/*
* Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.jndi.dns;
import java.io.IOException;
import java.net.DatagramSocket;
import java.net.DatagramPacket;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.Socket;
import java.net.SocketTimeoutException;
import java.security.SecureRandom;
import javax.naming.*;
import java.util.Collections;
import java.util.Map;
import java.util.HashMap;
import sun.security.jca.JCAUtil;
// Some of this code began life as part of sun.javaos.net.DnsClient
// originally by sritchie@eng 1/96. It was first hacked up for JNDI
// use by caveh@eng 6/97.
The DnsClient class performs DNS client operations in support of DnsContext.
/**
* The DnsClient class performs DNS client operations in support of DnsContext.
*
*/
public class DnsClient {
// DNS packet header field offsets
private static final int IDENT_OFFSET = 0;
private static final int FLAGS_OFFSET = 2;
private static final int NUMQ_OFFSET = 4;
private static final int NUMANS_OFFSET = 6;
private static final int NUMAUTH_OFFSET = 8;
private static final int NUMADD_OFFSET = 10;
private static final int DNS_HDR_SIZE = 12;
// DNS response codes
private static final int NO_ERROR = 0;
private static final int FORMAT_ERROR = 1;
private static final int SERVER_FAILURE = 2;
private static final int NAME_ERROR = 3;
private static final int NOT_IMPL = 4;
private static final int REFUSED = 5;
private static final String[] rcodeDescription = {
"No error",
"DNS format error",
"DNS server failure",
"DNS name not found",
"DNS operation not supported",
"DNS service refused"
};
private static final int DEFAULT_PORT = 53;
private static final int TRANSACTION_ID_BOUND = 0x10000;
private static final SecureRandom random = JCAUtil.getSecureRandom();
private InetAddress[] servers;
private int[] serverPorts;
private int timeout; // initial timeout on UDP and TCP queries in ms
private int retries; // number of UDP retries
private final Object udpSocketLock = new Object();
private static final DNSDatagramSocketFactory factory =
new DNSDatagramSocketFactory(random);
// Requests sent
private Map<Integer, ResourceRecord> reqs;
// Responses received
private Map<Integer, byte[]> resps;
//-------------------------------------------------------------------------
/*
* Each server is of the form "server[:port]". IPv6 literal host names
* include delimiting brackets.
* "timeout" is the initial timeout interval (in ms) for queries,
* and "retries" gives the number of retries per server.
*/
public DnsClient(String[] servers, int timeout, int retries)
throws NamingException {
this.timeout = timeout;
this.retries = retries;
this.servers = new InetAddress[servers.length];
serverPorts = new int[servers.length];
for (int i = 0; i < servers.length; i++) {
// Is optional port given?
int colon = servers[i].indexOf(':',
servers[i].indexOf(']') + 1);
serverPorts[i] = (colon < 0)
? DEFAULT_PORT
: Integer.parseInt(servers[i].substring(colon + 1));
String server = (colon < 0)
? servers[i]
: servers[i].substring(0, colon);
try {
this.servers[i] = InetAddress.getByName(server);
} catch (java.net.UnknownHostException e) {
NamingException ne = new ConfigurationException(
"Unknown DNS server: " + server);
ne.setRootCause(e);
throw ne;
}
}
reqs = Collections.synchronizedMap(
new HashMap<Integer, ResourceRecord>());
resps = Collections.synchronizedMap(new HashMap<Integer, byte[]>());
}
DatagramSocket getDatagramSocket() throws NamingException {
try {
return factory.open();
} catch (java.net.SocketException e) {
NamingException ne = new ConfigurationException();
ne.setRootCause(e);
throw ne;
}
}
@SuppressWarnings("deprecation")
protected void finalize() {
close();
}
// A lock to access the request and response queues in tandem.
private Object queuesLock = new Object();
public void close() {
synchronized (queuesLock) {
reqs.clear();
resps.clear();
}
}
/*
* If recursion is true, recursion is requested on the query.
* If auth is true, only authoritative responses are accepted; other
* responses throw NameNotFoundException.
*/
ResourceRecords query(DnsName fqdn, int qclass, int qtype,
boolean recursion, boolean auth)
throws NamingException {
int xid;
Packet pkt;
ResourceRecord collision;
do {
// Generate a random transaction ID
xid = random.nextInt(TRANSACTION_ID_BOUND);
pkt = makeQueryPacket(fqdn, xid, qclass, qtype, recursion);
// enqueue the outstanding request
collision = reqs.putIfAbsent(xid, new ResourceRecord(pkt.getData(),
pkt.length(), Header.HEADER_SIZE, true, false));
} while (collision != null);
Exception caughtException = null;
boolean[] doNotRetry = new boolean[servers.length];
try {
//
// The UDP retry strategy is to try the 1st server, and then
// each server in order. If no answer, double the timeout
// and try each server again.
//
for (int retry = 0; retry < retries; retry++) {
// Try each name server.
for (int i = 0; i < servers.length; i++) {
if (doNotRetry[i]) {
continue;
}
// send the request packet and wait for a response.
try {
if (debug) {
dprint("SEND ID (" + (retry + 1) + "): " + xid);
}
byte[] msg = null;
msg = doUdpQuery(pkt, servers[i], serverPorts[i],
retry, xid);
//
// If the matching response is not got within the
// given timeout, check if the response was enqueued
// by some other thread, if not proceed with the next
// server or retry.
//
if (msg == null) {
if (resps.size() > 0) {
msg = lookupResponse(xid);
}
if (msg == null) { // try next server or retry
continue;
}
}
Header hdr = new Header(msg, msg.length);
if (auth && !hdr.authoritative) {
caughtException = new NameNotFoundException(
"DNS response not authoritative");
doNotRetry[i] = true;
continue;
}
if (hdr.truncated) { // message is truncated -- try TCP
// Try each server, starting with the one that just
// provided the truncated message.
int retryTimeout = (timeout * (1 << retry));
for (int j = 0; j < servers.length; j++) {
int ij = (i + j) % servers.length;
if (doNotRetry[ij]) {
continue;
}
try {
Tcp tcp =
new Tcp(servers[ij], serverPorts[ij], retryTimeout);
byte[] msg2;
try {
msg2 = doTcpQuery(tcp, pkt);
} finally {
tcp.close();
}
Header hdr2 = new Header(msg2, msg2.length);
if (hdr2.query) {
throw new CommunicationException(
"DNS error: expecting response");
}
checkResponseCode(hdr2);
if (!auth || hdr2.authoritative) {
// Got a valid response
hdr = hdr2;
msg = msg2;
break;
} else {
doNotRetry[ij] = true;
}
} catch (Exception e) {
// Try next server, or use UDP response
}
} // servers
}
return new ResourceRecords(msg, msg.length, hdr, false);
} catch (IOException e) {
if (debug) {
dprint("Caught IOException:" + e);
}
if (caughtException == null) {
caughtException = e;
}
// Use reflection to allow pre-1.4 compilation.
// This won't be needed much longer.
if (e.getClass().getName().equals(
"java.net.PortUnreachableException")) {
doNotRetry[i] = true;
}
} catch (NameNotFoundException e) {
// This is authoritative, so return immediately
throw e;
} catch (CommunicationException e) {
if (caughtException == null) {
caughtException = e;
}
} catch (NamingException e) {
if (caughtException == null) {
caughtException = e;
}
doNotRetry[i] = true;
}
} // servers
} // retries
} finally {
reqs.remove(xid); // cleanup
}
if (caughtException instanceof NamingException) {
throw (NamingException) caughtException;
}
// A network timeout or other error occurred.
NamingException ne = new CommunicationException("DNS error");
ne.setRootCause(caughtException);
throw ne;
}
ResourceRecords queryZone(DnsName zone, int qclass, boolean recursion)
throws NamingException {
int xid = random.nextInt(TRANSACTION_ID_BOUND);
Packet pkt = makeQueryPacket(zone, xid, qclass,
ResourceRecord.QTYPE_AXFR, recursion);
Exception caughtException = null;
// Try each name server.
for (int i = 0; i < servers.length; i++) {
try {
Tcp tcp = new Tcp(servers[i], serverPorts[i], timeout);
byte[] msg;
try {
msg = doTcpQuery(tcp, pkt);
Header hdr = new Header(msg, msg.length);
// Check only rcode as per
// draft-ietf-dnsext-axfr-clarify-04
checkResponseCode(hdr);
ResourceRecords rrs =
new ResourceRecords(msg, msg.length, hdr, true);
if (rrs.getFirstAnsType() != ResourceRecord.TYPE_SOA) {
throw new CommunicationException(
"DNS error: zone xfer doesn't begin with SOA");
}
if (rrs.answer.size() == 1 ||
rrs.getLastAnsType() != ResourceRecord.TYPE_SOA) {
// The response is split into multiple DNS messages.
do {
msg = continueTcpQuery(tcp);
if (msg == null) {
throw new CommunicationException(
"DNS error: incomplete zone transfer");
}
hdr = new Header(msg, msg.length);
checkResponseCode(hdr);
rrs.add(msg, msg.length, hdr);
} while (rrs.getLastAnsType() !=
ResourceRecord.TYPE_SOA);
}
// Delete the duplicate SOA record.
rrs.answer.removeElementAt(rrs.answer.size() - 1);
return rrs;
} finally {
tcp.close();
}
} catch (IOException e) {
caughtException = e;
} catch (NameNotFoundException e) {
throw e;
} catch (NamingException e) {
caughtException = e;
}
}
if (caughtException instanceof NamingException) {
throw (NamingException) caughtException;
}
NamingException ne = new CommunicationException(
"DNS error during zone transfer");
ne.setRootCause(caughtException);
throw ne;
}
Tries to retrieve a UDP packet matching the given xid
received within the timeout.
If a packet with different xid is received, the received packet
is enqueued with the corresponding xid in 'resps'.
/**
* Tries to retrieve a UDP packet matching the given xid
* received within the timeout.
* If a packet with different xid is received, the received packet
* is enqueued with the corresponding xid in 'resps'.
*/
private byte[] doUdpQuery(Packet pkt, InetAddress server,
int port, int retry, int xid)
throws IOException, NamingException {
int minTimeout = 50; // msec after which there are no retries.
synchronized (udpSocketLock) {
try (DatagramSocket udpSocket = getDatagramSocket()) {
DatagramPacket opkt = new DatagramPacket(
pkt.getData(), pkt.length(), server, port);
DatagramPacket ipkt = new DatagramPacket(new byte[8000], 8000);
// Packets may only be sent to or received from this server address
udpSocket.connect(server, port);
int pktTimeout = (timeout * (1 << retry));
try {
udpSocket.send(opkt);
// timeout remaining after successive 'receive()'
int timeoutLeft = pktTimeout;
int cnt = 0;
do {
if (debug) {
cnt++;
dprint("Trying RECEIVE(" +
cnt + ") retry(" + (retry + 1) +
") for:" + xid + " sock-timeout:" +
timeoutLeft + " ms.");
}
udpSocket.setSoTimeout(timeoutLeft);
long start = System.currentTimeMillis();
udpSocket.receive(ipkt);
long end = System.currentTimeMillis();
byte[] data = ipkt.getData();
if (isMatchResponse(data, xid)) {
return data;
}
timeoutLeft = pktTimeout - ((int) (end - start));
} while (timeoutLeft > minTimeout);
} finally {
udpSocket.disconnect();
}
return null; // no matching packet received within the timeout
}
}
}
/*
* Sends a TCP query, and returns the first DNS message in the response.
*/
private byte[] doTcpQuery(Tcp tcp, Packet pkt) throws IOException {
int len = pkt.length();
// Send 2-byte message length, then send message.
tcp.out.write(len >> 8);
tcp.out.write(len);
tcp.out.write(pkt.getData(), 0, len);
tcp.out.flush();
byte[] msg = continueTcpQuery(tcp);
if (msg == null) {
throw new IOException("DNS error: no response");
}
return msg;
}
/*
* Returns the next DNS message from the TCP socket, or null on EOF.
*/
private byte[] continueTcpQuery(Tcp tcp) throws IOException {
int lenHi = tcp.read(); // high-order byte of response length
if (lenHi == -1) {
return null; // EOF
}
int lenLo = tcp.read(); // low-order byte of response length
if (lenLo == -1) {
throw new IOException("Corrupted DNS response: bad length");
}
int len = (lenHi << 8) | lenLo;
byte[] msg = new byte[len];
int pos = 0; // next unfilled position in msg
while (len > 0) {
int n = tcp.read(msg, pos, len);
if (n == -1) {
throw new IOException(
"Corrupted DNS response: too little data");
}
len -= n;
pos += n;
}
return msg;
}
private Packet makeQueryPacket(DnsName fqdn, int xid,
int qclass, int qtype, boolean recursion) {
int qnameLen = fqdn.getOctets();
int pktLen = DNS_HDR_SIZE + qnameLen + 4;
Packet pkt = new Packet(pktLen);
short flags = recursion ? Header.RD_BIT : 0;
pkt.putShort(xid, IDENT_OFFSET);
pkt.putShort(flags, FLAGS_OFFSET);
pkt.putShort(1, NUMQ_OFFSET);
pkt.putShort(0, NUMANS_OFFSET);
pkt.putInt(0, NUMAUTH_OFFSET);
makeQueryName(fqdn, pkt, DNS_HDR_SIZE);
pkt.putShort(qtype, DNS_HDR_SIZE + qnameLen);
pkt.putShort(qclass, DNS_HDR_SIZE + qnameLen + 2);
return pkt;
}
// Builds a query name in pkt according to the RFC spec.
private void makeQueryName(DnsName fqdn, Packet pkt, int off) {
// Loop through labels, least-significant first.
for (int i = fqdn.size() - 1; i >= 0; i--) {
String label = fqdn.get(i);
int len = label.length();
pkt.putByte(len, off++);
for (int j = 0; j < len; j++) {
pkt.putByte(label.charAt(j), off++);
}
}
if (!fqdn.hasRootLabel()) {
pkt.putByte(0, off);
}
}
//-------------------------------------------------------------------------
private byte[] lookupResponse(Integer xid) throws NamingException {
//
// Check the queued responses: some other thread in between
// received the response for this request.
//
if (debug) {
dprint("LOOKUP for: " + xid +
"\tResponse Q:" + resps);
}
byte[] pkt;
if ((pkt = resps.get(xid)) != null) {
checkResponseCode(new Header(pkt, pkt.length));
synchronized (queuesLock) {
resps.remove(xid);
reqs.remove(xid);
}
if (debug) {
dprint("FOUND (" + Thread.currentThread() +
") for:" + xid);
}
}
return pkt;
}
/*
* Checks the header of an incoming DNS response.
* Returns true if it matches the given xid and throws a naming
* exception, if appropriate, based on the response code.
*
* Also checks that the domain name, type and class in the response
* match those in the original query.
*/
private boolean isMatchResponse(byte[] pkt, int xid)
throws NamingException {
Header hdr = new Header(pkt, pkt.length);
if (hdr.query) {
throw new CommunicationException("DNS error: expecting response");
}
if (!reqs.containsKey(xid)) { // already received, ignore the response
return false;
}
// common case- the request sent matches the subsequent response read
if (hdr.xid == xid) {
if (debug) {
dprint("XID MATCH:" + xid);
}
checkResponseCode(hdr);
if (!hdr.query && hdr.numQuestions == 1) {
ResourceRecord rr = new ResourceRecord(pkt, pkt.length,
Header.HEADER_SIZE, true, false);
// Retrieve the original query
ResourceRecord query = reqs.get(xid);
int qtype = query.getType();
int qclass = query.getRrclass();
DnsName qname = query.getName();
// Check that the type/class/name in the query section of the
// response match those in the original query
if ((qtype == ResourceRecord.QTYPE_STAR ||
qtype == rr.getType()) &&
(qclass == ResourceRecord.QCLASS_STAR ||
qclass == rr.getRrclass()) &&
qname.equals(rr.getName())) {
if (debug) {
dprint("MATCH NAME:" + qname + " QTYPE:" + qtype +
" QCLASS:" + qclass);
}
// Remove the response for the xid if received by some other
// thread.
synchronized (queuesLock) {
resps.remove(xid);
reqs.remove(xid);
}
return true;
} else {
if (debug) {
dprint("NO-MATCH NAME:" + qname + " QTYPE:" + qtype +
" QCLASS:" + qclass);
}
}
}
return false;
}
//
// xid mis-match: enqueue the response, it may belong to some other
// thread that has not yet had a chance to read its response.
// enqueue only the first response, responses for retries are ignored.
//
synchronized (queuesLock) {
if (reqs.containsKey(hdr.xid)) { // enqueue only the first response
resps.put(hdr.xid, pkt);
}
}
if (debug) {
dprint("NO-MATCH SEND ID:" +
xid + " RECVD ID:" + hdr.xid +
" Response Q:" + resps +
" Reqs size:" + reqs.size());
}
return false;
}
/*
* Throws an exception if appropriate for the response code of a
* given header.
*/
private void checkResponseCode(Header hdr) throws NamingException {
int rcode = hdr.rcode;
if (rcode == NO_ERROR) {
return;
}
String msg = (rcode < rcodeDescription.length)
? rcodeDescription[rcode]
: "DNS error";
msg += " [response code " + rcode + "]";
switch (rcode) {
case SERVER_FAILURE:
throw new ServiceUnavailableException(msg);
case NAME_ERROR:
throw new NameNotFoundException(msg);
case NOT_IMPL:
case REFUSED:
throw new OperationNotSupportedException(msg);
case FORMAT_ERROR:
default:
throw new NamingException(msg);
}
}
//-------------------------------------------------------------------------
private static final boolean debug = false;
private static void dprint(String mess) {
if (debug) {
System.err.println("DNS: " + mess);
}
}
}
class Tcp {
private final Socket sock;
private final java.io.InputStream in;
final java.io.OutputStream out;
private int timeoutLeft;
Tcp(InetAddress server, int port, int timeout) throws IOException {
sock = new Socket();
try {
long start = System.currentTimeMillis();
sock.connect(new InetSocketAddress(server, port), timeout);
timeoutLeft = (int) (timeout - (System.currentTimeMillis() - start));
if (timeoutLeft <= 0)
throw new SocketTimeoutException();
sock.setTcpNoDelay(true);
out = new java.io.BufferedOutputStream(sock.getOutputStream());
in = new java.io.BufferedInputStream(sock.getInputStream());
} catch (Exception e) {
try {
sock.close();
} catch (IOException ex) {
e.addSuppressed(ex);
}
throw e;
}
}
void close() throws IOException {
sock.close();
}
private interface SocketReadOp {
int read() throws IOException;
}
private int readWithTimeout(SocketReadOp reader) throws IOException {
if (timeoutLeft <= 0)
throw new SocketTimeoutException();
sock.setSoTimeout(timeoutLeft);
long start = System.currentTimeMillis();
try {
return reader.read();
}
finally {
timeoutLeft -= System.currentTimeMillis() - start;
}
}
int read() throws IOException {
return readWithTimeout(() -> in.read());
}
int read(byte b[], int off, int len) throws IOException {
return readWithTimeout(() -> in.read(b, off, len));
}
}
/*
* javaos emulation -cj
*/
class Packet {
byte buf[];
Packet(int len) {
buf = new byte[len];
}
Packet(byte data[], int len) {
buf = new byte[len];
System.arraycopy(data, 0, buf, 0, len);
}
void putInt(int x, int off) {
buf[off + 0] = (byte)(x >> 24);
buf[off + 1] = (byte)(x >> 16);
buf[off + 2] = (byte)(x >> 8);
buf[off + 3] = (byte)x;
}
void putShort(int x, int off) {
buf[off + 0] = (byte)(x >> 8);
buf[off + 1] = (byte)x;
}
void putByte(int x, int off) {
buf[off] = (byte)x;
}
void putBytes(byte src[], int src_offset, int dst_offset, int len) {
System.arraycopy(src, src_offset, buf, dst_offset, len);
}
int length() {
return buf.length;
}
byte[] getData() {
return buf;
}
}