From: Kees Monshouwer <mind04@monshouwer.org>
Date: Sat, 22 Feb 2014 22:25:28 +0000 (+0100)
Subject: saxfr: add unhash option which make NSEC3 records readable
X-Git-Tag: rec-3.6.0-rc1~169^2~10
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=3f6fa55d8d98921c0a6d8cfc2cf64a8fc384b97e;p=thirdparty%2Fpdns.git

saxfr: add unhash option which make NSEC3 records readable
---

diff --git a/pdns/Makefile.am b/pdns/Makefile.am
index 5fc639dc8f..c3b439ebf8 100644
--- a/pdns/Makefile.am
+++ b/pdns/Makefile.am
@@ -165,7 +165,9 @@ sdig_SOURCES=sdig.cc sstuff.hh dnsparser.cc dnsparser.hh dnsrecords.cc dnswriter
 
 saxfr_SOURCES=saxfr.cc sstuff.hh dnsparser.cc dnsparser.hh dnsrecords.cc dnswriter.cc dnslabeltext.cc dnswriter.hh \
 	misc.cc misc.hh rcpgenerator.cc rcpgenerator.hh base64.cc base64.hh unix_utility.cc \
-	logger.cc statbag.cc qtype.cc sillyrecords.cc nsecrecords.cc base32.cc
+	logger.cc statbag.cc qtype.cc sillyrecords.cc nsecrecords.cc base32.cc dnssecinfra.cc
+saxfr_LDADD= $(POLARSSL_LIBS)
+
 
 dnstcpbench_SOURCES=dnstcpbench.cc sstuff.hh dnsparser.cc dnsparser.hh dnsrecords.cc dnswriter.cc dnslabeltext.cc dnswriter.hh \
 	misc.cc misc.hh rcpgenerator.cc rcpgenerator.hh base64.cc base64.hh unix_utility.cc \
diff --git a/pdns/saxfr.cc b/pdns/saxfr.cc
index 114320e1ac..7fa81edb68 100644
--- a/pdns/saxfr.cc
+++ b/pdns/saxfr.cc
@@ -4,18 +4,23 @@
 #include "dnswriter.hh"
 #include "dnsrecords.hh"
 #include "statbag.hh"
+#include "base32.hh"
+#include "dnssecinfra.hh"
+#include <boost/foreach.hpp>
+
 StatBag S;
 
 int main(int argc, char** argv)
 try
 {
   if(argc < 4) {
-    cerr<<"Syntax: saxfr IP-address port zone [showflags] [hidesoadetails]\n";
+    cerr<<"Syntax: saxfr IP-address port zone [showflags] [hidesoadetails] [unhash]"<<endl;;
     exit(EXIT_FAILURE);
   }
 
   bool showflags=false;
   bool hidesoadetails=false;
+  bool unhash=false;
 
   if (argc > 4) {
     for(int i=4; i<argc; i++) {
@@ -23,6 +28,8 @@ try
         showflags=true;
       if (strcmp(argv[i], "hidesoadetails") == 0)
         hidesoadetails=true;
+      if (strcmp(argv[i], "unhash") == 0)
+        unhash=true;
     }
   }
 
@@ -41,7 +48,13 @@ try
 
   sock.writen(string((char*)&*packet.begin(), (char*)&*packet.end()));
 
+  bool isNSEC3 = false;
   int soacount=0;
+  vector<pair<string,string> > records;
+  set<string> labels;
+  map<string,string> hashes;
+  NSEC3PARAMRecordContent ns3pr;
+
   while(soacount<2) {
     if(sock.read((char *) &len, 2) != 2)
       throw PDNSException("tcp read failed");
@@ -63,46 +76,82 @@ try
       {
         ++soacount;
       }
+      else if (i->first.d_type == QType::NSEC3PARAM) {
+          ns3pr = NSEC3PARAMRecordContent(i->first.d_content->getZoneRepresentation());
+          isNSEC3 = true;
+      }
 
-      cout<<i->first.d_label<<"\tIN\t"<<DNSRecordContent::NumberToType(i->first.d_type);
+      ostringstream o;
+      o<<"\tIN\t"<<DNSRecordContent::NumberToType(i->first.d_type);
       if(i->first.d_type == QType::RRSIG)
       {
         string zoneRep = i->first.d_content->getZoneRepresentation();
         vector<string> parts;
         stringtok(parts, zoneRep);
-        cout<<"\t"<<i->first.d_ttl<<"\t"<< parts[0]<<" "<<parts[1]<<" "<<parts[2]<<" "<<parts[3]<<" [expiry] [inception] [keytag] "<<parts[7]<<" ...\n";
+        o<<"\t"<<i->first.d_ttl<<"\t"<< parts[0]<<" "<<parts[1]<<" "<<parts[2]<<" "<<parts[3]<<" [expiry] [inception] [keytag] "<<parts[7]<<" ...";
       }
       else if(!showflags && i->first.d_type == QType::NSEC3)
       {
         string zoneRep = i->first.d_content->getZoneRepresentation();
         vector<string> parts;
         stringtok(parts, zoneRep);
-        cout<<"\t"<<i->first.d_ttl<<"\t"<< parts[0]<<" [flags] "<<parts[2]<<" "<<parts[3]<<" "<<parts[4];
+        o<<"\t"<<i->first.d_ttl<<"\t"<< parts[0]<<" [flags] "<<parts[2]<<" "<<parts[3]<<" "<<parts[4];
         for(vector<string>::iterator iter = parts.begin()+5; iter != parts.end(); ++iter)
-          cout<<" "<<*iter;
-        cout<<"\n";
+          o<<" "<<*iter;
       }
       else if(i->first.d_type == QType::DNSKEY)
       {
         string zoneRep = i->first.d_content->getZoneRepresentation();
         vector<string> parts;
         stringtok(parts, zoneRep);
-        cout<<"\t"<<i->first.d_ttl<<"\t"<< parts[0]<<" "<<parts[1]<<" "<<parts[2]<<" ...\n";
+        o<<"\t"<<i->first.d_ttl<<"\t"<< parts[0]<<" "<<parts[1]<<" "<<parts[2]<<" ...";
       }
       else if (i->first.d_type == QType::SOA && hidesoadetails)
       {
         string zoneRep = i->first.d_content->getZoneRepresentation();
         vector<string> parts;
         stringtok(parts, zoneRep);
-        cout<<"\t"<<i->first.d_ttl<<"\t"<<parts[0]<<" "<<parts[1]<<" [serial] "<<parts[3]<<" "<<parts[4]<<" "<<parts[5]<<" "<<parts[6]<<"\n";
+        o<<"\t"<<i->first.d_ttl<<"\t"<<parts[0]<<" "<<parts[1]<<" [serial] "<<parts[3]<<" "<<parts[4]<<" "<<parts[5]<<" "<<parts[6];
       }
       else
       {
-        cout<<"\t"<<i->first.d_ttl<<"\t"<< i->first.d_content->getZoneRepresentation()<<"\n";
+        o<<"\t"<<i->first.d_ttl<<"\t"<< i->first.d_content->getZoneRepresentation();
       }
+
+      records.push_back(make_pair(stripDot(i->first.d_label),o.str()));
+
+      string shorter(stripDot(i->first.d_label));
+      do {
+        labels.insert(shorter);
+        if (pdns_iequals(shorter, argv[3]))
+          break;
+      }while(chopOff(shorter));
+
     }
     delete[] creply;
   }
+
+  if (isNSEC3 && unhash)
+  {
+    string hashed;
+    BOOST_FOREACH(const string &label, labels) {
+      hashed=toBase32Hex(hashQNameWithSalt(ns3pr.d_iterations, ns3pr.d_salt, label));
+      hashes.insert(pair<string,string>(hashed, label));
+    }
+  }
+
+  pair<string,string> record;
+  BOOST_FOREACH(record, records) {
+    string label=record.first;
+    if (isNSEC3 && unhash)
+    {
+      map<string,string>::iterator i = hashes.find(makeRelative(label, argv[3]));
+      if (i != hashes.end())
+        label=i->second;
+    }
+    cout<<label<<"."<<record.second<<endl;
+  }
+
 }
 catch(std::exception &e)
 {