dnsruby 1.51 → 1.52

Sign up to get free protection for your applications and to get access to all the features.
@@ -190,9 +190,12 @@ module Dnsruby
190
190
  elsif (arg.kind_of?Hash)
191
191
  arg.keys.each do |attr|
192
192
  begin
193
- send(attr.to_s+"=", arg[attr])
194
- rescue Exception
195
- Dnsruby.log.error{"Argument #{attr} not valid\n"}
193
+ if ((attr.to_s == "src_address") && ((arg[attr] == nil) || (arg[attr] == "")))
194
+ else
195
+ send(attr.to_s+"=", arg[attr])
196
+ end
197
+ rescue Exception => e
198
+ Dnsruby.log.error{"PacketSender : Argument #{attr}, #{arg[attr]} not valid : #{e}\n"}
196
199
  end
197
200
  # end
198
201
  end
@@ -163,8 +163,16 @@ module Dnsruby
163
163
  @@authority_cache = Hash.new
164
164
  @@zones_cache = nil
165
165
 
166
- def initialize(res = Resolver.new)
167
- @resolver = res
166
+ def initialize(res = nil)
167
+ if (res)
168
+ @resolver = res
169
+ else
170
+ if (defined?@@nameservers && @@nameservers.length > 0)
171
+ @resolver = Resolver.new({:nameserver => @@nameservers})
172
+ else
173
+ @resolver = Resolver.new
174
+ end
175
+ end
168
176
  @ipv6_ok = false
169
177
  end
170
178
  #Initialize the hint servers. Recursive queries need a starting name
@@ -184,17 +192,33 @@ module Dnsruby
184
192
  end
185
193
  def Recursor.set_hints(hints, resolver)
186
194
  TheLog.debug(";; hints(#{hints.inspect})\n")
195
+ @resolver = resolver
196
+ if (resolver.single_resolvers.length == 0)
197
+ resolver = Resolver.new()
198
+ end
199
+ if (hints && hints.length > 0)
200
+ resolver.nameservers=hints
201
+ if (String === hints)
202
+ hints = [hints]
203
+ end
204
+ hints.each {|hint|
205
+ @@hints = Hash.new
206
+ @@hints[hint]=hint
207
+ }
208
+ end
187
209
  if (!hints && @@nameservers)
188
210
  @@hints=(@@nameservers)
189
211
  else
190
212
  @@nameservers=(hints)
213
+ @@hints = hints
191
214
  end
192
215
  TheLog.debug(";; verifying (root) zone...\n")
193
216
  # bind always asks one of the hint servers
194
217
  # for who it thinks is authoritative for
195
218
  # the (root) zone as a sanity check.
196
219
  # Nice idea.
197
-
220
+
221
+ # if (!@@hints || @@hints.length == 0)
198
222
  resolver.recurse=(1)
199
223
  packet=resolver.query_no_validation_or_recursion(".", "NS", "IN")
200
224
  hints = Hash.new
@@ -232,7 +256,7 @@ module Dnsruby
232
256
  end
233
257
  end
234
258
 
235
- end
259
+ end
236
260
  end
237
261
  end
238
262
  # foreach my $server (keys %hints) {
@@ -247,12 +271,10 @@ module Dnsruby
247
271
  @@hints = {}
248
272
  end
249
273
  if (@@hints.size > 0)
250
- if (@debug)
251
- TheLog.info(";; USING THE FOLLOWING HINT IPS:\n")
252
- @@hints.values.each do |ips|
253
- ips.each do |server|
254
- TheLog.info(";; #{server}\n")
255
- end
274
+ TheLog.info(";; USING THE FOLLOWING HINT IPS:\n")
275
+ @@hints.values.each do |ips|
276
+ ips.each do |server|
277
+ TheLog.info(";; #{server}\n")
256
278
  end
257
279
  end
258
280
  else
@@ -261,8 +283,27 @@ module Dnsruby
261
283
 
262
284
  # Disable recursion flag.
263
285
  resolver.recurse=(0)
286
+ # end
264
287
 
265
288
  # return $self->nameservers( map { @{ $_ } } values %{ $self->{'hints'} } );
289
+ if (Array === @@hints)
290
+ temp = []
291
+ @@hints.each {|hint|
292
+ temp.push(hint)
293
+ }
294
+ @@hints = Hash.new
295
+ count = 0
296
+ temp.each {|hint|
297
+ print "Adding hint : #{temp[count]}\n"
298
+ @@hints[count] = temp[count]
299
+ count += 1
300
+ }
301
+ end
302
+ if (String === @@hints)
303
+ temp = @@hints
304
+ @@hints = Hash.new
305
+ @@hints[0] = temp
306
+ end
266
307
  @@nameservers = @@hints.values
267
308
  return @@nameservers
268
309
  end
@@ -538,6 +579,7 @@ module Dnsruby
538
579
  query = Message.new(name, type, klass)
539
580
  query.header.rd = false
540
581
  query.do_validation = true
582
+ query.do_caching = false
541
583
  query.do_validation = false if no_validation
542
584
  # print "Sending msg from resolver, dnssec = #{resolver.dnssec}, do_validation = #{query.do_validation}\n"
543
585
  packet = resolver.send_message(query)
@@ -394,8 +394,8 @@ module Dnsruby
394
394
  else
395
395
  send(key.to_s+"=", args[0][key])
396
396
  end
397
- rescue Exception
398
- Dnsruby.log.error{"Argument #{key} not valid\n"}
397
+ rescue Exception => e
398
+ Dnsruby.log.error{"Argument #{key} not valid : #{e}\n"}
399
399
  end
400
400
  end
401
401
  elsif (args[0].class == String)
@@ -517,7 +517,7 @@ module Dnsruby
517
517
  end
518
518
 
519
519
  def nameservers=(ns)
520
- self.nameserver=(n)
520
+ self.nameserver=(ns)
521
521
  end
522
522
  def nameserver=(n)
523
523
  @configured = true
@@ -869,7 +869,7 @@ module Dnsruby
869
869
  @parent.single_res_mutex.synchronize {
870
870
  @query_list.each do |client_query_id, values|
871
871
  msg, client_queue, q, outstanding = values
872
- send_result_and_close(client_queue, client_query_id, q, nil, OtherResolvError.new("Resolver closing!"))
872
+ send_result_and_stop_querying(client_queue, client_query_id, q, nil, OtherResolvError.new("Resolver closing!"))
873
873
  end
874
874
  }
875
875
  end
@@ -977,10 +977,10 @@ module Dnsruby
977
977
  # 2) we've validated the response - it's ready to be sent to the client
978
978
  #
979
979
  # so need two more methods :
980
- # handleValidationResponse : basically calls send_result_and_close and
980
+ # handleValidationResponse : basically calls send_result_and_stop_querying and
981
981
  # handleValidationError : does the same as handleValidationResponse, but for errors
982
982
  # can leave handleError alone
983
- # but need to change handleResponse to stop sending, rather than send_result_and_close.
983
+ # but need to change handleResponse to stop sending, rather than send_result_and_stop_querying.
984
984
  #
985
985
  # @TODO@ Also, we could really do with a MaxValidationTimeout - if validation not OK within
986
986
  # this time, then raise Timeout (and stop validation)?
@@ -1143,7 +1143,6 @@ module Dnsruby
1143
1143
  Dnsruby.log.error{"Serious internal error : expected select queue #{s_queue}, got #{select_queue}"}
1144
1144
  raise RuntimeError.new("Serious internal error : expected select queue #{s_queue}, got #{select_queue}")
1145
1145
  end
1146
- # send_result_and_close(client_queue, client_query_id, select_queue, response, nil)
1147
1146
  stop_querying(client_query_id)
1148
1147
  # @TODO@ Does the client want notified at this point?
1149
1148
  # client_queue.push([client_query_id, Resolver::EventType::RECEIVED, msg, nil])
@@ -1163,7 +1162,6 @@ module Dnsruby
1163
1162
  else
1164
1163
  # @TODO@ Was there an error validating? Should we raise an exception for certain security levels?
1165
1164
  # This should be configurable by the client.
1166
- # send_result_and_close(client_queue, client_query_id, select_queue, response, nil)
1167
1165
  send_result(client_queue, client_query_id, select_queue, response, nil)
1168
1166
  # }
1169
1167
  end
@@ -134,6 +134,11 @@ module Dnsruby
134
134
  @@default_resolver = Resolver.new
135
135
  end
136
136
 
137
+ def self.set_hints(hints)
138
+ @@root_verifier.set_hints(hints)
139
+ @@anchor_verifier.set_hints(hints)
140
+ end
141
+
137
142
  def self.no_keys?
138
143
  no_keys = true
139
144
  [@@anchor_verifier, @@root_verifier, @@dlv_verifier].each {|v|
@@ -51,6 +51,22 @@ module Dnsruby
51
51
  # by the client as trust anchors. Use Dnssec#add_trust_anchor to add these
52
52
  @configured_ds_store = []
53
53
  end
54
+
55
+ def set_hints(hints)
56
+ @@hints = hints
57
+ end
58
+
59
+ def get_recursor
60
+ if (!defined?@@recursor)
61
+ if (defined?@@hints)
62
+ Recursor.set_hints(@@hints, Resolver.new)
63
+ @@recursor = Recursor.new()
64
+ else
65
+ @@recursor = Recursor.new
66
+ end
67
+ end
68
+ return @@recursor
69
+ end
54
70
 
55
71
  def get_dlv_resolver # :nodoc:
56
72
  # if (Dnssec.do_validation_with_recursor?)
@@ -105,7 +121,7 @@ module Dnsruby
105
121
  # Add the
106
122
  def add_trust_anchor_with_expiration(k, expiration)
107
123
  if (k.type == Types.DNSKEY)
108
- k.flags = k.flags | RR::IN::DNSKEY::SEP_KEY
124
+ # k.flags = k.flags | RR::IN::DNSKEY::SEP_KEY
109
125
  @trust_anchors.add_key_with_expiration(k, expiration)
110
126
  # print "Adding trust anchor for #{k.name}\n"
111
127
  TheLog.info("Adding trust anchor for #{k.name}")
@@ -813,7 +829,7 @@ module Dnsruby
813
829
  res = get_nameservers_for(name)
814
830
  if (!res)
815
831
  if (Dnssec.do_validation_with_recursor?)
816
- res = Recursor.new
832
+ res = get_recursor
817
833
  else
818
834
  if(Dnssec.default_resolver)
819
835
  res = Dnssec.default_resolver
@@ -892,6 +908,7 @@ module Dnsruby
892
908
  # Check if we have an anchor for name.
893
909
  # If not, strip off first label and try again
894
910
  # If we get to root, then return false
911
+ name = "." if name == ""
895
912
  n = Name.create(name)
896
913
  root = Name.create(".")
897
914
  while (true) # n != root)
@@ -899,7 +916,7 @@ module Dnsruby
899
916
  (@trust_anchors.keys + @trusted_keys.keys + @configured_ds_store + @discovered_ds_store).each {|key|
900
917
  return key if key.name.canonical == n.canonical
901
918
  }
902
- break if (n == root)
919
+ break if (n.to_s == root.to_s)
903
920
  # strip the name
904
921
  n = n.strip_label
905
922
  end
@@ -924,7 +941,8 @@ module Dnsruby
924
941
  # print "Follow chain from #{anchor.name} to #{name}\n"
925
942
  TheLog.debug("Follow chain from #{anchor.name} to #{name}")
926
943
 
927
- res = nil
944
+ # res = nil
945
+ res = Dnssec.default_resolver
928
946
  # while ((next_step != name) || (next_key.type != Types.DNSKEY))
929
947
  while (true)
930
948
  # print "In loop for parent=#{parent}, next step = #{next_step}\n"
@@ -954,7 +972,7 @@ module Dnsruby
954
972
 
955
973
  def get_anchor_for(child, parent, current_anchor, parent_res = nil) # :nodoc:
956
974
  # print "Trying to discover anchor for #{child} from #{parent}\n"
957
- TheLog.debug("Trying to discover anchor for #{child} from #{parent}")
975
+ TheLog.debug("Trying to discover anchor for #{child} from #{parent} using #{current_anchor}, #{parent_res}")
958
976
  # We wish to return a DNSKEY which the caller can use to verify name
959
977
  # We are either given a key or a ds record from the parent zone
960
978
  # If given a DNSKEY, then find a DS record signed by that key for the child zone
@@ -963,14 +981,17 @@ module Dnsruby
963
981
 
964
982
  # Find NS RRSet for parent
965
983
  child_res = nil
984
+ if (Dnssec.do_validation_with_recursor?)
985
+ parent_res = get_recursor
986
+ end
966
987
  begin
967
988
  if (child!=parent)
968
989
  if (!parent_res)
969
- # print "No res passed - try to get nameservers for #{parent}\n"
990
+ # print "No res passed - try to get nameservers for #{parent}\n"
970
991
  parent_res = get_nameservers_for(parent)
971
992
  if (!parent_res)
972
993
  if (Dnssec.do_validation_with_recursor?)
973
- parent_res = Recursor.new
994
+ parent_res = get_recursor
974
995
  else
975
996
  if (Dnssec.default_resolver)
976
997
  parent_res = Dnssec.default_resolver
@@ -1000,7 +1021,7 @@ module Dnsruby
1000
1021
  if (ds_rrset.rrs.length == 0)
1001
1022
  # @TODO@ Check NSEC(3) records - still need to verify there are REALLY no ds records!
1002
1023
  # print "NO DS RECORDS RETURNED FOR #{parent}\n"
1003
- child_res = parent_res
1024
+ # child_res = parent_res
1004
1025
  else
1005
1026
  begin
1006
1027
  if (verify(ds_rrset, current_anchor))
@@ -1021,7 +1042,7 @@ module Dnsruby
1021
1042
  end
1022
1043
  if (!child_res)
1023
1044
  if (Dnssec.do_validation_with_recursor?)
1024
- child_res = Recursor.new
1045
+ child_res = get_recursor
1025
1046
  else
1026
1047
  if (Dnssec.default_resolver)
1027
1048
  child_res = Dnssec.default_resolver
@@ -1108,7 +1129,7 @@ module Dnsruby
1108
1129
  def get_nameservers_for(name, res = nil) # :nodoc:
1109
1130
  # @TODO@ !!!
1110
1131
  if (Dnssec.do_validation_with_recursor?)
1111
- return Recursor.new
1132
+ return get_recursor
1112
1133
  else
1113
1134
  if (Dnssec.default_resolver)
1114
1135
  return Dnssec.default_resolver
@@ -1244,6 +1265,7 @@ module Dnsruby
1244
1265
  msg.security_level = Message::SecurityLevel.INDETERMINATE
1245
1266
  qname = msg.question()[0].qname
1246
1267
  closest_anchor = find_closest_anchor_for(qname)
1268
+ TheLog.debug("Closest anchor for #{qname} is #{closest_anchor} - trying to follow down")
1247
1269
  error = try_to_follow_from_anchor(closest_anchor, msg, qname)
1248
1270
 
1249
1271
  if ((msg.security_level.code < Message::SecurityLevel::SECURE) &&
@@ -203,6 +203,13 @@ module Dnsruby
203
203
  # Note that a freestanding "@" is used to denote the current origin - we can simply replace that straight away
204
204
  # Remove the ( and )
205
205
  # Note that no domain name may be specified in the RR - in that case, last_name should be used. How do we tell? Tab or space at start of line.
206
+
207
+ # If we have text in the record, then ignore that in the parsing, and stick it on again at the end
208
+ stored_line = "";
209
+ if (line.index('"') != nil)
210
+ stored_line = line[line.index('"'), line.length];
211
+ line = line [0, line.index('"')]
212
+ end
206
213
  if ((line[0,1] == " ") || (line[0,1] == "\t"))
207
214
  line = @last_name + " " + line
208
215
  end
@@ -324,7 +331,12 @@ module Dnsruby
324
331
  end
325
332
  end
326
333
 
327
- line = line.split.join(' ').strip
334
+ line = line.strip
335
+
336
+ if (stored_line && stored_line != "")
337
+ line += " " + stored_line.strip
338
+ end
339
+
328
340
  # We need to fix up any non-absolute names in the RR
329
341
  # Some RRs have a single name, at the end of the string -
330
342
  # to do these, we can just check the last character for "." and add the
@@ -366,7 +378,6 @@ module Dnsruby
366
378
  end
367
379
  line = parsed_rr.to_s
368
380
  end
369
-
370
381
  if (do_prefix_hack)
371
382
  return line + "\n", type_string, @last_name
372
383
  end
@@ -104,7 +104,7 @@ require 'Dnsruby/TheLog'
104
104
  module Dnsruby
105
105
 
106
106
  # @TODO@ Remember to update version in dnsruby.gemspec!
107
- VERSION = 1.51
107
+ VERSION = 1.52
108
108
  def Dnsruby.version
109
109
  return VERSION
110
110
  end
@@ -31,9 +31,10 @@ class TestValidator < Test::Unit::TestCase
31
31
 
32
32
  trusted_key = Dnsruby::RR.create({:name => "uk-dnssec.nic.uk.",
33
33
  :type => Dnsruby::Types.DNSKEY,
34
+ :flags => RR::IN::DNSKEY::SEP_KEY | RR::IN::DNSKEY::ZONE_KEY,
34
35
  :key=> "AQPJO6LjrCHhzSF9PIVV7YoQ8iE31FXvghx+14E+jsv4uWJR9jLrxMYm sFOGAKWhiis832ISbPTYtF8sxbNVEotgf9eePruAFPIg6ZixG4yMO9XG LXmcKTQ/cVudqkU00V7M0cUzsYrhc4gPH/NKfQJBC5dbBkbIXJkksPLv Fe8lReKYqocYP6Bng1eBTtkA+N+6mSXzCwSApbNysFnm6yfQwtKlr75p m+pd0/Um+uBkR4nJQGYNt0mPuw4QVBu1TfF5mQYIFoDYASLiDQpvNRN3 US0U5DEG9mARulKSSw448urHvOBwT9Gx5qF2NE4H9ySjOdftjpj62kjb Lmc8/v+z"
35
36
  })
36
- ret = Dnsruby::Dnssec.add_trust_anchor_with_expiration(trusted_key, Time.now.to_i + 5000)
37
+ ret = Dnsruby::Dnssec.add_trust_anchor(trusted_key)
37
38
 
38
39
  r = res.query("aaa.bigzone.uk-dnssec.nic.uk", Dnsruby::Types.A)
39
40
  assert(r.security_level.code == Message::SecurityLevel::SECURE, "Level = #{r.security_level.string}")
metadata CHANGED
@@ -1,7 +1,7 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dnsruby
3
3
  version: !ruby/object:Gem::Version
4
- version: "1.51"
4
+ version: "1.52"
5
5
  platform: ruby
6
6
  authors:
7
7
  - AlexD
@@ -9,7 +9,7 @@ autorequire: dnsruby
9
9
  bindir: bin
10
10
  cert_chain: []
11
11
 
12
- date: 2010-11-12 00:00:00 +00:00
12
+ date: 2011-03-18 00:00:00 +00:00
13
13
  default_executable:
14
14
  dependencies: []
15
15