1 /*
   2  * Copyright (c) 2000, 2012, Oracle and/or its affiliates. All rights reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Oracle designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Oracle in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
  22  * or visit www.oracle.com if you need additional information or have any
  23  * questions.
  24  */
  25 
  26 package com.sun.jndi.dns;
  27 
  28 import java.io.IOException;
  29 import java.net.DatagramSocket;
  30 import java.net.DatagramPacket;
  31 import java.net.InetAddress;
  32 import java.net.Socket;
  33 import javax.naming.*;
  34 
  35 import java.util.Collections;
  36 import java.util.Map;
  37 import java.util.HashMap;
  38 import java.util.Set;
  39 import java.util.HashSet;
  40 
  41 // Some of this code began life as part of sun.javaos.net.DnsClient
  42 // originally by sritchie@eng 1/96.  It was first hacked up for JNDI
  43 // use by caveh@eng 6/97.
  44 
  45 
  46 /**
  47  * The DnsClient class performs DNS client operations in support of DnsContext.
  48  *
  49  */
  50 
  51 public class DnsClient {
  52 
  53     // DNS packet header field offsets
  54     private static final int IDENT_OFFSET = 0;
  55     private static final int FLAGS_OFFSET = 2;
  56     private static final int NUMQ_OFFSET  = 4;
  57     private static final int NUMANS_OFFSET = 6;
  58     private static final int NUMAUTH_OFFSET = 8;
  59     private static final int NUMADD_OFFSET = 10;
  60     private static final int DNS_HDR_SIZE = 12;
  61 
  62     // DNS response codes
  63     private static final int NO_ERROR       = 0;
  64     private static final int FORMAT_ERROR   = 1;
  65     private static final int SERVER_FAILURE = 2;
  66     private static final int NAME_ERROR     = 3;
  67     private static final int NOT_IMPL       = 4;
  68     private static final int REFUSED        = 5;
  69 
  70     private static final String[] rcodeDescription = {
  71         "No error",
  72         "DNS format error",
  73         "DNS server failure",
  74         "DNS name not found",
  75         "DNS operation not supported",
  76         "DNS service refused"
  77     };
  78 
  79     private static final int DEFAULT_PORT = 53;
  80     private InetAddress[] servers;
  81     private int[] serverPorts;
  82     private int timeout;                // initial timeout on UDP queries in ms
  83     private int retries;                // number of UDP retries
  84 
  85     private DatagramSocket udpSocket;
  86 
  87     // Requests sent
  88     private Set<Integer> reqs;
  89 
  90     // Responses received
  91     private Map<Integer, byte[]> resps;
  92 
  93     //-------------------------------------------------------------------------
  94 
  95     /*
  96      * Each server is of the form "server[:port]".  IPv6 literal host names
  97      * include delimiting brackets.
  98      * "timeout" is the initial timeout interval (in ms) for UDP queries,
  99      * and "retries" gives the number of retries per server.
 100      */
 101     public DnsClient(String[] servers, int timeout, int retries)
 102             throws NamingException {
 103         this.timeout = timeout;
 104         this.retries = retries;
 105         try {
 106             udpSocket = new DatagramSocket();
 107         } catch (java.net.SocketException e) {
 108             NamingException ne = new ConfigurationException();
 109             ne.setRootCause(e);
 110             throw ne;
 111         }
 112 
 113         this.servers = new InetAddress[servers.length];
 114         serverPorts = new int[servers.length];
 115 
 116         for (int i = 0; i < servers.length; i++) {
 117 
 118             // Is optional port given?
 119             int colon = servers[i].indexOf(':',
 120                                            servers[i].indexOf(']') + 1);
 121 
 122             serverPorts[i] = (colon < 0)
 123                 ? DEFAULT_PORT
 124                 : Integer.parseInt(servers[i].substring(colon + 1));
 125             String server = (colon < 0)
 126                 ? servers[i]
 127                 : servers[i].substring(0, colon);
 128             try {
 129                 this.servers[i] = InetAddress.getByName(server);
 130             } catch (java.net.UnknownHostException e) {
 131                 NamingException ne = new ConfigurationException(
 132                         "Unknown DNS server: " + server);
 133                 ne.setRootCause(e);
 134                 throw ne;
 135             }
 136         }
 137         reqs = Collections.synchronizedSet(new HashSet<Integer>());
 138         resps = Collections.synchronizedMap(new HashMap<Integer, byte[]>());
 139     }
 140 
 141     protected void finalize() {
 142         close();
 143     }
 144 
 145     // A lock to access the request and response queues in tandem.
 146     private Object queuesLock = new Object();
 147 
 148     public void close() {
 149         udpSocket.close();
 150         synchronized (queuesLock) {
 151             reqs.clear();
 152             resps.clear();
 153         }
 154     }
 155 
 156 
 157     private int ident = 0;              // used to set the msg ID field
 158     private Object identLock = new Object();
 159 
 160     /*
 161      * If recursion is true, recursion is requested on the query.
 162      * If auth is true, only authoritative responses are accepted; other
 163      * responses throw NameNotFoundException.
 164      */
 165     ResourceRecords query(DnsName fqdn, int qclass, int qtype,
 166                           boolean recursion, boolean auth)
 167             throws NamingException {
 168 
 169         int xid;
 170         synchronized (identLock) {
 171             ident = 0xFFFF & (ident + 1);
 172             xid = ident;
 173         }
 174 
 175         // enqueue the outstanding request
 176         reqs.add(xid);
 177 
 178         Packet pkt = makeQueryPacket(fqdn, xid, qclass, qtype, recursion);
 179 
 180         Exception caughtException = null;
 181         boolean[] doNotRetry = new boolean[servers.length];
 182 
 183         //
 184         // The UDP retry strategy is to try the 1st server, and then
 185         // each server in order. If no answer, double the timeout
 186         // and try each server again.
 187         //
 188         for (int retry = 0; retry < retries; retry++) {
 189 
 190             // Try each name server.
 191             for (int i = 0; i < servers.length; i++) {
 192                 if (doNotRetry[i]) {
 193                     continue;
 194                 }
 195 
 196                 // send the request packet and wait for a response.
 197                 try {
 198                     if (debug) {
 199                         dprint("SEND ID (" + (retry + 1) + "): " + xid);
 200                     }
 201 
 202                     byte[] msg = null;
 203                     msg = doUdpQuery(pkt, servers[i], serverPorts[i],
 204                                         retry, xid);
 205                     //
 206                     // If the matching response is not got within the
 207                     // given timeout, check if the response was enqueued
 208                     // by some other thread, if not proceed with the next
 209                     // server or retry.
 210                     //
 211                     if (msg == null) {
 212                         if (resps.size() > 0) {
 213                             msg = lookupResponse(xid);
 214                         }
 215                         if (msg == null) { // try next server or retry
 216                             continue;
 217                         }
 218                     }
 219                     Header hdr = new Header(msg, msg.length);
 220 
 221                     if (auth && !hdr.authoritative) {
 222                         caughtException = new NameNotFoundException(
 223                                 "DNS response not authoritative");
 224                         doNotRetry[i] = true;
 225                         continue;
 226                     }
 227                     if (hdr.truncated) {    // message is truncated -- try TCP
 228 
 229                         // Try each server, starting with the one that just
 230                         // provided the truncated message.
 231                         for (int j = 0; j < servers.length; j++) {
 232                             int ij = (i + j) % servers.length;
 233                             if (doNotRetry[ij]) {
 234                                 continue;
 235                             }
 236                             try {
 237                                 Tcp tcp =
 238                                     new Tcp(servers[ij], serverPorts[ij]);
 239                                 byte[] msg2;
 240                                 try {
 241                                     msg2 = doTcpQuery(tcp, pkt);
 242                                 } finally {
 243                                     tcp.close();
 244                                 }
 245                                 Header hdr2 = new Header(msg2, msg2.length);
 246                                 if (hdr2.query) {
 247                                     throw new CommunicationException(
 248                                         "DNS error: expecting response");
 249                                 }
 250                                 checkResponseCode(hdr2);
 251 
 252                                 if (!auth || hdr2.authoritative) {
 253                                     // Got a valid response
 254                                     hdr = hdr2;
 255                                     msg = msg2;
 256                                     break;
 257                                 } else {
 258                                     doNotRetry[ij] = true;
 259                                 }
 260                             } catch (Exception e) {
 261                                 // Try next server, or use UDP response
 262                             }
 263                         } // servers
 264                     }
 265                     return new ResourceRecords(msg, msg.length, hdr, false);
 266 
 267                 } catch (IOException e) {
 268                     if (debug) {
 269                         dprint("Caught IOException:" + e);
 270                     }
 271                     if (caughtException == null) {
 272                         caughtException = e;
 273                     }
 274                     // Use reflection to allow pre-1.4 compilation.
 275                     // This won't be needed much longer.
 276                     if (e.getClass().getName().equals(
 277                             "java.net.PortUnreachableException")) {
 278                         doNotRetry[i] = true;
 279                     }
 280                 } catch (NameNotFoundException e) {
 281                     throw e;
 282                 } catch (CommunicationException e) {
 283                     if (caughtException == null) {
 284                         caughtException = e;
 285                     }
 286                 } catch (NamingException e) {
 287                     if (caughtException == null) {
 288                         caughtException = e;
 289                     }
 290                     doNotRetry[i] = true;
 291                 }
 292             } // servers
 293         } // retries
 294 
 295         reqs.remove(xid);
 296         if (caughtException instanceof NamingException) {
 297             throw (NamingException) caughtException;
 298         }
 299         // A network timeout or other error occurred.
 300         NamingException ne = new CommunicationException("DNS error");
 301         ne.setRootCause(caughtException);
 302         throw ne;
 303     }
 304 
 305     ResourceRecords queryZone(DnsName zone, int qclass, boolean recursion)
 306             throws NamingException {
 307 
 308         int xid;
 309         synchronized (identLock) {
 310             ident = 0xFFFF & (ident + 1);
 311             xid = ident;
 312         }
 313         Packet pkt = makeQueryPacket(zone, xid, qclass,
 314                                      ResourceRecord.QTYPE_AXFR, recursion);
 315         Exception caughtException = null;
 316 
 317         // Try each name server.
 318         for (int i = 0; i < servers.length; i++) {
 319             try {
 320                 Tcp tcp = new Tcp(servers[i], serverPorts[i]);
 321                 byte[] msg;
 322                 try {
 323                     msg = doTcpQuery(tcp, pkt);
 324                     Header hdr = new Header(msg, msg.length);
 325                     // Check only rcode as per
 326                     // draft-ietf-dnsext-axfr-clarify-04
 327                     checkResponseCode(hdr);
 328                     ResourceRecords rrs =
 329                         new ResourceRecords(msg, msg.length, hdr, true);
 330                     if (rrs.getFirstAnsType() != ResourceRecord.TYPE_SOA) {
 331                         throw new CommunicationException(
 332                                 "DNS error: zone xfer doesn't begin with SOA");
 333                     }
 334 
 335                     if (rrs.answer.size() == 1 ||
 336                             rrs.getLastAnsType() != ResourceRecord.TYPE_SOA) {
 337                         // The response is split into multiple DNS messages.
 338                         do {
 339                             msg = continueTcpQuery(tcp);
 340                             if (msg == null) {
 341                                 throw new CommunicationException(
 342                                         "DNS error: incomplete zone transfer");
 343                             }
 344                             hdr = new Header(msg, msg.length);
 345                             checkResponseCode(hdr);
 346                             rrs.add(msg, msg.length, hdr);
 347                         } while (rrs.getLastAnsType() !=
 348                                  ResourceRecord.TYPE_SOA);
 349                     }
 350 
 351                     // Delete the duplicate SOA record.
 352                     rrs.answer.removeElementAt(rrs.answer.size() - 1);
 353                     return rrs;
 354 
 355                 } finally {
 356                     tcp.close();
 357                 }
 358 
 359             } catch (IOException e) {
 360                 caughtException = e;
 361             } catch (NameNotFoundException e) {
 362                 throw e;
 363             } catch (NamingException e) {
 364                 caughtException = e;
 365             }
 366         }
 367         if (caughtException instanceof NamingException) {
 368             throw (NamingException) caughtException;
 369         }
 370         NamingException ne = new CommunicationException(
 371                 "DNS error during zone transfer");
 372         ne.setRootCause(caughtException);
 373         throw ne;
 374     }
 375 
 376 
 377     /**
 378      * Tries to retreive an UDP packet matching the given xid
 379      * received within the timeout.
 380      * If a packet with different xid is received, the received packet
 381      * is enqueued with the corresponding xid in 'resps'.
 382      */
 383     private byte[] doUdpQuery(Packet pkt, InetAddress server,
 384                                      int port, int retry, int xid)
 385             throws IOException, NamingException {
 386 
 387         int minTimeout = 50; // msec after which there are no retries.
 388 
 389         synchronized (udpSocket) {
 390             DatagramPacket opkt = new DatagramPacket(
 391                     pkt.getData(), pkt.length(), server, port);
 392             DatagramPacket ipkt = new DatagramPacket(new byte[8000], 8000);
 393             udpSocket.connect(server, port);
 394             int pktTimeout = (timeout * (1 << retry));
 395             try {
 396                 udpSocket.send(opkt);
 397 
 398                 // timeout remaining after successive 'receive()'
 399                 int timeoutLeft = pktTimeout;
 400                 int cnt = 0;
 401                 do {
 402                     if (debug) {
 403                        cnt++;
 404                         dprint("Trying RECEIVE(" +
 405                                 cnt + ") retry(" + (retry + 1) +
 406                                 ") for:" + xid  + "    sock-timeout:" +
 407                                 timeoutLeft + " ms.");
 408                     }
 409                     udpSocket.setSoTimeout(timeoutLeft);
 410                     long start = System.currentTimeMillis();
 411                     udpSocket.receive(ipkt);
 412                     long end = System.currentTimeMillis();
 413 
 414                     byte[] data = new byte[ipkt.getLength()];
 415                     data = ipkt.getData();
 416                     if (isMatchResponse(data, xid)) {
 417                         return data;
 418                     }
 419                     timeoutLeft = pktTimeout - ((int) (end - start));
 420                 } while (timeoutLeft > minTimeout);
 421 
 422             } finally {
 423                 udpSocket.disconnect();
 424             }
 425             return null; // no matching packet received within the timeout
 426         }
 427     }
 428 
 429     /*
 430      * Sends a TCP query, and returns the first DNS message in the response.
 431      */
 432     private byte[] doTcpQuery(Tcp tcp, Packet pkt) throws IOException {
 433 
 434         int len = pkt.length();
 435         // Send 2-byte message length, then send message.
 436         tcp.out.write(len >> 8);
 437         tcp.out.write(len);
 438         tcp.out.write(pkt.getData(), 0, len);
 439         tcp.out.flush();
 440 
 441         byte[] msg = continueTcpQuery(tcp);
 442         if (msg == null) {
 443             throw new IOException("DNS error: no response");
 444         }
 445         return msg;
 446     }
 447 
 448     /*
 449      * Returns the next DNS message from the TCP socket, or null on EOF.
 450      */
 451     private byte[] continueTcpQuery(Tcp tcp) throws IOException {
 452 
 453         int lenHi = tcp.in.read();      // high-order byte of response length
 454         if (lenHi == -1) {
 455             return null;        // EOF
 456         }
 457         int lenLo = tcp.in.read();      // low-order byte of response length
 458         if (lenLo == -1) {
 459             throw new IOException("Corrupted DNS response: bad length");
 460         }
 461         int len = (lenHi << 8) | lenLo;
 462         byte[] msg = new byte[len];
 463         int pos = 0;                    // next unfilled position in msg
 464         while (len > 0) {
 465             int n = tcp.in.read(msg, pos, len);
 466             if (n == -1) {
 467                 throw new IOException(
 468                         "Corrupted DNS response: too little data");
 469             }
 470             len -= n;
 471             pos += n;
 472         }
 473         return msg;
 474     }
 475 
 476     private Packet makeQueryPacket(DnsName fqdn, int xid,
 477                                    int qclass, int qtype, boolean recursion) {
 478         int qnameLen = fqdn.getOctets();
 479         int pktLen = DNS_HDR_SIZE + qnameLen + 4;
 480         Packet pkt = new Packet(pktLen);
 481 
 482         short flags = recursion ? Header.RD_BIT : 0;
 483 
 484         pkt.putShort(xid, IDENT_OFFSET);
 485         pkt.putShort(flags, FLAGS_OFFSET);
 486         pkt.putShort(1, NUMQ_OFFSET);
 487         pkt.putShort(0, NUMANS_OFFSET);
 488         pkt.putInt(0, NUMAUTH_OFFSET);
 489 
 490         makeQueryName(fqdn, pkt, DNS_HDR_SIZE);
 491         pkt.putShort(qtype, DNS_HDR_SIZE + qnameLen);
 492         pkt.putShort(qclass, DNS_HDR_SIZE + qnameLen + 2);
 493 
 494         return pkt;
 495     }
 496 
 497     // Builds a query name in pkt according to the RFC spec.
 498     private void makeQueryName(DnsName fqdn, Packet pkt, int off) {
 499 
 500         // Loop through labels, least-significant first.
 501         for (int i = fqdn.size() - 1; i >= 0; i--) {
 502             String label = fqdn.get(i);
 503             int len = label.length();
 504 
 505             pkt.putByte(len, off++);
 506             for (int j = 0; j < len; j++) {
 507                 pkt.putByte(label.charAt(j), off++);
 508             }
 509         }
 510         if (!fqdn.hasRootLabel()) {
 511             pkt.putByte(0, off);
 512         }
 513     }
 514 
 515     //-------------------------------------------------------------------------
 516 
 517     private byte[] lookupResponse(Integer xid) throws NamingException {
 518         //
 519         // Check the queued responses: some other thread in between
 520         // received the response for this request.
 521         //
 522         if (debug) {
 523             dprint("LOOKUP for: " + xid +
 524                 "\tResponse Q:" + resps);
 525         }
 526         byte[] pkt;
 527         if ((pkt = resps.get(xid)) != null) {
 528             checkResponseCode(new Header(pkt, pkt.length));
 529             synchronized (queuesLock) {
 530                 resps.remove(xid);
 531                 reqs.remove(xid);
 532             }
 533 
 534             if (debug) {
 535                 dprint("FOUND (" + Thread.currentThread() +
 536                     ") for:" + xid);
 537             }
 538         }
 539         return pkt;
 540     }
 541 
 542     /*
 543      * Checks the header of an incoming DNS response.
 544      * Returns true if it matches the given xid and throws a naming
 545      * exception, if appropriate, based on the response code.
 546      */
 547     private boolean isMatchResponse(byte[] pkt, int xid)
 548                 throws NamingException {
 549 
 550         Header hdr = new Header(pkt, pkt.length);
 551         if (hdr.query) {
 552             throw new CommunicationException("DNS error: expecting response");
 553         }
 554 
 555         if (!reqs.contains(xid)) { // already received, ignore the response
 556             return false;
 557         }
 558 
 559         // common case- the request sent matches the subsequent response read
 560         if (hdr.xid == xid) {
 561             if (debug) {
 562                 dprint("XID MATCH:" + xid);
 563             }
 564 
 565             checkResponseCode(hdr);
 566             // remove the response for the xid if received by some other thread.
 567             synchronized (queuesLock) {
 568                 resps.remove(xid);
 569                 reqs.remove(xid);
 570             }
 571             return true;
 572         }
 573 
 574         //
 575         // xid mis-match: enqueue the response, it may belong to some other
 576         // thread that has not yet had a chance to read its response.
 577         // enqueue only the first response, responses for retries are ignored.
 578         //
 579         synchronized (queuesLock) {
 580             if (reqs.contains(hdr.xid)) { // enqueue only the first response
 581                 resps.put(hdr.xid, pkt);
 582             }
 583         }
 584 
 585         if (debug) {
 586             dprint("NO-MATCH SEND ID:" +
 587                                 xid + " RECVD ID:" + hdr.xid +
 588                                 "    Response Q:" + resps +
 589                                 "    Reqs size:" + reqs.size());
 590         }
 591         return false;
 592     }
 593 
 594     /*
 595      * Throws an exception if appropriate for the response code of a
 596      * given header.
 597      */
 598     private void checkResponseCode(Header hdr) throws NamingException {
 599 
 600         int rcode = hdr.rcode;
 601         if (rcode == NO_ERROR) {
 602             return;
 603         }
 604         String msg = (rcode < rcodeDescription.length)
 605             ? rcodeDescription[rcode]
 606             : "DNS error";
 607         msg += " [response code " + rcode + "]";
 608 
 609         switch (rcode) {
 610         case SERVER_FAILURE:
 611             throw new ServiceUnavailableException(msg);
 612         case NAME_ERROR:
 613             throw new NameNotFoundException(msg);
 614         case NOT_IMPL:
 615         case REFUSED:
 616             throw new OperationNotSupportedException(msg);
 617         case FORMAT_ERROR:
 618         default:
 619             throw new NamingException(msg);
 620         }
 621     }
 622 
 623     //-------------------------------------------------------------------------
 624 
 625     private static final boolean debug = false;
 626 
 627     private static void dprint(String mess) {
 628         if (debug) {
 629             System.err.println("DNS: " + mess);
 630         }
 631     }
 632 
 633 }
 634 
 635 class Tcp {
 636 
 637     private Socket sock;
 638     java.io.InputStream in;
 639     java.io.OutputStream out;
 640 
 641     Tcp(InetAddress server, int port) throws IOException {
 642         sock = new Socket(server, port);
 643         sock.setTcpNoDelay(true);
 644         out = new java.io.BufferedOutputStream(sock.getOutputStream());
 645         in = new java.io.BufferedInputStream(sock.getInputStream());
 646     }
 647 
 648     void close() throws IOException {
 649         sock.close();
 650     }
 651 }
 652 
 653 /*
 654  * javaos emulation -cj
 655  */
 656 class Packet {
 657         byte buf[];
 658 
 659         Packet(int len) {
 660                 buf = new byte[len];
 661         }
 662 
 663         Packet(byte data[], int len) {
 664                 buf = new byte[len];
 665                 System.arraycopy(data, 0, buf, 0, len);
 666         }
 667 
 668         void putInt(int x, int off) {
 669                 buf[off + 0] = (byte)(x >> 24);
 670                 buf[off + 1] = (byte)(x >> 16);
 671                 buf[off + 2] = (byte)(x >> 8);
 672                 buf[off + 3] = (byte)x;
 673         }
 674 
 675         void putShort(int x, int off) {
 676                 buf[off + 0] = (byte)(x >> 8);
 677                 buf[off + 1] = (byte)x;
 678         }
 679 
 680         void putByte(int x, int off) {
 681                 buf[off] = (byte)x;
 682         }
 683 
 684         void putBytes(byte src[], int src_offset, int dst_offset, int len) {
 685                 System.arraycopy(src, src_offset, buf, dst_offset, len);
 686         }
 687 
 688         int length() {
 689                 return buf.length;
 690         }
 691 
 692         byte[] getData() {
 693                 return buf;
 694         }
 695 }