Changeset 1160

Timestamp:

03/16/08 15:58:19 (5 years ago)

Author:

ahu

Message:

move to a real CSRNG, plus hooks for 'dns-0x20'.

Location:

trunk/pdns/pdns

Files:

• Makefile-recursor (modified) (2 diffs)
• Makefile.am (modified) (3 diffs)
• dist-recursor (modified) (2 diffs)
• lwres.cc (modified) (4 diffs)
• pdns_recursor.cc (modified) (8 diffs)
• syncres.cc (modified) (3 diffs)

trunk/pdns/pdns/Makefile-recursor

@@ -14 +14 @@
 arguments.o lwres.o pdns_recursor.o recursor_cache.o dnsparser.o \
 dnswriter.o dnsrecords.o rcpgenerator.o base64.o zoneparser-tng.o \
-rec_channel.o rec_channel_rec.o malloc.o selectmplexer.o sillyrecords.o
+rec_channel.o rec_channel_rec.o malloc.o selectmplexer.o sillyrecords.o \
+dns_random.o aescrypt.o aeskey.o aes_modes.o aestab.o
+
 
 REC_CONTROL_OBJECTS=rec_channel.o rec_control.o arguments.o 
@@ -69 +71 @@
         
 dep:
-        $(CXX) $(CXXFLAGS) -MM -MG *.cc *.hh > $@
+        $(CXX) $(CXXFLAGS) -MM -MG *.cc *.c *.hh > $@
 
 -include dep

trunk/pdns/pdns/Makefile.am

@@ -39 +39 @@
 base64.cc sillyrecords.cc \
 base64.hh zoneparser-tng.cc dnsrecords.cc dnswriter.cc \
-rcpgenerator.cc  dnsparser.cc
+rcpgenerator.cc dnsparser.cc \
+aes/dns_random.cc aes/aescrypt.c aes/aeskey.c aes/aestab.c aes/aes_modes.c
 
 #
@@ -111 +112 @@
         utility.hh dnsparser.hh sillyrecords.cc
 
-
-
-
-# INCLUDES=-I/usr/include/mysql
-
 rec_control_SOURCES=rec_channel.cc rec_channel.hh rec_control.cc arguments.cc arguments.hh
 
@@ -123 +119 @@
 dnswriter.cc dnswriter.hh dnsrecords.cc dnsrecords.hh rcpgenerator.cc rcpgenerator.hh \
 base64.cc base64.hh zoneparser-tng.cc zoneparser-tng.hh rec_channel.cc rec_channel.hh \
-rec_channel_rec.cc selectmplexer.cc epollmplexer.cc sillyrecords.cc htimer.cc htimer.hh
+rec_channel_rec.cc selectmplexer.cc epollmplexer.cc sillyrecords.cc htimer.cc htimer.hh \
+aes/dns_random.cc aes/aescrypt.c aes/aeskey.c aes/aestab.c aes/aes_modes.c
 
 if NEDMALLOC

trunk/pdns/pdns/dist-recursor

@@ -6 +6 @@
 sstuff.hh mtasker.hh mtasker.cc lwres.hh logger.hh ahuexception.hh \
 mplexer.hh win32_mtasker.hh win32_utility.cc ntservice.hh singleton.hh \
-recursorservice.hh"
+recursorservice.hh dns_random.hh"
 
 CFILES="syncres.cc  misc.cc unix_utility.cc qtype.cc \
@@ -32 +32 @@
 cp tools/rrd/{create,update,makegraphs,index.html} $DIRNAME/rrd
 cp ext/dlmalloc/malloc.{c,h} $DIRNAME
+cp aes/*.{c,cc,h} $DIRNAME
 cp pdns-recursor.init.d $DIRNAME
 cp docs/pdns_recursor.1 docs/rec_control.1 $DIRNAME

trunk/pdns/pdns/lwres.cc

@@ -1 +1 @@
 /*
     PowerDNS Versatile Database Driven Nameserver
-    Copyright (C) 2002 - 2007 PowerDNS.COM BV
+    Copyright (C) 2002 - 2008 PowerDNS.COM BV
 
     This program is free software; you can redistribute it and/or modify
@@ -37 +37 @@
 #include "dnsparser.hh"
 #include "logger.hh"
+#include "dns_random.hh"
 #include <boost/scoped_array.hpp>
+#include <boost/algorithm/string.hpp>
+
+string dns0x20(const std::string& in)
+{
+  string ret(in);
+  string::size_type len=ret.size();
+  for(string::size_type pos = 0 ; pos < len; ++pos) {
+    if(isalpha(in[pos]) && dns_random(2))
+      ret[pos]^=0x20;
+  }
+  //  cerr<<"'"<<in<<"' -> '"<<ret<<"'\n";
+  return ret;
+}
 
 //! returns -2 for OS limits error, -1 for permanent error that has to do with remote, 0 for timeout, 1 for success
@@ -47 +61 @@
   scoped_array<unsigned char> buf(new unsigned char[bufsize]);
   vector<uint8_t> vpacket;
+  //  string mapped0x20=dns0x20(domain);
   DNSPacketWriter pw(vpacket, domain, type);
 
   pw.getHeader()->rd=0;
-  pw.getHeader()->id=Utility::random();
+  pw.getHeader()->id=dns_random(0xffff);
 
   if(doEDNS0 && !doTCP) {
@@ -141 +156 @@
       goto out;
     }
-    
+
     for(MOADNSParser::answers_t::const_iterator i=mdp.d_answers.begin(); i!=mdp.d_answers.end(); ++i) {          
       DNSResourceRecord rr;
       rr.qtype=i->first.d_type;
       rr.qname=i->first.d_label;
+      /* 
+      if(i->first.d_label == mapped0x20)
+        rr.qname=domain;
+      else
+        rr.qname=i->first.d_label;
+      */
       rr.ttl=i->first.d_ttl;
       rr.content=i->first.d_content->getZoneRepresentation();  // this should be the serialised form

trunk/pdns/pdns/pdns_recursor.cc

@@ -26 +26 @@
 
 #include "utility.hh" 
+#include "dns_random.hh"
 #include <iostream>
 #include <errno.h>
@@ -1591 +1592 @@
 }
 
+void seedRandom(const string& source);
+
 int serviceMain(int argc, char*argv[])
 {
@@ -1605 +1608 @@
   }
 
-  L<<Logger::Warning<<"PowerDNS recursor "<<VERSION<<" (C) 2001-2007 PowerDNS.COM BV ("<<__DATE__", "__TIME__;
+  L<<Logger::Warning<<"PowerDNS recursor "<<VERSION<<" (C) 2001-2008 PowerDNS.COM BV ("<<__DATE__", "__TIME__;
 #ifdef __GNUC__
   L<<", gcc "__VERSION__;
@@ -1619 +1622 @@
   
   L<<Logger::Warning<<"Operating in "<<(sizeof(unsigned long)*8) <<" bits mode"<<endl;
+  
+  seedRandom(::arg()["entropy-source"]);
 
   if(!::arg()["allow-from-file"].empty()) {
@@ -1824 +1829 @@
 #endif
 
+void seedRandom(const string& source)
+{
+  L<<Logger::Warning<<"Reading random entropy from '"<<source<<"'"<<endl;
+
+  int fd=open(source.c_str(), O_RDONLY);
+  if(fd < 0) {
+    L<<Logger::Error<<"Unable to open source of random '"<<source<<"': "<<stringerror()<<endl;
+    exit(EXIT_FAILURE);
+  }
+  char seed[128];
+  int ret;
+  int pos=0;
+  while(pos!=sizeof(seed)) {
+    ret = read(fd, seed+pos, sizeof(seed)-pos);
+    if(ret < 0) { 
+      L<<Logger::Error<<"Unable to read random seed from "<<source<<": "<<stringerror()<<endl;
+      close(fd);
+      exit(EXIT_FAILURE);
+    }
+    if(!ret) {
+      L<<Logger::Error<<"Unable to read random seed from "<<source<<": end of file"<<endl;
+      close(fd);
+      exit(EXIT_FAILURE);
+    }
+    pos+=ret;
+  }
+  close(fd);
+  dns_random_init(seed);
+}
+
 int main(int argc, char **argv) 
 {
@@ -1843 +1878 @@
 
   try {
-    Utility::srandom(time(0));
     ::arg().set("stack-size","stack size per mthread")="200000";
     ::arg().set("soa-minimum-ttl","Don't change")="0";
@@ -1884 +1918 @@
     ::arg().set("allow-from", "If set, only allow these comma separated netmasks to recurse")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10";
     ::arg().set("allow-from-file", "If set, load allowed netmasks from this file")="";
+    ::arg().set("entropy-source", "If set, read entropy from this file")="/dev/urandom";
     ::arg().set("dont-query", "If set, do not query these netmasks for DNS data")="127.0.0.0/8, 10.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12, ::1/128, fe80::/10";
     ::arg().set("max-tcp-per-client", "If set, maximum number of TCP sessions per client (IP address)")="0";
@@ -1928 +1963 @@
     }
 
+
 #ifndef WIN32
     serviceMain(argc, argv);

trunk/pdns/pdns/syncres.cc

@@ -35 +35 @@
 #include "recursor_cache.hh"
 #include "dnsparser.hh"
+#include "dns_random.hh"
 
 extern MemRecursorCache RC;
@@ -277 +278 @@
   
   if(ret.size() > 1) {
-    random_shuffle(ret.begin(), ret.end());
+    random_shuffle(ret.begin(), ret.end(), dns_random);
 
     // move 'best' address for this nameserver name up front
@@ -543 +544 @@
     speeds[*i]=s_nsSpeeds[*i].get(&d_now);
   }
-  random_shuffle(rnameservers.begin(),rnameservers.end());
+  random_shuffle(rnameservers.begin(),rnameservers.end(), dns_random);
   speedOrder so(speeds);
   stable_sort(rnameservers.begin(),rnameservers.end(), so);