dnsruby 1.51 → 1.52

data/lib/Dnsruby/PacketSender.rb

@@ -190,9 +190,12 @@ module Dnsruby
       elsif (arg.kind_of?Hash)
         arg.keys.each do |attr|
           begin
-            send(attr.to_s+"=", arg[attr])
-          rescue Exception
-            Dnsruby.log.error{"Argument #{attr} not valid\n"}
+            if ((attr.to_s == "src_address") && ((arg[attr] == nil) || (arg[attr] == "")))
+            else
+              send(attr.to_s+"=", arg[attr])
+            end
+          rescue Exception => e
+            Dnsruby.log.error{"PacketSender : Argument #{attr}, #{arg[attr]} not valid : #{e}\n"}
           end
           #        end
         end

data/lib/Dnsruby/Recursor.rb

@@ -163,8 +163,16 @@ module Dnsruby
     @@authority_cache = Hash.new
     @@zones_cache = nil
         
-    def initialize(res = Resolver.new)
-      @resolver = res
+    def initialize(res = nil)
+      if (res)
+        @resolver = res
+      else
+        if (defined?@@nameservers && @@nameservers.length > 0)
+          @resolver = Resolver.new({:nameserver => @@nameservers})
+        else
+          @resolver = Resolver.new
+        end
+      end
       @ipv6_ok = false
     end
     #Initialize the hint servers.  Recursive queries need a starting name
@@ -184,17 +192,33 @@ module Dnsruby
     end
     def Recursor.set_hints(hints, resolver)
       TheLog.debug(";; hints(#{hints.inspect})\n")
+      @resolver = resolver
+      if (resolver.single_resolvers.length == 0)
+        resolver = Resolver.new()
+      end
+      if (hints && hints.length > 0)
+        resolver.nameservers=hints
+        if (String === hints)
+          hints = [hints]
+        end
+        hints.each {|hint|
+          @@hints = Hash.new
+          @@hints[hint]=hint
+        }
+      end
       if (!hints && @@nameservers)
         @@hints=(@@nameservers)
       else
         @@nameservers=(hints)
+        @@hints = hints
       end
       TheLog.debug(";; verifying (root) zone...\n")
       # bind always asks one of the hint servers
       # for who it thinks is authoritative for
       # the (root) zone as a sanity check.
       # Nice idea.
-          
+
+      #      if (!@@hints || @@hints.length == 0)
       resolver.recurse=(1)
       packet=resolver.query_no_validation_or_recursion(".", "NS", "IN")
       hints = Hash.new
@@ -232,7 +256,7 @@ module Dnsruby
                 end
               end
                   
-            end 
+            end
           end
         end
         #                      foreach my $server (keys %hints) {
@@ -247,12 +271,10 @@ module Dnsruby
         @@hints = {}
       end
       if (@@hints.size > 0)
-        if (@debug)
-          TheLog.info(";; USING THE FOLLOWING HINT IPS:\n")
-          @@hints.values.each do |ips|
-            ips.each do |server|
-              TheLog.info(";;  #{server}\n")
-            end
+        TheLog.info(";; USING THE FOLLOWING HINT IPS:\n")
+        @@hints.values.each do |ips|
+          ips.each do |server|
+            TheLog.info(";;  #{server}\n")
           end
         end
       else
@@ -261,8 +283,27 @@ module Dnsruby
           
       # Disable recursion flag.
       resolver.recurse=(0)
+      #      end
           
       #  return $self->nameservers( map { @{ $_ } } values %{ $self->{'hints'} } );
+      if (Array === @@hints)
+        temp = []
+        @@hints.each {|hint|
+          temp.push(hint)
+        }
+        @@hints = Hash.new
+        count = 0
+        temp.each {|hint|
+          print "Adding hint : #{temp[count]}\n"
+          @@hints[count] = temp[count]
+          count += 1
+        }
+      end
+      if (String === @@hints)
+        temp = @@hints
+        @@hints = Hash.new
+        @@hints[0] = temp
+      end
       @@nameservers = @@hints.values
       return @@nameservers
     end
@@ -538,6 +579,7 @@ module Dnsruby
         query = Message.new(name, type, klass)
         query.header.rd = false
         query.do_validation = true
+        query.do_caching = false
         query.do_validation = false if no_validation
         #            print "Sending msg from resolver, dnssec = #{resolver.dnssec}, do_validation = #{query.do_validation}\n"
         packet = resolver.send_message(query)

data/lib/Dnsruby/Resolver.rb

@@ -394,8 +394,8 @@ module Dnsruby
               else
                 send(key.to_s+"=", args[0][key])
               end
-            rescue Exception
-              Dnsruby.log.error{"Argument #{key} not valid\n"}
+            rescue Exception => e
+              Dnsruby.log.error{"Argument #{key} not valid : #{e}\n"}
             end
           end
         elsif (args[0].class == String)
@@ -517,7 +517,7 @@ module Dnsruby
     end
 
     def nameservers=(ns)
-      self.nameserver=(n)
+      self.nameserver=(ns)
     end
     def nameserver=(n)
       @configured = true
@@ -869,7 +869,7 @@ module Dnsruby
       @parent.single_res_mutex.synchronize {
         @query_list.each do |client_query_id, values|
           msg, client_queue, q, outstanding = values
-          send_result_and_close(client_queue, client_query_id, q, nil, OtherResolvError.new("Resolver closing!"))
+          send_result_and_stop_querying(client_queue, client_query_id, q, nil, OtherResolvError.new("Resolver closing!"))
         end
       }
     end
@@ -977,10 +977,10 @@ module Dnsruby
       # 2) we've validated the response - it's ready to be sent to the client
       #
       # so need two more methods :
-      #  handleValidationResponse : basically calls send_result_and_close and
+      #  handleValidationResponse : basically calls send_result_and_stop_querying and
       #  handleValidationError : does the same as handleValidationResponse, but for errors
       # can leave handleError alone
-      # but need to change handleResponse to stop sending, rather than send_result_and_close.
+      # but need to change handleResponse to stop sending, rather than send_result_and_stop_querying.
       #
       # @TODO@ Also, we could really do with a MaxValidationTimeout - if validation not OK within
       # this time, then raise Timeout (and stop validation)?
@@ -1143,7 +1143,6 @@ module Dnsruby
         Dnsruby.log.error{"Serious internal error : expected select queue #{s_queue}, got #{select_queue}"}
         raise RuntimeError.new("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
       end
-      #        send_result_and_close(client_queue, client_query_id, select_queue, response, nil)
       stop_querying(client_query_id)
       # @TODO@ Does the client want notified at this point?
       #        client_queue.push([client_query_id, Resolver::EventType::RECEIVED, msg, nil])
@@ -1163,7 +1162,6 @@ module Dnsruby
       else
         # @TODO@ Was there an error validating? Should we raise an exception for certain security levels?
         # This should be configurable by the client.
-        #        send_result_and_close(client_queue, client_query_id, select_queue, response, nil)
         send_result(client_queue, client_query_id, select_queue, response, nil)
         #      }
       end

data/lib/Dnsruby/dnssec.rb

@@ -134,6 +134,11 @@ module Dnsruby
       @@default_resolver = Resolver.new
     end
 
+    def self.set_hints(hints)
+      @@root_verifier.set_hints(hints)
+      @@anchor_verifier.set_hints(hints)
+    end
+
     def self.no_keys?
       no_keys = true
       [@@anchor_verifier, @@root_verifier, @@dlv_verifier].each {|v|

data/lib/Dnsruby/single_verifier.rb

@@ -51,6 +51,22 @@ module Dnsruby
       # by the client as trust anchors. Use Dnssec#add_trust_anchor to add these
       @configured_ds_store = []
     end
+    
+    def set_hints(hints)
+      @@hints = hints
+    end
+
+    def get_recursor
+      if (!defined?@@recursor)
+        if (defined?@@hints)
+          Recursor.set_hints(@@hints, Resolver.new)
+        @@recursor = Recursor.new()
+        else
+        @@recursor = Recursor.new
+        end
+      end
+      return @@recursor
+    end
 
     def get_dlv_resolver # :nodoc:
 #      if (Dnssec.do_validation_with_recursor?)
@@ -105,7 +121,7 @@ module Dnsruby
     # Add the
     def add_trust_anchor_with_expiration(k, expiration)
       if (k.type == Types.DNSKEY)
-        k.flags = k.flags | RR::IN::DNSKEY::SEP_KEY
+#        k.flags = k.flags | RR::IN::DNSKEY::SEP_KEY
         @trust_anchors.add_key_with_expiration(k, expiration)
         #        print "Adding trust anchor for #{k.name}\n"
         TheLog.info("Adding trust anchor for #{k.name}")
@@ -813,7 +829,7 @@ module Dnsruby
       res = get_nameservers_for(name)
       if (!res)
         if (Dnssec.do_validation_with_recursor?)
-          res = Recursor.new
+          res = get_recursor
         else
           if(Dnssec.default_resolver)
             res = Dnssec.default_resolver
@@ -892,6 +908,7 @@ module Dnsruby
       # Check if we have an anchor for name.
       # If not, strip off first label and try again
       # If we get to root, then return false
+      name = "." if name == ""
       n = Name.create(name)
       root = Name.create(".")
       while (true) # n != root)
@@ -899,7 +916,7 @@ module Dnsruby
         (@trust_anchors.keys + @trusted_keys.keys + @configured_ds_store + @discovered_ds_store).each {|key|
           return key if key.name.canonical == n.canonical
         }
-        break if (n == root)
+        break if (n.to_s == root.to_s)
         # strip the name
         n = n.strip_label
       end
@@ -924,7 +941,8 @@ module Dnsruby
       #      print "Follow chain from #{anchor.name} to #{name}\n"
       TheLog.debug("Follow chain from #{anchor.name} to #{name}")
 
-      res = nil
+#      res = nil
+      res = Dnssec.default_resolver
       #      while ((next_step != name) || (next_key.type != Types.DNSKEY))
       while (true)
         #        print "In loop for parent=#{parent}, next step = #{next_step}\n"
@@ -954,7 +972,7 @@ module Dnsruby
 
     def get_anchor_for(child, parent, current_anchor, parent_res = nil) # :nodoc:
       #      print "Trying to discover anchor for #{child} from #{parent}\n"
-      TheLog.debug("Trying to discover anchor for #{child} from #{parent}")
+      TheLog.debug("Trying to discover anchor for #{child} from #{parent} using #{current_anchor}, #{parent_res}")
       # We wish to return a DNSKEY which the caller can use to verify name
       # We are either given a key or a ds record from the parent zone
       # If given a DNSKEY, then find a DS record signed by that key for the child zone
@@ -963,14 +981,17 @@ module Dnsruby
 
       # Find NS RRSet for parent
       child_res = nil
+      if (Dnssec.do_validation_with_recursor?)
+        parent_res = get_recursor
+      end
       begin
         if (child!=parent)
           if (!parent_res)
-            #            print "No res passed - try to get nameservers for #{parent}\n"
+#                      print "No res passed - try to get nameservers for #{parent}\n"
             parent_res = get_nameservers_for(parent)
             if (!parent_res)
               if (Dnssec.do_validation_with_recursor?)
-                parent_res = Recursor.new
+                parent_res = get_recursor
               else
                 if (Dnssec.default_resolver)
                   parent_res = Dnssec.default_resolver
@@ -1000,7 +1021,7 @@ module Dnsruby
             if (ds_rrset.rrs.length == 0)
               # @TODO@ Check NSEC(3) records - still need to verify there are REALLY no ds records!
               #              print "NO DS RECORDS RETURNED FOR #{parent}\n"
-              child_res = parent_res
+#              child_res = parent_res
             else
               begin
                 if (verify(ds_rrset, current_anchor))
@@ -1021,7 +1042,7 @@ module Dnsruby
         end
         if (!child_res)
           if (Dnssec.do_validation_with_recursor?)
-            child_res = Recursor.new
+            child_res = get_recursor
           else
             if (Dnssec.default_resolver)
               child_res = Dnssec.default_resolver
@@ -1108,7 +1129,7 @@ module Dnsruby
     def get_nameservers_for(name, res = nil) # :nodoc:
       # @TODO@ !!!
       if (Dnssec.do_validation_with_recursor?)
-        return Recursor.new
+        return get_recursor
       else
         if (Dnssec.default_resolver)
           return Dnssec.default_resolver
@@ -1244,6 +1265,7 @@ module Dnsruby
       msg.security_level = Message::SecurityLevel.INDETERMINATE
       qname = msg.question()[0].qname
       closest_anchor = find_closest_anchor_for(qname)
+      TheLog.debug("Closest anchor for #{qname} is #{closest_anchor} - trying to follow down")
       error = try_to_follow_from_anchor(closest_anchor, msg, qname)
 
       if ((msg.security_level.code < Message::SecurityLevel::SECURE) &&

data/lib/Dnsruby/zone_reader.rb

@@ -203,6 +203,13 @@ module Dnsruby
       # Note that a freestanding "@" is used to denote the current origin - we can simply replace that straight away
       # Remove the ( and )
       # Note that no domain name may be specified in the RR - in that case, last_name should be used. How do we tell? Tab or space at start of line.
+
+      # If we have text in the record, then ignore that in the parsing, and stick it on again at the end
+      stored_line = "";
+      if (line.index('"') != nil)
+          stored_line = line[line.index('"'), line.length];
+          line = line [0, line.index('"')]
+      end
       if ((line[0,1] == " ") || (line[0,1] == "\t"))
         line = @last_name + " " + line
       end
@@ -324,7 +331,12 @@ module Dnsruby
         end
       end
 
-      line = line.split.join(' ').strip
+      line = line.strip
+
+      if (stored_line && stored_line != "")
+        line += " " + stored_line.strip
+      end
+
       # We need to fix up any non-absolute names in the RR
       # Some RRs have a single name, at the end of the string -
       #   to do these, we can just check the last character for "." and add the
@@ -366,7 +378,6 @@ module Dnsruby
         end
         line = parsed_rr.to_s
       end
-
       if (do_prefix_hack)
         return line + "\n", type_string, @last_name
       end

data/lib/dnsruby.rb

@@ -104,7 +104,7 @@ require 'Dnsruby/TheLog'
 module Dnsruby
 
   # @TODO@ Remember to update version in dnsruby.gemspec!
-  VERSION = 1.51
+  VERSION = 1.52
   def Dnsruby.version
     return VERSION
   end

data/test/tc_validator.rb

@@ -31,9 +31,10 @@ class TestValidator < Test::Unit::TestCase
 
     trusted_key = Dnsruby::RR.create({:name => "uk-dnssec.nic.uk.",
         :type => Dnsruby::Types.DNSKEY,
+        :flags => RR::IN::DNSKEY::SEP_KEY | RR::IN::DNSKEY::ZONE_KEY,
         :key=> "AQPJO6LjrCHhzSF9PIVV7YoQ8iE31FXvghx+14E+jsv4uWJR9jLrxMYm sFOGAKWhiis832ISbPTYtF8sxbNVEotgf9eePruAFPIg6ZixG4yMO9XG LXmcKTQ/cVudqkU00V7M0cUzsYrhc4gPH/NKfQJBC5dbBkbIXJkksPLv Fe8lReKYqocYP6Bng1eBTtkA+N+6mSXzCwSApbNysFnm6yfQwtKlr75p m+pd0/Um+uBkR4nJQGYNt0mPuw4QVBu1TfF5mQYIFoDYASLiDQpvNRN3 US0U5DEG9mARulKSSw448urHvOBwT9Gx5qF2NE4H9ySjOdftjpj62kjb Lmc8/v+z"
       })
-    ret = Dnsruby::Dnssec.add_trust_anchor_with_expiration(trusted_key, Time.now.to_i + 5000)
+    ret = Dnsruby::Dnssec.add_trust_anchor(trusted_key)
 
     r = res.query("aaa.bigzone.uk-dnssec.nic.uk", Dnsruby::Types.A)
     assert(r.security_level.code == Message::SecurityLevel::SECURE, "Level = #{r.security_level.string}")

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: dnsruby
 version: !ruby/object:Gem::Version 
-  version: "1.51"
+  version: "1.52"
 platform: ruby
 authors: 
 - AlexD
@@ -9,7 +9,7 @@ autorequire: dnsruby
 bindir: bin
 cert_chain: []
 
-date: 2010-11-12 00:00:00 +00:00
+date: 2011-03-18 00:00:00 +00:00
 default_executable: 
 dependencies: []