aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-10-25 10:57:35 +0200
committerChristian Grothoff <christian@grothoff.org>2018-10-25 10:58:10 +0200
commit9b52c9179b935f3afbf7119e37af2bf6685efa20 (patch)
tree5b79cd65fc0d79e54e7e9a632bb16140edeb6eeb /src
parentf7c6752d8dcda6d73ea9ee93cc8cef1290c45c48 (diff)
downloadgnunet-9b52c9179b935f3afbf7119e37af2bf6685efa20.tar.gz
gnunet-9b52c9179b935f3afbf7119e37af2bf6685efa20.zip
add possibility of hijacking any (sub)domain, not just TLDs, via configuration file [gns] section
Diffstat (limited to 'src')
-rw-r--r--src/gns/Makefile.am1
-rw-r--r--src/gns/gns_tld_api.c94
-rwxr-xr-xsrc/gns/test_gns_config_lookup.sh44
3 files changed, 97 insertions, 42 deletions
diff --git a/src/gns/Makefile.am b/src/gns/Makefile.am
index 2659f7e6a..e0497b11e 100644
--- a/src/gns/Makefile.am
+++ b/src/gns/Makefile.am
@@ -235,6 +235,7 @@ libgnunet_plugin_block_gns_la_LDFLAGS = \
235 235
236check_SCRIPTS = \ 236check_SCRIPTS = \
237 test_gns_lookup.sh \ 237 test_gns_lookup.sh \
238 test_gns_config_lookup.sh \
238 test_gns_ipv6_lookup.sh\ 239 test_gns_ipv6_lookup.sh\
239 test_gns_txt_lookup.sh\ 240 test_gns_txt_lookup.sh\
240 test_gns_mx_lookup.sh \ 241 test_gns_mx_lookup.sh \
diff --git a/src/gns/gns_tld_api.c b/src/gns/gns_tld_api.c
index 825b51d06..55ee30bd9 100644
--- a/src/gns/gns_tld_api.c
+++ b/src/gns/gns_tld_api.c
@@ -92,7 +92,7 @@ struct GNUNET_GNS_LookupWithTldRequest
92 * @return the part of @a name after the last ".", 92 * @return the part of @a name after the last ".",
93 * or @a name if @a name does not contain a "." 93 * or @a name if @a name does not contain a "."
94 */ 94 */
95static char * 95static const char *
96get_tld (const char *name) 96get_tld (const char *name)
97{ 97{
98 const char *tld; 98 const char *tld;
@@ -103,28 +103,31 @@ get_tld (const char *name)
103 tld = name; 103 tld = name;
104 else 104 else
105 tld++; /* skip the '.' */ 105 tld++; /* skip the '.' */
106 return GNUNET_strdup (tld); 106 return tld;
107} 107}
108 108
109 109
110/** 110/**
111 * Eat the TLD of the given @a name. 111 * Eat the "TLD" (last bit) of the given @a name.
112 * 112 *
113 * @param[in,out] name a name 113 * @param[in,out] name a name
114 * @param tld what to eat (can be more than just the tld)
114 */ 115 */
115static void 116static void
116eat_tld (char *name) 117eat_tld (char *name,
118 const char *tld)
117{ 119{
118 char *tld;
119
120 GNUNET_assert (0 < strlen (name)); 120 GNUNET_assert (0 < strlen (name));
121 tld = strrchr (name,
122 (unsigned char) '.');
123 if (NULL == tld) 121 if (NULL == tld)
122 {
124 strcpy (name, 123 strcpy (name,
125 GNUNET_GNS_EMPTY_LABEL_AT); 124 GNUNET_GNS_EMPTY_LABEL_AT);
125 }
126 else 126 else
127 *tld = '\0'; 127 {
128 GNUNET_assert (strlen (tld) < strlen (name));
129 name[strlen(name) - strlen(tld) - 1] = '\0';
130 }
128} 131}
129 132
130 133
@@ -227,7 +230,7 @@ GNUNET_GNS_lookup_with_tld (struct GNUNET_GNS_Handle *handle,
227 void *proc_cls) 230 void *proc_cls)
228{ 231{
229 struct GNUNET_GNS_LookupWithTldRequest *ltr; 232 struct GNUNET_GNS_LookupWithTldRequest *ltr;
230 char *tld; 233 const char *tld;
231 char *dot_tld; 234 char *dot_tld;
232 char *zonestr; 235 char *zonestr;
233 struct GNUNET_CRYPTO_EcdsaPublicKey pkey; 236 struct GNUNET_CRYPTO_EcdsaPublicKey pkey;
@@ -246,51 +249,59 @@ GNUNET_GNS_lookup_with_tld (struct GNUNET_GNS_Handle *handle,
246 strlen (tld), 249 strlen (tld),
247 &pkey)) 250 &pkey))
248 { 251 {
249 eat_tld (ltr->name); 252 eat_tld (ltr->name,
253 tld);
250 lookup_with_public_key (ltr, 254 lookup_with_public_key (ltr,
251 &pkey); 255 &pkey);
252 GNUNET_free (tld);
253 return ltr; 256 return ltr;
254 } 257 }
255 258
256 /* second case: TLD is mapped in our configuration file */ 259 /* second case: domain is mapped in our configuration file */
257 GNUNET_asprintf (&dot_tld, 260 for (const char *domain = name;
258 ".%s", 261 NULL != domain;
259 tld); 262 domain = strchr (domain,
260 if (GNUNET_OK == 263 (unsigned char) '.'))
261 GNUNET_CONFIGURATION_get_value_string (handle->cfg,
262 "gns",
263 dot_tld,
264 &zonestr))
265 { 264 {
266 if (GNUNET_OK != 265 if ('.' == domain[0])
267 GNUNET_CRYPTO_ecdsa_public_key_from_string (zonestr, 266 domain++;
268 strlen (zonestr), 267 GNUNET_asprintf (&dot_tld,
269 &pkey)) 268 ".%s",
269 domain);
270 if (GNUNET_OK ==
271 GNUNET_CONFIGURATION_get_value_string (handle->cfg,
272 "gns",
273 dot_tld,
274 &zonestr))
270 { 275 {
271 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR, 276 if (GNUNET_OK !=
272 "gns", 277 GNUNET_CRYPTO_ecdsa_public_key_from_string (zonestr,
273 dot_tld, 278 strlen (zonestr),
274 _("Expected a base32-encoded public zone key\n")); 279 &pkey))
280 {
281 GNUNET_log_config_invalid (GNUNET_ERROR_TYPE_ERROR,
282 "gns",
283 dot_tld,
284 _("Expected a base32-encoded public zone key\n"));
285 GNUNET_free (zonestr);
286 GNUNET_free (dot_tld);
287 GNUNET_free (ltr->name);
288 GNUNET_free (ltr);
289 return NULL;
290 }
291 eat_tld (ltr->name,
292 &dot_tld[1]);
275 GNUNET_free (zonestr); 293 GNUNET_free (zonestr);
276 GNUNET_free (dot_tld); 294 GNUNET_free (dot_tld);
277 GNUNET_free (ltr->name); 295 lookup_with_public_key (ltr,
278 GNUNET_free (ltr); 296 &pkey);
279 GNUNET_free (tld); 297 return ltr;
280 return NULL;
281 } 298 }
282 GNUNET_free (dot_tld); 299 GNUNET_free (dot_tld);
283 GNUNET_free (zonestr);
284 eat_tld (ltr->name);
285 lookup_with_public_key (ltr,
286 &pkey);
287 GNUNET_free (tld);
288 return ltr;
289 } 300 }
290 GNUNET_free (dot_tld);
291 301
292 /* Final case: TLD matches one of our egos */ 302 /* Final case: TLD matches one of our egos */
293 eat_tld (ltr->name); 303 eat_tld (ltr->name,
304 tld);
294 305
295 /* if the name is of the form 'label' (and not 'label.SUBDOMAIN'), never go to the DHT */ 306 /* if the name is of the form 'label' (and not 'label.SUBDOMAIN'), never go to the DHT */
296 if (NULL == strchr (ltr->name, 307 if (NULL == strchr (ltr->name,
@@ -302,7 +313,6 @@ GNUNET_GNS_lookup_with_tld (struct GNUNET_GNS_Handle *handle,
302 tld, 313 tld,
303 &identity_zone_cb, 314 &identity_zone_cb,
304 ltr); 315 ltr);
305 GNUNET_free (tld);
306 if (NULL == ltr->id_op) 316 if (NULL == ltr->id_op)
307 { 317 {
308 GNUNET_free (ltr->name); 318 GNUNET_free (ltr->name);
diff --git a/src/gns/test_gns_config_lookup.sh b/src/gns/test_gns_config_lookup.sh
new file mode 100755
index 000000000..35d7c32d9
--- /dev/null
+++ b/src/gns/test_gns_config_lookup.sh
@@ -0,0 +1,44 @@
1#!/bin/bash
2# This file is in the public domain.
3trap "gnunet-arm -e -c test_gns_lookup.conf" SIGINT
4
5LOCATION=$(which gnunet-config)
6if [ -z $LOCATION ]
7then
8 LOCATION="gnunet-config"
9fi
10$LOCATION --version 1> /dev/null
11if test $? != 0
12then
13 echo "GNUnet command line tools cannot be found, check environmental variables PATH and GNUNET_PREFIX"
14 exit 77
15fi
16MY_EGO="myego"
17
18rm -rf `gnunet-config -c test_gns_lookup.conf -s PATHS -o GNUNET_HOME -f`
19CFG=`mktemp --tmpdir=$PWD`
20cp test_gns_lookup.conf $CFG || exit 77
21which timeout &> /dev/null && DO_TIMEOUT="timeout 5"
22TEST_IP="dead::beef"
23gnunet-arm -s -c $CFG || exit 77
24gnunet-identity -C $MY_EGO -c $CFG
25EPUB=`gnunet-identity -d -c $CFG | grep $MY_EGO | awk '{print $3}'`
26gnunet-arm -e -c $CFG
27gnunet-config -c $CFG -s "gns" -o ".google.com" -V $EPUB
28gnunet-arm -s -c $CFG
29sleep 1
30gnunet-namestore -p -z $MY_EGO -a -n www -t AAAA -V $TEST_IP -e never -c $CFG
31RES_IP=`$DO_TIMEOUT gnunet-gns --raw -u www.google.com -t AAAA -c $CFG`
32gnunet-namestore -z $MY_EGO -d -n www -t AAAA -V $TEST_IP -e never -c $CFG
33gnunet-identity -D $MY_EGO -c $CFG
34gnunet-arm -e -c $CFG
35rm -rf `gnunet-config -c $CFG -f -s paths -o GNUNET_TEST_HOME`
36rm $CFG
37
38if [ "$RES_IP" == "$TEST_IP" ]
39then
40 exit 0
41else
42 echo "Failed to resolve to proper IP, got $RES_IP."
43 exit 1
44fi