You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

517 lines
16 KiB

  1. /*
  2. * This file is part of PowerDNS or dnsdist.
  3. * Copyright -- PowerDNS.COM B.V. and its contributors
  4. *
  5. * This program is free software; you can redistribute it and/or modify
  6. * it under the terms of version 2 of the GNU General Public License as
  7. * published by the Free Software Foundation.
  8. *
  9. * In addition, for the avoidance of any doubt, permission is granted to
  10. * link this program with OpenSSL and to (re)distribute the binaries
  11. * produced as the result of such linking.
  12. *
  13. * This program is distributed in the hope that it will be useful,
  14. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  15. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  16. * GNU General Public License for more details.
  17. *
  18. * You should have received a copy of the GNU General Public License
  19. * along with this program; if not, write to the Free Software
  20. * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
  21. */
  22. #pragma once
  23. #include <cstring>
  24. #include <string>
  25. #include <vector>
  26. #include <set>
  27. #include <deque>
  28. #include <strings.h>
  29. #include <stdexcept>
  30. #include <sstream>
  31. #include <iterator>
  32. #include <unordered_set>
  33. #include <boost/version.hpp>
  34. // it crashes on OSX and doesn't compile on OpenBSD
  35. #if BOOST_VERSION >= 105300 && ! defined( __APPLE__ ) && ! defined(__OpenBSD__)
  36. #include <boost/container/string.hpp>
  37. #endif
  38. #include "ascii.hh"
  39. uint32_t burtleCI(const unsigned char* k, uint32_t length, uint32_t init);
  40. // #include "dns.hh"
  41. // #include "logger.hh"
  42. //#include <ext/vstring.h>
  43. /* Quest in life:
  44. accept escaped ascii presentations of DNS names and store them "natively"
  45. accept a DNS packet with an offset, and extract a DNS name from it
  46. build up DNSNames with prepend and append of 'raw' unescaped labels
  47. Be able to turn them into ASCII and "DNS name in a packet" again on request
  48. Provide some common operators for comparison, detection of being part of another domain
  49. NOTE: For now, everything MUST be . terminated, otherwise it is an error
  50. */
  51. class DNSName
  52. {
  53. public:
  54. DNSName() {} //!< Constructs an *empty* DNSName, NOT the root!
  55. // Work around assertion in some boost versions that do not like self-assignment of boost::container::string
  56. DNSName& operator=(const DNSName& rhs)
  57. {
  58. if (this != &rhs) {
  59. d_storage = rhs.d_storage;
  60. }
  61. return *this;
  62. }
  63. DNSName& operator=(const DNSName&& rhs)
  64. {
  65. if (this != &rhs) {
  66. d_storage = std::move(rhs.d_storage);
  67. }
  68. return *this;
  69. }
  70. DNSName(const DNSName& a) = default;
  71. DNSName(DNSName&& a) = default;
  72. explicit DNSName(const char* p): DNSName(p, std::strlen(p)) {} //!< Constructs from a human formatted, escaped presentation
  73. explicit DNSName(const char* p, size_t len); //!< Constructs from a human formatted, escaped presentation
  74. explicit DNSName(const std::string& str) : DNSName(str.c_str(), str.length()) {}; //!< Constructs from a human formatted, escaped presentation
  75. DNSName(const char* p, int len, int offset, bool uncompress, uint16_t* qtype=nullptr, uint16_t* qclass=nullptr, unsigned int* consumed=nullptr, uint16_t minOffset=0); //!< Construct from a DNS Packet, taking the first question if offset=12. If supplied, consumed is set to the number of bytes consumed from the packet, which will not be equal to the wire length of the resulting name in case of compression.
  76. bool isPartOf(const DNSName& rhs) const; //!< Are we part of the rhs name? Note that name.isPartOf(name).
  77. inline bool operator==(const DNSName& rhs) const; //!< DNS-native comparison (case insensitive) - empty compares to empty
  78. bool operator!=(const DNSName& other) const { return !(*this == other); }
  79. std::string toString(const std::string& separator=".", const bool trailing=true) const; //!< Our human-friendly, escaped, representation
  80. std::string toLogString() const; //!< like plain toString, but returns (empty) on empty names
  81. std::string toStringNoDot() const { return toString(".", false); }
  82. std::string toStringRootDot() const { if(isRoot()) return "."; else return toString(".", false); }
  83. std::string toDNSString() const; //!< Our representation in DNS native format
  84. std::string toDNSStringLC() const; //!< Our representation in DNS native format, lower cased
  85. void appendRawLabel(const std::string& str); //!< Append this unescaped label
  86. void appendRawLabel(const char* start, unsigned int length); //!< Append this unescaped label
  87. void prependRawLabel(const std::string& str); //!< Prepend this unescaped label
  88. std::vector<std::string> getRawLabels() const; //!< Individual raw unescaped labels
  89. std::string getRawLabel(unsigned int pos) const; //!< Get the specified raw unescaped label
  90. DNSName getLastLabel() const; //!< Get the DNSName of the last label
  91. bool chopOff(); //!< Turn www.powerdns.com. into powerdns.com., returns false for .
  92. DNSName makeRelative(const DNSName& zone) const;
  93. DNSName makeLowerCase() const
  94. {
  95. DNSName ret(*this);
  96. ret.makeUsLowerCase();
  97. return ret;
  98. }
  99. void makeUsLowerCase()
  100. {
  101. for(auto & c : d_storage) {
  102. c=dns_tolower(c);
  103. }
  104. }
  105. void makeUsRelative(const DNSName& zone);
  106. DNSName getCommonLabels(const DNSName& other) const; //!< Return the list of common labels from the top, for example 'c.d' for 'a.b.c.d' and 'x.y.c.d'
  107. DNSName labelReverse() const;
  108. bool isWildcard() const;
  109. bool isHostname() const;
  110. unsigned int countLabels() const;
  111. size_t wirelength() const; //!< Number of total bytes in the name
  112. bool empty() const { return d_storage.empty(); }
  113. bool isRoot() const { return d_storage.size()==1 && d_storage[0]==0; }
  114. void clear() { d_storage.clear(); }
  115. void trimToLabels(unsigned int);
  116. size_t hash(size_t init=0) const
  117. {
  118. return burtleCI((const unsigned char*)d_storage.c_str(), d_storage.size(), init);
  119. }
  120. DNSName& operator+=(const DNSName& rhs)
  121. {
  122. if(d_storage.size() + rhs.d_storage.size() > 256) // one extra byte for the second root label
  123. throw std::range_error("name too long");
  124. if(rhs.empty())
  125. return *this;
  126. if(d_storage.empty())
  127. d_storage+=rhs.d_storage;
  128. else
  129. d_storage.replace(d_storage.length()-1, rhs.d_storage.length(), rhs.d_storage);
  130. return *this;
  131. }
  132. bool operator<(const DNSName& rhs) const // this delivers _some_ kind of ordering, but not one useful in a DNS context. Really fast though.
  133. {
  134. return std::lexicographical_compare(d_storage.rbegin(), d_storage.rend(),
  135. rhs.d_storage.rbegin(), rhs.d_storage.rend(),
  136. [](const unsigned char& a, const unsigned char& b) {
  137. return dns_tolower(a) < dns_tolower(b);
  138. }); // note that this is case insensitive, including on the label lengths
  139. }
  140. inline bool canonCompare(const DNSName& rhs) const;
  141. bool slowCanonCompare(const DNSName& rhs) const;
  142. #if BOOST_VERSION >= 105300 && ! defined( __APPLE__ ) && ! defined(__OpenBSD__)
  143. typedef boost::container::string string_t;
  144. #else
  145. typedef std::string string_t;
  146. #endif
  147. const string_t& getStorage() const {
  148. return d_storage;
  149. }
  150. bool has8bitBytes() const; /* returns true if at least one byte of the labels forming the name is not included in [A-Za-z0-9_*./@ \\:-] */
  151. private:
  152. string_t d_storage;
  153. void packetParser(const char* p, int len, int offset, bool uncompress, uint16_t* qtype, uint16_t* qclass, unsigned int* consumed, int depth, uint16_t minOffset);
  154. static void appendEscapedLabel(std::string& appendTo, const char* orig, size_t len);
  155. static std::string unescapeLabel(const std::string& orig);
  156. };
  157. size_t hash_value(DNSName const& d);
  158. inline bool DNSName::canonCompare(const DNSName& rhs) const
  159. {
  160. // 01234567890abcd
  161. // us: 1a3www4ds9a2nl
  162. // rhs: 3www6online3com
  163. // to compare, we start at the back, is nl < com? no -> done
  164. //
  165. // 0,2,6,a
  166. // 0,4,a
  167. uint8_t ourpos[64], rhspos[64];
  168. uint8_t ourcount=0, rhscount=0;
  169. //cout<<"Asked to compare "<<toString()<<" to "<<rhs.toString()<<endl;
  170. for(const unsigned char* p = (const unsigned char*)d_storage.c_str(); p < (const unsigned char*)d_storage.c_str() + d_storage.size() && *p && ourcount < sizeof(ourpos); p+=*p+1)
  171. ourpos[ourcount++]=(p-(const unsigned char*)d_storage.c_str());
  172. for(const unsigned char* p = (const unsigned char*)rhs.d_storage.c_str(); p < (const unsigned char*)rhs.d_storage.c_str() + rhs.d_storage.size() && *p && rhscount < sizeof(rhspos); p+=*p+1)
  173. rhspos[rhscount++]=(p-(const unsigned char*)rhs.d_storage.c_str());
  174. if(ourcount == sizeof(ourpos) || rhscount==sizeof(rhspos)) {
  175. return slowCanonCompare(rhs);
  176. }
  177. for(;;) {
  178. if(ourcount == 0 && rhscount != 0)
  179. return true;
  180. if(rhscount == 0)
  181. return false;
  182. ourcount--;
  183. rhscount--;
  184. bool res=std::lexicographical_compare(
  185. d_storage.c_str() + ourpos[ourcount] + 1,
  186. d_storage.c_str() + ourpos[ourcount] + 1 + *(d_storage.c_str() + ourpos[ourcount]),
  187. rhs.d_storage.c_str() + rhspos[rhscount] + 1,
  188. rhs.d_storage.c_str() + rhspos[rhscount] + 1 + *(rhs.d_storage.c_str() + rhspos[rhscount]),
  189. [](const unsigned char& a, const unsigned char& b) {
  190. return dns_tolower(a) < dns_tolower(b);
  191. });
  192. // cout<<"Forward: "<<res<<endl;
  193. if(res)
  194. return true;
  195. res=std::lexicographical_compare( rhs.d_storage.c_str() + rhspos[rhscount] + 1,
  196. rhs.d_storage.c_str() + rhspos[rhscount] + 1 + *(rhs.d_storage.c_str() + rhspos[rhscount]),
  197. d_storage.c_str() + ourpos[ourcount] + 1,
  198. d_storage.c_str() + ourpos[ourcount] + 1 + *(d_storage.c_str() + ourpos[ourcount]),
  199. [](const unsigned char& a, const unsigned char& b) {
  200. return dns_tolower(a) < dns_tolower(b);
  201. });
  202. // cout<<"Reverse: "<<res<<endl;
  203. if(res)
  204. return false;
  205. }
  206. return false;
  207. }
  208. struct CanonDNSNameCompare: public std::binary_function<DNSName, DNSName, bool>
  209. {
  210. bool operator()(const DNSName&a, const DNSName& b) const
  211. {
  212. return a.canonCompare(b);
  213. }
  214. };
  215. inline DNSName operator+(const DNSName& lhs, const DNSName& rhs)
  216. {
  217. DNSName ret=lhs;
  218. ret += rhs;
  219. return ret;
  220. }
  221. template<typename T>
  222. struct SuffixMatchTree
  223. {
  224. SuffixMatchTree(const std::string& name="", bool endNode_=false) : d_name(name), endNode(endNode_)
  225. {}
  226. SuffixMatchTree(const SuffixMatchTree& rhs): d_name(rhs.d_name), children(rhs.children), endNode(rhs.endNode)
  227. {
  228. if (endNode) {
  229. d_value = rhs.d_value;
  230. }
  231. }
  232. SuffixMatchTree & operator=(const SuffixMatchTree &rhs)
  233. {
  234. d_name = rhs.d_name;
  235. children = rhs.children;
  236. endNode = rhs.endNode;
  237. if (endNode) {
  238. d_value = rhs.d_value;
  239. }
  240. return *this;
  241. }
  242. std::string d_name;
  243. mutable std::set<SuffixMatchTree> children;
  244. mutable bool endNode;
  245. mutable T d_value;
  246. bool operator<(const SuffixMatchTree& rhs) const
  247. {
  248. return strcasecmp(d_name.c_str(), rhs.d_name.c_str()) < 0;
  249. }
  250. typedef SuffixMatchTree value_type;
  251. template<typename V>
  252. void visit(const V& v) const {
  253. for(const auto& c : children)
  254. c.visit(v);
  255. if(endNode)
  256. v(*this);
  257. }
  258. void add(const DNSName& name, const T& t)
  259. {
  260. add(name.getRawLabels(), t);
  261. }
  262. void add(std::vector<std::string> labels, const T& value) const
  263. {
  264. if(labels.empty()) { // this allows insertion of the root
  265. endNode=true;
  266. d_value=value;
  267. }
  268. else if(labels.size()==1) {
  269. auto res=children.emplace(*labels.begin(), true);
  270. if(!res.second) {
  271. // we might already have had the node as an
  272. // intermediary one, but it's now an end node
  273. if(!res.first->endNode) {
  274. res.first->endNode = true;
  275. }
  276. }
  277. res.first->d_value = value;
  278. }
  279. else {
  280. auto res=children.emplace(*labels.rbegin(), false);
  281. labels.pop_back();
  282. res.first->add(labels, value);
  283. }
  284. }
  285. void remove(const DNSName &name) const
  286. {
  287. remove(name.getRawLabels());
  288. }
  289. /* Removes the node at `labels`, also make sure that no empty
  290. * children will be left behind in memory
  291. */
  292. void remove(std::vector<std::string> labels) const
  293. {
  294. if (labels.empty()) { // this allows removal of the root
  295. endNode = false;
  296. return;
  297. }
  298. SuffixMatchTree smt(*labels.rbegin());
  299. auto child = children.find(smt);
  300. if (child == children.end()) {
  301. // No subnode found, we're done
  302. return;
  303. }
  304. // We have found a child
  305. labels.pop_back();
  306. if (labels.empty()) {
  307. // The child is no longer an endnode
  308. child->endNode = false;
  309. // If the child has no further children, just remove it from the set.
  310. if (child->children.empty()) {
  311. children.erase(child);
  312. }
  313. return;
  314. }
  315. // We are not at the end, let the child figure out what to do
  316. child->remove(labels);
  317. }
  318. T* lookup(const DNSName& name) const
  319. {
  320. if(children.empty()) { // speed up empty set
  321. if(endNode)
  322. return &d_value;
  323. return nullptr;
  324. }
  325. return lookup(name.getRawLabels());
  326. }
  327. T* lookup(std::vector<std::string> labels) const
  328. {
  329. if(labels.empty()) { // optimization
  330. if(endNode)
  331. return &d_value;
  332. return nullptr;
  333. }
  334. SuffixMatchTree smn(*labels.rbegin());
  335. auto child = children.find(smn);
  336. if(child == children.end()) {
  337. if(endNode)
  338. return &d_value;
  339. return nullptr;
  340. }
  341. labels.pop_back();
  342. auto result = child->lookup(labels);
  343. if (result) {
  344. return result;
  345. }
  346. return endNode ? &d_value : nullptr;
  347. }
  348. // Returns all end-nodes, fully qualified (not as separate labels)
  349. std::vector<DNSName> getNodes() const {
  350. std::vector<DNSName> ret;
  351. if (endNode) {
  352. ret.push_back(DNSName(d_name));
  353. }
  354. for (const auto& child : children) {
  355. auto nodes = child.getNodes();
  356. for (const auto &node: nodes) {
  357. ret.push_back(node + DNSName(d_name));
  358. }
  359. }
  360. return ret;
  361. }
  362. };
  363. /* Quest in life: serve as a rapid block list. If you add a DNSName to a root SuffixMatchNode,
  364. anything part of that domain will return 'true' in check */
  365. struct SuffixMatchNode
  366. {
  367. public:
  368. SuffixMatchNode()
  369. {}
  370. SuffixMatchTree<bool> d_tree;
  371. void add(const DNSName& dnsname)
  372. {
  373. d_tree.add(dnsname, true);
  374. d_nodes.insert(dnsname);
  375. }
  376. void add(const std::string& name)
  377. {
  378. add(DNSName(name));
  379. }
  380. void add(std::vector<std::string> labels)
  381. {
  382. d_tree.add(labels, true);
  383. DNSName tmp;
  384. while (!labels.empty()) {
  385. tmp.appendRawLabel(labels.back());
  386. labels.pop_back(); // This is safe because we have a copy of labels
  387. }
  388. d_nodes.insert(tmp);
  389. }
  390. void remove(const DNSName& name)
  391. {
  392. d_tree.remove(name);
  393. d_nodes.erase(name);
  394. }
  395. void remove(std::vector<std::string> labels)
  396. {
  397. d_tree.remove(labels);
  398. DNSName tmp;
  399. while (!labels.empty()) {
  400. tmp.appendRawLabel(labels.back());
  401. labels.pop_back(); // This is safe because we have a copy of labels
  402. }
  403. d_nodes.erase(tmp);
  404. }
  405. bool check(const DNSName& dnsname) const
  406. {
  407. return d_tree.lookup(dnsname) != nullptr;
  408. }
  409. std::string toString() const
  410. {
  411. std::string ret;
  412. bool first = true;
  413. for (const auto& n : d_nodes) {
  414. if (!first) {
  415. ret += ", ";
  416. }
  417. first = false;
  418. ret += n.toString();
  419. }
  420. return ret;
  421. }
  422. private:
  423. mutable std::set<DNSName> d_nodes; // Only used for string generation
  424. };
  425. std::ostream & operator<<(std::ostream &os, const DNSName& d);
  426. namespace std {
  427. template <>
  428. struct hash<DNSName> {
  429. size_t operator () (const DNSName& dn) const { return dn.hash(0); }
  430. };
  431. }
  432. DNSName::string_t segmentDNSNameRaw(const char* input, size_t inputlen); // from ragel
  433. bool DNSName::operator==(const DNSName& rhs) const
  434. {
  435. if(rhs.empty() != empty() || rhs.d_storage.size() != d_storage.size())
  436. return false;
  437. auto us = d_storage.cbegin();
  438. auto p = rhs.d_storage.cbegin();
  439. for(; us != d_storage.cend() && p != rhs.d_storage.cend(); ++us, ++p) {
  440. if(dns_tolower(*p) != dns_tolower(*us))
  441. return false;
  442. }
  443. return true;
  444. }
  445. extern const DNSName g_rootdnsname, g_wildcarddnsname;
  446. struct DNSNameSet: public std::unordered_set<DNSName> {
  447. std::string toString() const {
  448. std::ostringstream oss;
  449. std::copy(begin(), end(), std::ostream_iterator<DNSName>(oss, "\n"));
  450. return oss.str();
  451. }
  452. };