TCPSocket.new(srv.addr[3], srv.addr[1])
+      lsock = srv.accept
+      srv.close
+      return [lsock, rsock]
     end
 
     class QuerySettings
-      attr_accessor :query_bytes, :query, :ignore_truncation, :client_queue, 
+      attr_accessor :query_bytes, :query, :ignore_truncation, :client_queue,
         :client_query_id, :socket, :dest_server, :dest_port, :endtime, :udp_packet_size,
         :single_resolver
       # new(query_bytes, query, ignore_truncation, client_queue, client_query_id,
@@ -100,7 +103,7 @@ module Dnsruby
         @socket = args[5]
         @dest_server = args[6]
         @dest_port=args[7]
-        @endtime = args[8]  
+        @endtime = args[8]
         @udp_packet_size = args[9]
         @single_resolver = args[10]
       end
@@ -156,8 +159,8 @@ module Dnsruby
         sockets=[]
         timeouts=[]
         has_observer = false
-        @@mutex.synchronize {                
-          sockets = @@sockets 
+        @@mutex.synchronize {
+          sockets = @@sockets
           timeouts = @@timeouts.values
           has_observer = !@@observers.empty?
         }
@@ -241,7 +244,7 @@ module Dnsruby
           answeripaddr = IPAddr.new(answerip)
           dest_server = IPAddr.new("0.0.0.0")
           begin
-          destserveripaddr = IPAddr.new(dest_server)
+            destserveripaddr = IPAddr.new(dest_server)
           rescue ArgumentError
             # Host name not IP address
           end
@@ -249,7 +252,7 @@ module Dnsruby
                 (answeripaddr != destserveripaddr) &&
                 (answerfrom != dest_server))
             Dnsruby.log.warn("Unsolicited response received from #{answerip} instead of #{query_settings.dest_server}")
-          else 
+          else
             send_response_to_client(msg, bytes, socket)
           end
         end
@@ -308,8 +311,8 @@ module Dnsruby
       @@mutex.synchronize{
         socket = @@query_hash[id].socket
         @@timeouts.delete(id)
-        @@query_hash.delete(id)  
-        @@socket_hash.delete(socket)        
+        @@query_hash.delete(id)
+        @@socket_hash.delete(socket)
         @@sockets.delete(socket) # @TODO@ Not if persistent!
       }
       Dnsruby.log.debug{"Closing socket #{socket}"}
@@ -348,13 +351,13 @@ module Dnsruby
       }
       if (buf.length() < expected_length)
         begin
-        input, = socket.recv_nonblock(expected_length-buf.length)
-        if (input=="")
-          TheLog.info("Bad response from server - no bytes read - ignoring")
-          # @TODO@ Should we do anything about this?
-          return false
-        end
-        buf += input
+          input, = socket.recv_nonblock(expected_length-buf.length)
+          if (input=="")
+            TheLog.info("Bad response from server - no bytes read - ignoring")
+            # @TODO@ Should we do anything about this?
+            return false
+          end
+          buf += input
         rescue
           # Oh well - better luck next time!
           return false
@@ -421,13 +424,13 @@ module Dnsruby
           else
             # recvfrom failed - why?
             Dnsruby.log.error{"Error - recvfrom failed from #{socket}"}
-            handle_recvfrom_failure(socket, "")          
+            handle_recvfrom_failure(socket, "")
             return
-          end        
+          end
         end
       rescue Exception => e
         Dnsruby.log.error{"Error - recvfrom failed from #{socket}, exception : #{e}"}
-        handle_recvfrom_failure(socket, e)          
+        handle_recvfrom_failure(socket, e)
         return
       end
       Dnsruby.log.debug{";; answer from #{answerfrom} : #{answersize} bytes\n"}
@@ -435,14 +438,45 @@ module Dnsruby
       begin
         ans = Message.decode(buf)
       rescue Exception => e
-        #        print "DECODE ERROR\n"
         Dnsruby.log.error{"Decode error! #{e.class}, #{e}\nfor msg (length=#{buf.length}) : #{buf}"}
-        # @TODO@ Should know this from the socket!
         client_id=get_client_id_from_answerfrom(socket, answerip, answerport)
-        if (client_id != nil) 
-          send_exception_to_client(e, socket, client_id)
+        if (client_id == nil)
+          Dnsruby.log.error{"Decode error from #{answerip} but can't determine packet id"}
+        end
+        # We should check if the TC bit is set (if we can get that far)
+        if ((DecodeError === e) && (e.partial_message.header.tc))
+          Dnsruby.log.error{"Decode error (from {answerip})! Header shows truncation, so trying again over TCP"}
+          # If it is, then we should retry over TCP
+          sent = false
+          @@mutex.synchronize{
+            client_ids = @@socket_hash[socket]
+            # get the queries associated with them
+            client_ids.each do |id|
+              query_header_id=nil
+              query_header_id = @@query_hash[id].query.header.id
+              if (query_header_id == e.partial_message.header.id)
+                # process the response
+                client_queue = nil
+                res = nil
+                query=nil
+                client_queue = @@query_hash[id].client_queue
+                res = @@query_hash[id].single_resolver
+                query = @@query_hash[id].query
+
+                # NOW RESEND OVER TCP!
+                Thread.new {
+                  res.send_async(query, client_queue, id, true)
+                }
+                sent = true
+              end
+            end
+          }
+          if !sent
+            send_exception_to_client(e, socket, client_id)
+          end
+
         else
-          Dnsruby.log.error{"Decode error from #{answerfrom} but can't determine packet id"}
+          send_exception_to_client(e, socket, client_id)
         end
         return
       end
@@ -486,7 +520,6 @@ module Dnsruby
           query_settings = @@query_hash[id]
           if (answerip == query_settings.dest_server && answerport == query_settings.dest_port)
             # We have a match
-            # - @TODO@ as long as we're not speaking to the same server on two ports!
             client_id = id
             break
           end
@@ -516,7 +549,7 @@ module Dnsruby
       else
         @@select_thread = Thread.new {
           do_select
-        }      
+        }
       end
     end
     
@@ -637,7 +670,7 @@ module Dnsruby
     def add_observer(client_queue, observer)
       @@mutex.synchronize {
         @@observers[client_queue]=observer
-        check_select_thread_synchronized # Is this really necessary? The client should start the thread by sending a query, really...        
+        check_select_thread_synchronized # Is this really necessary? The client should start the thread by sending a query, really...
         if (!@@tick_observers.include?observer)
           @@tick_observers.push(observer)
         end
@@ -669,7 +702,7 @@ module Dnsruby
       }
       if (observer)
         observer.handle_queue_event(client_queue, client_query_id)
-      end      
+      end
     end
     
     def send_tick_to_observers

data/lib/Dnsruby/single_verifier.rb

@@ -31,8 +31,6 @@ module Dnsruby
       @added_dlv_key = false
       # The DNSKEY RRs for the signed root (when it exists)
       @root_anchors = KeyCache.new
-      # Could add methods for interacting with root anchors - see test/tc_itar.rb
-      # for example of how to load ITAR trust anchors into dnsruby
 
       # The set of trust anchors.
       # If the root is unsigned, then these must be initialised with at least
@@ -165,6 +163,10 @@ module Dnsruby
       @trusted_keys.add(k)
     end
 
+    def add_root_ds(ds)
+      @configured_ds_store.push(ds)
+    end
+
     # Wipes the cache of trusted keys
     def clear_trusted_keys
       @trusted_keys = KeyCache.new

data/lib/Dnsruby/zone_reader.rb

@@ -89,7 +89,7 @@ module Dnsruby
         # Add the next line until we see a ")"
         # REMEMBER TO STRIP OFF COMMENTS!!!
         @continued_line = strip_comments(@continued_line)
-        line = @continued_line.strip.chomp + " " + line
+        line = @continued_line.rstrip.chomp + " " + line
         if (line.index(")"))
           # OK
           @continued_line = false

data/lib/dnsruby.rb

@@ -104,7 +104,7 @@ require 'Dnsruby/TheLog'
 module Dnsruby
 
   # @TODO@ Remember to update version in dnsruby.gemspec!
-  VERSION = 1.47
+  VERSION = 1.48
   def Dnsruby.version
     return VERSION
   end
@@ -468,6 +468,7 @@ module Dnsruby
 
   #Indicates an error in decoding an incoming DNS message
   class DecodeError < ResolvError
+    attr_accessor :partial_message
   end
 
   #Indicates an error encoding a DNS message for transmission

data/test/tc_rr.rb

@@ -295,13 +295,22 @@ class TestRR < Test::Unit::TestCase
     rr = RR.create("all.rr.org.		IN	LOC		42 21 54 N 71 06 18 W -24m 30m")
     assert(rr.vert_pre == 1000)
     assert(rr.horiz_pre == 1000000)
-    lon = rr.longitude
-#    rr2 = RR.create("all.rr.org.	1209600	IN	LOC	42 21 54.000 N 71 06 18.000 W 4294967272m 30m 10000m 10m")
-#    print rr2.longitude
-#    assert(rr2.longitude = lon)
-#    print rr.to_s + "\n"
-#    print rr2.to_s + "\n"
-#    assert(rr.longitude == rr2.longitude)
-#    assert(rr == rr2)
+    assert(rr.to_s.index("21"))
+    assert(rr.to_s.index("71"))
+    assert(rr.to_s.index("54"))
+    assert(rr.to_s.index("71"))
+    assert(rr.to_s.index("06"))
+    assert(rr.to_s.index("18"))
+
+    r2 = RR.create("helium				IN LOC	51 49 17.9 N 4 39 22.9 E 0m")
+    assert(r2.size == 100)
+    assert(r2.to_s.index("17.9"))
+    assert(r2.to_s.index("22.9"))
+  end
+
+  def test_hinfo
+    rr = RR.create('helium				IN HINFO	"Shuttle-ST61G4 Intel PIV3000" "FreeBSD 7.0-STABLE"')
+    assert rr.to_s.index('"Shuttle-ST61G4 Intel PIV3000"')
+    assert rr.to_s.index('"FreeBSD 7.0-STABLE"')
   end
 end

data/test/tc_tcp.rb

@@ -29,13 +29,14 @@ class TestTcp < Test::Unit::TestCase
   end
   def test_TCP_port
     # Need a test server so we can tell what port this message was actually sent on!
-    port = 59125
+    port = nil
     src_port = 57923
     Dnsruby::PacketSender.clear_caches
     received_port = nil
     server_thread = Thread.new {
-      ts = TCPServer.new(port)
-      t = ts.accept
+      ts = TCPServer.new(0)
+      port = ts.addr[1]
+        t = ts.accept
       # Check that the source port was src_port
       received_port = t.peeraddr()[1]
       packet = t.recvfrom(2)[0]
@@ -77,5 +78,114 @@ class TestTcp < Test::Unit::TestCase
     assert(ret.header.tc, "Message should be truncated with no TCP")
   end
 
+  class HackMessage < Dnsruby::Message
+    def wipe_additional
+      @additional = Dnsruby::Message::Section.new(self)
+    end
+
+    #Decode the encoded message
+    def HackMessage.decode(m)
+      o = HackMessage.new()
+      begin
+        Dnsruby::MessageDecoder.new(m) {|msg|
+          o.header = Dnsruby::Header.new(msg)
+          o.header.qdcount.times {
+            question = msg.get_question
+            o.question << question
+          }
+          o.header.ancount.times {
+            rr = msg.get_rr
+            o.answer << rr
+          }
+          o.header.nscount.times {
+            rr = msg.get_rr
+            o.authority << rr
+          }
+          o.header.arcount.times { |count|
+            start = msg.index
+            rr = msg.get_rr
+            if (rr.type == Dnsruby::Types::TSIG)
+              if (count!=o.header.arcount-1)
+                Dnsruby.log.Error("Incoming message has TSIG record before last record")
+                raise Dnsruby::DecodeError.new("TSIG record present before last record")
+              end
+              o.tsigstart = start # needed for TSIG verification
+            end
+            o.additional << rr
+          }
+        }
+      rescue Dnsruby::DecodeError => e
+        # So we got a decode error
+        # However, we might have been able to fill in many parts of the message
+        # So let's raise the DecodeError, but add the partially completed message
+        e.partial_message = o
+        raise e
+      end
+      return o
+    end
+
+  end
+
+  def test_bad_truncation
+    # Some servers don't do truncation properly.
+    # Make a UDP server which returns large badly formatted packets (arcount > num_additional), with TC bit set
+    # And make a TCP server which returns large well formatted packets
+    # Then make sure that Dnsruby recieves response correctly.
+        Dnsruby::PacketSender.clear_caches
+    socket = UDPSocket.new
+    socket.bind("127.0.0.1", 0)
+    port = socket.addr[1]
+    Thread.new {
+      s = socket.recvfrom(65536)
+      received_query = s[0]
+      socket.connect(s[1][2], s[1][1])
+      ans = HackMessage.decode(received_query)
+      ans.wipe_additional
+      100.times {|i|
+      ans.add_additional(Dnsruby::RR.create("example.com 3600 IN A 1.2.3.#{i}"))
+      }
+      ans.header.arcount = 110
+      ans.header.tc = true
+      socket.send(ans.encode,0)
+    }
+
+        server_thread = Thread.new {
+      ts = TCPServer.new(port)
+      t = ts.accept
+      packet = t.recvfrom(2)[0]
+
+      len = (packet[0]<<8)+packet[1]
+      if (RUBY_VERSION >= "1.9")
+        len = (packet[0].getbyte(0)<<8)+packet[1].getbyte(0)# Ruby 1.9
+      end
+      packet = t.recvfrom(len)[0]
+      tcpPacket = HackMessage.decode(packet)
+            tcpPacket.wipe_additional
+      110.times {|i|
+      tcpPacket.add_additional(Dnsruby::RR.create("example.com 3600 IN A 1.2.3.#{i}"))
+      }
+      lenmsg = [tcpPacket.encode.length].pack('n')
+      t.send(lenmsg, 0)
+      t.write(tcpPacket.encode)
+      t.close
+      ts.close
+    }
+
+
+
+        # Now send query
+    res = Dnsruby::Resolver.new("127.0.0.1")
+    res.port = port
+    res.udp_size = 4096
+    assert(res.udp_size == 4096)
+    ret = res.query("example.com")
+    assert(ret.header.arcount == 110)
+    count = 0
+    ret.additional.each {|rr| count += 1}
+    assert(count == 110)
+
+
+  end
+
   #@TODO@ Check stuff like persistent sockets
 end

data/test/tc_validator.rb

@@ -25,6 +25,7 @@ class TestValidator < Test::Unit::TestCase
     Dnsruby::Dnssec.clear_trust_anchors
     res = Dnsruby::Resolver.new("dnssec.nominet.org.uk")
     res.dnssec=true
+    res.do_validation = true
     Dnsruby::Dnssec.do_validation_with_recursor(false)
     Dnsruby::Dnssec.default_resolver=(res) # This is a closed zone (not reachable by recursion)
 

data/test/ts_online.rb

@@ -93,7 +93,6 @@ if (online)
       puts "Running DNSSEC test - may fail if OpenSSL not complete"
       puts "------------------------------------------------------"      
       require "test/tc_verifier.rb"
-      require "test/tc_itar.rb"
       require "test/tc_dlv.rb"
       require "test/tc_validator.rb"
     end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: dnsruby
 version: !ruby/object:Gem::Version 
-  version: "1.47"
+  version: "1.48"
 platform: ruby
 authors: 
 - AlexD
@@ -9,7 +9,7 @@ autorequire: dnsruby
 bindir: bin
 cert_chain: []
 
-date: 2010-05-19 00:00:00 +01:00
+date: 2010-07-23 00:00:00 +01:00
 default_executable: 
 dependencies: []
 
@@ -39,7 +39,6 @@ files:
 - test/tc_header.rb
 - test/tc_hip.rb
 - test/tc_ipseckey.rb
-- test/tc_itar.rb
 - test/tc_misc.rb
 - test/tc_name.rb
 - test/tc_naptr.rb
@@ -141,7 +140,7 @@ files:
 - demo/check_soa.rb
 - demo/check_zone.rb
 - demo/digdlv.rb
-- demo/digitar.rb
+- demo/digroot.rb
 - demo/example_recurse.rb
 - demo/mresolv.rb
 - demo/mx.rb

data/test/tc_itar.rb

@@ -1,82 +0,0 @@
-#--
-#Copyright 2007 Nominet UK
-#
-#Licensed under the Apache License, Version 2.0 (the "License");
-#you may not use this file except in compliance with the License.
-#You may obtain a copy of the License at
-#
-#     http://www.apache.org/licenses/LICENSE-2.0
-#
-#Unless required by applicable law or agreed to in writing, software
-#distributed under the License is distributed on an "AS IS" BASIS,
-#WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#See the License for the specific language governing permissions and
-#limitations under the License.
-#++
-
-require 'test/unit'
-require 'dnsruby'
-include Dnsruby
-
-class TestItar < Test::Unit::TestCase
-  def test_itar
-    Dnsruby::Dnssec.reset
-    Dnsruby::PacketSender.clear_caches
-    Dnsruby::Recursor.clear_caches
-    run_test_se(true)
-    Dnsruby::Dnssec.reset
-    Dnsruby::Recursor.clear_caches
-
-    # Then try to validate some records in the published zones
-    Dnsruby::PacketSender.clear_caches
-    # Download the ITAR - add the DS records to dnssec
-    Dnssec.load_itar()
-
-    run_test_se(false)
-  end
-
-  def test_with_no_dlv_anchor
-    Dnsruby::Dnssec.reset
-    Dnsruby::PacketSender.clear_caches
-    Dnsruby::Recursor.clear_caches
-    # Make sure we don't have any other anchors configured!
-    res = Dnsruby::Recursor.new
-    ret = res.query("frobbit.se.", Dnsruby::Types.A)
-    assert(ret.security_level == Dnsruby::Message::SecurityLevel::INSECURE, "Level = #{ret.security_level.string}")
-    Dnsruby::Dnssec.reset
-    Dnsruby::PacketSender.clear_caches
-    Dnsruby::Recursor.clear_caches
-    Dnssec.load_itar
-    res = Dnsruby::Recursor.new
-    ret = res.query("frobbit.se.", Dnsruby::Types.A)
-    assert(ret.security_level == Dnsruby::Message::SecurityLevel::SECURE)
-
-    res = Dnsruby::Recursor.new
-    ret = res.query("ns2.nic.se.", Dnsruby::Types.A)
-    assert(ret.security_level == Dnsruby::Message::SecurityLevel::SECURE)
-  end
-
-  def run_test_se(should_fail)
-    res = Dnsruby::Recursor.new
-    r = res.query("frobbit.se.", Dnsruby::Types.A)
-    if (!should_fail)
-      assert(r.security_level == Dnsruby::Message::SecurityLevel::SECURE)
-    else
-      assert(r.security_level != Dnsruby::Message::SecurityLevel::SECURE)
-    end
-    # Haven't configured key for this, so should fail
-    begin
-      ret = Dnssec.verify(r)
-      if (should_fail)
-        fail
-      end
-    rescue (Dnsruby::VerifyError)
-      if (!should_fail)
-        fail
-      end
-    end
-    #    assert(!ret, "Dnssec message verification failed")
-
-  end
-
-end