blob: 07b0c44db786cab28a796a10029770350cd2abe7 [file] [log] [blame] [edit]
/*
* Copyright (C) Tildeslash Ltd. All rights reserved.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License version 3.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* In addition, as a special exception, the copyright holders give
* permission to link the code of portions of this program with the
* OpenSSL library under certain conditions as described in each
* individual source file, and distribute linked combinations
* including the two.
*
* You must obey the GNU Affero General Public License in all respects
* for all of the code used other than OpenSSL.
*/
#include "config.h"
#ifdef HAVE_STDIO_H
#include <stdio.h>
#endif
#ifdef HAVE_ERRNO_H
#include <errno.h>
#endif
#ifdef HAVE_STRING_H
#include <string.h>
#endif
#ifdef HAVE_SYS_TYPES_H
#include <sys/types.h>
#endif
#ifdef HAVE_SYS_SOCKET_H
#include <sys/socket.h>
#endif
#include "protocol.h"
/**
* Simple DNS test.
*
* The nameserver is queried for NS record of DNS root.
*
* @file
*/
int check_dns(Socket_T socket) {
int offset_request = 0;
int offset_response = 0;
int rc;
unsigned char buf[STRLEN];
unsigned char *response = NULL;
unsigned char request[19] = {
0x00, /** Request Length field for DNS via TCP */
0x11,
0x00, /** Transaction ID */
0x01,
0x01, /** Flags */
0x00,
0x00, /** Queries count */
0x01,
0x00, /** Answer resource records count */
0x00,
0x00, /** Authority resource records count */
0x00,
0x00, /** Additional resource records count */
0x00,
/** Query: */
0x00, /** Name: DNS root (empty string) */
0x00, /** Type: NS */
0x02,
0x00, /** Class: IN */
0x01
};
ASSERT(socket);
switch (socket_get_type(socket)) {
case SOCK_DGRAM:
offset_request = 2; /* Skip Length field in request */
offset_response = 0;
break;
case SOCK_STREAM:
offset_request = 0;
offset_response = 2; /* Skip Length field in response */
break;
default:
socket_setError(socket, "DNS: unsupported socket type -- protocol test skipped\n");
return TRUE;
}
if (socket_write(socket, (unsigned char *)request + offset_request, sizeof(request) - offset_request) < 0) {
socket_setError(socket, "DNS: error sending query -- %s\n", STRERROR);
return FALSE;
}
/* Response should have at least 14 bytes */
if (socket_read(socket, (unsigned char *)buf, 15) <= 14) {
socket_setError(socket, "DNS: error receiving response -- %s\n", STRERROR);
return FALSE;
}
response = buf + offset_response;
/* Compare transaction ID (it should be the same as in our request): */
if (response[0] != 0x00 && response[1] != 0x01) {
socket_setError(socket, "DNS: response transaction ID mismatch -- received 0x%x%x, expected 0x1\n", response[0], response[1]);
return FALSE;
}
/* Compare flags: */
/* Response type */
if ((response[2] & 0x80) != 0x80) {
socket_setError(socket, "DNS: invalid response type: 0x%x\n", response[2] & 0x80);
return FALSE;
}
/* Response code: accept request refusal as correct response as the server may disallow NS root query but the negative response means, it reacts to requests */
rc = response[3] & 0x0F;
if (rc != 0x0 && rc != 0x5) {
socket_setError(socket, "DNS: invalid response code: 0x%x\n", rc);
return FALSE;
}
/* Compare queries count (it should be one as in our request): */
if (response[4] != 0x00 && response[5] != 0x01) {
socket_setError(socket, "DNS: invalid query count in response -- received 0x%x%x, expected 1\n", response[4], response[5]);
return FALSE;
}
/* Compare answer and authority resource record counts (they shouldn't be both zero) */
if (rc == 0 && response[6] == 0x00 && response[7] == 0x00 && response[8] == 0x00 && response[9] == 0x00) {
socket_setError(socket, "DNS: no answer or authority records returned\n");
return FALSE;
}
return TRUE;
}