src/libstrongswan/plugins/unbound/unbound_resolver.c

   1 /*
   2  * Copyright (C) 2011-2012 Reto Guadagnini
   3  *
   4  * Copyright (C) secunet Security Networks AG
   5  *
   6  * This program is free software; you can redistribute it and/or modify it
   7  * under the terms of the GNU General Public License as published by the
   8  * Free Software Foundation; either version 2 of the License, or (at your
   9  * option) any later version.  See <http://www.fsf.org/copyleft/gpl.txt>.
  10  *
  11  * This program is distributed in the hope that it will be useful, but
  12  * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
  13  * or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * for more details.
  15  */
  16
  17 #include <unbound.h>
  18 #include <errno.h>
  19 #include <ldns/ldns.h>
  20 #include <string.h>
  21
  22 #include <library.h>
  23 #include <utils/debug.h>
  24
  25 #include "unbound_resolver.h"
  26 #include "unbound_response.h"
  27
  28 /* DNS resolver configuration and DNSSEC trust anchors */
  29 #define RESOLV_CONF_FILE        "/etc/resolv.conf"
  30 #define TRUST_ANCHOR_FILE       IPSEC_CONFDIR "/ipsec.d/dnssec.keys"
  31
  32 typedef struct private_resolver_t private_resolver_t;
  33
  34 /**
  35  * private data of a unbound_resolver_t object.
  36  */
  37 struct private_resolver_t {
  38
  39         /**
  40          * Public data
  41          */
  42         resolver_t public;
  43
  44         /**
  45          * private unbound resolver handle (unbound context)
  46          */
  47         struct ub_ctx *ctx;
  48 };
  49
  50 /**
  51  * query method implementation
  52  */
  53 METHOD(resolver_t, query, resolver_response_t*,
  54         private_resolver_t *this, char *domain, rr_class_t rr_class,
  55         rr_type_t rr_type)
  56 {
  57         unbound_response_t *response = NULL;
  58         struct ub_result *result = NULL;
  59         int ub_retval;
  60
  61         ub_retval = ub_resolve(this->ctx, domain, rr_type, rr_class, &result);
  62         if (ub_retval)
  63         {
  64                 DBG1(DBG_LIB, "unbound resolver error: %s", ub_strerror(ub_retval));
  65                 ub_resolve_free(result);
  66                 return NULL;
  67         }
  68
  69         response = unbound_response_create_frm_libub_response(result);
  70         if (!response)
  71         {
  72                 DBG1(DBG_LIB, "unbound resolver failed to create response");
  73                 ub_resolve_free(result);
  74                 return NULL;
  75         }
  76         ub_resolve_free(result);
  77
  78         return (resolver_response_t*)response;
  79 }
  80
  81 /**
  82  * destroy method implementation
  83  */
  84 METHOD(resolver_t, destroy, void,
  85         private_resolver_t *this)
  86 {
  87         ub_ctx_delete(this->ctx);
  88         free(this);
  89 }
  90
  91 /*
  92  * Described in header.
  93  */
  94 resolver_t *unbound_resolver_create(void)
  95 {
  96         private_resolver_t *this;
  97         int ub_retval = 0;
  98         char *resolv_conf, *trust_anchors, *dlv_anchors;
  99
 100         resolv_conf = lib->settings->get_str(lib->settings,
 101                                                                                 "%s.plugins.unbound.resolv_conf",
 102                                                                                 RESOLV_CONF_FILE, lib->ns);
 103         trust_anchors = lib->settings->get_str(lib->settings,
 104                                                                                 "%s.plugins.unbound.trust_anchors",
 105                                                                                 TRUST_ANCHOR_FILE, lib->ns);
 106         dlv_anchors = lib->settings->get_str(lib->settings,
 107                                                                                 "%s.plugins.unbound.dlv_anchors",
 108                                                                                 NULL, lib->ns);
 109
 110         INIT(this,
 111                 .public = {
 112                         .query = _query,
 113                         .destroy = _destroy,
 114                 },
 115         );
 116
 117         this->ctx = ub_ctx_create();
 118         if (!this->ctx)
 119         {
 120                 DBG1(DBG_LIB, "failed to create unbound resolver context");
 121                 destroy(this);
 122                 return NULL;
 123         }
 124
 125         DBG2(DBG_CFG, "loading unbound resolver config from '%s'", resolv_conf);
 126         ub_retval = ub_ctx_resolvconf(this->ctx, resolv_conf);
 127         if (ub_retval)
 128         {
 129                 DBG1(DBG_CFG, "failed to read the resolver config: %s (%s)",
 130                          ub_strerror(ub_retval), strerror(errno));
 131                 destroy(this);
 132                 return NULL;
 133         }
 134
 135         DBG2(DBG_CFG, "loading unbound trust anchors from '%s'", trust_anchors);
 136         ub_retval = ub_ctx_add_ta_file(this->ctx, trust_anchors);
 137         if (ub_retval)
 138         {
 139                 DBG1(DBG_CFG, "failed to load trust anchors: %s (%s)",
 140                          ub_strerror(ub_retval), strerror(errno));
 141         }
 142
 143         if (dlv_anchors)
 144         {
 145                 DBG2(DBG_CFG, "loading trusted keys for DLV from '%s'", dlv_anchors);
 146                 ub_retval = ub_ctx_set_option(this->ctx, "dlv-anchor-file:",
 147                                                                           dlv_anchors);
 148                 if (ub_retval)
 149                 {
 150                         DBG1(DBG_CFG, "failed to load trusted keys for DLV: %s (%s)",
 151                                  ub_strerror(ub_retval), strerror(errno));
 152                 }
 153         }
 154         return &this->public;
 155 }