4 files changed, 156 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index 595f47b..fa5c282 100644
--- a/Makefile
+++ b/Makefile
@@ -479,6 +479,18 @@ compile dnsptr.c substdio.h subfd.h substdio.h stralloc.h gen_alloc.h \
 str.h scan.h dns.h dnsdoe.h ip.h exit.h
        ./compile dnsptr.c
+dnstlsa: \
+load dnstlsa.o dns.o dnsdoe.o ip.o ipalloc.o stralloc.a alloc.a \
+substdio.a error.a str.a fs.a dns.lib socket.lib
+        ./load dnstlsa dns.o dnsdoe.o ip.o ipalloc.o stralloc.a \
+        alloc.a substdio.a error.a str.a fs.a  `cat dns.lib` `cat \
+        socket.lib` getopt.a
+dnstlsa.o: \
+compile dnstlsa.c substdio.h subfd.h substdio.h stralloc.h gen_alloc.h \
+str.h scan.h dns.h dnsdoe.h ip.h exit.h
+        ./compile dnstlsa.c
 dot-qmail.0: \
 dot-qmail.5
        nroff -man dot-qmail.5 > dot-qmail.0
@@ -812,7 +824,7 @@ predate datemail mailsubj qmail-upq qmail-showctl qmail-newu \
 qmail-pw2u qmail-qread qmail-qstat qmail-tcpto qmail-tcpok \
 qmail-pop3d qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd \
 qmail-smtpd sendmail tcp-env qmail-newmrh qmail-newbrt config config-fast dnscname \
-dnsptr dnsip dnsmxip dnsfq hostname ipmeprint qreceipt qsmhook qbiff \
+dnsptr dnsip dnsmxip dnsfq dnstlsa hostname ipmeprint qreceipt qsmhook qbiff \
 forward preline condredirect bouncesaying except maildirmake \
 maildir2mbox maildirwatch qail elq pinq idedit install-big install \
 instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \
diff --git a/dns.c b/dns.c
index bed2bd2..b4d106c 100644
--- a/dns.c
+++ b/dns.c
@@ -418,3 +418,44 @@ unsigned long random;
 alloc_free(mx);
 return flagsoft;
 }
+int dns_tlsa(stralloc *out, const stralloc *fqdn)
+{
+  int ranswers = 0;
+  switch(resolve(fqdn, T_TLSA))
+  {
+    case DNS_MEM: return DNS_MEM;
+    case DNS_SOFT: return DNS_SOFT;
+    case DNS_HARD: return DNS_HARD;
+  }
+  if (!stralloc_copys(out,"")) return DNS_MEM;
+  while(numanswers-- > 0) {
+    int i;
+    if (responsepos == responseend) return DNS_SOFT;
+    i = dn_expand(response.buf, responseend, responsepos, name, MAXDNAME);
+    if (i < 0) return DNS_SOFT;
+    responsepos += i;
+    i = responseend - responsepos;
+    if (i < 4 + 3 * 2) return DNS_SOFT;
+    unsigned short rrtype = getshort(responsepos);
+    unsigned short rrdlen = getshort(responsepos + 8);
+    responsepos += 10; // skip dns header
+    if (responsepos + rrdlen > responseend) return DNS_HARD;
+    if (rrtype == T_TLSA)
+    {
+      unsigned char rrlen[2] = { rrdlen >> 8, rrdlen & 0xFF };
+      stralloc_catb(out, rrlen, 2);
+      if (!stralloc_catb(out, responsepos, rrdlen)) return DNS_MEM;
+      ++ranswers;
+    }
+    responsepos += rrdlen;
+  }
+  return ranswers;
+}
diff --git a/dns.h b/dns.h
index bca9490..08534a2 100644
--- a/dns.h
+++ b/dns.h
@@ -1,6 +1,8 @@
 #ifndef DNS_H
 #define DNS_H
+#include "stralloc.h"
 #define DNS_SOFT -1
 #define DNS_HARD -2
 #define DNS_MEM -3
@@ -10,5 +12,6 @@ int dns_cname();
 int dns_mxip();
 int dns_ip();
 int dns_ptr();
+int dns_tlsa(stralloc *out, const stralloc *fqdn);
 #endif
diff --git a/dnstlsa.c b/dnstlsa.c
new file mode 100644
index 0000000..6623cfd
--- /dev/null
+++ b/dnstlsa.c
@@ -0,0 +1,99 @@
+#include <stdint.h>
+#include "byte.h"
+#include "substdio.h"
+#include "subfd.h"
+#include "subgetopt.h"
+#include "stralloc.h"
+#include "dns.h"
+#include "dnsdoe.h"
+#include "exit.h"
+stralloc sa = {0};
+stralloc out = {0};
+static void die_nomem()
+{
+  substdio_putsflush(subfderr, "out of memory\n");
+  _exit(111);
+}
+ #include <stdio.h>
+void main(int argc, char **argv)
+{
+  char *port = "25";
+  char proto[7] = "._tcp.";
+  char *host = NULL;
+  int opt;
+  int verbose = 0;
+  while ((opt = sgopt(argc, argv, "vutp:")) != sgoptdone)
+  {
+    switch(opt)
+    {
+      case 'p': port = sgoptarg; break;
+      case 't': break;
+      case 'u': byte_copy(proto, 6, "._udp."); break;
+      case 'v': verbose = 1;
+    }
+  }
+  argv += sgoptind;
+  argc -= sgoptind;
+  if (!argv[0])
+  {
+    substdio_putsflush(subfderr, "dnstlsa [-v] [-p port] [-u(dp)|-t(cp)] host (tcp on port 25 is default)\n");
+    _exit(100);
+  }
+  host = argv[0];
+  if (!stralloc_copyb(&sa, "_", 1)) die_nomem;
+  if (!stralloc_cats(&sa, port)) die_nomem;
+  if (!stralloc_cats(&sa, proto)) die_nomem;
+  if (!stralloc_cats(&sa, host)) die_nomem;
+  if (verbose)
+  {
+    substdio_puts(subfdout, "checking for TLSA records: ");
+    substdio_put(subfdout, sa.s, sa.len);
+    substdio_putsflush(subfdout, "\n");
+  }
+  dns_init(0);
+  dnsdoe(dns_tlsa(&out, &sa));
+  int pos = 0;
+  unsigned char *response = (unsigned char *)out.s;
+  while(pos < out.len && out.len - pos > 2 + 4) // sizeof(rrlen) + min(rrdata)
+  {
+    unsigned short rrlen = (response[pos] << 8) + response[pos + 1];
+    pos += 2;
+    uint8_t usage = response[pos];
+    uint8_t sel   = response[pos + 1];
+    uint8_t type  = response[pos + 2];
+    if (usage == 0) substdio_puts(subfdout, "usage=0 ");
+    if (usage == 1) substdio_puts(subfdout, "usage=1 ");
+    if (usage == 2) substdio_puts(subfdout, "usage=2 ");
+    if (usage == 3) substdio_puts(subfdout, "usage=3 ");
+    if (sel == 0) substdio_puts(subfdout, "selector=0 ");
+    if (sel == 1) substdio_puts(subfdout, "selector=1 ");
+    if (type == 0) substdio_puts(subfdout, "type=0 "); // full cert
+    if (type == 1) substdio_puts(subfdout, "type=1 "); // sha256
+    if (type == 2) substdio_puts(subfdout, "type=2 "); // sha512
+    substdio_puts(subfdout, "data="); // sha512
+    for (int j = 3; j < rrlen; j++)
+    {
+      unsigned char ch = response[pos + j];
+      substdio_put(subfdout, "0123456789abcdef" + (ch >> 4), 1);
+      substdio_put(subfdout, "0123456789abcdef" + (ch & 0x0F), 1);
+    }
+    substdio_putsflush(subfdout, "\n");
+    pos += rrlen;
+  }
+  _exit(0);
+}

diff --git a/Makefile b/Makefile index 595f47b..fa5c282 100644 --- a/Makefile +++ b/Makefile
@@ -479,6 +479,18 @@ compile dnsptr.c substdio.h subfd.h substdio.h stralloc.h gen_alloc.h \
479	str.h scan.h dns.h dnsdoe.h ip.h exit.h	479	str.h scan.h dns.h dnsdoe.h ip.h exit.h
480	./compile dnsptr.c	480	./compile dnsptr.c
481		481
		482	dnstlsa: \
		483	load dnstlsa.o dns.o dnsdoe.o ip.o ipalloc.o stralloc.a alloc.a \
		484	substdio.a error.a str.a fs.a dns.lib socket.lib
		485	./load dnstlsa dns.o dnsdoe.o ip.o ipalloc.o stralloc.a \
		486	alloc.a substdio.a error.a str.a fs.a `cat dns.lib` `cat \
		487	socket.lib` getopt.a
		488
		489	dnstlsa.o: \
		490	compile dnstlsa.c substdio.h subfd.h substdio.h stralloc.h gen_alloc.h \
		491	str.h scan.h dns.h dnsdoe.h ip.h exit.h
		492	./compile dnstlsa.c
		493
482	dot-qmail.0: \	494	dot-qmail.0: \
483	dot-qmail.5	495	dot-qmail.5
484	nroff -man dot-qmail.5 > dot-qmail.0	496	nroff -man dot-qmail.5 > dot-qmail.0
@@ -812,7 +824,7 @@ predate datemail mailsubj qmail-upq qmail-showctl qmail-newu \
812	qmail-pw2u qmail-qread qmail-qstat qmail-tcpto qmail-tcpok \	824	qmail-pw2u qmail-qread qmail-qstat qmail-tcpto qmail-tcpok \
813	qmail-pop3d qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd \	825	qmail-pop3d qmail-popup qmail-qmqpc qmail-qmqpd qmail-qmtpd \
814	qmail-smtpd sendmail tcp-env qmail-newmrh qmail-newbrt config config-fast dnscname \	826	qmail-smtpd sendmail tcp-env qmail-newmrh qmail-newbrt config config-fast dnscname \
815	dnsptr dnsip dnsmxip dnsfq hostname ipmeprint qreceipt qsmhook qbiff \	827	dnsptr dnsip dnsmxip dnsfq dnstlsa hostname ipmeprint qreceipt qsmhook qbiff \
816	forward preline condredirect bouncesaying except maildirmake \	828	forward preline condredirect bouncesaying except maildirmake \
817	maildir2mbox maildirwatch qail elq pinq idedit install-big install \	829	maildir2mbox maildirwatch qail elq pinq idedit install-big install \
818	instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \	830	instcheck home home+df proc proc+df binm1 binm1+df binm2 binm2+df \


diff --git a/dns.c b/dns.c index bed2bd2..b4d106c 100644 --- a/dns.c +++ b/dns.c
@@ -418,3 +418,44 @@ unsigned long random;
418	alloc_free(mx);	418	alloc_free(mx);
419	return flagsoft;	419	return flagsoft;
420	}	420	}
		421
		422	int dns_tlsa(stralloc out, const stralloc fqdn)
		423	{
		424	int ranswers = 0;
		425
		426	switch(resolve(fqdn, T_TLSA))
		427	{
		428	case DNS_MEM: return DNS_MEM;
		429	case DNS_SOFT: return DNS_SOFT;
		430	case DNS_HARD: return DNS_HARD;
		431	}
		432
		433	if (!stralloc_copys(out,"")) return DNS_MEM;
		434	while(numanswers-- > 0) {
		435	int i;
		436	if (responsepos == responseend) return DNS_SOFT;
		437
		438	i = dn_expand(response.buf, responseend, responsepos, name, MAXDNAME);
		439	if (i < 0) return DNS_SOFT;
		440	responsepos += i;
		441
		442	i = responseend - responsepos;
		443	if (i < 4 + 3 * 2) return DNS_SOFT;
		444
		445	unsigned short rrtype = getshort(responsepos);
		446	unsigned short rrdlen = getshort(responsepos + 8);
		447	responsepos += 10; // skip dns header
		448	if (responsepos + rrdlen > responseend) return DNS_HARD;
		449
		450	if (rrtype == T_TLSA)
		451	{
		452	unsigned char rrlen[2] = { rrdlen >> 8, rrdlen & 0xFF };
		453	stralloc_catb(out, rrlen, 2);
		454	if (!stralloc_catb(out, responsepos, rrdlen)) return DNS_MEM;
		455	++ranswers;
		456	}
		457
		458	responsepos += rrdlen;
		459	}
		460	return ranswers;
		461	}


diff --git a/dns.h b/dns.h index bca9490..08534a2 100644 --- a/dns.h +++ b/dns.h
@@ -1,6 +1,8 @@
1	#ifndef DNS_H	1	#ifndef DNS_H
2	#define DNS_H	2	#define DNS_H
3		3
		4	#include "stralloc.h"
		5
4	#define DNS_SOFT -1	6	#define DNS_SOFT -1
5	#define DNS_HARD -2	7	#define DNS_HARD -2
6	#define DNS_MEM -3	8	#define DNS_MEM -3
@@ -10,5 +12,6 @@ int dns_cname();
10	int dns_mxip();	12	int dns_mxip();
11	int dns_ip();	13	int dns_ip();
12	int dns_ptr();	14	int dns_ptr();
		15	int dns_tlsa(stralloc out, const stralloc fqdn);
13		16
14	#endif	17	#endif


diff --git a/dnstlsa.c b/dnstlsa.c new file mode 100644 index 0000000..6623cfd --- /dev/null +++ b/dnstlsa.c
@@ -0,0 +1,99 @@
		1	#include <stdint.h>
		2	#include "byte.h"
		3	#include "substdio.h"
		4	#include "subfd.h"
		5	#include "subgetopt.h"
		6	#include "stralloc.h"
		7	#include "dns.h"
		8	#include "dnsdoe.h"
		9	#include "exit.h"
		10
		11	stralloc sa = {0};
		12	stralloc out = {0};
		13
		14	static void die_nomem()
		15	{
		16	substdio_putsflush(subfderr, "out of memory\n");
		17	_exit(111);
		18	}
		19
		20	#include <stdio.h>
		21	void main(int argc, char **argv)
		22	{
		23	char *port = "25";
		24	char proto[7] = "._tcp.";
		25	char *host = NULL;
		26	int opt;
		27	int verbose = 0;
		28
		29	while ((opt = sgopt(argc, argv, "vutp:")) != sgoptdone)
		30	{
		31	switch(opt)
		32	{
		33	case 'p': port = sgoptarg; break;
		34	case 't': break;
		35	case 'u': byte_copy(proto, 6, "._udp."); break;
		36	case 'v': verbose = 1;
		37	}
		38	}
		39
		40	argv += sgoptind;
		41	argc -= sgoptind;
		42
		43	if (!argv[0])
		44	{
		45	substdio_putsflush(subfderr, "dnstlsa [-v] [-p port] [-u(dp)\|-t(cp)] host (tcp on port 25 is default)\n");
		46	_exit(100);
		47	}
		48	host = argv[0];
		49
		50	if (!stralloc_copyb(&sa, "_", 1)) die_nomem;
		51	if (!stralloc_cats(&sa, port)) die_nomem;
		52	if (!stralloc_cats(&sa, proto)) die_nomem;
		53	if (!stralloc_cats(&sa, host)) die_nomem;
		54
		55	if (verbose)
		56	{
		57	substdio_puts(subfdout, "checking for TLSA records: ");
		58	substdio_put(subfdout, sa.s, sa.len);
		59	substdio_putsflush(subfdout, "\n");
		60	}
		61
		62	dns_init(0);
		63	dnsdoe(dns_tlsa(&out, &sa));
		64
		65	int pos = 0;
		66	unsigned char response = (unsigned char )out.s;
		67	while(pos < out.len && out.len - pos > 2 + 4) // sizeof(rrlen) + min(rrdata)
		68	{
		69	unsigned short rrlen = (response[pos] << 8) + response[pos + 1];
		70	pos += 2;
		71	uint8_t usage = response[pos];
		72	uint8_t sel = response[pos + 1];
		73	uint8_t type = response[pos + 2];
		74
		75	if (usage == 0) substdio_puts(subfdout, "usage=0 ");
		76	if (usage == 1) substdio_puts(subfdout, "usage=1 ");
		77	if (usage == 2) substdio_puts(subfdout, "usage=2 ");
		78	if (usage == 3) substdio_puts(subfdout, "usage=3 ");
		79
		80	if (sel == 0) substdio_puts(subfdout, "selector=0 ");
		81	if (sel == 1) substdio_puts(subfdout, "selector=1 ");
		82
		83	if (type == 0) substdio_puts(subfdout, "type=0 "); // full cert
		84	if (type == 1) substdio_puts(subfdout, "type=1 "); // sha256
		85	if (type == 2) substdio_puts(subfdout, "type=2 "); // sha512
		86
		87	substdio_puts(subfdout, "data="); // sha512
		88	for (int j = 3; j < rrlen; j++)
		89	{
		90	unsigned char ch = response[pos + j];
		91	substdio_put(subfdout, "0123456789abcdef" + (ch >> 4), 1);
		92	substdio_put(subfdout, "0123456789abcdef" + (ch & 0x0F), 1);
		93	}
		94	substdio_putsflush(subfdout, "\n");
		95	pos += rrlen;
		96	}
		97
		98	_exit(0);
		99	}